vbatts/pkg - Git - Batts Cloud

1871 commits 2 branches 0 tags 3.9 MiB

Author	SHA1	Message	Date
Liron Levin	b3ff922a7b	Fix #20508 - Authz plugin enabled with large text/JSON POST payload corrupts body Based on the discussion, we have changed the following: 1. Send body only if content-type is application/json (based on the Docker official daemon REST specification, this is the provided for all APIs that requires authorization. 2. Correctly verify that the msg body is smaller than max cap (this was the actual bug). Fix includes UT. 3. Minor: Check content length > 0 (it was -1 for load, altough an attacker can still modify this) Signed-off-by: Liron Levin <liron@twistlock.com>	2016-02-25 08:11:55 +02:00
John Howard	06d7595dc1	Windows CI: test-unit turn off pkg\authorisation Signed-off-by: John Howard <jhoward@microsoft.com>	2016-02-11 17:42:12 -08:00

Author

SHA1

Message

Date

Liron Levin

b3ff922a7b

Fix #20508 - Authz plugin enabled with large text/JSON POST payload corrupts body

Based on the discussion, we have changed the following:

1. Send body only if content-type is application/json (based on the
Docker official daemon REST specification, this is the provided for all
APIs that requires authorization.

2. Correctly verify that the msg body is smaller than max cap (this was
the actual bug). Fix includes UT.

3. Minor: Check content length > 0 (it was -1 for load, altough an
attacker can still modify this)

Signed-off-by: Liron Levin <liron@twistlock.com>

2016-02-25 08:11:55 +02:00

John Howard

06d7595dc1

Windows CI: test-unit turn off pkg\authorisation

Signed-off-by: John Howard <jhoward@microsoft.com>

2016-02-11 17:42:12 -08:00

Renamed from authorization/authz_test.go (Browse further)

2 commits