[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 2/2] util: file: Don't carelessly sanitize URIs



On Wed, Apr 08, 2015 at 13:17:49 +0200, Ján Tomko wrote:
> On Wed, Apr 08, 2015 at 11:21:59AM +0200, Peter Krempa wrote:
> > rfc3986 states that the separator in URI path is a single slash.
> > Multiple slashes may potentially lead to different resources and thus we
> > should not remove them.
> > ---
> >  src/util/virfile.c  | 6 ++++++
> >  tests/virfiletest.c | 7 +++++++
> >  2 files changed, 13 insertions(+)
> > 
> > diff --git a/src/util/virfile.c b/src/util/virfile.c
> > index c528a1c..87d121d 100644
> > --- a/src/util/virfile.c
> > +++ b/src/util/virfile.c
> > @@ -2812,12 +2812,18 @@ char *
> >  virFileSanitizePath(const char *path)
> >  {
> >      const char *cur = path;
> > +    char *uri;
> >      char *cleanpath;
> >      int idx = 0;
> > 
> >      if (VIR_STRDUP(cleanpath, path) < 0)
> >          return NULL;
> > 
> > +    /* don't sanitize URIs - rfc3986 states that two slashes may lead to a
> > +     * different resource, thus removing them would possibly change the path */
> > +    if ((uri = strstr(path, "://")) && strchr(path, '/') > uri)
> > +        return cleanpath;
> > +
> 
> It took me a while to understand this condition, but I don't know how to
> write it more simply.
> 
> ACK to both.

Pushed; Thanks.

Peter

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]