backend/file: fix an infinite loop in deps walking (CVE-2016-8579)

lucab · lucab · commit 54331ec7020e · 2016-10-13T14:01:29.000Z
This commit fixes a possible infinite loop while traversing the dependency ancestry of a malformed local image file. This has been assigned CVE-2016-8579: #203 (comment)
diff --git a/lib/internal/backend/file/file.go b/lib/internal/backend/file/file.go
@@ -279,14 +279,24 @@ func extractEmbeddedLayer(file *os.File, layerID string, outputPath string) (*os
 	return layerFile, nil
 }
 
+// getAncestry computes an image ancestry, returning an ordered list
+// of dependencies starting from the topmost image to the base.
+// It checks for dependency loops via duplicate detection in the image
+// chain and errors out in such cases.
 func getAncestry(file *os.File, imgID string) ([]string, error) {
 	var ancestry []string
+	deps := make(map[string]bool)
 
 	curImgID := imgID
 
 	var err error
 	for curImgID != "" {
+		if deps[curImgID] {
+			return nil, fmt.Errorf("dependency loop detected at image %q", curImgID)
+		}
+		deps[curImgID] = true
 		ancestry = append(ancestry, curImgID)
+		log.Debug(fmt.Sprintf("Getting ancestry for layer %q", curImgID))
 		curImgID, err = getParent(file, curImgID)
 		if err != nil {
 			return nil, err
@@ -328,5 +338,6 @@ func getParent(file *os.File, imgID string) (string, error) {
 		return "", err
 	}
 
+	log.Debug(fmt.Sprintf("Layer %q depends on layer %q", imgID, parent))
 	return parent, nil
 }
