This is the mail archive of the
gdb-patches@sourceware.org
mailing list for the GDB project.
Re: [patch 1/2] auto-load safe-path: Permit shell wildcards
On Wed, 20 Jun 2012 21:36:14 +0200, Eli Zaretskii wrote:
> So you wanted to use 'const', which dominoed into a whole bunch of
> variable renaming and helper function. Looks like a net loss to me.
Yes. Not to me.
> > It will trim it to "d:" and then it will try to remove /+[^/]+ each time from
> > the filename reducing it also down to "d:". Therefore "d:/" will match any
> > file on drive d:.
>
> I'd say that warrants a comment, since the code looks plain wrong.
I have added:
Even for "d:\" paths as trailing slashes are trimmed also from
FILENAME it still matches correctly.
+
PATTERN also has slashes trimmed the same way so they will match.
> > So even a part of the directory ("src*") can be shell wildcard ("*").
> > "src*" is IMO 'shell wildcard pattern' and not 'shell wildcard'.
> > "*" is 'shell wildcard'.
>
> I believe you are talking about "wildcard character" as opposed to a
> "wildcard".
>
> > Do you still insist on your wording?
>
> I don't insist, but I still think "pattern" is redundant.
If it is only redundant I have kept it, Wiktionary considers "wildcard" to be
equivalent "wildcard character" and not to "wildcard pattern":
http://en.wiktionary.org/wiki/wildcard
1. (computing) A character that takes the place of any other character
or string that is not known or specified.
In searching, if a*m finds amalgam, atom and alum, then * is
acting as a wildcard.
> > > "... @samp{*} matches a single component ..."
> > >
> > > Should we describe all of the wildcard meta-characters, not just '*'?
> >
> > The goal was to express FNM_FILE_NAME is in use.
>
> I understand, but I'm not sure the readers will. It sounds strange to
> mention only one wildcard character, unless you already know that
> FNM_FILE_NAME is the issue, and you also know what it does.
Used:
Each directory can also be a shell wildcard pattern; wildcards do not match
directory separator - see @code{FNM_PATHNAME} for system function @code{fnmatch}
(@pxref{Wildcard Matching, fnmatch, , libc, GNU C Library Reference Manual}).
Thanks,
Jan
gdb/
2012-06-20 Jan Kratochvil <jan.kratochvil@redhat.com>
Support shell wildcards for 'set auto-load safe-path'.
* auto-load.c: Include fnmatch.h.
(filename_is_in_dir): Rename to ...
(filename_is_in_pattern_1, filename_is_in_pattern): ... here and split
it. Update function comment. Rename dir_len to pattern_len. New
variables filename_len, pattern and filename. Add more DEBUG_AUTO_LOAD
messages. Use gdb_filename_fnmatch.
(filename_is_in_auto_load_safe_path_vec): Rename variable dir to
pattern.
(_initialize_auto_load): Extend the "set auto-load safe-path" help text.
* defs.h (gdb_filename_fnmatch): New declaration.
* utils.c: Include fnmatch.h.
(gdb_filename_fnmatch): New function.
gdb/doc/
2012-06-20 Jan Kratochvil <jan.kratochvil@redhat.com>
* gdb.texinfo (Auto-loading safe path): Note the shell wildcard
possibility.
diff --git a/gdb/auto-load.c b/gdb/auto-load.c
index cfcab7b..87dd1e4 100644
--- a/gdb/auto-load.c
+++ b/gdb/auto-load.c
@@ -36,6 +36,7 @@
#include "readline/tilde.h"
#include "completer.h"
#include "observer.h"
+#include "fnmatch.h"
/* The suffix of per-objfile scripts to auto-load as non-Python command files.
E.g. When the program loads libfoo.so, look for libfoo-gdb.gdb. */
@@ -297,27 +298,85 @@ Use 'set auto-load safe-path /' for disabling the auto-load safe-path security.\
auto_load_safe_path_vec_update ();
}
-/* Return 1 if FILENAME is equal to DIR or if FILENAME belongs to the
- subdirectory DIR. Return 0 otherwise. gdb_realpath normalization is never
- done here. */
+/* Implementation for filename_is_in_pattern overwriting the caller's FILENAME
+ and PATTERN. */
-static ATTRIBUTE_PURE int
-filename_is_in_dir (const char *filename, const char *dir)
+static int
+filename_is_in_pattern_1 (char *filename, char *pattern)
{
- size_t dir_len = strlen (dir);
+ size_t pattern_len = strlen (pattern);
+ size_t filename_len = strlen (filename);
+
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog, _("auto-load: Matching file \"%s\" "
+ "to pattern \"%s\"\n"),
+ filename, pattern);
- while (dir_len && IS_DIR_SEPARATOR (dir[dir_len - 1]))
- dir_len--;
+ /* Trim trailing slashes ("/") from PATTERN. Even for "d:\" paths as
+ trailing slashes are trimmed also from FILENAME it still matches
+ correctly. */
+ while (pattern_len && IS_DIR_SEPARATOR (pattern[pattern_len - 1]))
+ pattern_len--;
+ pattern[pattern_len] = '\0';
/* Ensure auto_load_safe_path "/" matches any FILENAME. On MS-Windows
platform FILENAME even after gdb_realpath does not have to start with
IS_DIR_SEPARATOR character, such as the 'C:\x.exe' filename. */
- if (dir_len == 0)
- return 1;
+ if (pattern_len == 0)
+ {
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog,
+ _("auto-load: Matched - empty pattern\n"));
+ return 1;
+ }
+
+ for (;;)
+ {
+ /* Trim trailing slashes ("/"). PATTERN also has slashes trimmed the
+ same way so they will match. */
+ while (filename_len && IS_DIR_SEPARATOR (filename[filename_len - 1]))
+ filename_len--;
+ filename[filename_len] = '\0';
+ if (filename_len == 0)
+ {
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog,
+ _("auto-load: Not matched - pattern \"%s\".\n"),
+ pattern);
+ return 0;
+ }
+
+ if (gdb_filename_fnmatch (pattern, filename, FNM_FILE_NAME | FNM_NOESCAPE)
+ == 0)
+ {
+ if (debug_auto_load)
+ fprintf_unfiltered (gdb_stdlog, _("auto-load: Matched - file "
+ "\"%s\" to pattern \"%s\".\n"),
+ filename, pattern);
+ return 1;
+ }
+
+ /* Trim trailing FILENAME component. */
+ while (filename_len > 0 && !IS_DIR_SEPARATOR (filename[filename_len - 1]))
+ filename_len--;
+ }
+}
+
+/* Return 1 if FILENAME matches PATTERN or if FILENAME resides in
+ a subdirectory of a directory that matches PATTERN. Return 0 otherwise.
+ gdb_realpath normalization is never done here. */
+
+static ATTRIBUTE_PURE int
+filename_is_in_pattern (const char *filename, const char *pattern)
+{
+ char *filename_copy, *pattern_copy;
+
+ filename_copy = alloca (strlen (filename) + 1);
+ strcpy (filename_copy, filename);
+ pattern_copy = alloca (strlen (pattern) + 1);
+ strcpy (pattern_copy, pattern);
- return (filename_ncmp (dir, filename, dir_len) == 0
- && (IS_DIR_SEPARATOR (filename[dir_len])
- || filename[dir_len] == '\0'));
+ return filename_is_in_pattern_1 (filename_copy, pattern_copy);
}
/* Return 1 if FILENAME belongs to one of directory components of
@@ -330,14 +389,15 @@ static int
filename_is_in_auto_load_safe_path_vec (const char *filename,
char **filename_realp)
{
- char *dir;
+ char *pattern;
int ix;
- for (ix = 0; VEC_iterate (char_ptr, auto_load_safe_path_vec, ix, dir); ++ix)
- if (*filename_realp == NULL && filename_is_in_dir (filename, dir))
+ for (ix = 0; VEC_iterate (char_ptr, auto_load_safe_path_vec, ix, pattern);
+ ++ix)
+ if (*filename_realp == NULL && filename_is_in_pattern (filename, pattern))
break;
- if (dir == NULL)
+ if (pattern == NULL)
{
if (*filename_realp == NULL)
{
@@ -350,18 +410,18 @@ filename_is_in_auto_load_safe_path_vec (const char *filename,
}
if (strcmp (*filename_realp, filename) != 0)
- for (ix = 0; VEC_iterate (char_ptr, auto_load_safe_path_vec, ix, dir);
- ++ix)
- if (filename_is_in_dir (*filename_realp, dir))
+ for (ix = 0;
+ VEC_iterate (char_ptr, auto_load_safe_path_vec, ix, pattern); ++ix)
+ if (filename_is_in_pattern (*filename_realp, pattern))
break;
}
- if (dir != NULL)
+ if (pattern != NULL)
{
if (debug_auto_load)
fprintf_unfiltered (gdb_stdlog, _("auto-load: File \"%s\" matches "
"directory \"%s\".\n"),
- filename, dir);
+ filename, pattern);
return 1;
}
@@ -1135,7 +1195,8 @@ be located in one of the directories listed by this option. Warning will be\n\
printed and file will not be used otherwise.\n\
Setting this parameter to an empty list resets it to its default value.\n\
Setting this parameter to '/' (without the quotes) allows any file\n\
-for the 'set auto-load ...' options.\n\
+for the 'set auto-load ...' options. Each directory can be also shell\n\
+wildcard pattern; '*' does not match directory separator.\n\
This option is ignored for the kinds of files having 'set auto-load ... off'.\n\
This options has security implications for untrusted inferiors."),
set_auto_load_safe_path,
diff --git a/gdb/defs.h b/gdb/defs.h
index 03092aa..1c6fa79 100644
--- a/gdb/defs.h
+++ b/gdb/defs.h
@@ -388,6 +388,9 @@ extern void substitute_path_component (char **stringp, const char *from,
extern pid_t wait_to_die_with_timeout (pid_t pid, int *status, int timeout);
#endif
+extern int gdb_filename_fnmatch (const char *pattern, const char *string,
+ int flags);
+
/* Annotation stuff. */
diff --git a/gdb/doc/gdb.texinfo b/gdb/doc/gdb.texinfo
index b5e3d60..2a2ca37 100644
--- a/gdb/doc/gdb.texinfo
+++ b/gdb/doc/gdb.texinfo
@@ -21451,6 +21451,7 @@ As the files of inferior can come from untrusted source (such as submitted by
an application user) @value{GDBN} does not always load any files automatically.
@value{GDBN} provides the @samp{set auto-load safe-path} setting to list
directories trusted for loading files not explicitly requested by user.
+Each directory can also be a shell wildcard pattern.
If the path is not set properly you will see a warning and the file will not
get loaded:
@@ -21474,6 +21475,9 @@ The list of trusted directories is controlled by the following commands:
@item set auto-load safe-path @r{[}@var{directories}@r{]}
Set the list of directories (and their subdirectories) trusted for automatic
loading and execution of scripts. You can also enter a specific trusted file.
+Each directory can also be a shell wildcard pattern; wildcards do not match
+directory separator - see @code{FNM_PATHNAME} for system function @code{fnmatch}
+(@pxref{Wildcard Matching, fnmatch, , libc, GNU C Library Reference Manual}).
If you omit @var{directories}, @samp{auto-load safe-path} will be reset to
its default value as specified during @value{GDBN} compilation.
diff --git a/gdb/utils.c b/gdb/utils.c
index 2d607ef..5566149 100644
--- a/gdb/utils.c
+++ b/gdb/utils.c
@@ -26,6 +26,7 @@
#include "event-top.h"
#include "exceptions.h"
#include "gdbthread.h"
+#include "fnmatch.h"
#ifdef HAVE_SYS_RESOURCE_H
#include <sys/resource.h>
#endif /* HAVE_SYS_RESOURCE_H */
@@ -3840,6 +3841,49 @@ wait_to_die_with_timeout (pid_t pid, int *status, int timeout)
#endif /* HAVE_WAITPID */
+/* Provide fnmatch compatible function for FNM_FILE_NAME matching of host files.
+ Both FNM_FILE_NAME and FNM_NOESCAPE must be set in FLAGS.
+
+ It handles correctly HAVE_DOS_BASED_FILE_SYSTEM and
+ HAVE_CASE_INSENSITIVE_FILE_SYSTEM. */
+
+int
+gdb_filename_fnmatch (const char *pattern, const char *string, int flags)
+{
+ gdb_assert ((flags & FNM_FILE_NAME) != 0);
+
+ /* It is unclear how '\' escaping vs. directory separator should coexist. */
+ gdb_assert ((flags & FNM_NOESCAPE) != 0);
+
+#ifdef HAVE_DOS_BASED_FILE_SYSTEM
+ {
+ char *pattern_slash, *string_slash;
+
+ /* Replace '\' by '/' in both strings. */
+
+ pattern_slash = alloca (strlen (pattern) + 1);
+ strcpy (pattern_slash, pattern);
+ pattern = pattern_slash;
+ for (; *pattern_slash != 0; pattern_slash++)
+ if (IS_DIR_SEPARATOR (*pattern_slash))
+ *pattern_slash = '/';
+
+ string_slash = alloca (strlen (string) + 1);
+ strcpy (string_slash, string);
+ string = string_slash;
+ for (; *string_slash != 0; string_slash++)
+ if (IS_DIR_SEPARATOR (*string_slash))
+ *string_slash = '/';
+ }
+#endif /* HAVE_DOS_BASED_FILE_SYSTEM */
+
+#ifdef HAVE_CASE_INSENSITIVE_FILE_SYSTEM
+ flags |= FNM_CASEFOLD;
+#endif /* HAVE_CASE_INSENSITIVE_FILE_SYSTEM */
+
+ return fnmatch (pattern, string, flags);
+}
+
/* Provide a prototype to silence -Wmissing-prototypes. */
extern initialize_file_ftype _initialize_utils;