Re: [Libvir] save/restore support for KVM
Jim Paris wrote:
+ if (strchr(path, '\'') || strchr(path, '\\')
) {
+ qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+ "invalid filename");
+ return -1;
+ }
[...]
+ /* Migrate to file. */
+ if (asprintf (&command, "migrate \"exec:dd of='%s'
2>/dev/null\"\n",
+ path) == -1) {
+ qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+ "out of memory");
+ return -1;
+ }
The patch is fine, except I'm wondering whether the quoting above is
safe. We check if the path contains ' or \ and refuse to proceed. I
_think_ you don't need to check for \ however, according to this section
from the bash manual page and my testing:
Enclosing characters in single quotes preserves the
literal value of each character within the quotes.
A single quote may not occur between single quotes,
even when preceded by a backslash.
Perhaps it is better to be safe than sorry though.
Rich.
--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in
England and Wales under Company Registration No. 03798903
Attachments:
- smime.p7s (application/x-pkcs7-signature — 3.2 KB)