Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > gnu.bash.bug > #14665

Re: bash sockets: printf \x0a does TCP fragmentation

Path csiph.com!3.us.feeder.erje.net!feeder.erje.net!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail
From Dirk Wetter <dirk+bash@testssl.sh>
Newsgroups gnu.bash.bug
Subject Re: bash sockets: printf \x0a does TCP fragmentation
Date Wed, 26 Sep 2018 08:17:39 +0200
Lines 90
Approved bug-bash@gnu.org
Message-ID <mailman.1336.1537943599.1284.bug-bash@gnu.org> (permalink)
References <c6de6616-dda0-570d-de56-419e7676be8a@cbii-hh.de> <20180921231101307758654@bob.proulx.com> <714e1ba0-0052-2f2b-676d-778f2b7129c1@testssl.sh> <20180924130533.4ufaxypoelta6f7n@eeg.ccf.org> <5BAA26C6.10906@tlinx.org>
NNTP-Posting-Host lists.gnu.org
Mime-Version 1.0
Content-Type text/plain; charset=utf-8
Content-Transfer-Encoding 8bit
X-Trace usenet.stanford.edu 1537943599 6789 208.118.235.17 (26 Sep 2018 06:33:19 GMT)
X-Complaints-To action@cs.stanford.edu
To bug-bash@gnu.org
Envelope-to bug-bash@gnu.org
Openpgp preference=signencrypt
Autocrypt addr=dirk+bash@testssl.sh; prefer-encrypt=mutual; keydata= xsFNBFSxqIwBEAClqHueTe+Ro+I4jReXss4DKwfeKhl23yuEZ7wN7GxBwGxslYxY15sJWhJ1 C0eglGwNGd/P3ObGgdNiT/DDvQzKFe8wcpCUnAOuE+ZnylBnqVD6xUmd+mPl6j9B7ByP42mY 81EK2ZSJ84mWjwOjT66pxjvWq7jzWfBA+QEQTlxiF18CFiHnv9XoLAD5yk04x6DyBGQZtobB YmN9uujK+nrbXPO4qQ+h4xWhWZ5U/77O2R0JgvrwvROfa+sS+oaP+9TTAko9BJYr0wfZ1meY C/fqidB0ihgTJjHgR4wjeklA5xvrwMHNSNcCN+fPYzfUcQsrQ+kY+NskkPYNr/3zbAvhPoT4 YXk8XQs1pNFNS9qF33iKWgU+zqKTC4NxqduVZGinpGhDZcACIE2fXrllMB7NW6/9BundIoaf XRchVPxJpujvQE91IAQktSWqVbQb7O8CSJQybDoAPRZvh/9ayIhBRx76oYLNAIrjFElBEhx9 hAloH0wCcXS1DvbvcQL9qz61qF09fuH/T1jB/YRkzk1EMmB3pO4hjC27yNiUuDKZlz5PUZoZ O7SJFdcvDxlAmBK6I3D1TQvldDljbZl/vhcuSmX41rp//ChTVxdE7p7RnK2KxoZLob2m8AYO zva5bokelFHQFjFz28/FPiMLmns/rsnZWRcQA4dCUSyHPnlRTQARAQABzR1EaXJrIFdldHRl ciA8ZGlya0B0ZXN0c3NsLnNoPsLBfQQTAQIAJwIbAwUJCWYBgAIeAQIXgAUCVLGqUAULCQgH AwUVCgkICwUWAgMBAAAKCRDJruzh0KdFadYaD/9EBNSCUOMoGT/2zhW5aUlHaCQcU6vq407M i8VLUPn3Fhnk+NvxH6ALMDjqrEQqDHVWyPQEApC6ULkhto+8LP4e96iKY55bj2glMCNMl+J8 iTHC9zjxe1FveOc1zpnhnqRjdZ8jXJVsg0Mm4biRCH7fp8B/oDZuqYajQeDh+/30VI5pr3TM y5qUe9xrfFrapaziccU36v2b8ZT6ZGXDwspafu9o78jpgaXPUcLCs3svvmjy3J/eXyD3dXbX 6eHhNkATfLqT7Jm+d8Cq4gjsjxfsnsKkvknbvgGPEOfUPVpLFUPRxUdd7MzEfmOpwXDoBXyQ Of9mSukMxCW7+I8k7xioGarILIBeLX6vBM50WSvTDonq6DNnI/SY72GYuXJkbfiFw+cp1yPg FHTyLI4KO9SZMXh6g7xDqwkKCRFK19eFtvNzevdCHBkOT54ggaD2U/oc64KBAkdxVTjGIRgW /BAJmrhMS1fggMX6lE2ZYzefcdxyks54W/ghrZzlbVhojjdVHSVWNbYtw5HDmCdCWhuelUbJ 5Ot+ZjMoiGnFT71+Oq99flg9rIcvVezqyiiISwEBJYtYXhbrHsTxMe5XaaOtpIhPyCaauL18 JEpJ0vJCyTaR9kz7vHIKabfAkmV+LTpoW27y+Dqji4yqwFwGbfME2X+LZQhj4gNKqVpjBiuk FM7BTQRUsaiMARAArdzf1/h1XlkzSN18jAX6gldmvaZ+h/uMwMW9ko6aNvZLp+pCdWLjuuvy f2RwbGVaZ+wFU456RVroEI4m8lVj53NqokD1jSH/REYKZWqAjH91KBQW1FD8edZ5DZWjqGk4 GET5c0uppllI+5n6SmOmlczEyHQZnIalRZSADccU9tmXdhxmTeEBTRmUln2rLY1lhjJXpZDK U7ywJIn6tvikGIcAT4GwgzphtT0IRHXMa3Lmx31BahLff9hatte4Ll1KIXrFudytUTjvhwa+ R77PdV7BJPxLtL7HLReyH6puAU4r7qpZAmYrGPX38n//4mgM6hNM9bWLMlzk1LG472hOWzhM P6eMDYkr8DQmeW977+9bzeWRt3iImGvWEMM9F7KXkIiR2Vpcmy7R72PvvB6fqp+BFGwCO9WA T+SjHbfluazowtweAfa2I7rXcjyK77B4vfGwElelQHRXx4fC6wD0k64wYt5atAW312GCV96g 4s3O3V4Dbe/SdwccXuR0vnI5NuQu2vJbHrO2OeZYpXX7MqHRnc1Hbm3Sz6BHwyPPT2ZCn18p WxNAJyWhC5OX9noPA5EySG3ERqbf05K+shuNAXe0HioQpLFq5f6kyjeXy0QDHsWhPYXEI8qS v45fcJVIFEX9o/UgStz2vzYl0SsyZo8z/fks8TsClJpFF9zxx08AEQEAAcLBZQQYAQIADwUC VLGojAIbDAUJCWYBgAAKCRDJruzh0KdFabWLD/0TXt5nZV8WVN3lWeHp7aerFE7dnviki8Aq 4oTajYuYm+dxkM1SBWS1oKIDsffbxudRJ3X4fH47/RSyFypBt5IYGrgE7nWZSdt0FVVe0XU/ qHslzHC/n9QRZDWDbWNQB+VmdBMAVIse9Y/izzRKGyPm/OWMU3bC61lcc3uZ0xkGrEh3wctS fkQIKEdQHlrq6oeiynhSkxAlNOZtoDnopyqAVEbfpMpi16Y2aeG9diEbFH7TZw+YmzWpoxtu Q0EBBYsmNvaLHmg+YBxwOV4R0vFlVgI1fgKrkgGKp0b3zy92ryTKNNwWPDviZPjA0FLGGvo/ qjH565uVhGJg/YwccRofrimWPRchehpcRQrukHTYBOC4Nz6IyroZQFtIXecTG0sZVSQh3deN Wgl2rPVcnbnPcyE8ECevTt4D09QjOlYYmkIEGSpXisIvbpVlmDIPMWgSzr1/c/OyNmtypUhp eaUPL+KPU5jSkTExP2pr8BdE3U9IuA69irORzAzVej0NjJwlrW+JJqA+st2ZgEZAFozEWZM0 e4lhtPBdpkLXxiRclKVduxRrOiSL7hYtQX8M9jbIvt9282F7VI/NY9IpCym/ZvjncocD8QlG AcSipURhKb/PIsP2hdxLnQqXCCCEM+cUunTKn+ihEU/LjBDePTGn2llVXZXtv6LTzWYD+Gqj t8LB8wQYAQgAJhYhBDMuMVo63aruahE5V8mu7OHQp0VpBQJZQ/nCAhsCBQkC5jyAAIEJEMmu 7OHQp0VpdiAEGRYIAB0WIQS77jjFhXpE3D8w7mrMVe4VIWR6GQUCWUP5wgAKCRDMVe4VIWR6 GWcWAQDMwxqG6XpodOIwrUQ+8EmSpS1leGkI81bvXcbnwOSicQEArFpEUi1HF/+nUT71oAg2 F9cs/UO9K5Y/8YWIB1r6wQ8f8w//VjlBr5YGzgBY1fIXsM+xzjnPQTZHfyThUL36G97acRq/ 8mhrSipAmUkAwT9uBdfVhD07qL+QDMht4Wn5YxMxT90/8rY9OHQTy0f9szVG/2gMug71MUnH /eugG/Kb2hMm5ZViB93/nskAGfVUqLI/rRkQp1OV6Ufm6iGSEQnzsbWQA44oAT+QN/HpRlbx K8woRI3IdK+D4ftikmG4wGgyGPmuNiNPBszaBwfvdzxA9qfZPfng3BQtCxDUhKNPVH6ePQQO r6dAYc5RmcqzaO8Wf6rBXukdIKF3k34PsCQnQ9uRcp+uCnuYM86Qr7TaHSbfmI9SIYNfzbcz /fjaTzXYEIrr1V5cpeZFfovbBOFvgsrOkMowu1WTxTMn4qlv+65r5JOg9bGOeGRai4vrqCop oNB+oTdLcP8K6eg/O3fNloWGp8CIJi6elsceWCqFQJ44Z779+tPb3sMCRL5biAZLCtMcy1Lc Uyzm4uNP57rOLNnqhaOrPvFz0oIa9JtvE5HheHtXvCEOQRWHhG1TH8w5EaeRD/xWWSU+iupl XwWAwH60ytYNyWN2kcnf2VbItBA+bCqGvyG4XrAzp6CxGalhMD62eQA9HM6oRkOx6dPL0WFB WiJbj7JlwwC0EDFWOsXsg/BnxmIL4whS2kJN7M72UDYCZBU68A76sswyZN5Y6MnCwXwEGAEI ACYWIQQzLjFaOt2q7moROVfJruzh0KdFaQUCWUP55gIbDAUJAuY8gAAKCRDJruzh0KdFacm0 D/0WOdVnEnPrRhk5IT2i5Yp1tlpf0zSfmreFa23pggkC9tM28DmVlsHHC+ngy4k+WEs7OQB1 N9V73k7GmcTMAt5Pv9EDyzfyKvrsxBAEr8QQibJ5Ma79QvyRPnuWxb9PXmUUYPfSLEPxbc0F 9RL+iEXwM81G1J5DH1ZR1ddLBH879I21Kjv4zjGqagD3FxiY8ZzyXyfEN+++q1fqct7BaqDi bl8rFVuXUMP/F3Ps/ax5z8F4gnANnEBXDiLy1CWBZjnCdSYdt/ysDvzxo18xOZHDBnPg+2or Lw/1Ys8x/qiCoAJFueokRxWs7fZsd7uOJKjxvgSrR2PqVBIvHH6MEJmMJWgd76SM/QyCwSNb mybAEWPkbHeluTdhp4hDHGjoDDyS2C7I25OamAxvPd/yVRQuqu6KW04jjjYeD/pgHF5lQ80Q pWm22pcgbOL4sdV4sVnt3lpykIBhazKDnJxRRu8z9uluKY7H2XwsmtvK10cCRaWWkEB6oHrg Fa1CuUHBdLnIVg2DOW8lcaxsZoUfMiLkAqNg9s/DwHMXUkp7jzIlCDQ7cv0ck7ACw+DTOcnX i2mJbnoIMAEfZi3vDQVnfYUQWlSI83yNG3lAtDmq4ACW0fr1GTNDa2Eg4IGIR1cEimFAOrrh 6QPZiBuclcKx+WLkA6FzxofvJCc6ZUbotwy6rA==
User-Agent Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0
In-Reply-To <5BAA26C6.10906@tlinx.org>
Content-Language en-US
X-Df-Sender NDM2MjM5
X-detected-operating-system by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From 80.67.31.26
X-BeenThere bug-bash@gnu.org
X-Mailman-Version 2.1.21
Precedence list
List-Id Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org>
List-Unsubscribe <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe>
List-Archive <http://lists.gnu.org/archive/html/bug-bash/>
List-Post <mailto:bug-bash@gnu.org>
List-Help <mailto:bug-bash-request@gnu.org?subject=help>
List-Subscribe <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe>
Xref csiph.com gnu.bash.bug:14665

Show key headers only | View raw


On 9/25/18 2:15 PM, L A Walsh wrote:
> 
> 
> On 9/24/2018 6:05 AM, Greg Wooledge wrote:
>> On Sat, Sep 22, 2018 at 11:50:17AM +0200, dirk+bash@testssl.sh wrote:
>>  
>>> On 9/22/18 7:30 AM, Bob Proulx wrote:
>>>    
>>>> dirk+bash@testssl.sh wrote:
>>>>      
>>>>> printf -- "$data" >&5 2>/dev/null
>>>>>         
>>>> What happens if $data contains % format strings?  What happens if the
>>>> format contains a sequence such as \c?  This looks problematic.  This
>>>> is not a safe programming proctice.
>>>>       
>>
>> Looking ONLY at this one line, there is an obvious bug, which Bob has
>> pointed out.  It should be
>>
>> printf %s "$data" >&5 2>/dev/null
>>   
> ----
>    This brings to mind a consideration:
> As %s says to print a string of data (presumably not
> including a NUL byte), 

it certainly does contain a null byte, and every other chars
between 1-255. That's the point of a network socket.

Also "$data" will NEVER contain user input in any way
with one exception being the hostname which is transferred
via hexdump into exactly this format.

Other than that "$data" is populated purely internally. It can't
contain anything else between '\x00' and '\xff' unless there's a
coding error which could be a good idea to catch before
and not here.

This is why I said you can't look only at one line of
code.

Code reviews requires to see the whole picture.

BTW: printf seems to be off the table. BSDish /usr/bin/printf
is completely different compared to the the coreutils incarnation.
OpenBSD has per default not even a printf outside bash.

> then what happens if "$data" is
> a paragraph of text with embedded newlines.  In that case,
> it sounds like bash might break apart the single printf
> output into smaller packets rather than transmitting the
> entirety of "$data" in 1 write (presuming it is less than
> the maximum data size for a network packet).

yup.

Wonder why the coreutils printf behaves (in my sense) better
than the bash-builtin.

>    Also, if you want to flush the data out at the end, it seems
> "%s\n" would be required to force out the last line of text if
> it wasn't nl terminated.
> 
>> That is utterly horrifying.
>>   

I take that as a compliment :-)

> ---
>    Hmmm....I didn't realize how sensitive some sensibilities were...
> :-)

LOL

There are JavaScript frameworks in the browser of similar size or
even bigger, the kernel I am using right now is written in a language
which is not known to be safe and whose parser after 25 years throws
sometimes utterly misleading errors -- which still remind me on the
first K+R c compilers -- this and other things I found rather horrifying.

Script languages have long evolved -- you should take this really as a compliment --
and as I started this project I never thought it would boldly go there :-)

Cheers, Dirk

Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread

Thread

Re: bash sockets: printf \x0a does TCP fragmentation Dirk Wetter <dirk+bash@testssl.sh> - 2018-09-26 08:17 +0200

csiph-web