Date: Fri, 24 Feb 2012 19:05:33 -0500 From: Ryan Steinmetz <zi@FreeBSD.org> To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org Cc: sson@FreeBSD.org, rwatson@FreeBSD.org, pjd@FreeBSD.org, csjp@FreeBSD.org Subject: Re: bin/161936: [openbsm][patch] praudit can produce invalid XML output Message-ID: <20120225000532.GA13755@fast.rit.edu> In-Reply-To: <201110231650.p9NGo3rQ017125@freefall.freebsd.org> References: <201110231647.p9NGlcm9029317@red.freebsd.org> <201110231650.p9NGo3rQ017125@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
This updated patch addresses all known conditions that result in invalid
XML being produced by praudit(1).
-r
--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="bsm_io.diff.txt"
--- contrib/openbsm/libbsm/bsm_io.c.orig 2012-02-24 18:18:03.000000000 -0500
+++ contrib/openbsm/libbsm/bsm_io.c 2012-02-24 18:45:11.000000000 -0500
@@ -73,6 +73,7 @@
#include <string.h>
#include <pwd.h>
#include <grp.h>
+#include <vis.h>
#include <bsm/audit_internal.h>
@@ -214,6 +215,45 @@
}
/*
+ * Prints the given data bytes as an XML-sanitized string.
+ */
+static void
+print_xml_string(FILE *fp, const char *str, size_t len)
+{
+ u_int32_t i;
+ char visbuf[5];
+
+ if (len == 0)
+ return;
+
+ for (i = 0; i < len; i++) {
+ switch (str[i]) {
+ case '\0':
+ return;
+ case '&':
+ (void) fprintf(fp, "&");
+ break;
+ case '<':
+ (void) fprintf(fp, "<");
+ break;
+ case '>':
+ (void) fprintf(fp, ">");
+ break;
+ case '\"':
+ (void) fprintf(fp, """);
+ break;
+ case '\'':
+ (void) fprintf(fp, "'");
+ break;
+ default:
+ (void) vis(visbuf, str[i], VIS_CSTYLE, 0);
+ (void) fprintf(fp, visbuf);
+ break;
+ }
+ }
+}
+
+/*
* Prints the beggining of attribute.
*/
static void
@@ -1855,7 +1895,7 @@
for (i = 0; i < tok->tt.execarg.count; i++) {
if (xml) {
fprintf(fp, "<arg>");
- print_string(fp, tok->tt.execarg.text[i],
+ print_xml_string(fp, tok->tt.execarg.text[i],
strlen(tok->tt.execarg.text[i]));
fprintf(fp, "</arg>");
} else {
@@ -1914,7 +1954,7 @@
for (i = 0; i< tok->tt.execenv.count; i++) {
if (xml) {
fprintf(fp, "<env>");
- print_string(fp, tok->tt.execenv.text[i],
+ print_xml_string(fp, tok->tt.execenv.text[i],
strlen(tok->tt.execenv.text[i]));
fprintf(fp, "</env>");
} else {
--ikeVEW9yuYc//A+q--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120225000532.GA13755>