On Mon, Oct 15, 2007 at 11:25:44AM -0400, Jim Paris wrote:
Jim Paris wrote:
Richard W.M. Jones wrote:
Richard W.M. Jones wrote:
+ strcat(cmd, newdisk->src);
Also, is quoting/escaping required? In a naive libvirt-based app, it's plausible that the string is provided by the user and could contain \n to send arbitrary commands to the qemu console.
Agreed. We can use something like qemudEscapeShellArg for that. This (untested) patch adds qemudEscapeArg for non-shell arguments.
Sorry, I think my mailer did something funny there. Here's the patch.
I want to test how QEMU handles quoting of filenames, but this looks like it'll do the trick. I'll cook up a revised patch incorporating all the feedback from this thread. Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|