[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v3] storage: Sanitize pool target paths



On Tue, May 25, 2010 at 08:42:31AM -0600, Eric Blake wrote:
> On 05/24/2010 12:52 PM, Cole Robinson wrote:
> > +
> > +    /* Need to sanitize:
> > +     * //           -> //
> > +     * ///          -> /
> > +     * /../foo      -> /../foo
> > +     * /.//foo      -> /foo
> > +     * /foo///bar/  -> /foo/bar
> > +     * ./foo/./.    -> /foo
> > +     */
> > +
> 
> For my second attempt at a valid review, I actually compiled the
> function, and threw the above inputs at it.  /../foo -> /./foo (oops,
> didn't match documentation), and ./foo/./. -> /foo (oops, matched
> documentation, but turned a relative path into absolute), so we do need
> a v4, but not for the original reasons in my first NAK where I mis-read
> the do-while loop.

This function is crying out for a real test case to be written and put
under tests/, feeding it all sorts of evil input.


Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]