/* Return the canonical absolute name of a given file. Copyright (C) 1996-2020 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ #include #include "canonicalize.h" #include #include #include #include #include #include "areadlink.h" #include "file-set.h" #include "hash-triple.h" #include "pathmax.h" #include "xalloc.h" #include "xgetcwd.h" #include "filename.h" #define MULTIPLE_BITS_SET(i) (((i) & ((i) - 1)) != 0) /* In this file, we cannot handle file names longer than PATH_MAX. On systems with no file name length limit, use a fallback. */ #ifndef PATH_MAX # define PATH_MAX 8192 #endif #ifndef DOUBLE_SLASH_IS_DISTINCT_ROOT # define DOUBLE_SLASH_IS_DISTINCT_ROOT 0 #endif #if ISSLASH ('\\') # define SLASHES "/\\" #else # define SLASHES "/" #endif #if !((HAVE_CANONICALIZE_FILE_NAME && FUNC_REALPATH_WORKS) \ || GNULIB_CANONICALIZE_LGPL) /* Return the canonical absolute name of file NAME. A canonical name does not contain any ".", ".." components nor any repeated file name separators ('/') or symlinks. All components must exist. The result is malloc'd. */ char * canonicalize_file_name (const char *name) { return canonicalize_filename_mode (name, CAN_EXISTING); } #endif /* !HAVE_CANONICALIZE_FILE_NAME */ /* Return true if we've already seen the triple, . If *HT is not initialized, initialize it. */ static bool seen_triple (Hash_table **ht, char const *filename, struct stat const *st) { if (*ht == NULL) { size_t initial_capacity = 7; *ht = hash_initialize (initial_capacity, NULL, triple_hash, triple_compare_ino_str, triple_free); if (*ht == NULL) xalloc_die (); } if (seen_file (*ht, filename, st)) return true; record_file (*ht, filename, st); return false; } /* Return the canonical absolute name of file NAME, while treating missing elements according to CAN_MODE. A canonical name does not contain any ".", ".." components nor any repeated file name separators ('/') or, depending on other CAN_MODE flags, symlinks. Whether components must exist or not depends on canonicalize mode. The result is malloc'd. */ char * canonicalize_filename_mode (const char *name, canonicalize_mode_t can_mode) { char *rname, *dest, *extra_buf = NULL; char const *start; char const *end; char const *rname_limit; size_t extra_len = 0; Hash_table *ht = NULL; int saved_errno; int can_flags = can_mode & ~CAN_MODE_MASK; bool logical = can_flags & CAN_NOLINKS; size_t prefix_len; can_mode &= CAN_MODE_MASK; if (MULTIPLE_BITS_SET (can_mode)) { errno = EINVAL; return NULL; } if (name == NULL) { errno = EINVAL; return NULL; } if (name[0] == '\0') { errno = ENOENT; return NULL; } /* This is always zero for Posix hosts, but can be 2 for MS-Windows and MS-DOS X:/foo/bar file names. */ prefix_len = FILE_SYSTEM_PREFIX_LEN (name); if (!IS_ABSOLUTE_FILE_NAME (name)) { rname = xgetcwd (); if (!rname) return NULL; dest = strchr (rname, '\0'); if (dest - rname < PATH_MAX) { char *p = xrealloc (rname, PATH_MAX); dest = p + (dest - rname); rname = p; rname_limit = rname + PATH_MAX; } else { rname_limit = dest; } start = name; prefix_len = FILE_SYSTEM_PREFIX_LEN (rname); } else { rname = xmalloc (PATH_MAX); rname_limit = rname + PATH_MAX; dest = rname; if (prefix_len) { memcpy (rname, name, prefix_len); dest += prefix_len; } *dest++ = '/'; if (DOUBLE_SLASH_IS_DISTINCT_ROOT) { if (ISSLASH (name[1]) && !ISSLASH (name[2]) && !prefix_len) *dest++ = '/'; *dest = '\0'; } start = name + prefix_len; } for ( ; *start; start = end) { /* Skip sequence of multiple file name separators. */ while (ISSLASH (*start)) ++start; /* Find end of component. */ for (end = start; *end && !ISSLASH (*end); ++end) /* Nothing. */; if (end - start == 0) break; else if (end - start == 1 && start[0] == '.') /* nothing */; else if (end - start == 2 && start[0] == '.' && start[1] == '.') { /* Back up to previous component, ignore if at root already. */ if (dest > rname + prefix_len + 1) for (--dest; dest > rname && !ISSLASH (dest[-1]); --dest) continue; if (DOUBLE_SLASH_IS_DISTINCT_ROOT && dest == rname + 1 && !prefix_len && ISSLASH (*dest) && !ISSLASH (dest[1])) dest++; } else { struct stat st; if (!ISSLASH (dest[-1])) *dest++ = '/'; if (dest + (end - start) >= rname_limit) { ptrdiff_t dest_offset = dest - rname; size_t new_size = rname_limit - rname; if (end - start + 1 > PATH_MAX) new_size += end - start + 1; else new_size += PATH_MAX; rname = xrealloc (rname, new_size); rname_limit = rname + new_size; dest = rname + dest_offset; } dest = memcpy (dest, start, end - start); dest += end - start; *dest = '\0'; if (logical && (can_mode == CAN_MISSING)) { /* Avoid the stat in this case as it's inconsequential. i.e. we're neither resolving symlinks or testing component existence. */ st.st_mode = 0; } else if ((logical ? stat (rname, &st) : lstat (rname, &st)) != 0) { /* FIXME: If errno == EOVERFLOW here, the entry exists. */ saved_errno = errno; if (can_mode == CAN_EXISTING) goto error; if (can_mode == CAN_ALL_BUT_LAST) { if (end[strspn (end, SLASHES)] || saved_errno != ENOENT) goto error; continue; } st.st_mode = 0; } if (S_ISLNK (st.st_mode)) { char *buf; size_t n, len; /* Detect loops. We cannot use the cycle-check module here, since it's actually possible to encounter the same symlink more than once in a given traversal. However, encountering the same symlink,NAME pair twice does indicate a loop. */ if (seen_triple (&ht, name, &st)) { if (can_mode == CAN_MISSING) continue; saved_errno = ELOOP; goto error; } buf = areadlink_with_size (rname, st.st_size); if (!buf) { if (can_mode == CAN_MISSING && errno != ENOMEM) continue; saved_errno = errno; goto error; } n = strlen (buf); len = strlen (end); if (!extra_len) { extra_len = ((n + len + 1) > PATH_MAX) ? (n + len + 1) : PATH_MAX; extra_buf = xmalloc (extra_len); } else if ((n + len + 1) > extra_len) { extra_len = n + len + 1; extra_buf = xrealloc (extra_buf, extra_len); } /* Careful here, end may be a pointer into extra_buf... */ memmove (&extra_buf[n], end, len + 1); name = end = memcpy (extra_buf, buf, n); if (IS_ABSOLUTE_FILE_NAME (buf)) { size_t pfxlen = FILE_SYSTEM_PREFIX_LEN (buf); if (pfxlen) memcpy (rname, buf, pfxlen); dest = rname + pfxlen; *dest++ = '/'; /* It's an absolute symlink */ if (DOUBLE_SLASH_IS_DISTINCT_ROOT) { if (ISSLASH (buf[1]) && !ISSLASH (buf[2]) && !pfxlen) *dest++ = '/'; *dest = '\0'; } /* Install the new prefix to be in effect hereafter. */ prefix_len = pfxlen; } else { /* Back up to previous component, ignore if at root already: */ if (dest > rname + prefix_len + 1) for (--dest; dest > rname && !ISSLASH (dest[-1]); --dest) continue; if (DOUBLE_SLASH_IS_DISTINCT_ROOT && dest == rname + 1 && ISSLASH (*dest) && !ISSLASH (dest[1]) && !prefix_len) dest++; } free (buf); } else { if (!S_ISDIR (st.st_mode) && *end && (can_mode != CAN_MISSING)) { saved_errno = ENOTDIR; goto error; } } } } if (dest > rname + prefix_len + 1 && ISSLASH (dest[-1])) --dest; if (DOUBLE_SLASH_IS_DISTINCT_ROOT && dest == rname + 1 && !prefix_len && ISSLASH (*dest) && !ISSLASH (dest[1])) dest++; *dest = '\0'; if (rname_limit != dest + 1) rname = xrealloc (rname, dest - rname + 1); free (extra_buf); if (ht) hash_free (ht); return rname; error: free (extra_buf); free (rname); if (ht) hash_free (ht); errno = saved_errno; return NULL; }