From: Pavel Hrdina <phrdina@redhat.com>
Date: Thu, 6 Mar 2025 11:55:25 +0000 (+0100)
Subject: domain_conf: graphics: properly escape user provided strings when formatting XML
X-Git-Tag: v11.2.0-rc1~236
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=798d87539d08ba848712e42bd50c6181c060086d;p=thirdparty%2Flibvirt.git

domain_conf: graphics: properly escape user provided strings when formatting XML

This was reported on virt-manager issue tracker as it was possible to
provide `listen` attribute with properly escaped characters but libvirt
would format XML without escaping it.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
---

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 278d3bd4e9..7eb6d4c91a 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -26340,7 +26340,7 @@ virDomainGraphicsListenDefFormat(virBuffer *buf,
           !(flags & VIR_DOMAIN_DEF_FORMAT_INACTIVE)))) {
         /* address may also be set to show current status when type='network',
          * but we don't want to print that if INACTIVE data is requested. */
-        virBufferAsprintf(&attrBuf, " address='%s'", def->address);
+        virBufferEscapeString(&attrBuf, " address='%s'", def->address);
     }
 
     if (def->network &&
@@ -26429,7 +26429,7 @@ virDomainGraphicsListenDefFormatAddr(virBuffer *buf,
         return;
 
     if (glisten->address)
-        virBufferAsprintf(buf, " listen='%s'", glisten->address);
+        virBufferEscapeString(buf, " listen='%s'", glisten->address);
 }
 
 static void