lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150408094401.GA10714@khany.gandi.net>
Date:	Wed, 8 Apr 2015 11:44:01 +0200
From:	Arthur Gautier <baloo@...di.net>
To:	Rusty Russell <rusty@...tcorp.com.au>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] param: fixup quote parsing of kernel arguments

On Wed, Apr 08, 2015 at 03:29:43PM +0930, Rusty Russell wrote:
> Arthur Gautier <baloo@...di.net> writes:
> > When starting kernel with arguments like:
> >   init=/bin/sh -c "echo arguments"
> > the trailing double quote is not removed which results in following command
> > being executed:
> >   /bin/sh -c 'echo arguments"'
> >
> > This commit removes the trailing double quote.
> >
> > Signed-off-by: Arthur Gautier <baloo@...di.net>
> 
> Hi Arthur,
> 
>         Thanks, I'd not considered quotes outside '='.  But this
> fixes it in a weird way: we handle quotes below, we just don't do
> anything for the "raw value" case:
> 
> 	for (i = 0; args[i]; i++) {
> 		if (isspace(args[i]) && !in_quote)
> 			break;
> 		if (equals == 0) {
> 			if (args[i] == '=')
> 				equals = i;
> 		}
> 		if (args[i] == '"')
> 			in_quote = !in_quote;
> 	}
> 
> 	*param = args;
> 	if (!equals)
> 		*val = NULL;
> 	else {
> 		args[equals] = '\0';
> 		*val = args + equals + 1;
> 
> 		/* Don't include quotes in value. */
> 		if (**val == '"') {
> 			(*val)++;
> 			if (args[i-1] == '"')
> 				args[i-1] = '\0';
> 		}
> 		if (quoted && args[i-1] == '"')
> 			args[i-1] = '\0';
> 	}
> 
> The logical fix is to just always remove the close quotes in both
> cases:
> 
> diff --git a/kernel/params.c b/kernel/params.c
> index 728e05b167de..a22d6a759b1a 100644
> --- a/kernel/params.c
> +++ b/kernel/params.c
> @@ -173,9 +173,9 @@ static char *next_arg(char *args, char **param, char **val)
>  			if (args[i-1] == '"')
>  				args[i-1] = '\0';
>  		}
> -		if (quoted && args[i-1] == '"')
> -			args[i-1] = '\0';
>  	}
> +	if (quoted && args[i-1] == '"')
> +		args[i-1] = '\0';
>  
>  	if (args[i]) {
>  		args[i] = '\0';
> 
> Does this work for you?
> 

Hi Rusty,

This does indeed fixes my issue and I agree with the fix but I've also
noticed a problem when parsing commands like:

  char * input = "var0=\"val=ue\" \"var1\"=value \"var2=value\" \"echo foo\"";
  char buf[255];
  char *args = buf;
  char * param, *val;

  memcpy(buf, input, strlen(input)+1);

  while(*args)
  {
          args = next_arg(args, &param, &val);
          printf("%s=%s\n", param, val);
  }

This parses commandline like:

  var0=val=ue
  var1"=value
  var2=value
  echo foo=(null)

As you may notice when using doublequote for keys, the final doublequote
is not removed. I'm not sure this should be considered as a problem nor
this should be expected but my patch was fixing this issue as well.

-- 
\o/ Arthur
 G  Gandi.net
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ