11:02 p.m.
If volume name is a path, storageVolCreateXML appends that name to
the specified pool path, that will taint other pools. Adding the
volume check is better for sanity.
Signed-off-by: Jincheng Miao <jmiao(a)redhat.com>
---
src/storage/storage_driver.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index 2cb8347..c3b807f 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -49,6 +49,7 @@
#include "configmake.h"
#include "virstring.h"
#include "viraccessapicheck.h"
+#include "dirname.h"
#define VIR_FROM_THIS VIR_FROM_STORAGE
@@ -1864,6 +1865,14 @@ storageVolCreateXMLFrom(virStoragePoolPtr obj,
goto cleanup;
}
+ /* Make sure the volume name is not a path */
+ if (last_component(newvol->name) != newvol->name) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("storage volume name '%s' is a path"),
+ newvol->name);
+ goto cleanup;
+ }
+
/* Is there ever a valid case for this? */
if (newvol->target.capacity < origvol->target.capacity)
newvol->target.capacity = origvol->target.capacity;
--
1.8.3.1
11:28 p.m.
New subject: [libvirt] [PATCH] storage: add check for invalid volume name
On 04/10/2014 10:02 PM, Jincheng Miao wrote:
If volume name is a path, storageVolCreateXML appends that name to
the specified pool path, that will taint other pools. Adding the
volume check is better for sanity.
Signed-off-by: Jincheng Miao <jmiao(a)redhat.com>
---
src/storage/storage_driver.c | 9 +++++++++
1 file changed, 9 insertions(+)
+ /* Make sure the volume name is not a path */
+ if (last_component(newvol->name) != newvol->name) {
Why not just:
if (strchr(newvol->name, '/'))
Also, shouldn't we forbid things like "." and ".." as the newvol
name?
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("storage volume name '%s' is a path"),
I don't like the word "path" in a user-facing error message for anything
other than a list of directory names separated by colon; better would be
a message such as "requested storage volume name '%s' cannot contain /"
or "requested storage volume name '%s' not permitted".
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
1:30 a.m.
New subject: [libvirt] [PATCH] storage: add check for invalid volume name
On 04/11/2014 12:28 PM, Eric Blake wrote:
On 04/10/2014 10:02 PM, Jincheng Miao wrote:
> If volume name is a path, storageVolCreateXML appends that name to
> the specified pool path, that will taint other pools. Adding the
> volume check is better for sanity.
> Signed-off-by: Jincheng Miao <jmiao(a)redhat.com > ---
> src/storage/storage_driver.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> + /* Make sure the volume name is not a path */
> + if (last_component(newvol->name) != newvol->name) {
Why not just:
if (strchr(newvol->name, '/'))
sure.
Also, shouldn't we forbid things like "." and ".." as the newvol
name?
I think we should just forbid '/' in the newvol name.
Why that is illegal? Consider this situation:
There is a directory pool named 'taint-pool' for a *normal user*.
If privileged user creates a volume clone, with path-based name, pointer
to this 'taint-pool'.
Then this normal user could see this volume clone after pool-refresh.
If normal user vol-delete this volume clone, then this clone belongs to
privileged user gone.
I think that is insane. If you agree with it, I will send V2 patch with
modification.
> + virReportError(VIR_ERR_INTERNAL_ERROR,
> + _("storage volume name '%s' is a path"),
I don't like the word "path" in a user-facing error message for anything
other than a list of directory names separated by colon; better would be
a message such as "requested storage volume name '%s' cannot contain
/"
or "requested storage volume name '%s' not permitted".
Yes, "requested storage volume name '%s' cannot contain /" is more
precise.
3878
days inactive
3878
days old
2 comments
2 participants
participants (2)
-
Eric Blake -
Jincheng Miao