On Mon, Jun 29, 2020 at 13:52:51 +0100, Daniel Berrange wrote: > On Wed, Jun 10, 2020 at 09:20:36AM +0800, Shi Lei wrote: > > Signed-off-by: Shi Lei <shi_lei@xxxxxxxxxxxxxx> > > --- > > src/conf/network_conf.c | 4 ++-- > > src/conf/network_conf.h | 2 +- > > 2 files changed, 3 insertions(+), 3 deletions(-) > > > > diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c > > index 964a8a7..b807bac 100644 > > --- a/src/conf/network_conf.c > > +++ b/src/conf/network_conf.c > > @@ -2280,8 +2280,8 @@ virNetworkDNSDefFormat(virBufferPtr buf, > > } > > > > for (i = 0; i < def->ntxts; i++) { > > - virBufferEscapeString(buf, "<txt name='%s' ", def->txts[i].name); > > - virBufferEscapeString(buf, "value='%s'/>\n", def->txts[i].value); > > + if (virNetworkDNSTxtDefFormatBuf(buf, "txt", &def->txts[i], NULL) < 0) > > + return -1; > > } > > For sake of review, the new code looks like this: > > int > virNetworkDNSTxtDefFormatBuf(virBufferPtr buf, > const char *name, > const virNetworkDNSTxtDef *def, > void *opaque) > { > VIR_USED(opaque); > > if (!def) > return 0; > > if (!(def->name || def->value)) > return 0; > > virBufferAsprintf(buf, "<%s", name); > > if (def->name) > virBufferAsprintf(buf, " name='%s'", def->name); Specifically, these are wrong as they don't use virBufferEscapeString for formatting an XML thus the string won't have XML entities escaped. Looks like this must be applied everywhere where the string comes from the user.