From 3dc8c2a33a9ad14355371656018492c70764a22e Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Sat, 11 Jan 2014 05:46:11 -0700
Subject: [PATCH 1/2] Stop ADD from following symlinks outside the context when
 passed as the first argument

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: fb63cfa9a502e2410597422f8877cf16b0bbaad2
Component: engine
---
 components/engine/buildfile.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/components/engine/buildfile.go b/components/engine/buildfile.go
index de03e5879f..6b568d7563 100644
--- a/components/engine/buildfile.go
+++ b/components/engine/buildfile.go
@@ -287,6 +287,11 @@ func (b *buildFile) CmdVolume(args string) error {
 
 func (b *buildFile) checkPathForAddition(orig string) error {
 	origPath := path.Join(b.contextPath, orig)
+	if p, err := filepath.EvalSymlinks(origPath); err != nil {
+		return err
+	} else {
+		origPath = p
+	}
 	if !strings.HasPrefix(origPath, b.contextPath) {
 		return fmt.Errorf("Forbidden path outside the build context: %s (%s)", orig, origPath)
 	}

From c10cddede64faac26fc27ba4a2f3b5a84f71c93f Mon Sep 17 00:00:00 2001
From: Tianon Gravi <admwiggin@gmail.com>
Date: Tue, 14 Jan 2014 11:42:03 -0700
Subject: [PATCH 2/2] Fix "foo: no such file or directory" test failure, and
 normalize creation of custom error to always depend on if os.IsNotExist(err)
 so we don't hide other errors that might crop up in these tests

Docker-DCO-1.1-Signed-off-by: Andrew Page <admwiggin@gmail.com> (github: tianon)
Upstream-commit: 7a6255efbcb83458ca179b2148fda7a0160a4bd7
Component: engine
---
 components/engine/buildfile.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/components/engine/buildfile.go b/components/engine/buildfile.go
index 6b568d7563..2b6d40c15d 100644
--- a/components/engine/buildfile.go
+++ b/components/engine/buildfile.go
@@ -288,6 +288,9 @@ func (b *buildFile) CmdVolume(args string) error {
 func (b *buildFile) checkPathForAddition(orig string) error {
 	origPath := path.Join(b.contextPath, orig)
 	if p, err := filepath.EvalSymlinks(origPath); err != nil {
+		if os.IsNotExist(err) {
+			return fmt.Errorf("%s: no such file or directory", orig)
+		}
 		return err
 	} else {
 		origPath = p
@@ -297,7 +300,10 @@ func (b *buildFile) checkPathForAddition(orig string) error {
 	}
 	_, err := os.Stat(origPath)
 	if err != nil {
-		return fmt.Errorf("%s: no such file or directory", orig)
+		if os.IsNotExist(err) {
+			return fmt.Errorf("%s: no such file or directory", orig)
+		}
+		return err
 	}
 	return nil
 }
@@ -313,7 +319,10 @@ func (b *buildFile) addContext(container *Container, orig, dest string) error {
 	}
 	fi, err := os.Stat(origPath)
 	if err != nil {
-		return fmt.Errorf("%s: no such file or directory", orig)
+		if os.IsNotExist(err) {
+			return fmt.Errorf("%s: no such file or directory", orig)
+		}
+		return err
 	}
 	if fi.IsDir() {
 		if err := archive.CopyWithTar(origPath, destPath); err != nil {