diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2014-07-29 22:01:36 -0400 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2014-07-31 04:00:31 -0400 |
| commit | a2a5291b3f5ab6ed4c92f51d0fd10a03047380d8 (patch) | |
| tree | 1a74a85c70861b0a411d9dd325b039976de4fd4e /src/shared/util.c | |
| parent | 73381fcf54e38456067f0e87b8611a21eff99169 (diff) | |
Reject invalid quoted strings
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.
Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.
_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.
Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.
mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS $RootDir $MountPoint
mbiebl_> which is pretty weird
Diffstat (limited to 'src/shared/util.c')
| -rw-r--r-- | src/shared/util.c | 47 |
1 files changed, 30 insertions, 17 deletions
diff --git a/src/shared/util.c b/src/shared/util.c index d8a75bdc6a..cb9687cb02 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -415,37 +415,50 @@ static size_t strcspn_escaped(const char *s, const char *reject) { else if (s[n] == '\\') escaped = true; else if (strchr(reject, s[n])) - return n; + break; } - return n; + /* if s ends in \, return index of previous char */ + return n - escaped; } /* Split a string into words. */ -char *split(const char *c, size_t *l, const char *separator, bool quoted, char **state) { - char *current; +const char* split(const char **state, size_t *l, const char *separator, bool quoted) { + const char *current; - current = *state ? *state : (char*) c; + current = *state; - if (!*current || *c == 0) + if (!*current) { + assert(**state == '\0'); return NULL; + } current += strspn(current, separator); - if (!*current) + if (!*current) { + *state = current; return NULL; + } if (quoted && strchr("\'\"", *current)) { - char quotechar = *(current++); - *l = strcspn_escaped(current, (char[]){quotechar, '\0'}); - *state = current+*l+1; + char quotechars[2] = {*current, '\0'}; + + *l = strcspn_escaped(current + 1, quotechars); + if (current[*l + 1] == '\0' || + (current[*l + 2] && !strchr(separator, current[*l + 2]))) { + /* right quote missing or garbage at the end*/ + *state = current; + return NULL; + } + assert(current[*l + 1] == quotechars[0]); + *state = current++ + *l + 2; } else if (quoted) { *l = strcspn_escaped(current, separator); - *state = current+*l; + *state = current + *l; } else { *l = strcspn(current, separator); - *state = current+*l; + *state = current + *l; } - return (char*) current; + return current; } int get_parent_of_pid(pid_t pid, pid_t *_ppid) { @@ -6059,7 +6072,7 @@ int split_pair(const char *s, const char *sep, char **l, char **r) { int shall_restore_state(void) { _cleanup_free_ char *line = NULL; - char *w, *state; + const char *word, *state; size_t l; int r; @@ -6071,12 +6084,12 @@ int shall_restore_state(void) { r = 1; - FOREACH_WORD_QUOTED(w, l, line, state) { + FOREACH_WORD_QUOTED(word, l, line, state) { const char *e; char n[l+1]; int k; - memcpy(n, w, l); + memcpy(n, word, l); n[l] = 0; e = startswith(n, "systemd.restore_state="); @@ -6120,7 +6133,7 @@ int proc_cmdline(char **ret) { int parse_proc_cmdline(int (*parse_item)(const char *key, const char *value)) { _cleanup_free_ char *line = NULL; - char *w, *state; + const char *w, *state; size_t l; int r; |