Hey Karel, here is the udev string encode code in one file as a test program. It is used to create the "safe" symlinks from untrusted user-supplied filesystem metadata. It hex-encodes all non-plain ascii chars, but preserves fully-validet utf8 character sequences, to not discriminate non-latin languages. Without libvolume_id, we may need to add something like this to your libblkid version to find the udev links. Alternatively we could link against libudev, but including the code may be the straight-forward and simpler solution. It looks like: $ ./udev-escape plain: '+I'm a string with spaces+slash/+printf%i+backslash\+dollar$+backtick`+semicolon;+valid_utf8ä+invalid_utf8���+' enc: '+I\x27m\x20a\x20string\x20with\x20spaces+slash\x2f+printf\x25i+backslash\x5c+dollar\x24+backtick\x60+semicolon\x3b+valid_utf8ä+invalid_utf8\x82\x83\x84+' Cheers, Kay
/* * Copyright (C) 2008 Kay Sievers <kay.sievers@xxxxxxxx> * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <stdio.h> #include <stdlib.h> #include <stddef.h> #include <unistd.h> #include <errno.h> #include <string.h> #include <ctype.h> extern int udev_util_encode_string(const char *str, char *str_enc, size_t len); /* count of characters used to encode one unicode char */ static int utf8_encoded_expected_len(const char *str) { unsigned char c = (unsigned char)str[0]; if (c < 0x80) return 1; if ((c & 0xe0) == 0xc0) return 2; if ((c & 0xf0) == 0xe0) return 3; if ((c & 0xf8) == 0xf0) return 4; if ((c & 0xfc) == 0xf8) return 5; if ((c & 0xfe) == 0xfc) return 6; return 0; } /* decode one unicode char */ static int utf8_encoded_to_unichar(const char *str) { int unichar; int len; int i; len = utf8_encoded_expected_len(str); switch (len) { case 1: return (int)str[0]; case 2: unichar = str[0] & 0x1f; break; case 3: unichar = (int)str[0] & 0x0f; break; case 4: unichar = (int)str[0] & 0x07; break; case 5: unichar = (int)str[0] & 0x03; break; case 6: unichar = (int)str[0] & 0x01; break; default: return -1; } for (i = 1; i < len; i++) { if (((int)str[i] & 0xc0) != 0x80) return -1; unichar <<= 6; unichar |= (int)str[i] & 0x3f; } return unichar; } /* expected size used to encode one unicode char */ static int utf8_unichar_to_encoded_len(int unichar) { if (unichar < 0x80) return 1; if (unichar < 0x800) return 2; if (unichar < 0x10000) return 3; if (unichar < 0x200000) return 4; if (unichar < 0x4000000) return 5; return 6; } /* check if unicode char has a valid numeric range */ static int utf8_unichar_valid_range(int unichar) { if (unichar > 0x10ffff) return 0; if ((unichar & 0xfffff800) == 0xd800) return 0; if ((unichar > 0xfdcf) && (unichar < 0xfdf0)) return 0; if ((unichar & 0xffff) == 0xffff) return 0; return 1; } /* validate one encoded unicode char and return its length */ static int utf8_encoded_valid_unichar(const char *str) { int len; int unichar; int i; len = utf8_encoded_expected_len(str); if (len == 0) return -1; /* ascii is valid */ if (len == 1) return 1; /* check if expected encoded chars are available */ for (i = 0; i < len; i++) if ((str[i] & 0x80) != 0x80) return -1; unichar = utf8_encoded_to_unichar(str); /* check if encoded length matches encoded value */ if (utf8_unichar_to_encoded_len(unichar) != len) return -1; /* check if value has valid range */ if (!utf8_unichar_valid_range(unichar)) return -1; return len; } static int is_whitelisted(char c, const char *white) { if ((c >= '0' && c <= '9') || (c >= 'A' && c <= 'Z') || (c >= 'a' && c <= 'z') || strchr("#+-.:=@_", c) != NULL || (white != NULL && strchr(white, c) != NULL)) return 1; return 0; } /** * udev_util_encode_string: * @str: input string to be encoded * @str_enc: output string to store the encoded input string * @len: maximum size of the output string, which may be * four times as long as the input string * * Encode all potentially unsafe characters of a string to the * corresponding hex value prefixed by '\x'. * * Returns: 0 if the entire string was copied, non-zero otherwise. **/ int udev_util_encode_string(const char *str, char *str_enc, size_t len) { size_t i, j; if (str == NULL || str_enc == NULL || len == 0) return -1; str_enc[0] = '\0'; for (i = 0, j = 0; str[i] != '\0'; i++) { int seqlen; seqlen = utf8_encoded_valid_unichar(&str[i]); if (seqlen > 1) { memcpy(&str_enc[j], &str[i], seqlen); j += seqlen; i += (seqlen-1); } else if (str[i] == '\\' || !is_whitelisted(str[i], NULL)) { sprintf(&str_enc[j], "\\x%02x", (unsigned char) str[i]); j += 4; } else { str_enc[j] = str[i]; j++; } if (j+3 >= len) goto err; } str_enc[j] = '\0'; return 0; err: return -1; } int main(int argc, char *argv[], char *envp[]) { static const char *s = "+I\'m a string with spaces+slash/+printf%i+" "backslash\\+dollar$+backtick`+semicolon;+" "valid_utf8ä+invalid_utf8\x82\x83\x84+"; char e[512]; udev_util_encode_string(s, e, sizeof(e)); printf("plain: '%s'\n", s); printf("enc: '%s'\n", e); return 0; }
