[libvirt] [PATCH v3] storage: Sanitize pool target paths

Eric Blake eblake at redhat.com
Mon May 24 22:55:21 UTC 2010 

On 05/24/2010 12:52 PM, Cole Robinson wrote:
> Spurious / in a pool target path makes life difficult for apps using the
> GetVolByPath, and doing other path based comparisons with pools. This
> has caused a few issues for virt-manager users:
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=494005
> https://bugzilla.redhat.com/show_bug.cgi?id=593565
> 
> Add a new util API which removes spurious /, virFileSanitizePath. Sanitize
> target paths when parsing pool XML, and for paths passed to GetVolByPath.
> 
> v2: Leading // must be preserved, properly sanitize path=/, sanitize
>     away /./ -> /
> 
> v3: Properly handle starting ./ and ending /.
> 
> +
> +    /* Need to sanitize:
> +     * //           -> //
> +     * ///          -> /
> +     * /../foo      -> /../foo
> +     * /.//foo      -> /foo
> +     * /foo///bar/  -> /foo/bar
> +     * ./foo/./.    -> /foo

comment typo: ./foo/./. -> foo (not absolute)

> +     */
> +
> +    /* Starting with // is valid posix, but ///foo == /foo */
> +    if (cur[0] == '/' && cur[1] == '/' && cur[2] != '/') {
> +        idx = 2;
> +        cur += 2;
> +    }
> +
> +    /* Sanitize path in place */
> +    while (*cur != '\0') {
> +        int offset = cur - path;
> +
> +        /* Copy all dirname characters */
> +        if ((cur[0] != '/' && cur[0] != '.') ||
> +            (cur[0] == '.' && cur[1] != '/' && cur[1] != '\0')) {
> +            cleanpath[idx++] = *cur++;
> +            continue;
> +        }
> +
> +        /* Sanitize away / and single . */
> +        do {
> +            bool slash_follow = (cur[1] == '/');

Phooey.  Need a v4; this can fault.  If you have "///" ending on a page
boundary, then...


> +            bool slash_before = (offset != 0 && cur[-1] == '/');
> +
> +            /* Skip all extra / */
> +            if (*cur == '/') {
> +                cur++;
> +                continue;
> +            }

...this advances cur to the '\0', and the next iteration of the nested
do-while accesses past the trailing NUL when computing slash_follow.

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100524/2e164d3f/attachment-0001.sig>

More information about the libvir-list mailing list