From 54575c4167fc93ecdd4edf5b1e2bc116d7f5121e Mon Sep 17 00:00:00 2001 From: Yong Tang Date: Tue, 30 Aug 2016 19:07:21 -0700 Subject: [PATCH] Fix issue in `--ip6` validation for `docker create` This fix tries to address the issue raised in comment: https://github.com/docker/docker/pull/25943#discussion_r76843081 Previously, the validation for `ip6` is done by checking ParseIP().To16(). However, in case an IPv4 address or an IPv4-mapped Ipv6 address has been provided, the validation will pass (should fail). This fix first check if `--ip6` is passed with a valid IP address and returns error for invalid IP addresses. It then check if an IPv4 or IPv4-mapped Ipv6 address is passed, and return error accordingly. This fix adds two more cases in the tests. One for IPv4 address passed to `--ip6` and another for Ipv4-mapped IPv6 address passed to `--ip6`. In both cases, without this fix the validation will pass through. Signed-off-by: Yong Tang Upstream-commit: 1e6eccae69bd9b1f65ec87c33a6a872c81f7fb23 Component: engine --- components/engine/daemon/create.go | 9 +++++++-- .../integration-cli/docker_cli_network_unix_test.go | 6 ++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/components/engine/daemon/create.go b/components/engine/daemon/create.go index 51da513d18..7bebcb77a1 100644 --- a/components/engine/daemon/create.go +++ b/components/engine/daemon/create.go @@ -256,8 +256,13 @@ func (daemon *Daemon) verifyNetworkingConfig(nwConfig *networktypes.NetworkingCo if v.IPAMConfig.IPv4Address != "" && net.ParseIP(v.IPAMConfig.IPv4Address).To4() == nil { return errors.NewBadRequestError(fmt.Errorf("invalid IPv4 address: %s", v.IPAMConfig.IPv4Address)) } - if v.IPAMConfig.IPv6Address != "" && net.ParseIP(v.IPAMConfig.IPv6Address).To16() == nil { - return errors.NewBadRequestError(fmt.Errorf("invalid IPv6 address: %s", v.IPAMConfig.IPv6Address)) + if v.IPAMConfig.IPv6Address != "" { + n := net.ParseIP(v.IPAMConfig.IPv6Address) + // if the address is an invalid network address (ParseIP == nil) or if it is + // an IPv4 address (To4() != nil), then it is an invalid IPv6 address + if n == nil || n.To4() != nil { + return errors.NewBadRequestError(fmt.Errorf("invalid IPv6 address: %s", v.IPAMConfig.IPv6Address)) + } } } } diff --git a/components/engine/integration-cli/docker_cli_network_unix_test.go b/components/engine/integration-cli/docker_cli_network_unix_test.go index e8b6ac94ea..3447b19a7c 100644 --- a/components/engine/integration-cli/docker_cli_network_unix_test.go +++ b/components/engine/integration-cli/docker_cli_network_unix_test.go @@ -1749,4 +1749,10 @@ func (s *DockerNetworkSuite) TestDockerNetworkValidateIP(c *check.C) { c.Assert(err.Error(), checker.Contains, "invalid IPv4 address") _, _, err = dockerCmdWithError("run", "--net=mynet", "--ip", "172.28.99.99", "--ip6", "mynet_ip6", "busybox", "top") c.Assert(err.Error(), checker.Contains, "invalid IPv6 address") + // This is a case of IPv4 address to `--ip6` + _, _, err = dockerCmdWithError("run", "--net=mynet", "--ip6", "172.28.99.99", "busybox", "top") + c.Assert(err.Error(), checker.Contains, "invalid IPv6 address") + // This is a special case of an IPv4-mapped IPv6 address + _, _, err = dockerCmdWithError("run", "--net=mynet", "--ip6", "::ffff:172.28.99.99", "busybox", "top") + c.Assert(err.Error(), checker.Contains, "invalid IPv6 address") }