Jim Paris wrote:
+ if (strchr(path, '\'') || strchr(path, '\\') ) {
+ qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+ "invalid filename");
+ return -1;
+ }
[...]
+ /* Migrate to file. */ + if (asprintf (&command, "migrate \"exec:dd of='%s' 2>/dev/null\"\n", + path) == -1) {+ qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED, + "out of memory");+ return -1; + }
The patch is fine, except I'm wondering whether the quoting above is safe. We check if the path contains ' or \ and refuse to proceed. I _think_ you don't need to check for \ however, according to this section from the bash manual page and my testing:
Enclosing characters in single quotes preserves the literal value of each character within the quotes. A single quote may not occur between single quotes, even when preceded by a backslash. Perhaps it is better to be safe than sorry though. Rich. -- Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/ Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 03798903
smime.p7s
Description: S/MIME Cryptographic Signature
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
