lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHp75Vc-edpD5kz0EPsO7Q=zOPHWFckZzc17imO85dQy-PpOgg@mail.gmail.com>
Date:   Wed, 16 Jun 2021 00:42:27 +0300
From:   Andy Shevchenko <andy.shevchenko@...il.com>
To:     Chris Down <chris@...isdown.name>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Petr Mladek <pmladek@...e.com>, Jessica Yu <jeyu@...nel.org>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        John Ogness <john.ogness@...utronix.de>,
        Steven Rostedt <rostedt@...dmis.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Johannes Weiner <hannes@...xchg.org>,
        Kees Cook <keescook@...omium.org>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>, kernel-team@...com
Subject: Re: [PATCH v7 1/5] string_helpers: Escape double quotes in escape_special

On Tue, Jun 15, 2021 at 7:53 PM Chris Down <chris@...isdown.name> wrote:

In case you will need to send a new version some nit picks below WRT
commit message. Or somebody might fix them in place when applying.

> From an abstract point of view, escape_special's counterpart,
> unescape_special, already handles the unescaping of blackslashed double
> quote sequences.
>
> As a more practical example, printk indexing is an example case where

(example example)

"As a more practical example, printk indexing is the case where..."

?

> this is already practically useful. Compare an example with
> `ESCAPE_SPECIAL | ESCAPE_SPACE`, with quotes not escaped:
>
>     [root@...t ~]# grep drivers/pci/pci-stub.c:69 /sys/kernel/debug/printk/index/vmlinux
>     <4> drivers/pci/pci-stub.c:69 pci_stub_init "pci-stub: invalid ID string "%s"\n"
>
> ...and the same after this patch:
>
>     [root@...t ~]# grep drivers/pci/pci-stub.c:69 /sys/kernel/debug/printk/index/vmlinux
>     <4> drivers/pci/pci-stub.c:69 pci_stub_init "pci-stub: invalid ID string \"%s\"\n"

In both examples: '[root@...t ~]#' => '#'

> One can of course, alternatively, use ESCAPE_APPEND with a quote in
> @only, but without this patch quotes are coerced into hex or octal which
> can hurt readability quite significantly.
>
> I've checked uses of ESCAPE_SPECIAL and %pE across the codebase, and I'm

checked the uses

> pretty confident that this shouldn't affect any stable interfaces.
>
> Signed-off-by: Chris Down <chris@...isdown.name>
> Reviewed-by: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
> Reviewed-by: Petr Mladek <pmladek@...e.com>
> Cc: Rasmus Villemoes <linux@...musvillemoes.dk>
> ---
>  lib/string_helpers.c      |  4 ++++
>  lib/test-string_helpers.c | 14 +++++++-------
>  2 files changed, 11 insertions(+), 7 deletions(-)
>
> diff --git a/lib/string_helpers.c b/lib/string_helpers.c
> index 5a35c7e16e96..3806a52ce697 100644
> --- a/lib/string_helpers.c
> +++ b/lib/string_helpers.c
> @@ -361,6 +361,9 @@ static bool escape_special(unsigned char c, char **dst, char *end)
>         case '\e':
>                 to = 'e';
>                 break;
> +       case '"':
> +               to = '"';
> +               break;
>         default:
>                 return false;
>         }
> @@ -474,6 +477,7 @@ static bool escape_hex(unsigned char c, char **dst, char *end)
>   *             '\t' - horizontal tab
>   *             '\v' - vertical tab
>   *     %ESCAPE_SPECIAL:
> + *             '\"' - double quote
>   *             '\\' - backslash
>   *             '\a' - alert (BEL)
>   *             '\e' - escape
> diff --git a/lib/test-string_helpers.c b/lib/test-string_helpers.c
> index 2185d71704f0..437d8e6b7cb1 100644
> --- a/lib/test-string_helpers.c
> +++ b/lib/test-string_helpers.c
> @@ -140,13 +140,13 @@ static const struct test_string_2 escape0[] __initconst = {{
>  },{
>         .in = "\\h\\\"\a\e\\",
>         .s1 = {{
> -               .out = "\\\\h\\\\\"\\a\\e\\\\",
> +               .out = "\\\\h\\\\\\\"\\a\\e\\\\",
>                 .flags = ESCAPE_SPECIAL,
>         },{
> -               .out = "\\\\\\150\\\\\\042\\a\\e\\\\",
> +               .out = "\\\\\\150\\\\\\\"\\a\\e\\\\",
>                 .flags = ESCAPE_SPECIAL | ESCAPE_OCTAL,
>         },{
> -               .out = "\\\\\\x68\\\\\\x22\\a\\e\\\\",
> +               .out = "\\\\\\x68\\\\\\\"\\a\\e\\\\",
>                 .flags = ESCAPE_SPECIAL | ESCAPE_HEX,
>         },{
>                 /* terminator */
> @@ -157,10 +157,10 @@ static const struct test_string_2 escape0[] __initconst = {{
>                 .out = "\eb \\C\007\"\x90\\r]",
>                 .flags = ESCAPE_SPACE,
>         },{
> -               .out = "\\eb \\\\C\\a\"\x90\r]",
> +               .out = "\\eb \\\\C\\a\\\"\x90\r]",
>                 .flags = ESCAPE_SPECIAL,
>         },{
> -               .out = "\\eb \\\\C\\a\"\x90\\r]",
> +               .out = "\\eb \\\\C\\a\\\"\x90\\r]",
>                 .flags = ESCAPE_SPACE | ESCAPE_SPECIAL,
>         },{
>                 .out = "\\033\\142\\040\\134\\103\\007\\042\\220\\015\\135",
> @@ -169,10 +169,10 @@ static const struct test_string_2 escape0[] __initconst = {{
>                 .out = "\\033\\142\\040\\134\\103\\007\\042\\220\\r\\135",
>                 .flags = ESCAPE_SPACE | ESCAPE_OCTAL,
>         },{
> -               .out = "\\e\\142\\040\\\\\\103\\a\\042\\220\\015\\135",
> +               .out = "\\e\\142\\040\\\\\\103\\a\\\"\\220\\015\\135",
>                 .flags = ESCAPE_SPECIAL | ESCAPE_OCTAL,
>         },{
> -               .out = "\\e\\142\\040\\\\\\103\\a\\042\\220\\r\\135",
> +               .out = "\\e\\142\\040\\\\\\103\\a\\\"\\220\\r\\135",
>                 .flags = ESCAPE_SPACE | ESCAPE_SPECIAL | ESCAPE_OCTAL,
>         },{
>                 .out = "\eb \\C\007\"\x90\r]",
> --
> 2.31.1
>


-- 
With Best Regards,
Andy Shevchenko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ