[libvirt PATCH 11/11] virnetclient: Escape socket path

Andrea Bolognani abologna at redhat.com
Fri Feb 11 17:39:19 UTC 2022


Just like the name of the netcat command and the connection URI,
the socket path is a user-provided piece of information that
might contain characters that have special meaning for the
shell, and as such should be escaped.

Signed-off-by: Andrea Bolognani <abologna at redhat.com>
---
 src/rpc/virnetclient.c   |  5 +++--
 tests/virnetsockettest.c | 18 +++++++++---------
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 7e7e9d52a6..563cffff85 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -422,6 +422,7 @@ virNetClientSSHHelperCommand(virNetClientProxy proxy,
 {
     g_autofree char *netcatPathSafe = virNetClientDoubleEscapeShell(netcatPath ? netcatPath : "nc");
     g_autofree char *driverURISafe = virNetClientDoubleEscapeShell(driverURI);
+    g_autofree char *socketPathSafe = virNetClientDoubleEscapeShell(socketPath);
     g_autofree char *nccmd = NULL;
     g_autofree char *helpercmd = NULL;
 
@@ -440,8 +441,8 @@ virNetClientSSHHelperCommand(virNetClientProxy proxy,
         "else "
             "ARG=; "
         "fi; "
-        "'%s' $ARG -U %s",
-        netcatPathSafe, netcatPathSafe, socketPath);
+        "'%s' $ARG -U '%s'",
+        netcatPathSafe, netcatPathSafe, socketPathSafe);
 
     helpercmd = g_strdup_printf("virt-ssh-helper%s'%s'",
                                 readonly ? " -r " : " ",
diff --git a/tests/virnetsockettest.c b/tests/virnetsockettest.c
index b0e26bc2b2..d79027d637 100644
--- a/tests/virnetsockettest.c
+++ b/tests/virnetsockettest.c
@@ -576,7 +576,7 @@ mymain(void)
                          "else "
                              "ARG=; "
                          "fi; "
-                         "'nc' $ARG -U /tmp/socket"
+                         "'nc' $ARG -U '/tmp/socket'"
                      "'\n",
     };
     if (virTestRun("SSH test 1", testSocketSSH, &sshData1) < 0)
@@ -596,7 +596,7 @@ mymain(void)
                          "else "
                              "ARG=; "
                          "fi; "
-                         "'netcat' $ARG -U /tmp/socket"
+                         "'netcat' $ARG -U '/tmp/socket'"
                      "'\n",
     };
     if (virTestRun("SSH test 2", testSocketSSH, &sshData2) < 0)
@@ -616,7 +616,7 @@ mymain(void)
                          "else "
                              "ARG=; "
                          "fi; "
-                         "'netcat' $ARG -U /tmp/socket"
+                         "'netcat' $ARG -U '/tmp/socket'"
                      "'\n",
     };
     if (virTestRun("SSH test 3", testSocketSSH, &sshData3) < 0)
@@ -640,7 +640,7 @@ mymain(void)
                          "else "
                              "ARG=; "
                          "fi; "
-                         "'nc' $ARG -U /tmp/socket"
+                         "'nc' $ARG -U '/tmp/socket'"
                      "'\n",
         .dieEarly = true,
     };
@@ -659,7 +659,7 @@ mymain(void)
                          "else "
                              "ARG=; "
                          "fi; "
-                         "'nc' $ARG -U /tmp/socket"
+                         "'nc' $ARG -U '/tmp/socket'"
                      "'\n",
     };
     if (virTestRun("SSH test 6", testSocketSSH, &sshData6) < 0)
@@ -675,7 +675,7 @@ mymain(void)
                          "else "
                              "ARG=; "
                          "fi; "
-                         "'''\\''n c'\\'''' $ARG -U /tmp/sock et"
+                         "'''\\''n c'\\'''' $ARG -U '''\\''/tmp/sock et'\\''''"
                      "'\n",
     };
     if (virTestRun("SSH test 7", testSocketSSH, &sshData7) < 0)
@@ -691,7 +691,7 @@ mymain(void)
                          "else "
                              "ARG=; "
                          "fi; "
-                         "'''\\''n'\\''\\'\\'''\\''c'\\'''' $ARG -U /tmp/sock'et"
+                         "'''\\''n'\\''\\'\\'''\\''c'\\'''' $ARG -U '''\\''/tmp/sock'\\''\\'\\'''\\''et'\\''''"
                      "'\n",
     };
     if (virTestRun("SSH test 8", testSocketSSH, &sshData8) < 0)
@@ -707,7 +707,7 @@ mymain(void)
                          "else "
                              "ARG=; "
                          "fi; "
-                         "'''\\''n\"c'\\'''' $ARG -U /tmp/sock\"et"
+                         "'''\\''n\"c'\\'''' $ARG -U '''\\''/tmp/sock\"et'\\''''"
                      "'\n",
     };
     if (virTestRun("SSH test 9", testSocketSSH, &sshData9) < 0)
@@ -725,7 +725,7 @@ mymain(void)
                              "else "
                                  "ARG=; "
                              "fi; "
-                             "'nc' $ARG -U /tmp/socket; "
+                             "'nc' $ARG -U '/tmp/socket'; "
                          "fi"
                      "'\n"
     };
-- 
2.34.1




More information about the libvir-list mailing list