libct/cgroups.OpenFile: clean "file" argument

kolyshkin · kolyshkin · commit 2c9598c88638 · 2023-10-27T10:46:32.000-07:00
This prevents potential exploit of using "../" in cgroups.OpenFile
(as well as other methods that use OpenFile) to read or write to
other cgroups.

Signed-off-by: Kir Kolyshkin &lt;kolyshkin@gmail.com&gt;
diff --git a/libcontainer/cgroups/file.go b/libcontainer/cgroups/file.go
@@ -10,6 +10,7 @@ import (
 	"strings"
 	"sync"
 
+	"github.com/opencontainers/runc/libcontainer/utils"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/unix"
 )
@@ -111,7 +112,7 @@ func openFile(dir, file string, flags int) (*os.File, error) {
 		flags |= os.O_TRUNC | os.O_CREATE
 		mode = 0o600
 	}
-	path := path.Join(dir, file)
+	path := path.Join(dir, utils.CleanPath(file))
 	if prepareOpenat2() != nil {
 		return openFallback(path, flags, mode)
 	}

Original file line number	Diff line number	Diff line change
`@@ -10,6 +10,7 @@ import (`
`10`	`10`	`"strings"`
`11`	`11`	`"sync"`
`12`	`12`
	`13`	`+ "github.com/opencontainers/runc/libcontainer/utils"`
`13`	`14`	`"github.com/sirupsen/logrus"`
`14`	`15`	`"golang.org/x/sys/unix"`
`15`	`16`	`)`
`@@ -111,7 +112,7 @@ func openFile(dir, file string, flags int) (*os.File, error) {`
`111`	`112`	`flags \|= os.O_TRUNC \| os.O_CREATE`
`112`	`113`	`mode = 0o600`
`113`	`114`	`}`
`114`		`- path := path.Join(dir, file)`
	`115`	`+ path := path.Join(dir, utils.CleanPath(file))`
`115`	`116`	`if prepareOpenat2() != nil {`
`116`	`117`	`return openFallback(path, flags, mode)`
`117`	`118`	`}`