From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:45267)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1bm5DC-0001MD-V2
	for qemu-devel@nongnu.org; Mon, 19 Sep 2016 16:30:48 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1bm5DB-0005eC-RY
	for qemu-devel@nongnu.org; Mon, 19 Sep 2016 16:30:46 -0400
References: <1474172732-31994-1-git-send-email-famz@redhat.com>
	<1474172732-31994-11-git-send-email-famz@redhat.com>
From: Eric Blake <eblake@redhat.com>
Message-ID: <3c68f59b-2673-6817-7879-cc88dbc30c0c@redhat.com>
Date: Mon, 19 Sep 2016 15:30:33 -0500
MIME-Version: 1.0
In-Reply-To: <1474172732-31994-11-git-send-email-famz@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="bS6OWG0QWXO0xiPboXHEfCAGgfaAGVqkj"
Subject: Re: [Qemu-devel] [PATCH v8 10/12] uuid: Tighten uuid parse
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel/>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Fam Zheng <famz@redhat.com>, qemu-devel@nongnu.org
Cc: kwolf@redhat.com, qemu-block@nongnu.org, sw@weilnetz.de, jcody@redhat.com, mdroth@linux.vnet.ibm.com, armbru@redhat.com, pbonzini@redhat.com, mreitz@redhat.com, rth@twiddle.net

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--bS6OWG0QWXO0xiPboXHEfCAGgfaAGVqkj
From: Eric Blake <eblake@redhat.com>
To: Fam Zheng <famz@redhat.com>, qemu-devel@nongnu.org
Cc: kwolf@redhat.com, qemu-block@nongnu.org, sw@weilnetz.de,
 jcody@redhat.com, mdroth@linux.vnet.ibm.com, armbru@redhat.com,
 pbonzini@redhat.com, mreitz@redhat.com, rth@twiddle.net
Message-ID: <3c68f59b-2673-6817-7879-cc88dbc30c0c@redhat.com>
Subject: Re: [PATCH v8 10/12] uuid: Tighten uuid parse
References: <1474172732-31994-1-git-send-email-famz@redhat.com>
 <1474172732-31994-11-git-send-email-famz@redhat.com>
In-Reply-To: <1474172732-31994-11-git-send-email-famz@redhat.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 09/17/2016 11:25 PM, Fam Zheng wrote:
> sscanf is relatively loose (tolerate) on some invalid formats that we
> should fail instead of generating a wrong uuid structure, like with
> whitespaces and short strings.
>=20
> Add and use a helper function to first check the format.
>=20
> Signed-off-by: Fam Zheng <famz@redhat.com>
> ---
>  util/uuid.c | 24 +++++++++++++++++++++++-
>  1 file changed, 23 insertions(+), 1 deletion(-)
>=20

> =20
> +static bool qemu_uuid_is_valid(const char *str)
> +{
> +    int i;
> +
> +    for (i =3D 0; i < strlen(str); i++) {
> +        const char c =3D str[i];
> +        if (i =3D=3D 8 || i =3D=3D 13 || i =3D=3D 18 || i =3D=3D 23) {=

> +            if (str[i] !=3D '-') {
> +                return false;
> +            }
> +        } else {
> +            if ((c >=3D '0' && c <=3D '9') ||
> +                (c >=3D 'A' && c <=3D 'F') ||
> +                (c >=3D 'a' && c <=3D 'f')) {
> +                continue;
> +            }
> +            return false;
> +        }
> +    }
> +    return i =3D=3D 36;
> +}

Quite verbose, compared to my earlier suggestion of just checking that
all bytes in the string are valid (but not worrying about positions,
because sscanf mostly does that):

 strspn(str, "0123456789abcdefABCDEF-") =3D=3D 36 && !str[36]

and then tightening sscanf() (now that we've rejected whitespace via
strspn(), all that remains is to ensure we parsed as much as we were
expecting), as in:

 sscanf(str, UUID_FMT "%n", &uuid[0], ... &uuid[15], &len)

and then validating that len =3D=3D 36.

But while my approach is a (cryptic) three-line change, yours is easier
to check that it is obviously correct.  So unless you want to respin
because you like playing golf when writing C expressions,

Reviewed-by: Eric Blake <eblake@redhat.com>

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--bS6OWG0QWXO0xiPboXHEfCAGgfaAGVqkj
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJX4ErpAAoJEKeha0olJ0Nq90UIAJNfatzKDSqEhbKq/ZM0KCHh
9SPRCGp0TlTTZw/AUSaG6O8vG+Fhv4l5mtaCveWghcOa70ebvnbSAgMKVEEVnLJs
NtAbbfyBKJwS6U8cu/45YGLTwCbhw+NiLUdl4eAzqw2AzufnfXAM8lroky7SYrPv
JfAefzmnz2o0i975Y/+zf4Y+5f9brJOscNkTbKFB3xWtt0rIdJ0bZnmnMGuIJPMQ
oegVQYNtgoA/XIWNY5Wb6Jbp1dma53PrCdZ9oK2tu7Ob2AH8SSGBKE8Ch6RSbEfS
0YiJoJr0cc9lejglzW1XtL7tNkD4UM1Unya4kLw3+HNow70oiJjS+wY1Xt5lg7o=
=Sb4S
-----END PGP SIGNATURE-----

--bS6OWG0QWXO0xiPboXHEfCAGgfaAGVqkj--