[PATCH 03/31] virNodeDeviceCapVPDFormatCustom*: Escape unsanitized strings

Peter Krempa <pkrempa@xxxxxxxxxx> · Tue, 30 Jan 2024 18:07:41 +0100

The custom field data is taken from PCI device data which can contain
any printable characters, and thus must be escaped when putting into
XML.

Originally, based on the comment and XML schema which was fixed in
previous commits the idea seemed to be that the parser would validate
that only characters which don't break the XML would be present but that
didn't seem to materialize.

Switch to proper escaping of the XML.

Fixes: 3954378d06a
Resolves: https://issues.redhat.com/browse/RHEL-22314
Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/conf/node_device_conf.c | 25 +++++++++++++++++--------
 1 file changed, 17 insertions(+), 8 deletions(-)

diff --git a/src/conf/node_device_conf.c b/src/conf/node_device_conf.c
index 4826be6f42..87c046e571 100644
--- a/src/conf/node_device_conf.c
+++ b/src/conf/node_device_conf.c
@@ -242,23 +242,32 @@ virNodeDeviceCapMdevTypesFormat(virBuffer *buf,
 }

 static void
-virNodeDeviceCapVPDFormatCustomVendorField(virPCIVPDResourceCustom *field, virBuffer *buf)
+virNodeDeviceCapVPDFormatCustomField(virBuffer *buf,
+                                     const char *fieldtype,
+                                     virPCIVPDResourceCustom *field)
 {
+    g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER;
+    g_auto(virBuffer) content = VIR_BUFFER_INITIALIZER;
+
     if (field == NULL || field->value == NULL)
         return;

-    virBufferAsprintf(buf, "<vendor_field index='%c'>%s</vendor_field>\n", field->idx,
-                      field->value);
+    virBufferAsprintf(&attrBuf, " index='%c'", field->idx);
+    virBufferEscapeString(&content, "%s", field->value);
+
+    virXMLFormatElementInternal(buf, fieldtype, &attrBuf, &content, false, false);
 }

 static void
-virNodeDeviceCapVPDFormatCustomSystemField(virPCIVPDResourceCustom *field, virBuffer *buf)
+virNodeDeviceCapVPDFormatCustomVendorField(virPCIVPDResourceCustom *field, virBuffer *buf)
 {
-    if (field == NULL || field->value == NULL)
-        return;
+    virNodeDeviceCapVPDFormatCustomField(buf, "vendor_field", field);
+}

-    virBufferAsprintf(buf, "<system_field index='%c'>%s</system_field>\n", field->idx,
-                      field->value);
+static void
+virNodeDeviceCapVPDFormatCustomSystemField(virPCIVPDResourceCustom *field, virBuffer *buf)
+{
+    virNodeDeviceCapVPDFormatCustomField(buf, "system_field", field);
 }

 static inline void
-- 
2.43.0
_______________________________________________
Devel mailing list -- devel@xxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx







