Browse code
Merge pull request #4 from moby/20.10-ghsa-v994-f8vw-g7j4-chroot-mkdir
[20.10] chrootarchive: don't create parent dirs outside of chroot
Sebastiaan van Stijn authored on 2021/09/10 03:50:12Showing 1 changed files
| ... | ... |
@@ -74,13 +74,17 @@ func untarHandler(tarArchive io.Reader, dest string, options *archive.TarOptions |
| 74 | 74 |
options.ExcludePatterns = []string{}
|
| 75 | 75 |
} |
| 76 | 76 |
|
| 77 |
- idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps) |
|
| 78 |
- rootIDs := idMapping.RootPair() |
|
| 77 |
+ // If dest is inside a root then directory is created within chroot by extractor. |
|
| 78 |
+ // This case is only currently used by cp. |
|
| 79 |
+ if dest == root {
|
|
| 80 |
+ idMapping := idtools.NewIDMappingsFromMaps(options.UIDMaps, options.GIDMaps) |
|
| 81 |
+ rootIDs := idMapping.RootPair() |
|
| 79 | 82 |
|
| 80 |
- dest = filepath.Clean(dest) |
|
| 81 |
- if _, err := os.Stat(dest); os.IsNotExist(err) {
|
|
| 82 |
- if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil {
|
|
| 83 |
- return err |
|
| 83 |
+ dest = filepath.Clean(dest) |
|
| 84 |
+ if _, err := os.Stat(dest); os.IsNotExist(err) {
|
|
| 85 |
+ if err := idtools.MkdirAllAndChownNew(dest, 0755, rootIDs); err != nil {
|
|
| 86 |
+ return err |
|
| 87 |
+ } |
|
| 84 | 88 |
} |
| 85 | 89 |
} |
| 86 | 90 |
|