summaryrefslogtreecommitdiffstats
path: root/src/pathchk.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/pathchk.c')
-rw-r--r--src/pathchk.c419
1 files changed, 419 insertions, 0 deletions
diff --git a/src/pathchk.c b/src/pathchk.c
new file mode 100644
index 0000000..9614294
--- /dev/null
+++ b/src/pathchk.c
@@ -0,0 +1,419 @@
+/* pathchk -- check whether file names are valid or portable
+ Copyright (C) 1991-2023 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>. */
+
+#include <config.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <sys/types.h>
+#include <wchar.h>
+
+#include "system.h"
+#include "quote.h"
+
+/* The official name of this program (e.g., no 'g' prefix). */
+#define PROGRAM_NAME "pathchk"
+
+#define AUTHORS \
+ proper_name ("Paul Eggert"), \
+ proper_name ("David MacKenzie"), \
+ proper_name ("Jim Meyering")
+
+#ifndef _POSIX_PATH_MAX
+# define _POSIX_PATH_MAX 256
+#endif
+#ifndef _POSIX_NAME_MAX
+# define _POSIX_NAME_MAX 14
+#endif
+
+#ifdef _XOPEN_NAME_MAX
+# define NAME_MAX_MINIMUM _XOPEN_NAME_MAX
+#else
+# define NAME_MAX_MINIMUM _POSIX_NAME_MAX
+#endif
+#ifdef _XOPEN_PATH_MAX
+# define PATH_MAX_MINIMUM _XOPEN_PATH_MAX
+#else
+# define PATH_MAX_MINIMUM _POSIX_PATH_MAX
+#endif
+
+#if ! (HAVE_PATHCONF && defined _PC_NAME_MAX && defined _PC_PATH_MAX)
+# ifndef _PC_NAME_MAX
+# define _PC_NAME_MAX 0
+# define _PC_PATH_MAX 1
+# endif
+# ifndef pathconf
+# define pathconf(file, flag) \
+ (flag == _PC_NAME_MAX ? NAME_MAX_MINIMUM : PATH_MAX_MINIMUM)
+# endif
+#endif
+
+static bool validate_file_name (char *, bool, bool);
+
+/* For long options that have no equivalent short option, use a
+ non-character as a pseudo short option, starting with CHAR_MAX + 1. */
+enum
+{
+ PORTABILITY_OPTION = CHAR_MAX + 1
+};
+
+static struct option const longopts[] =
+{
+ {"portability", no_argument, nullptr, PORTABILITY_OPTION},
+ {GETOPT_HELP_OPTION_DECL},
+ {GETOPT_VERSION_OPTION_DECL},
+ {nullptr, 0, nullptr, 0}
+};
+
+void
+usage (int status)
+{
+ if (status != EXIT_SUCCESS)
+ emit_try_help ();
+ else
+ {
+ printf (_("Usage: %s [OPTION]... NAME...\n"), program_name);
+ fputs (_("\
+Diagnose invalid or non-portable file names.\n\
+\n\
+ -p check for most POSIX systems\n\
+ -P check for empty names and leading \"-\"\n\
+ --portability check for all POSIX systems (equivalent to -p -P)\n\
+"), stdout);
+ fputs (HELP_OPTION_DESCRIPTION, stdout);
+ fputs (VERSION_OPTION_DESCRIPTION, stdout);
+ emit_ancillary_info (PROGRAM_NAME);
+ }
+ exit (status);
+}
+
+int
+main (int argc, char **argv)
+{
+ bool ok = true;
+ bool check_basic_portability = false;
+ bool check_extra_portability = false;
+ int optc;
+
+ initialize_main (&argc, &argv);
+ set_program_name (argv[0]);
+ setlocale (LC_ALL, "");
+ bindtextdomain (PACKAGE, LOCALEDIR);
+ textdomain (PACKAGE);
+
+ atexit (close_stdout);
+
+ while ((optc = getopt_long (argc, argv, "+pP", longopts, nullptr)) != -1)
+ {
+ switch (optc)
+ {
+ case PORTABILITY_OPTION:
+ check_basic_portability = true;
+ check_extra_portability = true;
+ break;
+
+ case 'p':
+ check_basic_portability = true;
+ break;
+
+ case 'P':
+ check_extra_portability = true;
+ break;
+
+ case_GETOPT_HELP_CHAR;
+
+ case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
+
+ default:
+ usage (EXIT_FAILURE);
+ }
+ }
+
+ if (optind == argc)
+ {
+ error (0, 0, _("missing operand"));
+ usage (EXIT_FAILURE);
+ }
+
+ for (; optind < argc; ++optind)
+ ok &= validate_file_name (argv[optind],
+ check_basic_portability, check_extra_portability);
+
+ return ok ? EXIT_SUCCESS : EXIT_FAILURE;
+}
+
+/* If FILE contains a component with a leading "-", report an error
+ and return false; otherwise, return true. */
+
+static bool
+no_leading_hyphen (char const *file)
+{
+ char const *p;
+
+ for (p = file; (p = strchr (p, '-')); p++)
+ if (p == file || p[-1] == '/')
+ {
+ error (0, 0, _("leading '-' in a component of file name %s"),
+ quoteaf (file));
+ return false;
+ }
+
+ return true;
+}
+
+/* If FILE (of length FILELEN) contains only portable characters,
+ return true, else report an error and return false. */
+
+static bool
+portable_chars_only (char const *file, size_t filelen)
+{
+ size_t validlen = strspn (file,
+ ("/"
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+ "abcdefghijklmnopqrstuvwxyz"
+ "0123456789._-"));
+ char const *invalid = file + validlen;
+
+ if (*invalid)
+ {
+ mbstate_t mbstate = { 0, };
+ size_t charlen = mbrlen (invalid, filelen - validlen, &mbstate);
+ error (0, 0,
+ _("non-portable character %s in file name %s"),
+ quotearg_n_style_mem (1, locale_quoting_style, invalid,
+ (charlen <= MB_LEN_MAX ? charlen : 1)),
+ quoteaf_n (0, file));
+ return false;
+ }
+
+ return true;
+}
+
+/* Return the address of the start of the next file name component in F. */
+
+ATTRIBUTE_PURE
+static char *
+component_start (char *f)
+{
+ while (*f == '/')
+ f++;
+ return f;
+}
+
+/* Return the size of the file name component F. F must be nonempty. */
+
+ATTRIBUTE_PURE
+static size_t
+component_len (char const *f)
+{
+ size_t len;
+ for (len = 1; f[len] != '/' && f[len]; len++)
+ continue;
+ return len;
+}
+
+/* Make sure that
+ strlen (FILE) <= PATH_MAX
+ && strlen (each-existing-directory-in-FILE) <= NAME_MAX
+
+ If CHECK_BASIC_PORTABILITY is true, compare against _POSIX_PATH_MAX and
+ _POSIX_NAME_MAX instead, and make sure that FILE contains no
+ characters not in the POSIX portable filename character set, which
+ consists of A-Z, a-z, 0-9, ., _, - (plus / for separators).
+
+ If CHECK_BASIC_PORTABILITY is false, make sure that all leading directories
+ along FILE that exist are searchable.
+
+ If CHECK_EXTRA_PORTABILITY is true, check that file name components do not
+ begin with "-".
+
+ If either CHECK_BASIC_PORTABILITY or CHECK_EXTRA_PORTABILITY is true,
+ check that the file name is not empty.
+
+ Return true if all of these tests are successful, false if any fail. */
+
+static bool
+validate_file_name (char *file, bool check_basic_portability,
+ bool check_extra_portability)
+{
+ idx_t filelen = strlen (file);
+
+ /* Start of file name component being checked. */
+ char *start;
+
+ /* True if component lengths need to be checked. */
+ bool check_component_lengths;
+
+ /* True if the file is known to exist. */
+ bool file_exists = false;
+
+ if (check_extra_portability && ! no_leading_hyphen (file))
+ return false;
+
+ if ((check_basic_portability || check_extra_portability)
+ && filelen == 0)
+ {
+ /* Fail, since empty names are not portable. As of
+ 2005-01-06 POSIX does not address whether "pathchk -p ''"
+ should (or is allowed to) fail, so this is not a
+ conformance violation. */
+ error (0, 0, _("empty file name"));
+ return false;
+ }
+
+ if (check_basic_portability)
+ {
+ if (! portable_chars_only (file, filelen))
+ return false;
+ }
+ else
+ {
+ /* Check whether a file name component is in a directory that
+ is not searchable, or has some other serious problem.
+ POSIX does not allow "" as a file name, but some non-POSIX
+ hosts do (as an alias for "."), so allow "" if lstat does. */
+
+ struct stat st;
+ if (lstat (file, &st) == 0)
+ file_exists = true;
+ else if (errno != ENOENT || filelen == 0)
+ {
+ error (0, errno, "%s", quotef (file));
+ return false;
+ }
+ }
+
+ if (check_basic_portability
+ || (! file_exists && PATH_MAX_MINIMUM <= filelen))
+ {
+ idx_t maxsize;
+
+ if (check_basic_portability)
+ maxsize = _POSIX_PATH_MAX;
+ else
+ {
+ long int size;
+ char const *dir = (*file == '/' ? "/" : ".");
+ errno = 0;
+ size = pathconf (dir, _PC_PATH_MAX);
+ if (size < 0 && errno != 0)
+ {
+ error (0, errno,
+ _("%s: unable to determine maximum file name length"),
+ dir);
+ return false;
+ }
+ maxsize = MIN (size, MIN (SSIZE_MAX, IDX_MAX));
+ }
+
+ if (maxsize <= filelen)
+ {
+ error (0, 0, _("limit %td exceeded by length %td of file name %s"),
+ maxsize - 1, filelen, quoteaf (file));
+ return false;
+ }
+ }
+
+ /* Check whether pathconf (..., _PC_NAME_MAX) can be avoided, i.e.,
+ whether all file name components are so short that they are valid
+ in any file system on this platform. If CHECK_BASIC_PORTABILITY, though,
+ it's more convenient to check component lengths below. */
+
+ check_component_lengths = check_basic_portability;
+ if (! check_component_lengths && ! file_exists)
+ {
+ for (start = file; *(start = component_start (start)); )
+ {
+ size_t length = component_len (start);
+
+ if (NAME_MAX_MINIMUM < length)
+ {
+ check_component_lengths = true;
+ break;
+ }
+
+ start += length;
+ }
+ }
+
+ if (check_component_lengths)
+ {
+ /* The limit on file name components for the current component.
+ This defaults to NAME_MAX_MINIMUM, for the sake of non-POSIX
+ systems (NFS, say?) where pathconf fails on "." or "/" with
+ errno == ENOENT. */
+ idx_t name_max = NAME_MAX_MINIMUM;
+
+ /* If nonzero, the known limit on file name components. */
+ idx_t known_name_max = check_basic_portability ? _POSIX_NAME_MAX : 0;
+
+ for (start = file; *(start = component_start (start)); )
+ {
+ idx_t length;
+
+ if (known_name_max)
+ name_max = known_name_max;
+ else
+ {
+ long int len;
+ char const *dir = (start == file ? "." : file);
+ char c = *start;
+ errno = 0;
+ *start = '\0';
+ len = pathconf (dir, _PC_NAME_MAX);
+ *start = c;
+ if (0 <= len)
+ name_max = MIN (len, MIN (SSIZE_MAX, IDX_MAX));
+ else
+ switch (errno)
+ {
+ case 0:
+ /* There is no limit. */
+ name_max = IDX_MAX;
+ break;
+
+ case ENOENT:
+ /* DIR does not exist; use its parent's maximum. */
+ known_name_max = name_max;
+ break;
+
+ default:
+ *start = '\0';
+ error (0, errno, "%s", quotef (dir));
+ *start = c;
+ return false;
+ }
+ }
+
+ length = component_len (start);
+
+ if (name_max < length)
+ {
+ char c = start[length];
+ start[length] = '\0';
+ error (0, 0,
+ _("limit %td exceeded by length %td "
+ "of file name component %s"),
+ name_max, length, quote (start));
+ start[length] = c;
+ return false;
+ }
+
+ start += length;
+ }
+ }
+
+ return true;
+}