From nobody Mon Feb 9 10:29:22 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com ARC-Seal: i=1; a=rsa-sha256; t=1569330207; cv=none; d=zoho.com; s=zohoarc; b=Q+wOMyzZdSlDmdgLM4vjK8L2FkC5PEbRl8X4PbIgB/VKs7MUatGGTBy5PZi9oO1kGR9XkffXGrKtOTrcQDmS2D24DHKE4eJs5M8Qsg3Wyedbvkdw3HWlhjJyL2I5gZm+rDpCQhnHCG65cmSYBWtje8KGJd8w+BtwbVSWUo+taow= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com; s=zohoarc; t=1569330207; h=Content-Type:Content-Transfer-Encoding:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To:ARC-Authentication-Results; bh=uGVPNMHF0AcPd7aDaLN2zQWekcTlus4oMOf4u5V3OpM=; b=JJFrTuKm9/B+c9XgjHeSTOurxmtOax54mtnZjhrdVseWzw7sTLaY3ACbCV1fE+ZCwqcHPjCStThZmFdU7hAb6DlPOjkAUTItlw3JJARmm4Gt+mAWpcnrDZJnwkWfUGISajWQsJUV/oj5sNiAyEcbWy2wcZfE6WPGN9kPivu8o5Q= ARC-Authentication-Results: i=1; mx.zoho.com; spf=pass (zoho.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail header.from= (p=none dis=none) header.from= Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 156933020715636.51595054161521; Tue, 24 Sep 2019 06:03:27 -0700 (PDT) Received: from localhost ([::1]:45368 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iCkTU-0000DF-BA for importer@patchew.org; Tue, 24 Sep 2019 09:03:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:50599) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iCk0p-0001Le-IJ for qemu-devel@nongnu.org; Tue, 24 Sep 2019 08:33:54 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iCk0j-0006y3-P9 for qemu-devel@nongnu.org; Tue, 24 Sep 2019 08:33:47 -0400 Received: from mx1.redhat.com ([209.132.183.28]:38434) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iCk0j-0006v5-3j for qemu-devel@nongnu.org; Tue, 24 Sep 2019 08:33:41 -0400 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 39E8A300D243 for ; Tue, 24 Sep 2019 12:33:40 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-117-142.ams2.redhat.com [10.36.117.142]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 8883560BFB; Tue, 24 Sep 2019 12:33:37 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id 6A65D113860E; Tue, 24 Sep 2019 14:33:34 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Subject: [PULL 08/37] qapi: Restrict strings to printable ASCII Date: Tue, 24 Sep 2019 14:33:05 +0200 Message-Id: <20190924123334.30645-9-armbru@redhat.com> In-Reply-To: <20190924123334.30645-1-armbru@redhat.com> References: <20190924123334.30645-1-armbru@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.40]); Tue, 24 Sep 2019 12:33:40 +0000 (UTC) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.132.183.28 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" Content-Type: text/plain; charset="utf-8" RFC 8259 on string contents: All Unicode characters may be placed within the quotation marks, except for the characters that MUST be escaped: quotation mark, reverse solidus, and the control characters (U+0000 through U+001F). The QAPI schema parser accepts both less and more than JSON: it accepts only ASCII with \u (less), and accepts control characters other than LF (new line) unescaped. How it treats unescaped non-ASCII input differs between Python 2 and Python 3. Make it accept strictly less: require printable ASCII. Drop support for \b, \f, \n, \r, \t. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Message-Id: <20190913201349.24332-7-armbru@redhat.com> --- scripts/qapi/common.py | 28 ++++++++----------- tests/Makefile.include | 3 +- tests/qapi-schema/string-code-point-127.err | 1 + ...de-str.exit =3D> string-code-point-127.exit} | 0 tests/qapi-schema/string-code-point-127.json | 2 ++ ...code-str.out =3D> string-code-point-127.out} | 0 tests/qapi-schema/string-code-point-31.err | 1 + tests/qapi-schema/string-code-point-31.exit | 1 + tests/qapi-schema/string-code-point-31.json | 2 ++ tests/qapi-schema/string-code-point-31.out | 0 tests/qapi-schema/unicode-str.err | 1 - tests/qapi-schema/unicode-str.json | 2 -- 12 files changed, 20 insertions(+), 21 deletions(-) create mode 100644 tests/qapi-schema/string-code-point-127.err rename tests/qapi-schema/{unicode-str.exit =3D> string-code-point-127.exit= } (100%) create mode 100644 tests/qapi-schema/string-code-point-127.json rename tests/qapi-schema/{unicode-str.out =3D> string-code-point-127.out} = (100%) create mode 100644 tests/qapi-schema/string-code-point-31.err create mode 100644 tests/qapi-schema/string-code-point-31.exit create mode 100644 tests/qapi-schema/string-code-point-31.json create mode 100644 tests/qapi-schema/string-code-point-31.out delete mode 100644 tests/qapi-schema/unicode-str.err delete mode 100644 tests/qapi-schema/unicode-str.json diff --git a/scripts/qapi/common.py b/scripts/qapi/common.py index 54d02458b5..539b50f9ac 100644 --- a/scripts/qapi/common.py +++ b/scripts/qapi/common.py @@ -515,6 +515,7 @@ class QAPISchemaParser(object): elif self.tok in '{}:,[]': return elif self.tok =3D=3D "'": + # Note: we accept only printable ASCII string =3D '' esc =3D False while True: @@ -523,17 +524,9 @@ class QAPISchemaParser(object): if ch =3D=3D '\n': raise QAPIParseError(self, 'Missing terminating "\= '"') if esc: - if ch =3D=3D 'b': - string +=3D '\b' - elif ch =3D=3D 'f': - string +=3D '\f' - elif ch =3D=3D 'n': - string +=3D '\n' - elif ch =3D=3D 'r': - string +=3D '\r' - elif ch =3D=3D 't': - string +=3D '\t' - elif ch =3D=3D 'u': + # Note: we don't recognize escape sequences + # for control characters + if ch =3D=3D 'u': value =3D 0 for _ in range(0, 4): ch =3D self.src[self.cursor] @@ -552,20 +545,21 @@ class QAPISchemaParser(object): 'For now, \\u escape ' 'only supports non-ze= ro ' 'values up to \\u007f= ') - string +=3D chr(value) - elif ch in '\\/\'"': - string +=3D ch - else: + ch =3D chr(value) + elif ch not in '\\/\'"': raise QAPIParseError(self, "Unknown escape \\%s" % c= h) esc =3D False elif ch =3D=3D '\\': esc =3D True + continue elif ch =3D=3D "'": self.val =3D string return - else: - string +=3D ch + if ord(ch) < 32 or ord(ch) >=3D 127: + raise QAPIParseError( + self, "Funny character in string") + string +=3D ch elif self.src.startswith('true', self.pos): self.val =3D True self.cursor +=3D 3 diff --git a/tests/Makefile.include b/tests/Makefile.include index 479664f899..393cfd78f0 100644 --- a/tests/Makefile.include +++ b/tests/Makefile.include @@ -451,6 +451,8 @@ qapi-schema +=3D returns-array-bad.json qapi-schema +=3D returns-dict.json qapi-schema +=3D returns-unknown.json qapi-schema +=3D returns-whitelist.json +qapi-schema +=3D string-code-point-31.json +qapi-schema +=3D string-code-point-127.json qapi-schema +=3D struct-base-clash-deep.json qapi-schema +=3D struct-base-clash.json qapi-schema +=3D struct-data-invalid.json @@ -462,7 +464,6 @@ qapi-schema +=3D type-bypass-bad-gen.json qapi-schema +=3D unclosed-list.json qapi-schema +=3D unclosed-object.json qapi-schema +=3D unclosed-string.json -qapi-schema +=3D unicode-str.json qapi-schema +=3D union-base-empty.json qapi-schema +=3D union-base-no-discriminator.json qapi-schema +=3D union-branch-case.json diff --git a/tests/qapi-schema/string-code-point-127.err b/tests/qapi-schem= a/string-code-point-127.err new file mode 100644 index 0000000000..c310910c23 --- /dev/null +++ b/tests/qapi-schema/string-code-point-127.err @@ -0,0 +1 @@ +tests/qapi-schema/string-code-point-127.json:2:14: Funny character in stri= ng diff --git a/tests/qapi-schema/unicode-str.exit b/tests/qapi-schema/string-= code-point-127.exit similarity index 100% rename from tests/qapi-schema/unicode-str.exit rename to tests/qapi-schema/string-code-point-127.exit diff --git a/tests/qapi-schema/string-code-point-127.json b/tests/qapi-sche= ma/string-code-point-127.json new file mode 100644 index 0000000000..480318a69f --- /dev/null +++ b/tests/qapi-schema/string-code-point-127.json @@ -0,0 +1,2 @@ +# We accept printable ASCII: code points 32..126. Test code point 127: +{ 'command': '=7F' } diff --git a/tests/qapi-schema/unicode-str.out b/tests/qapi-schema/string-c= ode-point-127.out similarity index 100% rename from tests/qapi-schema/unicode-str.out rename to tests/qapi-schema/string-code-point-127.out diff --git a/tests/qapi-schema/string-code-point-31.err b/tests/qapi-schema= /string-code-point-31.err new file mode 100644 index 0000000000..45797928d9 --- /dev/null +++ b/tests/qapi-schema/string-code-point-31.err @@ -0,0 +1 @@ +tests/qapi-schema/string-code-point-31.json:2:14: Funny character in string diff --git a/tests/qapi-schema/string-code-point-31.exit b/tests/qapi-schem= a/string-code-point-31.exit new file mode 100644 index 0000000000..d00491fd7e --- /dev/null +++ b/tests/qapi-schema/string-code-point-31.exit @@ -0,0 +1 @@ +1 diff --git a/tests/qapi-schema/string-code-point-31.json b/tests/qapi-schem= a/string-code-point-31.json new file mode 100644 index 0000000000..f186cbd720 --- /dev/null +++ b/tests/qapi-schema/string-code-point-31.json @@ -0,0 +1,2 @@ +# We accept printable ASCII: code points 32..126. Test code point 127: +{ 'command': '=1F' } diff --git a/tests/qapi-schema/string-code-point-31.out b/tests/qapi-schema= /string-code-point-31.out new file mode 100644 index 0000000000..e69de29bb2 diff --git a/tests/qapi-schema/unicode-str.err b/tests/qapi-schema/unicode-= str.err deleted file mode 100644 index f621cd6448..0000000000 --- a/tests/qapi-schema/unicode-str.err +++ /dev/null @@ -1 +0,0 @@ -tests/qapi-schema/unicode-str.json:2: 'command' uses invalid name '=C3=A9' diff --git a/tests/qapi-schema/unicode-str.json b/tests/qapi-schema/unicode= -str.json deleted file mode 100644 index 5253a1b9f3..0000000000 --- a/tests/qapi-schema/unicode-str.json +++ /dev/null @@ -1,2 +0,0 @@ -# we don't support full Unicode strings, yet -{ 'command': '=C3=A9' } --=20 2.21.0