src: switch from fnmatch to g_pattern_match_simple

The g_pattern_match function_simple is an acceptably close approximation of fnmatch for libvirt's needs. In contrast to fnmatch(), the '/' character can be matched by the wildcards, there are no '[...]' character ranges and '*' and '?' can not be escaped to include them literally in a pattern. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2025-02-25 18:55:26 -06:00 · 2019-12-20 16:02:49 +00:00 · 2019-12-20 16:02:49 +00:00 · f7df985684
commit f7df985684
parent d0312c584f
8 changed files with 25 additions and 34 deletions
--- a/src/qemu/qemu_firmware.c
+++ b/src/qemu/qemu_firmware.c
@ -20,8 +20,6 @@
 #include <config.h>
 #include <fnmatch.h>
 #include "qemu_firmware.h"
 #include "qemu_interop_config.h"
 #include "configmake.h"
@ -921,7 +919,7 @@ qemuFirmwareMatchesMachineArch(const qemuFirmware *fw,
            continue;
        for (j = 0; j < fw->targets[i]->nmachines; j++) {
-            if (fnmatch(fw->targets[i]->machines[j], machine, 0) == 0)
+            if (g_pattern_match_simple(fw->targets[i]->machines[j], machine))
                return true;
        }
    }
--- a/src/remote/libvirtd.conf.in
+++ b/src/remote/libvirtd.conf.in
@ -262,7 +262,9 @@
 #
 #    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards:
 #
 # https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
@ -288,7 +290,9 @@
 #
 #    "*@EXAMPLE.COM"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
 #
 # https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
--- a/src/rpc/virnetsaslcontext.c
+++ b/src/rpc/virnetsaslcontext.c
@ -20,8 +20,6 @@
 #include <config.h>
 #include <fnmatch.h>
 #include "virnetsaslcontext.h"
 #include "virnetmessage.h"
@ -155,17 +153,10 @@ int virNetSASLContextCheckIdentity(virNetSASLContextPtr ctxt,
    }
    while (*wildcards) {
-        int rv = fnmatch(*wildcards, identity, 0);
+        if (g_pattern_match_simple(*wildcards, identity)) {
        if (rv == 0) {
            ret = 1;
            goto cleanup; /* Successful match */
        }
        if (rv != FNM_NOMATCH) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("Malformed TLS whitelist regular expression '%s'"),
                           *wildcards);
            goto cleanup;
        }
        wildcards++;
    }
--- a/src/rpc/virnettlscontext.c
+++ b/src/rpc/virnettlscontext.c
@ -21,7 +21,6 @@
 #include <config.h>
 #include <unistd.h>
 #include <fnmatch.h>
 #include <gnutls/gnutls.h>
 #include <gnutls/crypto.h>
@ -361,15 +360,8 @@ virNetTLSContextCheckCertDNWhitelist(const char *dname,
                                     const char *const*wildcards)
 {
    while (*wildcards) {
-        int ret = fnmatch(*wildcards, dname, 0);
+        if (g_pattern_match_simple(*wildcards, dname))
        if (ret == 0) /* Successful match */
            return 1;
        if (ret != FNM_NOMATCH) {
            virReportError(VIR_ERR_INTERNAL_ERROR,
                           _("Malformed TLS whitelist regular expression '%s'"),
                           *wildcards);
            return -1;
        }
        wildcards++;
    }
--- a/src/util/virlog.c
+++ b/src/util/virlog.c
@ -36,7 +36,6 @@
 #if HAVE_SYS_UN_H
 # include <sys/un.h>
 #endif
 #include <fnmatch.h>
 #include "virerror.h"
 #include "virlog.h"
@ -488,7 +487,7 @@ virLogSourceUpdate(virLogSourcePtr source)
        size_t i;
        for (i = 0; i < virLogNbFilters; i++) {
-            if (fnmatch(virLogFilters[i]->match, source->name, 0) == 0) {
+            if (g_pattern_match_simple(virLogFilters[i]->match, source->name)) {
                priority = virLogFilters[i]->priority;
                break;
            }
@ -1338,7 +1337,7 @@ virLogFilterNew(const char *match,
        return NULL;
    }
-    /* We must treat 'foo' as equiv to '*foo*' for fnmatch
+    /* We must treat 'foo' as equiv to '*foo*' for g_pattern_match
     * todo substring matches, so add 2 extra bytes
     */
    if (VIR_ALLOC_N_QUIET(mdup, mlen + 3) < 0)
--- a/tests/virconfdata/libvirtd.conf
+++ b/tests/virconfdata/libvirtd.conf
@ -183,7 +183,9 @@ tls_no_verify_certificate = 1
 #
 #    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
 #
 # https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
@ -200,7 +202,9 @@ tls_allowed_dn_list = ["DN1", "DN2"]
 #
 #    "*@EXAMPLE.COM"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
 #
 # https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
--- a/tests/virconfdata/libvirtd.out
+++ b/tests/virconfdata/libvirtd.out
@ -147,7 +147,9 @@ tls_no_verify_certificate = 1
 #
 #    "C=GB,ST=London,L=London,O=Red Hat,CN=*"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
 #
 # https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
@ -162,7 +164,9 @@ tls_allowed_dn_list = [ "DN1", "DN2" ]
 #
 #    "*@EXAMPLE.COM"
 #
-# See the POSIX fnmatch function for the format of the wildcards.
+# See the g_pattern_match function for the format of the wildcards.
 #
 # https://developer.gnome.org/glib/stable/glib-Glob-style-pattern-matching.html
 #
 # NB If this is an empty list, no client can connect, so comment out
 # entirely rather than using empty list to disable these checks
--- a/tools/virt-login-shell-helper.c
+++ b/tools/virt-login-shell-helper.c
@ -19,7 +19,6 @@
 */
 #include <config.h>
 #include <fnmatch.h>
 #include <getopt.h>
 #include <signal.h>
 #include <stdarg.h>
@ -67,14 +66,14 @@ static int virLoginShellAllowedUser(virConfPtr conf,
            for (i = 0; i < ngroups; i++) {
                if (!(gname = virGetGroupName(groups[i])))
                    continue;
-                if (fnmatch(entry, gname, 0) == 0) {
+                if (g_pattern_match_simple(entry, gname)) {
                    ret = 0;
                    goto cleanup;
                }
                VIR_FREE(gname);
            }
        } else {
-            if (fnmatch(entry, name, 0) == 0) {
+            if (g_pattern_match_simple(entry, name)) {
                ret = 0;
                goto cleanup;
            }