]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6786ae8)
domain_conf: graphics: properly escape user provided strings when formatting XML
authorPavel Hrdina <phrdina@redhat.com>
Thu, 6 Mar 2025 11:55:25 +0000 (12:55 +0100)
committerPavel Hrdina <phrdina@redhat.com>
Fri, 7 Mar 2025 13:01:27 +0000 (14:01 +0100)
This was reported on virt-manager issue tracker as it was possible to
provide `listen` attribute with properly escaped characters but libvirt
would format XML without escaping it.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
src/conf/domain_conf.c patch | blob | blame | history

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 278d3bd4e9c44973173d81e818a8e6d0bbc0df99..7eb6d4c91ade44ee452a29ed76522cabd784f302 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -26340,7 +26340,7 @@ virDomainGraphicsListenDefFormat(virBuffer *buf,
           !(flags & VIR_DOMAIN_DEF_FORMAT_INACTIVE)))) {
         /* address may also be set to show current status when type='network',
          * but we don't want to print that if INACTIVE data is requested. */
-        virBufferAsprintf(&attrBuf, " address='%s'", def->address);
+        virBufferEscapeString(&attrBuf, " address='%s'", def->address);
     }
 
     if (def->network &&
@@ -26429,7 +26429,7 @@ virDomainGraphicsListenDefFormatAddr(virBuffer *buf,
         return;
 
     if (glisten->address)
-        virBufferAsprintf(buf, " listen='%s'", glisten->address);
+        virBufferEscapeString(buf, " listen='%s'", glisten->address);
 }
 
 static void
Mirror of https://github.com/libvirt/libvirt.git