yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 06:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix printf escape errors in shell scripts

Browse source 
Fix `printf "$foo"` which treats the value of `foo` as a printf format
rather than a string.

I used the following command to find potentially problematic lines:
```
git ls-files '*.sh' | xargs egrep 'printf +("?[^"]*|[^ ]*)\$'
```
The remaining ones are false positives for this regexp.

The errors only had minor consequences: the output of `ssl-opt.sh`
contained lines like
```
Renegotiation: gnutls server strict, client-initiated .................. ./tests/ssl-opt.sh: 741: printf: %S: invalid directive
PASS
```
and in case of failure the GnuTLS command containing a substring like
`--priority=NORMAL:%SAFE_RENEGOTIATION` was not included in the log
file. With the current tests, there was no risk of a test failure
going undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2020-08-26 20:05:11 +02:00
parent 880f7f2c42
commit 231befab51
4 changed files with 24 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
tests/compat.sh
View file

@ -90,12 +90,12 @@ PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
print_usage() { print_usage() {
echo "Usage: $0" echo "Usage: $0"
printf " -h|--help\tPrint this help.\n" printf " -h|--help\tPrint this help.\n"
printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n" printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER"
printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n" printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE"
printf " -m|--modes\tWhich modes to perform (Default: '$MODES')\n" printf " -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES"
printf " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n" printf " -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES"
printf " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n" printf " -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES"
printf " -p|--peers\tWhich peers to use (Default: '$PEERS')\n" printf " -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS"
printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
printf " -M|--memcheck\tCheck memory leaks and errors.\n" printf " -M|--memcheck\tCheck memory leaks and errors.\n"
printf " -v|--verbose\tSet verbose output.\n" printf " -v|--verbose\tSet verbose output.\n"
@ -1107,7 +1107,7 @@ run_client() {
VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`" TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
TITLE="$TITLE $MODE,$VERIF $2" TITLE="$TITLE $MODE,$VERIF $2"
printf "$TITLE " printf "%s " "$TITLE"
LEN=$(( 72 - `echo "$TITLE" | wc -c` )) LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done; printf ' ' for i in `seq 1 $LEN`; do printf '.'; done; printf ' '

5
tests/context-info.sh
View file

@ -433,10 +433,11 @@ run_test "Binary file instead of text file" \
# End of tests # End of tests
echo
if [ $T_FAILED -eq 0 ]; then if [ $T_FAILED -eq 0 ]; then
printf "\nPASSED ( $T_COUNT tests )\n" echo "PASSED ( $T_COUNT tests )"
else else
printf "\nFAILED ( $T_FAILED / $T_COUNT tests )\n" echo "FAILED ( $T_FAILED / $T_COUNT tests )"
fi fi
exit $T_FAILED exit $T_FAILED

4
tests/scripts/check-names.sh
View file

@ -65,7 +65,7 @@ fi
diff macros identifiers | sed -n -e 's/< //p' > actual-macros diff macros identifiers | sed -n -e 's/< //p' > actual-macros
for THING in actual-macros enum-consts; do for THING in actual-macros enum-consts; do
printf "Names of $THING: " printf 'Names of %s: ' "$THING"
test -r $THING test -r $THING
BAD=$( grep -E -v '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$' $THING || true ) BAD=$( grep -E -v '^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
UNDERSCORES=$( grep -E '.*__.*' $THING || true ) UNDERSCORES=$( grep -E '.*__.*' $THING || true )
@ -81,7 +81,7 @@ for THING in actual-macros enum-consts; do
done done
for THING in identifiers; do for THING in identifiers; do
printf "Names of $THING: " printf 'Names of %s: ' "$THING"
test -r $THING test -r $THING
BAD=$( grep -E -v '^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$' $THING || true ) BAD=$( grep -E -v '^(mbedtls|psa)_[0-9a-z_]*[0-9a-z]$' $THING || true )
if [ "x$BAD" = "x" ]; then if [ "x$BAD" = "x" ]; then

24
tests/ssl-opt.sh
View file

@ -411,7 +411,7 @@ print_name() {
fi fi
LINE="$LINE$1" LINE="$LINE$1"
printf "$LINE " printf "%s " "$LINE"
LEN=$(( 72 - `echo "$LINE" | wc -c` )) LEN=$(( 72 - `echo "$LINE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done for i in `seq 1 $LEN`; do printf '.'; done
printf ' ' printf ' '
@ -738,12 +738,12 @@ run_test() {
fi fi
check_osrv_dtls check_osrv_dtls
printf "# $NAME\n$SRV_CMD\n" > $SRV_OUT printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
SRV_PID=$! SRV_PID=$!
wait_server_start "$SRV_PORT" "$SRV_PID" wait_server_start "$SRV_PORT" "$SRV_PID"
printf "# $NAME\n$CLI_CMD\n" > $CLI_OUT printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
eval "$CLI_CMD" >> $CLI_OUT 2>&1 & eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
wait_client_done wait_client_done
@ -3023,12 +3023,12 @@ run_test "Session resume using cache, DTLS: openssl server" \
# Tests for Max Fragment Length extension # Tests for Max Fragment Length extension
if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n" printf '%s defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}"
exit 1 exit 1
fi fi
if [ $MAX_CONTENT_LEN -ne 16384 ]; then if [ $MAX_CONTENT_LEN -ne 16384 ]; then
printf "Using non-default maximum content length $MAX_CONTENT_LEN\n" echo "Using non-default maximum content length $MAX_CONTENT_LEN"
fi fi
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
@ -4182,14 +4182,14 @@ MAX_IM_CA='8'
MAX_IM_CA_CONFIG=$( ../scripts/config.py get MBEDTLS_X509_MAX_INTERMEDIATE_CA) MAX_IM_CA_CONFIG=$( ../scripts/config.py get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
printf "The ${CONFIG_H} file contains a value for the configuration of\n" cat <<EOF
printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the scripts\n" ${CONFIG_H} contains a value for the configuration of
printf "test value of ${MAX_IM_CA}. \n" MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script's
printf "\n" test value of ${MAX_IM_CA}.
printf "The tests assume this value and if it changes, the tests in this\n"
printf "script should also be adjusted.\n"
printf "\n"
The tests assume this value and if it changes, the tests in this
script should also be adjusted.
EOF
exit 1 exit 1
fi fi