[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen stable-4.4] pygrub: Properly quote results, when returning them to the caller:



commit 6639a202f285ace4adf57453ade066bd4b4298e0
Author:     Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
AuthorDate: Tue Nov 22 14:35:31 2016 +0100
Commit:     Jan Beulich <jbeulich@xxxxxxxx>
CommitDate: Tue Nov 22 14:35:31 2016 +0100

    pygrub: Properly quote results, when returning them to the caller:
    
    * When the caller wants sexpr output, use `repr()'
      This is what Xend expects.
    
      The returned S-expressions are now escaped and quoted by Python,
      generally using '...'.  Previously kernel and ramdisk were unquoted
      and args was quoted with "..." but without proper escaping.  This
      change may break toolstacks which do not properly dequote the
      returned S-expressions.
    
    * When the caller wants "simple" output, crash if the delimiter is
      contained in the returned value.
    
      With --output-format=simple it does not seem like this could ever
      happen, because the bootloader config parsers all take line-based
      input from the various bootloader config files.
    
      With --output-format=simple0, this can happen if the bootloader
      config file contains nul bytes.
    
    This is CVE-2016-9379 and CVE-2016-9380 / XSA-198.
    
    Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Tested-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
    Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
    master commit: 27e14d346ed6ff1c3a3cfc479507e62d133e92a9
    master date: 2016-11-22 13:52:09 +0100
---
 tools/pygrub/src/pygrub | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/tools/pygrub/src/pygrub b/tools/pygrub/src/pygrub
index 5380a2f..a7aaf96 100755
--- a/tools/pygrub/src/pygrub
+++ b/tools/pygrub/src/pygrub
@@ -726,14 +726,17 @@ def sniff_netware(fs, cfg):
     return cfg
 
 def format_sxp(kernel, ramdisk, args):
-    s = "linux (kernel %s)" % kernel
+    s = "linux (kernel %s)" % repr(kernel)
     if ramdisk:
-        s += "(ramdisk %s)" % ramdisk
+        s += "(ramdisk %s)" % repr(ramdisk)
     if args:
-        s += "(args \"%s\")" % args
+        s += "(args %s)" % repr(args)
     return s
                 
 def format_simple(kernel, ramdisk, args, sep):
+    for check in (kernel, ramdisk, args):
+        if check is not None and sep in check:
+            raise RuntimeError, "simple format cannot represent 
delimiter-containing value"
     s = ("kernel %s" % kernel) + sep
     if ramdisk:
         s += ("ramdisk %s" % ramdisk) + sep
--
generated by git-patchbot for /home/xen/git/xen.git#stable-4.4

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
https://lists.xenproject.org/xen-changelog

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.