[libvirt PATCH] remote: Avoid crash in remoteSplitURIScheme()
Andrea Bolognani
abologna at redhat.com
Fri Dec 10 14:22:04 UTC 2021
On Fri, Dec 10, 2021 at 02:06:18PM +0000, Daniel P. Berrangé wrote:
> On Fri, Dec 10, 2021 at 05:47:41AM -0800, Andrea Bolognani wrote:
> > I entertained the thought of adding the check to virURIParse()
> > directly, because I can't think of a scenario where having a NULL
> > scheme would be considered valid. But that seemed like a change that
> > had the potential to break unrelated stuff, so I cowardly decided to
> > go with the safe version instead O:-)
>
> We've supported URIs without a scheme in the past. IIRC, we allowed
> a bath path to a UNIX socket for the original Xen driver. That
> code is deleted now of course.
So do you think it would be possible to perform more strict
validation in virURIParse() and reject this kind of wonky input
outright at this point?
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list