Re: [libvirt] [PATCH v3] storage: Sanitize pool target paths
On 05/24/2010 04:55 PM, Eric Blake wrote:
Phooey. Need a v4; this can fault. If you have "///"
ending on a page
boundary, then...
> + bool slash_before = (offset != 0 && cur[-1] == '/');
> +
> + /* Skip all extra / */
> + if (*cur == '/') {
> + cur++;
> + continue;
> + }
...this advances cur to the '\0', and the next iteration of the nested
do-while accesses past the trailing NUL when computing slash_follow.
I spoke too soon. I keep forgetting that with a do-while, the continue
still checks the loop condition, rather than blindly jumping to the loop
start.
I'm re-reading the patch in that context, and you may be clean with v3
after all. Sorry for the poor review...
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)