kubelet: Validate the length of the DNS search path

This commit is contained in:
Gunju Kim 2021-05-24 20:04:22 +09:00
parent f7e62dc5bb
commit 819059f641

View File

@ -27,6 +27,7 @@ import (
"k8s.io/api/core/v1"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
utilvalidation "k8s.io/apimachinery/pkg/util/validation"
"k8s.io/client-go/tools/record"
runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
"k8s.io/kubernetes/pkg/apis/core/validation"
@ -104,6 +105,19 @@ func (c *Configurer) formDNSSearchFitsLimits(composedSearch []string, pod *v1.Po
limitsExceeded = true
}
// In some DNS resolvers(e.g. glibc 2.28), DNS resolving causes abort() if there is a
// search path exceeding 255 characters. We have to filter them out.
l := 0
for _, search := range composedSearch {
if len(search) > utilvalidation.DNS1123SubdomainMaxLength {
limitsExceeded = true
continue
}
composedSearch[l] = search
l++
}
composedSearch = composedSearch[:l]
if resolvSearchLineStrLen := len(strings.Join(composedSearch, " ")); resolvSearchLineStrLen > validation.MaxDNSSearchListChars {
cutDomainsNum := 0
cutDomainsLen := 0