From d6ea46cedaca0098c15843c5254a337d087f5cd6 Mon Sep 17 00:00:00 2001
From: Kir Kolyshkin <kolyshkin@gmail.com>
Date: Tue, 13 Mar 2018 19:45:21 -0700
Subject: [PATCH] container.BaseFS: check for nil before deref

Commit 7a7357dae1bccc ("LCOW: Implemented support for docker cp + build")
changed `container.BaseFS` from being a string (that could be empty but
can't lead to nil pointer dereference) to containerfs.ContainerFS,
which could be be `nil` and so nil dereference is at least theoretically
possible, which leads to panic (i.e. engine crashes).

Such a panic can be avoided by carefully analysing the source code in all
the places that dereference a variable, to make the variable can't be nil.
Practically, this analisys are impossible as code is constantly
evolving.

Still, we need to avoid panics and crashes. A good way to do so is to
explicitly check that a variable is non-nil, returning an error
otherwise. Even in case such a check looks absolutely redundant,
further changes to the code might make it useful, and having an
extra check is not a big price to pay to avoid a panic.

This commit adds such checks for all the places where it is not obvious
that container.BaseFS is not nil (which in this case means we do not
call daemon.Mount() a few lines earlier).

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
---
 container/archive.go   | 7 +++++++
 container/container.go | 3 +++
 daemon/oci_linux.go    | 3 +++
 daemon/oci_windows.go  | 3 +++
 4 files changed, 16 insertions(+)

diff --git a/container/archive.go b/container/archive.go
index 960d7bf615..ed72c4a405 100644
--- a/container/archive.go
+++ b/container/archive.go
@@ -6,6 +6,7 @@ import (
 	"github.com/docker/docker/api/types"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/system"
+	"github.com/pkg/errors"
 )
 
 // ResolvePath resolves the given path in the container to a resource on the
@@ -13,6 +14,9 @@ import (
 // the absolute path to the resource relative to the container's rootfs, and
 // an error if the path points to outside the container's rootfs.
 func (container *Container) ResolvePath(path string) (resolvedPath, absPath string, err error) {
+	if container.BaseFS == nil {
+		return "", "", errors.New("ResolvePath: BaseFS of container " + container.ID + " is unexpectedly nil")
+	}
 	// Check if a drive letter supplied, it must be the system drive. No-op except on Windows
 	path, err = system.CheckSystemDriveAndRemoveDriveLetter(path, container.BaseFS)
 	if err != nil {
@@ -45,6 +49,9 @@ func (container *Container) ResolvePath(path string) (resolvedPath, absPath stri
 // resolved to a path on the host corresponding to the given absolute path
 // inside the container.
 func (container *Container) StatPath(resolvedPath, absPath string) (stat *types.ContainerPathStat, err error) {
+	if container.BaseFS == nil {
+		return nil, errors.New("StatPath: BaseFS of container " + container.ID + " is unexpectedly nil")
+	}
 	driver := container.BaseFS
 
 	lstat, err := driver.Lstat(resolvedPath)
diff --git a/container/container.go b/container/container.go
index 461139b435..a076e80746 100644
--- a/container/container.go
+++ b/container/container.go
@@ -311,6 +311,9 @@ func (container *Container) SetupWorkingDirectory(rootIDs idtools.IDPair) error
 //       symlinking to a different path) between using this method and using the
 //       path. See symlink.FollowSymlinkInScope for more details.
 func (container *Container) GetResourcePath(path string) (string, error) {
+	if container.BaseFS == nil {
+		return "", errors.New("GetResourcePath: BaseFS of container " + container.ID + " is unexpectedly nil")
+	}
 	// IMPORTANT - These are paths on the OS where the daemon is running, hence
 	// any filepath operations must be done in an OS agnostic way.
 	r, e := container.BaseFS.ResolveScopedPath(path, false)
diff --git a/daemon/oci_linux.go b/daemon/oci_linux.go
index 8d5eebb885..256e1c3e55 100644
--- a/daemon/oci_linux.go
+++ b/daemon/oci_linux.go
@@ -705,6 +705,9 @@ func setMounts(daemon *Daemon, s *specs.Spec, c *container.Container, mounts []c
 }
 
 func (daemon *Daemon) populateCommonSpec(s *specs.Spec, c *container.Container) error {
+	if c.BaseFS == nil {
+		return errors.New("populateCommonSpec: BaseFS of container " + c.ID + " is unexpectedly nil")
+	}
 	linkedEnv, err := daemon.setupLinkedContainers(c)
 	if err != nil {
 		return err
diff --git a/daemon/oci_windows.go b/daemon/oci_windows.go
index e2e10f9999..6f65c15fb4 100644
--- a/daemon/oci_windows.go
+++ b/daemon/oci_windows.go
@@ -221,6 +221,9 @@ func (daemon *Daemon) createSpec(c *container.Container) (*specs.Spec, error) {
 
 // Sets the Windows-specific fields of the OCI spec
 func (daemon *Daemon) createSpecWindowsFields(c *container.Container, s *specs.Spec, isHyperV bool) error {
+	if c.BaseFS == nil {
+		return errors.New("createSpecWindowsFields: BaseFS of container " + c.ID + " is unexpectedly nil")
+	}
 	if len(s.Process.Cwd) == 0 {
 		// We default to C:\ to workaround the oddity of the case that the
 		// default directory for cmd running as LocalSystem (or