[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 04/10] Qemu arbitrary command-line arguments.



On 04/21/2010 10:01 AM, Chris Lalancette wrote:
>  
> +static void qemuDomainDefNamespaceFree(void *nsdata)
> +{
> +    qemuDomainCmdlineDefPtr cmd = nsdata;
> +    int i;

s/int/unsigned int/

> +static int qemuDomainDefNamespaceParse(xmlDocPtr xml,
> +                                       xmlNodePtr root,
> +                                       xmlXPathContextPtr ctxt,
> +                                       void **data)
> +{
> +    qemuDomainCmdlineDefPtr cmd = NULL;
> +    xmlNsPtr ns;
> +    xmlNodePtr *nodes = NULL;
> +    int n, i;

n must be signed, but can i be unsigned?

> +
> +static int qemuDomainDefNamespaceFormatXML(virBufferPtr buf,
> +                                           void *nsdata)
> +{
> +    qemuDomainCmdlineDefPtr cmd = nsdata;
> +    int i;

unsigned

> +
> +    if (cmd->num_extra || cmd->num_env)
> +        virBufferAddLit(buf, "  <qemu:commandline>\n");
> +    for (i = 0; i < cmd->num_extra; i++)
> +        virBufferVSprintf(buf, "    <qemu:arg>%s</qemu:arg>\n", cmd->extra[i]);

Is there any chance that cmd->extra[i] might contain content that needs
escaping before it is valid as XML?

> +    for (i = 0; i < cmd->num_env; i++) {
> +        virBufferVSprintf(buf, "    <qemu:env name='%s'", cmd->env_name[i]);
> +        if (cmd->env_value[i])
> +            virBufferVSprintf(buf, " value='%s'", cmd->env_value[i]);

Likewise for env_value[i]?  (I'm assuming that env_name[i] is immune,
since it was parsed using virXPathString("string(./@name)",), which
should have rejected strings not valid as environment variable names.)

The approach looks correct, but I hesitate to give an ack without
knowing for sure that the formatted XML is safe from arbitrary content
in the extra arguments.

-- 
Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]