From cf1416a6e87b92430c0082d9bc98c3993fac4642 Mon Sep 17 00:00:00 2001
From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 17 Feb 2016 10:20:57 -0700
Subject: [PATCH] libxlu_cfg: reject unknown characters following '\'

When dequoting config strings in xlu__cfgl_dequote(), unknown
characters following a '\', and the '\' itself, are discarded.
E.g. a disk configuration string containing

  rbd:pool/image:mon_host=192.168.0.100\:6789

would be dequoted as

  rbd:pool/image:mon_host=192.168.0.1006789

Instead of discarding the '\' and unknown character, reject the
string and set error to EINVAL.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
---
 tools/libxl/libxlu_cfg.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tools/libxl/libxlu_cfg.c b/tools/libxl/libxlu_cfg.c
index 1d709091cb..5838f6885e 100644
--- a/tools/libxl/libxlu_cfg.c
+++ b/tools/libxl/libxlu_cfg.c
@@ -533,6 +533,11 @@ char *xlu__cfgl_dequote(CfgParseContext *ctx, const char *src) {
                 NUMERIC_CHAR(2,2,16,"hex");
             } else if (nc>='0' && nc<='7') {
                 NUMERIC_CHAR(1,3,10,"octal");
+            } else {
+                xlu__cfgl_lexicalerror(ctx,
+                           "invalid character after backlash in quoted string");
+                ctx->err= EINVAL;
+                goto x;
             }
             assert(p <= src+len-1);
         } else {
-- 
2.30.2