mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-21 20:15:17 +00:00
virNodeDeviceCapVPDFormat: Properly escape system-originated strings
Similarly to previous commit other specific fields which come from the system data and aren't sanitized enough to be safe for XML were also formatted via virBufferAsprintf. Other static and safe strings used virBufferEscapeString instead of virBufferAddLit. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
5373b8c02c
commit
2ccac1e42f
@ -270,14 +270,6 @@ virNodeDeviceCapVPDFormatCustomSystemField(virPCIVPDResourceCustom *field, virBu
|
||||
virNodeDeviceCapVPDFormatCustomField(buf, "system_field", field);
|
||||
}
|
||||
|
||||
static inline void
|
||||
virNodeDeviceCapVPDFormatRegularField(virBuffer *buf, const char *keyword, const char *value)
|
||||
{
|
||||
if (keyword == NULL || value == NULL)
|
||||
return;
|
||||
|
||||
virBufferAsprintf(buf, "<%s>%s</%s>\n", keyword, value, keyword);
|
||||
}
|
||||
|
||||
static void
|
||||
virNodeDeviceCapVPDFormat(virBuffer *buf, virPCIVPDResource *res)
|
||||
@ -290,31 +282,33 @@ virNodeDeviceCapVPDFormat(virBuffer *buf, virPCIVPDResource *res)
|
||||
virBufferEscapeString(buf, "<name>%s</name>\n", res->name);
|
||||
|
||||
if (res->ro != NULL) {
|
||||
virBufferEscapeString(buf, "<fields access='%s'>\n", "readonly");
|
||||
|
||||
virBufferAddLit(buf, "<fields access='readonly'>\n");
|
||||
virBufferAdjustIndent(buf, 2);
|
||||
virNodeDeviceCapVPDFormatRegularField(buf, "change_level", res->ro->change_level);
|
||||
virNodeDeviceCapVPDFormatRegularField(buf, "manufacture_id", res->ro->manufacture_id);
|
||||
virNodeDeviceCapVPDFormatRegularField(buf, "part_number", res->ro->part_number);
|
||||
virNodeDeviceCapVPDFormatRegularField(buf, "serial_number", res->ro->serial_number);
|
||||
|
||||
virBufferEscapeString(buf, "<change_level>%s</change_level>\n", res->ro->change_level);
|
||||
virBufferEscapeString(buf, "<manufacture_id>%s</manufacture_id>\n", res->ro->manufacture_id);
|
||||
virBufferEscapeString(buf, "<part_number>%s</part_number>\n", res->ro->part_number);
|
||||
virBufferEscapeString(buf, "<serial_number>%s</serial_number>\n", res->ro->serial_number);
|
||||
|
||||
g_ptr_array_foreach(res->ro->vendor_specific,
|
||||
(GFunc)virNodeDeviceCapVPDFormatCustomVendorField, buf);
|
||||
virBufferAdjustIndent(buf, -2);
|
||||
|
||||
virBufferAdjustIndent(buf, -2);
|
||||
virBufferAddLit(buf, "</fields>\n");
|
||||
}
|
||||
|
||||
if (res->rw != NULL) {
|
||||
virBufferEscapeString(buf, "<fields access='%s'>\n", "readwrite");
|
||||
|
||||
virBufferAddLit(buf, "<fields access='readwrite'>\n");
|
||||
virBufferAdjustIndent(buf, 2);
|
||||
virNodeDeviceCapVPDFormatRegularField(buf, "asset_tag", res->rw->asset_tag);
|
||||
|
||||
virBufferEscapeString(buf, "<asset_tag>%s</asset_tag>\n", res->rw->asset_tag);
|
||||
|
||||
g_ptr_array_foreach(res->rw->vendor_specific,
|
||||
(GFunc)virNodeDeviceCapVPDFormatCustomVendorField, buf);
|
||||
g_ptr_array_foreach(res->rw->system_specific,
|
||||
(GFunc)virNodeDeviceCapVPDFormatCustomSystemField, buf);
|
||||
virBufferAdjustIndent(buf, -2);
|
||||
|
||||
virBufferAdjustIndent(buf, -2);
|
||||
virBufferAddLit(buf, "</fields>\n");
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user