git.ipfire.org Git - thirdparty/qemu.git/commit

author	Greg Kurz <groug@kaod.org>
	Tue, 30 Aug 2016 17:11:05 +0000 (19:11 +0200)
committer	Michael Roth <mdroth@linux.vnet.ibm.com>
	Thu, 8 Sep 2016 20:46:53 +0000 (15:46 -0500)
commit	917e9a9816f34787391059c89ba5fb770fe22028
tree	e80d941a9044a411f21f0a1d161c8eb7a46834f0	tree
parent	cb3677cd50dcb07e74d0113337e40e9e3e14d728	commit \| diff

9pfs: forbid illegal path names

Empty path components don't make sense for most commands and may cause
undefined behavior, depending on the backend.

Also, the walk request described in the 9P spec [1] clearly shows that
the client is supposed to send individual path components: the official
linux client never sends portions of path containing the / character for
example.

Moreover, the 9P spec [2] also states that a system can decide to restrict
the set of supported characters used in path components, with an explicit
mention "to remove slashes from name components".

This patch introduces a new name_is_illegal() helper that checks the
names sent by the client are not empty and don't contain unwanted chars.
Since 9pfs is only supported on linux hosts, only the / character is
checked at the moment. When support for other hosts (AKA. win32) is added,
other chars may need to be blacklisted as well.

If a client sends an illegal path component, the request will fail and
ENOENT is returned to the client.

[1] http://man.cat-v.org/plan_9/5/walk
[2] http://man.cat-v.org/plan_9/5/intro

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit fff39a7ad09da07ef490de05c92c91f22f8002f2)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>