diff options
author | Pavithra Ramesh <paramesh@vmware.com> | 2013-02-08 12:37:18 -0800 |
---|---|---|
committer | Ben Pfaff <blp@nicira.com> | 2013-02-11 12:53:11 -0800 |
commit | 2ab02d25784e6d2cb294f55e16ba226cdcf143d7 (patch) | |
tree | b0fed34f0e3ece31cd3bb5369cc338f731583efe /vswitchd | |
parent | 46739ae72b23bf6fcd56dc7ae743bce346300325 (diff) |
stream-unix: Use rundir as root for relative paths.
Until now, "unix:" and "punix:" paths that are not absolute have
been considered relative to the current working directory. It
is more useful to consider them relative to the rundir, so this
commit makes that change to the C and Python implementations of
the stream code.
This commit also relaxes the whitelist check in the bridge code
so that any name that does not contain a "/" is considered OK.
Signed-off-by: Pavithra Ramesh <paramesh@vmware.com>
Signed-off-by: Ben Pfaff <blp@nicira.com>
Diffstat (limited to 'vswitchd')
-rw-r--r-- | vswitchd/bridge.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index 607ae5e1..8fa126e3 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -2804,8 +2804,10 @@ bridge_configure_remotes(struct bridge *br, if (!strncmp(c->target, "unix:", 5)) { /* Connect to a listening socket */ whitelist = xasprintf("unix:%s/", ovs_rundir()); - if (!equal_pathnames(c->target, whitelist, - strlen(whitelist))) { + if (strchr(c->target, '/') && + !equal_pathnames(c->target, whitelist, + strlen(whitelist))) { + /* Absolute path specified, but not in ovs_rundir */ VLOG_ERR_RL(&rl, "bridge %s: Not connecting to socket " "controller \"%s\" due to possibility for " "remote exploit. Instead, specify socket " |