Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp669812ybd; Sat, 22 Jun 2019 12:01:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqwrAt55IjzCX+5hZsmV/A8JMvULSsggYmrinx5CUP5H5brGEbEbZ5nI559fTnkSV57oaXS6 X-Received: by 2002:a17:902:2868:: with SMTP id e95mr22333892plb.319.1561230102566; Sat, 22 Jun 2019 12:01:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561230102; cv=none; d=google.com; s=arc-20160816; b=eMXddz5T30l3gNh7hU0fA6iBK2Lxs/vxvdV0PHJrtO3IiZiTlyPJ2jx2vXsTs0QNsY axC8htN9mPZ4rrG8nLS7Wseihm3RPBNXX7GRci2FgmkoJbUMuYszMIyFgR+PTxQGJgQ+ StYd/CfQ9VpVsK3FgsnZPfFhFvtbA0yl4Qqa3b3iuKGTnL5+qYrqoCJS6qZMgUeDfERH UqUBFvEkhIsBm7iSHODO5bU1T9z+K4hBw7QHIsAoubmbI6myXjw+Hw/MIZi6ijzAX1pn jdTvxg5xrJ92K3QBLJK4gv153XbNRpQvH+BsqPeEr9OzYNY4gPEHDcaKAjVLDryQhHPp hvJw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=OfZ9L5Q1Fo751wRj8RN7RKF6sPpFRCMruXuL/Wn72TA=; b=WJOWMbrexe/luXa2yck0OXCeC9bt/hqB2E0X3DpFgjh4uMi2pxjiZbHQXhp654FmIf fcjoyYN0P5TB4XwJN3k3s6LFT597pdnnl1XnP0ie6lgfh6c5i3NS3j0sS8mP7iDpB4Ji wBo83b/MhjaHcue6k2lv4Y0j030lsEMIHAV5QZaT1NxQyEXCSVjP1D2tYHtxDfcjblIA qQc8tzp2ulau3iPFJnU9OnCVxHzSlxsxHHjfR+I4X9xVtWQVtge4Au4GMBhjjiLuNIcP Mm5DLpW3lOEOo5gv+ziDdC4eCqUivW77arXinkoZZ4K363+fdaljPi2m36YBhSK+4DTb kvkQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 18si1949412pgn.70.2019.06.22.12.01.02; Sat, 22 Jun 2019 12:01:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-nfs-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726276AbfFVTA7 (ORCPT + 99 others); Sat, 22 Jun 2019 15:00:59 -0400 Received: from fieldses.org ([173.255.197.46]:46528 "EHLO fieldses.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725995AbfFVTA7 (ORCPT ); Sat, 22 Jun 2019 15:00:59 -0400 Received: by fieldses.org (Postfix, from userid 2815) id B4A622010; Sat, 22 Jun 2019 15:00:58 -0400 (EDT) Date: Sat, 22 Jun 2019 15:00:58 -0400 From: "J. Bruce Fields" To: Kees Cook Cc: linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 08/16] nfsd: escape high characters in binary data Message-ID: <20190622190058.GD5343@fieldses.org> References: <1561042275-12723-1-git-send-email-bfields@redhat.com> <1561042275-12723-9-git-send-email-bfields@redhat.com> <20190621174544.GC25590@fieldses.org> <201906211431.E6552108@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201906211431.E6552108@keescook> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-nfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Fri, Jun 21, 2019 at 03:26:00PM -0700, Kees Cook wrote: > On Fri, Jun 21, 2019 at 01:45:44PM -0400, J. Bruce Fields wrote: > > I'm not sure who to get review from for this kind of thing. > > > > Kees, you seem to be one of the only people to touch string_helpers.c > > at all recently, any ideas? > > Hi! Yeah, I'm happy to take a look. Notes below... Thanks! > > On Thu, Jun 20, 2019 at 10:51:07AM -0400, J. Bruce Fields wrote: > > > From: "J. Bruce Fields" > > > > > > I'm exposing some information about NFS clients in pseudofiles. I > > > expect to eventually have simple tools to help read those pseudofiles. > > > > > > But it's also helpful if the raw files are human-readable to the extent > > > possible. It aids debugging and makes them usable on systems that don't > > > have the latest nfs-utils. > > > > > > A minor challenge there is opaque client-generated protocol objects like > > > state owners and client identifiers. Some clients generate those to > > > include handy information in plain ascii. But they may also include > > > arbitrary byte sequences. > > > > > > I think the simplest approach is to limit to isprint(c) && isascii(c) > > > and escape everything else. > > Can you get the same functionality out of sprintf's %pE (escaped > string)? If not, maybe we should expand the flags available? Nothing against it, I just didn't want it to do that for one user, but... > > * - 'E[achnops]' For an escaped buffer, where rules are defined by > * combination > * of the following flags (see string_escape_mem() for > * the > * details): > * a - ESCAPE_ANY > * c - ESCAPE_SPECIAL > * h - ESCAPE_HEX > * n - ESCAPE_NULL > * o - ESCAPE_OCTAL > * p - ESCAPE_NP > * s - ESCAPE_SPACE > * By default ESCAPE_ANY_NP is used. > > This doesn't cover escaping >0x7f and " and \ > > And perhaps I should rework kstrdup_quotable() to have that flag? It's > not currently escaping non-ascii and it probably should. Maybe > "ESCAPE_QUOTABLE" as "q"? ... but if you think there's a lot of existing users that really want this behavior, then great. I'll look into that. The logic around ESCAPE_NP and the "only" string is really confusing. I started assuming I could just add an ESCAPE_NONASCII flag and stick " and \ into the "only" string, but it doesn't work that way. ---b.