On 10/02/2010 10:23 AM, Richard W.M. Jones wrote:
virBufferEscapeString(&buf, "<name>%s</name>\n", def->name); I see this example is safe because virBufferEscapeString escapes the
On Sat, Oct 02, 2010 at 03:18:30PM +0100, Richard W.M. Jones wrote: parameter. Sure there are still problems with a domain called "," or "/" though.
Rich.
Defining a VM with ';' in the names seems to work, but starting it using 'virsh' is a challenge... To address the problems with "," and "/" I'd put the defenses into the qemu driver, assuming that other drivers may (or may not!) be able to deal with these characters. So here's a patch for qemu: Signed-off-by: Stefan Berger <stefanb@us.ibm.com> Index: libvirt-acl/src/qemu/qemu_conf.c =================================================================== --- libvirt-acl.orig/src/qemu/qemu_conf.c +++ libvirt-acl/src/qemu/qemu_conf.c @@ -3920,6 +3920,11 @@ int qemudBuildCommandLine(virConnectPtr ADD_ARG(smp); if (qemuCmdFlags & QEMUD_CMD_FLAG_NAME) { + if (def->name[strcspn(def->name, ",#")] != 0) { + qemuReportError(VIR_ERR_INTERNAL_ERROR, + _("VM name contains illegal character ('#', ',')")); + goto error; + } ADD_ARG_LIT("-name"); ADD_ARG_LIT(def->name); }