Skip to content

Commit

Permalink
Stop ADD from following symlinks outside the context when passed as t…
Browse files Browse the repository at this point in the history 
…he first argument

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
  • Loading branch information
@tianon
tianon committed Jan 11, 2014
1 parent cb314b9 commit fb63cfa
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions buildfile.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -287,6 +287,11 @@ func (b *buildFile) CmdVolume(args string) error {

func (b *buildFile) checkPathForAddition(orig string) error {
origPath := path.Join(b.contextPath, orig)
if p, err := filepath.EvalSymlinks(origPath); err != nil {
return err
} else {
origPath = p
}
if !strings.HasPrefix(origPath, b.contextPath) {
return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath)
}
Expand Down

0 comments on commit fb63cfa

Please sign in to comment.