[Libguestfs] Re: [PATCH nbdkit v2 1/2] server: Reserve more characters from plugin/filter short names

On Sun, Apr 21, 2024 at 08:15:42PM +0100, Richard W.M. Jones wrote: > The plugin/filter short name detection is very liberal, reserving only > '.' and '/'. Thus, at least in theory, short plugin names containing > almost arbitrary symbols and characters are permitted. > > Backslash ought to have been reserved when we added Windows support. > > We should probably reserve more characters, but in this commit I only > reserve: > > * backslash (ie. directory separator on Windows) > * ':' and ';' (common path separators) > * '=' (used in nbdkit parameters) Oh, I reviewed v1 before you added '=' to the reject list in v2. > * space and comma (commonly used to separate lists) > * non-printable ASCII characters > > Also DIR_SEPARATOR_STR, but that's likely to be already covered by the > other tests so probably does nothing here. > > This commit is mainly about tightening up corner cases with possible > security implications, for example if you managed to trick a program > to invoke 'nbdkit "plugin param"' that might have an ambiguous parsing > that you could use to your advantage. It should have no effect on > normal, non-adversarial usage. > --- > server/options.h | 18 +++++++++++++++++- > 1 file changed, 17 insertions(+), 1 deletion(-) > > + > + for (i = 0; i < n; ++i) { > + switch (filename[i]) { > + case '\0'...31: case 127: /* non-printable ASCII */ The comment about ranged case label is still present (I'm okay whether you keep it in or explode it to long-hand).