diff options
| author | Frank Ch. Eigler <fche@elastic.org> | 2010-02-12 10:25:43 -0500 |
|---|---|---|
| committer | Frank Ch. Eigler <fche@elastic.org> | 2010-02-12 10:29:53 -0500 |
| commit | c0d1b5a004b9949bb455b7dbe17b335b7cab9ead (patch) | |
| tree | da4f5aa8118117bf4c7053ea1bb9af9ad8fda6df /main.cxx | |
| parent | 84b49730802c1cc625b85a2bfd473f6839d4e99c (diff) | |
| download | systemtap-steved-c0d1b5a004b9949bb455b7dbe17b335b7cab9ead.tar.gz systemtap-steved-c0d1b5a004b9949bb455b7dbe17b335b7cab9ead.tar.xz systemtap-steved-c0d1b5a004b9949bb455b7dbe17b335b7cab9ead.zip | |
PR11105 part 2: tighten constraints on stap-server parameters passed to make
* util.h, util.cxx (assert_match_regexp): New function.
* main.cxx (main): Constrain -R, -r, -a, -D, -S, -q, -B flags.
* stap-serverd (listen): Harden stap-server-connect with ulimit/loop.
* testsuite/systemtap.server/{client,server}_args.exp: Revised.
Diffstat (limited to 'main.cxx')
| -rw-r--r-- | main.cxx | 24 |
1 files changed, 13 insertions, 11 deletions
@@ -57,7 +57,7 @@ version () << "SystemTap translator/driver " << "(version " << VERSION << "/" << dwfl_version (NULL) << " " << GIT_MESSAGE << ")" << endl - << "Copyright (C) 2005-2009 Red Hat, Inc. and others" << endl + << "Copyright (C) 2005-2010 Red Hat, Inc. and others" << endl << "This is free software; see the source for copying conditions." << endl; } @@ -708,12 +708,12 @@ main (int argc, char * const argv []) break; case 'o': + // NB: client_options not a problem, since pass 1-4 does not use output_file. s.output_file = string (optarg); break; case 'R': - if (client_options) - client_options_disallowed += client_options_disallowed.empty () ? "-R" : ", -R"; + if (client_options) { cerr << "ERROR: -R invalid with --client-options" << endl; usage(s,1); } s.runtime_path = string (optarg); break; @@ -722,6 +722,7 @@ main (int argc, char * const argv []) client_options_disallowed += client_options_disallowed.empty () ? "-m" : ", -m"; s.module_name = string (optarg); save_module = true; + // XXX: convert to assert_regexp_match() { string::size_type len = s.module_name.length(); @@ -766,15 +767,14 @@ main (int argc, char * const argv []) break; case 'r': - if (client_options) - client_options_disallowed += client_options_disallowed.empty () ? "-r" : ", -r"; + if (client_options) // NB: no paths! + assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_\\.-]+$"); setup_kernel_release(s, optarg); break; case 'a': - if (client_options) - client_options_disallowed += client_options_disallowed.empty () ? "-a" : ", -a"; - s.architecture = string(optarg); + assert_regexp_match("-a parameter", optarg, "^[a-z0-9_-]+$"); + s.architecture = string(optarg); break; case 'k': @@ -821,16 +821,19 @@ main (int argc, char * const argv []) break; case 'D': + assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$"); if (client_options) client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D"; s.macros.push_back (string (optarg)); break; case 'S': + assert_regexp_match ("-S parameter", optarg, "^[0-9]+(,[0-9]+)?$"); s.size_option = string (optarg); break; case 'q': + if (client_options) { cerr << "ERROR: -q invalid with --client-options" << endl; usage(s,1); } s.tapset_compile_coverage = true; break; @@ -861,9 +864,8 @@ main (int argc, char * const argv []) break; case 'B': - if (client_options) - client_options_disallowed += client_options_disallowed.empty () ? "-B" : ", -B"; - s.kbuildflags.push_back (string (optarg)); + if (client_options) { cerr << "ERROR: -B invalid with --client-options" << endl; usage(s,1); } + s.kbuildflags.push_back (string (optarg)); break; case 0: |