mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
disallow tcp:// from defaulting to 127.0.0.1:4243
This stops docker from accepting tcp:// as a valid bind address. Docker-DCO-1.1-Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com> (github: unclejack)
This commit is contained in:
unclejack
parent
e7f91a6456
commit
31dde3ea05
5 changed files with 22 additions and 18 deletions
|
|
@ -31,12 +31,11 @@ import (
|
||||||
const (
|
const (
|
||||||
APIVERSION = 1.9
|
APIVERSION = 1.9
|
||||||
DEFAULTHTTPHOST = "127.0.0.1"
|
DEFAULTHTTPHOST = "127.0.0.1"
|
||||||
DEFAULTHTTPPORT = 4243
|
|
||||||
DEFAULTUNIXSOCKET = "/var/run/docker.sock"
|
DEFAULTUNIXSOCKET = "/var/run/docker.sock"
|
||||||
)
|
)
|
||||||
|
|
||||||
func ValidateHost(val string) (string, error) {
|
func ValidateHost(val string) (string, error) {
|
||||||
host, err := utils.ParseHost(DEFAULTHTTPHOST, DEFAULTHTTPPORT, DEFAULTUNIXSOCKET, val)
|
host, err := utils.ParseHost(DEFAULTHTTPHOST, DEFAULTUNIXSOCKET, val)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return val, err
|
return val, err
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -72,7 +72,7 @@ Run the following commands to get it downloaded and set up:
|
||||||
chmod +x docker
|
chmod +x docker
|
||||||
|
|
||||||
# Set the environment variable for the docker daemon
|
# Set the environment variable for the docker daemon
|
||||||
export DOCKER_HOST=tcp://
|
export DOCKER_HOST=tcp://127.0.0.1:4243
|
||||||
|
|
||||||
# Copy the executable file
|
# Copy the executable file
|
||||||
sudo cp docker /usr/local/bin/
|
sudo cp docker /usr/local/bin/
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ To list available commands, either run ``docker`` with no parameters or execute
|
||||||
|
|
||||||
$ sudo docker
|
$ sudo docker
|
||||||
Usage: docker [OPTIONS] COMMAND [arg...]
|
Usage: docker [OPTIONS] COMMAND [arg...]
|
||||||
-H=[unix:///var/run/docker.sock]: tcp://[host[:port]] to bind/connect to or unix://[/path/to/socket] to use. When host=[0.0.0.0], port=[4243] or path=[/var/run/docker.sock] is omitted, default values are used.
|
-H=[unix:///var/run/docker.sock]: tcp://[host]:port to bind/connect to or unix://[/path/to/socket] to use. When host=[127.0.0.1] is omitted for tcp or path=[/var/run/docker.sock] is omitted for unix sockets, default values are used.
|
||||||
|
|
||||||
A self-sufficient runtime for linux containers.
|
A self-sufficient runtime for linux containers.
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -745,7 +745,7 @@ func GetNameserversAsCIDR(resolvConf []byte) []string {
|
||||||
}
|
}
|
||||||
|
|
||||||
// FIXME: Change this not to receive default value as parameter
|
// FIXME: Change this not to receive default value as parameter
|
||||||
func ParseHost(defaultHost string, defaultPort int, defaultUnix, addr string) (string, error) {
|
func ParseHost(defaultHost string, defaultUnix, addr string) (string, error) {
|
||||||
var (
|
var (
|
||||||
proto string
|
proto string
|
||||||
host string
|
host string
|
||||||
|
|
@ -753,6 +753,8 @@ func ParseHost(defaultHost string, defaultPort int, defaultUnix, addr string) (s
|
||||||
)
|
)
|
||||||
addr = strings.TrimSpace(addr)
|
addr = strings.TrimSpace(addr)
|
||||||
switch {
|
switch {
|
||||||
|
case addr == "tcp://":
|
||||||
|
return "", fmt.Errorf("Invalid bind address format: %s", addr)
|
||||||
case strings.HasPrefix(addr, "unix://"):
|
case strings.HasPrefix(addr, "unix://"):
|
||||||
proto = "unix"
|
proto = "unix"
|
||||||
addr = strings.TrimPrefix(addr, "unix://")
|
addr = strings.TrimPrefix(addr, "unix://")
|
||||||
|
|
@ -788,12 +790,13 @@ func ParseHost(defaultHost string, defaultPort int, defaultUnix, addr string) (s
|
||||||
if p, err := strconv.Atoi(hostParts[1]); err == nil && p != 0 {
|
if p, err := strconv.Atoi(hostParts[1]); err == nil && p != 0 {
|
||||||
port = p
|
port = p
|
||||||
} else {
|
} else {
|
||||||
port = defaultPort
|
return "", fmt.Errorf("Invalid bind address format: %s", addr)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
} else if proto == "tcp" && !strings.Contains(addr, ":") {
|
||||||
|
return "", fmt.Errorf("Invalid bind address format: %s", addr)
|
||||||
} else {
|
} else {
|
||||||
host = addr
|
host = addr
|
||||||
port = defaultPort
|
|
||||||
}
|
}
|
||||||
if proto == "unix" {
|
if proto == "unix" {
|
||||||
return fmt.Sprintf("%s://%s", proto, host), nil
|
return fmt.Sprintf("%s://%s", proto, host), nil
|
||||||
|
|
|
||||||
|
|
@ -301,34 +301,36 @@ func assertRAMInBytes(t *testing.T, size string, expectError bool, expectedBytes
|
||||||
func TestParseHost(t *testing.T) {
|
func TestParseHost(t *testing.T) {
|
||||||
var (
|
var (
|
||||||
defaultHttpHost = "127.0.0.1"
|
defaultHttpHost = "127.0.0.1"
|
||||||
defaultHttpPort = 4243
|
|
||||||
defaultUnix = "/var/run/docker.sock"
|
defaultUnix = "/var/run/docker.sock"
|
||||||
)
|
)
|
||||||
if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "0.0.0.0"); err != nil || addr != "tcp://0.0.0.0:4243" {
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, "0.0.0.0"); err == nil {
|
||||||
t.Errorf("0.0.0.0 -> expected tcp://0.0.0.0:4243, got %s", addr)
|
t.Errorf("tcp 0.0.0.0 address expected error return, but err == nil, got %s", addr)
|
||||||
}
|
}
|
||||||
if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "0.0.0.1:5555"); err != nil || addr != "tcp://0.0.0.1:5555" {
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, "tcp://"); err == nil {
|
||||||
|
t.Errorf("default tcp:// address expected error return, but err == nil, got %s", addr)
|
||||||
|
}
|
||||||
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, "0.0.0.1:5555"); err != nil || addr != "tcp://0.0.0.1:5555" {
|
||||||
t.Errorf("0.0.0.1:5555 -> expected tcp://0.0.0.1:5555, got %s", addr)
|
t.Errorf("0.0.0.1:5555 -> expected tcp://0.0.0.1:5555, got %s", addr)
|
||||||
}
|
}
|
||||||
if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, ":6666"); err != nil || addr != "tcp://127.0.0.1:6666" {
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, ":6666"); err != nil || addr != "tcp://127.0.0.1:6666" {
|
||||||
t.Errorf(":6666 -> expected tcp://127.0.0.1:6666, got %s", addr)
|
t.Errorf(":6666 -> expected tcp://127.0.0.1:6666, got %s", addr)
|
||||||
}
|
}
|
||||||
if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "tcp://:7777"); err != nil || addr != "tcp://127.0.0.1:7777" {
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, "tcp://:7777"); err != nil || addr != "tcp://127.0.0.1:7777" {
|
||||||
t.Errorf("tcp://:7777 -> expected tcp://127.0.0.1:7777, got %s", addr)
|
t.Errorf("tcp://:7777 -> expected tcp://127.0.0.1:7777, got %s", addr)
|
||||||
}
|
}
|
||||||
if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, ""); err != nil || addr != "unix:///var/run/docker.sock" {
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, ""); err != nil || addr != "unix:///var/run/docker.sock" {
|
||||||
t.Errorf("empty argument -> expected unix:///var/run/docker.sock, got %s", addr)
|
t.Errorf("empty argument -> expected unix:///var/run/docker.sock, got %s", addr)
|
||||||
}
|
}
|
||||||
if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "unix:///var/run/docker.sock"); err != nil || addr != "unix:///var/run/docker.sock" {
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, "unix:///var/run/docker.sock"); err != nil || addr != "unix:///var/run/docker.sock" {
|
||||||
t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr)
|
t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr)
|
||||||
}
|
}
|
||||||
if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "unix://"); err != nil || addr != "unix:///var/run/docker.sock" {
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, "unix://"); err != nil || addr != "unix:///var/run/docker.sock" {
|
||||||
t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr)
|
t.Errorf("unix:///var/run/docker.sock -> expected unix:///var/run/docker.sock, got %s", addr)
|
||||||
}
|
}
|
||||||
if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "udp://127.0.0.1"); err == nil {
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, "udp://127.0.0.1"); err == nil {
|
||||||
t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr)
|
t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr)
|
||||||
}
|
}
|
||||||
if addr, err := ParseHost(defaultHttpHost, defaultHttpPort, defaultUnix, "udp://127.0.0.1:4243"); err == nil {
|
if addr, err := ParseHost(defaultHttpHost, defaultUnix, "udp://127.0.0.1:4243"); err == nil {
|
||||||
t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr)
|
t.Errorf("udp protocol address expected error return, but err == nil. Got %s", addr)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue