Merge "libvirt: add validation of migration hostname"

nova/exception.py

@@ -1696,3 +1696,7 @@ class ImageNUMATopologyCPUsUnassigned(Invalid):
 class ImageNUMATopologyMemoryOutOfRange(Invalid):
     msg_fmt = _("%(memsize)d MB of memory assigned, but expected "
                 "%(memtotal)d MB")
+
+
+class InvalidHostname(Invalid):
+    msg_fmt = _("Invalid characters in hostname '%(hostname)s'")

nova/tests/virt/libvirt/fake_libvirt_utils.py

@@ -196,3 +196,7 @@ def pick_disk_driver_name(hypervisor_version, is_block_dev=False):
 
 def get_arch(image_meta):
     pass
+
+
+def is_valid_hostname(name):
+    return True

nova/tests/virt/libvirt/test_driver.py

@@ -8726,6 +8726,27 @@ Active:          8381604 kB
                                                   dstfile, "qcow2")
             mock_define.assert_called_once_with(xmldoc)
 
+    @mock.patch.object(greenthread, "spawn")
+    def test_live_migration_hostname_valid(self, mock_spawn):
+        drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
+        drvr.live_migration(self.context, self.test_instance,
+                            "host1.example.com",
+                            lambda x: x,
+                            lambda x: x)
+        mock_spawn.assert_called_once()
+
+    @mock.patch.object(greenthread, "spawn")
+    @mock.patch.object(fake_libvirt_utils, "is_valid_hostname")
+    def test_live_migration_hostname_invalid(self, mock_hostname, mock_spawn):
+        drvr = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
+        mock_hostname.return_value = False
+        self.assertRaises(exception.InvalidHostname,
+                          drvr.live_migration,
+                          self.context, self.test_instance,
+                          "foo/?com=/bin/sh",
+                          lambda x: x,
+                          lambda x: x)
+
 
 class HostStateTestCase(test.TestCase):
 

nova/tests/virt/libvirt/test_utils.py

@@ -299,3 +299,15 @@ ID        TAG                 VM SIZE                DATE       VM CLOCK
         self.assertEqual(67108864, image_info.virtual_size)
         self.assertEqual(98304, image_info.disk_size)
         self.assertEqual(3, len(image_info.snapshots))
+
+    def test_valid_hostname_normal(self):
+        self.assertTrue(libvirt_utils.is_valid_hostname("hello.world.com"))
+
+    def test_valid_hostname_ipv4addr(self):
+        self.assertTrue(libvirt_utils.is_valid_hostname("10.0.2.1"))
+
+    def test_valid_hostname_ipv6addr(self):
+        self.assertTrue(libvirt_utils.is_valid_hostname("240:2ac3::2"))
+
+    def test_valid_hostname_bad(self):
+        self.assertFalse(libvirt_utils.is_valid_hostname("foo/?com=/bin/sh"))

nova/virt/libvirt/driver.py

@@ -4825,6 +4825,12 @@ class LibvirtDriver(driver.ComputeDriver):
 
         """
 
+        # 'dest' will be substituted into 'migration_uri' so ensure
+        # it does't contain any characters that could be used to
+        # exploit the URI accepted by libivrt
+        if not libvirt_utils.is_valid_hostname(dest):
+            raise exception.InvalidHostname(hostname=dest)
+
         greenthread.spawn(self._live_migration, context, instance, dest,
                           post_method, recover_method, block_migration,
                           migrate_data)

nova/virt/libvirt/utils.py

@@ -21,6 +21,7 @@
 import errno
 import os
 import platform
+import re
 
 from lxml import etree
 from oslo.config import cfg
@@ -489,3 +490,7 @@ def is_mounted(mount_path, source=None):
         if exc.errno == errno.ENOENT:
             LOG.info(_LI("findmnt tool is not installed"))
         return False
+
+
+def is_valid_hostname(hostname):
+    return re.match(r"^[\w\-\.:]+$", hostname)