From 6dcde807f5bba8ff1aa7d049856f3eddd4b0586f Mon Sep 17 00:00:00 2001
From: zhongtao <zhongtao17@huawei.com>
Date: Sat, 9 Sep 2023 06:48:39 +0000
Subject: [PATCH 27/33] !2178 clean path for fpath and verify chain id Merge
 pull request !2178 from zhongtao/image

---
 src/daemon/modules/image/oci/oci_load.c       | 30 +++++++++++++++++--
 .../modules/image/oci/registry/registry.c     |  2 +-
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c
index 569c5346..fd707330 100644
--- a/src/daemon/modules/image/oci/oci_load.c
+++ b/src/daemon/modules/image/oci/oci_load.c
@@ -27,8 +27,10 @@
 #include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
+#include <linux/limits.h>
 
 #include "utils.h"
+#include "path.h"
 #include "isula_libutils/log.h"
 #include "util_archive.h"
 #include "storage.h"
@@ -717,6 +719,9 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
     }
 
     for (; i < conf->rootfs->diff_ids_len; i++) {
+        char *fpath = NULL;
+        char cleanpath[PATH_MAX] = { 0 };
+
         im->layers[i] = util_common_calloc_s(sizeof(load_layer_blob_t));
         if (im->layers[i] == NULL) {
             ERROR("Out of memory");
@@ -724,12 +729,31 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items
             goto out;
         }
 
-        im->layers[i]->fpath = util_path_join(dstdir, manifest->layers[i]);
-        if (im->layers[i]->fpath == NULL) {
-            ERROR("Path join failed");
+        fpath = util_path_join(dstdir, manifest->layers[i]);
+        if (fpath == NULL) {
+            ERROR("Failed to join path");
+            ret = -1;
+            goto out;
+        }
+
+        if (util_clean_path(fpath, cleanpath, sizeof(cleanpath)) == NULL) {
+            ERROR("Failed to clean path for %s", fpath);
+            free(fpath);
+            ret = -1;
+            goto out;
+        }
+
+        free(fpath);
+
+        // verify whether the prefix of the path is dstdir to prevent illegal directories
+        if (strncmp(cleanpath, dstdir, strlen(dstdir)) != 0) {
+            ERROR("Illegal directory: %s", cleanpath);
             ret = -1;
             goto out;
         }
+
+        im->layers[i]->fpath = util_strdup_s(cleanpath);
+
         // The format is sha256:xxx
         im->layers[i]->chain_id = oci_load_calc_chain_id(parent_chain_id_sha256, conf->rootfs->diff_ids[i]);
         if (im->layers[i]->chain_id == NULL) {
diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c
index e0b46e2e..35753c79 100644
--- a/src/daemon/modules/image/oci/registry/registry.c
+++ b/src/daemon/modules/image/oci/registry/registry.c
@@ -600,7 +600,7 @@ static int register_layer(pull_descriptor *desc, size_t i)
         return 0;
     }
 
-    id = util_without_sha256_prefix(desc->layers[i].chain_id);
+    id = oci_image_id_from_digest(desc->layers[i].chain_id);
     if (id == NULL) {
         ERROR("layer %zu have NULL digest for image %s", i, desc->image_name);
         return -1;
-- 
2.40.1