[libvirt] [PATCH 2/2] util: file: Don't carelessly sanitize URIs
Peter Krempa
pkrempa at redhat.com
Wed Apr 8 09:21:59 UTC 2015
rfc3986 states that the separator in URI path is a single slash.
Multiple slashes may potentially lead to different resources and thus we
should not remove them.
---
src/util/virfile.c | 6 ++++++
tests/virfiletest.c | 7 +++++++
2 files changed, 13 insertions(+)
diff --git a/src/util/virfile.c b/src/util/virfile.c
index c528a1c..87d121d 100644
--- a/src/util/virfile.c
+++ b/src/util/virfile.c
@@ -2812,12 +2812,18 @@ char *
virFileSanitizePath(const char *path)
{
const char *cur = path;
+ char *uri;
char *cleanpath;
int idx = 0;
if (VIR_STRDUP(cleanpath, path) < 0)
return NULL;
+ /* don't sanitize URIs - rfc3986 states that two slashes may lead to a
+ * different resource, thus removing them would possibly change the path */
+ if ((uri = strstr(path, "://")) && strchr(path, '/') > uri)
+ return cleanpath;
+
/* Need to sanitize:
* // -> //
* /// -> /
diff --git a/tests/virfiletest.c b/tests/virfiletest.c
index 826b2b9..628fa1f 100644
--- a/tests/virfiletest.c
+++ b/tests/virfiletest.c
@@ -165,6 +165,8 @@ mymain(void)
ret = -1; \
} while (0)
+#define DO_TEST_SANITIZE_PATH_SAME(PATH) DO_TEST_SANITIZE_PATH(PATH, PATH)
+
virtTestCounterReset("testFileSanitizePath ");
DO_TEST_SANITIZE_PATH("", "");
DO_TEST_SANITIZE_PATH("/", "/");
@@ -178,6 +180,11 @@ mymain(void)
DO_TEST_SANITIZE_PATH("../../", "../..");
DO_TEST_SANITIZE_PATH("//foo//bar", "//foo/bar");
DO_TEST_SANITIZE_PATH("/bar//foo", "/bar/foo");
+ DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz/foo/hoo");
+ DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz//fooo/hoo");
+ DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz//////fooo/hoo");
+ DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz/fooo//hoo");
+ DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz/fooo///////hoo");
return ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}
--
2.2.2
More information about the libvir-list
mailing list