Re: bin/161936: [openbsm][patch] praudit can produce invalid XML output

Fri, 24 Feb 2012 16:05:46 -0800 

This updated patch addresses all known conditions that result in invalid
XML being produced by praudit(1).

-r

--- contrib/openbsm/libbsm/bsm_io.c.orig        2012-02-24 18:18:03.000000000 
-0500
+++ contrib/openbsm/libbsm/bsm_io.c     2012-02-24 18:45:11.000000000 -0500
@@ -73,6 +73,7 @@
 #include <string.h>
 #include <pwd.h>
 #include <grp.h>
+#include <vis.h>
 
 #include <bsm/audit_internal.h>
 
@@ -214,6 +215,45 @@
 }
 
 /*
+ * Prints the given data bytes as an XML-sanitized string.
+ */
+static void
+print_xml_string(FILE *fp, const char *str, size_t len)
+{
+       u_int32_t i;
+       char visbuf[5];
+
+       if (len == 0)
+               return;
+
+       for (i = 0; i < len; i++) {
+               switch (str[i]) {
+                       case '\0':
+                               return;
+                       case '&':
+                               (void) fprintf(fp, "&amp;");
+                               break;
+                       case '<':
+                               (void) fprintf(fp, "&lt;");
+                               break;
+                       case '>':
+                               (void) fprintf(fp, "&gt;");
+                               break;
+                       case '\"':
+                               (void) fprintf(fp, "&quot;");
+                               break;
+                       case '\'':
+                               (void) fprintf(fp, "&apos;");
+                               break;
+                       default:
+                               (void) vis(visbuf, str[i], VIS_CSTYLE, 0);
+                               (void) fprintf(fp, visbuf);
+                               break;
+               }
+       }
+}
+
+/*
  * Prints the beggining of attribute.
  */
 static void
@@ -1855,7 +1895,7 @@
        for (i = 0; i < tok->tt.execarg.count; i++) {
                if (xml) {
                        fprintf(fp, "<arg>");
-                       print_string(fp, tok->tt.execarg.text[i],
+                       print_xml_string(fp, tok->tt.execarg.text[i],
                            strlen(tok->tt.execarg.text[i]));
                        fprintf(fp, "</arg>");
                } else {
@@ -1914,7 +1954,7 @@
        for (i = 0; i< tok->tt.execenv.count; i++) {
                if (xml) {
                        fprintf(fp, "<env>");
-                       print_string(fp, tok->tt.execenv.text[i],
+                       print_xml_string(fp, tok->tt.execenv.text[i],
                            strlen(tok->tt.execenv.text[i]));
                        fprintf(fp, "</env>");
                } else {

_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"

Reply via email to