diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c index 259719a..70357c0 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/main.c @@ -24,6 +24,7 @@ #include "modules/gpu/gpu-module.h" #include "modules/fpga/fpga-module.h" #include "modules/cgroups/cgroups-operations.h" +#include "utils/string-utils.h" #include #include @@ -368,6 +369,10 @@ static int validate_run_as_user_commands(int argc, char **argv, int *operation) } cmd_input.app_id = argv[optind++]; cmd_input.container_id = argv[optind++]; + if (validate_container_id(cmd_input.container_id) != 1) { + fprintf(ERRORFILE, "Invalid container id %s\n", cmd_input.container_id); + return INVALID_CONTAINER_ID; + } cmd_input.cred_file = argv[optind++]; cmd_input.local_dirs = argv[optind++];// good local dirs as a comma separated list cmd_input.log_dirs = argv[optind++];// good log dirs as a comma separated list diff --git hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h index ed9fba8..6aac1fe 100644 --- hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h +++ hadoop-yarn-project/hadoop-yarn/hadoop-yarn-server/hadoop-yarn-server-nodemanager/src/main/native/container-executor/impl/util.h @@ -67,7 +67,8 @@ enum errorcodes { ERROR_SANITIZING_DOCKER_COMMAND = 39, DOCKER_IMAGE_INVALID = 40, // DOCKER_CONTAINER_NAME_INVALID = 41, (NOT USED) - ERROR_COMPILING_REGEX = 42 + ERROR_COMPILING_REGEX = 42, + INVALID_CONTAINER_ID = 43 }; /* Macros for min/max. */