moby/utils
Yong Tang 86ae5d2895 Restrict checkpoint name to prevent directory traversal
This fix tries to address the issue raised in 28769 where
checkpoint name was not checked before passing to containerd.
As a result, it was possible to use a special checkpoint name
to get outside of the container's directory.

This fix add restriction `[a-zA-Z0-9][a-zA-Z0-9_.-]+` (`RestrictedNamePattern`).
This is the same as container name restriction.

This fix fixes 28769.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>
(cherry picked from commit c90ec05175)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>
2016-11-28 11:17:55 -08:00
..
templates Fix testcases that expect trailing whitespace 2016-09-13 17:58:12 -04:00
debug.go Allow to set daemon and server configurations in a file. 2016-01-14 16:44:37 -05:00
debug_test.go Add regression tests for client debug flag. 2016-02-02 16:57:36 -05:00
names.go Restrict checkpoint name to prevent directory traversal 2016-11-28 11:17:55 -08:00
process_unix.go Add functional support for Docker sub commands on Solaris 2016-11-07 09:06:34 -08:00
process_windows.go Replace execdrivers with containerd implementation 2016-03-18 13:38:32 -07:00
utils.go Remove static errors from errors package. 2016-02-26 15:49:09 -05:00
utils_test.go utils: move dockerignore function to builder/dockerignore 2015-12-14 14:59:52 +01:00