diff options
| author | Greg Kurz <groug@kaod.org> | 2016-08-30 19:11:05 +0200 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2016-08-30 19:21:39 +0100 |
| commit | fff39a7ad09da07ef490de05c92c91f22f8002f2 (patch) | |
| tree | edb0d5b62569c715ca86b1aa468373048d22bc61 /hw/9pfs/codir.c | |
| parent | 2b294f6b65c7cf1725eeecf97b16024cc565998a (diff) | |
9pfs: forbid illegal path names
Empty path components don't make sense for most commands and may cause
undefined behavior, depending on the backend.
Also, the walk request described in the 9P spec [1] clearly shows that
the client is supposed to send individual path components: the official
linux client never sends portions of path containing the / character for
example.
Moreover, the 9P spec [2] also states that a system can decide to restrict
the set of supported characters used in path components, with an explicit
mention "to remove slashes from name components".
This patch introduces a new name_is_illegal() helper that checks the
names sent by the client are not empty and don't contain unwanted chars.
Since 9pfs is only supported on linux hosts, only the / character is
checked at the moment. When support for other hosts (AKA. win32) is added,
other chars may need to be blacklisted as well.
If a client sends an illegal path component, the request will fail and
ENOENT is returned to the client.
[1] http://man.cat-v.org/plan_9/5/walk
[2] http://man.cat-v.org/plan_9/5/intro
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Diffstat (limited to 'hw/9pfs/codir.c')
0 files changed, 0 insertions, 0 deletions