Message ID | 20190709204040.17746-1-mcroce@redhat.com |
---|---|
State | Changes Requested |
Delegated to: | stephen hemminger |
Headers | show |
Series | [iproute2] utils: don't match empty strings as prefixes | expand |
On Tue, 9 Jul 2019 22:40:40 +0200 Matteo Croce <mcroce@redhat.com> wrote: > iproute has an utility function which checks if a string is a prefix for > another one, to allow use of abbreviated commands, e.g. 'addr' or 'a' > instead of 'address'. > > This routine unfortunately considers an empty string as prefix > of any pattern, leading to undefined behaviour when an empty > argument is passed to ip: > > # ip '' > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host > valid_lft forever preferred_lft forever > > # tc '' > qdisc noqueue 0: dev lo root refcnt 2 > > # ip address add 192.0.2.0/24 '' 198.51.100.1 dev dummy0 > # ip addr show dev dummy0 > 6: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000 > link/ether 02:9d:5e:e9:3f:c0 brd ff:ff:ff:ff:ff:ff > inet 192.0.2.0/24 brd 198.51.100.1 scope global dummy0 > valid_lft forever preferred_lft forever > > Rewrite matches() so it takes care of an empty input, and doesn't > scan the input strings three times: the actual implementation > does 2 strlen and a memcpy to accomplish the same task. > > Signed-off-by: Matteo Croce <mcroce@redhat.com> > --- > include/utils.h | 2 +- > lib/utils.c | 14 +++++++++----- > 2 files changed, 10 insertions(+), 6 deletions(-) > > diff --git a/include/utils.h b/include/utils.h > index 927fdc17..f4d12abb 100644 > --- a/include/utils.h > +++ b/include/utils.h > @@ -198,7 +198,7 @@ int nodev(const char *dev); > int check_ifname(const char *); > int get_ifname(char *, const char *); > const char *get_ifname_rta(int ifindex, const struct rtattr *rta); > -int matches(const char *arg, const char *pattern); > +int matches(const char *prefix, const char *string); > int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits); > int inet_addr_match_rta(const inet_prefix *m, const struct rtattr *rta); > > diff --git a/lib/utils.c b/lib/utils.c > index be0f11b0..73ce19bb 100644 > --- a/lib/utils.c > +++ b/lib/utils.c > @@ -887,13 +887,17 @@ const char *get_ifname_rta(int ifindex, const struct rtattr *rta) > return name; > } > > -int matches(const char *cmd, const char *pattern) > +/* Check if 'prefix' is a non empty prefix of 'string' */ > +int matches(const char *prefix, const char *string) > { > - int len = strlen(cmd); > + if (!*prefix) > + return 1; > + while(*string && *prefix == *string) { > + prefix++; > + string++; > + } > > - if (len > strlen(pattern)) > - return -1; > - return memcmp(pattern, cmd, len); > + return *prefix; > } > > int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits) ERROR: space required before the open parenthesis '(' #134: FILE: lib/utils.c:895: + while(*string && *prefix == *string) { total: 1 errors, 1 warnings, 30 lines checked The empty prefix string is a bug and should not be allowed. Also return value should be same as old code (yours isn't).
On Tue, Jul 9, 2019 at 11:38 PM Stephen Hemminger <stephen@networkplumber.org> wrote: > > On Tue, 9 Jul 2019 22:40:40 +0200 > Matteo Croce <mcroce@redhat.com> wrote: > > > iproute has an utility function which checks if a string is a prefix for > > another one, to allow use of abbreviated commands, e.g. 'addr' or 'a' > > instead of 'address'. > > > > This routine unfortunately considers an empty string as prefix > > of any pattern, leading to undefined behaviour when an empty > > argument is passed to ip: > > > > # ip '' > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > inet 127.0.0.1/8 scope host lo > > valid_lft forever preferred_lft forever > > inet6 ::1/128 scope host > > valid_lft forever preferred_lft forever > > > > # tc '' > > qdisc noqueue 0: dev lo root refcnt 2 > > > > # ip address add 192.0.2.0/24 '' 198.51.100.1 dev dummy0 > > # ip addr show dev dummy0 > > 6: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000 > > link/ether 02:9d:5e:e9:3f:c0 brd ff:ff:ff:ff:ff:ff > > inet 192.0.2.0/24 brd 198.51.100.1 scope global dummy0 > > valid_lft forever preferred_lft forever > > > > Rewrite matches() so it takes care of an empty input, and doesn't > > scan the input strings three times: the actual implementation > > does 2 strlen and a memcpy to accomplish the same task. > > > > Signed-off-by: Matteo Croce <mcroce@redhat.com> > > --- > > include/utils.h | 2 +- > > lib/utils.c | 14 +++++++++----- > > 2 files changed, 10 insertions(+), 6 deletions(-) > > > > diff --git a/include/utils.h b/include/utils.h > > index 927fdc17..f4d12abb 100644 > > --- a/include/utils.h > > +++ b/include/utils.h > > @@ -198,7 +198,7 @@ int nodev(const char *dev); > > int check_ifname(const char *); > > int get_ifname(char *, const char *); > > const char *get_ifname_rta(int ifindex, const struct rtattr *rta); > > -int matches(const char *arg, const char *pattern); > > +int matches(const char *prefix, const char *string); > > int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits); > > int inet_addr_match_rta(const inet_prefix *m, const struct rtattr *rta); > > > > diff --git a/lib/utils.c b/lib/utils.c > > index be0f11b0..73ce19bb 100644 > > --- a/lib/utils.c > > +++ b/lib/utils.c > > @@ -887,13 +887,17 @@ const char *get_ifname_rta(int ifindex, const struct rtattr *rta) > > return name; > > } > > > > -int matches(const char *cmd, const char *pattern) > > +/* Check if 'prefix' is a non empty prefix of 'string' */ > > +int matches(const char *prefix, const char *string) > > { > > - int len = strlen(cmd); > > + if (!*prefix) > > + return 1; > > + while(*string && *prefix == *string) { > > + prefix++; > > + string++; > > + } > > > > - if (len > strlen(pattern)) > > - return -1; > > - return memcmp(pattern, cmd, len); > > + return *prefix; > > } > > > > int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits) > > ERROR: space required before the open parenthesis '(' > #134: FILE: lib/utils.c:895: > + while(*string && *prefix == *string) { > > total: 1 errors, 1 warnings, 30 lines checked > > The empty prefix string is a bug and should not be allowed. > Also return value should be same as old code (yours isn't). > > > The old return value was the difference between the first pair of bytes, according to the memcmp manpage. All calls only checks if the matches() return value is 0 or not 0: iproute2$ git grep 'matches(' |grep -v -e '== 0' -e '= 0' -e '!matches(' include/utils.h:int matches(const char *prefix, const char *string); include/xtables.h:extern void xtables_register_matches(struct xtables_match *, unsigned int); lib/color.c: if (matches(dup, "-color")) lib/utils.c:int matches(const char *prefix, const char *string) tc/tc.c: if (matches(argv[0], iter->c)) Is it a problem if it returns a non negative value for non matching strings? Regards, -- Matteo Croce per aspera ad upstream
On Wed, Jul 10, 2019 at 1:18 AM Matteo Croce <mcroce@redhat.com> wrote: > > On Tue, Jul 9, 2019 at 11:38 PM Stephen Hemminger > <stephen@networkplumber.org> wrote: > > > > On Tue, 9 Jul 2019 22:40:40 +0200 > > Matteo Croce <mcroce@redhat.com> wrote: > > > > > iproute has an utility function which checks if a string is a prefix for > > > another one, to allow use of abbreviated commands, e.g. 'addr' or 'a' > > > instead of 'address'. > > > > > > This routine unfortunately considers an empty string as prefix > > > of any pattern, leading to undefined behaviour when an empty > > > argument is passed to ip: > > > > > > # ip '' > > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 > > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > > inet 127.0.0.1/8 scope host lo > > > valid_lft forever preferred_lft forever > > > inet6 ::1/128 scope host > > > valid_lft forever preferred_lft forever > > > > > > # tc '' > > > qdisc noqueue 0: dev lo root refcnt 2 > > > > > > # ip address add 192.0.2.0/24 '' 198.51.100.1 dev dummy0 > > > # ip addr show dev dummy0 > > > 6: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000 > > > link/ether 02:9d:5e:e9:3f:c0 brd ff:ff:ff:ff:ff:ff > > > inet 192.0.2.0/24 brd 198.51.100.1 scope global dummy0 > > > valid_lft forever preferred_lft forever > > > > > > Rewrite matches() so it takes care of an empty input, and doesn't > > > scan the input strings three times: the actual implementation > > > does 2 strlen and a memcpy to accomplish the same task. > > > > > > Signed-off-by: Matteo Croce <mcroce@redhat.com> > > > --- > > > include/utils.h | 2 +- > > > lib/utils.c | 14 +++++++++----- > > > 2 files changed, 10 insertions(+), 6 deletions(-) > > > > > > diff --git a/include/utils.h b/include/utils.h > > > index 927fdc17..f4d12abb 100644 > > > --- a/include/utils.h > > > +++ b/include/utils.h > > > @@ -198,7 +198,7 @@ int nodev(const char *dev); > > > int check_ifname(const char *); > > > int get_ifname(char *, const char *); > > > const char *get_ifname_rta(int ifindex, const struct rtattr *rta); > > > -int matches(const char *arg, const char *pattern); > > > +int matches(const char *prefix, const char *string); > > > int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits); > > > int inet_addr_match_rta(const inet_prefix *m, const struct rtattr *rta); > > > > > > diff --git a/lib/utils.c b/lib/utils.c > > > index be0f11b0..73ce19bb 100644 > > > --- a/lib/utils.c > > > +++ b/lib/utils.c > > > @@ -887,13 +887,17 @@ const char *get_ifname_rta(int ifindex, const struct rtattr *rta) > > > return name; > > > } > > > > > > -int matches(const char *cmd, const char *pattern) > > > +/* Check if 'prefix' is a non empty prefix of 'string' */ > > > +int matches(const char *prefix, const char *string) > > > { > > > - int len = strlen(cmd); > > > + if (!*prefix) > > > + return 1; > > > + while(*string && *prefix == *string) { > > > + prefix++; > > > + string++; > > > + } > > > > > > - if (len > strlen(pattern)) > > > - return -1; > > > - return memcmp(pattern, cmd, len); > > > + return *prefix; > > > } > > > > > > int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits) > > > > ERROR: space required before the open parenthesis '(' > > #134: FILE: lib/utils.c:895: > > + while(*string && *prefix == *string) { > > > > total: 1 errors, 1 warnings, 30 lines checked > > > > The empty prefix string is a bug and should not be allowed. > > Also return value should be same as old code (yours isn't). > > > > > > > > The old return value was the difference between the first pair of > bytes, according to the memcmp manpage. > All calls only checks if the matches() return value is 0 or not 0: > > iproute2$ git grep 'matches(' |grep -v -e '== 0' -e '= 0' -e '!matches(' > include/utils.h:int matches(const char *prefix, const char *string); > include/xtables.h:extern void xtables_register_matches(struct > xtables_match *, unsigned int); > lib/color.c: if (matches(dup, "-color")) > lib/utils.c:int matches(const char *prefix, const char *string) > tc/tc.c: if (matches(argv[0], iter->c)) > > Is it a problem if it returns a non negative value for non matching strings? > > Regards, > > > -- > Matteo Croce > per aspera ad upstream Hi Stephen, should I send a v2 which keeps the old behaviour, even if noone checks for all the values? Just to clarify, the old behaviour of matches(cmd, pattern) was: -1 if len(cmd) > len(pattern) 0 if pattern is equal to cmd 0 if pattern starts with cmd < 0 if pattern is alphabetically lower than cmd > 0 if pattern is alphabetically higher than cmd Regards,
On Sun, 14 Jul 2019 16:57:54 +0200 Matteo Croce <mcroce@redhat.com> wrote: > On Wed, Jul 10, 2019 at 1:18 AM Matteo Croce <mcroce@redhat.com> wrote: > > > > On Tue, Jul 9, 2019 at 11:38 PM Stephen Hemminger > > <stephen@networkplumber.org> wrote: > > > > > > On Tue, 9 Jul 2019 22:40:40 +0200 > > > Matteo Croce <mcroce@redhat.com> wrote: > > > > > > > iproute has an utility function which checks if a string is a prefix for > > > > another one, to allow use of abbreviated commands, e.g. 'addr' or 'a' > > > > instead of 'address'. > > > > > > > > This routine unfortunately considers an empty string as prefix > > > > of any pattern, leading to undefined behaviour when an empty > > > > argument is passed to ip: > > > > > > > > # ip '' > > > > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 > > > > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > > > > inet 127.0.0.1/8 scope host lo > > > > valid_lft forever preferred_lft forever > > > > inet6 ::1/128 scope host > > > > valid_lft forever preferred_lft forever > > > > > > > > # tc '' > > > > qdisc noqueue 0: dev lo root refcnt 2 > > > > > > > > # ip address add 192.0.2.0/24 '' 198.51.100.1 dev dummy0 > > > > # ip addr show dev dummy0 > > > > 6: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000 > > > > link/ether 02:9d:5e:e9:3f:c0 brd ff:ff:ff:ff:ff:ff > > > > inet 192.0.2.0/24 brd 198.51.100.1 scope global dummy0 > > > > valid_lft forever preferred_lft forever > > > > > > > > Rewrite matches() so it takes care of an empty input, and doesn't > > > > scan the input strings three times: the actual implementation > > > > does 2 strlen and a memcpy to accomplish the same task. > > > > > > > > Signed-off-by: Matteo Croce <mcroce@redhat.com> > > > > --- > > > > include/utils.h | 2 +- > > > > lib/utils.c | 14 +++++++++----- > > > > 2 files changed, 10 insertions(+), 6 deletions(-) > > > > > > > > diff --git a/include/utils.h b/include/utils.h > > > > index 927fdc17..f4d12abb 100644 > > > > --- a/include/utils.h > > > > +++ b/include/utils.h > > > > @@ -198,7 +198,7 @@ int nodev(const char *dev); > > > > int check_ifname(const char *); > > > > int get_ifname(char *, const char *); > > > > const char *get_ifname_rta(int ifindex, const struct rtattr *rta); > > > > -int matches(const char *arg, const char *pattern); > > > > +int matches(const char *prefix, const char *string); > > > > int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits); > > > > int inet_addr_match_rta(const inet_prefix *m, const struct rtattr *rta); > > > > > > > > diff --git a/lib/utils.c b/lib/utils.c > > > > index be0f11b0..73ce19bb 100644 > > > > --- a/lib/utils.c > > > > +++ b/lib/utils.c > > > > @@ -887,13 +887,17 @@ const char *get_ifname_rta(int ifindex, const struct rtattr *rta) > > > > return name; > > > > } > > > > > > > > -int matches(const char *cmd, const char *pattern) > > > > +/* Check if 'prefix' is a non empty prefix of 'string' */ > > > > +int matches(const char *prefix, const char *string) > > > > { > > > > - int len = strlen(cmd); > > > > + if (!*prefix) > > > > + return 1; > > > > + while(*string && *prefix == *string) { > > > > + prefix++; > > > > + string++; > > > > + } > > > > > > > > - if (len > strlen(pattern)) > > > > - return -1; > > > > - return memcmp(pattern, cmd, len); > > > > + return *prefix; > > > > } > > > > > > > > int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits) > > > > > > ERROR: space required before the open parenthesis '(' > > > #134: FILE: lib/utils.c:895: > > > + while(*string && *prefix == *string) { > > > > > > total: 1 errors, 1 warnings, 30 lines checked > > > > > > The empty prefix string is a bug and should not be allowed. > > > Also return value should be same as old code (yours isn't). > > > > > > > > > > > > > The old return value was the difference between the first pair of > > bytes, according to the memcmp manpage. > > All calls only checks if the matches() return value is 0 or not 0: > > > > iproute2$ git grep 'matches(' |grep -v -e '== 0' -e '= 0' -e '!matches(' > > include/utils.h:int matches(const char *prefix, const char *string); > > include/xtables.h:extern void xtables_register_matches(struct > > xtables_match *, unsigned int); > > lib/color.c: if (matches(dup, "-color")) > > lib/utils.c:int matches(const char *prefix, const char *string) > > tc/tc.c: if (matches(argv[0], iter->c)) > > > > Is it a problem if it returns a non negative value for non matching strings? > > > > Regards, > > > > > > -- > > Matteo Croce > > per aspera ad upstream > > Hi Stephen, > > should I send a v2 which keeps the old behaviour, even if noone checks > for all the values? > Just to clarify, the old behaviour of matches(cmd, pattern) was: > > -1 if len(cmd) > len(pattern) > 0 if pattern is equal to cmd > 0 if pattern starts with cmd > < 0 if pattern is alphabetically lower than cmd > > 0 if pattern is alphabetically higher than cmd > > Regards, Maybe time to make matches() into a boolean since that is how it is used.
diff --git a/include/utils.h b/include/utils.h index 927fdc17..f4d12abb 100644 --- a/include/utils.h +++ b/include/utils.h @@ -198,7 +198,7 @@ int nodev(const char *dev); int check_ifname(const char *); int get_ifname(char *, const char *); const char *get_ifname_rta(int ifindex, const struct rtattr *rta); -int matches(const char *arg, const char *pattern); +int matches(const char *prefix, const char *string); int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits); int inet_addr_match_rta(const inet_prefix *m, const struct rtattr *rta); diff --git a/lib/utils.c b/lib/utils.c index be0f11b0..73ce19bb 100644 --- a/lib/utils.c +++ b/lib/utils.c @@ -887,13 +887,17 @@ const char *get_ifname_rta(int ifindex, const struct rtattr *rta) return name; } -int matches(const char *cmd, const char *pattern) +/* Check if 'prefix' is a non empty prefix of 'string' */ +int matches(const char *prefix, const char *string) { - int len = strlen(cmd); + if (!*prefix) + return 1; + while(*string && *prefix == *string) { + prefix++; + string++; + } - if (len > strlen(pattern)) - return -1; - return memcmp(pattern, cmd, len); + return *prefix; } int inet_addr_match(const inet_prefix *a, const inet_prefix *b, int bits)
iproute has an utility function which checks if a string is a prefix for another one, to allow use of abbreviated commands, e.g. 'addr' or 'a' instead of 'address'. This routine unfortunately considers an empty string as prefix of any pattern, leading to undefined behaviour when an empty argument is passed to ip: # ip '' 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever # tc '' qdisc noqueue 0: dev lo root refcnt 2 # ip address add 192.0.2.0/24 '' 198.51.100.1 dev dummy0 # ip addr show dev dummy0 6: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 02:9d:5e:e9:3f:c0 brd ff:ff:ff:ff:ff:ff inet 192.0.2.0/24 brd 198.51.100.1 scope global dummy0 valid_lft forever preferred_lft forever Rewrite matches() so it takes care of an empty input, and doesn't scan the input strings three times: the actual implementation does 2 strlen and a memcpy to accomplish the same task. Signed-off-by: Matteo Croce <mcroce@redhat.com> --- include/utils.h | 2 +- lib/utils.c | 14 +++++++++----- 2 files changed, 10 insertions(+), 6 deletions(-)