Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20230330092352.1186349-1-matthias.goergens@gmail.com>
Date: Thu, 30 Mar 2023 17:23:52 +0800
From: Matthias Goergens <matthias.goergens@...il.com>
To: musl@...ts.openwall.com
Cc: Matthias Goergens <matthias.goergens@...il.com>
Subject: [PATCH] mntent: deal with escaped whitespace in mtab and fstab

>From glibc's documentation:

> Since fields in the mtab and fstab files are separated by whitespace,
> octal  escapes  are  used  to  represent  the characters space (\040),
> tab (\011), newline (\012), and backslash (\\) in those files when they
> occur  in  one  of  the  four strings  in  a  mntent  structure.  The
> routines addmntent() and getmntent() will convert from string
> representation to escaped representation and back.  When converting
> from  escaped  representation,  the sequence \134 is also converted to a
> backslash.

This fixes the issue reported in https://www.openwall.com/lists/musl/2021/12/14/1

--

This is a new version that incorporates suggestions by Szabolcs Nagy and rofl0r

The previous version had a helper function named `decode1` that decoded
a single escape.   I implemented Szabolcs Nagy's extremely clever manual
inlining.  However, I'm not completely sure that it's not too clever for
me.  (It took me a while to understand why it works.)
---
 src/misc/mntent.c | 85 +++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 78 insertions(+), 7 deletions(-)

diff --git a/src/misc/mntent.c b/src/misc/mntent.c
index d404fbe3..1c129579 100644
--- a/src/misc/mntent.c
+++ b/src/misc/mntent.c
@@ -1,8 +1,10 @@
+#include <assert.h>
 #include <stdio.h>
 #include <string.h>
 #include <mntent.h>
 #include <errno.h>
 #include <limits.h>
+#include "stdio_impl.h"
 
 static char *internal_buf;
 static size_t internal_bufsize;
@@ -20,6 +22,46 @@ int endmntent(FILE *f)
 	return 1;
 }
 
+static char* decode(char* buf) {
+	assert(buf != NULL);
+	char* src = buf;
+	char* dest = buf;
+	while (1) {
+		char* next_src = __strchrnul(src, '\\');
+		int offset = next_src - src;
+		memmove(dest, src, offset);
+		src = next_src;
+		dest += offset;
+
+		if(*src == '\0') {
+			*dest = *src;
+			return buf;
+		}
+		assert (*src == '\\');
+		src++;
+
+		const char *replacements =
+			"\040"	"040"	"\0"  // space
+			"\011"	"011"	"\0"  // tab
+			"\012"	"012"	"\0"  // newline
+			"\134"	"134"	"\0"  // backslash
+			"\\"	"\\"	"\0"
+			// Fallback for unrecognized escape sequence,
+			// copy literally:
+			"\\"	"";
+		while(1) {
+			char c = *replacements++;
+			size_t n = strlen(replacements);
+			if (strncmp(src, replacements, n) == 0) {
+				*dest++ = c;
+				src += n;
+				break;
+			}
+			replacements += n+1;
+        }
+	}
+}
+
 struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int buflen)
 {
 	int n[8], use_internal = (linebuf == SENTINEL);
@@ -55,10 +97,10 @@ struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int bufle
 	linebuf[n[5]] = 0;
 	linebuf[n[7]] = 0;
 
-	mnt->mnt_fsname = linebuf+n[0];
-	mnt->mnt_dir = linebuf+n[2];
-	mnt->mnt_type = linebuf+n[4];
-	mnt->mnt_opts = linebuf+n[6];
+	mnt->mnt_fsname = decode(linebuf+n[0]);
+	mnt->mnt_dir = decode(linebuf+n[2]);
+	mnt->mnt_type = decode(linebuf+n[4]);
+	mnt->mnt_opts = decode(linebuf+n[6]);
 
 	return mnt;
 }
@@ -69,12 +111,41 @@ struct mntent *getmntent(FILE *f)
 	return getmntent_r(f, &mnt, SENTINEL, 0);
 }
 
+static int escape_and_write_string(FILE *f, const char* str)
+{
+	char c;
+	int error_occured = 0;
+	while(str && !error_occured && (c = *str++) != 0) {
+		if(c == '\040') // space
+			error_occured = fputs("\\040", f) < 0;
+		else if (c == '\011') // tab
+			error_occured = fputs("\\011", f) < 0;
+		else if (c == '\012') // newline
+			error_occured = fputs("\\012", f) < 0;
+		else if (c == '\\')
+			error_occured = fputs("\\\\", f) < 0;
+		else
+			error_occured = putc_unlocked(c, f) < 0;
+	}
+	return error_occured;
+}
+
 int addmntent(FILE *f, const struct mntent *mnt)
 {
 	if (fseek(f, 0, SEEK_END)) return 1;
-	return fprintf(f, "%s\t%s\t%s\t%s\t%d\t%d\n",
-		mnt->mnt_fsname, mnt->mnt_dir, mnt->mnt_type, mnt->mnt_opts,
-		mnt->mnt_freq, mnt->mnt_passno) < 0;
+	FLOCK(f);
+	int error_occured =
+		escape_and_write_string(f, mnt->mnt_fsname)
+		|| (0 > putc_unlocked('\t', f))
+		|| escape_and_write_string(f, mnt->mnt_dir)
+		|| (0 > putc_unlocked('\t', f))
+		|| escape_and_write_string(f, mnt->mnt_type)
+		|| (0 > putc_unlocked('\t', f))
+		|| escape_and_write_string(f, mnt->mnt_opts)
+		|| (0 > fprintf(f, "\t%d\t%d\n",
+			mnt->mnt_freq, mnt->mnt_passno));
+	FUNLOCK(f);
+	return error_occured;
 }
 
 char *hasmntopt(const struct mntent *mnt, const char *opt)
-- 
2.40.0

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.