Hi,
I'm curious why ESCAPE_SPACE doesn't escape spaces (0x20)? That is
surprising to me, especially since things like isspace() include 0x20.
-Kees
--
Kees Cook
Chrome OS Security
On Thu, 2015-07-23 at 12:59 -0700, Kees Cook wrote:
> Hi,
>
> I'm curious why ESCAPE_SPACE doesn't escape spaces (0x20)?
Space is a printable character.
You perhaps wants something like ESCAPE_SPACE | ESCAPE_HEX.
> That is
> surprising to me, especially since things like isspace() include
> 0x20.
Moreover, there are test cases in test-string_helpers.c module and they
are based on the real use cases (before helpers were introduced and
users were converted). So, there is no user which expects hex conversio
n of the printable character if not asked explicitly.
--
Andy Shevchenko <[email protected]>
Intel Finland Oy
On Thu, Jul 23, 2015 at 1:27 PM, Andy Shevchenko
<[email protected]> wrote:
> On Thu, 2015-07-23 at 12:59 -0700, Kees Cook wrote:
>> Hi,
>>
>> I'm curious why ESCAPE_SPACE doesn't escape spaces (0x20)?
>
> Space is a printable character.
> You perhaps wants something like ESCAPE_SPACE | ESCAPE_HEX.
Yeah, I can get the effect I want with:
flags = ESCAPE_SPACE | ESCAPE_SPECIAL | ESCAPE_NULL | ESCAPE_HEX;
esc = "\f\n\r\t\v\\\a\e\0 ";
This isn't reachable via kasprintf, though (it always has a NULL esc).
I will consider some options and send patches.
>> That is
>> surprising to me, especially since things like isspace() include
>> 0x20.
>
> Moreover, there are test cases in test-string_helpers.c module and they
> are based on the real use cases (before helpers were introduced and
> users were converted). So, there is no user which expects hex conversio
> n of the printable character if not asked explicitly.
Yeah, I saw it was testing for space to be excluded. I guess I just
think the name "ESCAPE_SPACE" is misleading. :)
Thanks!
-Kees
--
Kees Cook
Chrome OS Security
On Thu, 2015-07-23 at 13:36 -0700, Kees Cook wrote:
> On Thu, Jul 23, 2015 at 1:27 PM, Andy Shevchenko
> <[email protected]> wrote:
> > On Thu, 2015-07-23 at 12:59 -0700, Kees Cook wrote:
> > > Hi,
> > >
> > > I'm curious why ESCAPE_SPACE doesn't escape spaces (0x20)?
> >
> > Space is a printable character.
> > You perhaps wants something like ESCAPE_SPACE | ESCAPE_HEX.
>
> Yeah, I can get the effect I want with:
>
> flags = ESCAPE_SPACE | ESCAPE_SPECIAL | ESCAPE_NULL | ESCAPE_HEX;
> esc = "\f\n\r\t\v\\\a\e\0 ";
esc can't contain '\0' in the middle.
So, you would like to convert only space to hex and leave everything
else printable as is?
>
> This isn't reachable via kasprintf, though (it always has a NULL
> esc).
> I will consider some options and send patches.
Before doing this, describe your use case in detail, please.
>
> > > That is
> > > surprising to me, especially since things like isspace() include
> > > 0x20.
> >
> > Moreover, there are test cases in test-string_helpers.c module and
> > they
> > are based on the real use cases (before helpers were introduced and
> > users were converted). So, there is no user which expects hex
> > conversio
> > n of the printable character if not asked explicitly.
>
> Yeah, I saw it was testing for space to be excluded. I guess I just
> think the name "ESCAPE_SPACE" is misleading. :)
For sake of name shortness I suppose. The idea is to escape *special*
spaces by this.
--
Andy Shevchenko <[email protected]>
Intel Finland Oy
On Thu, Jul 23, 2015 at 1:50 PM, Andy Shevchenko
<[email protected]> wrote:
> On Thu, 2015-07-23 at 13:36 -0700, Kees Cook wrote:
>> On Thu, Jul 23, 2015 at 1:27 PM, Andy Shevchenko
>> <[email protected]> wrote:
>> > On Thu, 2015-07-23 at 12:59 -0700, Kees Cook wrote:
>> > > Hi,
>> > >
>> > > I'm curious why ESCAPE_SPACE doesn't escape spaces (0x20)?
>> >
>> > Space is a printable character.
>> > You perhaps wants something like ESCAPE_SPACE | ESCAPE_HEX.
>>
>> Yeah, I can get the effect I want with:
>>
>> flags = ESCAPE_SPACE | ESCAPE_SPECIAL | ESCAPE_NULL | ESCAPE_HEX;
>> esc = "\f\n\r\t\v\\\a\e\0 ";
>
> esc can't contain '\0' in the middle.
Ah, yes, of course.
> So, you would like to convert only space to hex and leave everything
> else printable as is?
That was one idea I was having, yes.
>> This isn't reachable via kasprintf, though (it always has a NULL
>> esc).
>> I will consider some options and send patches.
>
> Before doing this, describe your use case in detail, please.
Sure. I'd like to be able to hex-escape everything <0x20, >0x7f, and
". (I'm working on building a quotable string that is safe to log.) I
think I've settled for a subset of this as:
string_escape_mem(src, slen, dst, 0, ESCAPE_HEX, "\f\n\r\t\v\a\e\\\"")
>> > > That is
>> > > surprising to me, especially since things like isspace() include
>> > > 0x20.
>> >
>> > Moreover, there are test cases in test-string_helpers.c module and
>> > they
>> > are based on the real use cases (before helpers were introduced and
>> > users were converted). So, there is no user which expects hex
>> > conversio
>> > n of the printable character if not asked explicitly.
>>
>> Yeah, I saw it was testing for space to be excluded. I guess I just
>> think the name "ESCAPE_SPACE" is misleading. :)
>
> For sake of name shortness I suppose. The idea is to escape *special*
> spaces by this.
Makes sense. I'll send a patch with some clarifications on the comments.
Thanks!
-Kees
--
Kees Cook
Chrome OS Security