lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8fa904e1-f94f-9f7a-fe1b-fcb6ada6b321@gmail.com>
Date:   Thu, 9 Jun 2022 13:53:45 -0400
From:   Kent Overstreet <kent.overstreet@...il.com>
To:     Petr Mladek <pmladek@...e.com>
Cc:     linux-kernel@...r.kernel.org, rostedt@...dmis.org
Subject: Re: [PATCH v3 02/33] lib/string_helpers: Convert string_escape_mem()
 to printbuf

On 6/9/22 10:25, Petr Mladek wrote:
> On Sat 2022-06-04 15:30:11, Kent Overstreet wrote:
>> Like the upcoming vsprintf.c conversion, this converts string_escape_mem
>> to prt_escaped_string(), which uses and outputs to a printbuf, and makes
>> string_escape_mem() a smaller wrapper to support existing users.
>>
>> The new printbuf helpers greatly simplify the code.
>>
>> --- a/lib/string_helpers.c
>> +++ b/lib/string_helpers.c
>> @@ -15,6 +15,7 @@
>>   #include <linux/fs.h>
>>   #include <linux/limits.h>
>>   #include <linux/mm.h>
>> +#include <linux/printbuf.h>
>>   #include <linux/slab.h>
>>   #include <linux/string.h>
>>   #include <linux/string_helpers.h>
>> @@ -301,19 +302,14 @@ int string_unescape(char *src, char *dst, size_t size, unsigned int flags)
>>   }
>>   EXPORT_SYMBOL(string_unescape);
>>   
>> -static bool escape_passthrough(unsigned char c, char **dst, char *end)
>> +static bool escape_passthrough(struct printbuf *out, unsigned char c)
>>   {
>> -	char *out = *dst;
>> -
>> -	if (out < end)
>> -		*out = c;
>> -	*dst = out + 1;
>> +	prt_char(out, c);
> 
> This modifies the behavior. The original code did not add
> the trailing '\0'.
> 
> I agree that the original behavior is ugly but it is documented
> see the comment:
> 
>   * Return:
>   * The total size of the escaped output that would be generated for
>   * the given input and flags. To check whether the output was
>   * truncated, compare the return value to osz. There is room left in
>   * dst for a '\0' terminator if and only if ret < osz.
>                               ^^^^^^^^^^^^^^
> 
> 
> I am all for changing the behavior but it would require checking
> all callers.
> 
> Anyway, adding the trailing '\0' all is not much effective.
> I suggest to use __prt_char() and add the trailing '\0' when
> the string is complete.
> 
> We must make sure that __prt_char() is able to add the last
> character even when there will not longer be space for
> the trailing '\0'.

You really think there's going to be code depending on an _absence_ of a 
trailing nul? I should've updated the comment (I missed that originally, 
doing it now) - but this seems excessively nitpicky.

And I'm looking at the callers now:
  - seq_file, which doesn't commit the results if it overflowed the buffer
  - net/sunrpc/cache.c, which also appears to turn an overflow into an error

and that's it, aside from test cases.

The nul termination is an explicit thing: as I convert to printbuf, I 
don't want functions that output to printbufs returning printbufs that 
aren't nul terminated unless explicitly documented - and there's no 
reason to be doing this except for a few fast path helpers.

> 
>> +int string_escape_mem(const char *src, size_t isz, char *dst, size_t osz,
>> +		      unsigned int flags, const char *only)
> 
> We need keep the comment above this API as long as it is public.

Will do.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ