On 04/21/2010 10:01 AM, Chris Lalancette wrote:
>
> +static void qemuDomainDefNamespaceFree(void *nsdata)
> +{
> + qemuDomainCmdlineDefPtr cmd = nsdata;
> + int i;
s/int/unsigned int/
> +static int qemuDomainDefNamespaceParse(xmlDocPtr xml,
> + xmlNodePtr root,
> + xmlXPathContextPtr ctxt,
> + void **data)
> +{
> + qemuDomainCmdlineDefPtr cmd = NULL;
> + xmlNsPtr ns;
> + xmlNodePtr *nodes = NULL;
> + int n, i;
n must be signed, but can i be unsigned?
> +
> +static int qemuDomainDefNamespaceFormatXML(virBufferPtr buf,
> + void *nsdata)
> +{
> + qemuDomainCmdlineDefPtr cmd = nsdata;
> + int i;
unsigned
> +
> + if (cmd->num_extra || cmd->num_env)
> + virBufferAddLit(buf, " <qemu:commandline>\n");
> + for (i = 0; i < cmd->num_extra; i++)
> + virBufferVSprintf(buf, " <qemu:arg>%s</qemu:arg>\n", cmd->extra[i]);
Is there any chance that cmd->extra[i] might contain content that needs
escaping before it is valid as XML?
> + for (i = 0; i < cmd->num_env; i++) {
> + virBufferVSprintf(buf, " <qemu:env name='%s'", cmd->env_name[i]);
> + if (cmd->env_value[i])
> + virBufferVSprintf(buf, " value='%s'", cmd->env_value[i]);
Likewise for env_value[i]? (I'm assuming that env_name[i] is immune,
since it was parsed using virXPathString("string(./@name)",), which
should have rejected strings not valid as environment variable names.)
The approach looks correct, but I hesitate to give an ack without
knowing for sure that the formatted XML is safe from arbitrary content
in the extra arguments.
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list