summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2019-04-07 05:47:24 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2019-04-14 05:57:38 -0400
commitcd952068f3a2514777efc95a5bdb2c6e9667ad19 (patch)
tree9d9d4c4289ca25edafa7fec4f73da13508991e8d
parent9acc9cd58c552c0fb20d817d3d3124610ebea01d (diff)
downloadpodman-cd952068f3a2514777efc95a5bdb2c6e9667ad19.tar.gz
podman-cd952068f3a2514777efc95a5bdb2c6e9667ad19.tar.bz2
podman-cd952068f3a2514777efc95a5bdb2c6e9667ad19.zip
Validate ENV/LABEL Change options in varlink
If you pass in an invalid CHANGE ENV or LABEL option without the "=" character podman crashes. I see that there were other problems with the handling of commit --change handling. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r--libpod/container_commit.go39
1 files changed, 34 insertions, 5 deletions
diff --git a/libpod/container_commit.go b/libpod/container_commit.go
index db67f7a30..3cc4b2c92 100644
--- a/libpod/container_commit.go
+++ b/libpod/container_commit.go
@@ -3,6 +3,7 @@ package libpod
import (
"context"
"fmt"
+ "os"
"strings"
"github.com/containers/buildah"
@@ -126,18 +127,40 @@ func (c *Container) Commit(ctx context.Context, destImage string, options Contai
// Process user changes
for _, change := range options.Changes {
- splitChange := strings.Split(change, "=")
+ splitChange := strings.SplitN(change, " ", 2)
+ if len(splitChange) != 2 {
+ splitChange = strings.SplitN(change, "=", 2)
+ if len(splitChange) < 2 {
+ return nil, errors.Errorf("invalid change %s format", change)
+ }
+ }
+
+ change := strings.Split(splitChange[1], " ")
switch strings.ToUpper(splitChange[0]) {
case "CMD":
- importBuilder.SetCmd(splitChange[1:])
+ importBuilder.SetCmd(change)
case "ENTRYPOINT":
- importBuilder.SetEntrypoint(splitChange[1:])
+ importBuilder.SetEntrypoint(change)
case "ENV":
+ name := change[0]
+ val := ""
+ if len(change) < 2 {
+ change = strings.Split(change[0], "=")
+ }
+ if len(change) < 2 {
+ var ok bool
+ val, ok = os.LookupEnv(name)
+ if !ok {
+ return nil, errors.Errorf("invalid env variable %q: not defined in your environment", name)
+ }
+ } else {
+ val = strings.Join(change[1:], " ")
+ }
if !isEnvCleared { // Multiple values are valid, only clear once.
importBuilder.ClearEnv()
isEnvCleared = true
}
- importBuilder.SetEnv(splitChange[1], splitChange[2])
+ importBuilder.SetEnv(name, val)
case "EXPOSE":
if !isExposeCleared { // Multiple values are valid, only clear once
importBuilder.ClearPorts()
@@ -145,11 +168,17 @@ func (c *Container) Commit(ctx context.Context, destImage string, options Contai
}
importBuilder.SetPort(splitChange[1])
case "LABEL":
+ if len(change) < 2 {
+ change = strings.Split(change[0], "=")
+ }
+ if len(change) < 2 {
+ return nil, errors.Errorf("invalid label %s format, requires to NAME=VAL", splitChange[1])
+ }
if !isLabelCleared { // multiple values are valid, only clear once
importBuilder.ClearLabels()
isLabelCleared = true
}
- importBuilder.SetLabel(splitChange[1], splitChange[2])
+ importBuilder.SetLabel(change[0], strings.Join(change[1:], " "))
case "ONBUILD":
importBuilder.SetOnBuild(splitChange[1])
case "STOPSIGNAL":