[lxc-devel] [lxd/master] Restrict snapshot names

Fri Sep 11 22:44:01 UTC 2020

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200911/f8c82711/attachment.bin>
-------------- next part --------------
From cbb45c93212db3d2897e7c33e8d6e3e91f65b41d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 11 Sep 2020 18:39:07 -0400
Subject: [PATCH 1/2] validate: Consider + as unsafe in URL
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 shared/validate/validate.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/shared/validate/validate.go b/shared/validate/validate.go
index 0ae2d5986f..2db3f92efd 100644
--- a/shared/validate/validate.go
+++ b/shared/validate/validate.go
@@ -403,7 +403,7 @@ func IsNetworkMTU(value string) error {
 
 // IsURLSegmentSafe validates whether value can be used in a URL segment.
 func IsURLSegmentSafe(value string) error {
-	for _, char := range []string{"/", "?", "&"} {
+	for _, char := range []string{"/", "?", "&", "+"} {
 		if strings.Contains(value, char) {
 			return fmt.Errorf("Cannot contain %q", char)
 		}

From 34d341eb0f7f54d005d43660be190085d3a63245 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Fri, 11 Sep 2020 18:42:55 -0400
Subject: [PATCH 2/2] lxd/instance/snapshots: Restrict naming
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Make sure the snapshot names are valid in URLs.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/instance_snapshot.go | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/lxd/instance_snapshot.go b/lxd/instance_snapshot.go
index 557ebfa91f..e54c90f741 100644
--- a/lxd/instance_snapshot.go
+++ b/lxd/instance_snapshot.go
@@ -7,10 +7,10 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/url"
-	"strings"
 	"time"
 
 	"github.com/gorilla/mux"
+	"github.com/pkg/errors"
 
 	"github.com/lxc/lxd/lxd/db"
 	"github.com/lxc/lxd/lxd/instance"
@@ -22,6 +22,7 @@ import (
 	"github.com/lxc/lxd/lxd/util"
 	"github.com/lxc/lxd/shared"
 	"github.com/lxc/lxd/shared/api"
+	"github.com/lxc/lxd/shared/validate"
 	"github.com/lxc/lxd/shared/version"
 )
 
@@ -133,8 +134,9 @@ func containerSnapshotsPost(d *Daemon, r *http.Request) response.Response {
 	}
 
 	// Validate the name
-	if strings.Contains(req.Name, "/") {
-		return response.BadRequest(fmt.Errorf("Snapshot names may not contain slashes"))
+	err = validate.IsURLSegmentSafe(req.Name)
+	if err != nil {
+		return response.BadRequest(errors.Wrap(err, "Invalid snapshot name"))
 	}
 
 	fullName := name +
@@ -401,8 +403,9 @@ func snapshotPost(d *Daemon, r *http.Request, sc instance.Instance, containerNam
 	}
 
 	// Validate the name
-	if strings.Contains(newName, "/") {
-		return response.BadRequest(fmt.Errorf("Snapshot names may not contain slashes"))
+	err = validate.IsURLSegmentSafe(newName)
+	if err != nil {
+		return response.BadRequest(errors.Wrap(err, "Invalid snapshot name"))
 	}
 
 	fullName := containerName + shared.SnapshotDelimiter + newName
