summaryrefslogtreecommitdiffstats
path: root/lib/unlink.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/unlink.c')
-rw-r--r--lib/unlink.c98
1 files changed, 98 insertions, 0 deletions
diff --git a/lib/unlink.c b/lib/unlink.c
new file mode 100644
index 0000000..d77d262
--- /dev/null
+++ b/lib/unlink.c
@@ -0,0 +1,98 @@
+/* Work around unlink bugs.
+
+ Copyright (C) 2009-2023 Free Software Foundation, Inc.
+
+ This file is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Lesser General Public License as
+ published by the Free Software Foundation; either version 2.1 of the
+ License, or (at your option) any later version.
+
+ This file is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>. */
+
+#include <config.h>
+
+#include <unistd.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#include "filename.h"
+
+#undef unlink
+#if defined _WIN32 && !defined __CYGWIN__
+# define unlink _unlink
+#endif
+
+/* Remove file NAME.
+ Return 0 if successful, -1 if not. */
+
+int
+rpl_unlink (char const *name)
+{
+ /* Work around Solaris 9 bug where unlink("file/") succeeds. */
+ size_t len = strlen (name);
+ int result = 0;
+ if (len && ISSLASH (name[len - 1]))
+ {
+ /* We can't unlink(2) something if it doesn't exist. If it does
+ exist, then it resolved to a directory, due to the trailing
+ slash, and POSIX requires that the unlink attempt to remove
+ that directory (which would leave the symlink dangling).
+ Unfortunately, Solaris 9 is one of the platforms where the
+ root user can unlink directories, and we don't want to
+ cripple this behavior on real directories, even if it is
+ seldom needed (at any rate, it's nicer to let coreutils'
+ unlink(1) give the correct errno for non-root users). But we
+ don't know whether name was an actual directory, or a symlink
+ to a directory; and due to the bug of ignoring trailing
+ slash, Solaris 9 would end up successfully unlinking the
+ symlink instead of the directory. Technically, we could use
+ realpath to find the canonical directory name to attempt
+ deletion on. But that is a lot of work for a corner case; so
+ we instead just use an lstat on the shortened name, and
+ reject symlinks with trailing slashes. The root user of
+ unlink(1) will just have to live with the rule that they
+ can't delete a directory via a symlink. */
+ struct stat st;
+ result = lstat (name, &st);
+ if (result == 0 || errno == EOVERFLOW)
+ {
+ /* Trailing NUL will overwrite the trailing slash. */
+ char *short_name = malloc (len);
+ if (!short_name)
+ return -1;
+ memcpy (short_name, name, len);
+ while (len && ISSLASH (short_name[len - 1]))
+ short_name[--len] = '\0';
+ if (len && (lstat (short_name, &st) || S_ISLNK (st.st_mode)))
+ {
+ free (short_name);
+ errno = EPERM;
+ return -1;
+ }
+ free (short_name);
+ result = 0;
+ }
+ }
+ if (!result)
+ {
+#if UNLINK_PARENT_BUG
+ if (len >= 2 && name[len - 1] == '.' && name[len - 2] == '.'
+ && (len == 2 || ISSLASH (name[len - 3])))
+ {
+ errno = EISDIR; /* could also use EPERM */
+ return -1;
+ }
+#endif
+ result = unlink (name);
+ }
+ return result;
+}