Project

General

Profile

Actions
Copy link

Bug #13560

closed

smbios(1m) should sanitize strings

Added by Rich Lowe 6 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Robert Mustacchi
Category:
cmd - userland programs
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:
1295

Description

Looking at this intel NUC, we seem willing to print strings as they're presented to us. One my SKUs is a literal ^E. Given the general quality of smbios info, it'd be a good idea to sanity check and print potentially escaped versions of all strings.

  SKU Number:                                  
  SKU number: ^E

(fixing that capitalisation would be good too).

Actions
Copy link
 #1

Updated by Robert Mustacchi 6 months ago

  • Assignee set to Robert Mustacchi
Actions
Copy link
 #2

Updated by Robert Mustacchi 5 months ago

  • Subject changed from smbios(1m) and/or libsmbios should sanitize strings to smbios(1m) should sanitize strings
  • % Done changed from 0 to 90

For the moment, I've done things such that smbios the command escapes strings. We probably need to go through and figure out a way to make this work for libsmbios so consumers don't have to all deal with this, but there are a bunch of complications around memory allocation and lifetimes as a result that I decided to at least clean up smbios(1M) for the moment. We may want to do the same for libsmbios, but I've repurposed this for the moment for smbios(1M).

To test this, I took smbios images from:

  • An AMD Rome based system running illumos
  • A Lenovo laptop running Linux
  • Rich's smbios image that triggered this

For each of them, I compared the smbios output before and after and found the only differences were the string being escaped in Rich's case and the more consistent SKU number.

Actions
Copy link
 #3

Updated by Electric Monk 5 months ago

  • Gerrit CR set to 1295
Actions
Copy link
 #4

Updated by Robert Mustacchi 5 months ago

I also ran the utiltests to get the smbios test suite. There is one unrelated failure noted below which I root caused to be #13600 and have fixed separately. The smbios tests all passed:

$ pfexec /opt/util-tests/bin/utiltest 
Test: /opt/util-tests/tests/allowed-ips (run as root)             [00:00] [PASS]
Test: /opt/util-tests/tests/chown_test (run as root)              [00:00] [PASS]
Test: /opt/util-tests/tests/date_test (run as root)               [00:00] [PASS]
Test: /opt/util-tests/tests/find/findtest (run as root)           [00:00] [PASS]
Test: /opt/util-tests/tests/grep_test (run as root)               [00:02] [PASS]
Test: /opt/util-tests/tests/head/head_test (run as root)          [00:00] [PASS]
Test: /opt/util-tests/tests/libjedec_test (run as root)           [00:00] [PASS]
Test: /opt/util-tests/tests/libsff/libsff (run as root)           [00:00] [PASS]
Test: /opt/util-tests/tests/make_test (run as root)               [00:00] [PASS]
Test: /opt/util-tests/tests/mdb/mdbtest (run as root)             [00:00] [PASS]
Test: /opt/util-tests/tests/mergeq/mqt (run as root)              [00:00] [PASS]
Test: /opt/util-tests/tests/mergeq/wqt (run as root)              [00:00] [PASS]
Test: /opt/util-tests/tests/printf_test (run as root)             [00:00] [PASS]
Test: /opt/util-tests/tests/set-linkprop (run as root)            [00:00] [PASS]
Test: /opt/util-tests/tests/sleep/sleeptest (run as root)         [00:19] [PASS]
Test: /opt/util-tests/tests/smbios (run as root)                  [00:00] [PASS]
Test: /opt/util-tests/tests/xargs_test (run as root)              [00:00] [PASS]
Test: /opt/util-tests/tests/awk/runtests.sh (run as nobody)       [02:53] [PASS]
Test: /opt/util-tests/tests/ctf/precheck (run as root)            [00:00] [PASS]
Test: /opt/util-tests/tests/ctf/ctftest (run as root)             [00:05] [FAIL]
Test: /opt/util-tests/tests/demangle/afl-fast (run as root)       [00:01] [PASS]
Test: /opt/util-tests/tests/demangle/gcc-libstdc++ (run as root)  [00:00] [PASS]
Test: /opt/util-tests/tests/demangle/llvm-stdcxxabi (run as root) [00:00] [PASS]
Test: /opt/util-tests/tests/libcustr/custr_remove (run as root)   [00:00] [PASS]
Test: /opt/util-tests/tests/libcustr/custr_trunc (run as root)    [00:00] [PASS]
Test: /opt/util-tests/tests/libnvpair_json/json_00_blank (run as root) [00:00] [PASS]
Test: /opt/util-tests/tests/libnvpair_json/json_01_boolean (run as root) [00:00] [PASS]
Test: /opt/util-tests/tests/libnvpair_json/json_02_numbers (run as root) [00:00] [PASS]
Test: /opt/util-tests/tests/libnvpair_json/json_03_empty_arrays (run as root) [00:00] [PASS]
Test: /opt/util-tests/tests/libnvpair_json/json_04_number_arrays (run as root) [00:00] [PASS]
Test: /opt/util-tests/tests/libnvpair_json/json_05_strings (run as root) [00:00] [PASS]
Test: /opt/util-tests/tests/libnvpair_json/json_06_nested (run as root) [00:00] [PASS]
Test: /opt/util-tests/tests/libnvpair_json/json_07_nested_arrays (run as root) [00:00] [PASS]
Test: /opt/util-tests/tests/sed/sed_addr (run as root)            [00:00] [PASS]
Test: /opt/util-tests/tests/sed/multi_test (run as root)          [00:00] [PASS]

Results Summary
FAIL       1
PASS      34

Running Time:   00:03:28
Percent passed: 97.1%
Actions
Copy link
 #5

Updated by Electric Monk 5 months ago

  • Status changed from New to Closed
  • % Done changed from 90 to 100

git commit 0f56e145e1bddbb7bdc804efe2d5fcbe21d5aec2

commit  0f56e145e1bddbb7bdc804efe2d5fcbe21d5aec2
Author: Robert Mustacchi <rm@fingolfin.org>
Date:   2021-03-04T15:11:27.000Z

    13560 smbios(1m) should sanitize strings
    Reviewed by: Gordon Ross <gordon.w.ross@gmail.com>
    Reviewed by: Andy Fiddaman <andy@omniosce.org>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions
Copy link

Also available in: Atom PDF