lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 3 Nov 2020 08:20:00 +0100
From:   Lukas Czerner <lczerner@...hat.com>
To:     Andreas Dilger <adilger@...ger.ca>
Cc:     linux-ext4@...r.kernel.org
Subject: Re: [PATCH] mke2fs: Escape double quotes when parsing mke2fs.conf

On Mon, Nov 02, 2020 at 02:37:38PM -0700, Andreas Dilger wrote:
> On Nov 2, 2020, at 7:26 AM, Lukas Czerner <lczerner@...hat.com> wrote:
> > 
> > Currently, when constructing the <default> configuration pseudo-file using
> > the profile-to-c.awk script we will just pass the double quotes as they
> > appear in the mke2fs.conf.
> > 
> > This is problematic, because the resulting default_profile.c will either
> > fail to compile because of syntax error, or leave the resulting
> > configuration invalid.
> > 
> > It can be reproduced by adding the following line somewhere into
> > mke2fs.conf configuration and forcing mke2fs to use the <default>
> > configuration by specifying nonexistent mke2fs.conf
> > 
> > MKE2FS_CONFIG="nonexistent" ./misc/mke2fs -T ext4 /dev/device
> > 
> > default_mntopts = "acl,user_xattr"
> > ^ this will fail to compile
> > 
> > default_mntopts = ""
> > ^ this will result in invalid config file
> > 
> > Syntax error in mke2fs config file (<default>, line #4)
> >       Unknown code prof 17
> > 
> > Fix it by escaping the double quotes with a backslash in
> > profile-to-c.awk script.
> 
> What about using single quotes for this?  That avoids the need to escape
> the double quotes, and avoids significant issues (IMHO) when the number
> of escapes grows over time as they are swallowed by various levels of
> processing.

Hi Andreas,

I am not sure I understand what issues you have in mind. The way I see
it, the profile-to-c.awk is used just during compile time to generate a
mke2fs_default_profile string and that's consumed by mke2fs in the case
no external config file can be found. There is only one level, or am I
missing something ?

Regardless it is possible to use a single quote by changing the code in
parse_line(). However I don't think we can just stop supporting double
quotes since that would technically change the mke2fs.conf format so it
would not solve the problem.

Thanks
-Lukas

> 
> Cheers, Andreas
> 
> > 
> > Signed-off-by: Lukas Czerner <lczerner@...hat.com>
> > ---
> > misc/profile-to-c.awk | 1 +
> > 1 file changed, 1 insertion(+)
> > 
> > diff --git a/misc/profile-to-c.awk b/misc/profile-to-c.awk
> > index f964efd6..814f7236 100644
> > --- a/misc/profile-to-c.awk
> > +++ b/misc/profile-to-c.awk
> > @@ -4,6 +4,7 @@ BEGIN {
> > }
> > 
> > {
> > +  gsub("\"","\\\"",$0);
> >   printf("  \"%s\\n\"\n", $0);
> > }
> > 
> > --
> > 2.26.2
> > 
> 
> 
> Cheers, Andreas
> 
> 
> 
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ