-
Notifications
You must be signed in to change notification settings - Fork 55
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixing kernel commandline parameter validation #148
base: main
Are you sure you want to change the base?
Conversation
Heyo, thanks for the contribution. Just a few questions, mainly for my own understanding since I couldn't find the answer in the linux docs >.> What would happen if the value passed looks like From a usability perspective, would it make sense to instead detect if the value the user passes us contains spaces, and add the quotes for them (with maybe some escaping logic for quotes already in the string, although I'm not sure the linux command line allows for escaping them). |
Only double quotes are allowed. You can't escape " in the value, your example string is invalid.
Maybe a good idea. |
I see, thanks for explaining! In that case, we should also validate that no quotes are contained in the middle of values, e.g.
If we don't have to deal with any complex escaping logic, I think we should do this. Unless I'm missing something, it'd just be
What do others think? |
Thanks @ita93 and @roypat for getting involved into this! I do agree with the first 2 points (for point 2, we even have a function here that could help us with the implementation). Also, what happens if we receive a parameter's value like |
I think that we should follow the purpose of the original function - validating the input, that is all.
As my understanding, this input may still generate a valid kernel commandline, however, the |
e2610af
to
9db1c32
Compare
c085ab6
to
db4d7a4
Compare
There is no activity on this PR for some time, @ita93 are you still interested in getting this merged? If not, can you please close the PR? |
Sorry for the late reply, I'm still interested in this one. I will try posting it in Slack to ask for a reviewing |
(replying now since I saw you rebased this recently, sorry for dropping the ball last year!) Going over the old discussion from last year, I think the only thing left here is to handle the |
You should also rebase your commits to drop the merges. |
I think they're all merge commits created by the github UI (they're all empty), so they'll be dropped if we merge by rebasing |
1afbee4
to
cd4ee10
Compare
Hi, I've added a changelog entry in the newest commit.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some thoughts :)
src/cmdline/mod.rs
Outdated
fn is_quoted(s: &str) -> bool { | ||
if let Some(first_char) = s.chars().next() { | ||
if let Some(last_char) = s.chars().last() { | ||
return first_char == '"' && last_char == '"'; | ||
} | ||
} | ||
false | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO this implementation would accept input with only a '"' character, should we check if next()
and last()
actually pointing different location 🤔, or else we check the length of s
which should be at least 2 characters long
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, I've updated this function as per your suggestion. Can you help me to review it again, please?
8f71b30
to
ac22037
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Could you squash the last commit such that we don't have commits that modify code introduces in earlier commits though?
ac22037
to
2f1d19a
Compare
f01fb8a
to
772ee95
Compare
According to linux kernel document, the value of command line parameter can contains spaces (with double quotes) or equals. This change will also reject the parameter value that contains quotes in the middle. Signed-off-by: Nguyen Dinh Phi <[email protected]>
772ee95
to
2d5e73b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rubber stamping after @roypat's review.
According to linux kernel document, the value of command line parameter can contains spaces (with double quotes) or equals.
Summary of the PR
Please summarize here why the changes in this PR are needed.
Requirements
Before submitting your PR, please make sure you addressed the following
requirements:
git commit -s
), and the commitmessage has max 60 characters for the summary and max 75 characters for each
description line.
test.
Release" section of CHANGELOG.md (if no such section exists, please create one).
unsafe
code is properly documented.