testing/systemtap
SHA256
3
0
Fork 0
forked from pool/systemtap
Code Pull Requests Activity

Accepting request 48044 from devel:tools

Browse Source 
Copy from devel:tools/systemtap based on submit request 48044 from user jones_tony

OBS-URL: https://build.opensuse.org/request/show/48044
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/systemtap?expand=0&rev=55
This commit is contained in:
OBS User autobuild 2010-09-17 18:58:59 +00:00 committed by Git OBS Bridge
commit f43b33c964
13 changed files with 107 additions and 1400 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
systemtap-1.1.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1d620a9861cd7c9609fb8012faf20eafb632f3f3a919bf0c08bec3a14924e3a2
size 1293846

3
systemtap-1.3.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:548ec4d4d1eaa3a3e8d13f6c5d38b3fd08280a2889f95e71ab36954eb454b652
size 1389234

925
systemtap-CVE-2009-4273.diff
View File

@ -1,925 +0,0 @@
Subject: VUL-0: systemtap-server code exec
References: bnc#574243
Signed-Off-By: Tony Jones <tonyj@suse.de>
Fix remaining portions of this CVE (part2) still present post release-1.1
This second part is also referred to as CVE-2010-0412
Covers cases such as stap-client -B CC=/bin/rm CFLAGS=/ ... where the
execution is done by make
commit b75067caf1bb416af21473e40c917d953531e9f9
Author: Dave Brolley <brolley@redhat.com>
Date: Mon Jan 18 11:56:13 2010 -0500
Correct client-side quoting issues discovered by fche during the server-side reimplementation.
Also add the test cases to the test suite.
commit 241443ad36a5a2cacb9e8e6f12f808d304835f2a
Author: Dave Brolley <brolley@redhat.com>
Date: Tue Feb 2 08:26:01 2010 -0500
PR 11105: Remaining client-side problems:
stap-client: Correct handling of embedded newlines in arguments.
server_args.exp: Add additional cases discovered by fche and by fuzzing.
commit 4240be911e37b817727ecb33f321f0ea389ede61
Author: Dave Brolley <brolley@redhat.com>
Date: Mon Feb 15 15:01:28 2010 -0500
Don't pass client-only options to the server.
Also correct parsing of the --server option.
commit d2334a2233f4efd055dab021c603f7c046730a66
Author: Dave Brolley <brolley@redhat.com>
Date: Tue Feb 2 14:08:31 2010 -0500
Compile server logging and robustness.
Log certificate location and status when starting server.
Additional care in handling arguments in stap-serverd.
New test case discovered by fuzzing added and fixed.
commit c0d1b5a004b9949bb455b7dbe17b335b7cab9ead
Author: Frank Ch. Eigler <fche@elastic.org>
Date: Fri Feb 12 10:25:43 2010 -0500
PR11105 part 2: tighten constraints on stap-server parameters passed to make
* util.h, util.cxx (assert_match_regexp): New function.
* main.cxx (main): Constrain -R, -r, -a, -D, -S, -q, -B flags.
* stap-serverd (listen): Harden stap-server-connect with ulimit/loop.
* testsuite/systemtap.server/{client,server}_args.exp: Revised.
commit cc9e5488d82b728e568bca1f8d6094856fc8e641
Author: Frank Ch. Eigler <fche@elastic.org>
Date: Fri Feb 12 10:39:58 2010 -0500
PR11105 part 2a, fix buggy \\. in -r option regexp
---
main.cxx | 24 ++--
stap-client | 151 +++++++++++++++++------------
stap-gen-cert | 43 ++++----
stap-serverd | 40 +++++--
testsuite/systemtap.server/client_args.exp | 28 ++---
testsuite/systemtap.server/hello.stp | 2
testsuite/systemtap.server/server_args.exp | 49 +++++----
util.cxx | 36 ++++++
util.h | 2
9 files changed, 238 insertions(+), 137 deletions(-)
--- a/main.cxx
+++ b/main.cxx
@@ -57,7 +57,7 @@ version ()
<< "SystemTap translator/driver "
<< "(version " << VERSION << "/" << dwfl_version (NULL)
<< " " << GIT_MESSAGE << ")" << endl
- << "Copyright (C) 2005-2009 Red Hat, Inc. and others" << endl
+ << "Copyright (C) 2005-2010 Red Hat, Inc. and others" << endl
<< "This is free software; see the source for copying conditions." << endl;
}
@@ -670,12 +670,12 @@ main (int argc, char * const argv [])
break;
case 'o':
+ // NB: client_options not a problem, since pass 1-4 does not use output_file.
s.output_file = string (optarg);
break;
case 'R':
- if (client_options)
- client_options_disallowed += client_options_disallowed.empty () ? "-R" : ", -R";
+ if (client_options) { cerr << "ERROR: -R invalid with --client-options" << endl; usage(s,1); }
s.runtime_path = string (optarg);
break;
@@ -684,6 +684,7 @@ main (int argc, char * const argv [])
client_options_disallowed += client_options_disallowed.empty () ? "-m" : ", -m";
s.module_name = string (optarg);
save_module = true;
+ // XXX: convert to assert_regexp_match()
{
string::size_type len = s.module_name.length();
@@ -728,15 +729,14 @@ main (int argc, char * const argv [])
break;
case 'r':
- if (client_options)
- client_options_disallowed += client_options_disallowed.empty () ? "-r" : ", -r";
+ if (client_options) // NB: no paths!
+ assert_regexp_match("-r parameter from client", optarg, "^[a-z0-9_.-]+$");
setup_kernel_release(s, optarg);
break;
case 'a':
- if (client_options)
- client_options_disallowed += client_options_disallowed.empty () ? "-a" : ", -a";
- s.architecture = string(optarg);
+ assert_regexp_match("-a parameter", optarg, "^[a-z0-9_-]+$");
+ s.architecture = string(optarg);
break;
case 'k':
@@ -783,16 +783,19 @@ main (int argc, char * const argv [])
break;
case 'D':
+ assert_regexp_match ("-D parameter", optarg, "^[a-z_][a-z_0-9]*(=[a-z_0-9]+)?$");
if (client_options)
client_options_disallowed += client_options_disallowed.empty () ? "-D" : ", -D";
s.macros.push_back (string (optarg));
break;
case 'S':
+ assert_regexp_match ("-S parameter", optarg, "^[0-9]+(,[0-9]+)?$");
s.size_option = string (optarg);
break;
case 'q':
+ if (client_options) { cerr << "ERROR: -q invalid with --client-options" << endl; usage(s,1); }
s.tapset_compile_coverage = true;
break;
@@ -823,9 +826,8 @@ main (int argc, char * const argv [])
break;
case 'B':
- if (client_options)
- client_options_disallowed += client_options_disallowed.empty () ? "-B" : ", -B";
- s.kbuildflags.push_back (string (optarg));
+ if (client_options) { cerr << "ERROR: -B invalid with --client-options" << endl; usage(s,1); }
+ s.kbuildflags.push_back (string (optarg));
break;
case 0:
--- a/stap-client
+++ b/stap-client
@@ -2,7 +2,7 @@
# Compile server client for systemtap
#
-# Copyright (C) 2008, 2009, 2010 Red Hat Inc.
+# Copyright (C) 2008-2010 Red Hat Inc.
#
# This file is part of systemtap, and is free software. You can
# redistribute it and/or modify it under the terms of the GNU General
@@ -84,34 +84,34 @@ function parse_options {
# Each command line argument will be written to its own file within the
# request package.
argc=1
+ packed_options='-'
arg_subst=
while test $# != 0
do
advance=0
dash_seen=0
+ client_arg=0
# Start of a new token.
first_token="$1"
until test $advance != 0
do
# Identify the next option
- first_char=`expr "$first_token" : '\(.\).*'`
+ first_char="${first_token:0:1}"
second_char=
if test $dash_seen = 0; then
if test "$first_char" = "-"; then
if test "$first_token" != "-"; then
# It's not a lone dash, so it's an option.
# Is it a long option (i.e. --option)?
- second_char=`expr "$first_token" : '.\(.\).*'`
+ second_char="${first_token:1:1}"
if test "X$second_char" = "X-"; then
- long_option=`expr "$first_token" : '--\(.*\)=.*'`
- test "X$long_option" != "X" || long_option=`expr "$first_token" : '--\(.*\)'`
- case $long_option in
- ssl)
+ case "$first_token" in
+ --ssl=*)
process_ssl "$first_token"
;;
- server)
+ --server=*)
process_server "$first_token"
;;
*)
@@ -123,9 +123,9 @@ function parse_options {
fi
# It's not a lone dash, or a long option, so it's a short option string.
# Remove the dash.
- first_token=`expr "$first_token" : '-\(.*\)'`
+ first_token="${first_token:1}"
dash_seen=1
- first_char=`expr "$first_token" : '\(.\).*'`
+ first_char="${first_token:0:1}"
fi
fi
if test $dash_seen = 0; then
@@ -145,69 +145,69 @@ function parse_options {
# We are at the start of an option. Look at the first character.
case $first_char in
a)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
process_a "$stap_arg"
;;
B)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
;;
c)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
process_c "$stap_arg"
;;
D)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
;;
e)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
process_e "$stap_arg"
;;
I)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
process_I "$stap_arg"
;;
k)
keep_temps=1
;;
l)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
p_phase=2
;;
L)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
p_phase=2
;;
m)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
process_m "$stap_arg"
;;
o)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
process_o "$stap_arg"
;;
p)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
process_p "$stap_arg"
;;
r)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
process_r "$stap_arg"
;;
R)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
process_R "$stap_arg"
;;
s)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
;;
S)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
;;
v)
v_level=$(($v_level + 1))
;;
x)
- get_arg $first_token "$2"
+ get_arg "$first_token" "$2"
;;
*)
# An unknown or unimportant flag.
@@ -216,7 +216,7 @@ function parse_options {
if test $advance = 0; then
# Just another flag character. Consume it.
- first_token=`expr "$first_token" : '.\(.*\)'`
+ first_token="${first_token:1}"
if test "X$first_token" = "X"; then
advance=$(($advance + 1))
fi
@@ -224,9 +224,19 @@ function parse_options {
done
# Consume the arguments we just processed.
- while test $advance != 0
- do
- # Place the argument is a numbered file within our temp
+ while test $advance != 0; do
+ # Does the final argument file contain a client-side file
+ # name which must be changed to a server-side name?
+ local arg
+ if test "X$arg_subst" != "X" -a $advance = 1; then
+ arg="$arg_subst"
+ arg_subst=
+ else
+ arg="$1"
+ fi
+
+ # If it's not client-only argument,
+ # place the argument in a numbered file within our temp
# directory.
# o We don't write a newline at the end, since newline could be
# part of the argument.
@@ -234,20 +244,16 @@ function parse_options {
# in order to avoid having 'echo' interpret the output as
# its own option. We then remove the X.
# There must be a better way.
- echo -n "X$1" > "$tmpdir_client/argv$argc"
- sed -i "s|^X||" "$tmpdir_client/argv$argc"
-
- # Does the final argument file contain client-side data
- # which must be changed to server-side data?
- if test "X$arg_subst" != "X" -a $advance = 1; then
- sed -i "s|$stap_arg|$arg_subst|" "$tmpdir_client/argv$argc"
- arg_subst=
+ if test $client_arg = 0; then
+ echo -n "X$arg" > "$tmpdir_client/argv$argc"
+ sed -i "s|^X||" "$tmpdir_client/argv$argc"
+ argc=$(($argc + 1))
fi
# Get the next argument.
shift
- argc=$(($argc + 1))
advance=$(($advance - 1))
+ packed_options='-'
done
done
@@ -256,7 +262,8 @@ function parse_options {
if test "X$script_file" != "X"; then
local local_name
if test "$script_file" != "-"; then
- local_name=`generate_client_temp_name "$script_file"`
+ generate_client_temp_name "$script_file"
+ local_name="$client_temp_name"
else
local_name="-"
fi
@@ -277,8 +284,9 @@ function parse_options {
# Collect an argument to the given option
function get_arg {
# Remove first character.
- local opt=`expr "$1" : '\(.\).*'`
- local first=`expr "$1" : '.\(.*\)'`
+ local opt="${1:0:1}"
+ local first="${1:1}"
+ packed_options="${packed_options}$opt"
# Advance to the next token, if the first one is exhausted.
if test "X$first" = "X"; then
@@ -294,7 +302,8 @@ function get_arg {
#
# Process the --ssl option.
function process_ssl {
- local db=`expr "$1" : '--ssl=\(.*\)'`
+ client_arg=1
+ local db="${1:6}"
test "X$db" != "X" || \
fatal "Missing argument to --ssl"
@@ -308,7 +317,8 @@ function process_ssl {
#
# Process the --server option.
function process_server {
- local spec=`expr "$1" : '--server=\(.*\)'`
+ client_arg=1
+ local spec="${1:9}"
test "X$spec" != "X" || \
fatal "Missing argument to --server"
@@ -335,12 +345,19 @@ function process_e {
fi
}
-# function: process_I ARGUMENT
+# function: process_I ARGUMENT ORIGINAL_ARGUMENT
#
# Process the -I flag.
function process_I {
test "X$1" = "X" && return
- arg_subst=tapsets/`include_file_or_directory tapsets "$1"`
+ test "${1:0:1}" = "
+" && return
+ include_file_or_directory tapsets "$1"
+ if test $advance = 1; then
+ arg_subst="${packed_options}tapsets/$included_name"
+ else
+ arg_subst="tapsets/$included_name"
+ fi
}
# function: process_m ARGUMENT
@@ -369,7 +386,7 @@ function process_p {
#
# Process the -r flag.
function process_r {
- local first_char=`expr "$1" : '\(.\).*'`
+ local first_char="${1:0:1}"
if test "$first_char" = "/"; then # fully specified path
kernel_build_tree="$1"
@@ -402,23 +419,34 @@ function process_a {
fi
}
-# function: process_R ARGUMENT
+# function: process_R ARGUMENT ORIGINAL_ARGUMENT
#
# Process the -R flag.
function process_R {
test "X$1" = "X" && return
- arg_subst=runtime/`include_file_or_directory runtime "$1"`
+ test "${1:0:1}" = "
+" && return
+ include_file_or_directory runtime "$1"
+ if test $advance = 1; then
+ arg_subst="${packed_options}runtime/$included_name"
+ else
+ arg_subst="runtime/$included_name"
+ fi
}
# function: include_file_or_directory PREFIX NAME
#
# Include the given file or directory in the client's temporary
-# tree to be sent to the server.
+# tree to be sent to the server and save it's name in the variable
+# included_name. We use a global variable instread of echoing the
+# result since the use of `include_file_or_directory` loses a trailing
+# newline.
function include_file_or_directory {
# Add a symbolic link of the named file or directory to our temporary
# directory, but only if the file or directory exists.
- local local_name=`generate_client_temp_name "$2"`
- echo "$local_name"
+ generate_client_temp_name "$2"
+ local local_name="$client_temp_name"
+ included_name="$local_name"
test -e "/$local_name" || return
local local_dirname=`dirname "$local_name"`
@@ -431,15 +459,20 @@ function include_file_or_directory {
# function: generate_client_temp_name NAME
#
# Generate the name to be used for the given file/directory relative to the
-# client's temporary directory.
+# client's temporary directory and stores it in the variable
+# client_temp_name. We use a global variable instread of echoing the
+# result since the use of `generate_client_temp_name` loses a trailing
+# newline.
function generate_client_temp_name {
# Transform the name into a fully qualified path name
- local full_name=`echo "X$1" | sed "s,^X\\\([^/]\\\),$wd/\\\\1," | sed 's,^X,,'`
+ local full_name="$1"
+ test "${full_name:0:1}" != "/" && full_name="$wd/$full_name"
# The same name without the initial / or trailing /
- local local_name=`echo "$full_name" | sed 's,^/\(.*\),\1,'`
- local_name=`echo "$local_name" | sed 's,\(.*\)/$,\1,'`
- echo "$local_name"
+ local local_name="${full_name:1}"
+ test "${local_name: -1:1}" = "/" && local_name="${local_name:0:$((${#local_name}-1))}"
+
+ client_temp_name="$local_name"
}
# function: create_request
@@ -456,7 +489,7 @@ function create_request {
fatal "Cannot create temporary directory " $tmpdir_client/script
cat > "$tmpdir_client/script/$script_file"
else
- include_file_or_directory script "$script_file" > /dev/null
+ include_file_or_directory script "$script_file"
fi
fi
@@ -505,7 +538,7 @@ function unpack_response {
# 2) a file called stderr
# 3) a file called rc
# 4) optionally a directory named to match stap??????
- num_files=`ls $tmpdir_server | wc -l`
+ local num_files=`ls $tmpdir_server | wc -l`
test $num_files = 4 -o $num_files = 3 || \
fatal "Wrong number of files in server's temp directory"
test -f $tmpdir_server/stdout || \
--- a/stap-gen-cert
+++ b/stap-gen-cert
@@ -3,7 +3,7 @@
# Generate a certificate for the systemtap server and add it to the
# database of trusted servers for the client.
#
-# Copyright (C) 2008, 2009 Red Hat Inc.
+# Copyright (C) 2008-2010 Red Hat Inc.
#
# This file is part of systemtap, and is free software. You can
# redistribute it and/or modify it under the terms of the GNU General
@@ -14,61 +14,68 @@
. ${PKGLIBEXECDIR}stap-env
# Obtain the certificate database directory name.
-serverdb=$1
+serverdb="$1"
if test "X$serverdb" = "X"; then
- serverdb=$stap_ssl_db/server
+ serverdb="$stap_ssl_db/server"
fi
-rm -fr $serverdb
+rm -fr "$serverdb"
# Create the server's certificate database directory.
-if ! mkdir -p -m 755 $serverdb; then
+if ! mkdir -p -m 755 "$serverdb"; then
echo "Unable to create the server certificate database directory: $serverdb" >&2
exit 1
fi
# Create the certificate database password file. Care must be taken
# that this file is only readable by the owner.
-if ! (touch $serverdb/pw && chmod 600 $serverdb/pw); then
+if ! (touch "$serverdb/pw" && chmod 600 "$serverdb/pw"); then
echo "Unable to create the server certificate database password file: $serverdb/pw" >&2
exit 1
fi
# Generate a random password.
-mkpasswd -l 20 > $serverdb/pw 2>/dev/null || \
-apg -a 1 -n 1 -m 20 -x 20 > $serverdb/pw 2>/dev/null || \
-(read -n20 password </dev/urandom; echo "$password" > $serverdb/pw)
+mkpasswd -l 20 > "$serverdb/pw" 2>/dev/null || \
+apg -a 1 -n 1 -m 20 -x 20 > "$serverdb/pw" 2>/dev/null || \
+(read -n20 password </dev/urandom; echo "$password" > "$serverdb/pw")
# Generate the server certificate database
-if ! certutil -N -d $serverdb -f $serverdb/pw > /dev/null; then
+if ! certutil -N -d "$serverdb" -f "$serverdb/pw" > /dev/null; then
echo "Unable to initialize the server certificate database directory: $serverdb" >&2
exit 1
fi
# We need some random noise for generating keys
-dd bs=123 count=1 < /dev/urandom > $serverdb/noise 2> /dev/null
+dd bs=123 count=1 < /dev/urandom > "$serverdb/noise" 2> /dev/null
# Generate a request for the server's certificate.
-certutil -R -d $serverdb -f $serverdb/pw -s "CN=Systemtap Compile Server, OU=Systemtap, O=Red Hat, C=US" -o $serverdb/stap.req -z $serverdb/noise 2> /dev/null
-rm -fr $serverdb/noise
+certutil -R -d "$serverdb" -f "$serverdb/pw" -s "CN=Systemtap Compile Server, OU=Systemtap, O=Red Hat, C=US" \
+ -o "$serverdb/stap.req" -z "$serverdb/noise" 2> /dev/null
+rm -fr "$serverdb/noise"
# Create the certificate file first so that it always has the proper access permissions.
-if ! (touch $serverdb/$stap_certfile && chmod 644 $serverdb/$stap_certfile); then
+if ! (touch "$serverdb/$stap_certfile" && chmod 644 "$serverdb/$stap_certfile"); then
echo "Unable to create the server certificate file: $serverdb/$stap_certfile" >&2
exit 1
fi
-# Now generate the actual certificate.
-certutil -C -i $serverdb/stap.req -o $serverdb/$stap_certfile -x -d $serverdb -f $serverdb/pw -5 -8 "$HOSTNAME,localhost" >/dev/null <<-EOF
+# Now generate the actual certificate. Make is valid for 1 year.
+certutil -C -i "$serverdb/stap.req" -o "$serverdb/$stap_certfile" -x -d "$serverdb" \
+ -f "$serverdb/pw" -v 12 -5 -8 "$HOSTNAME,localhost" >/dev/null <<-EOF
1
3
7
8
y
EOF
-rm -fr $serverdb/stap.req
+rm -fr "$serverdb/stap.req"
# Add the certificate to the server's certificate/key database as a trusted peer, ssl server and object signer
-certutil -A -n stap-server -t "PCu,,PCu" -i $serverdb/$stap_certfile -d $serverdb -f $serverdb/pw
+certutil -A -n stap-server -t "PCu,,PCu" -i "$serverdb/$stap_certfile" -d "$serverdb" -f "$serverdb/pw"
+# Print some information about the certificate.
echo "Certificate $serverdb/$stap_certfile created and added to database $serverdb"
+certutil -L -d "$serverdb" -n stap-server | \
+ awk '/Validity|Not After|Not Before/ { print $0 }' | \
+ sed 's/^ */ /'
+
exit 0
--- a/stap-serverd
+++ b/stap-serverd
@@ -70,12 +70,18 @@ function initialization {
-x `which ${stap_exec_prefix}stap-client 2>/dev/null`; then
${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile >> $logfile 2>&1
fi
- elif ! test -f $stap_ssl_db/client/cert8.db; then
- # If the client's database does not exist, then initialize it with our certificate.
- # Do this only if the client has been installed.
- if test -f `which ${stap_exec_prefix}stap-client` -a \
- -x `which ${stap_exec_prefix}stap-client`; then
- ${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile >> $logfile 2>&1
+ else
+ echo "Certificate found in database $ssl_db" >> $logfile
+ certutil -L -d "$ssl_db" -n stap-server | \
+ awk '/Validity|Not After|Not Before/ { print $0 }' | \
+ sed 's/^ */ /' >> $logfile
+ if ! test -f $stap_ssl_db/client/cert8.db; then
+ # If the client's database does not exist, then initialize it with our certificate.
+ # Do this only if the client has been installed.
+ if test -f `which ${stap_exec_prefix}stap-client 2>/dev/null` -a \
+ -x `which ${stap_exec_prefix}stap-client 2>/dev/null`; then
+ ${stap_exec_prefix}stap-authorize-server-cert $ssl_db/$stap_certfile >> $logfile 2>&1
+ fi
fi
fi
fi
@@ -343,11 +349,19 @@ function advertise_presence {
function listen {
# The stap-server-connect program will listen forever
# accepting requests.
- ${stap_pkglibexecdir}stap-server-connect \
- -p $port -n $nss_cert -d $ssl_db -w $nss_pw \
- -s "$stap_options" \
- >> $logfile 2>&1 &
- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1
+ # CVE-2009-4273 ... or at least, until resource limits fire
+ while true; do # NB: loop to avoid DoS by deliberate rlimit-induced halt
+ # NB: impose resource limits in case of mischevious data inducing
+ # too much / long computation
+ (ulimit -f 50000 -s 1000 -t 60 -u 20 -v 500000;
+ exec ${stap_pkglibexecdir}stap-server-connect \
+ -p $port -n $nss_cert -d $ssl_db -w $nss_pw \
+ -s "$stap_options") &
+ stap_server_connect_pid=$!
+ wait
+ # NB: avoid superfast spinning in case of a ulimit or other failure
+ sleep 1
+ done >> $logfile 2>&1
}
# function: warning [ MESSAGE ]
@@ -379,8 +393,8 @@ function terminate {
wait '%avahi-publish-service' >> $logfile 2>&1
# Kill any running 'stap-server-connect' job.
- kill -s SIGTERM '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1
- wait '%${stap_pkglibexecdir}stap-server-connect' >> $logfile 2>&1
+ kill -s SIGTERM $stap_server_connect_pid >> $logfile 2>&1
+ wait $stap_server_connect_pid >> $logfile 2>&1
exit
}
--- a/testsuite/systemtap.server/client_args.exp
+++ b/testsuite/systemtap.server/client_args.exp
@@ -5,33 +5,34 @@ set test "Invalid Server Client Argument
set test_file $srcdir/systemtap.server/test.stp
# Test invalid combinations.
-set error_regexp ".*You can't specify .* when --unprivileged is specified.*"
+set error_regexp ".*(ERROR)|(You can't specify .* when --unprivileged is specified).*"
set invalid_options [list \
- "--unprivileged --client-options -a i386" \
"--unprivileged --client-options -B X=Y" \
"--unprivileged --client-options -D X=Y" \
"--unprivileged --client-options -I /tmp" \
"--unprivileged --client-options -m test" \
"--unprivileged --client-options -R /tmp" \
- "--unprivileged --client-options -r [exec uname -r]" \
- "--unprivileged --client-options -a i386 -B X=Y -D X=Y -I /tmp -m test -R /tmp -r [exec uname -r]" \
- "--client-options --unprivileged -a i386" \
+ "--unprivileged --client-options -B X=Y -D X=Y -I /tmp -m test -R /tmp -r [exec uname -r]" \
"--client-options --unprivileged -B X=Y" \
"--client-options --unprivileged -D X=Y" \
"--client-options --unprivileged -I /tmp" \
"--client-options --unprivileged -m test" \
"--client-options --unprivileged -R /tmp" \
- "--client-options --unprivileged -r [exec uname -r]" \
- "--client-options --unprivileged -a i386 -B X=Y -D X=Y -I /tmp -m test -R /tmp -r [exec uname -r]" \
- "--client-options -a i386 --unprivileged" \
+ "--client-options --unprivileged -B X=Y -D X=Y -I /tmp -m test -R /tmp -r [exec uname -r]" \
"--client-options -B X=Y --unprivileged" \
"--client-options -D X=Y --unprivileged" \
"--client-options -I /tmp --unprivileged" \
"--client-options -m test --unprivileged" \
"--client-options -R /tmp --unprivileged" \
- "--client-options -r [exec uname -r] --unprivileged" \
- "--client-options -a i386 -B X=Y -D X=Y -I /tmp -m test -R /tmp -r [exec uname -r] --unprivileged" \
+ "--client-options -B X=Y -D X=Y -I /tmp -m test -R /tmp -r [exec uname -r] --unprivileged" \
+ "--client-options -R /path" \
+ "-D \"foo;bar\"" \
+ "-D 2=4" \
+ "-D \"foo;bar\"" \
+ "--client-options -r /path" \
+ "-S /path" \
+ "--client-options -q" \
]
foreach options $invalid_options {
@@ -66,9 +67,8 @@ set valid_options [list \
"-D X=Y" \
"-I /tmp" \
"-m test" \
- "-R /tmp" \
"-r [exec uname -r]" \
- "-a i386 -B X=Y -D X=Y -I /tmp -m test -R /tmp -r [exec uname -r]" \
+ "-a i386 -B X=Y -D X=Y -I /tmp -m test -r [exec uname -r]" \
"--unprivileged" \
"--unprivileged -a i386" \
"--unprivileged -B X=Y" \
@@ -80,13 +80,11 @@ set valid_options [list \
"--unprivileged -a i386 -B X=Y -D X=Y -I /tmp -m test -R /tmp -r [exec uname -r]" \
"--client-options" \
"--client-options -a i386" \
- "--client-options -B X=Y" \
"--client-options -D X=Y" \
"--client-options -I /tmp" \
"--client-options -m test" \
- "--client-options -R /tmp" \
"--client-options -r [exec uname -r]" \
- "--client-options -a i386 -B X=Y -D X=Y -I /tmp -m test -R /tmp -r [exec uname -r]" \
+ "--client-options -a i386 -D X=Y -I /tmp -m test -r [exec uname -r]" \
"--unprivileged --client-options" \
"--client-options --unprivileged" \
"--unprivileged -a i386 --client-options" \
--- a/testsuite/systemtap.server/hello.stp
+++ b/testsuite/systemtap.server/hello.stp
@@ -1,4 +1,4 @@
-#! stap
+#! stap -p5
probe begin
{
--- a/testsuite/systemtap.server/server_args.exp
+++ b/testsuite/systemtap.server/server_args.exp
@@ -40,11 +40,13 @@ proc stap_direct_and_with_client {stap s
# Some messages contain the names of files or directories
# and will be prefixed for the client.
if {[regexp "^ (.*)" $expected_line match data]} {
- if {[regexp "^ tapsets/.*/$data" $line]} {
+ # Special characters in the regexp need to be quoted.
+ regsub -all "\[\"\\\\;\*\]" $data {\\\0} data
+ if {[regexp "^ tapsets.*/$data" $line]} {
incr n
continue
}
- if {[regexp "^ runtime/.*/$data" $line]} {
+ if {[regexp "^ runtime.*/$data" $line]} {
incr n
continue
}
@@ -57,7 +59,9 @@ proc stap_direct_and_with_client {stap s
}
} else {
if {[regexp "^Input file '(.*)' is empty or missing." $expected_line match data]} {
- if {[regexp "^Input file 'script/.*/$data' is empty or missing." $line]} {
+ # Special characters in the regexp need to be quoted.
+ regsub -all "\[\"\\\\;\*\]" $data {\\\0} data
+ if {[regexp "^Input file 'script.*/$data' is empty or missing." $line]} {
incr n
continue
}
@@ -110,21 +114,27 @@ if {[installtest_p]} then {
# for debugging a currently failing case and helps to ensure that previously
# fixed cases do not regress.
set previously_fixed [list \
+ "-p1 -I=\\w94\nbh -e -Dhfuo0iu7 -c" \
+ "-p1 -I8o\\2ie -e'1\\ -D\n\" -c" \
+ "-p1 -Ira\\3;c g -e0fle'qq -Dr/316k\\o8 -cjyoc\n3" \
+ "-p1 -I6p3 -elc -Dqgsgv' -c" \
+ "-p1 -I\"vyv;z -ej\"/3 -D/ 01qck\n -c3u55zut" \
+ "-p1 -I1 -eo9e\nx047q -D9xyefk0a -cvl98/x1'i" \
"-p1 -c; test.stp" \
- "-p1 -I4hgy96 -R -e5oo39p -Bile\\vp -Ddx8v -c4;" \
- "-p1 -I -Repwd9 -esq3wors -Btmk;\\t -Dz -c*eibz8h2e" \
- "-p1 -I -Ry a -em339db5 -B;ae41428d -Du2;c0ps -ch9o\\" \
- "-p1 -Ipfjps4 -Rx479 -ebug4dc -Bih;fe2 -Du8vd fvkl -c" \
- "-p1 -I0\"nspzjyf -R -e5r3up8h -Bgqnyjq6w -Dmi;ojp9m -cx;a2fat" \
- "-p1 -Iu -R9 -ek7;r -Big -Dcu\"; -c\"hc" \
- "-p1 -Icd4fidq -Rkj m40mv -edn -B7ria -D;8ha\\cjr -c1*vnq" \
- "-p1 -I;3 -R3lq;vp -er8e -Bgdqjqdy -D -cb6k29z" \
- "-p1 -Ircj -R -e -B -D -c\\vmww" \
- "-p1 -Illc5 -Rug*\\o -e65wof9 -B qr*=x7x5 -D -cgx;" \
- "-p1 -Iyaj420=3 -R -e\" -Bx68j -D -cd'5mi" \
- "-p1 -Ir -Rwd8;;sjl -e -Bxh; -D29\\ -cj2szt;4" \
- "-p1 -Ibno3=b4sk -R*5 -e' -Byl63flos -Dg2-j;e -c2ijx'" \
- "-p1 -I285v7pl -R9a -eo5\\0 -Bfs* -D86s -c-c*v" \
+ "-p1 -I4hgy96 -e5oo39p -Ddx8v -c4;" \
+ "-p1 -I -esq3wors -Dz -c*eibz8h2e" \
+ "-p1 -I a -em339db5 -Du2;c0ps -ch9o\\" \
+ "-p1 -Ipfjps4 -ebug4dc -Du8vd fvkl -c" \
+ "-p1 -I0\"nspzjyf -e5r3up8h -Dmi;ojp9m -cx;a2fat" \
+ "-p1 -Iu -ek7;r -Dcu\"; -c\"hc" \
+ "-p1 -Icd4fidq m40mv -edn -D;8ha\\cjr -c1*vnq" \
+ "-p1 -I;3 -er8e -D -cb6k29z" \
+ "-p1 -Ircj -e -D -c\\vmww" \
+ "-p1 -Illc5 -e65wof9 qr*=x7x5 -D -cgx;" \
+ "-p1 -Iyaj420=3 -e\" -D -cd'5mi" \
+ "-p1 -Ir -e -D29\\ -cj2szt;4" \
+ "-p1 -Ibno3=b4sk -e' -Dg2-j;e -c2ijx'" \
+ "-p1 -I285v7pl -eo5\\0 -D86s -c-c*v" \
]
set i 0
@@ -140,7 +150,10 @@ foreach options $previously_fixed {
# Generate semi-random arguments containing with potential problem characters.
# Check that running systemtap with the client/server generates output
# comparable to running stap directly.
-set dangerous_options [list "-I" "-R" "-e" "-B" "-D" "-c"]
+set dangerous_options [list "-I" "-e" "-D" "-c" "-S"]
+# NB: Other options could be candidates here, like -r and -B, but
+# there stap-server imposes more restrictions than local stap, so
+# this simple error-matching test cannot use them.
set argchars "0123456789/;*'=-\\\"\n abcdefghijklmnopqrstuvwxyz"
for {set i 0} {$i < $iterations} {incr i} {
--- a/util.cxx
+++ b/util.cxx
@@ -1,5 +1,5 @@
// Copyright (C) Andrew Tridgell 2002 (original file)
-// Copyright (C) 2006, 2009 Red Hat Inc. (systemtap changes)
+// Copyright (C) 2006-2010 Red Hat Inc. (systemtap changes)
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License as
@@ -19,6 +19,8 @@
#include "sys/sdt.h"
#include <stdexcept>
#include <cerrno>
+#include <map>
+#include <string>
extern "C" {
#include <fcntl.h>
@@ -31,6 +33,7 @@ extern "C" {
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
+#include <regex.h>
}
using namespace std;
@@ -413,4 +416,35 @@ kill_stap_spawn(int sig)
return spawned_pid ? kill(spawned_pid, sig) : 0;
}
+
+void assert_regexp_match (const string& name, const string& value, const string& re)
+{
+ typedef map<string,regex_t*> cache;
+ static cache compiled;
+ cache::iterator it = compiled.find (re);
+ regex_t* r = 0;
+ if (it == compiled.end())
+ {
+ r = new regex_t;
+ int rc = regcomp (r, re.c_str(), REG_ICASE|REG_NOSUB|REG_EXTENDED);
+ if (rc) {
+ cerr << "regcomp " << re << " (" << name << ") error rc=" << rc << endl;
+ exit(1);
+ }
+ compiled[re] = r;
+ }
+ else
+ r = it->second;
+
+ // run regexec
+ int rc = regexec (r, value.c_str(), 0, 0, 0);
+ if (rc)
+ {
+ cerr << "ERROR: Safety pattern mismatch for " << name
+ << " ('" << value << "' vs. '" << re << "') rc=" << rc << endl;
+ exit(1);
+ }
+}
+
+
/* vim: set sw=2 ts=8 cino=>4,n-2,{2,^-2,t0,(0,u0,w1,M1 : */
--- a/util.h
+++ b/util.h
@@ -21,7 +21,7 @@ const std::string cmdstr_quoted(const st
std::string git_revision(const std::string& path);
int stap_system(int verbose, const std::string& command);
int kill_stap_spawn(int sig);
-
+void assert_regexp_match (const std::string& name, const std::string& value, const std::string& re);
// stringification generics

187
systemtap-CVE-2010-0411.diff
View File

@ -1,187 +0,0 @@
Subject: VUL-1: systemtap: DoS issue in __get_argv() function
References: bnc#577382
Signed-Off-By: Tony Jones <tonyj@suse.de>
commit a2d399c87a642190f08ede63dc6fc434a5a8363a
Author: Josh Stone <jistone@redhat.com>
Date: Thu Feb 4 17:47:31 2010 -0800
PR11234: Rewrite __get_argv without embedded-C
We now implement __get_argv's string building in pure stap script.
Also, every argument is now quoted, which is different than before, but
it's much more robust about handling special characters.
diff --git a/tapset/aux_syscalls.stp b/tapset/aux_syscalls.stp
index bab0f64..e762b37 100644
--- a/tapset/aux_syscalls.stp
+++ b/tapset/aux_syscalls.stp
@@ -399,124 +399,53 @@ function __sem_flags:string(semflg:long)
/* This function copies an argv from userspace. */
-function __get_argv:string(a:long, first:long)
-%{ /* pure */
- char __user *__user *argv = (char __user *__user *)(long)THIS->a;
- char __user *vstr;
- int space, rc, len = MAXSTRINGLEN;
- char *str = THIS->__retvalue;
- char buf[80];
- char *ptr = buf;
-
-
- if (THIS->first && argv)
- argv++;
-
- while (argv != NULL) {
- if (__stp_get_user (vstr, argv))
- break;
-
- if (vstr == NULL)
- break;
-
- rc = _stp_strncpy_from_user(buf, vstr, 79);
- if (rc <= 0)
- break;
-
- /* check for whitespace in string */
- buf[rc] = 0;
- ptr = buf;
- space = 0;
- while (*ptr && rc--) {
- if (isspace(*ptr++)) {
- space = 1;
- break;
- }
- }
-
- if (len != MAXSTRINGLEN && len) {
- *str++=' ';
- len--;
- }
-
- if (space && len) {
- *str++='\"';
- len--;
- }
-
- rc = strlcpy (str, buf, len);
- str += rc;
- len -= rc;
-
- if (space && len) {
- *str++='\"';
- len--;
- }
-
- argv++;
+function __get_argv:string(argv:long, first:long)
+{
+%( CONFIG_64BIT == "y" %?
+ if (first && argv)
+ argv += 8
+ while (argv) {
+ vstr = user_long(argv)
+ if (!vstr)
+ break
+ if (len)
+ str .= " "
+ str .= user_string_quoted(vstr)
+
+ newlen = strlen(str)
+ if (newlen == len)
+ break
+ len = newlen
+ argv += 8
}
- *str = 0;
-%}
-/* This function copies an argv from userspace. */
-function __get_compat_argv:string(a:long, first:long)
-%{ /* pure */
-#ifdef CONFIG_COMPAT
- compat_uptr_t __user *__user *argv = (compat_uptr_t __user *__user *)(long)THIS->a;
- compat_uptr_t __user *vstr;
- int space, rc, len = MAXSTRINGLEN;
- char *str = THIS->__retvalue;
- char buf[80];
- char *ptr = buf;
-
- if (THIS->first && argv)
- argv++;
-
- while (argv != NULL) {
- if (__stp_get_user (vstr, argv))
- break;
-
- if (vstr == NULL)
- break;
-
- rc = _stp_strncpy_from_user(buf, (char *)vstr, 79);
- if (rc <= 0)
- break;
-
- /* check for whitespace in string */
- buf[rc] = 0;
- ptr = buf;
- space = 0;
- while (*ptr && rc--) {
- if (isspace(*ptr++)) {
- space = 1;
- break;
- }
- }
-
- if (len != MAXSTRINGLEN && len) {
- *str++=' ';
- len--;
- }
-
- if (space && len) {
- *str++='\"';
- len--;
- }
-
- rc = strlcpy (str, buf, len);
- str += rc;
- len -= rc;
-
- if (space && len) {
- *str++='\"';
- len--;
- }
- argv++;
+ return str
+%:
+ return __get_compat_argv(argv, first)
+%)
+}
+/* This function copies an argv from userspace. */
+function __get_compat_argv:string(argv:long, first:long)
+{
+ if (first && argv)
+ argv += 4
+ while (argv) {
+ vstr = user_int(argv) & 0xffffffff
+ if (!vstr)
+ break
+ if (len)
+ str .= " "
+ str .= user_string_quoted(vstr)
+
+ newlen = strlen(str)
+ if (newlen == len)
+ break
+ len = newlen
+ argv += 4
}
- *str = 0;
-#endif
-%}
+
+ return str
+}
/*
* Return the symbolic string representation

17
systemtap-docdir-fix.diff
View File

@ -48,20 +48,3 @@ SuSE %{_docdir} is /usr/share/doc/packages. Change install locations to match.
### ###
--- a/stapex.3stap.in
+++ b/stapex.3stap.in
@@ -114,12 +114,12 @@ To list the probeable functions and loca
.SH MORE EXAMPLES
Larger examples, demos and samples can be found in
-@prefix@/doc/systemtap*/examples, each example comes with either a .txt
+@prefix@/share/doc/packages/systemtap/examples, each example comes with either a .txt
or .meta file explaining what the example, sample or demo does and how
it is ordinarily run.
.SH SEE ALSO
-.BR @prefix@/doc/systemtap*/examples
+.BR @prefix@/share/doc/packages/systemtap/examples
.IR stap (1)
.IR stapprobes (3stap)
.IR stapfuncs (3stap)

5
systemtap-docs.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Thu Aug 26 02:15:11 UTC 2010 - tonyj@novell.com
- Update to version 1.3
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 11 22:49:52 UTC 2010 - tonyj@novell.com Thu Mar 11 22:49:52 UTC 2010 - tonyj@novell.com

9
systemtap-docs.spec
View File

@ -1,5 +1,5 @@
# #
# spec file for package systemtap-docs (Version 1.1) # spec file for package systemtap-docs (Version 1.3)
# #
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
@ -26,8 +26,8 @@ BuildRequires: fop
BuildRequires: latex2html BuildRequires: latex2html
%define use_snapshot 0 %define use_snapshot 0
License: GPLv2+ License: GPLv2+
Version: 1.1 Version: 1.3
Release: 2 Release: 1
Summary: Documents and examples for systemtap Summary: Documents and examples for systemtap
Group: Development/Tools/Debuggers Group: Development/Tools/Debuggers
Url: http://sourceware.org/systemtap/ Url: http://sourceware.org/systemtap/
@ -79,8 +79,7 @@ rm -rf $RPM_BUILD_ROOT%{_libexecdir}
rm -rf $RPM_BUILD_ROOT%{_datadir}/systemtap rm -rf $RPM_BUILD_ROOT%{_datadir}/systemtap
rm -rf $RPM_BUILD_ROOT%{_includedir} rm -rf $RPM_BUILD_ROOT%{_includedir}
# these man pages are in each sub package # these man pages are in each sub package
rm -rf $RPM_BUILD_ROOT%{_mandir}/man1 rm -rf $RPM_BUILD_ROOT%{_mandir}/man[178]
rm -rf $RPM_BUILD_ROOT%{_mandir}/man8
%clean %clean
rm -rf ${RPM_BUILD_ROOT} rm -rf ${RPM_BUILD_ROOT}

11
systemtap-hppa.diff Normal file
View File

@ -0,0 +1,11 @@
--- includes/sys/sdt.h.orig 2010-07-21 22:46:07.000000000 +0200
+++ includes/sys/sdt.h 2010-09-05 20:47:20.686243029 +0200
@@ -129,7 +129,7 @@
#endif
-#if defined __x86_64__ || defined __i386__ || defined __powerpc__ || defined __arm__ || defined __sparc__
+#if defined __x86_64__ || defined __i386__ || defined __powerpc__ || defined __arm__ || defined __sparc__ || defined __hppa
#define STAP_NOP "\tnop "
#else
#define STAP_NOP "\tnop 0 "

24
systemtap-ioblock-suse-kernel-fix.diff
View File

@ -1,24 +0,0 @@
---
tapset/ioblock.stp | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/tapset/ioblock.stp
+++ b/tapset/ioblock.stp
@@ -118,7 +118,7 @@ probe ioblock.request = kernel.function
vcnt = $bio->bi_vcnt
idx = $bio->bi_idx
phys_segments = $bio->bi_phys_segments
-%(kernel_v < "2.6.28" %?
+%(kernel_v < "2.6.27" %?
hw_segments = $bio->bi_hw_segments
%)
size = $bio->bi_size
@@ -169,7 +169,7 @@ probe ioblock.end = kernel.function("bio
vcnt = $bio->bi_vcnt
idx = $bio->bi_idx
phys_segments = $bio->bi_phys_segments
-%(kernel_v < "2.6.28" %?
+%(kernel_v < "2.6.27" %?
hw_segments = $bio->bi_hw_segments
%)
size = $bio->bi_size

182
systemtap-prevent-nested-arg.diff
View File

@ -1,182 +0,0 @@
From: Josh Stone <jistone@redhat.com>
Date: Tue Jan 19 15:36:35 2010 -0800
Git-Repo: git://sources.redhat.com/git/systemtap.git
Git-Commit: 9300f661214a4f4dfac75878485867b30c7db389
Signed-Off-By: Tony Jones <tonyj@suse.de>
tonyj: this fixes parse errors such as:
parse error: expected 'probe', 'global', 'function', or '%{'
saw: identifier '?robe' at
-------------------------------------------------
PR11195: Prevent all nested argument substitution
Our existing protection only made sure that the first token in a
substitution wasn't a nested substitution. That's not sufficient when
there could be multiple tokens involved. This patch makes sure that no
nested tokens are ever allowed to be argument substitutions.
This also adds a cursor_suspended_line/column and resets the main
cursor_line/column to the beginning of the substitution, so errors will
point a little closer to the right place.
diff --git a/parse.cxx b/parse.cxx
index edb1927..2688d6d 100644
--- a/parse.cxx
+++ b/parse.cxx
@@ -632,7 +632,8 @@ parser::peek_kw (std::string const & kw)
lexer::lexer (istream& input, const string& in, systemtap_session& s):
input_name (in), input_pointer (0), input_end (0),
- cursor_suspend_count(0), cursor_line (1), cursor_column (1),
+ cursor_suspend_count(0), cursor_suspend_line (1), cursor_suspend_column (1),
+ cursor_line (1), cursor_column (1),
session(s), current_file (0)
{
getline(input, input_contents, '\0');
@@ -693,9 +694,15 @@ lexer::input_get ()
++input_pointer;
if (cursor_suspend_count)
- // Track effect of input_put: preserve previous cursor/line_column
- // until all of its characters are consumed.
- cursor_suspend_count --;
+ {
+ // Track effect of input_put: preserve previous cursor/line_column
+ // until all of its characters are consumed.
+ if (--cursor_suspend_count == 0)
+ {
+ cursor_line = cursor_suspend_line;
+ cursor_column = cursor_suspend_column;
+ }
+ }
else
{
// update source cursor
@@ -714,12 +721,16 @@ lexer::input_get ()
void
-lexer::input_put (const string& chars)
+lexer::input_put (const string& chars, const token* t)
{
size_t pos = input_pointer - input_contents.data();
// clog << "[put:" << chars << " @" << pos << "]";
input_contents.insert (pos, chars);
cursor_suspend_count += chars.size();
+ cursor_suspend_line = cursor_line;
+ cursor_suspend_column = cursor_column;
+ cursor_line = t->location.line;
+ cursor_column = t->location.column;
input_pointer = input_contents.data() + pos;
input_end = input_contents.data() + input_contents.size();
}
@@ -731,19 +742,11 @@ lexer::scan (bool wildcard)
token* n = new token;
n->location.file = current_file;
- unsigned semiskipped_p = 0;
-
- skip:
+skip:
+ bool suspended = (cursor_suspend_count > 0);
n->location.line = cursor_line;
n->location.column = cursor_column;
- semiskip:
- if (semiskipped_p > 1)
- {
- input_get ();
- throw parse_error ("invalid nested substitution of command line arguments");
- }
-
int c = input_get();
// clog << "{" << (char)c << (char)c2 << "}";
if (c < 0)
@@ -762,38 +765,41 @@ lexer::scan (bool wildcard)
// characters; @1..@999 are quoted/escaped as strings.
// $# and @# expand to the number of arguments, similarly
// raw or quoted.
- if ((c == '$' || c == '@') &&
- (c2 == '#'))
+ if ((c == '$' || c == '@') && (c2 == '#'))
{
+ n->content.push_back (c);
+ n->content.push_back (c2);
input_get(); // swallow '#'
- stringstream converter;
- converter << session.args.size ();
- if (c == '$') input_put (converter.str());
- else input_put (lex_cast_qstring (converter.str()));
- semiskipped_p ++;
- goto semiskip;
+ if (suspended)
+ throw parse_error ("invalid nested substitution of command line arguments", n);
+ size_t num_args = session.args.size ();
+ input_put ((c == '$') ? lex_cast (num_args) : lex_cast_qstring (num_args), n);
+ n->content.clear();
+ goto skip;
}
- else if ((c == '$' || c == '@') &&
- (isdigit (c2)))
+ else if ((c == '$' || c == '@') && (isdigit (c2)))
{
+ n->content.push_back (c);
unsigned idx = 0;
do
{
input_get ();
idx = (idx * 10) + (c2 - '0');
+ n->content.push_back (c2);
c2 = input_peek ();
} while (c2 > 0 &&
isdigit (c2) &&
idx <= session.args.size()); // prevent overflow
+ if (suspended)
+ throw parse_error ("invalid nested substitution of command line arguments", n);
if (idx == 0 ||
idx-1 >= session.args.size())
throw parse_error ("command line argument index " + lex_cast(idx)
+ " out of range [1-" + lex_cast(session.args.size()) + "]", n);
- string arg = session.args[idx-1];
- if (c == '$') input_put (arg);
- else input_put (lex_cast_qstring (arg));
- semiskipped_p ++;
- goto semiskip;
+ const string& arg = session.args[idx-1];
+ input_put ((c == '$') ? arg : lex_cast_qstring (arg), n);
+ n->content.clear();
+ goto skip;
}
else if (isalpha (c) || c == '$' || c == '@' || c == '_' ||
diff --git a/parse.h b/parse.h
index 5587586..0ff8664 100644
--- a/parse.h
+++ b/parse.h
@@ -79,12 +79,14 @@ public:
private:
inline int input_get ();
inline int input_peek (unsigned n=0);
- void input_put (const std::string&);
+ void input_put (const std::string&, const token*);
std::string input_name;
std::string input_contents;
const char *input_pointer; // index into input_contents
const char *input_end;
unsigned cursor_suspend_count;
+ unsigned cursor_suspend_line;
+ unsigned cursor_suspend_column;
unsigned cursor_line;
unsigned cursor_column;
systemtap_session& session;
diff --git a/testsuite/parseko/preprocess16.stp b/testsuite/parseko/preprocess16.stp
new file mode 100755
index 0000000..364bad6
--- /dev/null
+++ b/testsuite/parseko/preprocess16.stp
@@ -0,0 +1,4 @@
+#! /bin/sh
+
+# recursive after the first token (PR11195)
+stap -p1 -e 'probe begin {$1}' 'x $1'

57
systemtap-support-2.6.36.diff Normal file
View File

@ -0,0 +1,57 @@
From 75a48ca31be58a7f2c31d7bda4069a93105f872f Mon Sep 17 00:00:00 2001
From: David Smith <dsmith@redhat.com>
Date: Mon, 23 Aug 2010 13:05:33 -0500
Subject: [PATCH] Fixed PR11940 by getting scripts w/global variables to compile on 2.6.36.
* runtime/runtime.h: Updated module parameter get/set functions with new
interface for 2.6.36.
---
runtime/runtime.h | 17 ++++++++++++++---
1 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/runtime/runtime.h b/runtime/runtime.h
index 497137d..388216c 100644
--- a/runtime/runtime.h
+++ b/runtime/runtime.h
@@ -142,10 +142,14 @@ static struct
#endif
#include "addr-map.c"
-
+#ifdef module_param_cb /* kernels >= 2.6.36 */
+#define _STP_KERNEL_PARAM_ARG const struct kernel_param
+#else
+#define _STP_KERNEL_PARAM_ARG struct kernel_param
+#endif
/* Support functions for int64_t module parameters. */
-static int param_set_int64_t(const char *val, struct kernel_param *kp)
+static int param_set_int64_t(const char *val, _STP_KERNEL_PARAM_ARG *kp)
{
char *endp;
long long ll;
@@ -166,13 +170,20 @@ static int param_set_int64_t(const char *val, struct kernel_param *kp)
return 0;
}
-static int param_get_int64_t(char *buffer, struct kernel_param *kp)
+static int param_get_int64_t(char *buffer, _STP_KERNEL_PARAM_ARG *kp)
{
return sprintf(buffer, "%lli", (long long)*((int64_t *)kp->arg));
}
#define param_check_int64_t(name, p) __param_check(name, p, int64_t)
+#ifdef module_param_cb /* kernels >= 2.6.36 */
+static struct kernel_param_ops param_ops_int64_t = {
+ .set = param_set_int64_t,
+ .get = param_get_int64_t,
+};
+#endif
+#undef _STP_KERNEL_PARAM_ARG
/************* Module Stuff ********************/
--
1.7.2

18
systemtap.changes
View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Mon Sep 13 11:25:26 UTC 2010 - coolo@novell.com
- take fix for pr11940 from systemtap git
-------------------------------------------------------------------
Sun Sep 5 18:39:44 UTC 2010 - bg@novell.com
- fix build for hppa
-------------------------------------------------------------------
Thu Aug 26 01:35:21 UTC 2010 - tonyj@novell.com
- Update from version 1.1 to version 1.3
Upstream release notes:
1.3: http://sourceware.org/ml/systemtap/2010-q3/msg00098.html
1.2: http://sourceware.org/ml/systemtap/2010-q1/msg00740.html
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jul 21 12:51:32 CEST 2010 - vuntz@opensuse.org Wed Jul 21 12:51:32 CEST 2010 - vuntz@opensuse.org

66
systemtap.spec
View File

@ -1,5 +1,5 @@
# #
# spec file for package systemtap (Version 1.1) # spec file for package systemtap (Version 1.3)
# #
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
@ -23,8 +23,8 @@ BuildRequires: gcc-c++ glib2-devel libcap-devel libebl-devel pkg-config sqlite-
BuildRequires: mozilla-nspr-devel mozilla-nss-devel mozilla-nss-tools BuildRequires: mozilla-nspr-devel mozilla-nss-devel mozilla-nss-tools
%define use_snapshot 0 %define use_snapshot 0
License: GPLv2+ License: GPLv2+
Version: 1.1 Version: 1.3
Release: 2 Release: 1
Summary: Instrumentation System Summary: Instrumentation System
Group: Development/Tools/Debuggers Group: Development/Tools/Debuggers
Url: http://sourceware.org/systemtap/ Url: http://sourceware.org/systemtap/
@ -39,10 +39,8 @@ Source: ftp://sources.redhat.com/pub/systemtap/snapshots/systemtap-%{pac
# need -docdir patch even though docs are packaged by systemtap-docs.spec # need -docdir patch even though docs are packaged by systemtap-docs.spec
# so that they are installed into directories matching below rm -rf's # so that they are installed into directories matching below rm -rf's
Patch1: systemtap-docdir-fix.diff Patch1: systemtap-docdir-fix.diff
Patch2: systemtap-ioblock-suse-kernel-fix.diff Patch2: systemtap-hppa.diff
Patch3: systemtap-CVE-2009-4273.diff Patch3: systemtap-support-2.6.36.diff
Patch4: systemtap-CVE-2010-0411.diff
Patch5: systemtap-prevent-nested-arg.diff
Requires: libebl1 Requires: libebl1
Requires: %{name}-runtime = %{version}-%{release} Requires: %{name}-runtime = %{version}-%{release}
@ -53,15 +51,6 @@ SystemTap is an instrumentation system for systems running Linux 2.6.
Developers can write instrumentation to collect data on the operation Developers can write instrumentation to collect data on the operation
of the system. of the system.
Authors:
--------
Frank Ch. Eigler <fche@redhat.com>
Graydon Hoare <graydon@redhat.com>
Martin Hunt <hunt@redhat.com>
Tom Zanussi <zanussi@us.ibm.com>
%package runtime %package runtime
License: GPLv2+ License: GPLv2+
Group: Development/Tools/Debuggers Group: Development/Tools/Debuggers
@ -71,15 +60,6 @@ Summary: Runtime environment for systemtap
SystemTap is an instrumentation system for systems running Linux 2.6. SystemTap is an instrumentation system for systems running Linux 2.6.
This package contains the runtime environment for systemtap programs. This package contains the runtime environment for systemtap programs.
Authors:
--------
Frank Ch. Eigler <fche@redhat.com>
Graydon Hoare <graydon@redhat.com>
Martin Hunt <hunt@redhat.com>
Tom Zanussi <zanussi@us.ibm.com>
%package client %package client
License: GPLv2+ License: GPLv2+
Group: Development/Tools/Debuggers Group: Development/Tools/Debuggers
@ -92,15 +72,6 @@ Requires: coreutils avahi avahi-utils mozilla-nss-tools zip unzip
SystemTap is an instrumentation system for systems running Linux 2.6. SystemTap is an instrumentation system for systems running Linux 2.6.
This package contains the client component for systemtap. This package contains the client component for systemtap.
Authors:
--------
Frank Ch. Eigler <fche@redhat.com>
Graydon Hoare <graydon@redhat.com>
Martin Hunt <hunt@redhat.com>
Tom Zanussi <zanussi@us.ibm.com>
%package server %package server
License: GPLv2+ License: GPLv2+
Group: Development/Tools/Debuggers Group: Development/Tools/Debuggers
@ -113,35 +84,17 @@ Requires: coreutils avahi avahi-utils mozilla-nss-tools zip unzip
SystemTap is an instrumentation system for systems running Linux 2.6. SystemTap is an instrumentation system for systems running Linux 2.6.
This package contains the server component of systemtap. This package contains the server component of systemtap.
Authors:
--------
Frank Ch. Eigler <fche@redhat.com>
Graydon Hoare <graydon@redhat.com>
Martin Hunt <hunt@redhat.com>
Tom Zanussi <zanussi@us.ibm.com>
%package sdt-devel %package sdt-devel
License: GPLv2+ License: GPLv2+
Group: Development/Tools/Debuggers Group: Development/Tools/Debuggers
Summary: Static probe support tools Summary: Static probe support tools
Requires: %{name} = %{version}-%{release} Requires: %{name} = %{version}-%{release}
Requires: python Requires: python-base
%description sdt-devel %description sdt-devel
SystemTap is an instrumentation system for systems running Linux 2.6. SystemTap is an instrumentation system for systems running Linux 2.6.
This package contains the support tools for static probes. This package contains the support tools for static probes.
Authors:
--------
Frank Ch. Eigler <fche@redhat.com>
Graydon Hoare <graydon@redhat.com>
Martin Hunt <hunt@redhat.com>
Tom Zanussi <zanussi@us.ibm.com>
%prep %prep
%if %use_snapshot %if %use_snapshot
%setup -n src -q %setup -n src -q
@ -149,10 +102,8 @@ Authors:
%setup -n %{name}-%{package_version} -q %setup -n %{name}-%{package_version} -q
%endif %endif
%patch1 -p1 %patch1 -p1
%patch2 -p1 %patch2
%patch3 -p1 %patch3 -p1
%patch4 -p1
%patch5 -p1
%build %build
autoreconf -fi autoreconf -fi
@ -180,7 +131,8 @@ rm -rf ${RPM_BUILD_ROOT}
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%{_bindir}/stap %{_bindir}/stap
%{_mandir}/man1/* %{_mandir}/man[17]/*
%dir %{_datadir}/%{name} %dir %{_datadir}/%{name}
%{_datadir}/%{name}/runtime %{_datadir}/%{name}/runtime
%{_datadir}/%{name}/tapset %{_datadir}/%{name}/tapset