Bug 12258 - no checking that lilo strings are valid
no checking that lilo strings are valid
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: anaconda (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Brock Organ
Brock Organ
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-06-14 11:27 EDT by James Manning
Modified: 2007-04-18 12:27 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-06-28 19:19:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Add checking for #, $, and = in lilo labels (483 bytes, patch)
2000-06-26 23:06 EDT, James Manning
no flags Details | Diff

  None (edit)
Description James Manning 2000-06-14 11:27:15 EDT
During the GUI installation of beta1, I wanted to check and see whether the
installer would only allow me to pass in a valid string for the lilo label
of my new installation.  No checking done, with the resulting file:

boot=/dev/sdb1
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
message=/boot/message
linear
default=?+!$!?!#$^%@%#&

image=/boot/vmlinuz-2.2.14-100smp
        label=?+!$!?!#$^%@%#&
        initrd=/boot/initrd-2.2.14-100smp.img
        read-only
        root=/dev/sdb1
        append="single"

image=/boot/vmlinuz-2.2.14-100
        label=?+!$!?!#$^%@%#&-up
        initrd=/boot/initrd-2.2.14-100.img
        read-only
        root=/dev/sdb1
        append="single"

As expected, lilo doesn't like that kind of string :)

[root@jmm-nt /root]# lilo
unknown variable "!" near line 8 in file /etc/lilo.conf

I'd imagine '#' and '$' need to get checked for at a minimum, but there
could be other special chars as well.
Comment 1 Michael Fulbright 2000-06-15 11:35:10 EDT
I will work only passing on reasonable characters - I had added a check to
not let users put ' ' in the name, but not the other characters you 
uncovered.
Comment 2 James Manning 2000-06-26 22:52:21 EDT
After doing some fairly extensive testing and then looking at lilo/cfg.c, it
looks like only a few other characters need to get added to the check.  I
couldn't figure out where the validation checking was happening for the TUI, so
I'd imagine this logic also needs to get replicated elsewhere.

--- anaconda-beta2/iw/lilo_gui.py.orig  Mon Jun 26 22:23:33 2000
+++ anaconda-beta2/iw/lilo_gui.py       Mon Jun 26 22:47:05 2000
@@ -91,7 +91,8 @@
     def labelInsertText(self, entry, text, len, data):
         i = 0
         while i < len:
-            if text[i] == ' ':
+            if text[i] == ' ' or text[i] == '#' \
+                    or text[i] == '$' or text[i] == '=':
                 entry.emit_stop_by_name ("insert_text");
                 return;
             i = i + 1
Comment 3 James Manning 2000-06-26 23:06:48 EDT
Created attachment 760 [details]
Add checking for #, $, and = in lilo labels
Comment 4 Michael Fulbright 2000-06-28 13:05:33 EDT
Thanks have applied your patch.

Please verify in test lab.
Comment 5 Brock Organ 2000-06-28 19:19:34 EDT
verified fix in internal build for some characters... error dialog "Boot label
contains illegal characters" appears for TUI ... GUI also does not allow the
illegal characters ...

Note You need to log in before you can comment on or make changes to this bug.