Affected by GO-2022-0390 and 6 other vulnerabilities

GO-2022-0390: Moby (Docker Engine) started with non-empty inheritable Linux process capabilities in github.com/docker/docker

GO-2022-0985: Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker

GO-2022-1107: Container build can leak any path on the host into the container in github.com/docker/docker

GO-2023-1699: Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker

GO-2023-1700: Docker Swarm encrypted overlay network traffic may be unencrypted in github.com/docker/docker

GO-2023-1701: Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker

GO-2024-2914: Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker

hack

package

v1.13.0 Latest Latest Go to latest Published: Jan 17, 2017 License: Apache-2.0 Imports: 1 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/docker/docker

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

type MalformedHostHeaderOverride
- func (l *MalformedHostHeaderOverride) Accept() (net.Conn, error)
type MalformedHostHeaderOverrideConn
- func (l *MalformedHostHeaderOverrideConn) Read(b []byte) (n int, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type MalformedHostHeaderOverride ¶

type MalformedHostHeaderOverride struct {
	net.Listener
}

MalformedHostHeaderOverride is a wrapper to be able to overcome the 400 Bad request coming from old docker clients that send an invalid Host header.

func (*MalformedHostHeaderOverride) Accept ¶

func (l *MalformedHostHeaderOverride) Accept() (net.Conn, error)

Accept makes the listener accepts connections and wraps the connection in a MalformedHostHeaderOverrideConn initilizing first to true.

type MalformedHostHeaderOverrideConn ¶

type MalformedHostHeaderOverrideConn struct {
	net.Conn
	// contains filtered or unexported fields
}

MalformedHostHeaderOverrideConn wraps the underlying unix connection and keeps track of the first read from http.Server which just reads the headers.

func (*MalformedHostHeaderOverrideConn) Read ¶

func (l *MalformedHostHeaderOverrideConn) Read(b []byte) (n int, err error)

Read reads the first *read* request from http.Server to inspect the Host header. If the Host starts with / then we're talking to an old docker client which send an invalid Host header. To not error out in http.Server we rewrite the first bytes of the request to sanitize the Host header itself. In case we're not dealing with old docker clients the data is just passed to the server w/o modification.

Source Files ¶

View all Source files

malformed_host_override.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL