kubernetes/pkg/kubelet/dockertools/kube_docker_client.go at c5d56ea3563a4e3766f4c42b95b3738de9fbe38d

Files

Davanum Srinivas 875fd16e1e Validate SHA/Tag when checking docker images

Docker API does not validate the tag/sha, for example, all the following
calls work say for a alpine image with short SHA "4e38e38c8ce0"
echo -e "GET /images/alpine:4e38e38c8ce0/json HTTP/1.0\r\n" | nc -U /var/run/docker.sock
echo -e "GET /images/alpine:4e38e38c/json HTTP/1.0\r\n" | nc -U /var/run/docker.sock
echo -e "GET /images/alpine:4/json HTTP/1.0\r\n" | nc -U /var/run/docker.sock

So we should check the response from the Docker API and look for the
tags or SHA explicitly.

Fixes #30355

2016-08-11 08:53:05 -04:00

18 KiB

Raw Blame History

View Raw

18 KiB Raw Blame History

18 KiB

Raw Blame History