Add space trimming check in ValidateSysctls

This is to catch invalid sysctl configs with extra spacing. See containers/common#723 (comment) Signed-off-by: xatier <[email protected]>
containers · Aug 13, 2021 · d997564 · d997564
1 parent 94886d4
commit d997564
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/pkg/util/utils.go b/pkg/util/utils.go
@@ -618,6 +618,12 @@ func ValidateSysctls(strSlice []string) (map[string]string, error) {
 		if len(arr) < 2 {
 			return nil, errors.Errorf("%s is invalid, sysctl values must be in the form of KEY=VALUE", val)
 		}
+
+		trimmed := fmt.Sprintf("%s=%s", strings.TrimSpace(arr[0]), strings.TrimSpace(arr[1]))
+		if trimmed != val {
+			return nil, errors.Errorf("'%s' is invalid, extra spaces found", val)
+		}
+
 		if validSysctlMap[arr[0]] {
 			sysctl[arr[0]] = arr[1]
 			continue

diff --git a/pkg/util/utils_test.go b/pkg/util/utils_test.go
@@ -1,6 +1,7 @@
 package util
 
 import (
+	"fmt"
 	"testing"
 	"time"
 
@@ -259,6 +260,28 @@ func TestValidateSysctlBadSysctl(t *testing.T) {
 	assert.Error(t, err)
 }
 
+func TestValidateSysctlBadSysctlWithExtraSpaces(t *testing.T) {
+	expectedError := "'%s' is invalid, extra spaces found"
+
+	// should fail fast on first sysctl
+	strSlice1 := []string{
+		"net.ipv4.ping_group_range = 0 0",
+		"net.ipv4.ping_group_range=0 0 ",
+	}
+	_, err := ValidateSysctls(strSlice1)
+	assert.Error(t, err)
+	assert.Equal(t, err.Error(), fmt.Sprintf(expectedError, strSlice1[0]))
+
+	// should fail on second sysctl
+	strSlice2 := []string{
+		"net.ipv4.ping_group_range=0 0",
+		"net.ipv4.ping_group_range=0 0 ",
+	}
+	_, err = ValidateSysctls(strSlice2)
+	assert.Error(t, err)
+	assert.Equal(t, err.Error(), fmt.Sprintf(expectedError, strSlice2[1]))
+}
+
 func TestCoresToPeriodAndQuota(t *testing.T) {
 	cores := 1.0
 	expectedPeriod := DefaultCPUPeriod