[Libguestfs] [PATCH nbdkit v2 2/6] main: Tighten up characters permitted in config keys.
Richard W.M. Jones
rjones at redhat.com
Mon Sep 10 15:26:18 UTC 2018
On Sat, Sep 08, 2018 at 04:05:45PM -0500, Eric Blake wrote:
> On 09/08/2018 03:15 AM, Richard W.M. Jones wrote:
> >Previously key=value on the command line allowed the key to be pretty
> >much anything that didn't contain an '=' character. Even empty
> >strings were permitted.
> >
> >This tightens up the permitted keys so they must contain only ASCII
> >alphanumeric, period, underscore or dash characters, and must not be
> >an empty string.
>
> Do we want to further restrict things to start with a letter or
> underscore (and not a dot, digit, or dash)?
>
> >---
> > docs/nbdkit-plugin.pod | 18 ++++++++++--------
> > src/main.c | 32 +++++++++++++++++++++++++++++++-
> > 2 files changed, 41 insertions(+), 9 deletions(-)
> >
>
> >+static int
> >+is_config_key (const char *key, size_t len)
> >+{
> >+ const char allowed[] =
> >+ "abcdefghijklmnopqrstuvwxyz"
> >+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
> >+ "0123456789"
> >+ "._-";
> >+ size_t i;
> >+
> >+ if (key[0] == '\0')
Also this bit is wrong :-(
> >+ return 0;
> >+
> >+ for (i = 0; i < len; ++i) {
> >+ if (strchr (allowed, key[i]) == NULL)
>
> Why not use strspn and checking against the length, instead of
> rolling an O(n^2) algorithm yourself? The libc version might have
> optimizations to run faster, although the speed of this loop is
> probably in the noise.
Will post v3 in a moment.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
More information about the Libguestfs
mailing list