import/export: Limit max length of socat options

Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>

diff --git a/lib/impexpd/__init__.py b/lib/impexpd/__init__.py
index 02b7bb9..b1078db 100644 (file)
--- a/lib/impexpd/__init__.py
+++ b/lib/impexpd/__init__.py
@@ -79,6 +79,8 @@ BUFSIZE = 1024 * 1024
 SOCAT_TCP_OPTS = ["keepalive", "keepidle=60", "keepintvl=10", "keepcnt=5"]
 SOCAT_OPENSSL_OPTS = ["verify=1", "cipher=HIGH", "method=TLSv1"]
 
+SOCAT_OPTION_MAXLEN = 400
+
 (PROG_OTHER,
  PROG_SOCAT,
  PROG_DD,
@@ -168,6 +170,10 @@ class CommandBuilder(object):
 
     for i in [addr1, addr2]:
       for value in i:
+        if len(value) > SOCAT_OPTION_MAXLEN:
+          raise errors.GenericError("Socat option longer than %s"
+                                    " characters: %r" %
+                                    (SOCAT_OPTION_MAXLEN, value))
         if "," in value:
           raise errors.GenericError("Comma not allowed in socat option"
                                     " value: %r" % value)

diff --git a/test/ganeti.impexpd_unittest.py b/test/ganeti.impexpd_unittest.py
index 7832033..0126a5f 100755 (executable)
--- a/test/ganeti.impexpd_unittest.py
+++ b/test/ganeti.impexpd_unittest.py
@@ -111,6 +111,25 @@ class TestCommandBuilder(unittest.TestCase):
       builder = impexpd.CommandBuilder(mode, opts, 1, 2, 3)
       self.assertRaises(errors.GenericError, builder.GetCommand)
 
+  def testOptionLengthError(self):
+    testopts = [
+      CmdBuilderConfig(bind="0.0.0.0" + ("A" * impexpd.SOCAT_OPTION_MAXLEN),
+                       port=1234, ca="/tmp/ca"),
+      CmdBuilderConfig(host="localhost", port=1234,
+                       ca="/tmp/ca" + ("B" * impexpd.SOCAT_OPTION_MAXLEN)),
+      CmdBuilderConfig(host="localhost", port=1234,
+                       key="/tmp/key" + ("B" * impexpd.SOCAT_OPTION_MAXLEN)),
+      ]
+
+    for opts in testopts:
+      for mode in [constants.IEM_IMPORT, constants.IEM_EXPORT]:
+        builder = impexpd.CommandBuilder(mode, opts, 1, 2, 3)
+        self.assertRaises(errors.GenericError, builder.GetCommand)
+
+      opts.host = "localhost" + ("A" * impexpd.SOCAT_OPTION_MAXLEN)
+      builder = impexpd.CommandBuilder(constants.IEM_EXPORT, opts, 1, 2, 3)
+      self.assertRaises(errors.GenericError, builder.GetCommand)
+
   def testModeError(self):
     mode = "foobarbaz"