Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #14665
| From | Dirk Wetter <dirk+bash@testssl.sh> |
|---|---|
| Newsgroups | gnu.bash.bug |
| Subject | Re: bash sockets: printf \x0a does TCP fragmentation |
| Date | 2018-09-26 08:17 +0200 |
| Message-ID | <mailman.1336.1537943599.1284.bug-bash@gnu.org> (permalink) |
| References | <c6de6616-dda0-570d-de56-419e7676be8a@cbii-hh.de> <20180921231101307758654@bob.proulx.com> <714e1ba0-0052-2f2b-676d-778f2b7129c1@testssl.sh> <20180924130533.4ufaxypoelta6f7n@eeg.ccf.org> <5BAA26C6.10906@tlinx.org> |
On 9/25/18 2:15 PM, L A Walsh wrote: > > > On 9/24/2018 6:05 AM, Greg Wooledge wrote: >> On Sat, Sep 22, 2018 at 11:50:17AM +0200, dirk+bash@testssl.sh wrote: >> >>> On 9/22/18 7:30 AM, Bob Proulx wrote: >>> >>>> dirk+bash@testssl.sh wrote: >>>> >>>>> printf -- "$data" >&5 2>/dev/null >>>>> >>>> What happens if $data contains % format strings? What happens if the >>>> format contains a sequence such as \c? This looks problematic. This >>>> is not a safe programming proctice. >>>> >> >> Looking ONLY at this one line, there is an obvious bug, which Bob has >> pointed out. It should be >> >> printf %s "$data" >&5 2>/dev/null >> > ---- > This brings to mind a consideration: > As %s says to print a string of data (presumably not > including a NUL byte), it certainly does contain a null byte, and every other chars between 1-255. That's the point of a network socket. Also "$data" will NEVER contain user input in any way with one exception being the hostname which is transferred via hexdump into exactly this format. Other than that "$data" is populated purely internally. It can't contain anything else between '\x00' and '\xff' unless there's a coding error which could be a good idea to catch before and not here. This is why I said you can't look only at one line of code. Code reviews requires to see the whole picture. BTW: printf seems to be off the table. BSDish /usr/bin/printf is completely different compared to the the coreutils incarnation. OpenBSD has per default not even a printf outside bash. > then what happens if "$data" is > a paragraph of text with embedded newlines. In that case, > it sounds like bash might break apart the single printf > output into smaller packets rather than transmitting the > entirety of "$data" in 1 write (presuming it is less than > the maximum data size for a network packet). yup. Wonder why the coreutils printf behaves (in my sense) better than the bash-builtin. > Also, if you want to flush the data out at the end, it seems > "%s\n" would be required to force out the last line of text if > it wasn't nl terminated. > >> That is utterly horrifying. >> I take that as a compliment :-) > --- > Hmmm....I didn't realize how sensitive some sensibilities were... > :-) LOL There are JavaScript frameworks in the browser of similar size or even bigger, the kernel I am using right now is written in a language which is not known to be safe and whose parser after 25 years throws sometimes utterly misleading errors -- which still remind me on the first K+R c compilers -- this and other things I found rather horrifying. Script languages have long evolved -- you should take this really as a compliment -- and as I started this project I never thought it would boldly go there :-) Cheers, Dirk
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: bash sockets: printf \x0a does TCP fragmentation Dirk Wetter <dirk+bash@testssl.sh> - 2018-09-26 08:17 +0200
csiph-web