Fixed potential security issue (never try http on official index when polling the endpoint). Also fixed local repos name when pulling index.docker.io/foo/bar

This commit is contained in:
Sam Alba 2013-07-09 11:30:12 -07:00
parent a9e04fa4a5
commit bf8d59a1d4

View File

@ -18,8 +18,14 @@ import (
) )
var ErrAlreadyExists = errors.New("Image already exists") var ErrAlreadyExists = errors.New("Image already exists")
var ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")")
func pingRegistryEndpoint(endpoint string) error { func pingRegistryEndpoint(endpoint string) error {
if endpoint == auth.IndexServerAddress() {
// Skip the check, we now this one is valid
// (and we never want to fallback to http in case of error)
return nil
}
resp, err := http.Get(endpoint + "_ping") resp, err := http.Get(endpoint + "_ping")
if err != nil { if err != nil {
return err return err
@ -56,16 +62,20 @@ func validateRepositoryName(repositoryName string) error {
// Resolves a repository name to a endpoint + name // Resolves a repository name to a endpoint + name
func ResolveRepositoryName(reposName string) (string, string, error) { func ResolveRepositoryName(reposName string) (string, string, error) {
if strings.Contains(reposName, "://") {
// It cannot contain a scheme!
return "", "", ErrInvalidRepositoryName
}
nameParts := strings.SplitN(reposName, "/", 2) nameParts := strings.SplitN(reposName, "/", 2)
if !strings.Contains(nameParts[0], ".") { if !strings.Contains(nameParts[0], ".") {
// This is a Docker Index repos (ex: samalba/hipache or ubuntu) // This is a Docker Index repos (ex: samalba/hipache or ubuntu)
err := validateRepositoryName(reposName) err := validateRepositoryName(reposName)
return "https://index.docker.io/v1/", reposName, err return auth.IndexServerAddress(), reposName, err
} }
if len(nameParts) < 2 { if len(nameParts) < 2 {
// There is a dot in repos name (and no registry address) // There is a dot in repos name (and no registry address)
// Is it a Registry address without repos name? // Is it a Registry address without repos name?
return "", "", fmt.Errorf("Invalid repository name (ex: \"registry.domain.tld/myrepos\")") return "", "", ErrInvalidRepositoryName
} }
hostname := nameParts[0] hostname := nameParts[0]
reposName = nameParts[1] reposName = nameParts[1]