From f2bceaceaa2bf8c4e04e6bef57b9993e337051f5 Mon Sep 17 00:00:00 2001 From: Jackson West Date: Wed, 11 May 2022 11:35:54 -0500 Subject: [PATCH] Update libcni to 0.8.1 Fixes CVE-2021-20206 Upstream PR: https://github.com/containernetworking/plugins/pull/580 Signed-off-by: Jackson West --- go.mod | 2 +- go.sum | 4 ++-- vendor/github.com/containernetworking/cni/pkg/invoke/find.go | 5 +++++ vendor/modules.txt | 2 +- 4 files changed, 9 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index ebf18ce..a5d2d9e 100644 --- a/go.mod +++ b/go.mod @@ -7,7 +7,7 @@ require ( github.com/Microsoft/hcsshim v0.8.6 github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44 - github.com/containernetworking/cni v0.8.0 + github.com/containernetworking/cni v0.8.1 github.com/coreos/go-iptables v0.4.5 github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 github.com/d2g/dhcp4 v0.0.0-20170904100407-a1d1b6c41b1c diff --git a/go.sum b/go.sum index 90d627a..1376559 100644 --- a/go.sum +++ b/go.sum @@ -6,8 +6,8 @@ github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae h1:AMzIhMUq github.com/alexflint/go-filemutex v0.0.0-20171022225611-72bdc8eae2ae/go.mod h1:CgnQgUtFrFz9mxFNtED3jI5tLDjKlOM+oUF/sTk6ps0= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44 h1:y853v6rXx+zefEcjET3JuKAqvhj+FKflQijjeaSv2iA= github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s= -github.com/containernetworking/cni v0.8.0 h1:BT9lpgGoH4jw3lFC7Odz2prU5ruiYKcgAjMCbgybcKI= -github.com/containernetworking/cni v0.8.0/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= +github.com/containernetworking/cni v0.8.1 h1:7zpDnQ3T3s4ucOuJ/ZCLrYBxzkg0AELFfII3Epo9TmI= +github.com/containernetworking/cni v0.8.1/go.mod h1:LGwApLUm2FpoOfxTDEeq8T9ipbpZ61X79hmU3w8FmsY= github.com/coreos/go-iptables v0.4.5 h1:DpHb9vJrZQEFMcVLFKAAGMUVX0XoRC0ptCthinRYm38= github.com/coreos/go-iptables v0.4.5/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7 h1:u9SHYsPQNyt5tgDm3YN7+9dYrpK96E5wFilTFWIDZOM= diff --git a/vendor/github.com/containernetworking/cni/pkg/invoke/find.go b/vendor/github.com/containernetworking/cni/pkg/invoke/find.go index e815404..e62029e 100644 --- a/vendor/github.com/containernetworking/cni/pkg/invoke/find.go +++ b/vendor/github.com/containernetworking/cni/pkg/invoke/find.go @@ -18,6 +18,7 @@ import ( "fmt" "os" "path/filepath" + "strings" ) // FindInPath returns the full path of the plugin by searching in the provided path @@ -26,6 +27,10 @@ func FindInPath(plugin string, paths []string) (string, error) { return "", fmt.Errorf("no plugin name provided") } + if strings.ContainsRune(plugin, os.PathSeparator) { + return "", fmt.Errorf("invalid plugin name: %s", plugin) + } + if len(paths) == 0 { return "", fmt.Errorf("no paths provided") } diff --git a/vendor/modules.txt b/vendor/modules.txt index aa559e7..bd723bc 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -28,7 +28,7 @@ github.com/alexflint/go-filemutex # github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44 ## explicit github.com/buger/jsonparser -# github.com/containernetworking/cni v0.8.0 +# github.com/containernetworking/cni v0.8.1 ## explicit github.com/containernetworking/cni/libcni github.com/containernetworking/cni/pkg/invoke -- 2.35.1