From owner-freebsd-bugs@FreeBSD.ORG Sat Feb 25 00:05:35 2012 Return-Path: Delivered-To: freebsd-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4830E1065670; Sat, 25 Feb 2012 00:05:35 +0000 (UTC) (envelope-from zi@FreeBSD.org) Received: from fast.rit.edu (fast.rit.edu [129.21.182.30]) by mx1.freebsd.org (Postfix) with ESMTP id 091BD8FC12; Sat, 25 Feb 2012 00:05:34 +0000 (UTC) Received: from fast.rit.edu (localhost.rit.edu [127.0.0.1]) by fast.rit.edu (Postfix) with ESMTP id 4A0331D17F; Fri, 24 Feb 2012 19:05:34 -0500 (EST) X-Virus-Scanned: by amavisd-new at fast.rit.edu Received: from fast.rit.edu ([127.0.0.1]) by fast.rit.edu (fast.rit.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pKQ1D8AWq_Sz; Fri, 24 Feb 2012 19:05:33 -0500 (EST) Received: from syn.rit.edu (syn.rit.edu [129.21.182.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by fast.rit.edu (Postfix) with ESMTPS id 990331D17B; Fri, 24 Feb 2012 19:05:33 -0500 (EST) Received: from syn.rit.edu (localhost.rit.edu [127.0.0.1]) by syn.rit.edu (8.14.4/8.14.3) with ESMTP id q1P05Xnn018306; Fri, 24 Feb 2012 19:05:33 -0500 (EST) (envelope-from zi@FreeBSD.org) Received: (from zi@localhost) by syn.rit.edu (8.14.4/8.14.3/Submit) id q1P05XgE015352; Fri, 24 Feb 2012 19:05:33 -0500 (EST) (envelope-from zi@FreeBSD.org) Date: Fri, 24 Feb 2012 19:05:33 -0500 From: Ryan Steinmetz To: FreeBSD-gnats-submit@FreeBSD.org, freebsd-bugs@FreeBSD.org Message-ID: <20120225000532.GA13755@fast.rit.edu> References: <201110231647.p9NGlcm9029317@red.freebsd.org> <201110231650.p9NGo3rQ017125@freefall.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ikeVEW9yuYc//A+q" Content-Disposition: inline In-Reply-To: <201110231650.p9NGo3rQ017125@freefall.freebsd.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: sson@FreeBSD.org, rwatson@FreeBSD.org, pjd@FreeBSD.org, csjp@FreeBSD.org Subject: Re: bin/161936: [openbsm][patch] praudit can produce invalid XML output X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 25 Feb 2012 00:05:35 -0000 --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline This updated patch addresses all known conditions that result in invalid XML being produced by praudit(1). -r --ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="bsm_io.diff.txt" --- contrib/openbsm/libbsm/bsm_io.c.orig 2012-02-24 18:18:03.000000000 -0500 +++ contrib/openbsm/libbsm/bsm_io.c 2012-02-24 18:45:11.000000000 -0500 @@ -73,6 +73,7 @@ #include #include #include +#include #include @@ -214,6 +215,45 @@ } /* + * Prints the given data bytes as an XML-sanitized string. + */ +static void +print_xml_string(FILE *fp, const char *str, size_t len) +{ + u_int32_t i; + char visbuf[5]; + + if (len == 0) + return; + + for (i = 0; i < len; i++) { + switch (str[i]) { + case '\0': + return; + case '&': + (void) fprintf(fp, "&"); + break; + case '<': + (void) fprintf(fp, "<"); + break; + case '>': + (void) fprintf(fp, ">"); + break; + case '\"': + (void) fprintf(fp, """); + break; + case '\'': + (void) fprintf(fp, "'"); + break; + default: + (void) vis(visbuf, str[i], VIS_CSTYLE, 0); + (void) fprintf(fp, visbuf); + break; + } + } +} + +/* * Prints the beggining of attribute. */ static void @@ -1855,7 +1895,7 @@ for (i = 0; i < tok->tt.execarg.count; i++) { if (xml) { fprintf(fp, ""); - print_string(fp, tok->tt.execarg.text[i], + print_xml_string(fp, tok->tt.execarg.text[i], strlen(tok->tt.execarg.text[i])); fprintf(fp, ""); } else { @@ -1914,7 +1954,7 @@ for (i = 0; i< tok->tt.execenv.count; i++) { if (xml) { fprintf(fp, ""); - print_string(fp, tok->tt.execenv.text[i], + print_xml_string(fp, tok->tt.execenv.text[i], strlen(tok->tt.execenv.text[i])); fprintf(fp, ""); } else { --ikeVEW9yuYc//A+q--