mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2025-01-11 09:17:52 +03:00
XML: escape strings where we should do it
There is a lot of places, were it's pretty easy for user to enter some characters that we need to escape to create a valid XML description. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1197580 Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
This commit is contained in:
Pavel Hrdina
parent
ed8155eafb
commit
d091518b35
@ -682,9 +682,9 @@ virCapabilitiesDomainDataLookupInternal(virCapsPtr caps,
|
|||||||
virBufferAsprintf(&buf, "domaintype=%s ",
|
virBufferAsprintf(&buf, "domaintype=%s ",
|
||||||
virDomainVirtTypeToString(domaintype));
|
virDomainVirtTypeToString(domaintype));
|
||||||
if (emulator)
|
if (emulator)
|
||||||
virBufferAsprintf(&buf, "emulator=%s ", emulator);
|
virBufferEscapeString(&buf, "emulator=%s ", emulator);
|
||||||
if (machinetype)
|
if (machinetype)
|
||||||
virBufferAsprintf(&buf, "machine=%s ", machinetype);
|
virBufferEscapeString(&buf, "machine=%s ", machinetype);
|
||||||
if (virBufferCurrentContent(&buf) &&
|
if (virBufferCurrentContent(&buf) &&
|
||||||
!virBufferCurrentContent(&buf)[0])
|
!virBufferCurrentContent(&buf)[0])
|
||||||
virBufferAsprintf(&buf, "%s", _("any configuration"));
|
virBufferAsprintf(&buf, "%s", _("any configuration"));
|
||||||
|
|||||||
@ -544,17 +544,17 @@ virCPUDefFormatBuf(virBufferPtr buf,
|
|||||||
}
|
}
|
||||||
virBufferAsprintf(buf, " fallback='%s'", fallback);
|
virBufferAsprintf(buf, " fallback='%s'", fallback);
|
||||||
if (def->vendor_id)
|
if (def->vendor_id)
|
||||||
virBufferAsprintf(buf, " vendor_id='%s'", def->vendor_id);
|
virBufferEscapeString(buf, " vendor_id='%s'", def->vendor_id);
|
||||||
}
|
}
|
||||||
if (formatModel && def->model) {
|
if (formatModel && def->model) {
|
||||||
virBufferAsprintf(buf, ">%s</model>\n", def->model);
|
virBufferEscapeString(buf, ">%s</model>\n", def->model);
|
||||||
} else {
|
} else {
|
||||||
virBufferAddLit(buf, "/>\n");
|
virBufferAddLit(buf, "/>\n");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (formatModel && def->vendor)
|
if (formatModel && def->vendor)
|
||||||
virBufferAsprintf(buf, "<vendor>%s</vendor>\n", def->vendor);
|
virBufferEscapeString(buf, "<vendor>%s</vendor>\n", def->vendor);
|
||||||
|
|
||||||
if (def->sockets && def->cores && def->threads) {
|
if (def->sockets && def->cores && def->threads) {
|
||||||
virBufferAddLit(buf, "<topology");
|
virBufferAddLit(buf, "<topology");
|
||||||
|
|||||||
@ -272,7 +272,7 @@ virDomainCapsFormatInternal(virBufferPtr buf,
|
|||||||
virBufferAddLit(buf, "<domainCapabilities>\n");
|
virBufferAddLit(buf, "<domainCapabilities>\n");
|
||||||
virBufferAdjustIndent(buf, 2);
|
virBufferAdjustIndent(buf, 2);
|
||||||
|
|
||||||
virBufferAsprintf(buf, "<path>%s</path>\n", caps->path);
|
virBufferEscapeString(buf, "<path>%s</path>\n", caps->path);
|
||||||
virBufferAsprintf(buf, "<domain>%s</domain>\n", virttype_str);
|
virBufferAsprintf(buf, "<domain>%s</domain>\n", virttype_str);
|
||||||
virBufferAsprintf(buf, "<machine>%s</machine>\n", caps->machine);
|
virBufferAsprintf(buf, "<machine>%s</machine>\n", caps->machine);
|
||||||
virBufferAsprintf(buf, "<arch>%s</arch>\n", arch_str);
|
virBufferAsprintf(buf, "<arch>%s</arch>\n", arch_str);
|
||||||
|
|||||||
@ -3724,7 +3724,7 @@ virDomainDeviceInfoFormat(virBufferPtr buf,
|
|||||||
virBufferAsprintf(buf, " bar='%s'", rombar);
|
virBufferAsprintf(buf, " bar='%s'", rombar);
|
||||||
}
|
}
|
||||||
if (info->romfile)
|
if (info->romfile)
|
||||||
virBufferAsprintf(buf, " file='%s'", info->romfile);
|
virBufferEscapeString(buf, " file='%s'", info->romfile);
|
||||||
virBufferAddLit(buf, "/>\n");
|
virBufferAddLit(buf, "/>\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -17716,7 +17716,7 @@ virSecurityDeviceLabelDefFormat(virBufferPtr buf,
|
|||||||
virBufferAddLit(buf, "<seclabel");
|
virBufferAddLit(buf, "<seclabel");
|
||||||
|
|
||||||
if (def->model)
|
if (def->model)
|
||||||
virBufferAsprintf(buf, " model='%s'", def->model);
|
virBufferEscapeString(buf, " model='%s'", def->model);
|
||||||
|
|
||||||
if (def->labelskip)
|
if (def->labelskip)
|
||||||
virBufferAddLit(buf, " labelskip='yes'");
|
virBufferAddLit(buf, " labelskip='yes'");
|
||||||
@ -19250,50 +19250,46 @@ virDomainChrSourceDefFormat(virBufferPtr buf,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case VIR_DOMAIN_CHR_TYPE_NMDM:
|
case VIR_DOMAIN_CHR_TYPE_NMDM:
|
||||||
virBufferAsprintf(buf, "<source master='%s' slave='%s'/>\n",
|
virBufferEscapeString(buf, "<source master='%s' ",
|
||||||
def->data.nmdm.master,
|
def->data.nmdm.master);
|
||||||
def->data.nmdm.slave);
|
virBufferEscapeString(buf, "slave='%s'/>\n", def->data.nmdm.slave);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case VIR_DOMAIN_CHR_TYPE_UDP:
|
case VIR_DOMAIN_CHR_TYPE_UDP:
|
||||||
if (def->data.udp.bindService &&
|
if (def->data.udp.bindService &&
|
||||||
def->data.udp.bindHost) {
|
def->data.udp.bindHost) {
|
||||||
virBufferAsprintf(buf,
|
virBufferEscapeString(buf, "<source mode='bind' host='%s' ",
|
||||||
"<source mode='bind' host='%s' "
|
def->data.udp.bindHost);
|
||||||
"service='%s'/>\n",
|
virBufferEscapeString(buf, "service='%s'/>\n",
|
||||||
def->data.udp.bindHost,
|
def->data.udp.bindService);
|
||||||
def->data.udp.bindService);
|
|
||||||
} else if (def->data.udp.bindHost) {
|
} else if (def->data.udp.bindHost) {
|
||||||
virBufferAsprintf(buf, "<source mode='bind' host='%s'/>\n",
|
virBufferEscapeString(buf, "<source mode='bind' host='%s'/>\n",
|
||||||
def->data.udp.bindHost);
|
def->data.udp.bindHost);
|
||||||
} else if (def->data.udp.bindService) {
|
} else if (def->data.udp.bindService) {
|
||||||
virBufferAsprintf(buf, "<source mode='bind' service='%s'/>\n",
|
virBufferEscapeString(buf, "<source mode='bind' service='%s'/>\n",
|
||||||
def->data.udp.bindService);
|
def->data.udp.bindService);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (def->data.udp.connectService &&
|
if (def->data.udp.connectService &&
|
||||||
def->data.udp.connectHost) {
|
def->data.udp.connectHost) {
|
||||||
virBufferAsprintf(buf,
|
virBufferEscapeString(buf, "<source mode='connect' host='%s' ",
|
||||||
"<source mode='connect' host='%s' "
|
def->data.udp.connectHost);
|
||||||
"service='%s'/>\n",
|
virBufferEscapeString(buf, "service='%s'/>\n",
|
||||||
def->data.udp.connectHost,
|
def->data.udp.connectService);
|
||||||
def->data.udp.connectService);
|
|
||||||
} else if (def->data.udp.connectHost) {
|
} else if (def->data.udp.connectHost) {
|
||||||
virBufferAsprintf(buf, "<source mode='connect' host='%s'/>\n",
|
virBufferEscapeString(buf, "<source mode='connect' host='%s'/>\n",
|
||||||
def->data.udp.connectHost);
|
def->data.udp.connectHost);
|
||||||
} else if (def->data.udp.connectService) {
|
} else if (def->data.udp.connectService) {
|
||||||
virBufferAsprintf(buf,
|
virBufferEscapeString(buf, "<source mode='connect' service='%s'/>\n",
|
||||||
"<source mode='connect' service='%s'/>\n",
|
def->data.udp.connectService);
|
||||||
def->data.udp.connectService);
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case VIR_DOMAIN_CHR_TYPE_TCP:
|
case VIR_DOMAIN_CHR_TYPE_TCP:
|
||||||
virBufferAsprintf(buf,
|
virBufferAsprintf(buf, "<source mode='%s' ",
|
||||||
"<source mode='%s' host='%s' service='%s'/>\n",
|
def->data.tcp.listen ? "bind" : "connect");
|
||||||
def->data.tcp.listen ? "bind" : "connect",
|
virBufferEscapeString(buf, "host='%s' ", def->data.tcp.host);
|
||||||
def->data.tcp.host,
|
virBufferEscapeString(buf, "service='%s'/>\n", def->data.tcp.service);
|
||||||
def->data.tcp.service);
|
|
||||||
virBufferAsprintf(buf, "<protocol type='%s'/>\n",
|
virBufferAsprintf(buf, "<protocol type='%s'/>\n",
|
||||||
virDomainChrTcpProtocolTypeToString(
|
virDomainChrTcpProtocolTypeToString(
|
||||||
def->data.tcp.protocol));
|
def->data.tcp.protocol));
|
||||||
@ -19307,8 +19303,8 @@ virDomainChrSourceDefFormat(virBufferPtr buf,
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
|
case VIR_DOMAIN_CHR_TYPE_SPICEPORT:
|
||||||
virBufferAsprintf(buf, "<source channel='%s'/>\n",
|
virBufferEscapeString(buf, "<source channel='%s'/>\n",
|
||||||
def->data.spiceport.channel);
|
def->data.spiceport.channel);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -2422,21 +2422,20 @@ virNetworkDNSDefFormat(virBufferPtr buf,
|
|||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < def->ntxts; i++) {
|
for (i = 0; i < def->ntxts; i++) {
|
||||||
virBufferAsprintf(buf, "<txt name='%s' value='%s'/>\n",
|
virBufferEscapeString(buf, "<txt name='%s' ", def->txts[i].name);
|
||||||
def->txts[i].name,
|
virBufferEscapeString(buf, "value='%s'/>\n", def->txts[i].value);
|
||||||
def->txts[i].value);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
for (i = 0; i < def->nsrvs; i++) {
|
for (i = 0; i < def->nsrvs; i++) {
|
||||||
if (def->srvs[i].service && def->srvs[i].protocol) {
|
if (def->srvs[i].service && def->srvs[i].protocol) {
|
||||||
virBufferAsprintf(buf, "<srv service='%s' protocol='%s'",
|
virBufferEscapeString(buf, "<srv service='%s' ",
|
||||||
def->srvs[i].service,
|
def->srvs[i].service);
|
||||||
def->srvs[i].protocol);
|
virBufferEscapeString(buf, "protocol='%s'", def->srvs[i].protocol);
|
||||||
|
|
||||||
if (def->srvs[i].domain)
|
if (def->srvs[i].domain)
|
||||||
virBufferAsprintf(buf, " domain='%s'", def->srvs[i].domain);
|
virBufferEscapeString(buf, " domain='%s'", def->srvs[i].domain);
|
||||||
if (def->srvs[i].target)
|
if (def->srvs[i].target)
|
||||||
virBufferAsprintf(buf, " target='%s'", def->srvs[i].target);
|
virBufferEscapeString(buf, " target='%s'", def->srvs[i].target);
|
||||||
if (def->srvs[i].port)
|
if (def->srvs[i].port)
|
||||||
virBufferAsprintf(buf, " port='%d'", def->srvs[i].port);
|
virBufferAsprintf(buf, " port='%d'", def->srvs[i].port);
|
||||||
if (def->srvs[i].priority)
|
if (def->srvs[i].priority)
|
||||||
@ -2455,8 +2454,8 @@ virNetworkDNSDefFormat(virBufferPtr buf,
|
|||||||
virBufferAsprintf(buf, "<host ip='%s'>\n", ip);
|
virBufferAsprintf(buf, "<host ip='%s'>\n", ip);
|
||||||
virBufferAdjustIndent(buf, 2);
|
virBufferAdjustIndent(buf, 2);
|
||||||
for (j = 0; j < def->hosts[i].nnames; j++)
|
for (j = 0; j < def->hosts[i].nnames; j++)
|
||||||
virBufferAsprintf(buf, "<hostname>%s</hostname>\n",
|
virBufferEscapeString(buf, "<hostname>%s</hostname>\n",
|
||||||
def->hosts[i].names[j]);
|
def->hosts[i].names[j]);
|
||||||
|
|
||||||
virBufferAdjustIndent(buf, -2);
|
virBufferAdjustIndent(buf, -2);
|
||||||
virBufferAddLit(buf, "</host>\n");
|
virBufferAddLit(buf, "</host>\n");
|
||||||
|
|||||||
@ -514,8 +514,8 @@ char *virNodeDeviceDefFormat(const virNodeDeviceDef *def)
|
|||||||
virBufferEscapeString(&buf, "<vendor>%s</vendor>\n",
|
virBufferEscapeString(&buf, "<vendor>%s</vendor>\n",
|
||||||
data->storage.vendor);
|
data->storage.vendor);
|
||||||
if (data->storage.serial)
|
if (data->storage.serial)
|
||||||
virBufferAsprintf(&buf, "<serial>%s</serial>\n",
|
virBufferEscapeString(&buf, "<serial>%s</serial>\n",
|
||||||
data->storage.serial);
|
data->storage.serial);
|
||||||
if (data->storage.flags & VIR_NODE_DEV_CAP_STORAGE_REMOVABLE) {
|
if (data->storage.flags & VIR_NODE_DEV_CAP_STORAGE_REMOVABLE) {
|
||||||
int avl = data->storage.flags &
|
int avl = data->storage.flags &
|
||||||
VIR_NODE_DEV_CAP_STORAGE_REMOVABLE_MEDIA_AVAILABLE;
|
VIR_NODE_DEV_CAP_STORAGE_REMOVABLE_MEDIA_AVAILABLE;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user