From: Daniele Di Proietto Date: Tue, 2 Feb 2016 21:28:11 +0000 (-0800) Subject: bridge: Do not add bridges with '/' in name. X-Git-Url: http://git.cascardo.eti.br/?p=cascardo%2Fovs.git;a=commitdiff_plain;h=e6448d2f348d4ec6da8091bf877f73f6f3032d77 bridge: Do not add bridges with '/' in name. This effectively stops vswitchd from creating bridges with '/' in the name. OVS used to print a warning but the bridge was created anyway. This restriction is implemented because the bridge name is part of a filesystem path. This check is no substitute for Mandatory Access Control, but it certainly helps to catch the error early. Signed-off-by: Daniele Di Proietto [blp@ovn.org added a test] Acked-by: Ben Pfaff --- diff --git a/tests/ovs-vswitchd.at b/tests/ovs-vswitchd.at index 4245fc4f7..848daa385 100644 --- a/tests/ovs-vswitchd.at +++ b/tests/ovs-vswitchd.at @@ -187,3 +187,33 @@ AT_CHECK([ovs-appctl dpif/show | tail -n +3], [0], [dnl ]) OVS_VSWITCHD_STOP AT_CLEANUP + +dnl ---------------------------------------------------------------------- +AT_SETUP([ovs-vswitchd - do not create sockets with unsafe names]) +OVS_VSWITCHD_START + +# On Unix systems, test for sockets with "test -S". +# +# On Windows systems, we simulate a socket with a regular file that contains +# a TCP port number, so use "test -f" there instead. +if test $IS_WIN32 = yes; then + S=f +else + S=S +fi + +# Create a bridge with an ordinary name and make sure that the management +# socket gets creatd. +AT_CHECK([ovs-vsctl add-br a -- set bridge a datapath-type=dummy]) +AT_CHECK([test -$S a.mgmt]) + +# Create a bridge with an unsafe name and make sure that the management +# socket does not get created. +mkdir b +AT_CHECK([ovs-vsctl add-br b/c -- set bridge b/c datapath-type=dummy], [0], + [], [ovs-vsctl: Error detected while setting up 'b/c'. See ovs-vswitchd log for details. +]) +AT_CHECK([test ! -e b/c.mgmt]) + +OVS_VSWITCHD_STOP(['/ignoring bridge with invalid name/d']) +AT_CLEANUP diff --git a/vswitchd/bridge.c b/vswitchd/bridge.c index f8324a290..2ff23223f 100644 --- a/vswitchd/bridge.c +++ b/vswitchd/bridge.c @@ -1686,6 +1686,7 @@ static void add_del_bridges(const struct ovsrec_open_vswitch *cfg) { struct bridge *br, *next; + struct shash_node *node; struct shash new_br; size_t i; @@ -1719,8 +1720,8 @@ add_del_bridges(const struct ovsrec_open_vswitch *cfg) } /* Add new bridges. */ - for (i = 0; i < cfg->n_bridges; i++) { - const struct ovsrec_bridge *br_cfg = cfg->bridges[i]; + SHASH_FOR_EACH(node, &new_br) { + const struct ovsrec_bridge *br_cfg = node->data; struct bridge *br = bridge_lookup(br_cfg->name); if (!br) { bridge_create(br_cfg);