[pve-devel] [PATCH cluster v2 2/2] pmxcfs: get config property: escape double quote and backslash

Thu Jun 13 09:01:59 CEST 2019

This are the most relevant from as the bite JSON really and can in
theory be in our configuration property values.

While technically a literal \t, \b, \f, \r (but not \n) can be an
issue too, this values normally really do not get written into the
config by our stack, if it has been manually added, but that's off
limits. If we really need it we can add it always in the future

Signed-off-by: Thomas Lamprecht <t.lamprecht at proxmox.com>
---

new in v2, I'd rather had avoid it but it probably really is better to look a
bit in advance here, even if it's minimally slower (it could surely be
optimized, e.g., in a strchr like manner, which checks a "longword" per
iteration, which is a effectively a uint64_t mask of the char we search, but
for now keep it just simple)

 data/src/status.c | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/data/src/status.c b/data/src/status.c
index c1219af..a1ffdfe 100644
--- a/data/src/status.c
+++ b/data/src/status.c
@@ -836,6 +836,21 @@ next:
 	return NULL; // not found
 }
 
+static void
+_g_str_append_kv_jsonescaped(GString *str, const char *k, const char *v)
+{
+	g_string_append_printf(str, "\"%s\": \"", k);
+
+	for (; *v; v++) {
+		if (*v == '\\' || *v == '"') {
+			g_string_append_c(str, '\\');
+		}
+		g_string_append_c(str, *v);
+	}
+
+	g_string_append_c(str, '"');
+}
+
 int
 cfs_create_guest_conf_property_msg(GString *str, memdb_t *memdb, const char *prop, uint32_t vmid)
 {
@@ -870,7 +885,9 @@ cfs_create_guest_conf_property_msg(GString *str, memdb_t *memdb, const char *pro
 		char *val = _get_property_value(tmp, prop, prop_len);
 		if (val == NULL) goto ret;
 
-		g_string_append_printf(str, "\"%u\": { \"%s\": \"%s\"\n }", vmid, prop, val);
+		g_string_append_printf(str, "\"%u\":{", vmid);
+		_g_str_append_kv_jsonescaped(str, prop, val);
+		g_string_append_c(str, '}');
 
 	} else {
 		GHashTableIter iter;
@@ -894,7 +911,9 @@ cfs_create_guest_conf_property_msg(GString *str, memdb_t *memdb, const char *pro
 			if (!first) g_string_append_printf(str, ",\n");
 			else first = 0;
 
-			g_string_append_printf(str, "\"%u\": {\"%s\": \"%s\"}", vminfo->vmid, prop, val);
+			g_string_append_printf(str, "\"%u\":{", vminfo->vmid);
+			_g_str_append_kv_jsonescaped(str, prop, val);
+			g_string_append_c(str, '}');
 		}
 	}
 ret:
-- 
2.20.1



