From 7f0128ac333b2d71c7edb11465b933dedc9accf7 Mon Sep 17 00:00:00 2001 From: Matthew Heon Date: Sun, 10 Mar 2019 12:08:24 -0400 Subject: Fix a potential segfault during infra container create I was seeing some segfaults where image config was being passed as nil, causing a nil dereference segfault. Fix the apparent cause and add some safety fencing to try and ensure it doesn't happen again. Signed-off-by: Matthew Heon --- libpod/runtime_pod_infra_linux.go | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) (limited to 'libpod') diff --git a/libpod/runtime_pod_infra_linux.go b/libpod/runtime_pod_infra_linux.go index 81579db4b..71328905b 100644 --- a/libpod/runtime_pod_infra_linux.go +++ b/libpod/runtime_pod_infra_linux.go @@ -31,17 +31,24 @@ func (r *Runtime) makeInfraContainer(ctx context.Context, p *Pod, imgName, imgID isRootless := rootless.IsRootless() entryCmd := []string{r.config.InfraCommand} - // default to entrypoint in image if there is one - if len(config.Entrypoint) > 0 { - entryCmd = config.Entrypoint + if config == nil { + } - if len(config.Env) > 0 { - for _, nameValPair := range config.Env { - nameValSlice := strings.Split(nameValPair, "=") - if len(nameValSlice) < 2 { - return nil, errors.Errorf("Invalid environment variable structure in pause image") + // I've seen circumstances where config is being passed as nil. + // Let's err on the side of safety and make sure it's safe to use. + if config != nil { + // default to entrypoint in image if there is one + if len(config.Entrypoint) > 0 { + entryCmd = config.Entrypoint + } + if len(config.Env) > 0 { + for _, nameValPair := range config.Env { + nameValSlice := strings.Split(nameValPair, "=") + if len(nameValSlice) < 2 { + return nil, errors.Errorf("Invalid environment variable structure in pause image") + } + g.AddProcessEnv(nameValSlice[0], nameValSlice[1]) } - g.AddProcessEnv(nameValSlice[0], nameValSlice[1]) } } @@ -97,5 +104,5 @@ func (r *Runtime) createInfraContainer(ctx context.Context, p *Pod) (*Container, imageName := newImage.Names()[0] imageID := data.ID - return r.makeInfraContainer(ctx, p, imageName, imageID, newImage.Config) + return r.makeInfraContainer(ctx, p, imageName, imageID, data.Config) } -- cgit v1.2.3-54-g00ecf