Just like the name of the netcat command and the connection URI,
the socket path is a user-provided piece of information that
might contain characters that have special meaning for the
shell, and as such should be escaped.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
src/rpc/virnetclient.c | 10 ++++++++--
tests/virnetsockettest.c | 6 +++---
2 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index cd92af1669..2d31429161 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -422,10 +422,12 @@ virNetClientSSHHelperCommand(virNetClientProxy proxy,
{
g_autofree char *netcatPathSafe = NULL;
g_autofree char *driverURISafe = NULL;
+ g_autofree char *socketPathSafe = NULL;
g_autofree char *nccmd = NULL;
g_autofree char *helpercmd = NULL;
const char *netcatPathQuotes = "";
const char *driverURIQuotes = "";
+ const char *socketPathQuotes = "";
if (netcatPath) {
if (proxy == VIR_NET_CLIENT_PROXY_AUTO) {
@@ -453,6 +455,10 @@ virNetClientSSHHelperCommand(virNetClientProxy proxy,
if (STRNEQ(driverURISafe, driverURI)) {
driverURIQuotes = "'";
}
+ socketPathSafe = virNetClientDoubleEscapeShell(socketPath);
+ if (STRNEQ_NULLABLE(socketPathSafe, socketPath)) {
+ socketPathQuotes = "'";
+ }
nccmd = g_strdup_printf(
"if %s%s%s -q 2>&1 | grep \"requires an argument\"
>/dev/null 2>&1; then "
@@ -460,10 +466,10 @@ virNetClientSSHHelperCommand(virNetClientProxy proxy,
"else "
"ARG=; "
"fi; "
- "%s%s%s $ARG -U %s",
+ "%s%s%s $ARG -U %s%s%s",
netcatPathQuotes, netcatPathSafe, netcatPathQuotes,
netcatPathQuotes, netcatPathSafe, netcatPathQuotes,
- socketPath);
+ socketPathQuotes, socketPathSafe, socketPathQuotes);
helpercmd = g_strdup_printf("virt-ssh-helper%s %s%s%s",
readonly ? " -r" : "",
diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
index ef7b5c6f59..ff75de5a85 100644
--- a/tests/virnetsockettest.c
+++ b/tests/virnetsockettest.c
@@ -675,7 +675,7 @@ mymain(void)
"else "
"ARG=; "
"fi; "
- "'''\\''n c'\\''''
$ARG -U /tmp/sock et"
+ "'''\\''n c'\\''''
$ARG -U '''\\''/tmp/sock et'\\''''"
"'\n",
};
if (virTestRun("SSH test 7", testSocketSSH, &sshData7) < 0)
@@ -691,7 +691,7 @@ mymain(void)
"else "
"ARG=; "
"fi; "
-
"'''\\''n'\\''\\'\\'''\\''c'\\''''
$ARG -U /tmp/sock'et"
+
"'''\\''n'\\''\\'\\'''\\''c'\\''''
$ARG -U
'''\\''/tmp/sock'\\''\\'\\'''\\''et'\\''''"
"'\n",
};
if (virTestRun("SSH test 8", testSocketSSH, &sshData8) < 0)
@@ -707,7 +707,7 @@ mymain(void)
"else "
"ARG=; "
"fi; "
-
"'''\\''n\"c'\\'''' $ARG -U
/tmp/sock\"et"
+
"'''\\''n\"c'\\'''' $ARG -U
'''\\''/tmp/sock\"et'\\''''"
"'\n",
};
if (virTestRun("SSH test 9", testSocketSSH, &sshData9) < 0)
--
2.35.1