| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d62bac7e-432e-23bc-3d4c-d860e164dcaf@redhat.com>
Date: Mon, 18 Nov 2024 11:38:05 +0100 (CET)
From: Mikulas Patocka <mpatocka@...hat.com>
To: Mohammed Anees <pvmohammedanees2003@...il.com>
cc: Alasdair Kergon <agk@...hat.com>, Mike Snitzer <snitzer@...nel.org>,
dm-devel@...ts.linux.dev, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] dm: Allow the use of escaped characters in
str_field_delimit()
On Tue, 12 Nov 2024, Mohammed Anees wrote:
> Escape characters were not handled before, which could lead to
> unwanted issues. Some device-mapper names may contain backslashes (`\`)
> as valid characters and should not be treated as escape characters. Only
> escape characters followed directly by the separator are considered
> valid and need to be processed. After handling, the escape characters
> are removed to ensure the final string is correctly parsed without
> unwanted escape sequences which were used only for escaping.
>
> Signed-off-by: Mohammed Anees <pvmohammedanees2003@...il.com>
Hi
Does anyone really need this? Is there some use case for using escape
characters in device mapper names?
Mikulas
> ---
> drivers/md/dm-init.c | 28 ++++++++++++++++++++++++----
> 1 file changed, 24 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/md/dm-init.c b/drivers/md/dm-init.c
> index b37bbe762500..dad9d523f7fb 100644
> --- a/drivers/md/dm-init.c
> +++ b/drivers/md/dm-init.c
> @@ -88,13 +88,33 @@ static void __init dm_setup_cleanup(struct list_head *devices)
> static char __init *str_field_delimit(char **str, char separator)
> {
> char *s;
> + /* This variable handles removing escape characters, which are
> + * only used to avoid the separator and aren't needed in the
> + * final string.
> + */
> + char *write;
>
> - /* TODO: add support for escaped characters */
> *str = skip_spaces(*str);
> - s = strchr(*str, separator);
> + s = *str;
> + write = *str;
> +
> + /* Find the separator and handle escape character */
> + while (*s) {
> + /* If '\' is followed by the separator, skip '\' by
> + * incrementing s, write will then overwrite the
> + * escape character with the separator.
> + */
> + if (*s == '\\' && *(s + 1) != '\0' && *(s + 1) == separator)
> + s++;
> + else if (*s == separator)
> + break;
> +
> + *write++ = *s++;
> + }
> +
> /* Delimit the field and remove trailing spaces */
> - if (s)
> - *s = '\0';
> + if (write)
> + *write = '\0';
> *str = strim(*str);
> return s ? ++s : NULL;
> }
> --
> 2.47.0
>
Powered by blists - more mailing lists