diff --git a/lib/impexpd/__init__.py b/lib/impexpd/__init__.py
index 02b7bb90c93e6e85960762d3151a2a533cb3b823..b1078dbc5a11a0750a7868f1ab7addb8057f7713 100644
--- a/lib/impexpd/__init__.py
+++ b/lib/impexpd/__init__.py
@@ -79,6 +79,8 @@ BUFSIZE = 1024 * 1024
SOCAT_TCP_OPTS = ["keepalive", "keepidle=60", "keepintvl=10", "keepcnt=5"]
SOCAT_OPENSSL_OPTS = ["verify=1", "cipher=HIGH", "method=TLSv1"]
+SOCAT_OPTION_MAXLEN = 400
+
(PROG_OTHER,
PROG_SOCAT,
PROG_DD,
@@ -168,6 +170,10 @@ class CommandBuilder(object):
for i in [addr1, addr2]:
for value in i:
+ if len(value) > SOCAT_OPTION_MAXLEN:
+ raise errors.GenericError("Socat option longer than %s"
+ " characters: %r" %
+ (SOCAT_OPTION_MAXLEN, value))
if "," in value:
raise errors.GenericError("Comma not allowed in socat option"
" value: %r" % value)
diff --git a/test/ganeti.impexpd_unittest.py b/test/ganeti.impexpd_unittest.py
index 78320333f1d1c3ec92929b2baa8f6a1e4cf28585..0126a5fd6462ee60f4dd961715c8b7573d61eead 100755
--- a/test/ganeti.impexpd_unittest.py
+++ b/test/ganeti.impexpd_unittest.py
@@ -111,6 +111,25 @@ class TestCommandBuilder(unittest.TestCase):
builder = impexpd.CommandBuilder(mode, opts, 1, 2, 3)
self.assertRaises(errors.GenericError, builder.GetCommand)
+ def testOptionLengthError(self):
+ testopts = [
+ CmdBuilderConfig(bind="0.0.0.0" + ("A" * impexpd.SOCAT_OPTION_MAXLEN),
+ port=1234, ca="/tmp/ca"),
+ CmdBuilderConfig(host="localhost", port=1234,
+ ca="/tmp/ca" + ("B" * impexpd.SOCAT_OPTION_MAXLEN)),
+ CmdBuilderConfig(host="localhost", port=1234,
+ key="/tmp/key" + ("B" * impexpd.SOCAT_OPTION_MAXLEN)),
+ ]
+
+ for opts in testopts:
+ for mode in [constants.IEM_IMPORT, constants.IEM_EXPORT]:
+ builder = impexpd.CommandBuilder(mode, opts, 1, 2, 3)
+ self.assertRaises(errors.GenericError, builder.GetCommand)
+
+ opts.host = "localhost" + ("A" * impexpd.SOCAT_OPTION_MAXLEN)
+ builder = impexpd.CommandBuilder(constants.IEM_EXPORT, opts, 1, 2, 3)
+ self.assertRaises(errors.GenericError, builder.GetCommand)
+
def testModeError(self):
mode = "foobarbaz"