packages/cri-o
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
cri-o/0002-fix-CVE-2022-4318.patch
bwzhang 4349768d5c fix CVE-2022-4318
2024-04-01 11:29:30 +08:00

27 lines
825 B
Diff
Raw Blame History

From 6de3c05eb6cbb0e98c64bb92bc848a99436c363c Mon Sep 17 00:00:00 2001
From: bwzhang <zhangbowei@kylinos.cn>
Date: Wed, 13 Mar 2024 09:39:27 +0800
Subject: [PATCH] fix CVE-2022-4318
---
server/container_create.go | 3 +++
1 file changed, 3 insertions(+)
diff --git a/server/container_create.go b/server/container_create.go
index 520efc7..30f9ba5 100644
--- a/server/container_create.go
+++ b/server/container_create.go
@@ -196,6 +196,9 @@ func setupContainerUser(ctx context.Context, specgen *generate.Generator, rootfs
for _, env := range specgen.Config.Process.Env {
if strings.HasPrefix(env, "HOME=") {
homedir = strings.TrimPrefix(env, "HOME=")
+ if idx := strings.Index(homedir, `\n`); idx > -1 {
+ return fmt.Errorf("invalid HOME environment; newline not allowed")
+ }
break
}
}
--
2.20.1
Reference in New Issue View Git Blame Copy Permalink