GitList

Browse code

container.BaseFS: check for nil before deref

Commit 7a7357dae1bccc ("LCOW: Implemented support for docker cp + build")
changed `container.BaseFS` from being a string (that could be empty but
can't lead to nil pointer dereference) to containerfs.ContainerFS,
which could be be `nil` and so nil dereference is at least theoretically
possible, which leads to panic (i.e. engine crashes).

Such a panic can be avoided by carefully analysing the source code in all
the places that dereference a variable, to make the variable can't be nil.
Practically, this analisys are impossible as code is constantly
evolving.

Still, we need to avoid panics and crashes. A good way to do so is to
explicitly check that a variable is non-nil, returning an error
otherwise. Even in case such a check looks absolutely redundant,
further changes to the code might make it useful, and having an
extra check is not a big price to pay to avoid a panic.

This commit adds such checks for all the places where it is not obvious
that container.BaseFS is not nil (which in this case means we do not
call daemon.Mount() a few lines earlier).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>

Kir Kolyshkin authored on 2018/03/14 11:45:21
Showing 4 changed files

container/archive.go index 960d7bf..ed72c4a 100644
container/container.go index 461139b..a076e80 100644
daemon/oci_linux.go index 8d5eebb..256e1c3 100644
daemon/oci_windows.go index e2e10f9..6f65c15 100644

container/archive.go

History View file @ d6ea46c

@@ -6,6 +6,7 @@ import (
                      	"github.com/docker/docker/api/types"
                      	"github.com/docker/docker/pkg/archive"
                      	"github.com/docker/docker/pkg/system"
                     +	"github.com/pkg/errors"
+                     )
                      // ResolvePath resolves the given path in the container to a resource on the
@@ -13,6 +14,9 @@ import (
                      // the absolute path to the resource relative to the container's rootfs, and
                      // an error if the path points to outside the container's rootfs.
                      func (container *Container) ResolvePath(path string) (resolvedPath, absPath string, err error) {
                     +	if container.BaseFS == nil {
                     +		return "", "", errors.New("ResolvePath: BaseFS of container " + container.ID + " is unexpectedly nil")
                     +	}
                      	// Check if a drive letter supplied, it must be the system drive. No-op except on Windows
                      	path, err = system.CheckSystemDriveAndRemoveDriveLetter(path, container.BaseFS)
                      	if err != nil {
@@ -45,6 +49,9 @@ func (container *Container) ResolvePath(path string) (resolvedPath, absPath stri
                      // resolved to a path on the host corresponding to the given absolute path
                      // inside the container.
                      func (container *Container) StatPath(resolvedPath, absPath string) (stat *types.ContainerPathStat, err error) {
                     +	if container.BaseFS == nil {
                     +		return nil, errors.New("StatPath: BaseFS of container " + container.ID + " is unexpectedly nil")
                     +	}
                      	driver := container.BaseFS
                      	lstat, err := driver.Lstat(resolvedPath)

container/container.go

History View file @ d6ea46c

@@ -311,6 +311,9 @@ func (container *Container) SetupWorkingDirectory(rootIDs idtools.IDPair) error
                      //       symlinking to a different path) between using this method and using the
                      //       path. See symlink.FollowSymlinkInScope for more details.
                      func (container *Container) GetResourcePath(path string) (string, error) {
                     +	if container.BaseFS == nil {
                     +		return "", errors.New("GetResourcePath: BaseFS of container " + container.ID + " is unexpectedly nil")
                     +	}
                      	// IMPORTANT - These are paths on the OS where the daemon is running, hence
                      	// any filepath operations must be done in an OS agnostic way.
                      	r, e := container.BaseFS.ResolveScopedPath(path, false)

daemon/oci_linux.go

History View file @ d6ea46c

@@ -705,6 +705,9 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
+                     }
                      func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) error {
                     +	if c.BaseFS == nil {
                     +		return errors.New("populateCommonSpec: BaseFS of container " + c.ID + " is unexpectedly nil")
                     +	}
                      	linkedEnv, err := daemon.setupLinkedContainers(c)
                      	if err != nil {
                      		return err

daemon/oci_windows.go

History View file @ d6ea46c

@@ -221,6 +221,9 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
                      // Sets the Windows-specific fields of the OCI spec
                      func (daemon *Daemon) createSpecWindowsFields(c *container.Container, s *specs.Spec, isHyperV bool) error {
                     +	if c.BaseFS == nil {
                     +		return errors.New("createSpecWindowsFields: BaseFS of container " + c.ID + " is unexpectedly nil")
                     +	}
                      	if len(s.Process.Cwd) == 0 {
                      		// We default to C:\ to workaround the oddity of the case that the
                      		// default directory for cmd running as LocalSystem (or