[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH v2] conf: virDomainDefValidateInternal prohibit some characters in shmem name




On 08/01/2018 06:24 AM, skobyda redhat com wrote:
> On Fri, 2018-07-27 at 13:19 -0400, John Ferlan wrote:
>> You shouldn't drop libvir-list when you reply...
> Sorry, I dropped it by mistake.
>>
>> On 07/27/2018 06:35 AM, skobyda redhat com wrote:
>>> On Mon, 2018-07-23 at 17:32 -0400, John Ferlan wrote:
>>>>
>>>> On 07/12/2018 09:10 AM, Simon Kobyda wrote:
>>>>> XML shmem name will not include character '/', and will not be
>>>>> equal to strings
>>>>> "." or "..", as shmem name is used in a path.
>>>>
>>>> Validate that the provided XML shmem name is not directory
>>>> specific
>>>> "."
>>>> or ".." names as well as ensuring that there is no path separator
>>>> '/'
>>>> in
>>>> the name.
>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=1192400
>>>>> ---
>>>>>
>>>>> Changes in V2 
>>>>> 	- Added error reports
>>>>> 	- Error situation will happen only if shmem name is
>>>>> equal to
>>>>> 	  "." or "..", however their occurence in a name
>>>>> compromised of
>>>>> more
>>>>>           characters is allowed.
>>>>>
>>>>>  src/conf/domain_conf.c | 22 ++++++++++++++++++++++
>>>>>  1 file changed, 22 insertions(+)
>>>>>
>>>>
>>>> I believe this actually belongs in
>>>> virDomainDeviceDefValidateInternal
>>>> for case VIR_DOMAIN_DEVICE_SHMEM.
>>>> Also, should the docs/schemas/domaincommon.rng be modified?
>>>> Currently
>>>> it
>>>> has:
>>>>
>>>>   <define name="shmem">
>>>>     <element name="shmem">
>>>>       <attribute name="name">
>>>>         <data type="string">
>>>>           <param name="pattern">[^/]*</param>
>>>>         </data>
>>>>
>>>
>>> Is it a good idea? To create such regular expression, I believe it
>>> would make it unreadable for another person, ergo useless. I don't
>>> want
>>> it to end up as IPv6. I've benn told that actual parser can be, and
>>> sometimes is stricter than scheme.
>>>
>>
>> Well this is what I was hoping others would be able to chime in on.
>> Hence why you ask on list. I don't disagree that being stricter in
>> Parse
>> is fine.  Doing regexes is like reading a foreign language to me at
>> times. Some just don't make sense.
> 
> Yeah, that's why I don't want to try to insert complicated regex in
> docs/schemas/domaincommon.rng.
>>
>> I think that regex is indicating - any character except '/', but I'm
>> not
>> sure. If it is, it's ironic that we have to check for '/'
>> specifically
>> since it shouldn't be passing the xml validation test - OK at least
>> if
>> one was editing via virsh.
>>
>> John
>>
> You are right about what that regex does. But from what I heard, that
> functionality is rather new to libvirt, so users have option to bypass
> that verification. So I would like to also leave it in code in case
> users try to bypass that regex verification.
> 
> Simon.
> 

See commit id '1c06d0fa' for the shmem validation previously added.
Ironically a higher numbered bz than referenced your commit.

And yes it's quite easy to tell virsh edit to ignore the xml validation
error. I'm fine with leaving the RNG as is. I had a different bz in my
pile related to resource names, so the topic was somewhat fresh in mind
related to looking at what various RNG "patterns" had, see:

https://www.redhat.com/archives/libvir-list/2018-July/msg02046.html

in that case the problem is that it's possible to name something " " or
"	" and you don't know whether a space or tab or any combination was
used for the entirety of the name.

I think if you move the code from virDomainDefValidateInternal to a
SHMEM specific case in virDomainDeviceDefValidateInternal, then that'll
be fine. I would think that the qemuProcessStartValidateShmem call from
commit 1c06d0fa would not be possible then.


John

>>>> Consider how other names are limited in their scope. The
>>>> basictypes.rng
>>>> has a number of examples.
>>>>
>>>> Naturally, the problem with changing it is that someone somewhere
>>>> will
>>>> complain, but libvirt used to accept this other format. Right now
>>>> I
>>>> would think the scope a bit too broad.
>>>
>>> But then we cannot fix most of the bugs, since there could always
>>> be
>>> some user which relies on bug behavior.
>>>>
>>>> If we are to limit the name we should also document in
>>>> docs/formatdomain.html.in that the shmem name is "limited" in
>>>> name to
>>>> avoid the '/' character, ".", and "..".
>>>>
>>>> BTW: My regex isn't that good, but it would seem '/' is an
>>>> invalid
>>>> character by XML standards even though the code never checked for
>>>> it.
>>>> Using virt-xml-validate <file> <schema> would "validate" whether
>>>> someone
>>>> provides valid XML.
>>>>
>>>>
>>>> John
>>>>
>>>>> diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
>>>>> index 7ab2953d83..6b34c17de4 100644
>>>>> --- a/src/conf/domain_conf.c
>>>>> +++ b/src/conf/domain_conf.c
>>>>> @@ -6107,6 +6107,8 @@ virDomainDefLifecycleActionValidate(const
>>>>> virDomainDef *def)
>>>>>  static int
>>>>>  virDomainDefValidateInternal(const virDomainDef *def)
>>>>>  {
>>>>> +    size_t i;
>>>>> +
>>>>>      if (virDomainDefCheckDuplicateDiskInfo(def) < 0)
>>>>>          return -1;
>>>>>  
>>>>> @@ -6136,6 +6138,26 @@ virDomainDefValidateInternal(const
>>>>> virDomainDef *def)
>>>>>          return -1;
>>>>>      }
>>>>>  
>>>>> +    for (i = 0; i < def->nshmems; i++) {
>>>>> +        if (strchr(def->shmems[i]->name, '/')) {
>>>>> +            virReportError(VIR_ERR_XML_ERROR, "%s",
>>>>> +                           _("shmem name cannot include '/'
>>>>> character"));
>>>>> +            return -1;
>>>>> +        }
>>>>> +
>>>>> +        if (STREQ(def->shmems[i]->name, ".")) {
>>>>> +            virReportError(VIR_ERR_XML_ERROR, "%s",
>>>>> +                           _("shmem name cannot be equal to
>>>>> '.'"));
>>>>> +            return -1;
>>>>> +        }
>>>>> +
>>>>> +        if (STREQ(def->shmems[i]->name, "..")) {
>>>>> +            virReportError(VIR_ERR_XML_ERROR, "%s",
>>>>> +                           _("shmem name cannot be equal to
>>>>> '..'"));
>>>>> +            return -1;
>>>>> +        }
>>>>> +    }
>>>>> +
>>>>>      if (virDomainDefLifecycleActionValidate(def) < 0)
>>>>>          return -1;
>>>>>  
>>>>>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]