Merge pull request #51 from przemeklal/fix_path_handling

Use filepath package for safe path handling
intel · Oct 14, 2020 · eebb631 · eebb631
2 parents 883ddd0 + 95a6231
commit eebb631
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 8 deletions.
diff --git a/cniovs/cniovs.go b/cniovs/cniovs.go
@@ -225,8 +225,9 @@ func getShortSharedDir(sharedDir string) string {
 	if len(sharedDir) >= 89 && strings.Contains(sharedDir, "empty-dir") {
 		// Format - /var/lib/kubelet/pods/<podID>/volumes/kubernetes.io~empty-dir/shared-dir
 		parts := strings.Split(sharedDir, "/")
+		// FIXME: it's not safe; can we assure that shareDir with "empty-dir" will always have at least 5 dirs?
 		podID := parts[5]
-		newSharedDir := DefaultHostVhostuserBaseDir + podID
+		newSharedDir := filepath.Join(DefaultHostVhostuserBaseDir, podID)
 		logging.Infof("getShortSharedDir: Short shared directory: %s", newSharedDir)
 		return newSharedDir
 	}

diff --git a/cniovs/ovsctrl.go b/cniovs/ovsctrl.go
@@ -17,6 +17,7 @@ package cniovs
 import (
 	"os"
 	"os/exec"
+	"path/filepath"
 	"strings"
 
 	"github.com/intel/userspace-cni-network-plugin/logging"
@@ -69,11 +70,7 @@ func createVhostPort(sock_dir string, sock_name string, client bool, bridge_name
 	args := []string{"add-port", bridge_name, sock_name, "--", "set", "Interface", sock_name, type_str}
 
 	if client == true {
-		socketarg := "options:vhost-server-path=" + sock_dir
-		if sock_dir[len(sock_dir)-1] != '/' {
-			socketarg += "/"
-		}
-		socketarg += sock_name
+		socketarg := "options:vhost-server-path=" + filepath.Join(sock_dir, sock_name)
 		logging.Debugf("Additional string: %s", socketarg)
 
 		args = append(args, socketarg)
@@ -92,7 +89,7 @@ func createVhostPort(sock_dir string, sock_name string, client bool, bridge_name
 		}
 
 		// Move socket to defined dir for easier mounting
-		err = os.Rename(ovs_socket_dir+sock_name, sock_dir+sock_name)
+		err = os.Rename(filepath.Join(ovs_socket_dir, sock_name), filepath.Join(sock_dir, sock_name))
 		if err != nil {
 			logging.Errorf("Rename ERROR: %v", err)
 			err = nil

diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go
@@ -14,6 +14,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
+	"path/filepath"
 	"strings"
 
 	v1 "k8s.io/api/core/v1"
@@ -208,7 +209,7 @@ func setPodAnnotationMappedDir(pod *v1.Pod,
 	// it should be the same as the input data.
 	annotDataStr := pod.Annotations[AnnotKeyUsrspMappedDir]
 	if len(annotDataStr) != 0 {
-		if annotDataStr == mappedDir {
+		if filepath.Clean(annotDataStr) == filepath.Clean(mappedDir) {
 			logging.Verbosef("SetPodAnnotationMappedDir: Existing matches input. Do nothing.")
 			return modified, nil
 		} else {