On Mon, Sep 11, 2023 at 03:09:21PM +0100, Richard W.M. Jones wrote:
> > > - case SERVICE_MODE_UNIXSOCKET:
> > > - fprintf (fp, "nbd%s+unix://", tls == 2 ? "s" : "");
> > > - if (export_name && strcmp (export_name, "") != 0) {
> > > - putc ('/', fp);
> > > - uri_quote (export_name, fp);
> > > - }
> > > - fprintf (fp, "\\?socket=");
> > > - uri_quote (unixsocket, fp);
> >
> > Beforehand, we were manually shell-quoting the ? in the Unix URI...
>
> The shell quoting here was only marginally useful before this change.
> In theory there might be a file in a subdirectory called
> 'nbd+unix:/Xsocket=' which would match :-)
> > > + switch (service_mode) {
> > > + case SERVICE_MODE_UNIXSOCKET:
> > > + fprintf (fp, "nbd%s+unix://", tls == 2 ? "s" : "");
> > > + if (export_name && strcmp (export_name, "") != 0) {
> > > + putc ('/', fp);
> > > + uri_quote (export_name, fp);
> > > + }
> > > + fprintf (fp, "?socket=");
> > > + uri_quote (unixsocket, fp);
> >
> > ...where the manual shell-quoting is no longer injected. Yes, this
> > looks correct (the appearance of the quoting, using '' instead of \,
> > may be different, but the resulting string as parsed by the shell is
> > the same).
My point was that pre-patch, we had:
nbd+unix://\?socket=...
and post-patch, we have:
'nbd+unix://?socket=...'
but both forms are equally quoted; after the shell removes \ or ''
quoting, we are left with:
nbd+unix://?socket=...
and neither form allowed the glob expansion of the (unlikely) file
nbd+unix:/Xsocket=...
My comment was more about why changing the fprintf("\\?socket=")
pre-patch to fprintf("?socket=") post-patch was correct.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc.
Virtualization: qemu.org | libguestfs.org
_______________________________________________
Libguestfs mailing list
Libguestfs@redhat.com
https://listman.redhat.com/mailman/listinfo/libguestfs
