[libvirt] [PATCH] Blank out invalid interface names with escaped letters etc.

Hunt interface names through a regular expression matcher to check whether they only contain valid characters. Valid characters in this code are currently a-z,A-Z,0-9, and '_'. Signed-off-by: Stefan Berger <stefanb@us.ibm.com> --- src/conf/domain_conf.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) Index: libvirt-acl/src/conf/domain_conf.c =================================================================== --- libvirt-acl.orig/src/conf/domain_conf.c +++ libvirt-acl/src/conf/domain_conf.c @@ -28,6 +28,7 @@ #include <unistd.h> #include <fcntl.h> #include <dirent.h> +#include <regex.h> #include "virterror_internal.h" #include "datatypes.h" @@ -1776,6 +1777,23 @@ cleanup: } +static bool +isValidIfname(const char *ifname) { + int rc = 1; + regex_t regex_ifname; + + if (regcomp(®ex_ifname, "^[a-zA-Z0-9_]+$", + REG_NOSUB|REG_EXTENDED) != 0) + return 0; + + if (regexec(®ex_ifname, ifname, 0, NULL, 0) != 0) + rc = 0; + + regfree(®ex_ifname); + return rc; +} + + /* Parse the XML definition for a network interface * @param node XML nodeset to parse for net definition @@ -1859,8 +1877,10 @@ virDomainNetDefParseXML(virCapsPtr caps, xmlStrEqual(cur->name, BAD_CAST "target")) { ifname = virXMLPropString(cur, "dev"); if ((ifname != NULL) && - (STRPREFIX((const char*)ifname, "vnet"))) { + ((STRPREFIX((const char*)ifname, "vnet")) || + (!isValidIfname(ifname)))) { /* An auto-generated target name, blank it out */ + /* blank out invalid interface names */ VIR_FREE(ifname); } } else if ((script == NULL) &&

On Wed, Mar 31, 2010 at 08:50:45AM -0400, Stefan Berger wrote:
Hunt interface names through a regular expression matcher to check whether they only contain valid characters. Valid characters in this code are currently a-z,A-Z,0-9, and '_'.
Signed-off-by: Stefan Berger <stefanb@us.ibm.com>
--- src/conf/domain_conf.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-)
Index: libvirt-acl/src/conf/domain_conf.c =================================================================== --- libvirt-acl.orig/src/conf/domain_conf.c +++ libvirt-acl/src/conf/domain_conf.c @@ -28,6 +28,7 @@ #include <unistd.h> #include <fcntl.h> #include <dirent.h> +#include <regex.h>
#include "virterror_internal.h" #include "datatypes.h" @@ -1776,6 +1777,23 @@ cleanup: }
+static bool +isValidIfname(const char *ifname) { + int rc = 1; + regex_t regex_ifname; + + if (regcomp(®ex_ifname, "^[a-zA-Z0-9_]+$", + REG_NOSUB|REG_EXTENDED) != 0) + return 0; + + if (regexec(®ex_ifname, ifname, 0, NULL, 0) != 0) + rc = 0; + + regfree(®ex_ifname); + return rc; +}
There's a slightly simpler way you can do this using strspn avoiding the regex engine #define VALID_IFNAME_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_" rc = strspn(ifname, VALID_IFNAME_CHARS) != strlen (value); Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

On 03/31/2010 07:20 AM, Daniel P. Berrange wrote:
There's a slightly simpler way you can do this using strspn avoiding the regex engine
#define VALID_IFNAME_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"
rc = strspn(ifname, VALID_IFNAME_CHARS) != strlen (value);
That scans the string twice; if ifname is arbitrarily long, this can be inefficient. As a micro-optimization, you could instead check: rc = !ifname[strspn(ifname, VALID_IFNAME_CHARS)]; -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org
participants (3)
-
Daniel P. Berrange
-
Eric Blake
-
Stefan Berger