This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
[patch 1/2] auto-load safe-path: Permit shell wildcards
- From: Jan Kratochvil <jan dot kratochvil at redhat dot com>
- To: gdb-patches at sourceware dot org
- Date: Sun, 17 Jun 2012 21:37:03 +0200
- Subject: [patch 1/2] auto-load safe-path: Permit shell wildcards
Hi,
it was found out in practice users automatically expect
'set auto-load safe-path' and/or 'add-auto-load-safe-path' also accept shell
wildcards, such as:
set auto-load safe-path /usr/src/gcc*.*/.gdbinit
Therefore this patch implements it. It is apparently fully backward
compatible. The text talks mostly about directories although it could always
have been also filenames and now they are also shell wildcard patterns; but
the intention is to put there directories IMO.
The big issue there is MinGW. One problem is that fnmatch does not support
'\' pathnames. This matters for FNM_FILE_NAME. Without '\' supported GDB
will incorrectly act as:
auto-load: File "c:\gdb\gdb.exe-gdb.gdb" matches directory "c:\*-gdb.gdb".
One may ask whether the safe-path pattern should follow FNM_FILE_NAME or not,
I believe it should as it is IMO how the users expect it. The correct result
would be:
auto-load: Matching file "/tmp/gdb-gdb.gdb" to pattern "/*-gdb.gdb"
auto-load: Not matched - pattern "/*-gdb.gdb".
Unfortunately even if one manually transforms '\'->'/' for fnmatch
compatibility by current gdb_filename_fnmatch there remains a bug in
library/fnmatch.c where even then it will still incorrectly match:
auto-load: File "c:\gdb\gdb.exe-gdb.gdb" matches directory "c:\*-gdb.gdb".
More in [patch 2/2] [mingw] about this bug.
BTW I have verified that MS-Windows native function GetFullPathName transforms
'/' -> '\':
auto-load: Using directory "c:/gdb".
auto-load: And canonicalized as "c:\gdb".
I tried it on Windows8-ReleasePreview-64bit-English.iso but with the
transformation by gdb_filename_fnmatch GDB does no longer need to depend on it
(I am for example not sure if older MS-Windows also behaved that way).
No regressions on {x86_64,x86_64-m32,i686}-fedorarawhide-linux-gnu.
gdb/
2012-06-17 Jan Kratochvil <jan.kratochvil@redhat.com>
Support shell wildcards for 'set auto-load safe-path'.
* auto-load.c: Include fnmatch.h.
(filename_is_in_dir): Rename to ...
(filename_is_in_pattern): ... here. Update function comment. Rename
dir_len to pattern_len. New variables filename_len, pattern and
filename. Add more DEBUG_AUTO_LOAD messages. Use gdb_filename_fnmatch.
(filename_is_in_auto_load_safe_path_vec): Rename variable dir to
pattern.
(_initialize_auto_load): Extend the "set auto-load safe-path" help text.
* defs.h (gdb_filename_fnmatch): New declaration.
* utils.c: Include fnmatch.h.
(gdb_filename_fnmatch): New function.
gdb/doc/
2012-06-17 Jan Kratochvil <jan.kratochvil@redhat.com>
* gdb.texinfo (Auto-loading safe path): Note the shell wildcard
possibility.
diff --git a/gdb/auto-load.c b/gdb/auto-load.c
index cfcab7b..9232fcb 100644
--- a/gdb/auto-load.c
+++ b/gdb/auto-load.c
@@ -36,6 +36,7 @@
#include "readline/tilde.h"
#include "completer.h"
#include "observer.h"
+#include "fnmatch.h"
/* The suffix of per-objfile scripts to auto-load as non-Python command files.
E.g. When the program loads libfoo.so, look for libfoo-gdb.gdb. */
@@ -297,27 +298,72 @@ Use 'set auto-load safe-path /' for disabling the auto-load safe-path security.\
auto_load_safe_path_vec_update ();
}
-/* Return 1 if FILENAME is equal to DIR or if FILENAME belongs to the
- subdirectory DIR. Return 0 otherwise. gdb_realpath normalization is never
- done here. */
+/* Return 1 if FILENAME matches PATTERN or if FILENAME belongs to
+ a subdirectory permitted by PATTERN. Return 0 otherwise.
+ gdb_realpath normalization is never done here. */
static ATTRIBUTE_PURE int
-filename_is_in_dir (const char *filename, const char *dir)
+filename_is_in_pattern (const char *filename_orig, const char *pattern_orig)
{
- size_t dir_len = strlen (dir);
+ size_t pattern_len = strlen (pattern_orig);
+ size_t filename_len = strlen (filename_orig);
+ char *pattern, *filename;
- while (dir_len && IS_DIR_SEPARATOR (dir[dir_len - 1]))
- dir_len--;
+ pattern = alloca (pattern_len + 1);
+ strcpy (pattern, pattern_orig);
+ filename = alloca (filename_len + 1);
+ strcpy (filename, filename_orig);
+
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog, _("auto-load: Matching file \"%s\" "
+ "to pattern \"%s\"\n"),
+ filename, pattern);
+
+ /* Trim trailing slashes ("/") from PATTERN. */
+ while (pattern_len && IS_DIR_SEPARATOR (pattern[pattern_len - 1]))
+ pattern_len--;
+ pattern[pattern_len] = '\0';
/* Ensure auto_load_safe_path "/" matches any FILENAME. On MS-Windows
platform FILENAME even after gdb_realpath does not have to start with
IS_DIR_SEPARATOR character, such as the 'C:\x.exe' filename. */
- if (dir_len == 0)
- return 1;
+ if (pattern_len == 0)
+ {
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog,
+ _("auto-load: Matched - empty pattern\n"));
+ return 1;
+ }
+
+ for (;;)
+ {
+ /* Trim trailing slashes ("/"). */
+ while (filename_len && IS_DIR_SEPARATOR (filename[filename_len - 1]))
+ filename_len--;
+ filename[filename_len] = '\0';
+ if (filename_len == 0)
+ {
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog,
+ _("auto-load: Not matched - pattern \"%s\".\n"),
+ pattern);
+ return 0;
+ }
- return (filename_ncmp (dir, filename, dir_len) == 0
- && (IS_DIR_SEPARATOR (filename[dir_len])
- || filename[dir_len] == '\0'));
+ if (gdb_filename_fnmatch (pattern, filename, FNM_FILE_NAME | FNM_NOESCAPE)
+ == 0)
+ {
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog, _("auto-load: Matched - file "
+ "\"%s\" to pattern \"%s\".\n"),
+ filename, pattern);
+ return 1;
+ }
+
+ /* Trim trailing FILENAME component. */
+ while (filename_len > 0 && !IS_DIR_SEPARATOR (filename[filename_len - 1]))
+ filename_len--;
+ }
}
/* Return 1 if FILENAME belongs to one of directory components of
@@ -330,14 +376,15 @@ static int
filename_is_in_auto_load_safe_path_vec (const char *filename,
char **filename_realp)
{
- char *dir;
+ char *pattern;
int ix;
- for (ix = 0; VEC_iterate (char_ptr, auto_load_safe_path_vec, ix, dir); ++ix)
- if (*filename_realp == NULL && filename_is_in_dir (filename, dir))
+ for (ix = 0; VEC_iterate (char_ptr, auto_load_safe_path_vec, ix, pattern);
+ ++ix)
+ if (*filename_realp == NULL && filename_is_in_pattern (filename, pattern))
break;
- if (dir == NULL)
+ if (pattern == NULL)
{
if (*filename_realp == NULL)
{
@@ -350,18 +397,18 @@ filename_is_in_auto_load_safe_path_vec (const char *filename,
}
if (strcmp (*filename_realp, filename) != 0)
- for (ix = 0; VEC_iterate (char_ptr, auto_load_safe_path_vec, ix, dir);
- ++ix)
- if (filename_is_in_dir (*filename_realp, dir))
+ for (ix = 0;
+ VEC_iterate (char_ptr, auto_load_safe_path_vec, ix, pattern); ++ix)
+ if (filename_is_in_pattern (*filename_realp, pattern))
break;
}
- if (dir != NULL)
+ if (pattern != NULL)
{
if (debug_auto_load)
fprintf_unfiltered (gdb_stdlog, _("auto-load: File \"%s\" matches "
"directory \"%s\".\n"),
- filename, dir);
+ filename, pattern);
return 1;
}
@@ -1135,7 +1182,8 @@ be located in one of the directories listed by this option. Warning will be\n\
printed and file will not be used otherwise.\n\
Setting this parameter to an empty list resets it to its default value.\n\
Setting this parameter to '/' (without the quotes) allows any file\n\
-for the 'set auto-load ...' options.\n\
+for the 'set auto-load ...' options. Each directory can be also shell\n\
+wildcard pattern; '*' does not match directory separator.\n\
This option is ignored for the kinds of files having 'set auto-load ... off'.\n\
This options has security implications for untrusted inferiors."),
set_auto_load_safe_path,
diff --git a/gdb/defs.h b/gdb/defs.h
index 03092aa..1c6fa79 100644
--- a/gdb/defs.h
+++ b/gdb/defs.h
@@ -388,6 +388,9 @@ extern void substitute_path_component (char **stringp, const char *from,
extern pid_t wait_to_die_with_timeout (pid_t pid, int *status, int timeout);
#endif
+extern int gdb_filename_fnmatch (const char *pattern, const char *string,
+ int flags);
+
/* Annotation stuff. */
diff --git a/gdb/doc/gdb.texinfo b/gdb/doc/gdb.texinfo
index a14e322..865b547 100644
--- a/gdb/doc/gdb.texinfo
+++ b/gdb/doc/gdb.texinfo
@@ -21451,6 +21451,7 @@ As the files of inferior can come from untrusted source (such as submitted by
an application user) @value{GDBN} does not always load any files automatically.
@value{GDBN} provides the @samp{set auto-load safe-path} setting to list
directories trusted for loading files not explicitly requested by user.
+Each directory can be also shell wildcard pattern.
If the path is not set properly you will see a warning and the file will not
get loaded:
@@ -21474,6 +21475,8 @@ The list of trusted directories is controlled by the following commands:
@item set auto-load safe-path @r{[}@var{directories}@r{]}
Set the list of directories (and their subdirectories) trusted for automatic
loading and execution of scripts. You can also enter a specific trusted file.
+Each directory can be also shell wildcard pattern; '*' matches only single
+component, it does not match across directory separator.
If you omit @var{directories}, @samp{auto-load safe-path} will be reset to
its default value as specified during @value{GDBN} compilation.
diff --git a/gdb/utils.c b/gdb/utils.c
index 2d607ef..5566149 100644
--- a/gdb/utils.c
+++ b/gdb/utils.c
@@ -26,6 +26,7 @@
#include "event-top.h"
#include "exceptions.h"
#include "gdbthread.h"
+#include "fnmatch.h"
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#endif /* HAVE_SYS_RESOURCE_H */
@@ -3840,6 +3841,49 @@ wait_to_die_with_timeout (pid_t pid, int *status, int timeout)
#endif /* HAVE_WAITPID */
+/* Provide fnmatch compatible function for FNM_FILE_NAME matching of host files.
+ Both FNM_FILE_NAME and FNM_NOESCAPE must be set in FLAGS.
+
+ It handles correctly HAVE_DOS_BASED_FILE_SYSTEM and
+ HAVE_CASE_INSENSITIVE_FILE_SYSTEM. */
+
+int
+gdb_filename_fnmatch (const char *pattern, const char *string, int flags)
+{
+ gdb_assert ((flags & FNM_FILE_NAME) != 0);
+
+ /* It is unclear how '\' escaping vs. directory separator should coexist. */
+ gdb_assert ((flags & FNM_NOESCAPE) != 0);
+
+#ifdef HAVE_DOS_BASED_FILE_SYSTEM
+ {
+ char *pattern_slash, *string_slash;
+
+ /* Replace '\' by '/' in both strings. */
+
+ pattern_slash = alloca (strlen (pattern) + 1);
+ strcpy (pattern_slash, pattern);
+ pattern = pattern_slash;
+ for (; *pattern_slash != 0; pattern_slash++)
+ if (IS_DIR_SEPARATOR (*pattern_slash))
+ *pattern_slash = '/';
+
+ string_slash = alloca (strlen (string) + 1);
+ strcpy (string_slash, string);
+ string = string_slash;
+ for (; *string_slash != 0; string_slash++)
+ if (IS_DIR_SEPARATOR (*string_slash))
+ *string_slash = '/';
+ }
+#endif /* HAVE_DOS_BASED_FILE_SYSTEM */
+
+#ifdef HAVE_CASE_INSENSITIVE_FILE_SYSTEM
+ flags |= FNM_CASEFOLD;
+#endif /* HAVE_CASE_INSENSITIVE_FILE_SYSTEM */
+
+ return fnmatch (pattern, string, flags);
+}
+
/* Provide a prototype to silence -Wmissing-prototypes. */
extern initialize_file_ftype _initialize_utils;