[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 2/2] util: file: Don't carelessly sanitize URIs



On Wed, Apr 08, 2015 at 11:21:59AM +0200, Peter Krempa wrote:
> rfc3986 states that the separator in URI path is a single slash.
> Multiple slashes may potentially lead to different resources and thus we
> should not remove them.
> ---
>  src/util/virfile.c  | 6 ++++++
>  tests/virfiletest.c | 7 +++++++
>  2 files changed, 13 insertions(+)
> 
> diff --git a/src/util/virfile.c b/src/util/virfile.c
> index c528a1c..87d121d 100644
> --- a/src/util/virfile.c
> +++ b/src/util/virfile.c
> @@ -2812,12 +2812,18 @@ char *
>  virFileSanitizePath(const char *path)
>  {
>      const char *cur = path;
> +    char *uri;
>      char *cleanpath;
>      int idx = 0;
> 
>      if (VIR_STRDUP(cleanpath, path) < 0)
>          return NULL;
> 
> +    /* don't sanitize URIs - rfc3986 states that two slashes may lead to a
> +     * different resource, thus removing them would possibly change the path */
> +    if ((uri = strstr(path, "://")) && strchr(path, '/') > uri)
> +        return cleanpath;
> +

It took me a while to understand this condition, but I don't know how to
write it more simply.

ACK to both.

Jan

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]