diff --git a/nmap.cc b/nmap.cc index 98fb9717b..364cbe738 100644 --- a/nmap.cc +++ b/nmap.cc @@ -1496,8 +1496,11 @@ int nmap_main(int argc, char *argv[]) { log_write(LOG_NORMAL|LOG_MACHINE|LOG_XML,"\n"); log_write(LOG_XML, "\n", (unsigned long) timep, mytime, NMAP_VERSION); diff --git a/output.cc b/output.cc index 12fe9191f..a1acb5b7b 100644 --- a/output.cc +++ b/output.cc @@ -890,39 +890,47 @@ char* xml_convert (const char* str) { char *end = temp + strl * 6 + 1; for (p = temp;(prevch = ch, ch = *str);str++) { const char *a; - switch (ch) { - case '\t': - a = " "; - break; - case '\r': - a = " "; - break; - case '\n': - a = " "; - break; - case '<': - a = "<"; - break; - case '>': - a = ">"; - break; - case '&': - a = "&"; - break; - case '"': - a = """; - break; - case '\'': - a = "'"; - break; - case '-': - if (prevch == '-') { /* Must escape -- for comments */ - a = "-"; + if ((unsigned char) ch > 0x7F) { + /* Escape anything outside of ASCII--we have to emit UTF-8 and an easy + way to do that is to emit ASCII. */ + char buf[32]; + Snprintf(buf, sizeof(buf), "&#x%02X;", (unsigned char) ch); + a = buf; + } else { + switch (ch) { + case '\t': + a = " "; break; + case '\r': + a = " "; + break; + case '\n': + a = " "; + break; + case '<': + a = "<"; + break; + case '>': + a = ">"; + break; + case '&': + a = "&"; + break; + case '"': + a = """; + break; + case '\'': + a = "'"; + break; + case '-': + if (prevch == '-') { /* Must escape -- for comments */ + a = "-"; + break; + } + default: + *p++ = ch; + continue; } - default: - *p++ = ch; - continue; } assert(end - p > 1); Strncpy(p,a, end - p - 1); p += strlen(a); // SAFE