Re: [PATCH nft] main: allow for getopt parser from top-level scope only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Dec 13, 2019 at 11:36:24AM +0100, Pablo Neira Ayuso wrote:
> On Fri, Dec 13, 2019 at 11:33:45AM +0100, Phil Sutter wrote:
> > Hi,
> > 
> > On Thu, Dec 12, 2019 at 07:28:11PM +0100, Pablo Neira Ayuso wrote:
> > > On Thu, Dec 12, 2019 at 06:45:35PM +0100, Phil Sutter wrote:
> > > > On Thu, Dec 12, 2019 at 06:14:55PM +0100, Pablo Neira Ayuso wrote:
> > > > [...]
> > > > > diff --git a/src/main.c b/src/main.c
> > > > > index fde8b15c5870..c96953e3cd2f 100644
> > > > > --- a/src/main.c
> > > > > +++ b/src/main.c
> > > > > @@ -202,29 +202,107 @@ static const struct {
> > > > >  	},
> > > > >  };
> > > > >  
> > > > > +struct nft_opts {
> > > > > +	char		**argv;
> > > > > +	int		argc;
> > > > > +};
> > > > > +
> > > > > +static int nft_opts_init(int argc, char * const argv[], struct nft_opts *opts)
> > > > > +{
> > > > > +	uint32_t scope = 0;
> > > > > +	char *new_argv;
> > > > > +	int i;
> > > > > +
> > > > > +	opts->argv = calloc(argc + 1, sizeof(char *));
> > > > > +	if (!opts->argv)
> > > > > +		return -1;
> > > > > +
> > > > > +	for (i = 0; i < argc; i++) {
> > > > > +		if (scope > 0) {
> > > > > +			if (argv[i][0] == '-') {
> > > > > +				new_argv = malloc(strlen(argv[i]) + 2);
> > > > > +				if (!new_argv)
> > > > > +					return -1;
> > > > > +
> > > > > +				sprintf(new_argv, "\\-%s", &argv[i][1]);
> > > > > +				opts->argv[opts->argc++] = new_argv;
> > > > > +				continue;
> > > > > +			}
> > > > > +		} else if (argv[i][0] == '{') {
> > > > > +			scope++;
> > > > > +		} else if (argv[i][0] == '}') {
> > > > > +			scope--;
> > > > > +		}
> > > > 
> > > > This first char check is not reliable, bison accepts commands which lack
> > > > spaces in the relevant places:
> > > > 
> > > > | # nft add chain inet t c{ type filter hook input priority filter\; }
> > > > | # echo $?
> > > > | 0
> > > 
> > > Yes, it won't catch that case. Do you think it is worth going further
> > > in this preprocessing?
> > 
> > What about a different approach, namely to iterate over argv in reverse,
> > reordering those *argv until **argv != '-'? One would have to make sure
> > not to mess ordering, but that should be the only requirement to get
> > expected results in any situation.
> 
> That's another possibility, yes:
> 
>         argv[i][strlen(argv[i]) - 1] == '{'

Bison doesn't allow for easy cheats:

| # nft add chain inet t c{type filter hook input priority filter\; }
| # echo $?
| 0

Let me quickly hack my reordering idea to see how much of a mess it will
become.

Cheers, Phil



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux