lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <4D2445C9-7D4D-438A-964C-5B8F46BC15B5@dubeyko.com>
Date:   Mon, 9 Aug 2021 10:42:02 -0700
From:   Viacheslav Dubeyko <slava@...eyko.com>
To:     Pali Rohár <pali@...nel.org>
Cc:     Linux FS Devel <linux-fsdevel@...r.kernel.org>,
        linux-ntfs-dev@...ts.sourceforge.net, linux-cifs@...r.kernel.org,
        jfs-discussion@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Jan Kara <jack@...e.cz>,
        OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>,
        "Theodore Y . Ts'o" <tytso@....edu>,
        Luis de Bethencourt <luisbg@...nel.org>,
        Salah Triki <salah.triki@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Dave Kleikamp <shaggy@...nel.org>,
        Anton Altaparmakov <anton@...era.com>,
        Pavel Machek <pavel@....cz>,
        Marek Behún <marek.behun@....cz>,
        Christoph Hellwig <hch@...radead.org>
Subject: Re: [RFC PATCH 13/20] hfsplus: Do not use broken utf8 NLS table for
 iocharset=utf8 mount option



> On Aug 8, 2021, at 9:24 AM, Pali Rohár <pali@...nel.org> wrote:
> 
> NLS table for utf8 is broken and cannot be fixed.
> 
> So instead of broken utf8 nls functions char2uni() and uni2char() use
> functions utf8_to_utf32() and utf32_to_utf8() which implements correct
> encoding and decoding between Unicode code points and UTF-8 sequence.
> 
> Note that this fs driver does not support full Unicode range, specially
> UTF-16 surrogate pairs are unsupported. This patch does not change this
> limitation and support for UTF-16 surrogate pairs stay unimplemented.
> 
> When iochatset=utf8 is used then set sbi->nls to NULL and use it for
> distinguish between the fact if NLS table or native UTF-8 functions should
> be used.
> 
> Signed-off-by: Pali Rohár <pali@...nel.org>
> ---
> fs/hfsplus/dir.c            |  6 ++++--
> fs/hfsplus/options.c        | 32 ++++++++++++++++++--------------
> fs/hfsplus/super.c          |  7 +------
> fs/hfsplus/unicode.c        | 31 ++++++++++++++++++++++++++++---
> fs/hfsplus/xattr.c          | 14 +++++++++-----
> fs/hfsplus/xattr_security.c |  3 ++-
> 6 files changed, 62 insertions(+), 31 deletions(-)
> 
> diff --git a/fs/hfsplus/dir.c b/fs/hfsplus/dir.c
> index 84714bbccc12..2caf0cd82221 100644
> --- a/fs/hfsplus/dir.c
> +++ b/fs/hfsplus/dir.c
> @@ -144,7 +144,8 @@ static int hfsplus_readdir(struct file *file, struct dir_context *ctx)
> 	err = hfs_find_init(HFSPLUS_SB(sb)->cat_tree, &fd);
> 	if (err)
> 		return err;
> -	strbuf = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_MAX_STRLEN + 1, GFP_KERNEL);
> +	strbuf = kmalloc((HFSPLUS_SB(sb)->nls ? NLS_MAX_CHARSET_SIZE : 4) *
> +			HFSPLUS_MAX_STRLEN + 1, GFP_KERNEL);

Maybe, introduce some variable that will contain the length calculation?

> 	if (!strbuf) {
> 		err = -ENOMEM;
> 		goto out;
> @@ -203,7 +204,8 @@ static int hfsplus_readdir(struct file *file, struct dir_context *ctx)
> 		hfs_bnode_read(fd.bnode, &entry, fd.entryoffset,
> 			fd.entrylength);
> 		type = be16_to_cpu(entry.type);
> -		len = NLS_MAX_CHARSET_SIZE * HFSPLUS_MAX_STRLEN;
> +		len = (HFSPLUS_SB(sb)->nls ? NLS_MAX_CHARSET_SIZE : 4) *
> +		      HFSPLUS_MAX_STRLEN;
> 		err = hfsplus_uni2asc(sb, &fd.key->cat.name, strbuf, &len);
> 		if (err)
> 			goto out;
> diff --git a/fs/hfsplus/options.c b/fs/hfsplus/options.c
> index a975548f6b91..16c08cb5c4f8 100644
> --- a/fs/hfsplus/options.c
> +++ b/fs/hfsplus/options.c
> @@ -104,6 +104,9 @@ int hfsplus_parse_options(char *input, struct hfsplus_sb_info *sbi)
> 	char *p;
> 	substring_t args[MAX_OPT_ARGS];
> 	int tmp, token;
> +	int have_iocharset;
> +
> +	have_iocharset = 0;

What’s about boolean type and to use true/false?

> 
> 	if (!input)
> 		goto done;
> @@ -171,20 +174,24 @@ int hfsplus_parse_options(char *input, struct hfsplus_sb_info *sbi)
> 			pr_warn("option nls= is deprecated, use iocharset=\n");
> 			/* fallthrough */
> 		case opt_iocharset:
> -			if (sbi->nls) {
> +			if (have_iocharset) {
> 				pr_err("unable to change nls mapping\n");
> 				return 0;
> 			}
> 			p = match_strdup(&args[0]);
> -			if (p)
> -				sbi->nls = load_nls(p);
> -			if (!sbi->nls) {
> -				pr_err("unable to load nls mapping \"%s\"\n",
> -				       p);
> -				kfree(p);
> +			if (!p)
> 				return 0;
> +			if (strcmp(p, "utf8") != 0) {
> +				sbi->nls = load_nls(p);
> +				if (!sbi->nls) {
> +					pr_err("unable to load nls mapping "
> +						"\"%s\"\n", p);
> +					kfree(p);
> +					return 0;
> +				}
> 			}
> 			kfree(p);
> +			have_iocharset = 1;

Ditto. What’s about true here?

> 			break;
> 		case opt_decompose:
> 			clear_bit(HFSPLUS_SB_NODECOMPOSE, &sbi->flags);
> @@ -207,13 +214,10 @@ int hfsplus_parse_options(char *input, struct hfsplus_sb_info *sbi)
> 	}
> 
> done:
> -	if (!sbi->nls) {
> -		/* try utf8 first, as this is the old default behaviour */
> -		sbi->nls = load_nls("utf8");
> -		if (!sbi->nls)
> -			sbi->nls = load_nls_default();
> -		if (!sbi->nls)
> -			return 0;
> +	if (!have_iocharset) {
> +		/* use utf8, as this is the old default behaviour */
> +		pr_debug("using native UTF-8 without nls\n");
> +		/* no sbi->nls means that native UTF-8 code is used */
> 	}
> 
> 	return 1;
> diff --git a/fs/hfsplus/super.c b/fs/hfsplus/super.c
> index b9e3db3f855f..985662451bfc 100644
> --- a/fs/hfsplus/super.c
> +++ b/fs/hfsplus/super.c
> @@ -403,11 +403,7 @@ static int hfsplus_fill_super(struct super_block *sb, void *data, int silent)
> 
> 	/* temporarily use utf8 to correctly find the hidden dir below */
> 	nls = sbi->nls;
> -	sbi->nls = load_nls("utf8");
> -	if (!sbi->nls) {
> -		pr_err("unable to load nls for utf8\n");
> -		goto out_unload_nls;
> -	}
> +	sbi->nls = NULL;
> 
> 	/* Grab the volume header */
> 	if (hfsplus_read_wrapper(sb)) {
> @@ -585,7 +581,6 @@ static int hfsplus_fill_super(struct super_block *sb, void *data, int silent)
> 		}
> 	}
> 
> -	unload_nls(sbi->nls);
> 	sbi->nls = nls;
> 	return 0;
> 
> diff --git a/fs/hfsplus/unicode.c b/fs/hfsplus/unicode.c
> index 73342c925a4b..1d8c31c5126f 100644
> --- a/fs/hfsplus/unicode.c
> +++ b/fs/hfsplus/unicode.c
> @@ -190,7 +190,12 @@ int hfsplus_uni2asc(struct super_block *sb,
> 				c0 = ':';
> 				break;
> 			}
> -			res = nls->uni2char(c0, op, len);
> +			if (nls)
> +				res = nls->uni2char(c0, op, len);
> +			else (len > 0)
> +				res = utf32_to_utf8(c0, op, len);
> +			else
> +				res = -ENAMETOOLONG;
> 			if (res < 0) {
> 				if (res == -ENAMETOOLONG)
> 					goto out;
> @@ -233,7 +238,12 @@ int hfsplus_uni2asc(struct super_block *sb,
> 			cc = c0;
> 		}
> done:
> -		res = nls->uni2char(cc, op, len);
> +		if (nls)
> +			res = nls->uni2char(cc, op, len);
> +		else (len > 0)
> +			res = utf32_to_utf8(cc, op, len);
> +		else
> +			res = -ENAMETOOLONG;
> 		if (res < 0) {
> 			if (res == -ENAMETOOLONG)
> 				goto out;
> @@ -256,7 +266,22 @@ int hfsplus_uni2asc(struct super_block *sb,
> static inline int asc2unichar(struct super_block *sb, const char *astr, int len,
> 			      wchar_t *uc)
> {
> -	int size = HFSPLUS_SB(sb)->nls->char2uni(astr, len, uc);
> +	struct nls_table *nls = HFSPLUS_SB(sb)->nls;
> +	unicode_t u;
> +	int size;
> +
> +	if (nls)
> +		size = nls->char2uni(astr, len, uc);
> +	else {
> +		size = utf8_to_utf32(astr, len, &u);
> +		if (size >= 0) {
> +			/* TODO: Add support for UTF-16 surrogate pairs */

Have you forgot to delete this string? Or do you plan to implement this?

> +			if (u <= MAX_WCHAR_T)
> +				*uc = u;
> +			else
> +				size = -EINVAL;
> +		}
> +	}
> 	if (size <= 0) {
> 		*uc = '?';
> 		size = 1;
> diff --git a/fs/hfsplus/xattr.c b/fs/hfsplus/xattr.c
> index e2855ceefd39..9b2653f08a5f 100644
> --- a/fs/hfsplus/xattr.c
> +++ b/fs/hfsplus/xattr.c
> @@ -425,7 +425,8 @@ int hfsplus_setxattr(struct inode *inode, const char *name,
> 	char *xattr_name;
> 	int res;
> 
> -	xattr_name = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN + 1,
> +	xattr_name = kmalloc((HFSPLUS_SB(sb)->nls ? NLS_MAX_CHARSET_SIZE : 4) *
> +			     HFSPLUS_ATTR_MAX_STRLEN + 1,
> 		GFP_KERNEL);

What’s about to introduce a variable for length calculation?

> 	if (!xattr_name)
> 		return -ENOMEM;
> @@ -579,7 +580,8 @@ ssize_t hfsplus_getxattr(struct inode *inode, const char *name,
> 	int res;
> 	char *xattr_name;
> 
> -	xattr_name = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN + 1,
> +	xattr_name = kmalloc((HFSPLUS_SB(sb)->nls ? NLS_MAX_CHARSET_SIZE : 4) *
> +			     HFSPLUS_ATTR_MAX_STRLEN + 1,
> 			     GFP_KERNEL);

Ditto. What’s about to introduce a variable for length calculation?

> 	if (!xattr_name)
> 		return -ENOMEM;
> @@ -699,8 +701,9 @@ ssize_t hfsplus_listxattr(struct dentry *dentry, char *buffer, size_t size)
> 		return err;
> 	}
> 
> -	strbuf = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN +
> -			XATTR_MAC_OSX_PREFIX_LEN + 1, GFP_KERNEL);
> +	strbuf = kmalloc((HFSPLUS_SB(sb)->nls ? NLS_MAX_CHARSET_SIZE : 4) *
> +			HFSPLUS_ATTR_MAX_STRLEN + XATTR_MAC_OSX_PREFIX_LEN + 1,
> +			GFP_KERNEL);

Ditto. What’s about to introduce a variable for length calculation?

> 	if (!strbuf) {
> 		res = -ENOMEM;
> 		goto out;
> @@ -732,7 +735,8 @@ ssize_t hfsplus_listxattr(struct dentry *dentry, char *buffer, size_t size)
> 		if (be32_to_cpu(attr_key.cnid) != inode->i_ino)
> 			goto end_listxattr;
> 
> -		xattr_name_len = NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN;
> +		xattr_name_len = (HFSPLUS_SB(sb)->nls ? NLS_MAX_CHARSET_SIZE : 4)
> +				* HFSPLUS_ATTR_MAX_STRLEN;
> 		if (hfsplus_uni2asc(inode->i_sb,
> 			(const struct hfsplus_unistr *)&fd.key->attr.key_name,
> 					strbuf, &xattr_name_len)) {
> diff --git a/fs/hfsplus/xattr_security.c b/fs/hfsplus/xattr_security.c
> index c1c7a16cbf21..438ebcd1359b 100644
> --- a/fs/hfsplus/xattr_security.c
> +++ b/fs/hfsplus/xattr_security.c
> @@ -41,7 +41,8 @@ static int hfsplus_initxattrs(struct inode *inode,
> 	char *xattr_name;
> 	int err = 0;
> 
> -	xattr_name = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN + 1,
> +	xattr_name = kmalloc((HFSPLUS_SB(sb)->nls ? NLS_MAX_CHARSET_SIZE : 4) *
> +			     HFSPLUS_ATTR_MAX_STRLEN + 1,
> 		GFP_KERNEL);

Ditto. What’s about to introduce a variable for length calculation?

Thanks,
Slava.

> 	if (!xattr_name)
> 		return -ENOMEM;
> -- 
> 2.20.1
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ