Re: [libvirt] [PATCH] command: enforce fd vs. buffer considerations
2010/12/7 Eric Blake <eblake(a)redhat.com>:
* docs/internals/command.html.in: Better documentation of buffer
vs. fd considerations.
* src/util/command.c (virCommandRunAsync): Reject raw execution
with string io.
(virCommandRun): Reject execution with user-specified fds not
visiting a regular file.
---
Perhaps we need to relax the fstat check to permit block devices
in addition to regular files; but that can be a later patch if needed.
docs/internals/command.html.in | 35 ++++++++++++++++++++++++++---------
src/util/command.c | 37 ++++++++++++++++++++++++++++++++++++-
2 files changed, 62 insertions(+), 10 deletions(-)
+ if (async_io ? (!(cmd->flags & VIR_EXEC_DAEMON) ||
string_io)
+ : ((cmd->flags & VIR_EXEC_DAEMON) && string_io)) {
+ virCommandError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("invalid use of command API"));
+ return -1;
+ }
+ /* Buffer management can only be requested via virCommandRun.
*/
+ if ((cmd->inbuf && cmd->infd == -1) ||
+ (cmd->outbuf && cmd->outfdptr != &cmd->outfd) ||
+ (cmd->errbuf && cmd->errfdptr != &cmd->errfd)) {
+ virCommandError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("invalid use of command API"));
+ return -1;
+ }
Maybe make the error message about invalid use distinct from each
other. That would allow to tell based on the error message what type
of invalid usage has happened.
ACK.
Matthias