[libvirt] [PATCHv2 2/2] virDomainSaveXML: Reject domains which name start with '.'

Christophe Fergeau cfergeau at redhat.com
Thu Feb 7 13:27:30 UTC 2013


The domain name is used as a filename, so this leads to unexpected results,
either because hidden files are created, or because the file is created
somewhere else in the directory tree when '/' is used as well.
---
 src/conf/domain_conf.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 13f4bc0..f5b738a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -14735,6 +14735,13 @@ int virDomainSaveXML(const char *configDir,
         goto cleanup;
     }
 
+    if (def->name[0] == '.') {
+        virReportError(VIR_ERR_XML_DETAIL,
+                       _("invalid domain name '%s': name can't start with '.'"),
+                       def->name);
+        goto cleanup;
+    }
+
     if ((configFile = virDomainConfigFile(configDir, def->name)) == NULL)
         goto cleanup;
 
-- 
1.8.1




More information about the libvir-list mailing list