Fix printf escape errors in shell scripts

Fix `printf "$foo"` which treats the value of `foo` as a printf format
rather than a string.

I used the following command to find potentially problematic lines:
```
git ls-files '*.sh' | xargs egrep 'printf +("?[^"]*|[^ ]*)\$'
```
The remaining ones are false positives for this regexp.

The errors only had minor consequences: the output of `ssl-opt.sh`
contained lines like
```
Renegotiation: gnutls server strict, client-initiated .................. ./tests/ssl-opt.sh: 741: printf: %S: invalid directive
PASS
```
and in case of failure the GnuTLS command containing a substring like
`--priority=NORMAL:%SAFE_RENEGOTIATION` was not included in the log
file. With the current tests, there was no risk of a test failure
going undetected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2020-08-26 20:05:11 +02:00
parent e7a9c3aeca
commit 352a7cf3ca
3 changed files with 26 additions and 26 deletions

View file

@ -112,12 +112,12 @@ PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
print_usage() { print_usage() {
echo "Usage: $0" echo "Usage: $0"
printf " -h|--help\tPrint this help.\n" printf " -h|--help\tPrint this help.\n"
printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '$FILTER')\n" printf " -f|--filter\tOnly matching ciphersuites are tested (Default: '%s')\n" "$FILTER"
printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '$EXCLUDE')\n" printf " -e|--exclude\tMatching ciphersuites are excluded (Default: '%s')\n" "$EXCLUDE"
printf " -m|--modes\tWhich modes to perform (Default: '$MODES')\n" printf " -m|--modes\tWhich modes to perform (Default: '%s')\n" "$MODES"
printf " -t|--types\tWhich key exchange type to perform (Default: '$TYPES')\n" printf " -t|--types\tWhich key exchange type to perform (Default: '%s')\n" "$TYPES"
printf " -V|--verify\tWhich verification modes to perform (Default: '$VERIFIES')\n" printf " -V|--verify\tWhich verification modes to perform (Default: '%s')\n" "$VERIFIES"
printf " -p|--peers\tWhich peers to use (Default: '$PEERS')\n" printf " -p|--peers\tWhich peers to use (Default: '%s')\n" "$PEERS"
printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n" printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
printf " -M|--memcheck\tCheck memory leaks and errors.\n" printf " -M|--memcheck\tCheck memory leaks and errors.\n"
printf " -v|--verbose\tSet verbose output.\n" printf " -v|--verbose\tSet verbose output.\n"
@ -1010,7 +1010,7 @@ run_client() {
VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]') VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`" TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
TITLE="$TITLE $MODE,$VERIF $2" TITLE="$TITLE $MODE,$VERIF $2"
printf "$TITLE " printf "%s " "$TITLE"
LEN=$(( 72 - `echo "$TITLE" | wc -c` )) LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done; printf ' ' for i in `seq 1 $LEN`; do printf '.'; done; printf ' '

View file

@ -92,7 +92,7 @@ fi
diff macros identifiers | sed -n -e 's/< //p' > actual-macros diff macros identifiers | sed -n -e 's/< //p' > actual-macros
for THING in actual-macros enum-consts; do for THING in actual-macros enum-consts; do
printf "Names of $THING: " printf 'Names of %s: ' "$THING"
test -r $THING test -r $THING
BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true ) BAD=$( grep -v '^MBEDTLS_[0-9A-Z_]*[0-9A-Z]$\|^YOTTA_[0-9A-Z_]*[0-9A-Z]$' $THING || true )
if [ "x$BAD" = "x" ]; then if [ "x$BAD" = "x" ]; then
@ -105,7 +105,7 @@ for THING in actual-macros enum-consts; do
done done
for THING in identifiers; do for THING in identifiers; do
printf "Names of $THING: " printf 'Names of %s: ' "$THING"
test -r $THING test -r $THING
BAD=$( grep -v '^mbedtls_[0-9a-z_]*[0-9a-z]$' $THING || true ) BAD=$( grep -v '^mbedtls_[0-9a-z_]*[0-9a-z]$' $THING || true )
if [ "x$BAD" = "x" ]; then if [ "x$BAD" = "x" ]; then

View file

@ -254,7 +254,7 @@ print_name() {
fi fi
LINE="$LINE$1" LINE="$LINE$1"
printf "$LINE " printf "%s " "$LINE"
LEN=$(( 72 - `echo "$LINE" | wc -c` )) LEN=$(( 72 - `echo "$LINE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done for i in `seq 1 $LEN`; do printf '.'; done
printf ' ' printf ' '
@ -518,12 +518,12 @@ run_test() {
fi fi
check_osrv_dtls check_osrv_dtls
printf "# $NAME\n$SRV_CMD\n" > $SRV_OUT printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
SRV_PID=$! SRV_PID=$!
wait_server_start "$SRV_PORT" "$SRV_PID" wait_server_start "$SRV_PORT" "$SRV_PID"
printf "# $NAME\n$CLI_CMD\n" > $CLI_OUT printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
eval "$CLI_CMD" >> $CLI_OUT 2>&1 & eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
wait_client_done wait_client_done
@ -1699,14 +1699,14 @@ MAX_CONTENT_LEN_EXPECT='16384'
MAX_CONTENT_LEN_CONFIG=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN) MAX_CONTENT_LEN_CONFIG=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN)
if [ -n "$MAX_CONTENT_LEN_CONFIG" ] && [ "$MAX_CONTENT_LEN_CONFIG" -ne "$MAX_CONTENT_LEN_EXPECT" ]; then if [ -n "$MAX_CONTENT_LEN_CONFIG" ] && [ "$MAX_CONTENT_LEN_CONFIG" -ne "$MAX_CONTENT_LEN_EXPECT" ]; then
printf "The ${CONFIG_H} file contains a value for the configuration of\n" cat <<EOF
printf "MBEDTLS_SSL_MAX_CONTENT_LEN that is different from the scripts\n" The ${CONFIG_H} file contains a value for the configuration of
printf "test value of ${MAX_CONTENT_LEN_EXPECT}. \n" MBEDTLS_SSL_MAX_CONTENT_LEN that is different from the scripts
printf "\n" test value of ${MAX_CONTENT_LEN_EXPECT}.
printf "The tests assume this value and if it changes, the tests in this\n"
printf "script should also be adjusted.\n"
printf "\n"
The tests assume this value and if it changes, the tests in this
script should also be adjusted.
EOF
exit 1 exit 1
fi fi
@ -2644,14 +2644,14 @@ MAX_IM_CA='8'
MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
printf "The ${CONFIG_H} file contains a value for the configuration of\n" cat <<EOF
printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the scripts\n" ${CONFIG_H} contains a value for the configuration of
printf "test value of ${MAX_IM_CA}. \n" MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script's
printf "\n" test value of ${MAX_IM_CA}.
printf "The tests assume this value and if it changes, the tests in this\n"
printf "script should also be adjusted.\n"
printf "\n"
The tests assume this value and if it changes, the tests in this
script should also be adjusted.
EOF
exit 1 exit 1
fi fi