Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate arguments for ps in docker top #24358

Merged
merged 1 commit into from
Jul 8, 2016
Merged

Validate arguments for ps in docker top #24358

merged 1 commit into from
Jul 8, 2016

Conversation

AkihiroSuda
Copy link
Member

- What I did
Fix #24357

- How I did it
Please look at validatePSArgs

- How to verify it

$ docker top c1 ae -o uid=PID -o command=COMMAND
Error response from daemon: specifying uid=PID is not allowed

Signed-off-by: Akihiro Suda suda.akihiro@lab.ntt.co.jp

@AkihiroSuda AkihiroSuda mentioned this pull request Jul 6, 2016
Closed
@thaJeztah
Copy link
Member

Thanks @AkihiroSuda

ping @justincormack @nathanmcauley PTAL

@thaJeztah
Copy link
Member

ping @NathanMcCauley PTAL

justincormack
justincormack reviewed Jul 6, 2016
View reviewed changes
daemon/top_unix.go
"strconv"
"strings"

"github.com/docker/engine-api/types"
)

func validatePSArgs(psArgs string) error {
re := regexp.MustCompile("-o\\s*(.*)=\\s*PID")
group := re.FindStringSubmatch(psArgs)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not quite sufficient, as the header parsing is using strings.Fields and that parses based on unicode whitespace, so you can do docker top d0b6b1e905ae ae -o uid= PID  -o command=COMMAND with any unicode whitespace character between the = and PID. Changing the code to split strictly on ASCII spaces seems to be the best fix.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In fact you can relabel the columns in several ways using UTF8 whitespace eg docker top 7a709f6ac6ae axe -o 'uid=UID PID' -o pid=COMMAND -o command=

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, I'll update PR

@AkihiroSuda
Copy link
Member Author

Thank you @justincormack @tonistiigi
Updated PR.

Test case for unicode space (U+2003, E2 80 83):

$ docker top c1 ae -o uid= PID -o command=COMMAND
Error response from daemon: Couldn't find PID field in ps output

Test case for 'o':

$ docker top c1 aeo uid=PID -o command=COMMAND
Error response from daemon: specifying "uid=PID" is not allowed

@justincormack
Copy link
Contributor

Thanks! LGTM.

@justincormack justincormack added this to the 1.12.0 milestone Jul 7, 2016
@justincormack
Copy link
Contributor

As this is a security fix I added to the 1.12 milestone.

tonistiigi
tonistiigi reviewed Jul 7, 2016
View reviewed changes
daemon/top_unix.go
// So we use fieldsASCII instead of strings.Fields in parsePSOutput.
// See https://github.com/docker/docker/pull/24358
re := regexp.MustCompile("\\s+([^\\s]*)=\\s*PID")
group := re.FindStringSubmatch(psArgs)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because this only matches one time it would not catch -o pid=PID2 -o uid=PID

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thank you, updated PR

@AkihiroSuda
Validate arguments for ps in docker top
2539332 
Fix moby#24357

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
justincormack
justincormack reviewed Jul 8, 2016
View reviewed changes
daemon/top_unix_test.go
"ae -O uid=PID": true,
"ae -o pid=PID2 -o uid=PID": true,
"ae -o pid=PID": false,
"ae -o pid=PID -o uid=PIDX": true, // FIXME: we do not need to prohibit this
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As there are no default names that match this it seems unimportant for now.

@justincormack
Copy link
Contributor

justincormack commented Jul 8, 2016
edited

new version LGTM after @tonistiigi issue has been fixed. Will look at the test failures though.

@justincormack
Copy link
Contributor

Test failures went away on rebuild, so green now.

@tonistiigi
Copy link
Member

LGTM

@diogomonica do you want to verify this as well?

@diogomonica
Copy link
Contributor

LGTM

@thaJeztah
Copy link
Member

thanks @diogomonica. merging

@thaJeztah thaJeztah merged commit 152f5a5 into moby:master Jul 8, 2016
@tiborvass tiborvass mentioned this pull request Jul 8, 2016
Merged
liusdu pushed a commit to liusdu/moby that referenced this pull request Oct 30, 2017
@WeiZhang555 @aarch64
Merge branch 'fix-top-m' into 'huawei-1.11.2'
bfe7174 
Fix breaking `docker top xxx m`

backport from upstream fix: moby#30669

and dependent PR: moby#24358

Fix DTS: DTS2017070300837



See merge request docker/docker!635
@piascikj piascikj mentioned this pull request Jan 9, 2018
Open
@kolyshkin kolyshkin mentioned this pull request Sep 18, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
impact/changelog process/cherry-picked status/2-code-review
Projects
None yet
Milestone
1.12.0
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@AkihiroSuda @thaJeztah @justincormack @tonistiigi @diogomonica @tiborvass @GordonTheTurtle