From 13e1af437a00089e80392b1d23a1afa61fdedf81 Mon Sep 17 00:00:00 2001
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Mon, 20 Mar 2023 15:11:40 +0100
Subject: [PATCH] content path overrides: allow single dots and enforce
 max-lengths

Allow a dot as long as its not followed by another dot and enforce
max component and (a reduced) max path length checking already at
schema level.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---
 PVE/Storage/Plugin.pm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/PVE/Storage/Plugin.pm b/PVE/Storage/Plugin.pm
index 09f6ad2..c323085 100644
--- a/PVE/Storage/Plugin.pm
+++ b/PVE/Storage/Plugin.pm
@@ -355,8 +355,14 @@ PVE::JSONSchema::register_format('pve-dir-override', \&verify_dir_override);
 sub verify_dir_override {
     my ($value, $noerr) = @_;
 
-    if ($value =~ m/^([a-z]+)=[^.]+$/ && verify_content($1, $noerr)) {
-	return $value;
+    if ($value =~ m/^([a-z]+)=([^.]*(?:\.?[^.]+)+)$/) {
+	my ($content_type, $relative_path) = ($1, $2);
+	if (verify_content($content_type, $noerr)) {
+	    # linux has 4k max-path, but limit total length to lower as its concat'd for full path
+	    if (length($relative_path) < 1023 && !(grep { length($_) >= 255 } split('/', $relative_path))) {
+		return $value;
+	    }
+	}
     }
 
     return undef if $noerr;
-- 
2.39.2