Re: [libvirt] [virt-tools-list] virt-manager/libvirt backwards compatibility problem?
Hi Eric,
On Wed, Jul 27, 2011 at 02:52:46PM -0600, Eric Blake wrote:
[..snip..]
Pasting from that URL gave awkward results below; can you address my
comments below, then post a v2 as a proper patch against
libvirt.git?
Thanks for the review! New version attached.
[..snip..]
I don't like this part. It is not safe to pass %s as the
pathname
through an additional round of shell parsing, since if the pathname
has anything that might be construed as shell metacharacters, the
parse will be destroyed. To some extent, that is already a
pre-existing bug (slightly mitigated by the fact that 'path' is
under libvirt's control, and should not be containing arbitrary
characters unless you passed odd directory choices to ./configure).
Would it make sense to pass such names through something like
g_shell_quote in instead of looking for troublesome characters? This
could be done using virBufferQuotedString? I'll post a patch for review
tomorrow.
Cheers,
-- Guido
Attachments:
- 0001-Autodetect-if-the-remote-nc-command-supports-the-q-o.patch (text/x-diff — 4.5 KB)