mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
0a13f827a1
To ensure that we don't revert CVE-2017-14992, add a test that is quite similar to that upstream tar-split test (create an empty archive with lots of junk and make sure the daemon doesn't crash). Signed-off-by: Aleksa Sarai <asarai@suse.de>
36 lines
922 B
Go
36 lines
922 B
Go
package image
|
|
|
|
import (
|
|
"archive/tar"
|
|
"bytes"
|
|
"context"
|
|
"io"
|
|
"testing"
|
|
|
|
"github.com/docker/docker/api/types"
|
|
"github.com/docker/docker/integration/util/request"
|
|
"github.com/docker/docker/internal/testutil"
|
|
)
|
|
|
|
// Ensure we don't regress on CVE-2017-14992.
|
|
func TestImportExtremelyLargeImageWorks(t *testing.T) {
|
|
client := request.NewAPIClient(t)
|
|
|
|
// Construct an empty tar archive with about 8GB of junk padding at the
|
|
// end. This should not cause any crashes (the padding should be mostly
|
|
// ignored).
|
|
var tarBuffer bytes.Buffer
|
|
tw := tar.NewWriter(&tarBuffer)
|
|
if err := tw.Close(); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
imageRdr := io.MultiReader(&tarBuffer, io.LimitReader(testutil.DevZero, 8*1024*1024*1024))
|
|
|
|
_, err := client.ImageImport(context.Background(),
|
|
types.ImageImportSource{Source: imageRdr, SourceName: "-"},
|
|
"test1234:v42",
|
|
types.ImageImportOptions{})
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
}
|