From owner-freebsd-bugs@freebsd.org Mon Nov 16 17:13:35 2015 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D50BEA30CE0 for ; Mon, 16 Nov 2015 17:13:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C235B132E for ; Mon, 16 Nov 2015 17:13:35 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id tAGHDZsd044722 for ; Mon, 16 Nov 2015 17:13:35 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 204602] parse() in boot loader interp_parse.c is too naive about quotes Date: Mon, 16 Nov 2015 17:13:35 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.0-CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: tsoome@me.com X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Nov 2015 17:13:35 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=204602 Bug ID: 204602 Summary: parse() in boot loader interp_parse.c is too naive about quotes Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: tsoome@me.com Created attachment 163200 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=163200&action=edit udiff of inter_parse.c current logic how the quotes (both ' and ") are managed is a bit too relaxed, allowing wierd constructs like set name="value' also usual single quote semantics is not possible and, the code does not check if the quoted string actually has ending quote. I'm adding here diff for possible update, which implements: 1. distinguishing single and double quote 2. variable expansion will not be done inside single quote protected area 3. will preserve inner quote for values like "value 'some list'" 4. ending quote check. however, this diff does not implement ending quote order check - it shouldn't be too hard, needs some improvements on parser state machine. -- You are receiving this mail because: You are the assignee for the bug.