tar-split does not read block by block nor validate tar headers #35075
Comments
n4ss
changed the title
|
Reproducible with In my case the import command completely freezed the host and had to restart |
|
@fntlnz Looks like this is hitting the same path. Oops. Thanks for the great report! |
|
@steevvoe if we fix the tar thing in this case also all the others should benefit right? IDK if I’m missing something but the point seems to be: “we have to avoid the speculations on malicious images crafted to disturb the docker daemon” |
|
@fntlnz Looking back your case, this is actually the same code path. I confused "import" with "load", which properly errors out (we checked!). |
|
@stevvooe I was a bit confused 🌈 |
|
/cc @vbatts |
|
@vbatts I was looking at this code, and it's not clear to me whether there's a trivial way of solving it. The core problem is that the encoding for the I'm going to open a bug against tar-split. |
|
interesting way to OOM. This pad should only ever be 1024, but spec requires reading to the end. |
|
oh right. @cyphar is right about the slice. That would be marshaled in memory. Let's see... |
|
I have proposed a patch for |
|
fixed released in https://github.com/vbatts/tar-split/releases/tag/v0.10.2 |
|
Thanks both! |
|
For reference, CVE-2017-14992 was assigned for this bug. |
Problem
https://github.com/moby/moby/blob/master/vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go#L124
This line can read any number of
\0s at the end of an archive, potentially taking up all the space in RAM.We actually read in memory the complete padding sequence.
Reproductible
To reproduce, compress a high amount of 0s and push&pull as an image.
Solution
We should:
/cc @thaJeztah @vdemeester @stevvooe
The text was updated successfully, but these errors were encountered: