Fix CVE in tar-split

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

vendor.conf

@@ -13,7 +13,7 @@ golang.org/x/crypto master
 # docker deps from https://github.com/docker/docker/blob/v1.11.2/hack/vendor.sh
 github.com/docker/docker 30eb4d8cdc422b023d5f11f29a82ecb73554183b
 github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
-github.com/vbatts/tar-split v0.10.1
+github.com/vbatts/tar-split v0.10.2
 github.com/gorilla/context 14f550f51a
 github.com/gorilla/mux e444e69cbd
 github.com/docker/go-units 8a7beacffa3009a9ac66bad506b18ffdd110cf97

vendor/github.com/containers/image/docker/daemon/client.go

@@ -1,11 +1,12 @@
 package daemon
 
 import (
+	"net/http"
+	"path/filepath"
+
 	"github.com/containers/image/types"
 	dockerclient "github.com/docker/docker/client"
 	"github.com/docker/go-connections/tlsconfig"
-	"net/http"
-	"path/filepath"
 )
 
 const (
@@ -15,16 +16,30 @@ const (
 
 // NewDockerClient initializes a new API client based on the passed SystemContext.
 func newDockerClient(ctx *types.SystemContext) (*dockerclient.Client, error) {
-	httpClient, err := tlsConfig(ctx)
-	if err != nil {
-		return nil, err
-	}
-
 	host := dockerclient.DefaultDockerHost
 	if ctx != nil && ctx.DockerDaemonHost != "" {
 		host = ctx.DockerDaemonHost
 	}
 
+	// Sadly, unix:// sockets don't work transparently with dockerclient.NewClient.
+	// They work fine with a nil httpClient; with a non-nil httpClient, the transport’s
+	// TLSClientConfig must be nil (or the client will try using HTTPS over the PF_UNIX socket
+	// regardless of the values in the *tls.Config), and we would have to call sockets.ConfigureTransport.
+	//
+	// We don't really want to configure anything for unix:// sockets, so just pass a nil *http.Client.
+	proto, _, _, err := dockerclient.ParseHost(host)
+	if err != nil {
+		return nil, err
+	}
+	var httpClient *http.Client
+	if proto != "unix" {
+		hc, err := tlsConfig(ctx)
+		if err != nil {
+			return nil, err
+		}
+		httpClient = hc
+	}
+
 	return dockerclient.NewClient(host, defaultAPIVersion, httpClient, nil)
 }
 

vendor/github.com/containers/image/signature/policy_config.go

@@ -70,7 +70,11 @@ func NewPolicyFromFile(fileName string) (*Policy, error) {
 	if err != nil {
 		return nil, err
 	}
-	return NewPolicyFromBytes(contents)
+	policy, err := NewPolicyFromBytes(contents)
+	if err != nil {
+		return nil, errors.Wrapf(err, "invalid policy in %q", fileName)
+	}
+	return policy, nil
 }
 
 // NewPolicyFromBytes returns a policy parsed from the specified blob.

vendor/github.com/containers/image/vendor.conf

@@ -22,7 +22,7 @@ github.com/pborman/uuid 1b00554d822231195d1babd97ff4a781231955c9
 github.com/pkg/errors 248dadf4e9068a0b3e79f02ed0a610d935de5302
 github.com/pmezard/go-difflib 792786c7400a136282c1664665ae0a8db921c6c2
 github.com/stretchr/testify 4d4bfba8f1d1027c4fdbe371823030df51419987
-github.com/vbatts/tar-split bd4c5d64c3e9297f410025a3b1bd0c58f659e721
+github.com/vbatts/tar-split v0.10.2
 golang.org/x/crypto 453249f01cfeb54c3d549ddb75ff152ca243f9d8
 golang.org/x/net 6b27048ae5e6ad1ef927e72e437531493de612fe
 golang.org/x/sys 43e60d72a8e2bd92ee98319ba9a384a0e9837c08

vendor/github.com/docker/docker/hack/README.md

@@ -1,60 +0,0 @@
-## About
-
-This directory contains a collection of scripts used to build and manage this
-repository. If there are any issues regarding the intention of a particular
-script (or even part of a certain script), please reach out to us.
-It may help us either refine our current scripts, or add on new ones
-that are appropriate for a given use case.
-
-## DinD (dind.sh)
-
-DinD is a wrapper script which allows Docker to be run inside a Docker
-container. DinD requires the container to
-be run with privileged mode enabled.
-
-## Generate Authors (generate-authors.sh)
-
-Generates AUTHORS; a file with all the names and corresponding emails of
-individual contributors. AUTHORS can be found in the home directory of
-this repository.
-
-## Make
-
-There are two make files, each with different extensions. Neither are supposed
-to be called directly; only invoke `make`. Both scripts run inside a Docker
-container.
-
-### make.ps1
-
-- The Windows native build script that uses PowerShell semantics; it is limited
-unlike `hack\make.sh` since it does not provide support for the full set of
-operations provided by the Linux counterpart, `make.sh`. However, `make.ps1`
-does provide support for local Windows development and Windows to Windows CI.
-More information is found within `make.ps1` by the author, @jhowardmsft
-
-### make.sh
-
-- Referenced via `make test` when running tests on a local machine,
-or directly referenced when running tests inside a Docker development container.  
-- When running on a local machine, `make test` to run all tests found in
-`test`, `test-unit`, `test-integration`, and `test-docker-py` on
-your local machine. The default timeout is set in `make.sh` to 60 minutes
-(`${TIMEOUT:=60m}`), since it currently takes up to an hour to run
-all of the tests.
-- When running inside a Docker development container, `hack/make.sh` does
-not have a single target that runs all the tests. You need to provide a
-single command line with multiple targets that performs the same thing.
-An example referenced from [Run targets inside a development container](https://docs.docker.com/opensource/project/test-and-docs/#run-targets-inside-a-development-container): `root@5f8630b873fe:/go/src/github.com/moby/moby# hack/make.sh dynbinary binary cross test-unit test-integration test-docker-py`
-- For more information related to testing outside the scope of this README,
-refer to
-[Run tests and test documentation](https://docs.docker.com/opensource/project/test-and-docs/)
-
-## Release (release.sh)
-
-Releases any bundles built by `make` on a public AWS S3 bucket.
-For information regarding configuration, please view `release.sh`.
-
-## Vendor (vendor.sh)
-
-A shell script that is a wrapper around Vndr. For information on how to use
-this, please refer to [vndr's README](https://github.com/LK4D4/vndr/blob/master/README.md)

vendor/github.com/docker/docker/hack/integration-cli-on-swarm/README.md

@@ -1,69 +0,0 @@
-# Integration Testing on Swarm
-
-IT on Swarm allows you to execute integration test in parallel across a Docker Swarm cluster
-
-## Architecture
-
-### Master service
-
-  - Works as a funker caller
-  - Calls a worker funker (`-worker-service`) with a chunk of `-check.f` filter strings (passed as a file via `-input` flag, typically `/mnt/input`)
-
-### Worker service
-
-  - Works as a funker callee
-  - Executes an equivalent of `TESTFLAGS=-check.f TestFoo|TestBar|TestBaz ... make test-integration-cli` using the bind-mounted API socket (`docker.sock`)
-
-### Client
-
-  - Controls master and workers via `docker stack`
-  - No need to have a local daemon
-
-Typically, the master and workers are supposed to be running on a cloud environment,
-while the client is supposed to be running on a laptop, e.g. Docker for Mac/Windows.
-
-## Requirement
-
-  - Docker daemon 1.13 or later
-  - Private registry for distributed execution with multiple nodes
-
-## Usage
-
-### Step 1: Prepare images
-
-    $ make build-integration-cli-on-swarm
-
-Following environment variables are known to work in this step:
-
- - `BUILDFLAGS`
- - `DOCKER_INCREMENTAL_BINARY`
-
-Note: during the transition into Moby Project, you might need to create a symbolic link `$GOPATH/src/github.com/docker/docker` to `$GOPATH/src/github.com/moby/moby`. 
-
-### Step 2: Execute tests
-
-    $ ./hack/integration-cli-on-swarm/integration-cli-on-swarm -replicas 40 -push-worker-image YOUR_REGISTRY.EXAMPLE.COM/integration-cli-worker:latest 
-
-Following environment variables are known to work in this step:
-
- - `DOCKER_GRAPHDRIVER`
- - `DOCKER_EXPERIMENTAL`
-
-#### Flags
-
-Basic flags:
-
- - `-replicas N`: the number of worker service replicas. i.e. degree of parallelism.
- - `-chunks N`: the number of chunks. By default, `chunks` == `replicas`.
- - `-push-worker-image REGISTRY/IMAGE:TAG`: push the worker image to the registry. Note that if you have only single node and hence you do not need a private registry, you do not need to specify `-push-worker-image`.
-
-Experimental flags for mitigating makespan nonuniformity:
-
- - `-shuffle`: Shuffle the test filter strings
-
-Flags for debugging IT on Swarm itself:
-
- - `-rand-seed N`: the random seed. This flag is useful for deterministic replaying. By default(0), the timestamp is used.
- - `-filters-file FILE`: the file contains `-check.f` strings. By default, the file is automatically generated.
- - `-dry-run`: skip the actual workload
- - `keep-executor`: do not auto-remove executor containers, which is used for running privileged programs on Swarm

vendor/github.com/docker/docker/hack/integration-cli-on-swarm/agent/vendor.conf

@@ -1,2 +0,0 @@
-# dependencies specific to worker (i.e. github.com/docker/docker/...) are not vendored here
-github.com/bfirsh/funker-go eaa0a2e06f30e72c9a0b7f858951e581e26ef773

vendor/github.com/vbatts/tar-split/README.md

@@ -1,6 +1,7 @@
 # tar-split
 
 [![Build Status](https://travis-ci.org/vbatts/tar-split.svg?branch=master)](https://travis-ci.org/vbatts/tar-split)
+[![Go Report Card](https://goreportcard.com/badge/github.com/vbatts/tar-split)](https://goreportcard.com/report/github.com/vbatts/tar-split)
 
 Pristinely disassembling a tar archive, and stashing needed raw bytes and offsets to reassemble a validating original archive.
 
@@ -50,7 +51,7 @@ For example stored sparse files that have "holes" in them, will be read as a
 contiguous file, though the archive contents may be recorded in sparse format.
 Therefore when adding the file payload to a reassembled tar, to achieve
 identical output, the file payload would need be precisely re-sparsified. This
-is not something I seek to fix imediately, but would rather have an alert that
+is not something I seek to fix immediately, but would rather have an alert that
 precise reassembly is not possible.
 (see more http://www.gnu.org/software/tar/manual/html_node/Sparse-Formats.html)
 

vendor/github.com/vbatts/tar-split/tar/asm/disassemble.go

@@ -2,7 +2,6 @@ package asm
 
 import (
 	"io"
-	"io/ioutil"
 
 	"github.com/vbatts/tar-split/archive/tar"
 	"github.com/vbatts/tar-split/tar/storage"
@@ -119,20 +118,34 @@ func NewInputTarStream(r io.Reader, p storage.Packer, fp storage.FilePutter) (io
 			}
 		}
 
-		// it is allowable, and not uncommon that there is further padding on the
+		// It is allowable, and not uncommon that there is further padding on
-		// end of an archive, apart from the expected 1024 null bytes.
+		// the end of an archive, apart from the expected 1024 null bytes. We
-		remainder, err := ioutil.ReadAll(outputRdr)
+		// do this in chunks rather than in one go to avoid cases where a
-		if err != nil && err != io.EOF {
+		// maliciously crafted tar file tries to trick us into reading many GBs
-			pW.CloseWithError(err)
+		// into memory.
-			return
+		const paddingChunkSize = 1024 * 1024
-		}
+		var paddingChunk [paddingChunkSize]byte
-		_, err = p.AddEntry(storage.Entry{
+		for {
-			Type:    storage.SegmentType,
+			var isEOF bool
-			Payload: remainder,
+			n, err := outputRdr.Read(paddingChunk[:])
-		})
+			if err != nil {
-		if err != nil {
+				if err != io.EOF {
-			pW.CloseWithError(err)
+					pW.CloseWithError(err)
-			return
+					return
+				}
+				isEOF = true
+			}
+			_, err = p.AddEntry(storage.Entry{
+				Type:    storage.SegmentType,
+				Payload: paddingChunk[:n],
+			})
+			if err != nil {
+				pW.CloseWithError(err)
+				return
+			}
+			if isEOF {
+				break
+			}
 		}
 		pW.Close()
 	}()