From b46f044bf71309088b30c1172d4c69287c6a99df Mon Sep 17 00:00:00 2001
From: Jessica Frazelle <acidburn@docker.com>
Date: Mon, 4 Jan 2016 15:00:49 -0800
Subject: [PATCH] update volume name regex

Disallow creating a volume starting with a /.

Signed-off-by: Jessica Frazelle <acidburn@docker.com>
---
 utils/names.go             |  3 +++
 volume/local/local.go      |  2 +-
 volume/local/local_test.go | 21 +++++++++++++++++++++
 3 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/utils/names.go b/utils/names.go
index e09e569b15..8239c0de29 100644
--- a/utils/names.go
+++ b/utils/names.go
@@ -7,3 +7,6 @@ const RestrictedNameChars = `[a-zA-Z0-9][a-zA-Z0-9_.-]`
 
 // RestrictedNamePattern is a regular expression to validate names against the collection of restricted characters.
 var RestrictedNamePattern = regexp.MustCompile(`^/?` + RestrictedNameChars + `+$`)
+
+// RestrictedVolumeNamePattern is a regular expression to validate volume names against the collection of restricted characters.
+var RestrictedVolumeNamePattern = regexp.MustCompile(`^` + RestrictedNameChars + `+$`)
diff --git a/volume/local/local.go b/volume/local/local.go
index 9f7349faa7..44fd3e57e5 100644
--- a/volume/local/local.go
+++ b/volume/local/local.go
@@ -31,7 +31,7 @@ var (
 	// volumeNameRegex ensures the name assigned for the volume is valid.
 	// This name is used to create the bind directory, so we need to avoid characters that
 	// would make the path to escape the root directory.
-	volumeNameRegex = utils.RestrictedNamePattern
+	volumeNameRegex = utils.RestrictedVolumeNamePattern
 )
 
 // New instantiates a new Root instance with the provided scope. Scope
diff --git a/volume/local/local_test.go b/volume/local/local_test.go
index 2c5b800a56..97d0f082ae 100644
--- a/volume/local/local_test.go
+++ b/volume/local/local_test.go
@@ -124,3 +124,24 @@ func TestCreate(t *testing.T) {
 		}
 	}
 }
+
+func TestValidateName(t *testing.T) {
+	r := &Root{}
+	names := map[string]bool{
+		"/testvol":    false,
+		"thing.d":     true,
+		"hello-world": true,
+		"./hello":     false,
+		".hello":      false,
+	}
+
+	for vol, expected := range names {
+		err := r.validateName(vol)
+		if expected && err != nil {
+			t.Fatalf("expected %s to be valid got %v", vol, err)
+		}
+		if !expected && err == nil {
+			t.Fatalf("expected %s to be invalid", vol)
+		}
+	}
+}