b3ff922a7b
Based on the discussion, we have changed the following: 1. Send body only if content-type is application/json (based on the Docker official daemon REST specification, this is the provided for all APIs that requires authorization. 2. Correctly verify that the msg body is smaller than max cap (this was the actual bug). Fix includes UT. 3. Minor: Check content length > 0 (it was -1 for load, altough an attacker can still modify this) Signed-off-by: Liron Levin <liron@twistlock.com> |
||
|---|---|---|
| .. | ||
| api.go | ||
| authz.go | ||
| authz_unix_test.go | ||
| plugin.go | ||
| response.go | ||