src/cmd/compile/internal/gc/noder.go | 28 +++++++++++++++++++++++++++- src/cmd/go/internal/load/pkg.go | 1 + diff --git a/src/cmd/compile/internal/gc/noder.go b/src/cmd/compile/internal/gc/noder.go index 7cd941206b21b556e5e74cfec918aa6e098675cc..37fad2d714787bff7492e2a66950047209ce7be1 100644 --- a/src/cmd/compile/internal/gc/noder.go +++ b/src/cmd/compile/internal/gc/noder.go @@ -1190,8 +1190,22 @@ break } p.linknames = append(p.linknames, linkname{pos, f[1], f[2]}) + case strings.HasPrefix(text, "go:cgo_import_dynamic "): + // This is permitted for general use because Solaris + // code relies on it in golang.org/x/sys/unix and others. + fields := pragmaFields(text) + if len(fields) >= 4 { + lib := strings.Trim(fields[3], `"`) + if lib != "" && !safeArg(lib) && !isCgoGeneratedFile(pos) { + p.error(syntax.Error{Pos: pos, Msg: fmt.Sprintf("invalid library name %q in cgo_import_dynamic directive", lib)}) + } + p.pragcgobuf += p.pragcgo(pos, text) + return pragmaValue("go:cgo_import_dynamic") + } + fallthrough case strings.HasPrefix(text, "go:cgo_"): - // For security, we disallow //go:cgo_* directives outside cgo-generated files. + // For security, we disallow //go:cgo_* directives other + // than cgo_import_dynamic outside cgo-generated files. // Exception: they are allowed in the standard library, for runtime and syscall. if !isCgoGeneratedFile(pos) && !compiling_std { p.error(syntax.Error{Pos: pos, Msg: fmt.Sprintf("//%s only allowed in cgo-generated code", text)}) @@ -1225,6 +1239,18 @@ // (primarily misuse of linker flags), other files are not. // See golang.org/issue/23672. func isCgoGeneratedFile(pos src.Pos) bool { return strings.HasPrefix(filepath.Base(filepath.Clean(pos.AbsFilename())), "_cgo_") +} + +// safeArg reports whether arg is a "safe" command-line argument, +// meaning that when it appears in a command-line, it probably +// doesn't have some special meaning other than its own name. +// This is copied from SafeArg in cmd/go/internal/load/pkg.go. +func safeArg(name string) bool { + if name == "" { + return false + } + c := name[0] + return '0' <= c && c <= '9' || 'A' <= c && c <= 'Z' || 'a' <= c && c <= 'z' || c == '.' || c == '_' || c == '/' || c >= utf8.RuneSelf } func mkname(sym *types.Sym) *Node { diff --git a/src/cmd/go/internal/load/pkg.go b/src/cmd/go/internal/load/pkg.go index 65b17012a3df13756fddc4c3446d6c5b9a7a99af..6ca89d946db45d32e76df09ccab47fa5ab10d778 100644 --- a/src/cmd/go/internal/load/pkg.go +++ b/src/cmd/go/internal/load/pkg.go @@ -1218,6 +1218,7 @@ // Less obviously, args beginning with @ are not safe (they look like // GNU binutils flagfile specifiers, sometimes called "response files"). // To be conservative, we reject almost any arg beginning with non-alphanumeric ASCII. // We accept leading . _ and / as likely in file system paths. +// There is a copy of this function in cmd/compile/internal/gc/noder.go. func SafeArg(name string) bool { if name == "" { return false