From: Markus Armbruster <armbru@redhat.com>
To: "Philippe Mathieu-Daudé" <philmd@redhat.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 1/6] qemu-bridge-helper: Fix misuse of isspace()
Date: Mon, 13 May 2019 15:13:15 +0200 [thread overview]
Message-ID: <875zqe7b10.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <2679829b-cc1d-83ce-9949-2b80d970ddec@redhat.com> ("Philippe Mathieu-Daudé"'s message of "Thu, 18 Apr 2019 17:19:45 +0200")
Philippe Mathieu-Daudé <philmd@redhat.com> writes:
> On 4/18/19 4:53 PM, Markus Armbruster wrote:
>> parse_acl_file() passes char values to isspace(). Undefined behavior
>> when the value is negative. Not a security issue, because the
>> characters come from trusted $prefix/etc/qemu/bridge.conf and the
>> files it includes.
>>
>> Fix by using qemu_isspace() instead.
>
> Can we use g_ascii_isspace() and remove qemu_isspace()?
Hmm, I wasn't aware of that one.
arg type arg values obeys locale?
ctype.h isFOO() int unsigned char, EOF [1] yes [4]
qemu_isFOO() int any char [2] yes [4]
g_ascii_isFOO() char any char [3] no
[1] Undefined behavior when the argument is a negative plain or signed
char. Well-known trap.
[2] qemu_isFOO(arg) expands into isFOO((unsigned char)arg), which works
fine for plain, signed and unsigned char arg.
[3] When plain char is signed, and the actual argument is unsigned char
and not representable as char, then behavior is implementation-defined.
No problem; the implementations we care for reinterpret as two's
complement.
[4] Obeying the locale is commonly unwanted.
Replacing isFOO() by qemu_isFOO() gets rid of trap [1] (and loses EOF,
but that rarely matters).
Replacing qemu_isFOO() by g_ascii_isFOO() gets rid of the commonly
unwanted locale dependence. Each such replacement needs review, no
matter how common "unwanted" may be.
I suspect we'd almost always be better off with g_ascii_isFOO() instead
of qemu_isFOO(). If that's the case, then the few exceptions (if any)
could use standard isFOO(), so we can drop qemu_isFOO().
I'd rather not do that myself globally now due to the "needs review"
part.
Perhaps I should do it just for this file while I touch it anyway. The
question to ask: should parse_acl_file() obey the locale for whitespace
recognition?
>> Signed-off-by: Markus Armbruster <armbru@redhat.com>
>> ---
>> qemu-bridge-helper.c | 7 ++++---
>> 1 file changed, 4 insertions(+), 3 deletions(-)
>>
>> diff --git a/qemu-bridge-helper.c b/qemu-bridge-helper.c
>> index 5396fbfbb6..0d60c07655 100644
>> --- a/qemu-bridge-helper.c
>> +++ b/qemu-bridge-helper.c
>> @@ -29,6 +29,7 @@
>> #include <linux/if_bridge.h>
>> #endif
>>
>> +#include "qemu-common.h"
>> #include "qemu/queue.h"
>>
>> #include "net/tap-linux.h"
>> @@ -75,7 +76,7 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
>> char *ptr = line;
>> char *cmd, *arg, *argend;
>>
>> - while (isspace(*ptr)) {
>> + while (qemu_isspace(*ptr)) {
>> ptr++;
>> }
>>
>> @@ -99,12 +100,12 @@ static int parse_acl_file(const char *filename, ACLList *acl_list)
>>
>> *arg = 0;
>> arg++;
>> - while (isspace(*arg)) {
>> + while (qemu_isspace(*arg)) {
>> arg++;
>> }
>>
>> argend = arg + strlen(arg);
>> - while (arg != argend && isspace(*(argend - 1))) {
>> + while (arg != argend && qemu_isspace(*(argend - 1))) {
>> argend--;
>> }
>> *argend = 0;
>>
next prev parent reply other threads:[~2019-05-13 13:21 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-18 14:53 [Qemu-devel] [PATCH 0/6] Fix misuse of ctype.h functions Markus Armbruster
2019-04-18 14:53 ` [Qemu-devel] [PATCH 1/6] qemu-bridge-helper: Fix misuse of isspace() Markus Armbruster
2019-04-18 15:19 ` Philippe Mathieu-Daudé
2019-05-13 13:13 ` Markus Armbruster [this message]
2019-05-13 13:58 ` Peter Maydell
2019-05-14 12:18 ` Markus Armbruster
2019-05-14 16:03 ` Philippe Mathieu-Daudé
2019-05-15 4:04 ` Jason Wang
2019-05-15 6:34 ` Markus Armbruster
2019-05-15 10:09 ` Peter Maydell
2019-05-15 10:26 ` Daniel P. Berrangé
2019-05-15 14:54 ` Markus Armbruster
2019-05-15 14:55 ` Daniel P. Berrangé
2019-05-15 15:38 ` Richard Henderson
2019-05-15 16:55 ` Markus Armbruster
2019-05-15 17:28 ` Richard Henderson
2019-05-15 13:35 ` Paolo Bonzini
2019-05-17 4:35 ` Jason Wang
2019-05-17 11:45 ` Paolo Bonzini
2019-04-18 14:53 ` [Qemu-devel] [PATCH 2/6] tests/vhost-user-bridge: Fix misuse of isdigit() Markus Armbruster
2019-04-18 14:53 ` [Qemu-devel] [PATCH 3/6] gdbstub: Reject invalid RLE repeat counts Markus Armbruster
2019-04-18 15:26 ` Philippe Mathieu-Daudé
2019-05-13 12:39 ` Markus Armbruster
2019-05-13 13:05 ` Philippe Mathieu-Daudé
2019-04-18 14:53 ` [Qemu-devel] [PATCH 4/6] gdbstub: Fix misuse of isxdigit() Markus Armbruster
2019-04-18 14:53 ` [Qemu-devel] [PATCH 5/6] pc-bios/s390-ccw: Clean up harmless misuse of isdigit() Markus Armbruster
2019-04-18 16:28 ` Thomas Huth
2019-04-18 16:28 ` Thomas Huth
2019-04-18 18:13 ` Markus Armbruster
2019-04-18 18:13 ` Markus Armbruster
2019-05-08 8:51 ` Thomas Huth
2019-04-18 14:53 ` [Qemu-devel] [PATCH 6/6] cutils: Simplify how parse_uint() checks for whitespace Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875zqe7b10.fsf@dusky.pond.sub.org \
--to=armbru@redhat.com \
--cc=philmd@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.