[PATCH 0/3] cmd: setexpr: add fmt format string operation
Marek Behun
marek.behun at nic.cz
Tue Jun 29 12:34:54 CEST 2021
On Tue, 29 Jun 2021 09:41:25 +0000
"Roland Gaudig (OSS)" <roland.gaudig-oss at weidmueller.com> wrote:
> I think just passing the format string directly to sprintf should be
> avoided because it is unsafe. For example
>
> => setexpr foo fmt %s 0xffffffff
>
> would surely lead to access on memory location outside the variable
> where 0xffffffff is stored.
+1. I guess Wolfgang's rationale was that in U-Boot we already have
pretty serious means to break the system, so allowing the user to
directly pass wrong parameters to sprintf is not that much of a problem
since we can say that the user should know what they are doing.
But implementing a dedicated format parser for this that is also safe
is a simple exercise, imho, so I think we should do this properly, if
at all.
> > This was actually one of my intentions when making this suggestion -
> > to be able to construct any kind of data from pieces; say, for
> > example:
> >
> > => setexpr foo fmt "%0x08x-%s-%d-%s" $a $b $c $d
>
> I think the only way to support such expressions in a save way would
> be implementing an own format string parser for setexpr with
> corresponding checks if access is possible, instead of just directly
> passing all values unchecked to sprintf.
We can properly implement
%s with field width, justification
%c
integral types (everything 64-bits, no reason for length modifiers,
imho) with field width, precision, zero padding, sign forcing,
etc...
We don't need floating points nor out of order arguments.
Marek
More information about the U-Boot
mailing list