packages/containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
containerd/patch/0088-containerd-Use-chmod-path-for-checking-symlink.patch
zhongjiawei d49c9d0693 containerd: bugfix and add CGO security build option 
(cherry picked from commit eb136438cf63fae5754c31920a6bf8afaeded135)
2022-09-22 19:38:32 +08:00

31 lines
1.1 KiB
Diff
Raw Blame History

From 90a3fd55136fb18641c8221792b013ee1dbc17f5 Mon Sep 17 00:00:00 2001
From: xiadanni <xiadanni1@huawei.com>
Date: Mon, 24 Jan 2022 19:15:14 +0800
Subject: [PATCH] [Backport]Use chmod path for checking symlink
fix CVE-2021-32760
Conflict:NA
Reference:https://github.com/containerd/containerd/commit/03aa748c11663e87a72fab92b7ab7c88c28bf13e
Signed-off-by: xiadanni <xiadanni1@huawei.com>
---
archive/tar_unix.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/archive/tar_unix.go b/archive/tar_unix.go
index 022dd6d4f..7f3857c7d 100644
--- a/archive/tar_unix.go
+++ b/archive/tar_unix.go
@@ -127,7 +127,7 @@ func handleTarTypeBlockCharFifo(hdr *tar.Header, path string) error {
func handleLChmod(hdr *tar.Header, path string, hdrInfo os.FileInfo) error {
if hdr.Typeflag == tar.TypeLink {
- if fi, err := os.Lstat(hdr.Linkname); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
+ if fi, err := os.Lstat(path); err == nil && (fi.Mode()&os.ModeSymlink == 0) {
if err := os.Chmod(path, hdrInfo.Mode()); err != nil {
return err
}
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink