qemu_shim: URI escape root directory

The root directory can be provided by user (or a temporary one is
generated) and is always formatted into connection URI for both
secret driver and QEMU driver, like this:

  qemu:///embed?root=$root

But if it so happens that there is an URI unfriendly character in
root directory or path to it (say a space) then invalid URI is
formatted which results in unexpected results. We can trust
g_dir_make_tmp() to generate valid URI but we can't trust user.
Escape user provided root directory. Always.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1920400
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Michal Privoznik 2021-02-12 17:27:26 +01:00
parent f28a652a32
commit 859f7e2072

View File

@ -140,7 +140,8 @@ int main(int argc, char **argv)
g_autofree char *xml = NULL;
g_autofree char *uri = NULL;
g_autofree char *suri = NULL;
char *root = NULL;
const char *root = NULL;
g_autofree char *escaped = NULL;
bool tmproot = false;
int ret = 1;
g_autoptr(GError) error = NULL;
@ -216,6 +217,8 @@ int main(int argc, char **argv)
}
}
escaped = g_uri_escape_string(root, NULL, true);
virFileActivateDirOverrideForProg(argv[0]);
if (verbose)
@ -242,7 +245,7 @@ int main(int argc, char **argv)
eventLoopThread = g_thread_new("event-loop", qemuShimEventLoop, NULL);
if (secrets && *secrets) {
suri = g_strdup_printf("secret:///embed?root=%s", root);
suri = g_strdup_printf("secret:///embed?root=%s", escaped);
if (verbose)
g_printerr("%s: %lld: opening %s\n",
@ -303,7 +306,7 @@ int main(int argc, char **argv)
}
}
uri = g_strdup_printf("qemu:///embed?root=%s", root);
uri = g_strdup_printf("qemu:///embed?root=%s", escaped);
if (verbose)
g_printerr("%s: %lld: opening %s\n",