Bug 12258 - no checking that lilo strings are valid
Summary: no checking that lilo strings are valid
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: anaconda   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Brock Organ
QA Contact: Brock Organ
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-06-14 15:27 UTC by James Manning
Modified: 2007-04-18 16:27 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-06-28 23:19:35 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Add checking for #, $, and = in lilo labels (483 bytes, patch)
2000-06-27 03:06 UTC, James Manning
no flags Details | Diff

Description James Manning 2000-06-14 15:27:15 UTC
During the GUI installation of beta1, I wanted to check and see whether the
installer would only allow me to pass in a valid string for the lilo label
of my new installation.  No checking done, with the resulting file:

boot=/dev/sdb1
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
message=/boot/message
linear
default=?+!$!?!#$^%@%#&

image=/boot/vmlinuz-2.2.14-100smp
        label=?+!$!?!#$^%@%#&
        initrd=/boot/initrd-2.2.14-100smp.img
        read-only
        root=/dev/sdb1
        append="single"

image=/boot/vmlinuz-2.2.14-100
        label=?+!$!?!#$^%@%#&-up
        initrd=/boot/initrd-2.2.14-100.img
        read-only
        root=/dev/sdb1
        append="single"

As expected, lilo doesn't like that kind of string :)

[root@jmm-nt /root]# lilo
unknown variable "!" near line 8 in file /etc/lilo.conf

I'd imagine '#' and '$' need to get checked for at a minimum, but there
could be other special chars as well.

Comment 1 Michael Fulbright 2000-06-15 15:35:10 UTC
I will work only passing on reasonable characters - I had added a check to
not let users put ' ' in the name, but not the other characters you 
uncovered.

Comment 2 James Manning 2000-06-27 02:52:21 UTC
After doing some fairly extensive testing and then looking at lilo/cfg.c, it
looks like only a few other characters need to get added to the check.  I
couldn't figure out where the validation checking was happening for the TUI, so
I'd imagine this logic also needs to get replicated elsewhere.

--- anaconda-beta2/iw/lilo_gui.py.orig  Mon Jun 26 22:23:33 2000
+++ anaconda-beta2/iw/lilo_gui.py       Mon Jun 26 22:47:05 2000
@@ -91,7 +91,8 @@
     def labelInsertText(self, entry, text, len, data):
         i = 0
         while i < len:
-            if text[i] == ' ':
+            if text[i] == ' ' or text[i] == '#' \
+                    or text[i] == '$' or text[i] == '=':
                 entry.emit_stop_by_name ("insert_text");
                 return;
             i = i + 1


Comment 3 James Manning 2000-06-27 03:06:48 UTC
Created attachment 760 [details]
Add checking for #, $, and = in lilo labels

Comment 4 Michael Fulbright 2000-06-28 17:05:33 UTC
Thanks have applied your patch.

Please verify in test lab.

Comment 5 Brock Organ 2000-06-28 23:19:34 UTC
verified fix in internal build for some characters... error dialog "Boot label
contains illegal characters" appears for TUI ... GUI also does not allow the
illegal characters ...


Note You need to log in before you can comment on or make changes to this bug.