lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Sun, 12 Jul 2009 19:11:57 +0930
From:	Rusty Russell <rusty@...tcorp.com.au>
To:	Daniel Mierswa <impulze@...ulze.org>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [RFC] Re: Parsing kernel parameters and escaping "

On Tue, 7 Jul 2009 10:24:18 am Daniel Mierswa wrote:
> There was a limitation for kernel parameters with regards to quoting. It
> wasn't possible to escape quotes or use quotes to form space-filled
> values inside parameters.

Hi Daniel!

   Yes, we've never had the ability to escape quotes (and you're the first to
ask), so when I wrote this code I kept it simple.  You can have spaced out
values, but you need to quote the whole thing "param=some value with spaces".

   We have to be careful not to break existing cmdlines tho: I don't know
if anyone uses \ currently, but simply interpreting \" is probably safe.

> +/* handle quotes in tokens (parameter and values)
> + * '" foo bar "' => ' foo bar '
> + * '" foo \" "'  => ' foo " '
> + */
> +static void add_token(char ** token, char * args)

add_token is a weird name for this.  It actually mangles the argument, and it
really should return the char *.

How about something like:
	static unsigned int pull_token(char *args, const char *delim)

Which unescapes and returns the length of the token, or zero if it simply
swallowed delimeters?  Assuming it always nul terminates, then the caller can
simply do:

	while (*args) {
		len = pull_token(args, " \t\n=");
		if (!len)
			/* Leading whitespace. */
			continue;
		*param = args;
		args += len;
		if (args[0] != '=') {
			*val = NULL;
		} else {
			len = pull_token(args+1, " \t\n");
			*val = args;
			args += len;
	}

Important cases to test are:
	x			param = "x", val = NULL
	x=			param = "x", val = ""
	x=y=1		param = "x", val = "y=1"

Plus all variations where x and y contain quotes.

Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ