Issue #3127: SECURITY: tags are used without sanitization - Docker Support

Actions

Send by e-mail Copy link

Issue #3127

closed

SECURITY: tags are used without sanitization

Added by mihai.ibanescu@gmail.com over 6 years ago. Updated about 5 years ago.

Status:

CLOSED - WONTFIX

Priority:

High

Assignee:

Start date:

Due date:

Estimated time:

Severity:

3. High

Version - Docker:

Platform Release:

Target Release - Docker:

OS:

Triaged:

Yes

Groomed:

Sprint Candidate:

Tags:

Pulp 2

Sprint:

Quarter:

Description

As a user, I can do:

pulp-admin docker repo tag --repo-id test-docker --tag-name
../just:kidding --digest
sha256:d5749b517161981ec3f189ff8a7d1dac3d15332c595b297cbc9246286fde34a3

which will result in the repo publishing the image as /var/lib/pulp/published/docker/v2/web/test-docker/manifests/just:kidding

(instead of under /var/lib/pulp/published/docker/v2/web/test-docker/manifests/2/)

It doesn't look like you can escape the repository directory structure with a cleverly crafted tag, but you can most certainly put a v2 image in the v1 namespace.

I think tags should follow a directory structure normalization, and any ../ should be stripped out.

Actions

Send by e-mail Copy link

Also available in: Atom PDF

Project

Profile

Help

Docker Support

Agile boards

Custom queries

Issue #3127

SECURITY: tags are used without sanitization

Updated by dalley over 6 years ago

Updated by bmbouter about 5 years ago

Updated by bmbouter about 5 years ago

Updated by bmbouter about 5 years ago