[Libvir] save/restore support for KVM
Richard W.M. Jones
rjones at redhat.com
Fri Aug 10 10:05:05 UTC 2007
Jim Paris wrote:
> + if (strchr(path, '\'') || strchr(path, '\\') ) {
> + qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
> + "invalid filename");
> + return -1;
> + }
[...]
> + /* Migrate to file. */
> + if (asprintf (&command, "migrate \"exec:dd of='%s' 2>/dev/null\"\n",
> + path) == -1) {
> + qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
> + "out of memory");
> + return -1;
> + }
The patch is fine, except I'm wondering whether the quoting above is
safe. We check if the path contains ' or \ and refuse to proceed. I
_think_ you don't need to check for \ however, according to this section
from the bash manual page and my testing:
Enclosing characters in single quotes preserves the
literal value of each character within the quotes.
A single quote may not occur between single quotes,
even when preceded by a backslash.
Perhaps it is better to be safe than sorry though.
Rich.
--
Emerging Technologies, Red Hat - http://et.redhat.com/~rjones/
Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod
Street, Windsor, Berkshire, SL4 1TE, United Kingdom. Registered in
England and Wales under Company Registration No. 03798903
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20070810/5e417116/attachment-0001.bin>
More information about the libvir-list
mailing list