From a258d0561d31173c91086dfe7aa933750959463b Mon Sep 17 00:00:00 2001 From: Graham Brereton Date: Fri, 3 Nov 2023 14:53:21 -0400 Subject: [PATCH] fix: validate DNS server IP in SetDNSServer --- pkg/chaosdaemon/dns_server.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkg/chaosdaemon/dns_server.go b/pkg/chaosdaemon/dns_server.go index 3347f34c8fd..1a6c8eabbca 100644 --- a/pkg/chaosdaemon/dns_server.go +++ b/pkg/chaosdaemon/dns_server.go @@ -18,6 +18,7 @@ package chaosdaemon import ( "context" "fmt" + "net" "github.com/golang/protobuf/ptypes/empty" "github.com/pkg/errors" @@ -36,6 +37,10 @@ func (s *DaemonServer) SetDNSServer(ctx context.Context, req *pb.SetDNSServerRequest) (*empty.Empty, error) { log := s.getLoggerFromContext(ctx) + if net.ParseIP(req.DnsServer) == nil { + return nil, fmt.Errorf("invalid DNS server address") + } + log.Info("SetDNSServer", "request", req) pid, err := s.crClient.GetPidFromContainerID(ctx, req.ContainerId) if err != nil { @@ -68,6 +73,7 @@ func (s *DaemonServer) SetDNSServer(ctx context.Context, // add chaos dns server to the first line of /etc/resolv.conf // Note: can not replace the /etc/resolv.conf like `mv resolv_conf_dnschaos_temp resolv.conf`, will execute with error `Device or resource busy` + processBuilder = bpm.DefaultProcessBuilder("sh", "-c", fmt.Sprintf("cp %s /etc/resolv_conf_dnschaos_temp && sed -i 's/.*nameserver.*/nameserver %s/' /etc/resolv_conf_dnschaos_temp && cat /etc/resolv_conf_dnschaos_temp > %s && rm /etc/resolv_conf_dnschaos_temp", DNSServerConfFile, req.DnsServer, DNSServerConfFile)).SetContext(ctx) if req.EnterNS { processBuilder = processBuilder.SetNS(pid, bpm.MountNS)