lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 22 Nov 2023 16:23:31 +0100
From: Petr Machata <petrm@...dia.com>
To: David Ahern <dsahern@...il.com>, Stephen Hemminger
	<stephen@...workplumber.org>, <netdev@...r.kernel.org>
CC: Patrisious Haddad <phaddad@...dia.com>, Petr Machata <petrm@...dia.com>
Subject: [PATCH iproute2-next v2 4/5] lib: utils: Introduce parse_one_of_deprecated()

The function parse_one_of() currently uses matches() for string comparison
under the hood. Extending matches()-based parsers is tricky, because newly
added matches might change the way strings are parsed, if the newly-added
string shares a prefix with a string that is matched later in the code.

In this patch, introduce a new function, parse_one_of_deprecated(). This
will be currently synonymous with parse_one_of(), however the latter will
change behavior in the next patch.

Use the new function for parsing of the macsec "validate" option. The
reason is that the valid strings for that option are "disabled", "check"
and "strict". It is not hard to see how "disabled" could be misspelled as
"disable", and be baked in some script in this form.

Signed-off-by: Petr Machata <petrm@...dia.com>
---
 include/utils.h | 3 +++
 ip/ipmacsec.c   | 6 ++++--
 lib/utils.c     | 7 +++++++
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/include/utils.h b/include/utils.h
index add55bfa..9ba129b8 100644
--- a/include/utils.h
+++ b/include/utils.h
@@ -342,6 +342,9 @@ int do_batch(const char *name, bool force,
 
 int parse_one_of(const char *msg, const char *realval, const char * const *list,
 		 size_t len, int *p_err);
+int parse_one_of_deprecated(const char *msg, const char *realval,
+			    const char * const *list,
+			    size_t len, int *p_err);
 bool parse_on_off(const char *msg, const char *realval, int *p_err);
 
 int parse_mapping_num_all(__u32 *keyp, const char *key);
diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c
index 476a6d1d..fc4c8631 100644
--- a/ip/ipmacsec.c
+++ b/ip/ipmacsec.c
@@ -1457,8 +1457,10 @@ static int macsec_parse_opt(struct link_util *lu, int argc, char **argv,
 				invarg("expected replay window size", *argv);
 		} else if (strcmp(*argv, "validate") == 0) {
 			NEXT_ARG();
-			validate = parse_one_of("validate", *argv, validate_str,
-						ARRAY_SIZE(validate_str), &ret);
+			validate = parse_one_of_deprecated("validate", *argv,
+							   validate_str,
+							   ARRAY_SIZE(validate_str),
+							   &ret);
 			if (ret != 0)
 				return ret;
 			addattr8(n, MACSEC_BUFLEN,
diff --git a/lib/utils.c b/lib/utils.c
index f1ca3852..9142dc1d 100644
--- a/lib/utils.c
+++ b/lib/utils.c
@@ -1758,6 +1758,13 @@ int parse_one_of(const char *msg, const char *realval, const char * const *list,
 	return __parse_one_of(msg, realval, list, len, p_err, matches);
 }
 
+int parse_one_of_deprecated(const char *msg, const char *realval,
+			    const char * const *list,
+			    size_t len, int *p_err)
+{
+	return __parse_one_of(msg, realval, list, len, p_err, matches);
+}
+
 bool parse_on_off(const char *msg, const char *realval, int *p_err)
 {
 	static const char * const values_on_off[] = { "off", "on" };
-- 
2.41.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ