From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54464)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1bdM4K-0005TZ-7d
	for qemu-devel@nongnu.org; Fri, 26 Aug 2016 14:41:33 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1bdM4F-00052P-B3
	for qemu-devel@nongnu.org; Fri, 26 Aug 2016 14:41:31 -0400
Received: from mx1.redhat.com ([209.132.183.28]:59348)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1bdM4F-00052L-2j
	for qemu-devel@nongnu.org; Fri, 26 Aug 2016 14:41:27 -0400
References: <147222401281.18925.1894824578752486297.stgit@bahia.lan>
	<147222402890.18925.12890875990211775724.stgit@bahia.lan>
From: Eric Blake <eblake@redhat.com>
Message-ID: <57C08D53.1040604@redhat.com>
Date: Fri, 26 Aug 2016 13:41:23 -0500
MIME-Version: 1.0
In-Reply-To: <147222402890.18925.12890875990211775724.stgit@bahia.lan>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="4q4kRPvu4UWGxj4Q4Kt7iDBwnX8QDXrP8"
Subject: Re: [Qemu-devel] [PATCH v2 2/5] 9p: disallow the NUL character in
 all strings
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Greg Kurz <groug@kaod.org>, qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>, Felix Wilhelm <fwilhelm@ernw.de>, "Michael S. Tsirkin" <mst@redhat.com>, P J P <ppandit@redhat.com>, "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--4q4kRPvu4UWGxj4Q4Kt7iDBwnX8QDXrP8
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 08/26/2016 10:07 AM, Greg Kurz wrote:
> According to the 9P spec at http://man.cat-v.org/plan_9/5/intro :
>=20
> Data items of larger or variable lengths are represented by a
> two-byte field specifying a count, n, followed by n bytes of
> data.  Text strings are represented this way, with the text
> itself stored as a UTF-8 encoded sequence of Unicode charac-
> ters (see utf(6)). Text strings in 9P messages are not NUL-
> terminated: n counts the bytes of UTF-8 data, which include
> no final zero byte.  The NUL character is illegal in all
> text strings in 9P, and is therefore excluded from file
> names, user names, and so on.
>=20
> With this patch, if a 9P client sends a text string containing a NUL
> character, the request will fail and the client is returned EINVAL.
>=20
> The checking is done in v9fs_iov_vunmarshal() because it is a convenien=
t
> place to check all client originated strings.
>=20
> Suggested-by: Peter Maydell <peter.maydell@linaro.org>
> Signed-off-by: Greg Kurz <groug@kaod.org>
> ---
>  fsdev/9p-iov-marshal.c |    7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>=20
> diff --git a/fsdev/9p-iov-marshal.c b/fsdev/9p-iov-marshal.c
> index 663cad542900..9bcdc370231d 100644
> --- a/fsdev/9p-iov-marshal.c
> +++ b/fsdev/9p-iov-marshal.c
> @@ -127,7 +127,12 @@ ssize_t v9fs_iov_vunmarshal(struct iovec *out_sg, =
int out_num, size_t offset,
>                                       str->size);
>                  if (copied > 0) {
>                      str->data[str->size] =3D 0;
> -                } else {
> +                    /* 9P forbids NUL characters in all text strings *=
/
> +                    if (strlen(str->data) !=3D str->size) {

If this were glibc, we could micro-optimize and do:

if (rawmemchr(str->data, 0) !=3D str->data + str->size)

so that strlen() doesn't have to visit the tail end of the string if a
NUL is present early.  But your code is just fine as-is, and doesn't
have to worry about rawmemchr() being present.

Reviewed-by: Eric Blake <eblake@redhat.com>

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--4q4kRPvu4UWGxj4Q4Kt7iDBwnX8QDXrP8
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJXwI1TAAoJEKeha0olJ0NqH38IAJXMDpt80q3rWS1QB9+3zmbU
bEEECK9hXyJPFUIZq6Tc4iXQQNi85GVdh9uBzlOWFrjcZiOLSu4lcFFi8rsTgmml
eGpkaEc4uhaUfcvI7GZyhw7jKorvEMkvs/h5kF4DfucYXAVnQ7bDWnqAtiEYoJVt
+QPp1okcWV8aJO626bzQuAaVHFcSECix5+NRmJsugVIhQUBZEGxPT7dbjmqk2LXO
uk9bGtb8UrrYlPnm4FCyIAtO/5tcWky2VYHSCKe/f3UA92dA3j2sXP1W1bx77pMj
O6biCmtgSpOYOnShg507itF4t+lp8UMncmRqw66C8W4C5Yd/RlFba9utXRKNwDQ=
=ESih
-----END PGP SIGNATURE-----

--4q4kRPvu4UWGxj4Q4Kt7iDBwnX8QDXrP8--