From f63cdf0260cf6287d28a589a79d3f947def6a569 Mon Sep 17 00:00:00 2001
From: Joseph Hager <ajhager@gmail.com>
Date: Thu, 12 Dec 2013 16:34:26 -0500
Subject: [PATCH] Validate container names on creation. Fixes #3138

Move valid container name regex to the top of the file

Added hyphen as a valid rune in container names.

Remove group in valid container name regex.
---
 runtime.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/runtime.go b/runtime.go
index fbf0facd7d..ca2a135cb6 100644
--- a/runtime.go
+++ b/runtime.go
@@ -18,6 +18,7 @@ import (
 	"os"
 	"os/exec"
 	"path"
+	"regexp"
 	"sort"
 	"strings"
 	"sync"
@@ -27,7 +28,10 @@ import (
 // Set the max depth to the aufs restriction
 const MaxImageDepth = 42
 
-var defaultDns = []string{"8.8.8.8", "8.8.4.4"}
+var (
+	defaultDns         = []string{"8.8.8.8", "8.8.4.4"}
+	validContainerName = regexp.MustCompile(`^/?[a-zA-Z0-9_-]+$`)
+)
 
 type Capabilities struct {
 	MemoryLimit            bool
@@ -418,7 +422,12 @@ func (runtime *Runtime) Create(config *Config, name string) (*Container, []strin
 		if err != nil {
 			name = utils.TruncateID(id)
 		}
+	} else {
+		if !validContainerName.MatchString(name) {
+			return nil, nil, fmt.Errorf("Invalid container name (%s), only [a-zA-Z0-9_-] are allowed", name)
+		}
 	}
+
 	if name[0] != '/' {
 		name = "/" + name
 	}