Re: [PATCH 08/16] nfsd: escape high characters in binary data

From: Kees Cook
Date: Thu Jun 27 2019 - 23:58:27 EST

Next message: Pingfan Liu: "Re: [PATCHv5] mm/gup: speed up check_and_migrate_cma_pages() on huge page"
Previous message: Anand Jain: "Re: [PATCH 09/19] btrfs: limit super block locations in HMZONED mode"
In reply to: J. Bruce Fields: "Re: [PATCH 08/16] nfsd: escape high characters in binary data"
Next in thread: J. Bruce Fields: "Re: [PATCH 08/16] nfsd: escape high characters in binary data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 27, 2019 at 04:21:24PM -0400, J. Bruce Fields wrote:
> No, I was confused: "\n" is non-printable according to isprint(), so
> ESCAPE_ANY_NP *will* escape it. So this isn't quite so bad. SSIDs are
> usually printed as '%*pE', so arguably we should be escaping the single
> quote character too, but at least we're not allowing line breaks
> through. I don't know about non-ascii.

Okay, cool. Given that most things are just trying to log, it seems like
it should be safe to have %pE escape non-ascii, non-printable, \, ', and "?

And if we changing that, we're likely changing
string_escape_mem(). Looking at callers of string_escape_mem() makes my
head spin...

Anyway, I don't want to block you needlessly. What would like to have
be next steps here?

--
Kees Cook

Next message: Pingfan Liu: "Re: [PATCHv5] mm/gup: speed up check_and_migrate_cma_pages() on huge page"
Previous message: Anand Jain: "Re: [PATCH 09/19] btrfs: limit super block locations in HMZONED mode"
In reply to: J. Bruce Fields: "Re: [PATCH 08/16] nfsd: escape high characters in binary data"
Next in thread: J. Bruce Fields: "Re: [PATCH 08/16] nfsd: escape high characters in binary data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]