Skip to content

Commit

Permalink
server: fail if HOME variable has a newline
Browse files Browse the repository at this point in the history
to prevent CVE-2022-4318

Signed-off-by: Peter Hunt~ <pehunt@redhat.com>
  • Loading branch information
haircommander committed Dec 14, 2022
1 parent 5d04dd4 commit 41dca27
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
3 changes: 3 additions & 0 deletions server/container_create.go
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,9 @@ func setupContainerUser(ctx context.Context, specgen *generate.Generator, rootfs
for _, env := range specgen.Config.Process.Env {
if strings.HasPrefix(env, "HOME=") {
homedir = strings.TrimPrefix(env, "HOME=")
if idx := strings.Index(homedir, `\n`); idx > -1 {
return fmt.Errorf("invalid HOME environment; newline not allowed")
}
break
}
}
Expand Down
8 changes: 8 additions & 0 deletions test/ctr.bats
Original file line number Diff line number Diff line change
Expand Up @@ -1024,3 +1024,11 @@ function check_oci_annotation() {
! ps -p "$process" o pid=,stat= | grep -v 'Z'
done
}

@test "ctr HOME env newline invalid" {
start_crio
jq ' .envs = [{"key": "HOME=", "value": "/root:/sbin/nologin\\ntest::0:0::/:/bin/bash"}]' \
"$TESTDATA"/container_config.json > "$newconfig"

! crictl run "$newconfig" "$TESTDATA"/sandbox_config.json
}

0 comments on commit 41dca27

Please sign in to comment.