Includes security fixes for net/http (CVE-2022-41717, CVE-2022-41720),
and os (CVE-2022-41720).
These minor releases include 2 security fixes following the security policy:
- os, net/http: avoid escapes from os.DirFS and http.Dir on Windows
The os.DirFS function and http.Dir type provide access to a tree of files
rooted at a given directory. These functions permitted access to Windows
device files under that root. For example, os.DirFS("C:/tmp").Open("COM1")
would open the COM1 device.
Both os.DirFS and http.Dir only provide read-only filesystem access.
In addition, on Windows, an os.DirFS for the directory \(the root of the
current drive) can permit a maliciously crafted path to escape from the
drive and access any path on the system.
The behavior of os.DirFS("") has changed. Previously, an empty root was
treated equivalently to "/", so os.DirFS("").Open("tmp") would open the
path "/tmp". This now returns an error.
This is CVE-2022-41720 and Go issue https://go.dev/issue/56694.
- net/http: limit canonical header cache by bytes, not entries
An attacker can cause excessive memory growth in a Go server accepting
HTTP/2 requests.
HTTP/2 server connections contain a cache of HTTP header keys sent by
the client. While the total number of entries in this cache is capped,
an attacker sending very large keys can cause the server to allocate
approximately 64 MiB per open connection.
This issue is also fixed in golang.org/x/net/http2 vX.Y.Z, for users
manually configuring HTTP/2.
Thanks to Josselin Costanzi for reporting this issue.
This is CVE-2022-41717 and Go issue https://go.dev/issue/56350.
View the release notes for more information:
https://go.dev/doc/devel/release#go1.19.4
And the milestone on the issue tracker:
https://github.com/golang/go/issues?q=milestone%3AGo1.19.4+label%3ACherryPickApproved
Full diff: https://github.com/golang/go/compare/go1.19.3...go1.19.4
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Commit 20ba591b7f fixed incorrect feature
detection in the CLI, but introduced a regression; previously the "ping"
would only be executed if needed (see b39739123b),
but by not inlining the call to `ServerInfo()` would now always be called.
This patch inlines the code again to only execute the "ping" conditionally,
which allows it to be executed lazily (and omitted for commands that don't
require a daemon connection).
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
When server is unreachable and docker checkpoint (or any command that
needs to check the server type) is run, incorrect error was returned.
When checking if the daemon had the right OS, we compared the OSType
from the clients ServerInfo(). In situations where the client cannot
connect to the daemon, a "stub" Info is used for this, in which we
assume the daemon has experimental enabled, and is running the latest
API version.
However, we cannot fill in the correct OSType, so this field is empty
in this situation.
This patch only compares the OSType if the field is non-empty, otherwise
assumes the platform matches.
before this:
docker -H unix:///no/such/socket.sock checkpoint create test test
docker checkpoint create is only supported on a Docker daemon running on linux, but the Docker daemon is running on
with this patch:
docker -H unix:///no/such/socket.sock checkpoint create test test
Cannot connect to the Docker daemon at unix:///no/such/socket.sock. Is the docker daemon running?
Co-authored-by: Adyanth Hosavalike <ahosavalike@ucsd.edu>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
These tests were using the default client, which would try to make a connection
with the daemon (which isn't running). Some of these test subsequently had
tests that depended on the result of that connection (i.e., "ping" result).
This patch updates the test to use a dummy client, so that the ping result is
predictable.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows the cli to be initialized with a (custom) API client.
Currently to be used for unit tests, but could be used for other
scenarios.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Use /bin/sh in the examples, as it's more likely to be present in a
container than bash (some users got confused by this, so using plain
"sh" in the examples could lead to less confusion).
Also added some extra wording around defaults, and how they're inherited
by the exec'd process.
It's definitely not "perfect" yet (lots to do in this document to improve
it), but it's a start :)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Update the example output to not use deprecated storage drivers or
Windows versions.
Also removes the section about `--debug`, because the `docker info` output
depends on the _daemon_ (not the client) to have debug mode enabled.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
using latest ubuntu LTS, and alpine for some examples. Also syncing some
wording between the man-pages and online docs.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Some touch-ups in the attach reference and man-page;
- remove uses of old images (ubuntu 14.04)
- adds some more wording about `-i` and `-t` to use the detach sequence.
- use `--filter` instead of `grep` to list the container, to make the
example more portable.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Docker v1.12 is really old, so no need to continue including this
in the docs. Also reformatted a markdown table.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows us to pin to a specific version of Alpine, in case the
golang:alpine image switches to a newer version, which may at times
be incompatible, e.g. see https://github.com/moby/moby/issues/44570
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Make sure that the container has multiple port-mappings to illustrate
that only the given port is matched.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- use strings.Cut
- don't use nat.NewPort as we don't accept port ranges
- use an early return if there's no results
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Using both @generated, and using Go's format for generated files,
to match the format we now use on moby/moby.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
if a context is set (e.g. through DOCKER_CONTEXT or the CLI config file), but
wasn't found, then a "stub" context is added, including an error message that
the context doesn't exist.
DOCKER_CONTEXT=nosuchcontext docker context ls
NAME DESCRIPTION DOCKER ENDPOINT ERROR
default Current DOCKER_HOST based configuration unix:///var/run/docker.sock
nosuchcontext * context "nosuchcontext": context not found: …
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This updates `docker context ls` to:
- not abort listing contexts when failing one (or more) contexts
- instead, adding an ERROR column to inform the user there was
an issue loading the context.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows commands that don't require a client connection (such as `context use`)
to be functional, but still produces an error when trying to run a command that
needs to connect with the API;
mkdir -p ~/.docker/ && echo '{"currentContext":"nosuchcontext"}' > ~/.docker/config.json
docker version
Failed to initialize: unable to resolve docker endpoint: load context "nosuchcontext": context does not exist: open /root/.docker/contexts/meta/8bfef2a74c7d06add4bf4c73b0af97d9f79c76fe151ae0e18b9d7e57104c149b/meta.json: no such file or directory
docker context use default
default
Current context is now "default"
docker version
Client:
Version: 22.06.0-dev
API version: 1.42
...
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The "docker context show" command is intended to show the currently configured
context. While the context that's configured may not be valid (e.g., in case
an environment variable was set to configure the context, or if the context
was removed from the filesystem), we should still be able to _show_ the
context.
This patch removes the context validation, and instead only shows the context.
This can help in cases where the context is used to (e.g.) set the command-
prompt, but the user removed the context. With this change, the context name
can still be shown, but commands that _require_ the context will still fail.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This internalizes constructing the Client(), which allows us to provide
fallbacks when trying to determin the current API version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
On termios platforms, interrupt signals are not generated in raw mode terminals
as the ISIG setting is not enabled. Remove interrupt handler as it does nothing
for raw mode and prevents other uses of INT signal with this library.
This code seems to go back all the way to moby/moby#214 where signal handling was
improved for monolithic docker repository. Raw mode -ISIG got reintroduced in
https://github.com/moby/moby/commit/3f63b878076, but the INT handler was left
behind.
full diff: abb19827d3...c43b287e0e
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>