1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/pkg/symlink/fs.go
lalyos ad35d522db Fixes 5370 infinite/maxLoopCount loop for relative symlinks
use path.IsAbs() instead of checking if first char is '/'

Docker-DCO-1.1-Signed-off-by: Lajos Papp <lajos.papp@sequenceiq.com> (github: lalyos)
2014-05-16 01:03:11 +02:00

81 lines
1.6 KiB
Go

package symlink
import (
"fmt"
"os"
"path"
"path/filepath"
"strings"
)
const maxLoopCounter = 100
// FollowSymlink will follow an existing link and scope it to the root
// path provided.
func FollowSymlinkInScope(link, root string) (string, error) {
prev := "/"
root, err := filepath.Abs(root)
if err != nil {
return "", err
}
link, err = filepath.Abs(link)
if err != nil {
return "", err
}
if !strings.HasPrefix(filepath.Dir(link), root) {
return "", fmt.Errorf("%s is not within %s", link, root)
}
for _, p := range strings.Split(link, "/") {
prev = filepath.Join(prev, p)
prev = filepath.Clean(prev)
loopCounter := 0
for {
loopCounter++
if loopCounter >= maxLoopCounter {
return "", fmt.Errorf("loopCounter reached MAX: %v", loopCounter)
}
if !strings.HasPrefix(prev, root) {
// Don't resolve symlinks outside of root. For example,
// we don't have to check /home in the below.
//
// /home -> usr/home
// FollowSymlinkInScope("/home/bob/foo/bar", "/home/bob/foo")
break
}
stat, err := os.Lstat(prev)
if err != nil {
if os.IsNotExist(err) {
break
}
return "", err
}
if stat.Mode()&os.ModeSymlink == os.ModeSymlink {
dest, err := os.Readlink(prev)
if err != nil {
return "", err
}
if path.IsAbs(dest) {
prev = filepath.Join(root, dest)
} else {
prev, _ = filepath.Abs(prev)
if prev = filepath.Clean(filepath.Join(filepath.Dir(prev), dest)); len(prev) < len(root) {
prev = filepath.Join(root, filepath.Base(dest))
}
}
} else {
break
}
}
}
return prev, nil
}