github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

[CRI] Fix panic when registry.mirrors use localhost

Browse Source 
When containerd use this config:

```
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
      endpoint = ["http://localhost:5000"]
```

Due to the `newTransport` function does not initialize the `TLSClientConfig` field.
Then use `TLSClientConfig` to cause nil pointer dereference

Signed-off-by: wanglei <wllenyj@linux.alibaba.com>
This commit is contained in:
wanglei01 2021-11-17 20:39:57 +08:00
parent 9afc778b73
commit 5f293d9ac4
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/cri/server/image_pull.go
View File

@ -375,7 +375,9 @@ func (c *criService) registryHosts(ctx context.Context, auth *runtime.AuthConfig
} }
} else if isLocalHost(host) && u.Scheme == "http" { } else if isLocalHost(host) && u.Scheme == "http" {
// Skipping TLS verification for localhost // Skipping TLS verification for localhost
transport.TLSClientConfig.InsecureSkipVerify = true transport.TLSClientConfig = &tls.Config{
InsecureSkipVerify: true,
}
} }
// Make a copy of `auth`, so that different authorizers would not reference // Make a copy of `auth`, so that different authorizers would not reference