[libvirt] [PATCHv2 1/2] virDomainSaveXML: Reject domains which name contain '/'

Eric Blake eblake at redhat.com
Thu Feb 7 18:30:07 UTC 2013


On 02/07/2013 07:57 AM, John Ferlan wrote:
> On 02/07/2013 08:27 AM, Christophe Fergeau wrote:
>> Similarly to 790f912b4 which rejects snapshots names containing,
>> this commit changes virDomainSaveXML to reject domains with a '/'
>> in their name. The domain name is used as a filename, so this
>> leads to unexpected results when used in combination with '..'
>> ---
>>  src/conf/domain_conf.c | 7 +++++++
>>  1 file changed, 7 insertions(+)
>>
>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>> index 85a798d..13f4bc0 100644
>> --- a/src/conf/domain_conf.c
>> +++ b/src/conf/domain_conf.c
>> @@ -14728,6 +14728,13 @@ int virDomainSaveXML(const char *configDir,
>>      char *configFile = NULL;
>>      int ret = -1;
>>  
>> +    if (strchr(def->name, '/')) {
>> +        virReportError(VIR_ERR_XML_DETAIL,
>> +                       _("invalid domain name '%s': name can't contain '/'"),
>> +                       def->name);
>> +        goto cleanup;
>> +    }
>> +
>>      if ((configFile = virDomainConfigFile(configDir, def->name)) == NULL)
>>          goto cleanup;
>>  
>>
> Seems this should be in a more "general" location. Would the same rules apply to
> other objects (networks, storage, etc.)?  What other characters should be avoided? 

In my mind, newline is the most questionable remaining character; as
long as a user has proper shell quoting, and we limit things to one file
per line, then all other file names are at least usable even if they
remain questionable for ability to type easily.

> Having a comma, semi-colon, colon, etc. could have interesting results. Perhaps
> somewhat different rules for each, but using some sort of type of object enum
> to weed out object specific rules (eg, VIR_IS_ type macros).

Indeed, a series of followup patches to make these types of restrictions
more generic might be nice; but I don't think we need to wait for a
followup in order to apply this series as-is.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130207/1c3da6fd/attachment-0001.sig>


More information about the libvir-list mailing list