From: "J. Bruce Fields" <bfields@fieldses.org>
To: Kees Cook <keescook@chromium.org>
Cc: linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 08/16] nfsd: escape high characters in binary data
Date: Sat, 22 Jun 2019 15:00:58 -0400 [thread overview]
Message-ID: <20190622190058.GD5343@fieldses.org> (raw)
In-Reply-To: <201906211431.E6552108@keescook>
On Fri, Jun 21, 2019 at 03:26:00PM -0700, Kees Cook wrote:
> On Fri, Jun 21, 2019 at 01:45:44PM -0400, J. Bruce Fields wrote:
> > I'm not sure who to get review from for this kind of thing.
> >
> > Kees, you seem to be one of the only people to touch string_helpers.c
> > at all recently, any ideas?
>
> Hi! Yeah, I'm happy to take a look. Notes below...
Thanks!
> > On Thu, Jun 20, 2019 at 10:51:07AM -0400, J. Bruce Fields wrote:
> > > From: "J. Bruce Fields" <bfields@redhat.com>
> > >
> > > I'm exposing some information about NFS clients in pseudofiles. I
> > > expect to eventually have simple tools to help read those pseudofiles.
> > >
> > > But it's also helpful if the raw files are human-readable to the extent
> > > possible. It aids debugging and makes them usable on systems that don't
> > > have the latest nfs-utils.
> > >
> > > A minor challenge there is opaque client-generated protocol objects like
> > > state owners and client identifiers. Some clients generate those to
> > > include handy information in plain ascii. But they may also include
> > > arbitrary byte sequences.
> > >
> > > I think the simplest approach is to limit to isprint(c) && isascii(c)
> > > and escape everything else.
>
> Can you get the same functionality out of sprintf's %pE (escaped
> string)? If not, maybe we should expand the flags available?
Nothing against it, I just didn't want it to do that for one user,
but...
>
> * - 'E[achnops]' For an escaped buffer, where rules are defined by
> * combination
> * of the following flags (see string_escape_mem() for
> * the
> * details):
> * a - ESCAPE_ANY
> * c - ESCAPE_SPECIAL
> * h - ESCAPE_HEX
> * n - ESCAPE_NULL
> * o - ESCAPE_OCTAL
> * p - ESCAPE_NP
> * s - ESCAPE_SPACE
> * By default ESCAPE_ANY_NP is used.
>
> This doesn't cover escaping >0x7f and " and \
>
> And perhaps I should rework kstrdup_quotable() to have that flag? It's
> not currently escaping non-ascii and it probably should. Maybe
> "ESCAPE_QUOTABLE" as "q"?
... but if you think there's a lot of existing users that really want
this behavior, then great.
I'll look into that.
The logic around ESCAPE_NP and the "only" string is really confusing. I
started assuming I could just add an ESCAPE_NONASCII flag and stick "
and \ into the "only" string, but it doesn't work that way.
---b.
next prev parent reply other threads:[~2019-06-22 19:00 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-20 14:50 [PATCH 00/16] exposing knfsd client state to userspace J. Bruce Fields
2019-06-20 14:51 ` [PATCH 01/16] nfsd: persist nfsd filesystem across mounts J. Bruce Fields
2019-06-20 14:51 ` [PATCH 02/16] nfsd: rename cl_refcount J. Bruce Fields
2019-06-20 14:51 ` [PATCH 03/16] nfsd4: use reference count to free client J. Bruce Fields
2019-06-20 14:51 ` [PATCH 04/16] nfsd: add nfsd/clients directory J. Bruce Fields
2019-06-20 14:51 ` [PATCH 05/16] nfsd: make client/ directory names small ints J. Bruce Fields
2019-06-20 14:51 ` [PATCH 06/16] nfsd4: add a client info file J. Bruce Fields
2019-06-20 14:51 ` [PATCH 07/16] nfsd: copy client's address including port number to cl_addr J. Bruce Fields
2019-06-20 14:51 ` [PATCH 08/16] nfsd: escape high characters in binary data J. Bruce Fields
2019-06-21 17:45 ` J. Bruce Fields
2019-06-21 22:26 ` Kees Cook
2019-06-22 19:00 ` J. Bruce Fields [this message]
2019-06-22 20:22 ` Kees Cook
2019-06-24 21:05 ` J. Bruce Fields
2019-06-26 16:21 ` J. Bruce Fields
2019-06-27 4:16 ` Kees Cook
2019-06-27 15:23 ` J. Bruce Fields
2019-06-27 20:21 ` J. Bruce Fields
2019-06-28 3:58 ` Kees Cook
2019-06-28 16:33 ` J. Bruce Fields
2019-07-10 22:09 ` J. Bruce Fields
2019-07-11 1:54 ` Kees Cook
2019-08-06 12:19 ` Andy Shevchenko
2019-08-06 18:50 ` J. Bruce Fields
2019-08-07 9:00 ` Andy Shevchenko
2019-08-08 11:28 ` J. Bruce Fields
2019-08-27 13:36 ` Andy Shevchenko
2019-06-20 14:51 ` [PATCH 09/16] nfsd: add more information to client info file J. Bruce Fields
2019-06-20 14:51 ` [PATCH 10/16] nfsd4: add file to display list of client's opens J. Bruce Fields
2019-06-20 14:51 ` [PATCH 11/16] nfsd: show lock and deleg stateids J. Bruce Fields
2019-06-20 14:51 ` [PATCH 12/16] nfsd4: show layout stateids J. Bruce Fields
2019-06-20 14:51 ` [PATCH 13/16] nfsd: create get_nfsdfs_clp helper J. Bruce Fields
2019-06-20 14:51 ` [PATCH 14/16] nfsd: allow forced expiration of NFSv4 clients J. Bruce Fields
2019-06-20 14:51 ` [PATCH 15/16] nfsd: create xdr_netobj_dup helper J. Bruce Fields
2019-06-20 14:51 ` [PATCH 16/16] nfsd: decode implementation id J. Bruce Fields
2019-06-21 18:13 ` [PATCH 00/16] exposing knfsd client state to userspace J. Bruce Fields
2019-06-21 19:25 ` Anna Schumaker
2019-06-21 22:08 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190622190058.GD5343@fieldses.org \
--to=bfields@fieldses.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).