commit 96a3ceb3d35bf5edcb9446aded8375d3b98b4f5b From: Cory Olmo <colmo@TrustedCS.com> This patch avoid the collision between commas in security contexts and the delimiter betweeen mount options. Signed-off-by: Karel Zak <kzak@redhat.com> Signed-off-by: Cory Olmo <colmo@TrustedCS.com> --- utils/mount/mount.c | 26 +++++++++++++++++++------- utils/mount/nfsmount.c | 34 ++++++++++++++++++++++++++++++---- 2 files changed, 49 insertions(+), 11 deletions(-) diff --git a/utils/mount/mount.c b/utils/mount/mount.c index b3d3696..f22747b 100644 --- a/utils/mount/mount.c +++ b/utils/mount/mount.c @@ -285,18 +285,30 @@ static void parse_opts (const char *opti { if (options != NULL) { char *opts = xstrdup(options); - char *opt; - int len = strlen(opts) + 20; - + char *opt, *p; + int len = strlen(opts) + 256; + int open_quote = 0; + *extra_opts = xmalloc(len); **extra_opts = '\0'; - for (opt = strtok(opts, ","); opt; opt = strtok(NULL, ",")) - parse_opt(opt, flags, *extra_opts, len); - + for (p=opts, opt=NULL; p && *p; p++) { + if (!opt) + opt = p; /* begin of the option item */ + if (*p == '"') + open_quote ^= 1; /* reverse the status */ + if (open_quote) + continue; /* still in quoted block */ + if (*p == ',') + *p = '\0'; /* terminate the option item */ + /* end of option item or last item */ + if (*p == '\0' || *(p+1) == '\0') { + parse_opt(opt, flags, *extra_opts, len); + opt = NULL; + } + } free(opts); } - } /* diff --git a/utils/mount/nfsmount.c b/utils/mount/nfsmount.c index 3ca9b80..08a8ac1 100644 --- a/utils/mount/nfsmount.c +++ b/utils/mount/nfsmount.c @@ -548,15 +548,31 @@ parse_options(char *old_opts, struct nfs struct pmap *mnt_pmap = &mnt_server->pmap; struct pmap *nfs_pmap = &nfs_server->pmap; int len; - char *opt, *opteq; + char *opt, *opteq, *p, *opt_b; char *mounthost = NULL; char cbuf[128]; + int open_quote = 0; data->flags = 0; *bg = 0; len = strlen(new_opts); - for (opt = strtok(old_opts, ","); opt; opt = strtok(NULL, ",")) { + for (p=old_opts, opt_b=NULL; p && *p; p++) { + if (!opt_b) + opt_b = p; /* begin of the option item */ + if (*p == '"') + open_quote ^= 1; /* reverse the status */ + if (open_quote) + continue; /* still in quoted block */ + if (*p == ',') + *p = '\0'; /* terminate the option item */ + if (*p == '\0' || *(p+1) == '\0') { + opt = opt_b; /* opt is useful now */ + opt_b = NULL; + } + else + continue; /* still somewhere in the option item */ + if (strlen(opt) >= sizeof(cbuf)) goto bad_parameter; if ((opteq = strchr(opt, '=')) && isdigit(opteq[1])) { @@ -671,13 +687,23 @@ #endif strcspn(opteq+1," \t\n\r,")); else if (!strcmp(opt, "context")) { char *context = opteq + 1; + int ctxlen = strlen(context); - if (strlen(context) > NFS_MAX_CONTEXT_LEN) { + if (ctxlen > NFS_MAX_CONTEXT_LEN) { printf(_("context parameter exceeds limit of %d\n"), NFS_MAX_CONTEXT_LEN); goto bad_parameter; } - strncpy(data->context, context, NFS_MAX_CONTEXT_LEN); + /* The context string is in the format of + * "system_u:object_r:...". We only want + * the context str between the quotes. + */ + if (*context == '"') + strncpy(data->context, context+1, + ctxlen-2); + else + strncpy(data->context, context, + NFS_MAX_CONTEXT_LEN); } else if (!sloppy) goto bad_parameter; sprintf(cbuf, "%s=%s,", opt, opteq+1);