Re: [Libvir] PATCH: Implement CDROM media change for QEMU/KVM driver
Jim Paris wrote:
Richard W.M. Jones wrote:
> Richard W.M. Jones wrote:
> >+ strcat(cmd, newdisk->src);
>
> Also, is quoting/escaping required? In a naive libvirt-based app, it's
> plausible that the string is provided by the user and could contain \n
> to send arbitrary commands to the qemu console.
Agreed. We can use something like qemudEscapeShellArg for that.
This (untested) patch adds qemudEscapeArg for non-shell arguments.
Sorry, I think my mailer did something funny there. Here's the patch.
---
src/qemu_driver.c | 30 +++++++++++++++++++++++-------
1 files changed, 23 insertions(+), 7 deletions(-)
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index c9cecc0..671b334 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -1905,7 +1905,7 @@ static int qemudDomainGetInfo(virDomainPtr dom,
}
-static char *qemudEscapeShellArg(const char *in)
+static char *qemudEscape(const char *in, int shell)
{
int len = 0;
int i, j;
@@ -1927,7 +1927,10 @@ static char *qemudEscapeShellArg(const char *in)
len += 2;
break;
case '\'':
- len += 5;
+ if (shell)
+ len += 5;
+ else
+ len += 1;
break;
default:
len += 1;
@@ -1954,11 +1957,15 @@ static char *qemudEscapeShellArg(const char *in)
out[j++] = in[i];
break;
case '\'':
- out[j++] = '\'';
- out[j++] = '\\';
- out[j++] = '\\';
- out[j++] = '\'';
- out[j++] = '\'';
+ if (shell) {
+ out[j++] = '\'';
+ out[j++] = '\\';
+ out[j++] = '\\';
+ out[j++] = '\'';
+ out[j++] = '\'';
+ } else {
+ out[j++] = in[i];
+ }
break;
default:
out[j++] = in[i];
@@ -1970,6 +1977,15 @@ static char *qemudEscapeShellArg(const char *in)
return out;
}
+static char *qemudEscapeArg(const char *in)
+{
+ return qemudEscape(in, 0);
+}
+
+static char *qemudEscapeShellArg(const char *in)
+{
+ return qemudEscape(in, 1);
+}
#define QEMUD_SAVE_MAGIC "LibvirtQemudSave"
#define QEMUD_SAVE_VERSION 1
--
1.5.3.rc4