[libvirt] [PATCH v3] storage: Sanitize pool target paths
Daniel P. Berrange
berrange at redhat.com
Tue May 25 14:54:02 UTC 2010
On Tue, May 25, 2010 at 08:42:31AM -0600, Eric Blake wrote:
> On 05/24/2010 12:52 PM, Cole Robinson wrote:
> > +
> > + /* Need to sanitize:
> > + * // -> //
> > + * /// -> /
> > + * /../foo -> /../foo
> > + * /.//foo -> /foo
> > + * /foo///bar/ -> /foo/bar
> > + * ./foo/./. -> /foo
> > + */
> > +
>
> For my second attempt at a valid review, I actually compiled the
> function, and threw the above inputs at it. /../foo -> /./foo (oops,
> didn't match documentation), and ./foo/./. -> /foo (oops, matched
> documentation, but turned a relative path into absolute), so we do need
> a v4, but not for the original reasons in my first NAK where I mis-read
> the do-while loop.
This function is crying out for a real test case to be written and put
under tests/, feeding it all sorts of evil input.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list