On Fri, Dec 10, 2021 at 11:31:19AM +0100, Peter Krempa wrote:
On Fri, Dec 10, 2021 at 10:59:27 +0100, Andrea Bolognani wrote:
@@ -69,7 +69,15 @@ remoteSplitURIScheme(virURI *uri, char **driver, remoteDriverTransport *transport) { - char *p = strchr(uri->scheme, '+'); + char *p = NULL; + + if (!uri->scheme) { + virReportError(VIR_ERR_INVALID_ARG, "%s", + _("missing scheme for URI"));
The other place which leads to the call of this helper (virConnectOpenInternal) uses the following error to reject the uri if scheme is missing:
virReportError(VIR_ERR_NO_CONNECT, _("URI '%s' does not include a driver name"), name);
Yeah, it seems safer to catch the issue inside the helper than requiring the callers to perform the check ahead of time. It's okay for virConnectOpen() to have a nicer error message, as it's the one that people are more likely to see. I entertained the thought of adding the check to virURIParse() directly, because I can't think of a scenario where having a NULL scheme would be considered valid. But that seemed like a change that had the potential to break unrelated stuff, so I cowardly decided to go with the safe version instead O:-)
It looks like it's unlikely that anybody would use virt-ssh-helper manually though.
Absolutely! But it's still in the default $PATH, and not crashing when passed invalid arguments is what I would consider the bare minimum :) Thanks for the review! -- Andrea Bolognani / Red Hat / Virtualization