External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-01 17:35:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

virNodeDeviceCapVPDFormatCustom*: Escape unsanitized strings

Browse Source 
The custom field data is taken from PCI device data which can contain
any printable characters, and thus must be escaped when putting into
XML.

Originally, based on the comment and XML schema which was fixed in
previous commits the idea seemed to be that the parser would validate
that only characters which don't break the XML would be present but that
didn't seem to materialize.

Switch to proper escaping of the XML.

Fixes: 3954378d06a
Resolves: https://issues.redhat.com/browse/RHEL-22314
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2024-01-29 15:15:03 +01:00
parent eb3844009d
commit 5373b8c02c
1 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/conf/node_device_conf.c
View File

@ -242,23 +242,32 @@ virNodeDeviceCapMdevTypesFormat(virBuffer *buf,
}
static void
virNodeDeviceCapVPDFormatCustomVendorField(virPCIVPDResourceCustom *field, virBuffer *buf)
virNodeDeviceCapVPDFormatCustomField(virBuffer *buf,
const char *fieldtype,
virPCIVPDResourceCustom *field)
{
g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER;
g_auto(virBuffer) content = VIR_BUFFER_INITIALIZER;
if (field == NULL || field->value == NULL)
return;
virBufferAsprintf(buf, "<vendor_field index='%c'>%s</vendor_field>\n", field->idx,
field->value);
virBufferAsprintf(&attrBuf, " index='%c'", field->idx);
virBufferEscapeString(&content, "%s", field->value);
virXMLFormatElementInternal(buf, fieldtype, &attrBuf, &content, false, false);
}
static void
virNodeDeviceCapVPDFormatCustomVendorField(virPCIVPDResourceCustom *field, virBuffer *buf)
{
virNodeDeviceCapVPDFormatCustomField(buf, "vendor_field", field);
}
static void
virNodeDeviceCapVPDFormatCustomSystemField(virPCIVPDResourceCustom *field, virBuffer *buf)
{
if (field == NULL || field->value == NULL)
return;
virBufferAsprintf(buf, "<system_field index='%c'>%s</system_field>\n", field->idx,
field->value);
virNodeDeviceCapVPDFormatCustomField(buf, "system_field", field);
}
static inline void