[ovs-dev] [PATCH] bridge: Append the ovs_rundir to socket.

Fri, 18 Jan 2013 17:10:10 -0800 

If socket path specified in the set-controller command is
relative to ovs_rundir(), append the directory name to target.

Bug#14029
Signed-off-by: Pavithra Ramesh <param...@vmware.com>
---
 vswitchd/bridge.c |   38 +++++++++++++++++++++++---------------
 1 file changed, 23 insertions(+), 15 deletions(-)

diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index 82c3bff..4ea3631 100644
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -2792,27 +2792,35 @@ bridge_configure_remotes(struct bridge *br,
     bridge_ofproto_controller_for_mgmt(br, &ocs[n_ocs++]);
     for (i = 0; i < n_controllers; i++) {
         struct ovsrec_controller *c = controllers[i];
-
         if (!strncmp(c->target, "punix:", 6)
             || !strncmp(c->target, "unix:", 5)) {
             static struct vlog_rate_limit rl = VLOG_RATE_LIMIT_INIT(1, 5);
-            char *whitelist;
+            char *whitelist, *new_target;
 
             if (!strncmp(c->target, "unix:", 5)) {
                 /* Connect to a listening socket */
-                whitelist = xasprintf("unix:%s/", ovs_rundir());
-                if (!equal_pathnames(c->target, whitelist,
-                                     strlen(whitelist))) {
-                    VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket "
-                                  "controller \"%s\" due to possibility for "
-                                  "remote exploit.  Instead, specify socket "
-                                  "in whitelisted \"%s\" or connect to "
-                                  "\"unix:%s/%s.mgmt\" (which is always "
-                                  "available without special configuration).",
-                                  br->name, c->target, whitelist,
-                                  ovs_rundir(), br->name);
-                    free(whitelist);
-                    continue;
+                if(c->target[0] != '/') {
+                   /*relative path, append ovs_rundir() */
+                   new_target = xasprintf("unix:%s/%s", ovs_rundir(),
+                                          c->target + strlen("unix:"));
+                   free(c->target);
+                   c->target = new_target;
+                } else {
+                    /* treat the target value as absolute path */
+                    whitelist = xasprintf("unix:%s/", ovs_rundir());
+                    if (!equal_pathnames(c->target, whitelist,
+                                         strlen(whitelist))) {
+                        VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket "
+                                    "controller \"%s\" due to possibility for "
+                                    "remote exploit.  Instead, specify socket "
+                                    "in whitelisted \"%s\" or connect to "
+                                    "\"unix:%s/%s.mgmt\" (which is always "
+                                    "available without special 
configuration).",
+                                    br->name, c->target, whitelist,
+                                    ovs_rundir(), br->name);
+                        free(whitelist);
+                        continue;
+                    }
                 }
             } else {
                whitelist = xasprintf("punix:%s/%s.controller",
-- 
1.7.9.5

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to