Passwords are allowed to contain <, >, &, ', " characters.
Those need to be replaced by the corresponding entities.
Reported by Hereward Cooper.
---
src/esx/esx_driver.c | 28 ++++++++++++++++++++++------
src/esx/esx_util.c | 19 +++++++++++++++++++
src/esx/esx_util.h | 2 ++
3 files changed, 43 insertions(+), 6 deletions(-)
diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
index 116ad0f..13374b7 100644
--- a/src/esx/esx_driver.c
+++ b/src/esx/esx_driver.c
@@ -626,6 +626,7 @@ esxConnectToHost(esxPrivate *priv, virConnectAuthPtr auth,
int result = -1;
char ipAddress[NI_MAXHOST] = "";
char *username = NULL;
+ char *unescapedPassword = NULL;
char *password = NULL;
char *url = NULL;
esxVI_String *propertyNameList = NULL;
@@ -657,13 +658,19 @@ esxConnectToHost(esxPrivate *priv, virConnectAuthPtr auth,
}
}
- password = virRequestPassword(auth, username, hostname);
+ unescapedPassword = virRequestPassword(auth, username, hostname);
- if (password == NULL) {
+ if (unescapedPassword == NULL) {
ESX_ERROR(VIR_ERR_AUTH_FAILED, "%s", _("Password request failed"));
goto cleanup;
}
+ password = esxUtil_EscapeForXml(unescapedPassword);
+
+ if (password == NULL) {
+ goto cleanup;
+ }
+
if (virAsprintf(&url, "%s://%s:%d/sdk", priv->transport, hostname,
port) < 0) {
virReportOOMError();
@@ -727,8 +734,9 @@ esxConnectToHost(esxPrivate *priv, virConnectAuthPtr auth,
result = 0;
cleanup:
- VIR_FREE(password);
VIR_FREE(username);
+ VIR_FREE(unescapedPassword);
+ VIR_FREE(password);
VIR_FREE(url);
esxVI_String_Free(&propertyNameList);
esxVI_ObjectContent_Free(&hostSystem);
@@ -748,6 +756,7 @@ esxConnectToVCenter(esxPrivate *priv, virConnectAuthPtr auth,
int result = -1;
char ipAddress[NI_MAXHOST] = "";
char *username = NULL;
+ char *unescapedPassword = NULL;
char *password = NULL;
char *url = NULL;
@@ -779,13 +788,19 @@ esxConnectToVCenter(esxPrivate *priv, virConnectAuthPtr auth,
}
}
- password = virRequestPassword(auth, username, hostname);
+ unescapedPassword = virRequestPassword(auth, username, hostname);
- if (password == NULL) {
+ if (unescapedPassword == NULL) {
ESX_ERROR(VIR_ERR_AUTH_FAILED, "%s", _("Password request failed"));
goto cleanup;
}
+ password = esxUtil_EscapeForXml(unescapedPassword);
+
+ if (password == NULL) {
+ goto cleanup;
+ }
+
if (virAsprintf(&url, "%s://%s:%d/sdk", priv->transport, hostname,
port) < 0) {
virReportOOMError();
@@ -822,8 +837,9 @@ esxConnectToVCenter(esxPrivate *priv, virConnectAuthPtr auth,
result = 0;
cleanup:
- VIR_FREE(password);
VIR_FREE(username);
+ VIR_FREE(unescapedPassword);
+ VIR_FREE(password);
VIR_FREE(url);
return result;
diff --git a/src/esx/esx_util.c b/src/esx/esx_util.c
index 2603957..9ef947c 100644
--- a/src/esx/esx_util.c
+++ b/src/esx/esx_util.c
@@ -552,3 +552,22 @@ esxUtil_EscapeDatastoreItem(const char *string)
return escaped2;
}
+
+
+
+char *
+esxUtil_EscapeForXml(const char *string)
+{
+ virBuffer buffer = VIR_BUFFER_INITIALIZER;
+
+ virBufferEscapeString(&buffer, "%s", string);
+
+ if (virBufferError(&buffer)) {
+ virReportOOMError();
+ virBufferFreeAndReset(&buffer);
+
+ return NULL;
+ }
+
+ return virBufferContentAndReset(&buffer);
+}
diff --git a/src/esx/esx_util.h b/src/esx/esx_util.h
index d00e28a..39fdb6d 100644
--- a/src/esx/esx_util.h
+++ b/src/esx/esx_util.h
@@ -62,4 +62,6 @@ void esxUtil_ReplaceSpecialWindowsPathChars(char *string);
char *esxUtil_EscapeDatastoreItem(const char *string);
+char *esxUtil_EscapeForXml(const char *string);
+
#endif /* __ESX_UTIL_H__ */
--
1.7.0.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list