Merge pull request #4 from moby/20.10-GHSA-v994-f8vw-g7j4-chroot-mkdir

[20.10] chrootarchive: don't create parent dirs outside of chroot
moby · Sep 9, 2021 · bce32e5 · bce32e5
2 parents f0ab919 + 80f1169
commit bce32e5
Showing 1 changed file with 10 additions and 6 deletions.
diff --git a/pkg/chrootarchive/archive.go b/pkg/chrootarchive/archive.go
@@ -74,13 +74,17 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions
 		options.ExcludePatterns = []string{}
 	}
 
-	idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
-	rootIDs := idMapping.RootPair()
+	// If dest is inside a root then directory is created within chroot by extractor.
+	// This case is only currently used by cp.
+	if dest == root {
+		idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps)
+		rootIDs := idMapping.RootPair()
 
-	dest = filepath.Clean(dest)
-	if _, err := os.Stat(dest); os.IsNotExist(err) {
-		if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil {
-			return err
+		dest = filepath.Clean(dest)
+		if _, err := os.Stat(dest); os.IsNotExist(err) {
+			if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil {
+				return err
+			}
 		}
 	}