storage: Sanitize pool target paths

Spurious / in a pool target path makes life difficult for apps using the
GetVolByPath, and doing other path based comparisons with pools. This
has caused a few issues for virt-manager users:

https://bugzilla.redhat.com/show_bug.cgi?id=494005
https://bugzilla.redhat.com/show_bug.cgi?id=593565

Add a new util API which removes spurious /, virFileSanitizePath. Sanitize
target paths when parsing pool XML, and for paths passed to GetVolByPath.

v2: Leading // must be preserved, properly sanitize path=/, sanitize
    away /./ -> /

v3: Properly handle starting ./ and ending /.

v4: Drop all '.' handling, just sanitize / for now.

diff --git a/src/conf/storage_conf.c b/src/conf/storage_conf.c
index 9aad0815fc7f9d3a8d0e306b1b8defb89501492d..422e76acc9753a9c81158eb7efc12a34cc3424d1 100644 (file)
--- a/src/conf/storage_conf.c
+++ b/src/conf/storage_conf.c
@@ -602,6 +602,7 @@ virStoragePoolDefParseXML(xmlXPathContextPtr ctxt) {
     xmlNodePtr source_node;
     char *type = NULL;
     char *uuid = NULL;
+    char *tmppath;
 
     if (VIR_ALLOC(ret) < 0) {
         virReportOOMError();
@@ -699,11 +700,16 @@ virStoragePoolDefParseXML(xmlXPathContextPtr ctxt) {
         }
     }
 
-    if ((ret->target.path = virXPathString("string(./target/path)", ctxt)) == NULL) {
+    if ((tmppath = virXPathString("string(./target/path)", ctxt)) == NULL) {
         virStorageReportError(VIR_ERR_XML_ERROR,
                               "%s", _("missing storage pool target path"));
         goto cleanup;
     }
+    ret->target.path = virFileSanitizePath(tmppath);
+    VIR_FREE(tmppath);
+    if (!ret->target.path)
+        goto cleanup;
+
 
     if (virStorageDefParsePerms(ctxt, &ret->target.perms,
                                 "./target/permissions", 0700) < 0)

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index a30ea4f087be60dff6643c4438e243e486e5a4df..7aa7a0686d219ef7182c79ee40e2eafc2398fce2 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -675,6 +675,7 @@ virFileReadLimFD;
 virFilePid;
 virFileReadPid;
 virFileLinkPointsTo;
+virFileSanitizePath;
 virParseNumber;
 virParseVersionString;
 virPipeReadUntilEOF;

diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index b148e390b9757615aab4fc15b9879c9a935c0b88..0870f74a3daa7d42eaec4ed48b1c7d91e0ab6abe 100644 (file)
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -1204,6 +1204,11 @@ storageVolumeLookupByPath(virConnectPtr conn,
     virStorageDriverStatePtr driver = conn->storagePrivateData;
     unsigned int i;
     virStorageVolPtr ret = NULL;
+    char *cleanpath;
+
+    cleanpath = virFileSanitizePath(path);
+    if (!cleanpath)
+        return NULL;
 
     storageDriverLock(driver);
     for (i = 0 ; i < driver->pools.count && !ret ; i++) {
@@ -1213,7 +1218,7 @@ storageVolumeLookupByPath(virConnectPtr conn,
             const char *stable_path;
 
             stable_path = virStorageBackendStablePath(driver->pools.objs[i],
-                                                      path);
+                                                      cleanpath);
             /*
              * virStorageBackendStablePath already does
              * virStorageReportError if it fails; we just need to keep
@@ -1242,6 +1247,7 @@ storageVolumeLookupByPath(virConnectPtr conn,
                               "%s", _("no storage vol with matching path"));
 
 cleanup:
+    VIR_FREE(cleanpath);
     storageDriverUnlock(driver);
     return ret;
 }

diff --git a/src/util/util.c b/src/util/util.c
index 92b9a0f89edaf456a798a2c57a9ed3491bff01af..0642858ea6c78ceb08d954de2fe515dcaca134df 100644 (file)
--- a/src/util/util.c
+++ b/src/util/util.c
@@ -1921,6 +1921,55 @@ int virFileAbsPath(const char *path, char **abspath)
     return 0;
 }
 
+/* Remove spurious / characters from a path. The result must be freed */
+char *
+virFileSanitizePath(const char *path)
+{
+    const char *cur = path;
+    char *cleanpath;
+    int idx = 0;
+
+    cleanpath = strdup(path);
+    if (!cleanpath) {
+        virReportOOMError();
+        return NULL;
+    }
+
+    /* Need to sanitize:
+     * //           -> //
+     * ///          -> /
+     * /../foo      -> /../foo
+     * /foo///bar/  -> /foo/bar
+     */
+
+    /* Starting with // is valid posix, but ///foo == /foo */
+    if (cur[0] == '/' && cur[1] == '/' && cur[2] != '/') {
+        idx = 2;
+        cur += 2;
+    }
+
+    /* Sanitize path in place */
+    while (*cur != '\0') {
+        if (*cur != '/') {
+            cleanpath[idx++] = *cur++;
+            continue;
+        }
+
+        /* Skip all extra / */
+        while (*++cur == '/')
+            continue;
+
+        /* Don't add a trailing / */
+        if (idx != 0 && *cur == '\0')
+            break;
+
+        cleanpath[idx++] = '/';
+    }
+    cleanpath[idx] = '\0';
+
+    return cleanpath;
+}
+
 /* Like strtol, but produce an "int" result, and check more carefully.
    Return 0 upon success;  return -1 to indicate failure.
    When END_PTR is NULL, the byte after the final valid digit must be NUL.

diff --git a/src/util/util.h b/src/util/util.h
index 6bf6bcc3c2f3e6d90479939b64da7ffde807947a..abc268822f5da5f06b6a3fb0908176c2a9a62531 100644 (file)
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -118,6 +118,8 @@ char *virFindFileInPath(const char *file);
 
 int virFileExists(const char *path);
 
+char *virFileSanitizePath(const char *path);
+
 enum {
     VIR_FILE_OP_NONE        = 0,
     VIR_FILE_OP_AS_UID      = (1 << 0),

diff --git a/tests/storagepoolxml2xmlin/pool-dir.xml b/tests/storagepoolxml2xmlin/pool-dir.xml
index 361e3831038188bf03a727d64928369deac390f6..d86cc2a46711185617a7c0d8fdad172161dc7632 100644 (file)
--- a/tests/storagepoolxml2xmlin/pool-dir.xml
+++ b/tests/storagepoolxml2xmlin/pool-dir.xml
@@ -7,7 +7,7 @@
   <source>
   </source>
   <target>
-    <path>/var/lib/libvirt/images</path>
+    <path>///var/////lib/libvirt/images//</path>
     <permissions>
       <mode>0700</mode>
       <owner>0</owner>