From d524dd95ccadf0b3dea2e04f5813abbc1423a84e Mon Sep 17 00:00:00 2001
From: allencloud <allen.sun@daocloud.io>
Date: Mon, 27 Feb 2017 21:21:10 +0800
Subject: [PATCH] validate extraHosts in daemon side

Signed-off-by: allencloud <allen.sun@daocloud.io>
---
 daemon/container.go            | 6 ++++++
 daemon/container_operations.go | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/daemon/container.go b/daemon/container.go
index d680f50573..7b106972a1 100644
--- a/daemon/container.go
+++ b/daemon/container.go
@@ -256,6 +256,12 @@ func (daemon *Daemon) verifyContainerSettings(hostConfig *containertypes.HostCon
 		return nil, fmt.Errorf("can't create 'AutoRemove' container with restart policy")
 	}
 
+	for _, extraHost := range hostConfig.ExtraHosts {
+		if _, err := opts.ValidateExtraHost(extraHost); err != nil {
+			return nil, err
+		}
+	}
+
 	for port := range hostConfig.PortBindings {
 		_, portStr := nat.SplitProtoPort(string(port))
 		if _, err := nat.ParsePort(portStr); err != nil {
diff --git a/daemon/container_operations.go b/daemon/container_operations.go
index 986c9ef10b..1c2f6940d2 100644
--- a/daemon/container_operations.go
+++ b/daemon/container_operations.go
@@ -16,6 +16,7 @@ import (
 	networktypes "github.com/docker/docker/api/types/network"
 	"github.com/docker/docker/container"
 	"github.com/docker/docker/daemon/network"
+	"github.com/docker/docker/opts"
 	"github.com/docker/docker/pkg/stringid"
 	"github.com/docker/docker/runconfig"
 	"github.com/docker/go-connections/nat"
@@ -117,6 +118,9 @@ func (daemon *Daemon) buildSandboxOptions(container *container.Container) ([]lib
 
 	for _, extraHost := range container.HostConfig.ExtraHosts {
 		// allow IPv6 addresses in extra hosts; only split on first ":"
+		if _, err := opts.ValidateExtraHost(extraHost); err != nil {
+			return nil, err
+		}
 		parts := strings.SplitN(extraHost, ":", 2)
 		sboxOptions = append(sboxOptions, libnetwork.OptionExtraHost(parts[0], parts[1]))
 	}