| Message ID | 56E4CEFD.20102@charter.net |
|---|---|
| State | New |
| Headers | show |
On March 13, 2016 3:22:53 AM GMT+01:00, Jerry DeLisle <jvdelisle@charter.net> wrote: >I plan to commit the attached patch and test case under simple and >obvious tomorrow. First, the patch adds superfluous vertical whitespace. Second, and I apologise for stating the obvious, I'd make that a whitelist instead, I.e only allow regular files or symlinks pointing to regular files as I think there are no sensible use cases for including e.g. block- or char devices et al. Including a pipe would maybe be possible to support but I doubt this is a usual usage pattern. Thanks,
On 03/13/2016 01:15 AM, Bernhard Reutner-Fischer wrote: > On March 13, 2016 3:22:53 AM GMT+01:00, Jerry DeLisle <jvdelisle@charter.net> wrote: >> I plan to commit the attached patch and test case under simple and >> obvious tomorrow. > > First, the patch adds superfluous vertical whitespace. > > Second, and I apologise for stating the obvious, I'd make that a whitelist instead, I.e only allow regular files or symlinks pointing to regular files as I think there are no sensible use cases for including e.g. block- or char devices et al. Including a pipe would maybe be possible to support but I doubt this is a usual usage pattern. > > Thanks, > > Thanks for your thought. Done, tested with a link to a regular file, changed the error message just a bit. New Revision: 234169 URL: https://gcc.gnu.org/viewcvs?rev=234169&root=gcc&view=rev Log: 2016-03-13 Jerry DeLisle <jvdelisle@gcc.gnu.org> Jim MacArthur <jim.macarthur@codethink.co.uk> PR fortran/69043 * scanner.c (load_file): Check that included file is regular. PR fortran/69043 * gfortran.dg/include_9.f90: New test. Added: trunk/gcc/testsuite/gfortran.dg/include_9.f90 Modified: trunk/gcc/fortran/ChangeLog trunk/gcc/fortran/scanner.c trunk/gcc/testsuite/ChangeLog
diff --git a/gcc/fortran/scanner.c b/gcc/fortran/scanner.c index c4e7974..d4c14bc 100644 --- a/gcc/fortran/scanner.c +++ b/gcc/fortran/scanner.c @@ -2200,6 +2200,8 @@ load_file (const char *realfilename, const char *displayedname, bool initial) FILE *input; int len, line_len; bool first_line; + struct stat st; + int stat_result; const char *filename; /* If realfilename and displayedname are different and non-null then surely realfilename is the preprocessed form of @@ -2227,6 +2229,7 @@ load_file (const char *realfilename, const char *displayedname, bool initial) } else input = gfc_open_file (realfilename); + if (input == NULL) { gfc_error_now ("Can't open file %qs", filename); @@ -2242,6 +2245,16 @@ load_file (const char *realfilename, const char *displayedname, bool initial) current_file->filename, current_file->line, filename); return false; } + + stat_result = stat (realfilename, &st); + if (stat_result == 0 && st.st_mode & S_IFDIR) + { + fprintf (stderr, "%s:%d: Error: Included path '%s'" + " is a directory.\n", + current_file->filename, current_file->line, filename); + fclose (input); + return false; + } } /* Load the file.