Re: [PATCH 1/9] rtl8192*: display ESSIDs using %pE

From: Kees Cook
Date: Fri Sep 06 2019 - 11:53:41 EST


On Fri, Sep 06, 2019 at 12:38:29PM +0300, Andy Shevchenko wrote:
> On Thu, Sep 05, 2019 at 01:53:43PM -0700, Kees Cook wrote:
> > On Thu, Sep 05, 2019 at 03:44:25PM -0400, J. Bruce Fields wrote:
> > > From: "J. Bruce Fields" <bfields@xxxxxxxxxx>
> > >
> > > Everywhere else in the kernel ESSIDs are printed using %pE, and I can't
> > > see why there should be an exception here.
> >
> > I would expand this rationale slightly: using "n" here makes no sense
> > because they are already NUL-terminated strings. The "n" modifier could
> > only be used with string_escape_mem() which takes a "length" argument.
>
> SSID may have NUL in any location in the name.

Oops, you're totally right: I forgot the "*" part here. Ignore my
comment. :)

So, instead, this "upgrades" the escaping from "only NULL" to all the
unprintables.

>
> > > - snprintf(escaped, sizeof(escaped), "%*pEn", essid_len, essid);
> > > + snprintf(escaped, sizeof(escaped), "%*pE", essid_len, essid);
>
> > > - snprintf(escaped, sizeof(escaped), "%*pEn", essid_len, essid);
> > > + snprintf(escaped, sizeof(escaped), "%*pE", essid_len, essid);
>
> --
> With Best Regards,
> Andy Shevchenko
>
>

--
Kees Cook