beenull/moby
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
moby/pkg/plugins
History
Sebastiaan van Stijn 5f68c5447d
pkg/plugins: use a dummy hostname for local connections 
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname.

The current code used the socket path as hostname, which gets rejected by
go1.20.6 and go1.19.11 because of a security fix for [CVE-2023-29406 ][1],
which was implemented in  https://go.dev/issue/60374.

Prior versions go Go would clean the host header, and strip slashes in the
process, but go1.20.6 and go1.19.11 no longer do, and reject the host
header.

Before this patch, tests would fail on go1.20.6:

    === FAIL: pkg/authorization TestAuthZRequestPlugin (15.01s)
    time="2023-07-12T12:53:45Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 1s"
    time="2023-07-12T12:53:46Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 2s"
    time="2023-07-12T12:53:48Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 4s"
    time="2023-07-12T12:53:52Z" level=warning msg="Unable to connect to plugin: //tmp/authz2422457390/authz-test-plugin.sock/AuthZPlugin.AuthZReq: Post \"http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq\": http: invalid Host header, retrying in 8s"
        authz_unix_test.go:82: Failed to authorize request Post "http://%2F%2Ftmp%2Fauthz2422457390%2Fauthz-test-plugin.sock/AuthZPlugin.AuthZReq": http: invalid Host header

[1]: https://github.com/advisories/GHSA-f8f7-69v5-w4vx

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
(cherry picked from commit 6b7705d5b2)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
2023-07-14 22:50:18 +02:00
..
pluginrpc-gen staticcheck: ignore "SA1019: strings.Title is deprecated" 2022-03-16 12:11:54 +01:00
transport bump gotest.tools v3.0.1 for compatibility with Go 1.14 2020-02-11 00:06:42 +01:00
client.go pkg/plugins: use a dummy hostname for local connections 2023-07-14 22:50:18 +02:00
client_test.go pkg/plugins: make unit test less time sensitive 2023-07-07 15:47:01 -04:00
discovery.go Use user paths for plugin discovery in rootless mode 2023-01-10 11:26:12 +01:00
discovery_test.go Use user paths for plugin discovery in rootless mode 2023-01-10 11:26:12 +01:00
discovery_unix.go rootless: move ./rootless to ./pkg/rootless 2023-01-10 11:26:15 +01:00
discovery_unix_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
discovery_windows.go Use user paths for plugin discovery in rootless mode 2023-01-10 11:26:12 +01:00
errors.go Add canonical import comment 2018-02-05 16:51:57 -05:00
plugin_test.go refactor: move from io/ioutil to io and os package 2021-08-27 14:56:57 +08:00
plugins.go pkg/*: fix "empty-lines" (revive) 2022-09-30 23:59:25 +02:00
plugins_unix.go Update to Go 1.17.0, and gofmt with Go 1.17 2021-08-24 23:33:27 +02:00
plugins_windows.go Merge pull request #35829 from cpuguy83/no_private_mount_for_plugins 2018-02-21 12:28:13 +01:00