81 lines
3.0 KiB
Diff
81 lines
3.0 KiB
Diff
|
From 32fe728dafc85c31b34f669b11264967bfc553dd Mon Sep 17 00:00:00 2001
|
||
|
Message-ID: <32fe728dafc85c31b34f669b11264967bfc553dd.1707394627.git.jdenemar@redhat.com>
|
||
|
From: Peter Krempa <pkrempa@redhat.com>
|
||
|
Date: Mon, 29 Jan 2024 15:15:03 +0100
|
||
|
Subject: [PATCH] virNodeDeviceCapVPDFormatCustom*: Escape unsanitized strings
|
||
|
MIME-Version: 1.0
|
||
|
Content-Type: text/plain; charset=UTF-8
|
||
|
Content-Transfer-Encoding: 8bit
|
||
|
|
||
|
The custom field data is taken from PCI device data which can contain
|
||
|
any printable characters, and thus must be escaped when putting into
|
||
|
XML.
|
||
|
|
||
|
Originally, based on the comment and XML schema which was fixed in
|
||
|
previous commits the idea seemed to be that the parser would validate
|
||
|
that only characters which don't break the XML would be present but that
|
||
|
didn't seem to materialize.
|
||
|
|
||
|
Switch to proper escaping of the XML.
|
||
|
|
||
|
Fixes: 3954378d06a
|
||
|
Resolves: https://issues.redhat.com/browse/RHEL-22314
|
||
|
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
||
|
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
||
|
(cherry picked from commit 5373b8c02ce44d0284bc9c60b3b7bc12bff2f867)
|
||
|
|
||
|
https://issues.redhat.com/browse/RHEL-22314 [9.4.0]
|
||
|
https://issues.redhat.com/browse/RHEL-22400 [9.3.z]
|
||
|
https://issues.redhat.com/browse/RHEL-22399 [9.2.z]
|
||
|
---
|
||
|
src/conf/node_device_conf.c | 25 +++++++++++++++++--------
|
||
|
1 file changed, 17 insertions(+), 8 deletions(-)
|
||
|
|
||
|
diff --git a/src/conf/node_device_conf.c b/src/conf/node_device_conf.c
|
||
|
index 4826be6f42..87c046e571 100644
|
||
|
--- a/src/conf/node_device_conf.c
|
||
|
+++ b/src/conf/node_device_conf.c
|
||
|
@@ -242,23 +242,32 @@ virNodeDeviceCapMdevTypesFormat(virBuffer *buf,
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
-virNodeDeviceCapVPDFormatCustomVendorField(virPCIVPDResourceCustom *field, virBuffer *buf)
|
||
|
+virNodeDeviceCapVPDFormatCustomField(virBuffer *buf,
|
||
|
+ const char *fieldtype,
|
||
|
+ virPCIVPDResourceCustom *field)
|
||
|
{
|
||
|
+ g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER;
|
||
|
+ g_auto(virBuffer) content = VIR_BUFFER_INITIALIZER;
|
||
|
+
|
||
|
if (field == NULL || field->value == NULL)
|
||
|
return;
|
||
|
|
||
|
- virBufferAsprintf(buf, "<vendor_field index='%c'>%s</vendor_field>\n", field->idx,
|
||
|
- field->value);
|
||
|
+ virBufferAsprintf(&attrBuf, " index='%c'", field->idx);
|
||
|
+ virBufferEscapeString(&content, "%s", field->value);
|
||
|
+
|
||
|
+ virXMLFormatElementInternal(buf, fieldtype, &attrBuf, &content, false, false);
|
||
|
}
|
||
|
|
||
|
static void
|
||
|
-virNodeDeviceCapVPDFormatCustomSystemField(virPCIVPDResourceCustom *field, virBuffer *buf)
|
||
|
+virNodeDeviceCapVPDFormatCustomVendorField(virPCIVPDResourceCustom *field, virBuffer *buf)
|
||
|
{
|
||
|
- if (field == NULL || field->value == NULL)
|
||
|
- return;
|
||
|
+ virNodeDeviceCapVPDFormatCustomField(buf, "vendor_field", field);
|
||
|
+}
|
||
|
|
||
|
- virBufferAsprintf(buf, "<system_field index='%c'>%s</system_field>\n", field->idx,
|
||
|
- field->value);
|
||
|
+static void
|
||
|
+virNodeDeviceCapVPDFormatCustomSystemField(virPCIVPDResourceCustom *field, virBuffer *buf)
|
||
|
+{
|
||
|
+ virNodeDeviceCapVPDFormatCustomField(buf, "system_field", field);
|
||
|
}
|
||
|
|
||
|
static inline void
|
||
|
--
|
||
|
2.43.0
|