[ovs-dev] [PATCH V2] bridge: Relax the whitelist format for punix path.

[Alex Wang]

This commit relaxes the whitelist format for punix path for
service controller.  Instead of only allowing
punix:<ovs_rundir>/<bridge_name>.controller, the new format
allows any suffix, like punix:<ovs_rundir>/<bridge_name>.*.
(except '/').

Signed-off-by: Alex Wang <ee07b...@gmail.com>
---
PATCH->V2:
- prevent the punix path from specifying directory other than the
  ovs_rundir.
---
 tests/ovs-vswitchd.at | 14 ++++++++++++++
 vswitchd/bridge.c     | 12 +++++++-----
 2 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/tests/ovs-vswitchd.at b/tests/ovs-vswitchd.at
index 3b7c516..912354f 100644
--- a/tests/ovs-vswitchd.at
+++ b/tests/ovs-vswitchd.at
@@ -153,3 +153,17 @@ AT_CHECK([sed -n "
 ])
 
 AT_CLEANUP
+
+dnl ----------------------------------------------------------------------
+AT_SETUP([ovs-vswitchd -- set service controller])
+AT_SKIP_IF([test "$IS_WIN32" = "yes"])
+OVS_VSWITCHD_START
+
+AT_CHECK([ovs-vsctl set-controller br0 punix:$(pwd)/br0.void])
+OVS_WAIT_UNTIL([test -e br0.void])
+
+AT_CHECK([ovs-vsctl set-controller br0 
punix:$(pwd)/br0.void/../overwrite.file])
+OVS_WAIT_UNTIL([test -n "`grep ERR ovs-vswitchd.log | grep overwrite.file`"])
+
+OVS_VSWITCHD_STOP(["/Not adding Unix domain socket controller/d"])
+AT_CLEANUP
diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c
index f021360..a551590 100644
--- a/vswitchd/bridge.c
+++ b/vswitchd/bridge.c
@@ -3559,18 +3559,20 @@ bridge_configure_remotes(struct bridge *br,
                     continue;
                 }
             } else {
-               whitelist = xasprintf("punix:%s/%s.controller",
+               whitelist = xasprintf("punix:%s/%s.",
                                      ovs_rundir(), br->name);
-               if (!equal_pathnames(c->target, whitelist, SIZE_MAX)) {
+               if (!equal_pathnames(c->target, whitelist, strlen(whitelist))
+                   || strchr(c->target + strlen(whitelist), '/')) {
                    /* Prevent remote ovsdb-server users from accessing
                     * arbitrary Unix domain sockets and overwriting arbitrary
                     * local files. */
                    VLOG_ERR_RL(&rl, "bridge %s: Not adding Unix domain socket "
                                   "controller \"%s\" due to possibility of "
                                   "overwriting local files. Instead, specify "
-                                  "whitelisted \"%s\" or connect to "
-                                  "\"unix:%s/%s.mgmt\" (which is always "
-                                  "available without special configuration).",
+                                  "path in whitelisted format \"%s*\" or "
+                                  "connect to \"unix:%s/%s.mgmt\" (which is "
+                                  "always available without special "
+                                  "configuration).",
                                   br->name, c->target, whitelist,
                                   ovs_rundir(), br->name);
                    free(whitelist);
-- 
1.9.1

_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev