Linux-NFS Archive on lore.kernel.org
 help / color / Atom feed
From: "J. Bruce Fields" <bfields@fieldses.org>
To: Kees Cook <keescook@chromium.org>
Cc: linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 08/16] nfsd: escape high characters in binary data
Date: Fri, 28 Jun 2019 12:33:58 -0400
Message-ID: <20190628163358.GA31800@fieldses.org> (raw)
In-Reply-To: <201906272054.6954C08FA@keescook>

On Thu, Jun 27, 2019 at 08:58:22PM -0700, Kees Cook wrote:
> On Thu, Jun 27, 2019 at 04:21:24PM -0400, J. Bruce Fields wrote:
> > No, I was confused: "\n" is non-printable according to isprint(), so
> > ESCAPE_ANY_NP *will* escape it.  So this isn't quite so bad.  SSIDs are
> > usually printed as '%*pE', so arguably we should be escaping the single
> > quote character too, but at least we're not allowing line breaks
> > through.  I don't know about non-ascii.
> 
> Okay, cool. Given that most things are just trying to log, it seems like
> it should be safe to have %pE escape non-ascii, non-printable, \, ', and "?
> 
> And if we changing that, we're likely changing
> string_escape_mem(). Looking at callers of string_escape_mem() makes my
> head spin...

kstrdup_quotable:
	- only a few callers, mostly just logging, but
	  msm_gpu_crashstate_capture uses it to generate some data that
	  looks like it goes in a crashdump.  Dunno if there might be
	  some utility depending on the current escaping. On the other
	  hand, kstrdup_quotable uses ESCAPE_HEX, "\f\n\r\t\v\a\e\\\""
	  so those characters are all escaped as \xNN, so I'd hope
	  any parser would be prepared to unescape any hex character,
	  they'd have to go out of their way to do anything else.
string_escape_str:
	- proc_task_name: ESCAPE_SPACE|ESCAPE_SPECIAL, "\n\\", used for
	  command name in /proc/<pid>/stat{us}.  No way do I want to
	  change the format of those files at all.
	- seq_escape: ESCAPE_OCTAL, esc: haven't surveyed callers
	  carefully, but this probably shouldn't be changed.
	- qword_add: ESCAPE_OCTAL, "\\ \n\t", some nfsd upcalls.  Fine
	  as they are, but the other side will happily accept any octal
	  or hex escaping.
string_escape_mem_any_np, string_escape_str_any_np:
	- totally unused.
escaped_string: this is the vsnprintf logic.  Tons of users, haven't had
	a chance to look at them all.  Almost all %*pE, the exceptions
	don't look important.

So the only flag values we care about are ESCAPE_HEX, ESCAPE_OCTAL,
ESCAPE_SPACE|ESCAPE_SPECIAL, and ESCAPE_ANY_NP.

So this could be cleaned up some if we wanted.

> Anyway, I don't want to block you needlessly. What would like to have
> be next steps here?

I might still be interested in some cleanup, I find the current logic
unnecessarily confusing.

But I may just give up and go with my existing patch and put
off that project indefinitely, especially if there's no real need to fix
the existing callers.

I don't know....

--b.

  reply index

Thread overview: 38+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-20 14:50 [PATCH 00/16] exposing knfsd client state to userspace J. Bruce Fields
2019-06-20 14:51 ` [PATCH 01/16] nfsd: persist nfsd filesystem across mounts J. Bruce Fields
2019-06-20 14:51 ` [PATCH 02/16] nfsd: rename cl_refcount J. Bruce Fields
2019-06-20 14:51 ` [PATCH 03/16] nfsd4: use reference count to free client J. Bruce Fields
2019-06-20 14:51 ` [PATCH 04/16] nfsd: add nfsd/clients directory J. Bruce Fields
2019-06-20 14:51 ` [PATCH 05/16] nfsd: make client/ directory names small ints J. Bruce Fields
2019-06-20 14:51 ` [PATCH 06/16] nfsd4: add a client info file J. Bruce Fields
2019-06-20 14:51 ` [PATCH 07/16] nfsd: copy client's address including port number to cl_addr J. Bruce Fields
2019-06-20 14:51 ` [PATCH 08/16] nfsd: escape high characters in binary data J. Bruce Fields
2019-06-21 17:45   ` bfields
2019-06-21 22:26     ` Kees Cook
2019-06-22 19:00       ` J. Bruce Fields
2019-06-22 20:22         ` Kees Cook
2019-06-24 21:05           ` J. Bruce Fields
2019-06-26 16:21             ` J. Bruce Fields
2019-06-27  4:16               ` Kees Cook
2019-06-27 15:23                 ` J. Bruce Fields
2019-06-27 20:21               ` J. Bruce Fields
2019-06-28  3:58                 ` Kees Cook
2019-06-28 16:33                   ` J. Bruce Fields [this message]
2019-07-10 22:09                     ` J. Bruce Fields
2019-07-11  1:54                       ` Kees Cook
2019-08-06 12:19   ` Andy Shevchenko
2019-08-06 18:50     ` J. Bruce Fields
2019-08-07  9:00       ` Andy Shevchenko
2019-08-08 11:28         ` bfields
2019-08-27 13:36           ` Andy Shevchenko
2019-06-20 14:51 ` [PATCH 09/16] nfsd: add more information to client info file J. Bruce Fields
2019-06-20 14:51 ` [PATCH 10/16] nfsd4: add file to display list of client's opens J. Bruce Fields
2019-06-20 14:51 ` [PATCH 11/16] nfsd: show lock and deleg stateids J. Bruce Fields
2019-06-20 14:51 ` [PATCH 12/16] nfsd4: show layout stateids J. Bruce Fields
2019-06-20 14:51 ` [PATCH 13/16] nfsd: create get_nfsdfs_clp helper J. Bruce Fields
2019-06-20 14:51 ` [PATCH 14/16] nfsd: allow forced expiration of NFSv4 clients J. Bruce Fields
2019-06-20 14:51 ` [PATCH 15/16] nfsd: create xdr_netobj_dup helper J. Bruce Fields
2019-06-20 14:51 ` [PATCH 16/16] nfsd: decode implementation id J. Bruce Fields
2019-06-21 18:13 ` [PATCH 00/16] exposing knfsd client state to userspace bfields
2019-06-21 19:25   ` Anna Schumaker
2019-06-21 22:08     ` J. Bruce Fields

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190628163358.GA31800@fieldses.org \
    --to=bfields@fieldses.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-nfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-NFS Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-nfs/0 linux-nfs/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-nfs linux-nfs/ https://lore.kernel.org/linux-nfs \
		linux-nfs@vger.kernel.org
	public-inbox-index linux-nfs

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-nfs


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git