From patchwork Wed Feb 17 17:20:57 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jim Fehlig X-Patchwork-Id: 8341691 Return-Path: X-Original-To: patchwork-xen-devel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 40CA2C0553 for ; Wed, 17 Feb 2016 17:23:03 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 7F4BC20397 for ; Wed, 17 Feb 2016 17:23:02 +0000 (UTC) Received: from lists.xen.org (lists.xenproject.org [50.57.142.19]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 9E712201ED for ; Wed, 17 Feb 2016 17:23:01 +0000 (UTC) Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aW5my-0000rI-5n; Wed, 17 Feb 2016 17:21:20 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aW5mx-0000q2-17 for xen-devel@lists.xen.org; Wed, 17 Feb 2016 17:21:19 +0000 Received: from [85.158.137.68] by server-16.bemta-3.messagelabs.com id 3B/A7-07451-E0CA4C65; Wed, 17 Feb 2016 17:21:18 +0000 X-Env-Sender: jfehlig@suse.com X-Msg-Ref: server-15.tower-31.messagelabs.com!1455729676!22848344!1 X-Originating-IP: [137.65.250.81] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 65055 invoked from network); 17 Feb 2016 17:21:17 -0000 Received: from smtp2.provo.novell.com (HELO smtp2.provo.novell.com) (137.65.250.81) by server-15.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 17 Feb 2016 17:21:17 -0000 Received: from talkeetna.gns.novell.com (prv-ext-foundry1int.gns.novell.com [137.65.251.240]) by smtp2.provo.novell.com with ESMTP (NOT encrypted); Wed, 17 Feb 2016 10:21:12 -0700 From: Jim Fehlig To: xen-devel@lists.xen.org Date: Wed, 17 Feb 2016 10:20:57 -0700 Message-Id: <1455729659-7885-2-git-send-email-jfehlig@suse.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1455729659-7885-1-git-send-email-jfehlig@suse.com> References: <1455729659-7885-1-git-send-email-jfehlig@suse.com> Cc: wei.liu2@citrix.com, Jim Fehlig , ian.jackson@eu.citrix.com, ian.campbell@citrix.com Subject: [Xen-devel] [PATCH V2 1/3] libxlu_cfg: reject unknown characters following '\' X-BeenThere: xen-devel@lists.xen.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_MED, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When dequoting config strings in xlu__cfgl_dequote(), unknown characters following a '\', and the '\' itself, are discarded. E.g. a disk configuration string containing rbd:pool/image:mon_host=192.168.0.100\:6789 would be dequoted as rbd:pool/image:mon_host=192.168.0.1006789 Instead of discarding the '\' and unknown character, reject the string and set error to EINVAL. Signed-off-by: Jim Fehlig Acked-by: Ian Campbell --- tools/libxl/libxlu_cfg.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/libxl/libxlu_cfg.c b/tools/libxl/libxlu_cfg.c index 1d70909..5838f68 100644 --- a/tools/libxl/libxlu_cfg.c +++ b/tools/libxl/libxlu_cfg.c @@ -533,6 +533,11 @@ char *xlu__cfgl_dequote(CfgParseContext *ctx, const char *src) { NUMERIC_CHAR(2,2,16,"hex"); } else if (nc>='0' && nc<='7') { NUMERIC_CHAR(1,3,10,"octal"); + } else { + xlu__cfgl_lexicalerror(ctx, + "invalid character after backlash in quoted string"); + ctx->err= EINVAL; + goto x; } assert(p <= src+len-1); } else {