From: Peter Krempa Date: Wed, 8 Apr 2015 08:57:07 +0000 (+0200) Subject: util: file: Don't carelessly sanitize URIs X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=fac04598bb2ab24903274002ea3752f6ad54df33;p=people%2Fliuw%2Flibxenctrl-split%2Flibvirt.git util: file: Don't carelessly sanitize URIs rfc3986 states that the separator in URI path is a single slash. Multiple slashes may potentially lead to different resources and thus we should not remove them. --- diff --git a/src/util/virfile.c b/src/util/virfile.c index c528a1c01..87d121db5 100644 --- a/src/util/virfile.c +++ b/src/util/virfile.c @@ -2812,12 +2812,18 @@ char * virFileSanitizePath(const char *path) { const char *cur = path; + char *uri; char *cleanpath; int idx = 0; if (VIR_STRDUP(cleanpath, path) < 0) return NULL; + /* don't sanitize URIs - rfc3986 states that two slashes may lead to a + * different resource, thus removing them would possibly change the path */ + if ((uri = strstr(path, "://")) && strchr(path, '/') > uri) + return cleanpath; + /* Need to sanitize: * // -> // * /// -> / diff --git a/tests/virfiletest.c b/tests/virfiletest.c index 826b2b9e5..628fa1fb0 100644 --- a/tests/virfiletest.c +++ b/tests/virfiletest.c @@ -165,6 +165,8 @@ mymain(void) ret = -1; \ } while (0) +#define DO_TEST_SANITIZE_PATH_SAME(PATH) DO_TEST_SANITIZE_PATH(PATH, PATH) + virtTestCounterReset("testFileSanitizePath "); DO_TEST_SANITIZE_PATH("", ""); DO_TEST_SANITIZE_PATH("/", "/"); @@ -178,6 +180,11 @@ mymain(void) DO_TEST_SANITIZE_PATH("../../", "../.."); DO_TEST_SANITIZE_PATH("//foo//bar", "//foo/bar"); DO_TEST_SANITIZE_PATH("/bar//foo", "/bar/foo"); + DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz/foo/hoo"); + DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz//fooo/hoo"); + DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz//////fooo/hoo"); + DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz/fooo//hoo"); + DO_TEST_SANITIZE_PATH_SAME("gluster://bar.baz/fooo///////hoo"); return ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS; }