Merge pull request #117 from aboch/pt

Protect internal data in CreateOptionPortMapping
2026-05-13 18:13:35 +00:00 · 2015-05-05 13:57:24 -07:00
parent fe87ce50bc c203b3959e
commit 4abc259f84
2 changed files with 11 additions and 6 deletions
--- a/drivers/bridge/link.go
+++ b/drivers/bridge/link.go
@@ -69,7 +69,7 @@ func linkContainers(action, parentIP, childIP string, ports []netutils.PortBindi
 		return InvalidLinkIPAddrError(childIP)
 	}

-	chain := iptables.Chain{Name: "DOCKER", Bridge: bridge}
+	chain := iptables.Chain{Name: DockerChain, Bridge: bridge}
 	for _, port := range ports {
 		err := chain.Link(nfAction, ip1, ip2, int(port.Port), port.Proto.String())
 		if !ignoreErrors && err != nil {
--- a/endpoint.go
+++ b/endpoint.go
@@ -486,13 +486,18 @@ func JoinOptionUseDefaultSandbox() EndpointOption {
 // ports option to be passed to network.CreateEndpoint() method.
 func CreateOptionPortMapping(portBindings []netutils.PortBinding) EndpointOption {
 	return func(ep *endpoint) {
-		// Store endpoint label
-		ep.generic[options.PortMap] = portBindings
-		// Extract exposed ports as this is the only concern of libnetwork endpoint
-		ep.exposedPorts = make([]netutils.TransportPort, 0, len(portBindings))
+		// Extract and store exposed ports as this is the only concern of libnetwork endpoint
+		// Store a copy of the bindings as generic data to pass to the driver
+		pbs := make([]netutils.PortBinding, 0, len(portBindings))
+		exp := make([]netutils.TransportPort, 0, len(portBindings))
+
 		for _, b := range portBindings {
-			ep.exposedPorts = append(ep.exposedPorts, netutils.TransportPort{Proto: b.Proto, Port: b.Port})
+			pbs = append(pbs, b.GetCopy())
+			exp = append(exp, netutils.TransportPort{Proto: b.Proto, Port: b.Port})
 		}
+
+		ep.generic[options.PortMap] = pbs
+		ep.exposedPorts = exp
 	}
 }