Re: [libvirt PATCH] remote: Avoid crash in remoteSplitURIScheme()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 10, 2021 at 02:06:18PM +0000, Daniel P. Berrangé wrote:
> On Fri, Dec 10, 2021 at 05:47:41AM -0800, Andrea Bolognani wrote:
> > I entertained the thought of adding the check to virURIParse()
> > directly, because I can't think of a scenario where having a NULL
> > scheme would be considered valid. But that seemed like a change that
> > had the potential to break unrelated stuff, so I cowardly decided to
> > go with the safe version instead O:-)
>
> We've supported URIs without a scheme in the past. IIRC, we allowed
> a bath path to a UNIX socket for the original Xen driver. That
> code is deleted now of course.

So do you think it would be possible to perform more strict
validation in virURIParse() and reject this kind of wonky input
outright at this point?

-- 
Andrea Bolognani / Red Hat / Virtualization





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux