From e6ab1725d6f71bb86a6efda6847a530295da550c Mon Sep 17 00:00:00 2001
From: xatier <xatierlike@gmail.com>
Date: Tue, 17 Aug 2021 09:45:55 -0500
Subject: [PATCH] Add space trimming check in sysctl.Validate

Sync with https://github.com/containers/podman/pull/11224

Signed-off-by: Yan-Ming Li <xatierlike@gmail.com>
---
 pkg/sysctl/sysctl.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/sysctl/sysctl.go b/pkg/sysctl/sysctl.go
index eaf5cc66e..9263923c1 100644
--- a/pkg/sysctl/sysctl.go
+++ b/pkg/sysctl/sysctl.go
@@ -30,6 +30,12 @@ func Validate(strSlice []string) (map[string]string, error) {
 		if len(arr) < 2 {
 			return nil, errors.Errorf("%s is invalid, sysctl values must be in the form of KEY=VALUE", val)
 		}
+
+		trimmed := fmt.Sprintf("%s=%s", strings.TrimSpace(arr[0]), strings.TrimSpace(arr[1]))
+		if trimmed != val {
+			return nil, errors.Errorf("'%s' is invalid, extra spaces found", val)
+		}
+
 		if validSysctlMap[arr[0]] {
 			sysctl[arr[0]] = arr[1]
 			continue
@@ -43,7 +49,7 @@ func Validate(strSlice []string) (map[string]string, error) {
 			}
 		}
 		if !foundMatch {
-			return nil, errors.Errorf("sysctl '%s' is not whitelisted", arr[0])
+			return nil, errors.Errorf("sysctl '%s' is not allowed", arr[0])
 		}
 	}
 	return sysctl, nil