From 4dea7eefc1a7ff0083bf47cda22247067488ace0 Mon Sep 17 00:00:00 2001
From: unclejack <unclejacksons@gmail.com>
Date: Thu, 27 Nov 2014 23:55:03 +0200
Subject: [PATCH 7/9] validate image ID properly & before load

Signed-off-by: Cristian Staretu <cristian.staretu@gmail.com>
---
 graph/load.go           |  5 +++++
 graph/tags_unit_test.go |  2 +-
 registry/registry.go    |  4 ++--
 utils/utils.go          | 12 +++++++-----
 4 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/graph/load.go b/graph/load.go
index fcbeef6..f27aca4 100644
--- a/graph/load.go
+++ b/graph/load.go
@@ -12,6 +12,7 @@ import (
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/chrootarchive"
 	"github.com/docker/docker/pkg/log"
+	"github.com/docker/docker/utils"
 )
 
 // Loads a set of images into the repository. This is the complementary of ImageExport.
@@ -112,6 +113,10 @@ func (s *TagStore) recursiveLoad(eng *engine.Engine, address, tmpImageDir string
 			log.Debugf("Error unmarshalling json", err)
 			return err
 		}
+		if err := utils.ValidateID(img.ID); err != nil {
+			log.Debugf("Error validating ID: %s", err)
+			return err
+		}
 		if img.Parent != "" {
 			if !s.graph.Exists(img.Parent) {
 				if err := s.recursiveLoad(eng, img.Parent, tmpImageDir); err != nil {
diff --git a/graph/tags_unit_test.go b/graph/tags_unit_test.go
index da51254..bf94deb 100644
--- a/graph/tags_unit_test.go
+++ b/graph/tags_unit_test.go
@@ -16,7 +16,7 @@ import (
 
 const (
 	testImageName = "myapp"
-	testImageID   = "foo"
+	testImageID   = "1a2d3c4d4e5fa2d2a21acea242a5e2345d3aefc3e7dfa2a2a2a21a2a2ad2d234"
 )
 
 func fakeTar() (io.Reader, error) {
diff --git a/registry/registry.go b/registry/registry.go
index a03790a..e0285a2 100644
--- a/registry/registry.go
+++ b/registry/registry.go
@@ -23,7 +23,6 @@ var (
 	ErrInvalidRepositoryName = errors.New("Invalid repository name (ex: \"registry.domain.tld/myrepos\")")
 	ErrDoesNotExist          = errors.New("Image does not exist")
 	errLoginRequired         = errors.New("Authentication is required.")
-	validHex                 = regexp.MustCompile(`^([a-f0-9]{64})$`)
 	validNamespace           = regexp.MustCompile(`^([a-z0-9_]{4,30})$`)
 	validRepo                = regexp.MustCompile(`^([a-z0-9-_.]+)$`)
 )
@@ -177,7 +176,8 @@ func validateRepositoryName(repositoryName string) error {
 		namespace = "library"
 		name = nameParts[0]
 
-		if validHex.MatchString(name) {
+		// the repository name must not be a valid image ID
+		if err := utils.ValidateID(name); err == nil {
 			return fmt.Errorf("Invalid repository name (%s), cannot specify 64-byte hexadecimal strings", name)
 		}
 	} else {
diff --git a/utils/utils.go b/utils/utils.go
index 792b80b..4c65f13 100644
--- a/utils/utils.go
+++ b/utils/utils.go
@@ -31,6 +31,10 @@ type KeyValuePair struct {
 	Value string
 }
 
+var (
+	validHex = regexp.MustCompile(`^([a-f0-9]{64})$`)
+)
+
 // Request a given URL and return an io.Reader
 func Download(url string) (resp *http.Response, err error) {
 	if resp, err = http.Get(url); err != nil {
@@ -190,11 +194,9 @@ func GenerateRandomID() string {
 }
 
 func ValidateID(id string) error {
-	if id == "" {
-		return fmt.Errorf("Id can't be empty")
-	}
-	if strings.Contains(id, ":") {
-		return fmt.Errorf("Invalid character in id: ':'")
+	if ok := validHex.MatchString(id); !ok {
+		err := fmt.Errorf("image ID '%s' is invalid", id)
+		return err
 	}
 	return nil
 }
-- 
1.9.3 (Apple Git-50)