PR11105 part 2: tighten constraints on stap-server parameters passed to make

* util.h, util.cxx (assert_match_regexp): New function. * main.cxx (main): Constrain -R, -r, -a, -D, -S, -q, -B flags. * stap-serverd (listen): Harden stap-server-connect with ulimit/loop. * testsuite/systemtap.server/{client,server}_args.exp: Revised.
author: Frank Ch. Eigler <fche@elastic.org> 2010-02-12 10:25:43 -0500
committer: Frank Ch. Eigler <fche@elastic.org> 2010-02-12 10:29:53 -0500
commit: c0d1b5a004b9949bb455b7dbe17b335b7cab9ead (patch)
tree: da4f5aa8118117bf4c7053ea1bb9af9ad8fda6df /util.cxx
parent: 84b49730802c1cc625b85a2bfd473f6839d4e99c (diff)
download: systemtap-steved-c0d1b5a004b9949bb455b7dbe17b335b7cab9ead.tar.gz
systemtap-steved-c0d1b5a004b9949bb455b7dbe17b335b7cab9ead.tar.xz
systemtap-steved-c0d1b5a004b9949bb455b7dbe17b335b7cab9ead.zip
1 files changed, 35 insertions, 1 deletions
diff --git a/util.cxx b/util.cxx
index 736e5a30..73ba167c 100644
--- a/util.cxx
+++ b/util.cxx
@@ -1,5 +1,5 @@
 // Copyright (C) Andrew Tridgell 2002 (original file)
-// Copyright (C) 2006, 2009 Red Hat Inc. (systemtap changes)
+// Copyright (C) 2006-2010 Red Hat Inc. (systemtap changes)
 //
 // This program is free software; you can redistribute it and/or
 // modify it under the terms of the GNU General Public License as
@@ -19,6 +19,8 @@
 #include "sys/sdt.h"
 #include <stdexcept>
 #include <cerrno>
+#include <map>
+#include <string>
 
 extern "C" {
 #include <fcntl.h>
@@ -31,6 +33,7 @@ extern "C" {
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>
+#include <regex.h>
 }
 
 using namespace std;
@@ -413,4 +416,35 @@ kill_stap_spawn(int sig)
   return spawned_pid ? kill(spawned_pid, sig) : 0;
 }
 
+
+void assert_regexp_match (const string& name, const string& value, const string& re)
+{
+  typedef map<string,regex_t*> cache;
+  static cache compiled;
+  cache::iterator it = compiled.find (re);
+  regex_t* r = 0;
+  if (it == compiled.end())
+    {
+      r = new regex_t;
+      int rc = regcomp (r, re.c_str(), REG_ICASE|REG_NOSUB|REG_EXTENDED);
+      if (rc) {
+        cerr << "regcomp " << re << " (" << name << ") error rc=" << rc << endl;
+        exit(1);
+      }
+      compiled[re] = r;
+    }
+  else
+    r = it->second;
+
+  // run regexec
+  int rc = regexec (r, value.c_str(), 0, 0, 0);
+  if (rc)
+    {
+      cerr << "ERROR: Safety pattern mismatch for " << name
+           << " ('" << value << "' vs. '" << re << "') rc=" << rc << endl;
+      exit(1);
+    }
+}
+
+
 /* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */
author	Frank Ch. Eigler <fche@elastic.org>	2010-02-12 10:25:43 -0500
committer	Frank Ch. Eigler <fche@elastic.org>	2010-02-12 10:29:53 -0500
commit	c0d1b5a004b9949bb455b7dbe17b335b7cab9ead (patch)
tree	da4f5aa8118117bf4c7053ea1bb9af9ad8fda6df /util.cxx
parent	84b49730802c1cc625b85a2bfd473f6839d4e99c (diff)
download	systemtap-steved-c0d1b5a004b9949bb455b7dbe17b335b7cab9ead.tar.gz systemtap-steved-c0d1b5a004b9949bb455b7dbe17b335b7cab9ead.tar.xz systemtap-steved-c0d1b5a004b9949bb455b7dbe17b335b7cab9ead.zip