From fb63cfa9a502e2410597422f8877cf16b0bbaad2 Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Sat, 11 Jan 2014 05:46:11 -0700
Subject: [PATCH] Stop ADD from following symlinks outside the context when
 passed as the first argument

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
---
 buildfile.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/buildfile.go b/buildfile.go
index de03e5879f..6b568d7563 100644
--- a/buildfile.go
+++ b/buildfile.go
@@ -287,6 +287,11 @@ func (b *buildFile) CmdVolume(args string) error {
 
 func (b *buildFile) checkPathForAddition(orig string) error {
 	origPath := path.Join(b.contextPath, orig)
+	if p, err := filepath.EvalSymlinks(origPath); err != nil {
+		return err
+	} else {
+		origPath = p
+	}
 	if !strings.HasPrefix(origPath, b.contextPath) {
 		return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath)
 	}