On 06.02.2009, Felix Wolfsteller wrote: > At least in the 2.0 series characters like ",<,' etc should be > properly 'escaped' ( openvas-client/nessus/xml_output.c: escape_string).
AFAICT that function underestimates the worst case scenario when allocating
the result string:
ret = emalloc (5*strlen(temp)+1);
It should multiply by 6 since " and ' are both converted to 6-character
sequences (""" resp. "'").
Bernhard
--
Bernhard Herzog | ++49-541-335 08 30 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
