Re: [libvirt PATCH] remote: Avoid crash in remoteSplitURIScheme()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 10, 2021 at 06:22:04AM -0800, Andrea Bolognani wrote:
> On Fri, Dec 10, 2021 at 02:06:18PM +0000, Daniel P. Berrangé wrote:
> > On Fri, Dec 10, 2021 at 05:47:41AM -0800, Andrea Bolognani wrote:
> > > I entertained the thought of adding the check to virURIParse()
> > > directly, because I can't think of a scenario where having a NULL
> > > scheme would be considered valid. But that seemed like a change that
> > > had the potential to break unrelated stuff, so I cowardly decided to
> > > go with the safe version instead O:-)
> >
> > We've supported URIs without a scheme in the past. IIRC, we allowed
> > a bath path to a UNIX socket for the original Xen driver. That
> > code is deleted now of course.
> 
> So do you think it would be possible to perform more strict
> validation in virURIParse() and reject this kind of wonky input
> outright at this point?

Probably, though calling it wonky input is a bit misleading. It
is valid from a URI pov, it is just that libvirt doesn't need
this ability to omit the scheme. I'd want to double check all
the callers of virURIParse to be sure first though

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux