Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 4 Sep 2017 16:59:33 -0400
From: Rich Felker <dalias@...c.org>
To: musl@...ts.openwall.com
Subject: Re: [PATCH] handle whitespace before %% in scanf

On Mon, Jul 10, 2017 at 09:20:39PM -0400, Rich Felker wrote:
> On Sun, Jul 09, 2017 at 11:00:18PM +0200, Bartosz Brachaczek wrote:
> > this is mandated by C and POSIX standards and is in accordance with
> > glibc behavior.
> > ---
> >  src/stdio/vfscanf.c  | 10 +++++++---
> >  src/stdio/vfwscanf.c |  8 ++++++--
> >  2 files changed, 13 insertions(+), 5 deletions(-)
> > 
> > diff --git a/src/stdio/vfscanf.c b/src/stdio/vfscanf.c
> > index d4d2454b..9e030fc4 100644
> > --- a/src/stdio/vfscanf.c
> > +++ b/src/stdio/vfscanf.c
> > @@ -89,15 +89,19 @@ int vfscanf(FILE *restrict f, const char *restrict fmt, va_list ap)
> >  			continue;
> >  		}
> >  		if (*p != '%' || p[1] == '%') {
> > -			p += *p=='%';
> >  			shlim(f, 0);
> > -			c = shgetc(f);
> > +			if (*p == '%') {
> > +				p++;
> > +				while (isspace((c=shgetc(f))));
> > +			} else {
> > +				c = shgetc(f);
> > +			}
> >  			if (c!=*p) {
> >  				shunget(f);
> >  				if (c<0) goto input_fail;
> >  				goto match_fail;
> >  			}
> > -			pos++;
> > +			pos += shcnt(f);
> >  			continue;
> >  		}
> 
> Assuming your interpretation is correct, I have no objection to going
> forward with the change, but I don't think this is the right way to do
> it. The only reason %% was handled in the code that handles literal
> characters is because I assumed it behaves like one, but if it
> doesn't, it should just be handled as a format specifier that consumes
> space where it can use the existing code that does that, rather than
> complicting the code for literals and adding a duplicate of the
> space-skipping code to it.

I tried going forward with the idea I proposed, but it looks like it's
actually more invasive: in addition to adding the final case to
actually handle '%', it adds a new case where a conversion specifier
does not consume a variadic input, and a new case where width is
forced to 1 and modifier flags and explicit widths are rejected.

As such I think your patch as originally submitted is probably the
best approach. Sorry for the delay in reviewing and accepting it.

Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.