lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 2 Nov 2020 14:37:38 -0700
From:   Andreas Dilger <adilger@...ger.ca>
To:     Lukas Czerner <lczerner@...hat.com>
Cc:     linux-ext4@...r.kernel.org
Subject: Re: [PATCH] mke2fs: Escape double quotes when parsing mke2fs.conf

On Nov 2, 2020, at 7:26 AM, Lukas Czerner <lczerner@...hat.com> wrote:
> 
> Currently, when constructing the <default> configuration pseudo-file using
> the profile-to-c.awk script we will just pass the double quotes as they
> appear in the mke2fs.conf.
> 
> This is problematic, because the resulting default_profile.c will either
> fail to compile because of syntax error, or leave the resulting
> configuration invalid.
> 
> It can be reproduced by adding the following line somewhere into
> mke2fs.conf configuration and forcing mke2fs to use the <default>
> configuration by specifying nonexistent mke2fs.conf
> 
> MKE2FS_CONFIG="nonexistent" ./misc/mke2fs -T ext4 /dev/device
> 
> default_mntopts = "acl,user_xattr"
> ^ this will fail to compile
> 
> default_mntopts = ""
> ^ this will result in invalid config file
> 
> Syntax error in mke2fs config file (<default>, line #4)
>       Unknown code prof 17
> 
> Fix it by escaping the double quotes with a backslash in
> profile-to-c.awk script.

What about using single quotes for this?  That avoids the need to escape
the double quotes, and avoids significant issues (IMHO) when the number
of escapes grows over time as they are swallowed by various levels of
processing.

Cheers, Andreas

> 
> Signed-off-by: Lukas Czerner <lczerner@...hat.com>
> ---
> misc/profile-to-c.awk | 1 +
> 1 file changed, 1 insertion(+)
> 
> diff --git a/misc/profile-to-c.awk b/misc/profile-to-c.awk
> index f964efd6..814f7236 100644
> --- a/misc/profile-to-c.awk
> +++ b/misc/profile-to-c.awk
> @@ -4,6 +4,7 @@ BEGIN {
> }
> 
> {
> +  gsub("\"","\\\"",$0);
>   printf("  \"%s\\n\"\n", $0);
> }
> 
> --
> 2.26.2
> 


Cheers, Andreas






Download attachment "signature.asc" of type "application/pgp-signature" (874 bytes)

Powered by blists - more mailing lists