Thanks, pushed to master, branch-1.3, and branch-1.2.
On Sat, Oct 15, 2011 at 12:58:41AM -0700, Justin Pettit wrote:
> What about '\' for when we're ported to Hyper-V? j/k
>
> Looks good.
>
> --Justin
>
>
> On Oct 14, 2011, at 10:20 AM, Ben Pfaff wrote:
>
> > ---
> > vswitchd/bridge.c | 11 +++++++++--
> > 1 files changed, 9 insertions(+), 2 deletions(-)
> >
> > diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
> > index b5071e2..f9cf9e7 100644
> > --- a/vswitchd/bridge.c
> > +++ b/vswitchd/bridge.c
> > @@ -739,9 +739,16 @@ add_del_bridges(const struct ovsrec_open_vswitch *cfg)
> > /* Collect new bridges' names and types. */
> > shash_init(&new_br);
> > for (i = 0; i < cfg->n_bridges; i++) {
> > + static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
> > const struct ovsrec_bridge *br_cfg = cfg->bridges[i];
> > - if (!shash_add_once(&new_br, br_cfg->name, br_cfg)) {
> > - VLOG_WARN("bridge %s specified twice", br_cfg->name);
> > +
> > + if (strchr(br_cfg->name, '/')) {
> > + /* Prevent remote ovsdb-server users from accessing arbitrary
> > + * directories, e.g. consider a bridge named "../../../etc/".
> > */
> > + VLOG_WARN_RL(&rl, "ignoring bridge with invalid name \"%s\"",
> > + br_cfg->name);
> > + } else if (!shash_add_once(&new_br, br_cfg->name, br_cfg)) {
> > + VLOG_WARN_RL(&rl, "bridge %s specified twice", br_cfg->name);
> > }
> > }
> >
> > --
> > 1.7.4.4
> >
> > _______________________________________________
> > dev mailing list
> > [email protected]
> > http://openvswitch.org/mailman/listinfo/dev
>
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
