ca68434d79
- Add a backport of https://github.com/moby/moby/pull/35424, which fixes a security issue where a maliciously crafted image could be used to crash a Docker daemon. bsc#1066210 CVE-2017-14992 + bsc1066210-0001-vendor-update-to-github.com-vbatts-tar-split-v0.10.2.patch OBS-URL: https://build.opensuse.org/request/show/539622 OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker?expand=0&rev=212
119 lines
4.3 KiB
Diff
119 lines
4.3 KiB
Diff
From b5cf56bc7f734ed8bfad4119fb817261e541a609 Mon Sep 17 00:00:00 2001
|
|
From: Aleksa Sarai <asarai@suse.de>
|
|
Date: Wed, 8 Nov 2017 02:50:52 +1100
|
|
Subject: [PATCH] vendor: update to github.com/vbatts/tar-split@v0.10.2
|
|
|
|
Update to the latest version of tar-split, which includes a change to
|
|
fix a memory exhaustion issue where a malformed image could cause the
|
|
Docker daemon to crash.
|
|
|
|
* tar: asm: store padding in chunks to avoid memory exhaustion
|
|
|
|
Fixes: CVE-2017-14992
|
|
SUSE-Bug: https://bugzilla.suse.com/show_bug.cgi?id=1066210
|
|
Signed-off-by: Aleksa Sarai <asarai@suse.de>
|
|
---
|
|
vendor.conf | 2 +-
|
|
vendor/github.com/vbatts/tar-split/README.md | 3 +-
|
|
.../vbatts/tar-split/tar/asm/disassemble.go | 43 ++++++++++++++--------
|
|
3 files changed, 31 insertions(+), 17 deletions(-)
|
|
|
|
diff --git a/vendor.conf b/vendor.conf
|
|
index 535adad38728..ea4f75bbea10 100644
|
|
--- a/vendor.conf
|
|
+++ b/vendor.conf
|
|
@@ -53,7 +53,7 @@ github.com/miekg/dns 75e6e86cc601825c5dbcd4e0c209eab180997cd7
|
|
|
|
# get graph and distribution packages
|
|
github.com/docker/distribution b38e5838b7b2f2ad48e06ec4b500011976080621
|
|
-github.com/vbatts/tar-split v0.10.1
|
|
+github.com/vbatts/tar-split v0.10.2
|
|
github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb
|
|
|
|
# get go-zfs packages
|
|
diff --git a/vendor/github.com/vbatts/tar-split/README.md b/vendor/github.com/vbatts/tar-split/README.md
|
|
index 4c544d823fbc..03e3ec4308b7 100644
|
|
--- a/vendor/github.com/vbatts/tar-split/README.md
|
|
+++ b/vendor/github.com/vbatts/tar-split/README.md
|
|
@@ -1,6 +1,7 @@
|
|
# tar-split
|
|
|
|
[](https://travis-ci.org/vbatts/tar-split)
|
|
+[](https://goreportcard.com/report/github.com/vbatts/tar-split)
|
|
|
|
Pristinely disassembling a tar archive, and stashing needed raw bytes and offsets to reassemble a validating original archive.
|
|
|
|
@@ -50,7 +51,7 @@ For example stored sparse files that have "holes" in them, will be read as a
|
|
contiguous file, though the archive contents may be recorded in sparse format.
|
|
Therefore when adding the file payload to a reassembled tar, to achieve
|
|
identical output, the file payload would need be precisely re-sparsified. This
|
|
-is not something I seek to fix imediately, but would rather have an alert that
|
|
+is not something I seek to fix immediately, but would rather have an alert that
|
|
precise reassembly is not possible.
|
|
(see more http://www.gnu.org/software/tar/manual/html_node/Sparse-Formats.html)
|
|
|
|
diff --git a/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go b/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go
|
|
index 54ef23aed366..009b3f5d8124 100644
|
|
--- a/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go
|
|
+++ b/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go
|
|
@@ -2,7 +2,6 @@ package asm
|
|
|
|
import (
|
|
"io"
|
|
- "io/ioutil"
|
|
|
|
"github.com/vbatts/tar-split/archive/tar"
|
|
"github.com/vbatts/tar-split/tar/storage"
|
|
@@ -119,20 +118,34 @@ func NewInputTarStream(r io.Reader, p storage.Packer, fp storage.FilePutter) (io
|
|
}
|
|
}
|
|
|
|
- // it is allowable, and not uncommon that there is further padding on the
|
|
- // end of an archive, apart from the expected 1024 null bytes.
|
|
- remainder, err := ioutil.ReadAll(outputRdr)
|
|
- if err != nil && err != io.EOF {
|
|
- pW.CloseWithError(err)
|
|
- return
|
|
- }
|
|
- _, err = p.AddEntry(storage.Entry{
|
|
- Type: storage.SegmentType,
|
|
- Payload: remainder,
|
|
- })
|
|
- if err != nil {
|
|
- pW.CloseWithError(err)
|
|
- return
|
|
+ // It is allowable, and not uncommon that there is further padding on
|
|
+ // the end of an archive, apart from the expected 1024 null bytes. We
|
|
+ // do this in chunks rather than in one go to avoid cases where a
|
|
+ // maliciously crafted tar file tries to trick us into reading many GBs
|
|
+ // into memory.
|
|
+ const paddingChunkSize = 1024 * 1024
|
|
+ var paddingChunk [paddingChunkSize]byte
|
|
+ for {
|
|
+ var isEOF bool
|
|
+ n, err := outputRdr.Read(paddingChunk[:])
|
|
+ if err != nil {
|
|
+ if err != io.EOF {
|
|
+ pW.CloseWithError(err)
|
|
+ return
|
|
+ }
|
|
+ isEOF = true
|
|
+ }
|
|
+ _, err = p.AddEntry(storage.Entry{
|
|
+ Type: storage.SegmentType,
|
|
+ Payload: paddingChunk[:n],
|
|
+ })
|
|
+ if err != nil {
|
|
+ pW.CloseWithError(err)
|
|
+ return
|
|
+ }
|
|
+ if isEOF {
|
|
+ break
|
|
+ }
|
|
}
|
|
pW.Close()
|
|
}()
|
|
--
|
|
2.14.3
|
|
|