Re: [RFC 08/21] conf: Generate virNetworkDNSTxtDefFormatBuf

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 29, 2020 at 13:52:51 +0100, Daniel Berrange wrote:
> On Wed, Jun 10, 2020 at 09:20:36AM +0800, Shi Lei wrote:
> > Signed-off-by: Shi Lei <shi_lei@xxxxxxxxxxxxxx>
> > ---
> >  src/conf/network_conf.c | 4 ++--
> >  src/conf/network_conf.h | 2 +-
> >  2 files changed, 3 insertions(+), 3 deletions(-)
> > 
> > diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
> > index 964a8a7..b807bac 100644
> > --- a/src/conf/network_conf.c
> > +++ b/src/conf/network_conf.c
> > @@ -2280,8 +2280,8 @@ virNetworkDNSDefFormat(virBufferPtr buf,
> >      }
> >  
> >      for (i = 0; i < def->ntxts; i++) {
> > -        virBufferEscapeString(buf, "<txt name='%s' ", def->txts[i].name);
> > -        virBufferEscapeString(buf, "value='%s'/>\n", def->txts[i].value);
> > +        if (virNetworkDNSTxtDefFormatBuf(buf, "txt", &def->txts[i], NULL) < 0)
> > +            return -1;
> >      }
> 
> For sake of review, the new code looks like this:
> 
> int
> virNetworkDNSTxtDefFormatBuf(virBufferPtr buf,
>                              const char *name,
>                              const virNetworkDNSTxtDef *def,
>                              void *opaque)
> {
>     VIR_USED(opaque);
> 
>     if (!def)
>         return 0;
> 
>     if (!(def->name || def->value))
>         return 0;
> 
>     virBufferAsprintf(buf, "<%s", name);
> 
>     if (def->name)
>         virBufferAsprintf(buf, " name='%s'", def->name);

Specifically, these are wrong as they don't use virBufferEscapeString
for formatting an XML thus the string won't have XML entities escaped.

Looks like this must be applied everywhere where the string comes from
the user.




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux