Ubuntu
sblim-wbemcli package

should escape backslash character in CimXml::unescapeXml()

Bug #384721 reported by Anon Sricharoenchai
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
SBLIM
Unknown
Unknown
sblim-wbemcli (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

According to the function Cimom::unescapeXml() in CimXml.cpp, in addition to
escaping the quote character, it should also escape the backslash character.

Without escaping backslash, if the string is ended with backslash,
the quoted text output will be ambiguous. The backslash at the end
will be attached to the closing quote, and be interpreted as an escaped
quote character.

According to,
   xml: a" --> text output: "a\"" --> interpreted as: a"
then the following will be ambiguous,
   xml: a\ --> text output: "a\" --> interpreted as: a" (with trailing garbage characters)

The function then should be fixed like this, (converting "&xxx;" should also be case-insensitive)

 string Cimom::unescapeXml(const char *m, int nq)
 {
- #define REPL(str,chrs) if(strncmp(p,str,strlen(str))==0) \
+ #define REPL(str,chrs) if(strncasecmp(p,str,strlen(str))==0) \
  { strcpy (q,(chrs)); \
    q+=strlen(chrs); \
    p+=strlen(str); }

   const char *quotereplace = nq ? "\\\"" : "\"";
+ const char *backslashreplace = nq ? "\\\\" : "\\";
   const char *p;
   char *q, *buf = (char *) alloca(strlen(m));
   for(p=m,q=buf; *p;)
+ // Without escaping backslash, if the string is ended with backslash,
+ // the quoted text output will be ambiguous. The backslash at the end
+ // will be attached to the closing quote, and be interpreted as an escaped
+ // quote character, like this,
+ // * xml: a\ --> text output: "a\" --> incorrectly interpreted as: a"
+ // * xml: a" --> text output: "a\"" --> correctly interpreted as: a"
+ REPL("\\",backslashreplace) else // xml: a\ --> output: "a\\"
     if(*p!='&') { *q++ = *p++; }
       else {
       REPL(">",">")

Revision history for this message
Thierry Carrez (ttx) wrote :

Thanks for reporting this bug !
Given the sensitivity of escaping code in general, could you submit it on the SBLIM bugtracker so that the issue gets reviewed and discussed by upstream developers ?

http://sourceforge.net/tracker/?group_id=128809&atid=712784

If you can't, I'll open it myself, but I probably couldn't defend the proposed patch as well as you would :)

Furthermore, do you see an easy way to reproduce the bug with the stack currently in Ubuntu (how to "inject" a value that ends in \ and that we could use wbemcli to read) ?

Revision history for this message
Anon Sricharoenchai (anon-hui) wrote : Re: [Bug 384721] Re: should escape backslash character in CimXml::unescapeXml()

> Given the sensitivity of escaping code in general, could you submit it on the SBLIM bugtracker so that the issue gets reviewed and discussed by upstream developers ?
>

Done,
https://sourceforge.net/tracker/?func=detail&aid=2805214&group_id=128809&atid=712784

>
> Furthermore, do you see an easy way to reproduce the bug with the stack
> currently in Ubuntu (how to "inject" a value that ends in \ and that we
> could use wbemcli to read) ?
>

1. In my environment, I use wbemcli from ubuntu to connect to a
windows machine with wbem service installed.

2. On windows machine, create a share folder, with

    Share name: test
    Comment: test"Test\

3. Running the following wbemcli command from ubuntu will return the
result like,

    $ wbemcli gi 'http://user:pass@hostname/root/cimv2:Win32_Share.Name="test"'
    hostname:5988/root/cimv2:...,Caption="test\"Test\",Description"test...

4. It will be more chaos, if the share comment is: test=5,",Test\

Revision history for this message
Anon Sricharoenchai (anon-hui) wrote :

>
> $ wbemcli gi 'http://user:pass@hostname/root/cimv2:Win32_Share.Name="test"'
> hostname:5988/root/cimv2:...,Caption="test\"Test\",Description"test...
>

Some typo in the above output (missing "=" after "Description"),

    $ wbemcli gi 'http://user:pass@hostname/root/cimv2:Win32_Share.Name="test"'
    hostname:5988/root/cimv2:...,Caption="test\"Test\",Description="test...

Revision history for this message
Thierry Carrez (ttx) wrote :

Fix is in progress upstream.

Changed in sblim-wbemcli (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Thierry Carrez (ttx) wrote :

Fixed in 1.6.1, package needs an update

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package sblim-wbemcli - 1.6.1-0ubuntu1

---------------
sblim-wbemcli (1.6.1-0ubuntu1) lucid; urgency=low

  * New upstream release, fixes LP: #384721
  * Removed patches, all included upstream as of 1.6.1.
  * Updated debhelper dependency and Standards-Version to fix lintian warnings
 -- Thierry Carrez <email address hidden> Tue, 16 Feb 2010 09:35:59 +0100

Changed in sblim-wbemcli (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.