thr3ads.net - Libguestfs - [Libguestfs] [PATCH virt-v2v] -it ssh: Double quote ssh command which tests remote file exists [Oct 2023]

If this information is useful, please help other people find it:
Share via:

Richard W.M. Jones

2023-Oct-02 09:03 UTC

[Libguestfs] [PATCH virt-v2v] -it ssh: Double quote ssh command which tests remote file exists

Double quoting was removed in
commit e2af12ba69c4463bb73d30db63290a887cdd41eb ("input: -i vmx:
Remove support for openssh scp < 8.8", Nov 2021).  However it should
only have been removed from scp commands, not for this ssh command
where it is still required.

See: https://github.com/libguestfs/virt-v2v/issues/35
Thanks: Laszlo Ersek for diagnosis and suggesting the fix
Reported-by: Bill Sanders
---
 input/parse_domain_from_vmx.ml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/input/parse_domain_from_vmx.ml b/input/parse_domain_from_vmx.ml
index 15ee093f59..2e75e78506 100644
--- a/input/parse_domain_from_vmx.ml
+++ b/input/parse_domain_from_vmx.ml
@@ -97,7 +97,11 @@ let remote_file_exists uri path               | None ->
""
              | Some user -> quote user ^ "@")
             (quote (server_of_uri uri))
-            (quote path) in
+            (* Double quoting is necessary for 'ssh', first to protect
+             * from the local shell, second to protect from the remote
+             * shell. 
https://github.com/libguestfs/virt-v2v/issues/35#issuecomment-1741730963
+             *)
+            (quote (quote path)) in
   if verbose () then
     eprintf "%s\n%!" cmd;
   Sys.command cmd = 0
-- 
2.41.0

Laszlo Ersek

2023-Oct-02 14:09 UTC

head link

[Libguestfs] [PATCH virt-v2v] -it ssh: Double quote ssh command which tests remote file exists

On 10/2/23 11:03, Richard W.M. Jones wrote:> Double quoting was removed in
> commit e2af12ba69c4463bb73d30db63290a887cdd41eb ("input: -i vmx:
> Remove support for openssh scp < 8.8", Nov 2021).  However it
should
> only have been removed from scp commands, not for this ssh command
> where it is still required.
> 
> See: https://github.com/libguestfs/virt-v2v/issues/35
> Thanks: Laszlo Ersek for diagnosis and suggesting the fix
> Reported-by: Bill Sanders
> ---
>  input/parse_domain_from_vmx.ml | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 
> diff --git a/input/parse_domain_from_vmx.ml
b/input/parse_domain_from_vmx.ml
> index 15ee093f59..2e75e78506 100644
> --- a/input/parse_domain_from_vmx.ml
> +++ b/input/parse_domain_from_vmx.ml
> @@ -97,7 +97,11 @@ let remote_file_exists uri path >               |
None -> ""
>               | Some user -> quote user ^ "@")
>              (quote (server_of_uri uri))
> -            (quote path) in
> +            (* Double quoting is necessary for 'ssh', first to
protect
> +             * from the local shell, second to protect from the remote
> +             * shell. 
https://github.com/libguestfs/virt-v2v/issues/35#issuecomment-1741730963
> +             *)
> +            (quote (quote path)) in
>    if verbose () then
>      eprintf "%s\n%!" cmd;
>    Sys.command cmd = 0
Reviewed-by: Laszlo Ersek <lersek at redhat.com>

Thanks!
Laszlo

Libguestfs - Oct 2023 - [PATCH virt-v2v] -it ssh: Double quote ssh command which tests remote file exists

[Libguestfs] [PATCH virt-v2v] -it ssh: Double quote ssh command which tests remote file exists

[Libguestfs] [PATCH virt-v2v] -it ssh: Double quote ssh command which tests remote file exists