From 5f293d9ac42a645e50d21ea2e872de9b1e823e64 Mon Sep 17 00:00:00 2001
From: wanglei01 <wllenyj@linux.alibaba.com>
Date: Wed, 17 Nov 2021 20:39:57 +0800
Subject: [PATCH] [CRI] Fix panic when registry.mirrors use localhost

When containerd use this config:

```
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors."localhost:5000"]
      endpoint = ["http://localhost:5000"]
```

Due to the `newTransport` function does not initialize the `TLSClientConfig` field.
Then use `TLSClientConfig` to cause nil pointer dereference

Signed-off-by: wanglei <wllenyj@linux.alibaba.com>
---
 pkg/cri/server/image_pull.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pkg/cri/server/image_pull.go b/pkg/cri/server/image_pull.go
index 38985c068..0372c3102 100644
--- a/pkg/cri/server/image_pull.go
+++ b/pkg/cri/server/image_pull.go
@@ -375,7 +375,9 @@ func (c *criService) registryHosts(ctx context.Context, auth *runtime.AuthConfig
 				}
 			} else if isLocalHost(host) && u.Scheme == "http" {
 				// Skipping TLS verification for localhost
-				transport.TLSClientConfig.InsecureSkipVerify = true
+				transport.TLSClientConfig = &tls.Config{
+					InsecureSkipVerify: true,
+				}
 			}
 
 			// Make a copy of `auth`, so that different authorizers would not reference