"Daniel P. Berrange" <berrange@redhat.com> wrote on 03/25/2010 12:40:15 PM:


> Please respond to "Daniel P. Berrange"
>
> On Thu, Mar 25, 2010 at 12:26:34PM -0400, Stefan Berger wrote:
> > libvir-list-bounces@redhat.com wrote on 03/25/2010 11:59:11 AM:
> >
> >
> > > "Daniel P. Berrange" <berrange@redhat.com> wrote on 03/25/2010 11:49:05
> > AM:
> > >
> > > > Please respond to "Daniel P. Berrange"
> > > >
> > > > On Tue, Mar 23, 2010 at 10:54:17AM -0400, stefanb@us.ibm.com wrote:
> > > > > +/*
> > > > > +    char macaddr[VIR_MAC_STRING_BUFLEN],
> > > > > +         ipaddr[INET_ADDRSTRLEN],
> > > > > +         number[20];
> > > > > +    char chain[MAX_CHAINNAME_LENGTH];
> > > > > +    virBuffer buf = VIR_BUFFER_INITIALIZER;
> > > > > +
> > > > > +    if (nwfilter->chainsuffix == VIR_NWFILTER_CHAINSUFFIX_ROOT)
> > > > > +        PRINT_ROOT_CHAIN(chain, chainPrefix, ifname);
> > > > > +    else
> > > > > +        PRINT_CHAIN(chain, chainPrefix, ifname,
> > > > > +                    virNWFilterChainSuffixTypeToString
> > > > (nwfilter->chainsuffix));
> > > >
> > > > Since we're passing this into the shell, I think we should do paranoid
> > > > validation on the 'chain' and 'ifname' fields, since they ultimately
> > come
> > > > from the user specified XML. Validate that it only contains a-Z, 0-0,
> > -, _
> > >
> > > Actually the user specified XML only currently allows the chain names
> > 'arp',
> > > 'ipv4', 'ipv6' and 'root'. Others will already be rejected when
> > > parsing the filter.
> > >
> >
> > Actually, yes, there's a problem with target device names like t\"t that
> > do create an
> > interface named t\"t but end up creating an ebtables entry with interface
> > t"t. So
> > if I don't go through bash it works correctly, otherwise it does not and I
> > guess I
> > would need to escape the '\' with '\\\'.
>
> Such interface names are insane & we should just refuse them, rather than
> trying todo escaping :-)

Right, but at what level should they be refused? When such names are parsed ?

I do have a patch that does away with as much of the external scripting as possible
and there I don't see that problem anymore when going directly through virRun().
I wrote that patch on top of the others and would submit it as a separate patch in
the series.

   Stefan


>
> Daniel
> --
> |: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/:|
> |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org:|
> |: http://autobuild.org        -o-         http://search.cpan.org/~danberr/:|
> |: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|