From f86db80b5ff3250a98482b4dc9ff69effbbf2390 Mon Sep 17 00:00:00 2001 From: Evan Hazlett Date: Mon, 5 Dec 2016 10:58:53 -0500 Subject: [PATCH] add headers when using exec Signed-off-by: Evan Hazlett ensure headers are properly sanitized Signed-off-by: Evan Hazlett --- api/server/router/container/exec.go | 10 ++++++++-- integration-cli/docker_api_exec_test.go | 10 ++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/api/server/router/container/exec.go b/api/server/router/container/exec.go index 8d49de7dac..1134a0e797 100644 --- a/api/server/router/container/exec.go +++ b/api/server/router/container/exec.go @@ -92,11 +92,17 @@ func (s *containerRouter) postContainerExecStart(ctx context.Context, w http.Res defer httputils.CloseStreams(inStream, outStream) if _, ok := r.Header["Upgrade"]; ok { - fmt.Fprintf(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n\r\n") + fmt.Fprint(outStream, "HTTP/1.1 101 UPGRADED\r\nContent-Type: application/vnd.docker.raw-stream\r\nConnection: Upgrade\r\nUpgrade: tcp\r\n") } else { - fmt.Fprintf(outStream, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n\r\n") + fmt.Fprint(outStream, "HTTP/1.1 200 OK\r\nContent-Type: application/vnd.docker.raw-stream\r\n") } + // copy headers that were removed as part of hijack + if err := w.Header().WriteSubset(outStream, nil); err != nil { + return err + } + fmt.Fprint(outStream, "\r\n") + stdin = inStream stdout = outStream if !execStartCheck.Tty { diff --git a/integration-cli/docker_api_exec_test.go b/integration-cli/docker_api_exec_test.go index e792c8f512..716e9ac68f 100644 --- a/integration-cli/docker_api_exec_test.go +++ b/integration-cli/docker_api_exec_test.go @@ -89,6 +89,16 @@ func (s *DockerSuite) TestExecAPIStart(c *check.C) { startExec(c, id, http.StatusOK) } +func (s *DockerSuite) TestExecAPIStartEnsureHeaders(c *check.C) { + testRequires(c, DaemonIsLinux) + dockerCmd(c, "run", "-d", "--name", "test", "busybox", "top") + + id := createExec(c, "test") + resp, _, err := sockRequestRaw("POST", fmt.Sprintf("/exec/%s/start", id), strings.NewReader(`{"Detach": true}`), "application/json") + c.Assert(err, checker.IsNil) + c.Assert(resp.Header.Get("Server"), checker.Not(checker.Equals), "") +} + func (s *DockerSuite) TestExecAPIStartBackwardsCompatible(c *check.C) { testRequires(c, DaemonIsLinux) // Windows only supports 1.25 or later runSleepingContainer(c, "-d", "--name", "test")