layer: don't permit / type to be changed on extraction

If users can change the type of / to a symlink, they can cause umoci to overwrite host files. This is obviously bad, and is not caught by the rest of our directory escape detection code because the root itself has been changed to a different directory. Fixes: CVE-2021-29136 Reported-by: Robin Peraglie <robin@cure53.de> Tested-by: Daniel Dao <dqminh89@gmail.com> Reviewed-by: Tycho Andersen <tycho@tycho.pizza> Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
opencontainers · Apr 5, 2021 · d9efc31 · d9efc31
1 parent 07fa845
commit d9efc31
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/oci/layer/tar_extract.go b/oci/layer/tar_extract.go
@@ -404,6 +404,11 @@ func (te *TarExtractor) UnpackEntry(root string, hdr *tar.Header, r io.Reader) (
 	if filepath.Join("/", hdr.Name) == "/" {
 		// If we got an entry for the root, then unsafeDir is the full path.
 		unsafeDir, file = hdr.Name, "."
+		// If we're being asked to change the root type, bail because they may
+		// change it to a symlink which we could inadvertently follow.
+		if hdr.Typeflag != tar.TypeDir {
+			return errors.New("malicious tar entry -- refusing to change type of root directory")
+		}
 	}
 	dir, err := securejoin.SecureJoinVFS(root, unsafeDir, te.fsEval)
 	if err != nil {