Re: [PATCH] env: let setenv() take printf arguments

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jun 20, 2022 at 09:21:39AM +0200, Ahmad Fatoum wrote:
> From: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
> 
> It's a common pattern to (ba)sprintf to a string and then call setenv()
> with this string. Let setenv() take printf arguments to make that
> easier. To avoid the overhead that goes with changing other callers
> to using setenv(var, "%s", val) to avoid security implications (and
> GCC warnings), fallback to the non-formatted version when there are
> only two arguments.
> 
> Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
> [afa: fall back to non-formatted version on old two arg version]
> Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
> ---
> Thoughts?

While I'm impressed by this macro I don't like this very much. My desire
was to simplify things, now with this patch I'm no longer sure I reached
that goal.

Alternatively we could

a) Drop the original patch
b) Replace the problematic places with setenv(foo, "%s", not_a_string_literal);
c) Pass -Wno-format-security, The Kernel does this for over a decade.

My vote is c)

Sascha

> ---
>  common/env.c           | 37 +++++++++++++++++++++++++++++++++----
>  include/environment.h  | 19 +++++++++++++++++--
>  include/linux/kernel.h | 12 ++++++++++++
>  3 files changed, 62 insertions(+), 6 deletions(-)
> 
> diff --git a/common/env.c b/common/env.c
> index 05add63f625c..c36f6846ee21 100644
> --- a/common/env.c
> +++ b/common/env.c
> @@ -243,15 +243,15 @@ static int dev_setenv(const char *name, const char *val)
>  }
>  
>  /**
> - * setenv - set environment variables
> + * __setenv_str - set environment variables
>   * @_name - Variable name
>   * @value - the value to set, empty string not handled specially
>   *
>   * Returns 0 for success and a negative error code otherwise
> - * Use unsetenv() to unset.
> + * Use unsetenv() to unset. Don't use directly, use setenv()
>   */
>  
> -int setenv(const char *_name, const char *value)
> +int __setenv_str(const char *_name, const char *value)
>  {
>  	char *name = strdup(_name);
>  	int ret = 0;
> @@ -275,7 +275,36 @@ out:
>  
>  	return ret;
>  }
> -EXPORT_SYMBOL(setenv);
> +EXPORT_SYMBOL(__setenv_str);
> +
> +/**
> + * __setenv_fmt - set environment variables
> + * @name - Variable name
> + * @fmt - format string describing how to format arguments to come
> + *
> + * Returns 0 for success and a negative error code otherwise
> + * Use unsetenv() to unset. Don't use directly, use setenv()
> + */
> +
> +int __setenv_fmt(const char *name, const char *fmt, ...)
> +{
> +	va_list ap;
> +	int ret;
> +	char *value;
> +
> +	va_start(ap, fmt);
> +	ret = vasprintf(&value, fmt, ap);
> +	va_end(ap);
> +
> +	if (ret < 0)
> +		return ret;
> +
> +	ret = __setenv_str(name, value);
> +
> +	free(value);
> +	return ret;
> +}
> +EXPORT_SYMBOL(__setenv_fmt);
>  
>  int export(const char *varname)
>  {
> diff --git a/include/environment.h b/include/environment.h
> index 19e522cfb6b4..e5b9a9da3167 100644
> --- a/include/environment.h
> +++ b/include/environment.h
> @@ -7,6 +7,7 @@
>  #ifndef _ENVIRONMENT_H_
>  #define _ENVIRONMENT_H_
>  
> +#include <linux/kernel.h>
>  #include <linux/list.h>
>  #include <errno.h>
>  
> @@ -31,7 +32,8 @@ char *var_name(struct variable_d *);
>  
>  #ifdef CONFIG_ENVIRONMENT_VARIABLES
>  const char *getenv(const char *);
> -int setenv(const char *, const char *);
> +int __setenv_str(const char *, const char *val);
> +int __setenv_fmt(const char *, const char *fmt, ...) __printf(2, 3);
>  void export_env_ull(const char *name, unsigned long long val);
>  int getenv_ull(const char *name, unsigned long long *val);
>  int getenv_ul(const char *name, unsigned long *val);
> @@ -44,7 +46,13 @@ static inline char *getenv(const char *var)
>  	return NULL;
>  }
>  
> -static inline int setenv(const char *var, const char *val)
> +static inline int __setenv_str(const char *var, const char *val)
> +{
> +	return 0;
> +}
> +
> +static inline __printf(2, 3) int __setenv_fmt(
> +	const char *var, const char *fmt, ...)
>  {
>  	return 0;
>  }
> @@ -82,6 +90,13 @@ static inline const char *getenv_nonempty(const char *var)
>  }
>  #endif
>  
> +/*
> + * avoid the varargs overhead when using a fixed string
> + */
> +#undef setenv
> +#define setenv(args...) \
> +	__optionally_variadic2(__setenv_str, __setenv_fmt, args)
> +
>  int env_pop_context(void);
>  int env_push_context(void);
>  
> diff --git a/include/linux/kernel.h b/include/linux/kernel.h
> index 4483d33e65bb..ebae8f666cf6 100644
> --- a/include/linux/kernel.h
> +++ b/include/linux/kernel.h
> @@ -7,6 +7,7 @@
>  #include <linux/barebox-wrapper.h>
>  #include <linux/limits.h>
>  #include <linux/math64.h>
> +#include <linux/stringify.h>
>  
>  #define ALIGN(x, a)		__ALIGN_MASK(x, (typeof(x))(a) - 1)
>  #define ALIGN_DOWN(x, a)	ALIGN((x) - ((a) - 1), (a))
> @@ -17,6 +18,17 @@
>  #define ARRAY_SIZE(arr) (sizeof(arr) / sizeof((arr)[0]) + __must_be_array(arr))
>  #define ARRAY_AND_SIZE(x)	(x), ARRAY_SIZE(x)
>  
> +/*
> + * Call func_variadic, when more than 2 arguments and func_fixed otherwise
> + */
> +#define __optionally_variadic2(func_fixed, func_variadic, arg1, arg2, ...) ({ \
> +		char _______STR[] = __stringify((__VA_ARGS__));  \
> +		sizeof(_______STR) > 3 ?                         \
> +			func_variadic(arg1, arg2, ##__VA_ARGS__) \
> +		:                                                \
> +			func_fixed(arg1, arg2);                  \
> +	})
> +
>  /*
>   * This looks more complex than it should be. But we need to
>   * get the type for the ~ right in round_down (it needs to be
> -- 
> 2.30.2
> 
> 
> 

-- 
Pengutronix e.K.                           |                             |
Steuerwalder Str. 21                       | http://www.pengutronix.de/  |
31137 Hildesheim, Germany                  | Phone: +49-5121-206917-0    |
Amtsgericht Hildesheim, HRA 2686           | Fax:   +49-5121-206917-5555 |




[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux