Changeset 389

Timestamp:

02/19/10 04:13:07 (2 years ago)

Author:

walter

Message:

test AA's for equality; tighten security on file imports

Files:

• branches/dmd-1.x/src/e2ir.c (modified) (1 diff)
• branches/dmd-1.x/src/expression.c (modified) (1 diff)
• trunk/src/e2ir.c (modified) (2 diffs)
• trunk/src/expression.c (modified) (1 diff)

branches/dmd-1.x/src/e2ir.c

@@ -2010 +2010 @@
-    Type *telement = t1->nextOf()->toBasetype();
-    int rtlfunc;
-
-    ea1 = e1->toElem(irs);
-    ea1 = array_toDarray(t1, ea1);
-    ea2 = e2->toElem(irs);
-    ea2 = array_toDarray(t2, ea2);
-
-#if DMDV2
-    ep = el_params(telement->arrayOf()->getInternalTypeInfo(NULL)->toElem(irs),
-        ea2, ea1, NULL);
-    rtlfunc = RTLSYM_ARRAYEQ2;
-#else
-    ep = el_params(telement->getInternalTypeInfo(NULL)->toElem(irs), ea2, ea1, NULL);
-    rtlfunc = RTLSYM_ARRAYEQ;
-#endif
-    e = el_bin(OPcall, TYint, el_var(rtlsym[rtlfunc]), ep);
-    if (op == TOKnotequal)
-        e = el_bin(OPxor, TYint, e, el_long(TYint, 1));
-    el_setLoc(e,loc);
+    }
+    else if (t1->ty == Taarray && t2->ty == Taarray)
+    {   TypeAArray *taa = (TypeAArray *)t1;
+    Symbol *s = taa->aaGetSymbol("Equal", 0);
+    elem *ti = taa->getTypeInfo(NULL)->toElem(irs);
+    elem *ea1 = e1->toElem(irs);
+    elem *ea2 = e2->toElem(irs);
+    // aaEqual(ti, e1, e2)
+    elem *ep = el_params(ea2, ea1, ti, NULL);
+    e = el_bin(OPcall, TYnptr, el_var(s), ep);
+    if (op == TOKnotequal)
+        e = el_bin(OPxor, TYint, e, el_long(TYint, 1));
+    el_setLoc(e,loc);
+    return e;
-    }
-    else
-    e = toElemBin(irs, eop);
-    return e;
-}
-
-elem *IdentityExp::toElem(IRState *irs)
-{
-    elem *e;
-    enum OPER eop;
-    Type *t1 = e1->type->toBasetype();
-    Type *t2 = e2->type->toBasetype();
-
-    switch (op)
-    {
-    case TOKidentity:   eop = OPeqeq;   break;
-    case TOKnotidentity:    eop = OPne; break;
-    default:
-        dump(0);
-        assert(0);

branches/dmd-1.x/src/expression.c

@@ -5240 +5240 @@
-{   char *name;
-    StringExp *se;
-
-#if LOGSEMANTIC
-    printf("FileExp::semantic('%s')\n", toChars());
-#endif
-    UnaExp::semantic(sc);
-    e1 = resolveProperties(sc, e1);
-    e1 = e1->optimize(WANTvalue);
-    if (e1->op != TOKstring)
-    {   error("file name argument must be a string, not (%s)", e1->toChars());
-    goto Lerror;
-    }
-    se = (StringExp *)e1;
-    se = se->toUTF8(sc);
-    name = (char *)se->string;
-
-    if (!global.params.fileImppath)
-    {   error("need -Jpath switch to import text file %s", name);
-    goto Lerror;
+    }
+
+    /* Be wary of CWE-22: Improper Limitation of a Pathname to a Restricted Directory
+     * ('Path Traversal') attacks.
+     * http://cwe.mitre.org/data/definitions/22.html
+     */
+
+    /* Do harsh sanitizing by limiting the name's character set.
+     */
+    for (const char *p = name; *p; p++)
+    {
+    if (!(isalnum(*p) || *p == '.' || *p == '_'))
+    {
+        error("file name characters are restricted to [a-zA-Z0-9._] not '%c'", *p);
+        goto Lerror;
+    }
-    }
-
-    if (name != FileName::name(name))
-    {   error("use -Jpath switch to provide path for filename %s", name);
-    goto Lerror;
-    }
-
-    name = FileName::searchPath(global.filePath, name, 0);
-    if (!name)
-    {   error("file %s cannot be found, check -Jpath", se->toChars());
-    goto Lerror;
-    }
-
-    if (global.params.verbose)
-    printf("file      %s\t(%s)\n", (char *)se->string, name);
-
-    {   File f(name);
-    if (f.read())
-    {   error("cannot read file %s", f.toChars());
-        goto Lerror;

trunk/src/e2ir.c

@@ -1 +1 @@
-
-// Compiler implementation of the D programming language
-09
+10
-// All Rights Reserved
-// written by Walter Bright
-// http://www.digitalmars.com
-// License for redistribution is by either the Artistic License
-// in artistic.txt, or the GNU General Public License in gnu.txt.
-// See the included readme.txt for details.
-
-#include    <stdio.h>
-#include    <string.h>
-#include    <time.h>
-#include    <complex.h>
-
-#include    "port.h"
-
-#include    "lexer.h"
-#include    "expression.h"
-#include    "mtype.h"
-#include    "dsymbol.h"
-#include    "declaration.h"
-#include    "enum.h"
@@ -2295 +2295 @@
-    {
-    Type *telement = t1->nextOf()->toBasetype();
-
-    elem *ea1 = e1->toElem(irs);
-    ea1 = array_toDarray(t1, ea1);
-    elem *ea2 = e2->toElem(irs);
-    ea2 = array_toDarray(t2, ea2);
-
-#if DMDV2
-    elem *ep = el_params(telement->arrayOf()->getInternalTypeInfo(NULL)->toElem(irs),
-        ea2, ea1, NULL);
-    int rtlfunc = RTLSYM_ARRAYEQ2;
-#else
-    elem *ep = el_params(telement->getInternalTypeInfo(NULL)->toElem(irs), ea2, ea1, NULL);
-    int rtlfunc = RTLSYM_ARRAYEQ;
-#endif
-    e = el_bin(OPcall, TYint, el_var(rtlsym[rtlfunc]), ep);
-    if (op == TOKnotequal)
-        e = el_bin(OPxor, TYint, e, el_long(TYint, 1));
-    el_setLoc(e,loc);
+    }
+    else if (t1->ty == Taarray && t2->ty == Taarray)
+    {   TypeAArray *taa = (TypeAArray *)t1;
+    Symbol *s = taa->aaGetSymbol("Equal", 0);
+    elem *ti = taa->getTypeInfo(NULL)->toElem(irs);
+    elem *ea1 = e1->toElem(irs);
+    elem *ea2 = e2->toElem(irs);
+    // aaEqual(ti, e1, e2)
+    elem *ep = el_params(ea2, ea1, ti, NULL);
+    e = el_bin(OPcall, TYnptr, el_var(s), ep);
+    if (op == TOKnotequal)
+        e = el_bin(OPxor, TYint, e, el_long(TYint, 1));
+    el_setLoc(e,loc);
+    return e;
-    }
-    else
-    e = toElemBin(irs, eop);
-    return e;
-}
-
-elem *IdentityExp::toElem(IRState *irs)
-{
-    elem *e;
-    enum OPER eop;
-    Type *t1 = e1->type->toBasetype();
-    Type *t2 = e2->type->toBasetype();
-
-    switch (op)
-    {
-    case TOKidentity:   eop = OPeqeq;   break;
-    case TOKnotidentity:    eop = OPne; break;
-    default:
-        dump(0);
-        assert(0);

trunk/src/expression.c

@@ -5584 +5584 @@
-
-#if LOGSEMANTIC
-    printf("FileExp::semantic('%s')\n", toChars());
-#endif
-    UnaExp::semantic(sc);
-    e1 = resolveProperties(sc, e1);
-    e1 = e1->optimize(WANTvalue);
-    if (e1->op != TOKstring)
-    {   error("file name argument must be a string, not (%s)", e1->toChars());
-    goto Lerror;
-    }
-    se = (StringExp *)e1;
-    se = se->toUTF8(sc);
-    name = (char *)se->string;
-
-    if (!global.params.fileImppath)
-    {   error("need -Jpath switch to import text file %s", name);
-    goto Lerror;
-    }
-
+    /* Be wary of CWE-22: Improper Limitation of a Pathname to a Restricted Directory
+     * ('Path Traversal') attacks.
+     * http://cwe.mitre.org/data/definitions/22.html
+     */
+
+    /* Do harsh sanitizing by limiting the name's character set.
+     */
+    for (const char *p = name; *p; p++)
+    {
+    if (!(isalnum(*p) || *p == '.' || *p == '_'))
+    {
+        error("file name characters are restricted to [a-zA-Z0-9._] not '%c'", *p);
+        goto Lerror;
+    }
+    }
+
-    if (name != FileName::name(name))
-    {   error("use -Jpath switch to provide path for filename %s", name);
-    goto Lerror;
-    }
-
-    name = FileName::searchPath(global.filePath, name, 0);
-    if (!name)
-    {   error("file %s cannot be found, check -Jpath", se->toChars());
-    goto Lerror;
-    }
-
-    if (global.params.verbose)
-    printf("file      %s\t(%s)\n", (char *)se->string, name);
-
-    {   File f(name);
-    if (f.read())
-    {   error("cannot read file %s", f.toChars());
-        goto Lerror;
-    }
-    else