Skip to content

Commit

Permalink
Merge pull request moby#35424 from cyphar/tar-split-cve_2017_14992
Browse files Browse the repository at this point in the history 
vendor: update to github.com/vbatts/[email protected]
  • Loading branch information
@thaJeztah
thaJeztah authored Nov 7, 2017
2 parents 5745a85 + 0a13f82 commit bd8ed57
Show file tree
Hide file tree
Showing 5 changed files with 81 additions and 17 deletions.
36 changes: 36 additions & 0 deletions integration/image/import_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
package image

import (
"archive/tar"
"bytes"
"context"
"io"
"testing"

"github.com/docker/docker/api/types"
"github.com/docker/docker/integration/util/request"
"github.com/docker/docker/internal/testutil"
)

// Ensure we don't regress on CVE-2017-14992.
func TestImportExtremelyLargeImageWorks(t *testing.T) {
client := request.NewAPIClient(t)

// Construct an empty tar archive with about 8GB of junk padding at the
// end. This should not cause any crashes (the padding should be mostly
// ignored).
var tarBuffer bytes.Buffer
tw := tar.NewWriter(&tarBuffer)
if err := tw.Close(); err != nil {
t.Fatal(err)
}
imageRdr := io.MultiReader(&tarBuffer, io.LimitReader(testutil.DevZero, 8*1024*1024*1024))

_, err := client.ImageImport(context.Background(),
types.ImageImportSource{Source: imageRdr, SourceName: "-"},
"test1234:v42",
types.ImageImportOptions{})
if err != nil {
t.Fatal(err)
}
}
14 changes: 14 additions & 0 deletions internal/testutil/helpers.go
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package testutil

import (
"io"

"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
Expand All @@ -11,3 +13,15 @@ func ErrorContains(t require.TestingT, err error, expectedError string, msgAndAr
require.Error(t, err, msgAndArgs...)
assert.Contains(t, err.Error(), expectedError, msgAndArgs...)
}

// DevZero acts like /dev/zero but in an OS-independent fashion.
var DevZero io.Reader = devZero{}

type devZero struct{}

func (d devZero) Read(p []byte) (n int, err error) {
for i := 0; i < len(p); i++ {
p[i] = '\x00'
}
return len(p), nil
}
2 changes: 1 addition & 1 deletion vendor.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ github.com/miekg/dns 75e6e86cc601825c5dbcd4e0c209eab180997cd7

# get graph and distribution packages
github.com/docker/distribution edc3ab29cdff8694dd6feb85cfeb4b5f1b38ed9c
github.com/vbatts/tar-split v0.10.1
github.com/vbatts/tar-split v0.10.2
github.com/opencontainers/go-digest a6d0ee40d4207ea02364bd3b9e8e77b9159ba1eb

# get go-zfs packages
Expand Down
3 changes: 2 additions & 1 deletion vendor/github.com/vbatts/tar-split/README.md
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

43 changes: 28 additions & 15 deletions vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit bd8ed57

Please sign in to comment.