[libvirt] [PATCH 2/2] util: file: Don't carelessly sanitize URIs
Peter Krempa
pkrempa at redhat.com
Thu Apr 9 07:51:10 UTC 2015
On Wed, Apr 08, 2015 at 13:17:49 +0200, Ján Tomko wrote:
> On Wed, Apr 08, 2015 at 11:21:59AM +0200, Peter Krempa wrote:
> > rfc3986 states that the separator in URI path is a single slash.
> > Multiple slashes may potentially lead to different resources and thus we
> > should not remove them.
> > ---
> > src/util/virfile.c | 6 ++++++
> > tests/virfiletest.c | 7 +++++++
> > 2 files changed, 13 insertions(+)
> >
> > diff --git a/src/util/virfile.c b/src/util/virfile.c
> > index c528a1c..87d121d 100644
> > --- a/src/util/virfile.c
> > +++ b/src/util/virfile.c
> > @@ -2812,12 +2812,18 @@ char *
> > virFileSanitizePath(const char *path)
> > {
> > const char *cur = path;
> > + char *uri;
> > char *cleanpath;
> > int idx = 0;
> >
> > if (VIR_STRDUP(cleanpath, path) < 0)
> > return NULL;
> >
> > + /* don't sanitize URIs - rfc3986 states that two slashes may lead to a
> > + * different resource, thus removing them would possibly change the path */
> > + if ((uri = strstr(path, "://")) && strchr(path, '/') > uri)
> > + return cleanpath;
> > +
>
> It took me a while to understand this condition, but I don't know how to
> write it more simply.
>
> ACK to both.
Pushed; Thanks.
Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150409/70e45820/attachment-0001.sig>
More information about the libvir-list
mailing list