lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 9 Jan 2019 10:04:14 -0800
From:   Andrew Morton <akpm@...ux-foundation.org>
To:     Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc:     Alexander Viro <viro@...iv.linux.org.uk>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        Kees Cook <keescook@...omium.org>
Subject: Re: [PATCH v1] seq_file: convert mangle_path() to use
 string_escape_str()

On Wed,  9 Jan 2019 17:40:22 +0200 Andy Shevchenko <andriy.shevchenko@...ux.intel.com> wrote:

> Since string_escape_str() does not support overlapping buffer first we check if
> there is enough room in the buffer and then update a path. The side effect of
> this change is in case of failure the buffer is left unchanged.
> 
> ...
>
> --- a/fs/seq_file.c
> +++ b/fs/seq_file.c
> @@ -421,21 +421,13 @@ EXPORT_SYMBOL(seq_printf);
>   */
>  char *mangle_path(char *s, const char *p, const char *esc)
>  {
> -	while (s <= p) {
> -		char c = *p++;
> -		if (!c) {
> -			return s;
> -		} else if (!strchr(esc, c)) {
> -			*s++ = c;
> -		} else if (s + 4 > p) {
> -			break;
> -		} else {
> -			*s++ = '\\';
> -			*s++ = '0' + ((c & 0300) >> 6);
> -			*s++ = '0' + ((c & 070) >> 3);
> -			*s++ = '0' + (c & 07);
> -		}
> -	}
> +	size_t len = p + strlen(p) - s;
> +	int ret;
> +
> +	ret = string_escape_str(p, NULL, 0, ESCAPE_OCTAL, esc);
> +	if (ret < len)
> +		return s + string_escape_str(p, s, len, ESCAPE_OCTAL, esc);
> +
>  	return NULL;
>  }
>  EXPORT_SYMBOL(mangle_path);

Confusing.

I think the objective of the patch is to use an existing library
function rather than open-coding, but the library function doesn't
support in-place operation on the string.  So the old mangle_path() was
OK with in-place conversion, but the new mangle_path() is not.  Is that
correct?  Do we know that all existing mangle_path() callers are OK
with this?  Please make all this clear in the changelog.

Also, the identifier `ret' is widely understood to mean "the value
which this function will return", but that is not the case here. 
Please use a more appropriate identifier.

Powered by blists - more mailing lists