diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-12-27 14:59:37 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-12-27 14:59:37 +0100 |
commit | 269b17349631e260cafda2a607c0650299705394 (patch) | |
tree | c6e8cc44e144dd2be4dfe6e4f45ebb3312780f5d /pkg/util/utils.go | |
parent | 55922e36707347d5db7182cda3d820e4bd85968d (diff) | |
parent | 40f55ca3fe06d2e5d0232c1f07911ea728fd1bc1 (diff) | |
download | podman-269b17349631e260cafda2a607c0650299705394.tar.gz podman-269b17349631e260cafda2a607c0650299705394.tar.bz2 podman-269b17349631e260cafda2a607c0650299705394.zip |
Merge pull request #4749 from edsantiago/parse_and_validate_signal
signal parsing - better input validation
Diffstat (limited to 'pkg/util/utils.go')
-rw-r--r-- | pkg/util/utils.go | 21 |
1 files changed, 18 insertions, 3 deletions
diff --git a/pkg/util/utils.go b/pkg/util/utils.go index 5b4dfe9fa..f7d04c73b 100644 --- a/pkg/util/utils.go +++ b/pkg/util/utils.go @@ -9,6 +9,7 @@ import ( "strconv" "strings" "sync" + "syscall" "time" "github.com/BurntSushi/toml" @@ -284,9 +285,7 @@ func GetImageConfig(changes []string) (ImageConfig, error) { config.Labels[key] = val case "STOPSIGNAL": // Check the provided signal for validity. - // TODO: Worth checking range? ParseSignal allows - // negative numbers. - killSignal, err := signal.ParseSignal(value) + killSignal, err := ParseSignal(value) if err != nil { return ImageConfig{}, errors.Wrapf(err, "invalid change %q - KILLSIGNAL must be given a valid signal", change) } @@ -305,6 +304,22 @@ func GetImageConfig(changes []string) (ImageConfig, error) { return config, nil } +// Parse and validate a signal name or number +func ParseSignal(rawSignal string) (syscall.Signal, error) { + // Strip off leading dash, to allow -1 or -HUP + basename := strings.TrimPrefix(rawSignal, "-") + + signal, err := signal.ParseSignal(basename) + if err != nil { + return -1, err + } + // 64 is SIGRTMAX; wish we could get this from a standard Go library + if signal < 1 || signal > 64 { + return -1, errors.Errorf("valid signals are 1 through 64") + } + return signal, nil +} + // ParseIDMapping takes idmappings and subuid and subgid maps and returns a storage mapping func ParseIDMapping(mode namespaces.UsernsMode, UIDMapSlice, GIDMapSlice []string, subUIDMap, subGIDMap string) (*storage.IDMappingOptions, error) { options := storage.IDMappingOptions{ |