Re: [libvirt] [PATCH v3] storage: Sanitize pool target paths
On 05/25/2010 09:49 AM, Cole Robinson wrote:
> This function is crying out for a real test case to be written
and put
> under tests/, feeding it all sorts of evil input.
>
Agreed, however I'm backtracking a bit on this, my next post is only
going to sanitize spurious /, like my original posting (but with the
original comments addressed).
Which is all the more argument for a gnulib module that does text-based
sanitization on the user's behalf. I'll see about adding that, and in
the meantime,...
A user can accidentally add an extra slash to a pool target, and its
reasonable to expect it won't cause cause problems, but the same can't
be said for relative path characters. This function is becoming
impossible to review (the current posting goes into infinite loop with a
path like /foo./bar), and most of the logic is not helping solve a real
world problem.
This patch is going to be backported to a few places: less complex the
better. Oh, and I'm lazy :)
I agree with Cole's approach of minimizing this particular fix to the
particular problem raised. A fancy gnulib solution is not as important
as a duplicated slash solution.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 619 bytes)