From 3f542419acd9119c53f2b334ab9099867994a6ca Mon Sep 17 00:00:00 2001 From: Aaron Lehmann Date: Tue, 2 Aug 2016 18:34:10 -0700 Subject: [PATCH] Check size of keys slice If not enough keys are provided to SetKeys, this may cause a panic. This should not cause problems with the current integration in Docker 1.12.0, but the panic might happen loading data created by an earlier version, or data that is corrupted somehow. Add a length check to be defensive. Signed-off-by: Aaron Lehmann --- libnetwork/agent.go | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/libnetwork/agent.go b/libnetwork/agent.go index 0e498cf84f..33041cc9ea 100644 --- a/libnetwork/agent.go +++ b/libnetwork/agent.go @@ -136,10 +136,16 @@ func (c *controller) handleKeyChange(keys []*types.EncryptionKey) error { } } - key, tag := c.getPrimaryKeyTag(subsysGossip) + key, tag, err := c.getPrimaryKeyTag(subsysGossip) + if err != nil { + return err + } a.networkDB.SetPrimaryKey(key) - key, tag = c.getPrimaryKeyTag(subsysIPSec) + key, tag, err = c.getPrimaryKeyTag(subsysIPSec) + if err != nil { + return err + } drvEnc.Primary = key drvEnc.PrimaryTag = tag @@ -289,9 +295,9 @@ func (c *controller) getKeys(subsys string) ([][]byte, []uint64) { return keys, tags } -// getPrimaryKeyTag returns the primary key for a given subsytem from the +// getPrimaryKeyTag returns the primary key for a given subsystem from the // list of sorted key and the associated tag -func (c *controller) getPrimaryKeyTag(subsys string) ([]byte, uint64) { +func (c *controller) getPrimaryKeyTag(subsys string) ([]byte, uint64, error) { sort.Sort(ByTime(c.keys)) keys := []*types.EncryptionKey{} for _, key := range c.keys { @@ -299,7 +305,10 @@ func (c *controller) getPrimaryKeyTag(subsys string) ([]byte, uint64) { keys = append(keys, key) } } - return keys[1].Key, keys[1].LamportTime + if len(keys) < 2 { + return nil, 0, fmt.Errorf("primary key for subsystem %s not found", subsys) + } + return keys[1].Key, keys[1].LamportTime, nil } func (c *controller) agentInit(bindAddrOrInterface, advertiseAddr string) error {