On 05/25/2010 09:49 AM, Cole Robinson wrote:
This function is crying out for a real test case to be written and put under tests/, feeding it all sorts of evil input.
Agreed, however I'm backtracking a bit on this, my next post is only going to sanitize spurious /, like my original posting (but with the original comments addressed).
Which is all the more argument for a gnulib module that does text-based sanitization on the user's behalf. I'll see about adding that, and in the meantime,...
A user can accidentally add an extra slash to a pool target, and its reasonable to expect it won't cause cause problems, but the same can't be said for relative path characters. This function is becoming impossible to review (the current posting goes into infinite loop with a path like /foo./bar), and most of the logic is not helping solve a real world problem.
This patch is going to be backported to a few places: less complex the better. Oh, and I'm lazy :)
I agree with Cole's approach of minimizing this particular fix to the particular problem raised. A fancy gnulib solution is not as important as a duplicated slash solution. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org