* src/buf.c: avoid an XML attribute escaping bug #499791

daniel

* src/buf.c: avoid an XML attribute escaping bug #499791
daniel
7afe94e7 · Daniel Veillard · 0d11a25e · 7afe94e7 · 7afe94e7
隐藏空白更改
内联并排

Showing with 19 addition and 1 deletion

ChangeLog ChangeLog +4 -0

src/buf.c src/buf.c +15 -1

未找到文件。
--- a/ChangeLog
+++ b/ChangeLog
+Wed May 13 18:06:17 CEST 2009 Daniel Veillard <veillard@redhat.com>
+
+	* src/buf.c: avoid an XML attribute escaping bug #499791
+
 Wed May 13 12:34:06 BST 2009 Daniel P. Berrange <berrange@redhat.com>

 	* src/lxc_container.c: Replace sys/capability.h with

--- a/src/buf.c
+++ b/src/buf.c
@@ -266,7 +266,7 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
        return;

    len = strlen(str);
-    if (VIR_ALLOC_N(escaped, 5 * len + 1) < 0) {
+    if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) {
        virBufferNoMemory(buf);
        return;
    }
@@ -290,6 +290,20 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
            *out++ = 'm';
            *out++ = 'p';
            *out++ = ';';
+        } else if (*cur == '"') {
+            *out++ = '&';
+            *out++ = 'q';
+            *out++ = 'u';
+            *out++ = 'o';
+            *out++ = 't';
+            *out++ = ';';
+        } else if (*cur == '\'') {
+            *out++ = '&';
+            *out++ = 'a';
+            *out++ = 'p';
+            *out++ = 'o';
+            *out++ = 's';
+            *out++ = ';';
        } else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') ||
                   (*cur == '\r')) {
            /*