Re: [pve-devel] [PATCH container v2] improve mountpoint parsing

applied, thanks. ___ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH container v2] improve mountpoint parsing

> changes from v1: > renamed function to verify_* > added check for ../ at the beginning > cleaned up regex (\.)? -> \.? Can/should we add further restrictions to the allowed charset? We currently have format 'pve-volume-id', which use if ($volid =~

[pve-devel] [PATCH container v2] improve mountpoint parsing

changes from v1: renamed function to verify_* added check for ../ at the beginning cleaned up regex (\.)? -> \.? currently we sanitize mountpoints with sanitize_mountpoint, which tries to remove dots, double-dots and multiple slashes, but it does it not correctly (e.g. /test/././ gets truncated

Re: [pve-devel] [PATCH container v2] improve mountpoint parsing

> On February 4, 2016 at 4:52 PM Dietmar Maurer wrote: > > > > > with the new behaviour, we don't need sanitize_mountpoint anymore: > > > > > > Signed-off-by: Dominik Csapak > > > > Acked-by: Wolfgang Bumiller > > This

Re: [pve-devel] [PATCH container v2] improve mountpoint parsing

On Thu, Feb 04, 2016 at 01:40:15PM +0100, Dominik Csapak wrote: > changes from v1: > renamed function to verify_* > added check for ../ at the beginning > cleaned up regex (\.)? -> \.? > > > currently we sanitize mountpoints with sanitize_mountpoint, which > tries to remove dots, double-dots and

Re: [pve-devel] [PATCH container v2] improve mountpoint parsing

> > with the new behaviour, we don't need sanitize_mountpoint anymore: > > > > Signed-off-by: Dominik Csapak > > Acked-by: Wolfgang Bumiller This looks potentially dangerous to me. Is there a reason (bug) for that change? Or is this just a