diff options
| author | Keir Fraser <keir.fraser@citrix.com> | 2007-12-05 11:05:47 +0000 |
|---|---|---|
| committer | Keir Fraser <keir.fraser@citrix.com> | 2007-12-05 11:05:47 +0000 |
| commit | dd36792405db37a70f76b7df23e2463499f21d9a (patch) | |
| tree | 5bb17e14ea5fc5c30e03d9b190639e65f955520c /tools/xenstore/xenstore_client.c | |
| parent | 614f395bfd671d3a70479792121af87ad8bf3b07 (diff) | |
| download | xen-dd36792405db37a70f76b7df23e2463499f21d9a.tar.gz xen-dd36792405db37a70f76b7df23e2463499f21d9a.tar.bz2 xen-dd36792405db37a70f76b7df23e2463499f21d9a.zip | |
xenstore: deprecating but \-quoting binary data.
Presently it's not clear what the allowable character set is for
values in xenstore. The current command-line tools just pass values
to printf("%s",...) so implicitly assume that it's 7-bit printable
ASCII (since the interpretation of 8-bit characters would be unclear).
However there are rumours of programs which dump binary data into
xenstore and/or bugs involving nul bytes being added to the ends of
xenstore values (and even of some drivers insisting on a spurious
nul).
There isn't all that much useful documentation about xenstore. There
is a doc detailing which xenstore keys may be used and what their
meanings are (interface.tex) but it is very out of date, amongst other
reasons because it's in format which is not very easy to update when
adding functionality to the code and because there is no way to check
programs' behaviour in xenstore against the spec. I think the
xenstore part of interface.tex should be replaced with a new document
in a simpler format, which should amonst other things be sufficiently
machine-readable that automatic testing could reveal at least basic
out-of-spec behaviours like setting or using undocumented keys.
This new document ought to specify the allowable character set of both
keys and values, and ought to specify the xenstored protocol as well.
It seems to me that the appropriate character set for xenstore values
is 7-bit printing ASCII (0x20..0x7e). Values should not have a
trailing nul byte `on the wire' but of course the xs library interface
should continue to add an additional nul beyond the quoted length for
the convenience of callers.
That is consistent with nearly all of the existing uses and makes the
whole system much more tractable compared to an explicit expectation
that binary data will be stored. (For example, if we like binary data
in xenstore, why are uuids represented in their printable hex
encoding?) xenstore data is supposedly non-performance-critical
metadata for use by control plane machinery so the overhead of
printing and parsing text strings is hardly a problem.
Applications which set binary values should be deprecated but to avoid
breaking those applications xenstored should continue indefinitely to
be binary-transparent.
Under these circumstances it can only be regarded as a bug that the
current command-line tools are lossy in the presence of binary data.
Not only does this make them break for those now-deprecated uses, but
it also prevents them from being used to detect and debug problems
relating to the exact byte strings being recorded in xenstore.
As a first step towards the utopia I describe above, this patch
causes xenstore-read and -ls to \-escape the values of xenstore
keys, and xenstore-write to un-\-escape them. The escaping is a
subset of that permitted by C89; only \t \r \n \\ and hex and octal
are used and recognised. (So no \f, \a etc.)
This change will not change the representation by these tools of
values which contain only 7-bit printing ASCII characters unless they
contain \'s.
Values which contain \'s will need to be quoted on entry and dequoted
on exit if being manipulated by xenstore-*. The only values likely to
be affected are paths in Windows guest filesystems and in practice we
believe that any such filename which is actually relevant to anything
will be set other than via xenstore-write.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Diffstat (limited to 'tools/xenstore/xenstore_client.c')
| -rw-r--r-- | tools/xenstore/xenstore_client.c | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/tools/xenstore/xenstore_client.c b/tools/xenstore/xenstore_client.c index c34dcbfc70..0f36356233 100644 --- a/tools/xenstore/xenstore_client.c +++ b/tools/xenstore/xenstore_client.c @@ -138,19 +138,25 @@ perform(int optind, int argc, char **argv, struct xs_handle *xsh, { while (optind < argc) { #if defined(CLIENT_read) - char *val = xs_read(xsh, xth, argv[optind], NULL); + struct expanding_buffer ebuf; + unsigned len; + char *val = xs_read(xsh, xth, argv[optind], &len); if (val == NULL) { warnx("couldn't read path %s", argv[optind]); return 1; } if (prefix) output("%s: ", argv[optind]); - output("%s\n", val); + output("%s\n", sanitise_value(&ebuf, val, len)); free(val); optind++; #elif defined(CLIENT_write) - if (!xs_write(xsh, xth, argv[optind], argv[optind + 1], - strlen(argv[optind + 1]))) { + struct expanding_buffer ebuf; + char *val_spec = argv[optind + 1]; + unsigned len; + expanding_buffer_ensure(&ebuf, strlen(val_spec)+1); + unsanitise_value(ebuf.buf, &len, val_spec); + if (!xs_write(xsh, xth, argv[optind], ebuf.buf, len)) { warnx("could not write path %s", argv[optind]); return 1; } @@ -179,9 +185,10 @@ perform(int optind, int argc, char **argv, struct xs_handle *xsh, slash = strrchr(p, '/'); if (slash) { char *val; + unsigned len; *slash = '\0'; - val = xs_read(xsh, xth, p, NULL); - if (val && strlen(val) == 0) { + val = xs_read(xsh, xth, p, &len); + if (val && len == 0) { unsigned int num; char ** list = xs_directory(xsh, xth, p, &num); |