38 lines
1.3 KiB
Diff
38 lines
1.3 KiB
Diff
From 6417891690fc0bc85ca4335d7c6ecf8d19ead121 Mon Sep 17 00:00:00 2001
|
|
From: bwzhang <zhangbowei@kylinos.cn>
|
|
Date: Thu, 11 Apr 2024 13:53:33 +0800
|
|
Subject: [PATCH] fix CVE-2024-1753
|
|
|
|
---
|
|
internal/volumes/volumes.go | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/internal/volumes/volumes.go b/internal/volumes/volumes.go
|
|
index f7ac14a..c07c67e 100644
|
|
--- a/internal/volumes/volumes.go
|
|
+++ b/internal/volumes/volumes.go
|
|
@@ -11,6 +11,7 @@ import (
|
|
|
|
"errors"
|
|
|
|
+ "github.com/containers/buildah/copier"
|
|
"github.com/containers/buildah/define"
|
|
"github.com/containers/buildah/internal"
|
|
internalParse "github.com/containers/buildah/internal/parse"
|
|
@@ -189,7 +190,11 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st
|
|
// buildkit parity: support absolute path for sources from current build context
|
|
if contextDir != "" {
|
|
// path should be /contextDir/specified path
|
|
- newMount.Source = filepath.Join(contextDir, filepath.Clean(string(filepath.Separator)+newMount.Source))
|
|
+ evaluated, err := copier.Eval(contextDir, newMount.Source, copier.EvalOptions{})
|
|
+ if err != nil {
|
|
+ return newMount, "", err
|
|
+ }
|
|
+ newMount.Source = evaluated
|
|
} else {
|
|
// looks like its coming from `build run --mount=type=bind` allow using absolute path
|
|
// error out if no source is set
|
|
--
|
|
2.20.1
|
|
|