lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 13 Jul 2009 09:27:15 +0930
From:	Rusty Russell <rusty@...tcorp.com.au>
To:	Daniel Mierswa <impulze@...ulze.org>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [RFC] Re: Parsing kernel parameters and escaping "

On Mon, 13 Jul 2009 03:29:39 am Daniel Mierswa wrote:
> Tested:
> |param| => [param[(none)]]
> |param=| => [param[]]
> |param=value| => [param[value]]
> |param=value=withequal | => [param[value=withequal]]
> |param="value with spaces" | => [param[value with spaces]]
> |param="value with spaces and quotes \"" | => [param[value with spaces and
> | quotes "]] param=\"foo\" | => [param[\"foo" ]]
> |"param = value" | => [param = value[(none)]]

Hi Daniel!

It might be nice to have that test code somewhere at the bottom of param.c,
at least while we're playing with the code.

> Thanks for your kind feedback, I'm willing to put more effort into this
> when needed. I really first wanted to check if patches for this are
> welcomed.

Well, IMO it's a maintainer's job to give feedback, and patches should always be welcomed (even if not applied!).

Now to the details:

> +static size_t pull_token(char *args, char const *delim)
>  {
> -       unsigned int i, equals = 0;
> -       int in_quote = 0, quoted = 0;
> -       char *next;
> +       size_t length = 0;
> +       char *iterator = NULL, *last_quote = NULL;
> +
> +       for (iterator = args; *iterator; iterator++, length++) {

I really prefer "i" instead of "iterator".  I actually think i as an
unsigned/size_t here would probably make the code neater, but that's an aside.

> +               if (*iterator == '"') {
> +                       if (last_quote) {
> +                               char *mover = last_quote;
> +
> +                               /* move whole string back until current " is reached */ 
> +                               while (mover != iterator - 1) {
> +                                       *mover = *(mover + 1);
> +                                       mover++;
> +                               }

memmove?

> +               {
> +                       /* check for delimiter */
> +                       char const *delim_iterator = NULL;
> +                       for (delim_iterator = delim; *delim_iterator; delim_iterator++) {
> +                               if (*iterator == *delim_iterator) {
> +                                       return length;
> +                               }
> +                       }

How about:
	if (strchr(delim, *iterator))
		return length;

> +static char *next_arg(char *args, char **param, char **val)
> +{
> +       size_t len;
> +
> +       /* Chew leading spaces */
> +       while (*args == ' ')
> +               args++;

Note that this will undo another pending patch, which changes this to
isspace() to handle tabs et al.

Thanks!
Rusty.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ