提交 fac04598 编写于 作者: P Peter Krempa

util: file: Don't carelessly sanitize URIs

rfc3986 states that the separator in URI path is a single slash.
Multiple slashes may potentially lead to different resources and thus we
should not remove them.
上级 b8e7facf
...@@ -2812,12 +2812,18 @@ char * ...@@ -2812,12 +2812,18 @@ char *
virFileSanitizePath(const char *path) virFileSanitizePath(const char *path)
{ {
const char *cur = path; const char *cur = path;
char *uri;
char *cleanpath; char *cleanpath;
int idx = 0; int idx = 0;
if (VIR_STRDUP(cleanpath, path) < 0) if (VIR_STRDUP(cleanpath, path) < 0)
return NULL; return NULL;
/* don't sanitize URIs - rfc3986 states that two slashes may lead to a
* different resource, thus removing them would possibly change the path */
if ((uri = strstr(path, "://")) && strchr(path, '/') > uri)
return cleanpath;
/* Need to sanitize: /* Need to sanitize:
* // -> // * // -> //
* /// -> / * /// -> /
......
...@@ -165,6 +165,8 @@ mymain(void) ...@@ -165,6 +165,8 @@ mymain(void)
ret = -1; \ ret = -1; \
} while (0) } while (0)
#define DO_TEST_SANITIZE_PATH_SAME(PATH) DO_TEST_SANITIZE_PATH(PATH, PATH)
virtTestCounterReset("testFileSanitizePath "); virtTestCounterReset("testFileSanitizePath ");
DO_TEST_SANITIZE_PATH("", ""); DO_TEST_SANITIZE_PATH("", "");
DO_TEST_SANITIZE_PATH("/", "/"); DO_TEST_SANITIZE_PATH("/", "/");
...@@ -178,6 +180,11 @@ mymain(void) ...@@ -178,6 +180,11 @@ mymain(void)
DO_TEST_SANITIZE_PATH("../../", "../.."); DO_TEST_SANITIZE_PATH("../../", "../..");
DO_TEST_SANITIZE_PATH("//foo//bar", "//foo/bar"); DO_TEST_SANITIZE_PATH("//foo//bar", "//foo/bar");
DO_TEST_SANITIZE_PATH("/bar//foo", "/bar/foo"); DO_TEST_SANITIZE_PATH("/bar//foo", "/bar/foo");
DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz/foo/hoo");
DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz//fooo/hoo");
DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz//////fooo/hoo");
DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz/fooo//hoo");
DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz/fooo///////hoo");
return ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS; return ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册