[libvirt] [PATCH] esx: do not store escaped password in esxVI_Context.

Matthias Bolte matthias.bolte at googlemail.com
Thu May 26 06:49:52 UTC 2016 

2016-05-23 23:32 GMT+02:00 Dawid Zamirski <dzamirski at datto.com>:
> This patch fixes an issue where screenshot API call was failing when
> the esx/vcenter password contains special characters such as
> apostrophee. The reason for failures was that passwords were escaped
> for XML and stored in esxVI_Context which was then passed to raw CURL API
> calls where the password must be passed in original form to
> authenticate successfully. So this patch addresses this by storing
> original passwords in the esxVI_Context struct and escape only for
> esxVI_Login call.

> diff --git a/src/esx/esx_vi.c b/src/esx/esx_vi.c
> index bf6f228..872cb7d 100644
> --- a/src/esx/esx_vi.c
> +++ b/src/esx/esx_vi.c
> @@ -996,6 +996,8 @@ esxVI_Context_Connect(esxVI_Context *ctx, const char *url,
>                        const char *ipAddress, const char *username,
>                        const char *password, esxUtil_ParsedUri *parsedUri)
>  {
> +    char *escapedPassword = NULL;
> +
>      if (!ctx || !url || !ipAddress || !username ||
>          !password || ctx->url || ctx->service || ctx->curl) {
>          virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Invalid argument"));
> @@ -1107,7 +1109,16 @@ esxVI_Context_Connect(esxVI_Context *ctx, const char *url,
>      if (ctx->productLine == esxVI_ProductLine_VPX)
>          ctx->hasSessionIsActive = true;
>
> -    if (esxVI_Login(ctx, username, password, NULL, &ctx->session) < 0 ||
> +    escapedPassword = esxUtil_EscapeForXml(password);
> +
> +    if (!escapedPassword) {
> +        VIR_FREE(escapedPassword);

No need to free it here, because it was never allocated in this path.

> +        virReportError(VIR_ERR_INTERNAL_ERROR,
> +                       _("Failed to escape password for XML"));
> +        return -1;
> +    }
> +
> +    if (esxVI_Login(ctx, username, escapedPassword, NULL, &ctx->session) < 0 ||
>          esxVI_BuildSelectSetCollection(ctx) < 0) {

But you need to free it here

>          return -1;
>      }

and here, otherwise you'll leak memory.

And as Michal already mentioned, you missed the login call in
esxVI_EnsureSession.

-- 
Matthias Bolte
http://photron.blogspot.com

More information about the libvir-list mailing list