[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] qemu_monitor: Don't output snapshot format argument if type is NULL



On 03/27/2012 05:49 AM, Peter Krempa wrote:
> If the snapshot format type string was NULL, the JSON framework created
> an invalid JSON string.
> ---
> The other option would be to fix qemuMonitorJSONMakeCommandRaw that string arguments with a NULL
> argument would suppress outputing the complete option, but I'm afraid of breaking something.
> 
> Background:
> http://www.redhat.com/archives/libvir-list/2012-March/msg01198.html

Thanks for tracking this down.

Actually, I'd rather fix qemu_driver.c to guarantee that format is
always non-NULL (omitting the format argument means that qemu either
probes the file or hard-codes a default, and that carries risk, since in
the past, we've had CVEs where autoprobing of a raw file can mistakenly
result in treating the file as qcow2 and cause SELinux labeling of
unintended files).

I'll propose a counter-proposal patch later this morning.  Let's wait
until we have both patches to compare before deciding which one to push.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]