On 10/02/2010 10:23 AM, Richard W.M. Jones wrote:
On Sat, Oct 02, 2010 at 03:18:30PM +0100, Richard W.M. Jones wrote:
virBufferEscapeString(&buf, "<name>%s</name>\n", def->name);
I see this example is safe because virBufferEscapeString escapes the
parameter. Sure there are still problems with a domain called "," or
"/" though.
Rich.
Defining a VM with ';' in the names seems to work, but starting it using
'virsh' is a challenge...
To address the problems with "," and "/" I'd put the defenses into the
qemu driver, assuming that other drivers may (or may not!) be able to
deal with these characters. So here's a patch for qemu:
Signed-off-by: Stefan Berger <stef...@us.ibm.com>
Index: libvirt-acl/src/qemu/qemu_conf.c
===================================================================
--- libvirt-acl.orig/src/qemu/qemu_conf.c
+++ libvirt-acl/src/qemu/qemu_conf.c
@@ -3920,6 +3920,11 @@ int qemudBuildCommandLine(virConnectPtr
ADD_ARG(smp);
if (qemuCmdFlags & QEMUD_CMD_FLAG_NAME) {
+ if (def->name[strcspn(def->name, ",#")] != 0) {
+ qemuReportError(VIR_ERR_INTERNAL_ERROR,
+ _("VM name contains illegal character ('#',
',')"));
+ goto error;
+ }
ADD_ARG_LIT("-name");
ADD_ARG_LIT(def->name);
}
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
