Remove escaping of backslashes to support literal ${var}

THIS IS A BACKWARDS INCOMPATIBLE CHANGE THAT AFFECTS FW FILE CREATION. It does not affect processing of fw files so you don't need to worry about change fwup versions on existing devices or worry about applying .fw files created with old versions of fwup. Automatic escaping of backslashes made it impossible to write `${var}` to a U-Boot variable. Here's why. When doing this, you have to remember that `fwup` evaluates variable substitution twice - once when making the .fw file and once when applying it. You obviously have to escape the `$` when creating the .fw file. That made sense. Then to survive the apply step, you'd think that you could double escape the `$`. You'd be wrong, though, since `fwup` was escaping the backslashes that you were adding writing the configuration to the .fw file. Therefore, the variable substitution was guaranteed to happen since you couldn't double escape a `$`. Amazingly, the auto-escaping behavior was only tested in the regression tests via the exec test on Windows - a combination that would never be used for real. When you run into this issue, it's weird enough to be pretty confusing, imho. Hopefully that and how rare should have been in real uses cases makes this something that no one actually did. This changes string processing to not automatically escape backslashes when creating the .fw file. It is possible to escape a `$` through to the end. This allows you to write a U-Boot environment variable with a `${var}` in it. This also locks down string processing behaviors by adding unit tests.
fwup-home · Jan 29, 2024 · 545d54d · 545d54d
1 parent 704e4ca
commit 545d54d
Show file tree

Hide file tree

Showing 5 changed files with 64 additions and 4 deletions.
diff --git a/src/cfgprint.c b/src/cfgprint.c
@@ -70,12 +70,15 @@ static void fwup_cfg_opt_nprint_var(cfg_opt_t *opt, unsigned int index, struct s
     case CFGT_STR:
     {
         const char *str = cfg_opt_getnstr(opt, index);
+        // Fwup's feature of re-evaluating strings when applying firmware
+        // updates is a feature and used to modify behavior when applying
+        // firmware updates (aka runtime). Fwup has always escaped double
+        // quotes, though, since it really messes up error messages when
+        // double quotes aren't escaped.
         ssprintf(s, "\"");
         while (str && *str) {
             if (*str == '"')
                 ssprintf(s, "\\\"");
-            else if (*str == '\\')
-                ssprintf(s, "\\\\");
             else
                 ssprintf(s, "%c", *str);
             str++;

diff --git a/tests/004_env_vars.test b/tests/004_env_vars.test
@@ -16,6 +16,12 @@ cat >"$CONFIG" <<EOF
 # Test substitution in a field
 meta-product = \${TEST_ENV_VAR}
 
+# Test substitution in double quotes
+meta-author = "\${TEST_ENV_VAR}"
+
+# Test no substitution in single quotes
+meta-misc = '\${TEST_ENV_VAR}'
+
 # Test substitution in a resource name
 file-resource "\${TEST_ENV_VAR}" {
         # Test substitution in the middle of a string
@@ -30,6 +36,8 @@ EOF
 
 cat >"$EXPECTED_META_CONF" <<EOF
 meta-product="${TEST_ENV_VAR}"
+meta-author="${TEST_ENV_VAR}"
+meta-misc="\${TEST_ENV_VAR}"
 file-resource "${TEST_ENV_VAR}" {
   length=1024
   blake2b-256="b25c2dfe31707f5572d9a3670d0dcfe5d59ccb010e6aba3b81aad133eb5e378b"

diff --git a/tests/135_execute.test b/tests/135_execute.test
@@ -14,7 +14,10 @@ EXE_CMD="dd if=${LOCAL_FILE} of=${OUTFILE}"
 
 if [ "$CC" = "x86_64-w64-mingw32-gcc" -o "$MODE" = "windows" ]; then
     # dd usually isn't available on Windows
-    EXE_CMD="copy work-135_execute.test\\\\somefile.txt work-135_execute.test\\\\output.txt"
+    #
+    # 8 backslashes to get 1 backslash since the string gets evaluated 3 times:
+    # shell script, fwup create, fwup apply. :(
+    EXE_CMD="copy work-135_execute.test\\\\\\\\somefile.txt work-135_execute.test\\\\\\\\output.txt"
 fi
 
 cat >$LOCAL_FILE <<EOF

diff --git a/tests/201_string_handling.test b/tests/201_string_handling.test
@@ -0,0 +1,45 @@
+#!/bin/sh
+
+#
+# Test environment variables embedded in strings in the config files
+#
+# If this fails, you're using an old version of libconfuse. This is sadly
+# very common. See the readme, but the basic fix is to go to the libconfuse
+# GitHub and build it yourself.
+#
+
+. "$(cd "$(dirname "$0")" && pwd)/common.sh"
+
+export TEST_ENV_VAR=1K.bin
+
+cat >$CONFIG <<EOF
+# Escape sequence in double quotes
+meta-product = "Octal \044 and hex \x3c"
+# Backslashes are escaped
+meta-description = "\\\\$"
+# Escape sequences and variables dont get processed in single quotes
+meta-version = '\044 \x3c \${}'
+# Substitution happens in double quotes
+meta-author = "Substitution \${}"
+# Escapes quotes in double quotes (fwup weird behavior 1)
+meta-platform = "\"\""
+# Escapes quotes in single quotes (fwup weird behavior 2)
+meta-architecture = '""'
+EOF
+
+cat >$EXPECTED_META_CONF <<EOF
+meta-product="Octal $ and hex <"
+meta-description="\\$"
+meta-version="\044 \x3c \${}"
+meta-author="Substitution"
+meta-platform="\"\""
+meta-architecture="\"\""
+EOF
+
+$FWUP_CREATE -c -f $CONFIG -o $FWFILE
+
+# Check that the zip file was created as expected
+check_meta_conf
+
+# Check that the verify logic works on this file
+$FWUP_VERIFY -V -i $FWFILE
diff --git a/tests/Makefile.am b/tests/Makefile.am
@@ -200,6 +200,7 @@ TESTS = 001_simple_fw.test \
 	197_fractional_end_segment.test \
 	198_gpt_partial.test \
 	199_partial_read.test \
-	200_uboot_redundant_255.test
+	200_uboot_redundant_255.test \
+	201_string_handling.test
 
 EXTRA_DIST = $(TESTS) common.sh 1K.bin 1K-corrupt.bin 150K.bin