diff options
author | Florian Weimer <fweimer@redhat.com> | 2018-11-27 21:35:56 +0100 |
---|---|---|
committer | Florian Weimer <fweimer@redhat.com> | 2018-11-27 21:35:56 +0100 |
commit | c74a91deaa5de416237c02bbb3e41bda76ca4c7b (patch) | |
tree | 33f46f86274a8c4286ba6ddb46370e8c8cfd0e32 | |
parent | d527c860f5a3f0ed687bd03f0cb464612dc23408 (diff) | |
download | glibc-c74a91deaa5de416237c02bbb3e41bda76ca4c7b.tar glibc-c74a91deaa5de416237c02bbb3e41bda76ca4c7b.tar.gz glibc-c74a91deaa5de416237c02bbb3e41bda76ca4c7b.tar.bz2 glibc-c74a91deaa5de416237c02bbb3e41bda76ca4c7b.zip |
support: Implement support_quote_string
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
-rw-r--r-- | ChangeLog | 9 | ||||
-rw-r--r-- | support/Makefile | 2 | ||||
-rw-r--r-- | support/support.h | 5 | ||||
-rw-r--r-- | support/support_quote_string.c | 26 | ||||
-rw-r--r-- | support/tst-support_quote_string.c | 60 |
5 files changed, 102 insertions, 0 deletions
@@ -1,5 +1,14 @@ 2018-11-27 Florian Weimer <fweimer@redhat.com> + * support/support.h (support_quote_string): Declare. + * support/support_quote_string.c: New file. + * support/tst-support_quote_string.c: Likewise. + * support/Makefile (libsupport-routines): Add + support_quote_string. + (tests): Add tst-support_quote_string. + +2018-11-27 Florian Weimer <fweimer@redhat.com> + [BZ #23927] CVE-2018-19591 * sysdeps/unix/sysv/linux/if_index.c (__if_nametoindex): Avoid diff --git a/support/Makefile b/support/Makefile index 2b663fbbfa..a2536980d1 100644 --- a/support/Makefile +++ b/support/Makefile @@ -58,6 +58,7 @@ libsupport-routines = \ support_openpty \ support_paths \ support_quote_blob \ + support_quote_string \ support_record_failure \ support_run_diff \ support_shared_allocate \ @@ -196,6 +197,7 @@ tests = \ tst-support_capture_subprocess \ tst-support_format_dns_packet \ tst-support_quote_blob \ + tst-support_quote_string \ tst-support_record_failure \ tst-test_compare \ tst-test_compare_blob \ diff --git a/support/support.h b/support/support.h index 9418cd11ef..835e7173eb 100644 --- a/support/support.h +++ b/support/support.h @@ -69,6 +69,11 @@ void support_write_file_string (const char *path, const char *contents); the result). */ char *support_quote_blob (const void *blob, size_t length); +/* Quote the contents of the at STR, in such a way that the result + string can be included in a C literal (in single/double quotes, + without putting the quotes into the result). */ +char *support_quote_string (const char *str); + /* Returns non-zero if the file descriptor is a regular file on a file system which supports holes (that is, seeking and writing does not allocate storage for the range of zeros). FD must refer to a diff --git a/support/support_quote_string.c b/support/support_quote_string.c new file mode 100644 index 0000000000..d324371b13 --- /dev/null +++ b/support/support_quote_string.c @@ -0,0 +1,26 @@ +/* Quote a string so that it can be used in C literals. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <string.h> +#include <support/support.h> + +char * +support_quote_string (const char *str) +{ + return support_quote_blob (str, strlen (str)); +} diff --git a/support/tst-support_quote_string.c b/support/tst-support_quote_string.c new file mode 100644 index 0000000000..3c004759b7 --- /dev/null +++ b/support/tst-support_quote_string.c @@ -0,0 +1,60 @@ +/* Test the support_quote_string function. + Copyright (C) 2018 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <http://www.gnu.org/licenses/>. */ + +#include <support/check.h> +#include <support/support.h> +#include <string.h> +#include <stdlib.h> + +static int +do_test (void) +{ + char *p = support_quote_string (""); + TEST_COMPARE (strlen (p), 0); + free (p); + p = support_quote_string ("X"); + TEST_COMPARE (strlen (p), 1); + TEST_COMPARE (p[0], 'X'); + free (p); + + /* Check escaping of backslash-escaped characters, and lack of + escaping for other shell meta-characters. */ + p = support_quote_string ("$()*?`@[]{}~\'\"X"); + TEST_COMPARE (strcmp (p, "$()*?`@[]{}~\\'\\\"X"), 0); + free (p); + + /* Check lack of escaping for letters and digits. */ +#define LETTERS_AND_DIGTS \ + "abcdefghijklmnopqrstuvwxyz" \ + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" \ + "0123456789" + p = support_quote_string (LETTERS_AND_DIGTS "@"); + TEST_COMPARE (strcmp (p, LETTERS_AND_DIGTS "@"), 0); + free (p); + + /* Check escaping of control characters and other non-printable + characters. */ + p = support_quote_string ("\r\n\t\a\b\f\v\1\177\200\377@"); + TEST_COMPARE (strcmp (p, "\\r\\n\\t\\a\\b\\f\\v\\001" + "\\177\\200\\377@"), 0); + free (p); + + return 0; +} + +#include <support/test-driver.c> |