This are the most relevant from as the bite JSON really and can in theory be in our configuration property values.
While technically a literal \t, \b, \f, \r (but not \n) can be an issue too, this values normally really do not get written into the config by our stack, if it has been manually added, but that's off limits. If we really need it we can add it always in the future Signed-off-by: Thomas Lamprecht <[email protected]> --- new in v2, I'd rather had avoid it but it probably really is better to look a bit in advance here, even if it's minimally slower (it could surely be optimized, e.g., in a strchr like manner, which checks a "longword" per iteration, which is a effectively a uint64_t mask of the char we search, but for now keep it just simple) data/src/status.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/data/src/status.c b/data/src/status.c index c1219af..a1ffdfe 100644 --- a/data/src/status.c +++ b/data/src/status.c @@ -836,6 +836,21 @@ next: return NULL; // not found } +static void +_g_str_append_kv_jsonescaped(GString *str, const char *k, const char *v) +{ + g_string_append_printf(str, "\"%s\": \"", k); + + for (; *v; v++) { + if (*v == '\\' || *v == '"') { + g_string_append_c(str, '\\'); + } + g_string_append_c(str, *v); + } + + g_string_append_c(str, '"'); +} + int cfs_create_guest_conf_property_msg(GString *str, memdb_t *memdb, const char *prop, uint32_t vmid) { @@ -870,7 +885,9 @@ cfs_create_guest_conf_property_msg(GString *str, memdb_t *memdb, const char *pro char *val = _get_property_value(tmp, prop, prop_len); if (val == NULL) goto ret; - g_string_append_printf(str, "\"%u\": { \"%s\": \"%s\"\n }", vmid, prop, val); + g_string_append_printf(str, "\"%u\":{", vmid); + _g_str_append_kv_jsonescaped(str, prop, val); + g_string_append_c(str, '}'); } else { GHashTableIter iter; @@ -894,7 +911,9 @@ cfs_create_guest_conf_property_msg(GString *str, memdb_t *memdb, const char *pro if (!first) g_string_append_printf(str, ",\n"); else first = 0; - g_string_append_printf(str, "\"%u\": {\"%s\": \"%s\"}", vminfo->vmid, prop, val); + g_string_append_printf(str, "\"%u\":{", vminfo->vmid); + _g_str_append_kv_jsonescaped(str, prop, val); + g_string_append_c(str, '}'); } } ret: -- 2.20.1 _______________________________________________ pve-devel mailing list [email protected] https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
