[libvirt] [PATCH v3] storage: Sanitize pool target paths
Eric Blake
eblake at redhat.com
Tue May 25 15:52:17 UTC 2010
On 05/25/2010 09:49 AM, Cole Robinson wrote:
>> This function is crying out for a real test case to be written and put
>> under tests/, feeding it all sorts of evil input.
>>
>
> Agreed, however I'm backtracking a bit on this, my next post is only
> going to sanitize spurious /, like my original posting (but with the
> original comments addressed).
Which is all the more argument for a gnulib module that does text-based
sanitization on the user's behalf. I'll see about adding that, and in
the meantime,...
>
> A user can accidentally add an extra slash to a pool target, and its
> reasonable to expect it won't cause cause problems, but the same can't
> be said for relative path characters. This function is becoming
> impossible to review (the current posting goes into infinite loop with a
> path like /foo./bar), and most of the logic is not helping solve a real
> world problem.
>
> This patch is going to be backported to a few places: less complex the
> better. Oh, and I'm lazy :)
I agree with Cole's approach of minimizing this particular fix to the
particular problem raised. A fancy gnulib solution is not as important
as a duplicated slash solution.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100525/5c1f9b34/attachment-0001.sig>
More information about the libvir-list
mailing list