[Libguestfs] [libnbd PATCH 1/2] uri: Reject nbd:unix:/path/to/socket as invalid URI

[Eric Blake]

libxml2 parses it as valid per RFC 3986, as the nbd: scheme with no
authority and a relative path. This string has been used with qemu to
request a Unix socket, such that nbdkit --run produces it for $nbd
(compared to $unixsocket), but accepting it as a URI means that we
instead try to connect to a TCP socket with a default authority
(localhost, port 10809), and nbdkit ignores the path element
'unix:/path/to/socket' and you end up with a connection (or an
attempt) to a completely different server.

All scheme://authority forms have a path that is either empty or
begins with '/'.  This does not reject 'nbd:/path/to/socket' (with no
authority but an absolute path), but at least that form has not been
in use by qemu.

Reported-by: Martin Kletzander <mkletzan at redhat.com>
---
 lib/connect.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/connect.c b/lib/connect.c
index 96ed1ca..8b19e1e 100644
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -291,12 +291,14 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
    * nbd_unlocked_set_tls_* to match...
    */

-  /* Export name. */
+  /* Export name. Insist on the scheme://[authority][/absname] form. */
   if (uri->path) {
     if (uri->path[0] == '/')
       r = nbd_unlocked_set_export_name (h, &uri->path[1]);
-    else
-      r = nbd_unlocked_set_export_name (h, uri->path);
+    else {
+      set_error (EINVAL, "URI must begin with '%s://'", uri->scheme);
+      goto cleanup;
+    }
   }
   else
     r = nbd_unlocked_set_export_name (h, "");
-- 
2.20.1