On Thu, Dec 18, 2008 at 10:34:03AM +0100, Guido G?nther wrote:
> On Mon, Dec 15, 2008 at 10:25:27AM +0100, Daniel Veillard wrote:
> > On Fri, Dec 12, 2008 at 07:26:51PM +0100, Guido Günther wrote:
> > > Functions to read and write vm status in $(statedir)/qemu/<domain>.xml.
> > > Keeps the necessary to reconnect to a running domain state within
> > > <domstate>...</domstate>. I kept most of the code in qemu_config.c for
> > > now. We can easily move it should another hypervisor need to do
> > > something similar.
> > [...]
> > > +static char*
> > > +qemudDomainStatusFormat(virConnectPtr conn,
> > > + virDomainObjPtr vm)
> > > +{
> > > + char *config_xml = NULL, *xml = NULL;
> > > + virBuffer buf = VIR_BUFFER_INITIALIZER;
> > > +
> > > + virBufferVSprintf(&buf, "<domstatus state='%d' pid='%d'>\n", vm->state, vm->pid);
> > > + virBufferVSprintf(&buf, " <monitor path='%s'/>\n", vm->monitorpath);
> >
> > I would use virBufferEscapeString here, even if by default the path
> > should not contain characters needing escaping, I think it's safer.
> O.k. done.
> >
> > > + if (!(config_xml = virDomainDefFormat(conn,
> > > + vm->def,
> > > + VIR_DOMAIN_XML_SECURE)))
> > > + goto cleanup;
> > > +
> > > + virBufferVSprintf(&buf, "%s", config_xml);
> >
> > Same thing here.
> This one comes straight out of virDomainDefFormat so it should have
> everything escaped nicely so shouldn't virBufferVSprintf be safe here?
No, not guarenteed to be safe because the 'config_xml' string could
contain '%' sequences that'll be interpreted by sprintf. In any case
why not just use
virBufferAdd(&buf, config_xml)
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list