diff options
| author | CoprDistGit <infra@openeuler.org> | 2023-10-16 08:21:17 +0000 |
|---|---|---|
| committer | CoprDistGit <infra@openeuler.org> | 2023-10-16 08:21:17 +0000 |
| commit | 5a30c52fd5f03e11a1e7a998731c59a31477eba9 (patch) | |
| tree | 6e73a07585bfafeae4404d2247436ed13d337457 /0027-2178-clean-path-for-fpath-and-verify-chain-id.patch | |
| parent | be5fbac390ac42956df062b5585d96b3ae5db1df (diff) | |
automatic import of iSuladopeneuler23.09
Diffstat (limited to '0027-2178-clean-path-for-fpath-and-verify-chain-id.patch')
| -rw-r--r-- | 0027-2178-clean-path-for-fpath-and-verify-chain-id.patch | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/0027-2178-clean-path-for-fpath-and-verify-chain-id.patch b/0027-2178-clean-path-for-fpath-and-verify-chain-id.patch new file mode 100644 index 0000000..e24fafe --- /dev/null +++ b/0027-2178-clean-path-for-fpath-and-verify-chain-id.patch @@ -0,0 +1,87 @@ +From 6dcde807f5bba8ff1aa7d049856f3eddd4b0586f Mon Sep 17 00:00:00 2001 +From: zhongtao <zhongtao17@huawei.com> +Date: Sat, 9 Sep 2023 06:48:39 +0000 +Subject: [PATCH 27/33] !2178 clean path for fpath and verify chain id Merge + pull request !2178 from zhongtao/image + +--- + src/daemon/modules/image/oci/oci_load.c | 30 +++++++++++++++++-- + .../modules/image/oci/registry/registry.c | 2 +- + 2 files changed, 28 insertions(+), 4 deletions(-) + +diff --git a/src/daemon/modules/image/oci/oci_load.c b/src/daemon/modules/image/oci/oci_load.c +index 569c5346..fd707330 100644 +--- a/src/daemon/modules/image/oci/oci_load.c ++++ b/src/daemon/modules/image/oci/oci_load.c +@@ -27,8 +27,10 @@ + #include <stdlib.h> + #include <string.h> + #include <unistd.h> ++#include <linux/limits.h> + + #include "utils.h" ++#include "path.h" + #include "isula_libutils/log.h" + #include "util_archive.h" + #include "storage.h" +@@ -717,6 +719,9 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + } + + for (; i < conf->rootfs->diff_ids_len; i++) { ++ char *fpath = NULL; ++ char cleanpath[PATH_MAX] = { 0 }; ++ + im->layers[i] = util_common_calloc_s(sizeof(load_layer_blob_t)); + if (im->layers[i] == NULL) { + ERROR("Out of memory"); +@@ -724,12 +729,31 @@ static int oci_load_set_layers_info(load_image_t *im, const image_manifest_items + goto out; + } + +- im->layers[i]->fpath = util_path_join(dstdir, manifest->layers[i]); +- if (im->layers[i]->fpath == NULL) { +- ERROR("Path join failed"); ++ fpath = util_path_join(dstdir, manifest->layers[i]); ++ if (fpath == NULL) { ++ ERROR("Failed to join path"); ++ ret = -1; ++ goto out; ++ } ++ ++ if (util_clean_path(fpath, cleanpath, sizeof(cleanpath)) == NULL) { ++ ERROR("Failed to clean path for %s", fpath); ++ free(fpath); ++ ret = -1; ++ goto out; ++ } ++ ++ free(fpath); ++ ++ // verify whether the prefix of the path is dstdir to prevent illegal directories ++ if (strncmp(cleanpath, dstdir, strlen(dstdir)) != 0) { ++ ERROR("Illegal directory: %s", cleanpath); + ret = -1; + goto out; + } ++ ++ im->layers[i]->fpath = util_strdup_s(cleanpath); ++ + // The format is sha256:xxx + im->layers[i]->chain_id = oci_load_calc_chain_id(parent_chain_id_sha256, conf->rootfs->diff_ids[i]); + if (im->layers[i]->chain_id == NULL) { +diff --git a/src/daemon/modules/image/oci/registry/registry.c b/src/daemon/modules/image/oci/registry/registry.c +index e0b46e2e..35753c79 100644 +--- a/src/daemon/modules/image/oci/registry/registry.c ++++ b/src/daemon/modules/image/oci/registry/registry.c +@@ -600,7 +600,7 @@ static int register_layer(pull_descriptor *desc, size_t i) + return 0; + } + +- id = util_without_sha256_prefix(desc->layers[i].chain_id); ++ id = oci_image_id_from_digest(desc->layers[i].chain_id); + if (id == NULL) { + ERROR("layer %zu have NULL digest for image %s", i, desc->image_name); + return -1; +-- +2.40.1 + |