[release/2.6] registry/{storage,handlers}: limit content sizes #2341

stevvooe · 2017-07-20T20:38:52Z

Under certain circumstances, the use of StorageDriver.GetContent can
result in unbounded memory allocations. In particualr, this happens when
accessing a layer through the manifests endpoint.

This problem is mitigated by setting a 4MB limit when using to access
content that may have been accepted from a user. In practice, this means
setting the limit with the use of BlobProvider.Get by wrapping
StorageDriver.GetContent in a helper that uses StorageDriver.Reader
with a limitReader that returns an error.

When mitigating this security issue, we also noticed that the size of
manifests uploaded to the registry is also unlimited. We apply similar
logic to the request body of payloads that are full buffered.

Signed-off-by: Stephen J Day stephen.day@docker.com
(cherry picked from commit 55ea440)
Signed-off-by: Stephen J Day stephen.day@docker.com

cc @riyazdf @dmcgowan

Under certain circumstances, the use of `StorageDriver.GetContent` can result in unbounded memory allocations. In particualr, this happens when accessing a layer through the manifests endpoint. This problem is mitigated by setting a 4MB limit when using to access content that may have been accepted from a user. In practice, this means setting the limit with the use of `BlobProvider.Get` by wrapping `StorageDriver.GetContent` in a helper that uses `StorageDriver.Reader` with a `limitReader` that returns an error. When mitigating this security issue, we also noticed that the size of manifests uploaded to the registry is also unlimited. We apply similar logic to the request body of payloads that are full buffered. Signed-off-by: Stephen J Day <stephen.day@docker.com> (cherry picked from commit 55ea440) Signed-off-by: Stephen J Day <stephen.day@docker.com>

riyazdf

LGTM

codecov · 2017-07-20T20:52:49Z

Codecov Report

Merging #2341 into release/2.6 will decrease coverage by 11.06%.
The diff coverage is 51.06%.

@@               Coverage Diff                @@
##           release/2.6    #2341       +/-   ##
================================================
- Coverage         61.1%   50.04%   -11.07%     
================================================
  Files              126      127        +1     
  Lines            11351    14342     +2991     
================================================
+ Hits              6936     7177      +241     
- Misses            3523     6410     +2887     
+ Partials           892      755      -137

Impacted Files	Coverage Δ
registry/handlers/images.go	`56.84% <0%> (-0.08%)`	⬇️
registry/handlers/blobupload.go	`45.2% <0%> (+0.02%)`	⬆️
registry/storage/blobstore.go	`55.63% <100%> (-1.51%)`	⬇️
registry/handlers/helpers.go	`39.53% <100%> (+0.24%)`	⬆️
registry/storage/io.go	`48.48% <48.48%> (ø)`
registry/storage/driver/gcs/gcs.go	`0.32% <0%> (-69.02%)`	⬇️
registry/storage/driver/oss/oss.go	`0.45% <0%> (-57.55%)`	⬇️
registry/storage/driver/s3-aws/s3.go	`3.73% <0%> (-57.13%)`	⬇️
registry/storage/driver/s3-goamz/s3.go	`0.4% <0%> (-50.74%)`	⬇️
digest/digester.go	`45% <0%> (-15%)`	⬇️
... and 116 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 42ea75c...29fa466. Read the comment docs.

riyazdf approved these changes Jul 20, 2017

View reviewed changes

stevvooe merged commit c829241 into distribution:release/2.6 Jul 20, 2017

stevvooe deleted the limit-payload-size-26 branch July 20, 2017 20:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[release/2.6] registry/{storage,handlers}: limit content sizes #2341

[release/2.6] registry/{storage,handlers}: limit content sizes #2341

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

[release/2.6] registry/{storage,handlers}: limit content sizes #2341

[release/2.6] registry/{storage,handlers}: limit content sizes #2341

Uh oh!

Conversation

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Codecov Report

Uh oh!

Uh oh!