| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAP-5=fUCJEyrZ+bx6oMGmFm5wuF71uheM=7VD9ynjAD_TNZ78w@mail.gmail.com>
Date: Thu, 19 Jan 2023 07:57:19 -0800
From: Ian Rogers <irogers@...gle.com>
To: Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>,
Namhyung Kim <namhyung@...nel.org>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Tom Rix <trix@...hat.com>, Ian Rogers <irogers@...gle.com>,
Andrii Nakryiko <andrii@...nel.org>,
linux-perf-users@...r.kernel.org, linux-kernel@...r.kernel.org,
bpf@...r.kernel.org, llvm@...ts.linux.dev
Subject: Re: [PATCH v1] perf llvm: Fix inadvertent file creation
On Thu, Jan 5, 2023 at 12:26 AM Ian Rogers <irogers@...gle.com> wrote:
>
> The LLVM template is first echo-ed into command_out and then
> command_out executed. The echo surrounds the template with double
> quotes, however, the template itself may contain quotes. This is
> generally innocuous but in tools/perf/tests/bpf-script-test-prologue.c
> we see:
> ...
> SEC("func=null_lseek file->f_mode offset orig")
> ...
> where the first double quote ends the double quote of the echo, then
> the > redirects output into a file called f_mode.
>
> To avoid this inadvertent behavior substitute redirects and similar
> characters to be ASCII control codes, then substitute the output in
> the echo back again.
>
> Fixes: 5eab5a7ee032 ("perf llvm: Display eBPF compiling command in debug output")
> Signed-off-by: Ian Rogers <irogers@...gle.com>
Ping. Not really a BPF/LLVM fix, it is just doing some string
manipulation to avoid shell interpretation in the context of making
BPF/LLVM.
Thanks,
Ian
> ---
> tools/perf/util/llvm-utils.c | 25 ++++++++++++++++++++++++-
> 1 file changed, 24 insertions(+), 1 deletion(-)
>
> diff --git a/tools/perf/util/llvm-utils.c b/tools/perf/util/llvm-utils.c
> index 650ffe336f3a..4e8e243a6e4b 100644
> --- a/tools/perf/util/llvm-utils.c
> +++ b/tools/perf/util/llvm-utils.c
> @@ -531,14 +531,37 @@ int llvm__compile_bpf(const char *path, void **p_obj_buf,
>
> pr_debug("llvm compiling command template: %s\n", template);
>
> + /*
> + * Below, substitute control characters for values that can cause the
> + * echo to misbehave, then substitute the values back.
> + */
> err = -ENOMEM;
> - if (asprintf(&command_echo, "echo -n \"%s\"", template) < 0)
> + if (asprintf(&command_echo, "echo -n \a%s\a", template) < 0)
> goto errout;
>
> +#define SWAP_CHAR(a, b) do { if (*p == a) *p = b; } while (0)
> + for (char *p = command_echo; *p; p++) {
> + SWAP_CHAR('<', '\001');
> + SWAP_CHAR('>', '\002');
> + SWAP_CHAR('"', '\003');
> + SWAP_CHAR('\'', '\004');
> + SWAP_CHAR('|', '\005');
> + SWAP_CHAR('&', '\006');
> + SWAP_CHAR('\a', '"');
> + }
> err = read_from_pipe(command_echo, (void **) &command_out, NULL);
> if (err)
> goto errout;
>
> + for (char *p = command_out; *p; p++) {
> + SWAP_CHAR('\001', '<');
> + SWAP_CHAR('\002', '>');
> + SWAP_CHAR('\003', '"');
> + SWAP_CHAR('\004', '\'');
> + SWAP_CHAR('\005', '|');
> + SWAP_CHAR('\006', '&');
> + }
> +#undef SWAP_CHAR
> pr_debug("llvm compiling command : %s\n", command_out);
>
> err = read_from_pipe(template, &obj_buf, &obj_buf_sz);
> --
> 2.39.0.314.g84b9a713c41-goog
>
Powered by blists - more mailing lists