From d9efc31daf2206f7d3fdb839863cf7a576a2eb57 Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <cyphar@cyphar.com>
Date: Wed, 24 Mar 2021 00:17:06 +1100
Subject: [PATCH] layer: don't permit / type to be changed on extraction

If users can change the type of / to a symlink, they can cause umoci to
overwrite host files. This is obviously bad, and is not caught by the
rest of our directory escape detection code because the root itself has
been changed to a different directory.

Fixes: CVE-2021-29136
Reported-by: Robin Peraglie <robin@cure53.de>
Tested-by: Daniel Dao <dqminh89@gmail.com>
Reviewed-by: Tycho Andersen <tycho@tycho.pizza>
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
 oci/layer/tar_extract.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/oci/layer/tar_extract.go b/oci/layer/tar_extract.go
index 1b8c3d67..d7414105 100644
--- a/oci/layer/tar_extract.go
+++ b/oci/layer/tar_extract.go
@@ -404,6 +404,11 @@ func (te *TarExtractor) UnpackEntry(root string, hdr *tar.Header, r io.Reader) (
 	if filepath.Join("/", hdr.Name) == "/" {
 		// If we got an entry for the root, then unsafeDir is the full path.
 		unsafeDir, file = hdr.Name, "."
+		// If we're being asked to change the root type, bail because they may
+		// change it to a symlink which we could inadvertently follow.
+		if hdr.Typeflag != tar.TypeDir {
+			return errors.New("malicious tar entry -- refusing to change type of root directory")
+		}
 	}
 	dir, err := securejoin.SecureJoinVFS(root, unsafeDir, te.fsEval)
 	if err != nil {