Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 23 Sep 2014 20:22:08 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Workaround for option flags shortage

On 2014-09-23 01:01, magnum wrote:
> On 2014-09-22 11:14, Solar Designer wrote:
>> On Mon, Sep 22, 2014 at 12:42:13AM +0200, magnum wrote:
>>> Unless you have a better idea, I plan the following workaround:
>>> For options that require an argument, add some trivial logic in getopt.c
>>> (or whatever is proper) that verifies the argument was not already set.
>>> If it was, handle it as a dupe option.
>>>
>>> This means simple options like
>>>
>>>     {"mkpc", FLG_MKPC, FLG_MKPC, 0, OPT_REQ_PARAM,
>>>         "%u", &options.force_maxkeys},
>>>
>>> can be just
>>>
>>>     {"mkpc", FLG_NONE, 0, 0, OPT_REQ_PARAM,
>>>         "%u", &options.force_maxkeys},
>>>
>>> and get the same protection without need of its own flag. I think this
>>> will work just fine, and it would free up several handfulls of flags.
>>>
>>> For future support for eg. multiple rules or wordlists, like "-wo:1.txt
>>> -wo:2.txt", I suppose we should make this new logic active only for the
>>> FLG_NONE case. Other than that, I see no caveats. But I haven't actually
>>> looked at the code yet.
>>
>> Your suggested workaround sounds fine to me.
>
> I had the idea I could just verify that the buffer pointer was NULL but
> that was not the case when a 'format' was used with sscanf(). So I ended
> up adding a flag to the opt_entry struct. This made for a trivial patch
> that should hopefully not fail or cause any problems (yeah famous last
> words).

Yeah famous last words. Only now I noticed using FLG_NONE stops some 
combinations like using -test together with -device.

After some head scratching I believe the reason is a req_clr of 
~FLG_TEST_SET (and several other core options has similar constructs). 
For several years, Jumbo had FLG_NONE map to zero but this is no longer 
true and I did not want to go there again because it ruins some other 
good checks. So I now changed these non-flag Jumbo options to actually 
not use any flag, as in "flg_set == 0 and req_clr == OPT_REQ_PARAM".

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ