From 859f7e2072b4109a05e7c491edf2b1c0066c3b23 Mon Sep 17 00:00:00 2001
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 12 Feb 2021 17:27:26 +0100
Subject: [PATCH] qemu_shim: URI escape root directory
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The root directory can be provided by user (or a temporary one is
generated) and is always formatted into connection URI for both
secret driver and QEMU driver, like this:

  qemu:///embed?root=$root

But if it so happens that there is an URI unfriendly character in
root directory or path to it (say a space) then invalid URI is
formatted which results in unexpected results. We can trust
g_dir_make_tmp() to generate valid URI but we can't trust user.
Escape user provided root directory. Always.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1920400
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 src/qemu/qemu_shim.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/qemu/qemu_shim.c b/src/qemu/qemu_shim.c
index 18bdc99256..c10598df4b 100644
--- a/src/qemu/qemu_shim.c
+++ b/src/qemu/qemu_shim.c
@@ -140,7 +140,8 @@ int main(int argc, char **argv)
     g_autofree char *xml = NULL;
     g_autofree char *uri = NULL;
     g_autofree char *suri = NULL;
-    char *root = NULL;
+    const char *root = NULL;
+    g_autofree char *escaped = NULL;
     bool tmproot = false;
     int ret = 1;
     g_autoptr(GError) error = NULL;
@@ -216,6 +217,8 @@ int main(int argc, char **argv)
         }
     }
 
+    escaped = g_uri_escape_string(root, NULL, true);
+
     virFileActivateDirOverrideForProg(argv[0]);
 
     if (verbose)
@@ -242,7 +245,7 @@ int main(int argc, char **argv)
     eventLoopThread = g_thread_new("event-loop", qemuShimEventLoop, NULL);
 
     if (secrets && *secrets) {
-        suri = g_strdup_printf("secret:///embed?root=%s", root);
+        suri = g_strdup_printf("secret:///embed?root=%s", escaped);
 
         if (verbose)
             g_printerr("%s: %lld: opening %s\n",
@@ -303,7 +306,7 @@ int main(int argc, char **argv)
         }
     }
 
-    uri = g_strdup_printf("qemu:///embed?root=%s", root);
+    uri = g_strdup_printf("qemu:///embed?root=%s", escaped);
 
     if (verbose)
         g_printerr("%s: %lld: opening %s\n",