| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 9 Jun 2022 13:53:45 -0400
From: Kent Overstreet <kent.overstreet@...il.com>
To: Petr Mladek <pmladek@...e.com>
Cc: linux-kernel@...r.kernel.org, rostedt@...dmis.org
Subject: Re: [PATCH v3 02/33] lib/string_helpers: Convert string_escape_mem()
to printbuf
On 6/9/22 10:25, Petr Mladek wrote:
> On Sat 2022-06-04 15:30:11, Kent Overstreet wrote:
>> Like the upcoming vsprintf.c conversion, this converts string_escape_mem
>> to prt_escaped_string(), which uses and outputs to a printbuf, and makes
>> string_escape_mem() a smaller wrapper to support existing users.
>>
>> The new printbuf helpers greatly simplify the code.
>>
>> --- a/lib/string_helpers.c
>> +++ b/lib/string_helpers.c
>> @@ -15,6 +15,7 @@
>> #include <linux/fs.h>
>> #include <linux/limits.h>
>> #include <linux/mm.h>
>> +#include <linux/printbuf.h>
>> #include <linux/slab.h>
>> #include <linux/string.h>
>> #include <linux/string_helpers.h>
>> @@ -301,19 +302,14 @@ int string_unescape(char *src, char *dst, size_t size, unsigned int flags)
>> }
>> EXPORT_SYMBOL(string_unescape);
>>
>> -static bool escape_passthrough(unsigned char c, char **dst, char *end)
>> +static bool escape_passthrough(struct printbuf *out, unsigned char c)
>> {
>> - char *out = *dst;
>> -
>> - if (out < end)
>> - *out = c;
>> - *dst = out + 1;
>> + prt_char(out, c);
>
> This modifies the behavior. The original code did not add
> the trailing '\0'.
>
> I agree that the original behavior is ugly but it is documented
> see the comment:
>
> * Return:
> * The total size of the escaped output that would be generated for
> * the given input and flags. To check whether the output was
> * truncated, compare the return value to osz. There is room left in
> * dst for a '\0' terminator if and only if ret < osz.
> ^^^^^^^^^^^^^^
>
>
> I am all for changing the behavior but it would require checking
> all callers.
>
> Anyway, adding the trailing '\0' all is not much effective.
> I suggest to use __prt_char() and add the trailing '\0' when
> the string is complete.
>
> We must make sure that __prt_char() is able to add the last
> character even when there will not longer be space for
> the trailing '\0'.
You really think there's going to be code depending on an _absence_ of a
trailing nul? I should've updated the comment (I missed that originally,
doing it now) - but this seems excessively nitpicky.
And I'm looking at the callers now:
- seq_file, which doesn't commit the results if it overflowed the buffer
- net/sunrpc/cache.c, which also appears to turn an overflow into an error
and that's it, aside from test cases.
The nul termination is an explicit thing: as I convert to printbuf, I
don't want functions that output to printbufs returning printbufs that
aren't nul terminated unless explicitly documented - and there's no
reason to be doing this except for a few fast path helpers.
>
>> +int string_escape_mem(const char *src, size_t isz, char *dst, size_t osz,
>> + unsigned int flags, const char *only)
>
> We need keep the comment above this API as long as it is public.
Will do.
Powered by blists - more mailing lists