On Mon, Sep 11, 2023 at 09:19:12AM -0500, Eric Blake wrote:
On Mon, Sep 11, 2023 at 03:09:21PM +0100, Richard W.M. Jones wrote:
> > > - case SERVICE_MODE_UNIXSOCKET:
> > > - fprintf (fp, "nbd%s+unix://", tls == 2 ? "s" :
"");
> > > - if (export_name && strcmp (export_name, "") != 0)
{
> > > - putc ('/', fp);
> > > - uri_quote (export_name, fp);
> > > - }
> > > - fprintf (fp, "\\?socket=");
> > > - uri_quote (unixsocket, fp);
> >
> > Beforehand, we were manually shell-quoting the ? in the Unix URI...
>
> The shell quoting here was only marginally useful before this change.
> In theory there might be a file in a subdirectory called
> 'nbd+unix:/Xsocket=' which would match :-)
> > > + switch (service_mode) {
> > > + case SERVICE_MODE_UNIXSOCKET:
> > > + fprintf (fp, "nbd%s+unix://", tls == 2 ? "s" :
"");
> > > + if (export_name && strcmp (export_name, "") != 0)
{
> > > + putc ('/', fp);
> > > + uri_quote (export_name, fp);
> > > + }
> > > + fprintf (fp, "?socket=");
> > > + uri_quote (unixsocket, fp);
> >
> > ...where the manual shell-quoting is no longer injected. Yes, this
> > looks correct (the appearance of the quoting, using '' instead of \,
> > may be different, but the resulting string as parsed by the shell is
> > the same).
My point was that pre-patch, we had:
nbd+unix://\?socket=...
and post-patch, we have:
'nbd+unix://?socket=...'
but both forms are equally quoted; after the shell removes \ or ''
quoting, we are left with:
nbd+unix://?socket=...
and neither form allowed the glob expansion of the (unlikely) file
nbd+unix:/Xsocket=...
My comment was more about why changing the fprintf("\\?socket=")
pre-patch to fprintf("?socket=") post-patch was correct.
Agreed, thanks!
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v