Merge pull request #3567 from tianon/dockerfile-add-symlink

Stop ADD from following symlinks outside the context when passed as the first argument
Upstream-commit: feb3f9841813e3f1fdade2eba9ee6b7ede21258e
Component: engine

components/engine/buildfile.go

@@ -287,12 +287,23 @@ func (b *buildFile) CmdVolume(args string) error {
 
 func (b *buildFile) checkPathForAddition(orig string) error {
 	origPath := path.Join(b.contextPath, orig)
+	if p, err := filepath.EvalSymlinks(origPath); err != nil {
+		if os.IsNotExist(err) {
+			return fmt.Errorf("%s: no such file or directory", orig)
+		}
+		return err
+	} else {
+		origPath = p
+	}
 	if !strings.HasPrefix(origPath, b.contextPath) {
 		return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath)
 	}
 	_, err := os.Stat(origPath)
 	if err != nil {
-		return fmt.Errorf("%s: no such file or directory", orig)
+		if os.IsNotExist(err) {
+			return fmt.Errorf("%s: no such file or directory", orig)
+		}
+		return err
 	}
 	return nil
 }
@@ -308,7 +319,10 @@ func (b *buildFile) addContext(container *Container, orig, dest string) error {
 	}
 	fi, err := os.Stat(origPath)
 	if err != nil {
-		return fmt.Errorf("%s: no such file or directory", orig)
+		if os.IsNotExist(err) {
+			return fmt.Errorf("%s: no such file or directory", orig)
+		}
+		return err
 	}
 	if fi.IsDir() {
 		if err := archive.CopyWithTar(origPath, destPath); err != nil {