From: Michal Privoznik <mprivozn@redhat.com>
According to [1] there are only few characters allowed in the
path to the daemon socket (alphanum and some punctuation;
notably, space is missing on the list). The rest must be escaped
by '%NN' notation. Fortunately, g_uri_escape_string() with some
carefully selected input values is able to escape the path.
Almost - it considers tilde valid but DBus doesn't. Well, let's
hope nobody has tilde in domain name.
1: https://gitlab.freedesktop.org/dbus/dbus/-/blob/2dee5236088bcf690ba92b743a584720b8cb6f55/dbus/dbus-address.c#L332
Closes: https://gitlab.com/libvirt/libvirt/-/issues/834
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_dbus.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_dbus.c b/src/qemu/qemu_dbus.c
index 625884ad46..db0757b71d 100644
--- a/src/qemu/qemu_dbus.c
+++ b/src/qemu/qemu_dbus.c
@@ -119,6 +119,12 @@ static int
qemuDBusWriteConfig(const char *filename, const char *path, bool privileged)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+ /* Escape @path pointing to socket where the dbus-daemon is going to listen
+ * to. Valid characters are alphanumeric, '-', '_', '/', '\\', '*' and '.'.
+ * The rest must be URI escaped. g_uri_escape_string() treads alphanumeric,
+ * '-', '.', '_' and '~' as valid.
+ */
+ g_autofree char *escapedPath = g_uri_escape_string(path, "/\\*", false);
g_autofree char *config = NULL;
virBufferAddLit(&buf, "<!DOCTYPE busconfig PUBLIC \"-//freedesktop//DTD D-Bus Bus Configuration 1.0//EN\"\n");
@@ -127,7 +133,7 @@ qemuDBusWriteConfig(const char *filename, const char *path, bool privileged)
virBufferAdjustIndent(&buf, 2);
virBufferAddLit(&buf, "<type>org.libvirt.qemu</type>\n");
- virBufferAsprintf(&buf, "<listen>unix:path=%s</listen>\n", path);
+ virBufferAsprintf(&buf, "<listen>unix:path=%s</listen>\n", escapedPath);
virBufferAddLit(&buf, "<auth>EXTERNAL</auth>\n");
virBufferAddLit(&buf, "<policy context='default'>\n");
--
2.51.2On a Tuesday in 2025, Michal Privoznik via Devel wrote:
>From: Michal Privoznik <mprivozn@redhat.com>
>
>According to [1] there are only few characters allowed in the
>path to the daemon socket (alphanum and some punctuation;
>notably, space is missing on the list). The rest must be escaped
>by '%NN' notation. Fortunately, g_uri_escape_string() with some
>carefully selected input values is able to escape the path.
>Almost - it considers tilde valid but DBus doesn't. Well, let's
>hope nobody has tilde in domain name.
https://www.rfc-editor.org/rfc/rfc3986.html#appendix-A
Well, g_uri_escape_string does what it says:
unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~"
Whether dbus is wrong or not, libvirt should escape the tilde too.
Jano
>
>1: https://gitlab.freedesktop.org/dbus/dbus/-/blob/2dee5236088bcf690ba92b743a584720b8cb6f55/dbus/dbus-address.c#L332
>Closes: https://gitlab.com/libvirt/libvirt/-/issues/834
>Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
>---
> src/qemu/qemu_dbus.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
On 12/18/25 13:35, Ján Tomko wrote: > On a Tuesday in 2025, Michal Privoznik via Devel wrote: >> From: Michal Privoznik <mprivozn@redhat.com> >> >> According to [1] there are only few characters allowed in the >> path to the daemon socket (alphanum and some punctuation; >> notably, space is missing on the list). The rest must be escaped >> by '%NN' notation. Fortunately, g_uri_escape_string() with some >> carefully selected input values is able to escape the path. > >> Almost - it considers tilde valid but DBus doesn't. Well, let's >> hope nobody has tilde in domain name. > > https://www.rfc-editor.org/rfc/rfc3986.html#appendix-A > Well, g_uri_escape_string does what it says: > unreserved = ALPHA / DIGIT / "-" / "." / "_" / "~" > > Whether dbus is wrong or not, libvirt should escape the tilde too. Okay, I'll try to fix that in v2. But honestly, I think this is so narrow corner case that it feels almost useless work. Michal
© 2016 - 2025 Red Hat, Inc.