/* Various utility functions.
Copyright (C) 1996-2011, 2015, 2018-2024 Free Software Foundation,
Inc.
This file is part of GNU Wget.
GNU Wget is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
GNU Wget is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with Wget. If not, see .
Additional permission under GNU GPL version 3 section 7
If you modify this program, or any covered work, by linking or
combining it with the OpenSSL project's OpenSSL library (or a
modified version of that library), containing parts covered by the
terms of the OpenSSL or SSLeay licenses, the Free Software Foundation
grants you additional permission to convey the resulting work.
Corresponding Source for a non-source form of such a combination
shall include the source code for the parts of OpenSSL used as well
as that of the covered work. */
#include "wget.h"
#include "sha256.h"
#include
#include
#include
#include
#include
#ifdef HAVE_PROCESS_H
# include /* getpid() */
#endif
#include
#include
#include
#include
#include
#include
#include
#include
#include
/* For TIOCGWINSZ and friends: */
#ifndef WINDOWS
# include
# include
#endif
/* Needed for Unix version of run_with_timeout. */
#include
#include
#include
#ifdef HAVE_LIBPCRE2
# define PCRE2_CODE_UNIT_WIDTH 8
# include
#elif defined HAVE_LIBPCRE
# include
#endif
#ifndef HAVE_SIGSETJMP
/* If sigsetjmp is a macro, configure won't pick it up. */
# ifdef sigsetjmp
# define HAVE_SIGSETJMP
# endif
#endif
#if defined HAVE_SIGSETJMP || defined HAVE_SIGBLOCK
# define USE_SIGNAL_TIMEOUT
#endif
/* Some systems (Linux libc5, "NCR MP-RAS 3.0", and others) don't
provide MAP_FAILED, a symbolic constant for the value returned by
mmap() when it doesn't work. Usually, this constant should be -1.
This only makes sense for files that use mmap() and include
sys/mman.h *before* sysdep.h, but doesn't hurt others. */
#ifdef HAVE_MMAP
# include
# ifndef MAP_FAILED
# define MAP_FAILED ((void *) -1)
# endif
#endif
#include "utils.h"
#include "hash.h"
#ifdef __VMS
#include "vms.h"
#endif /* def __VMS */
#ifdef TESTING
#include "../tests/unit-tests.h"
#endif
#include "exits.h"
#include "c-strcase.h"
_Noreturn static void
memfatal (const char *context, long attempted_size)
{
/* Make sure we don't try to store part of the log line, and thus
call malloc. */
log_set_save_context (false);
/* We have different log outputs in different situations:
1) output without bytes information
2) output with bytes information */
if (attempted_size == UNKNOWN_ATTEMPTED_SIZE)
{
logprintf (LOG_ALWAYS,
_("%s: %s: Failed to allocate enough memory; memory exhausted.\n"),
exec_name, context);
}
else
{
logprintf (LOG_ALWAYS,
_("%s: %s: Failed to allocate %ld bytes; memory exhausted.\n"),
exec_name, context, attempted_size);
}
exit (WGET_EXIT_GENERIC_ERROR);
}
/* Character property table for (re-)escaping VMS ODS5 extended file
names. Note that this table ignores Unicode.
ODS2 valid characters: 0-9 A-Z a-z $ - _ ~
ODS5 Invalid characters:
C0 control codes (0x00 to 0x1F inclusive)
Asterisk (*)
Question mark (?)
ODS5 Invalid characters only in VMS V7.2 (which no one runs, right?):
Double quotation marks (")
Backslash (\)
Colon (:)
Left angle bracket (<)
Right angle bracket (>)
Slash (/)
Vertical bar (|)
Characters escaped by "^":
SP ! " # % & ' ( ) + , . : ; =
@ [ \ ] ^ ` { | } ~
Either "^_" or "^ " is accepted as a space. Period (.) is a special
case. Note that un-escaped < and > can also confuse a directory
spec.
Characters put out as ^xx:
7F (DEL)
80-9F (C1 control characters)
A0 (nonbreaking space)
FF (Latin small letter y diaeresis)
Other cases:
Unicode: "^Uxxxx", where "xxxx" is four hex digits.
Property table values:
Normal escape: 1
Space: 2
Dot: 4
Hex-hex escape: 8
ODS2 normal: 16
ODS2 lower case: 32
Hex digit: 64
*/
unsigned char char_prop[ 256] = {
/* NUL SOH STX ETX EOT ENQ ACK BEL BS HT LF VT FF CR SO SI */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
/* DLE DC1 DC2 DC3 DC4 NAK SYN ETB CAN EM SUB ESC FS GS RS US */
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
/* SP ! " # $ % & ' ( ) * + , - . / */
2, 1, 1, 1, 16, 1, 1, 1, 1, 1, 0, 1, 1, 16, 4, 0,
/* 0 1 2 3 4 5 6 7 8 9 : ; < = > ? */
80, 80, 80, 80, 80, 80, 80, 80, 80, 80, 1, 1, 1, 1, 1, 1,
/* @ A B C D E F G H I J K L M N O */
1, 80, 80, 80, 80, 80, 80, 16, 16, 16, 16, 16, 16, 16, 16, 16,
/* P Q R S T U V W X Y Z [ \ ] ^ _ */
16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 1, 1, 1, 1, 16,
/* ` a b c d e f g h i j k l m n o */
1, 96, 96, 96, 96, 96, 96, 32, 32, 32, 32, 32, 32, 32, 32, 32,
/* p q r s t u v w x y z { | } ~ DEL */
32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 32, 1, 1, 1, 17, 8,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8, 8,
8, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 8
};
/* Utility function: like xstrdup(), but also lowercases S. */
char *
xstrdup_lower (const char *s)
{
char *copy = xstrdup (s);
char *p = copy;
for (; *p; p++)
*p = c_tolower (*p);
return copy;
}
/* Copy the string formed by two pointers (one on the beginning, other
on the char after the last char) to a new, malloc-ed location.
0-terminate it.
If both pointers are NULL, the function returns an empty string. */
char *
strdupdelim (const char *beg, const char *end)
{
if (beg && beg <= end)
{
char *res = xmalloc (end - beg + 1);
memcpy (res, beg, end - beg);
res[end - beg] = '\0';
return res;
}
return xstrdup("");
}
/* Parse a string containing comma-separated elements, and return a
vector of char pointers with the elements. Spaces following the
commas are ignored. */
char **
sepstring (const char *s)
{
char **res;
const char *p;
int i = 0;
if (!s || !*s)
return NULL;
res = NULL;
p = s;
while (*s)
{
if (*s == ',')
{
res = xrealloc (res, (i + 2) * sizeof (char *));
res[i] = strdupdelim (p, s);
res[++i] = NULL;
++s;
/* Skip the blanks following the ','. */
while (c_isspace (*s))
++s;
p = s;
}
else
++s;
}
res = xrealloc (res, (i + 2) * sizeof (char *));
res[i] = strdupdelim (p, s);
res[i + 1] = NULL;
return res;
}
/* Like sprintf, but prints into a string of sufficient size freshly
allocated with malloc, which is returned. If unable to print due
to invalid format, returns NULL. Inability to allocate needed
memory results in abort, as with xmalloc. This is in spirit
similar to the GNU/BSD extension asprintf, but somewhat easier to
use.
Internally the function either calls vasprintf or loops around
vsnprintf until the correct size is found. Since Wget also ships a
fallback implementation of vsnprintf, this should be portable. */
char *
aprintf (const char *fmt, ...)
{
#if defined HAVE_VASPRINTF && !defined DEBUG_MALLOC
/* Use vasprintf. */
int ret;
va_list args;
char *str;
va_start (args, fmt);
ret = vasprintf (&str, fmt, args);
va_end (args);
if (ret < 0 && errno == ENOMEM)
memfatal ("aprintf", UNKNOWN_ATTEMPTED_SIZE); /* for consistency
with xmalloc/xrealloc */
else if (ret < 0)
return NULL;
return str;
#else /* not HAVE_VASPRINTF */
/* Constant is using for limits memory allocation for text buffer.
Applicable in situation when: vasprintf is not available in the system
and vsnprintf return -1 when long line is truncated (in old versions of
glibc and in other system where C99 doesn`t support) */
#define FMT_MAX_LENGTH 1048576
/* vasprintf is unavailable. snprintf into a small buffer and
resize it as necessary. */
int size = 32;
char *str = xmalloc (size);
/* #### This code will infloop and eventually abort in xrealloc if
passed a FMT that causes snprintf to consistently return -1. */
while (1)
{
int n;
va_list args;
va_start (args, fmt);
n = vsnprintf (str, size, fmt, args);
va_end (args);
/* If the printing worked, return the string. */
if (n > -1 && n < size)
return str;
/* Else try again with a larger buffer. */
if (n > -1) /* C99 */
size = n + 1; /* precisely what is needed */
else if (size >= FMT_MAX_LENGTH) /* We have a huge buffer, */
{ /* maybe we have some wrong
format string? */
logprintf (LOG_ALWAYS,
_("%s: aprintf: text buffer is too big (%d bytes), "
"aborting.\n"),
exec_name, size); /* printout a log message */
abort (); /* and abort... */
}
else
{
/* else, we continue to grow our
* buffer: Twice the old size. */
size <<= 1;
}
str = xrealloc (str, size);
}
#endif /* not HAVE_VASPRINTF */
}
#ifndef HAVE_STRLCPY
/* strlcpy() is a BSD function that sometimes is really handy.
* It is the same as snprintf(dst,dstsize,"%s",src), but much faster. */
size_t
strlcpy (char *dst, const char *src, size_t size)
{
const char *old = src;
/* Copy as many bytes as will fit */
if (size)
{
while (--size)
{
if (!(*dst++ = *src++))
return src - old - 1;
}
*dst = 0;
}
while (*src++);
return src - old - 1;
}
#endif
/* Concatenate the NULL-terminated list of string arguments into
freshly allocated space. */
char *
concat_strings (const char *str0, ...)
{
va_list args;
const char *arg;
size_t length = 0, pos = 0;
char *s;
if (!str0)
return NULL;
/* calculate the length of the resulting string */
va_start (args, str0);
for (arg = str0; arg; arg = va_arg (args, const char *))
length += strlen(arg);
va_end (args);
s = xmalloc (length + 1);
/* concatenate strings */
va_start (args, str0);
for (arg = str0; arg; arg = va_arg (args, const char *))
pos += strlcpy(s + pos, arg, length - pos + 1);
va_end (args);
return s;
}
/* Format the provided time according to the specified format. The
format is a string with format elements supported by strftime. */
static char *
fmttime (time_t t, const char *fmt)
{
static char output[32];
struct tm *tm = localtime(&t);
if (!tm)
abort ();
if (!strftime(output, sizeof(output), fmt, tm))
abort ();
return output;
}
/* Return pointer to a static char[] buffer in which zero-terminated
string-representation of TM (in form hh:mm:ss) is printed.
If TM is NULL, the current time will be used. */
char *
time_str (time_t t)
{
return fmttime(t, "%H:%M:%S");
}
/* Like the above, but include the date: YYYY-MM-DD hh:mm:ss. */
char *
datetime_str (time_t t)
{
return fmttime(t, "%Y-%m-%d %H:%M:%S");
}
/* The Windows versions of the following two functions are defined in
mswindows.c. On MSDOS this function should never be called. */
#ifdef __VMS
bool
fork_to_background (void)
{
return false;
}
#else /* def __VMS */
#if !defined(WINDOWS) && !defined(MSDOS)
bool
fork_to_background (void)
{
pid_t pid;
/* Whether we arrange our own version of opt.lfilename here. */
bool logfile_changed = false;
if (!opt.lfilename && (!opt.quiet || opt.server_response))
{
/* We must create the file immediately to avoid either a race
condition (which arises from using unique_name and failing to
use fopen_excl) or lying to the user about the log file name
(which arises from using unique_name, printing the name, and
using fopen_excl later on.) */
FILE *new_log_fp = unique_create (DEFAULT_LOGFILE, false, &opt.lfilename);
if (new_log_fp)
{
logfile_changed = true;
fclose (new_log_fp);
}
}
pid = fork ();
if (pid < 0)
{
/* parent, error */
perror ("fork");
exit (WGET_EXIT_GENERIC_ERROR);
}
else if (pid != 0)
{
/* parent, no error */
printf (_("Continuing in background, pid %d.\n"), (int) pid);
if (logfile_changed)
printf (_("Output will be written to %s.\n"), quote (opt.lfilename));
exit (WGET_EXIT_SUCCESS); /* #### should we use _exit()? */
}
/* child: give up the privileges and keep running. */
setsid ();
if (freopen ("/dev/null", "r", stdin) == NULL)
DEBUGP (("Failed to redirect stdin to /dev/null.\n"));
if (freopen ("/dev/null", "w", stdout) == NULL)
DEBUGP (("Failed to redirect stdout to /dev/null.\n"));
if (freopen ("/dev/null", "w", stderr) == NULL)
DEBUGP (("Failed to redirect stderr to /dev/null.\n"));
return logfile_changed;
}
#endif /* !WINDOWS && !MSDOS */
#endif /* def __VMS [else] */
/* "Touch" FILE, i.e. make its mtime ("modified time") equal the time
specified with TM. The atime ("access time") is set to the current
time. */
void
touch (const char *file, time_t tm)
{
struct utimbuf times;
times.modtime = tm;
times.actime = time (NULL);
if (utime (file, ×) == -1)
logprintf (LOG_NOTQUIET, "utime(%s): %s\n", file, strerror (errno));
}
/* Checks if FILE is a symbolic link, and removes it if it is. Does
nothing under MS-Windows. */
int
remove_link (const char *file)
{
int err = 0;
struct stat st;
if (lstat (file, &st) == 0 && S_ISLNK (st.st_mode))
{
DEBUGP (("Unlinking %s (symlink).\n", file));
err = unlink (file);
if (err != 0)
logprintf (LOG_VERBOSE, _("Failed to unlink symlink %s: %s\n"),
quote (file), strerror (errno));
}
return err;
}
/* Does FILENAME exist? */
bool
file_exists_p (const char *filename, file_stats_t *fstats)
{
struct stat buf;
if (!filename)
return false;
#if defined(WINDOWS) || defined(__VMS)
int ret = stat (filename, &buf);
if (ret >= 0)
{
if (fstats != NULL)
fstats->access_err = errno;
}
return ret >= 0;
#else
errno = 0;
if (stat (filename, &buf) == 0 && S_ISREG(buf.st_mode) &&
(((S_IRUSR & buf.st_mode) && (getuid() == buf.st_uid)) ||
((S_IRGRP & buf.st_mode) && group_member(buf.st_gid)) ||
(S_IROTH & buf.st_mode))) {
if (fstats != NULL)
{
fstats->access_err = 0;
fstats->st_ino = buf.st_ino;
fstats->st_dev = buf.st_dev;
}
return true;
}
else
{
if (fstats != NULL)
fstats->access_err = (errno == 0 ? EACCES : errno);
errno = 0;
return false;
}
/* NOTREACHED */
#endif
}
/* Returns 0 if PATH is a directory, 1 otherwise (any kind of file).
Returns 0 on error. */
bool
file_non_directory_p (const char *path)
{
struct stat buf;
/* Use lstat() rather than stat() so that symbolic links pointing to
directories can be identified correctly. */
if (lstat (path, &buf) != 0)
return false;
return S_ISDIR (buf.st_mode) ? false : true;
}
/* Return the size of file named by FILENAME, or -1 if it cannot be
opened or sought into. */
wgint
file_size (const char *filename)
{
#if defined(HAVE_FSEEKO) && defined(HAVE_FTELLO)
wgint size;
/* We use fseek rather than stat to determine the file size because
that way we can also verify that the file is readable without
explicitly checking for permissions. Inspired by the POST patch
by Arnaud Wylie. */
FILE *fp = fopen (filename, "rb");
if (!fp)
return -1;
fseeko (fp, 0, SEEK_END);
size = ftello (fp);
fclose (fp);
return size;
#else
struct stat st;
if (stat (filename, &st) < 0)
return -1;
return st.st_size;
#endif
}
/* 2005-02-19 SMS.
If no UNIQ_SEP is defined (as on VMS), have unique_name() return the
original name. With the VMS file systems' versioning, everything
should be fine, and appending ".NN" just causes trouble.
*/
#ifdef UNIQ_SEP
/* stat file names named PREFIX.1, PREFIX.2, etc., until one that
doesn't exist is found. Return a freshly allocated copy of the
unused file name. */
static char *
unique_name_1 (const char *prefix)
{
int count = 1;
int plen = strlen (prefix);
char *template = xmalloc (plen + 1 + 24);
char *template_tail = template + plen;
memcpy (template, prefix, plen);
*template_tail++ = UNIQ_SEP;
do
number_to_string (template_tail, count++);
while (file_exists_p (template, NULL) && count < 999999);
return template;
}
/* Return a unique file name, based on FILE.
More precisely, if FILE doesn't exist, it is returned unmodified.
If not, FILE.1 is tried, then FILE.2, etc. The first FILE.
file name that doesn't exist is returned.
2005-02-19 SMS. "." is now UNIQ_SEP, and may be different.
The resulting file is not created, only verified that it didn't
exist at the point in time when the function was called.
Therefore, where security matters, don't rely that the file created
by this function exists until you open it with O_EXCL or
equivalent.
unique_name() always returns a freshly allocated string.
unique_name_passthrough() may return FILE if the file doesn't exist
(and therefore doesn't need changing). */
char *
unique_name_passthrough (const char *file)
{
/* If the FILE itself doesn't exist, return it without
modification. Otherwise, find a numeric suffix that results in unused
file name and return it. */
return file_exists_p (file, NULL) ? unique_name_1 (file) : (char *) file;
}
char *
unique_name (const char *file)
{
/* If the FILE itself doesn't exist, return it without
modification. Otherwise, find a numeric suffix that results in unused
file name and return it. */
return file_exists_p (file, NULL) ? unique_name_1 (file) : xstrdup (file);
}
#else /* def UNIQ_SEP */
/* Dummy unique_name() for VMS. Return the original name as easily as
possible.
*/
char *
unique_name_passthrough (const char *file, bool allow_passthrough)
{
/* Return the FILE itself, without modification, irregardful. */
return (char *) file;
}
char *
unique_name (const char *file)
{
/* Return the FILE itself, without modification, irregardful. */
return xstrdup (file);
}
#endif /* def UNIQ_SEP [else] */
/* Create a file based on NAME, except without overwriting an existing
file with that name. Providing O_EXCL is correctly implemented,
this function does not have the race condition associated with
opening the file returned by unique_name. */
FILE *
unique_create (const char *name, bool binary, char **opened_name)
{
/* unique file name, based on NAME */
char *uname = unique_name (name);
FILE *fp;
while ((fp = fopen_excl (uname, binary)) == NULL && errno == EEXIST)
{
xfree (uname);
uname = unique_name (name);
}
if (opened_name)
{
if (fp)
*opened_name = uname;
else
{
*opened_name = NULL;
xfree (uname);
}
}
else
xfree (uname);
return fp;
}
/* Open the file for writing, with the addition that the file is
opened "exclusively". This means that, if the file already exists,
this function will *fail* and errno will be set to EEXIST. If
BINARY is set, the file will be opened in binary mode, equivalent
to fopen's "wb".
If opening the file fails for any reason, including the file having
previously existed, this function returns NULL and sets errno
appropriately. */
FILE *
fopen_excl (const char *fname, int binary)
{
int fd;
#ifdef O_EXCL
/* 2005-04-14 SMS.
VMS lacks O_BINARY, but makes up for it in weird and wonderful ways.
It also has file versions which obviate all the O_EXCL effort.
O_TRUNC (something of a misnomer) requests a new version.
*/
# ifdef __VMS
/* Common open() optional arguments:
sequential access only, access callback function.
*/
# define OPEN_OPT_ARGS "fop=sqo", "acc", acc_cb, &open_id
int open_id;
int flags = O_WRONLY | O_CREAT | O_TRUNC;
if (binary > 1)
{
open_id = 11;
fd = open( fname, /* File name. */
flags, /* Flags. */
0777, /* Mode for default protection. */
"ctx=bin,stm", /* Binary, stream access. */
"rfm=stmlf", /* Stream_LF. */
OPEN_OPT_ARGS); /* Access callback. */
}
else if (binary)
{
open_id = 12;
fd = open( fname, /* File name. */
flags, /* Flags. */
0777, /* Mode for default protection. */
"ctx=bin,stm", /* Binary, stream access. */
"rfm=fix", /* Fixed-length, */
"mrs=512", /* 512-byte records. */
OPEN_OPT_ARGS); /* Access callback. */
}
else
{
open_id = 13;
fd = open( fname, /* File name. */
flags, /* Flags. */
0777, /* Mode for default protection. */
"rfm=stmlf", /* Stream_LF. */
OPEN_OPT_ARGS); /* Access callback. */
}
# else /* def __VMS */
int flags = O_WRONLY | O_CREAT | O_EXCL;
# ifdef O_BINARY
if (binary)
flags |= O_BINARY;
# endif
fd = open (fname, flags, 0666);
# endif /* def __VMS [else] */
if (fd < 0)
return NULL;
return fdopen (fd, binary ? "wb" : "w");
#else /* not O_EXCL */
/* Manually check whether the file exists. This is prone to race
conditions, but systems without O_EXCL haven't deserved
better. */
if (file_exists_p (fname, NULL))
{
errno = EEXIST;
return NULL;
}
return fopen (fname, binary ? "wb" : "w");
#endif /* not O_EXCL */
}
/* fopen_stat() assumes that file_exists_p() was called earlier.
file_stats_t passed to this function was returned from file_exists_p()
This is to prevent TOCTTOU race condition.
Details : FIO45-C from https://www.securecoding.cert.org/
Note that for creating a new file, this check is not useful
Input:
fname => Name of file to open
mode => File open mode
fstats => Saved file_stats_t about file that was checked for existence
Returns:
NULL if there was an error
FILE * of opened file stream
*/
FILE *
fopen_stat(const char *fname, const char *mode, file_stats_t *fstats)
{
int fd;
FILE *fp;
struct stat fdstats;
#if defined FUZZING && defined TESTING
fp = fopen_wgetrc (fname, mode);
return fp;
#else
fp = fopen (fname, mode);
#endif
if (fp == NULL)
{
logprintf (LOG_NOTQUIET, _("Failed to Fopen file %s\n"), fname);
return NULL;
}
fd = fileno (fp);
if (fd < 0)
{
logprintf (LOG_NOTQUIET, _("Failed to get FD for file %s\n"), fname);
fclose (fp);
return NULL;
}
memset(&fdstats, 0, sizeof(fdstats));
if (fstat (fd, &fdstats) == -1)
{
logprintf (LOG_NOTQUIET, _("Failed to stat file %s, (check permissions)\n"), fname);
fclose (fp);
return NULL;
}
#if !(defined(WINDOWS) || defined(__VMS))
if (fstats != NULL &&
(fdstats.st_dev != fstats->st_dev ||
fdstats.st_ino != fstats->st_ino))
{
/* File changed since file_exists_p() : NOT SAFE */
logprintf (LOG_NOTQUIET, _("File %s changed since the last check. Security check failed.\n"), fname);
fclose (fp);
return NULL;
}
#endif
return fp;
}
/* open_stat assumes that file_exists_p() was called earlier to save file_stats
file_stats_t passed to this function was returned from file_exists_p()
This is to prevent TOCTTOU race condition.
Details : FIO45-C from https://www.securecoding.cert.org/
Note that for creating a new file, this check is not useful
Input:
fname => Name of file to open
flags => File open flags
mode => File open mode
fstats => Saved file_stats_t about file that was checked for existence
Returns:
-1 if there was an error
file descriptor of opened file stream
*/
int
open_stat(const char *fname, int flags, mode_t mode, file_stats_t *fstats)
{
int fd;
struct stat fdstats;
fd = open (fname, flags, mode);
if (fd < 0)
{
logprintf (LOG_NOTQUIET, _("Failed to open file %s, reason :%s\n"), fname, strerror(errno));
return -1;
}
memset(&fdstats, 0, sizeof(fdstats));
if (fstat (fd, &fdstats) == -1)
{
logprintf (LOG_NOTQUIET, _("Failed to stat file %s, error: %s\n"), fname, strerror(errno));
close (fd);
return -1;
}
#if !(defined(WINDOWS) || defined(__VMS))
if (fstats != NULL &&
(fdstats.st_dev != fstats->st_dev ||
fdstats.st_ino != fstats->st_ino))
{
/* File changed since file_exists_p() : NOT SAFE */
logprintf (LOG_NOTQUIET, _("Trying to open file %s but it changed since last check. Security check failed.\n"), fname);
close (fd);
return -1;
}
#endif
return fd;
}
/* Create DIRECTORY. If some of the pathname components of DIRECTORY
are missing, create them first. In case any mkdir() call fails,
return its error status. Returns 0 on successful completion.
The behaviour of this function should be identical to the behaviour
of `mkdir -p' on systems where mkdir supports the `-p' option. */
int
make_directory (const char *directory)
{
int i, ret, quit = 0;
char buf[1024];
char *dir;
size_t len = strlen (directory);
/* Make a copy of dir, to be able to write to it. Otherwise, the
function is unsafe if called with a read-only char *argument. */
if (len < sizeof(buf))
{
memcpy(buf, directory, len + 1);
dir = buf;
}
else
dir = xstrdup(directory);
/* If the first character of dir is '/', skip it (and thus enable
creation of absolute-pathname directories. */
for (i = (*dir == '/'); 1; ++i)
{
for (; dir[i] && dir[i] != '/'; i++)
;
if (!dir[i])
quit = 1;
dir[i] = '\0';
/* Check whether the directory already exists. Allow creation of
of intermediate directories to fail, as the initial path components
are not necessarily directories! */
if (!file_exists_p (dir, NULL))
ret = mkdir (dir, 0777);
else
ret = 0;
if (quit)
break;
else
dir[i] = '/';
}
if (dir != buf)
xfree (dir);
return ret;
}
/* Merge BASE with FILE. BASE can be a directory or a file name, FILE
should be a file name.
file_merge("/foo/bar", "baz") => "/foo/baz"
file_merge("/foo/bar/", "baz") => "/foo/bar/baz"
file_merge("foo", "bar") => "bar"
In other words, it's a simpler and gentler version of uri_merge. */
char *
file_merge (const char *base, const char *file)
{
char *result;
const char *cut = (const char *)strrchr (base, '/');
if (!cut)
return xstrdup (file);
result = xmalloc (cut - base + 1 + strlen (file) + 1);
memcpy (result, base, cut - base);
result[cut - base] = '/';
strcpy (result + (cut - base) + 1, file);
return result;
}
/* Like fnmatch, but performs a case-insensitive match. */
int
fnmatch_nocase (const char *pattern, const char *string, int flags)
{
/* The FNM_CASEFOLD flag started as a GNU extension, but it is now
also present on *BSD platforms, and possibly elsewhere.
Gnulib provides this flag in case it doesn't exist. */
return fnmatch (pattern, string, flags | FNM_CASEFOLD);
}
static bool in_acclist (const char *const *, const char *, bool);
/* Determine whether a file is acceptable to be followed, according to
lists of patterns to accept/reject. */
bool
acceptable (const char *s)
{
const char *p;
if (opt.output_document && strcmp (s, opt.output_document) == 0)
return true;
if ((p = strrchr (s, '/')))
s = p + 1;
if (opt.accepts)
{
if (opt.rejects)
return (in_acclist ((const char *const *)opt.accepts, s, true)
&& !in_acclist ((const char *const *)opt.rejects, s, true));
else
return in_acclist ((const char *const *)opt.accepts, s, true);
}
else if (opt.rejects)
return !in_acclist ((const char *const *)opt.rejects, s, true);
return true;
}
/* Determine whether an URL is acceptable to be followed, according to
regex patterns to accept/reject. */
bool
accept_url (const char *s)
{
if (opt.acceptregex && !opt.regex_match_fun (opt.acceptregex, s))
return false;
if (opt.rejectregex && opt.regex_match_fun (opt.rejectregex, s))
return false;
return true;
}
/* Check if D2 is a subdirectory of D1. E.g. if D1 is `/something', subdir_p()
will return true if and only if D2 begins with `/something/' or is exactly
'/something'. */
bool
subdir_p (const char *d1, const char *d2)
{
if (*d1 == '\0')
return true;
if (!opt.ignore_case)
for (; *d1 && *d2 && (*d1 == *d2); ++d1, ++d2)
;
else
for (; *d1 && *d2 && (c_tolower (*d1) == c_tolower (*d2)); ++d1, ++d2)
;
return *d1 == '\0' && (*d2 == '\0' || *d2 == '/');
}
/* Iterate through DIRLIST (which must be NULL-terminated), and return the
first element that matches DIR, through wildcards or front comparison (as
appropriate). */
static bool
dir_matches_p (const char **dirlist, const char *dir)
{
const char **x;
int (*matcher) (const char *, const char *, int)
= opt.ignore_case ? fnmatch_nocase : fnmatch;
for (x = dirlist; *x; x++)
{
/* Remove leading '/' */
const char *p = *x + (**x == '/');
if (has_wildcards_p (p))
{
if (matcher (p, dir, FNM_PATHNAME) == 0)
break;
}
else
{
if (subdir_p (p, dir))
break;
}
}
return *x ? true : false;
}
/* Returns whether DIRECTORY is acceptable for download, wrt the
include/exclude lists.
The leading `/' is ignored in paths; relative and absolute paths
may be freely intermixed. */
bool
accdir (const char *directory)
{
/* Remove starting '/'. */
if (*directory == '/')
++directory;
if (opt.includes)
{
if (!dir_matches_p (opt.includes, directory))
return false;
}
if (opt.excludes)
{
if (dir_matches_p (opt.excludes, directory))
return false;
}
return true;
}
/* Return true if STRING ends with TAIL. For instance:
match_tail ("abc", "bc", false) -> 1
match_tail ("abc", "ab", false) -> 0
match_tail ("abc", "abc", false) -> 1
If FOLD_CASE is true, the comparison will be case-insensitive. */
bool
match_tail (const char *string, const char *tail, bool fold_case)
{
int pos = (int) strlen (string) - (int) strlen (tail);
if (pos < 0)
return false; /* tail is longer than string. */
if (!fold_case)
return !strcmp (string + pos, tail);
else
return !strcasecmp (string + pos, tail);
}
/* Checks whether string S matches each element of ACCEPTS. A list
element are matched either with fnmatch() or match_tail(),
according to whether the element contains wildcards or not.
If the BACKWARD is false, don't do backward comparison -- just compare
them normally. */
static bool
in_acclist (const char *const *accepts, const char *s, bool backward)
{
for (; *accepts; accepts++)
{
if (has_wildcards_p (*accepts))
{
int res = opt.ignore_case
? fnmatch_nocase (*accepts, s, 0) : fnmatch (*accepts, s, 0);
/* fnmatch returns 0 if the pattern *does* match the string. */
if (res == 0)
return true;
}
else
{
if (backward)
{
if (match_tail (s, *accepts, opt.ignore_case))
return true;
}
else
{
int cmp = opt.ignore_case
? strcasecmp (s, *accepts) : strcmp (s, *accepts);
if (cmp == 0)
return true;
}
}
}
return false;
}
/* Return the location of STR's suffix (file extension). Examples:
suffix ("foo.bar") -> "bar"
suffix ("foo.bar.baz") -> "baz"
suffix ("/foo/bar") -> NULL
suffix ("/foo.bar/baz") -> NULL */
char *
suffix (const char *str)
{
char *p;
if ((p = strrchr (str, '.')) && !strchr (p + 1, '/'))
return p + 1;
return NULL;
}
/* Return true if S contains globbing wildcards (`*', `?', `[' or
`]'). */
bool
has_wildcards_p (const char *s)
{
return !!strpbrk (s, "*?[]");
}
/* Return true if FNAME ends with a typical HTML suffix. The
following (case-insensitive) suffixes are presumed to be HTML
files:
html
htm
?html (`?' matches one character)
#### CAVEAT. This is not necessarily a good indication that FNAME
refers to a file that contains HTML! */
bool
has_html_suffix_p (const char *fname)
{
char *suf;
if ((suf = suffix (fname)) == NULL)
return false;
if (!c_strcasecmp (suf, "html"))
return true;
if (!c_strcasecmp (suf, "htm"))
return true;
if (suf[0] && !c_strcasecmp (suf + 1, "html"))
return true;
return false;
}
/* Read FILE into memory. A pointer to `struct file_memory' are
returned; use struct element `content' to access file contents, and
the element `length' to know the file length. `content' is *not*
zero-terminated, and you should *not* read or write beyond the [0,
length) range of characters.
After you are done with the file contents, call wget_read_file_free to
release the memory.
Depending on the operating system and the type of file that is
being read, wget_read_file() either mmap's the file into memory, or
reads the file into the core using read().
If file is named "-", fileno(stdin) is used for reading instead.
If you want to read from a real file named "-", use "./-" instead. */
struct file_memory *
wget_read_file (const char *file)
{
int fd;
struct file_memory *fm;
long size;
bool inhibit_close = false;
/* Some magic in the finest tradition of Perl and its kin: if FILE
is "-", just use stdin. */
#ifndef FUZZING
if (HYPHENP (file))
{
fd = fileno (stdin);
inhibit_close = true;
/* Note that we don't inhibit mmap() in this case. If stdin is
redirected from a regular file, mmap() will still work. */
}
else
#endif
fd = open (file, O_RDONLY);
if (fd < 0)
return NULL;
fm = xnew (struct file_memory);
#ifdef HAVE_MMAP
{
struct stat buf;
if (fstat (fd, &buf) < 0)
goto mmap_lose;
fm->length = buf.st_size;
/* NOTE: As far as I know, the callers of this function never
modify the file text. Relying on this would enable us to
specify PROT_READ and MAP_SHARED for a marginal gain in
efficiency, but at some cost to generality. */
fm->content = mmap (NULL, fm->length, PROT_READ | PROT_WRITE,
MAP_PRIVATE, fd, 0);
if (fm->content == (char *)MAP_FAILED)
goto mmap_lose;
if (!inhibit_close)
close (fd);
fm->mmap_p = 1;
return fm;
}
mmap_lose:
/* The most common reason why mmap() fails is that FD does not point
to a plain file. However, it's also possible that mmap() doesn't
work for a particular type of file. Therefore, whenever mmap()
fails, we just fall back to the regular method. */
#endif /* HAVE_MMAP */
fm->length = 0;
size = 512; /* number of bytes fm->contents can
hold at any given time. */
fm->content = xmalloc (size);
while (1)
{
wgint nread;
if (fm->length > size / 2)
{
/* #### I'm not sure whether the whole exponential-growth
thing makes sense with kernel read. On Linux at least,
read() refuses to read more than 4K from a file at a
single chunk anyway. But other Unixes might optimize it
better, and it doesn't *hurt* anything, so I'm leaving
it. */
/* Normally, we grow SIZE exponentially to make the number
of calls to read() and realloc() logarithmic in relation
to file size. However, read() can read an amount of data
smaller than requested, and it would be unreasonable to
double SIZE every time *something* was read. Therefore,
we double SIZE only when the length exceeds half of the
entire allocated size. */
size <<= 1;
fm->content = xrealloc (fm->content, size);
}
nread = read (fd, fm->content + fm->length, size - fm->length);
if (nread > 0)
/* Successful read. */
fm->length += nread;
else if (nread < 0)
/* Error. */
goto lose;
else
/* EOF */
break;
}
if (!inhibit_close)
close (fd);
if (size > fm->length && fm->length != 0)
/* Due to exponential growth of fm->content, the allocated region
might be much larger than what is actually needed. */
fm->content = xrealloc (fm->content, fm->length);
fm->mmap_p = 0;
return fm;
lose:
if (!inhibit_close)
close (fd);
xfree (fm->content);
xfree (fm);
return NULL;
}
/* Release the resources held by FM. Specifically, this calls
munmap() or xfree() on fm->content, depending whether mmap or
malloc/read were used to read in the file. It also frees the
memory needed to hold the FM structure itself. */
void
wget_read_file_free (struct file_memory *fm)
{
#ifdef HAVE_MMAP
if (fm->mmap_p)
{
munmap (fm->content, fm->length);
}
else
#endif
{
xfree (fm->content);
}
xfree (fm);
}
/* Free the pointers in a NULL-terminated vector of pointers, then
free the pointer itself. */
void
free_vec (char **vec)
{
if (vec)
{
char **p = vec;
while (*p)
{
xfree (*p);
p++;
}
xfree (vec);
}
}
/* Append vector V2 to vector V1. The function frees V2 and
reallocates V1 (thus you may not use the contents of neither
pointer after the call). If V1 is NULL, V2 is returned. */
char **
merge_vecs (char **v1, char **v2)
{
int i, j;
if (!v1)
return v2;
if (!v2)
return v1;
if (!*v2)
{
/* To avoid j == 0 */
xfree (v2);
return v1;
}
/* Count v1. */
for (i = 0; v1[i]; i++)
;
/* Count v2. */
for (j = 0; v2[j]; j++)
;
/* Reallocate v1. */
v1 = xrealloc (v1, (i + j + 1) * sizeof (char *));
memcpy (v1 + i, v2, (j + 1) * sizeof (char *));
xfree (v2);
return v1;
}
/* Append a freshly allocated copy of STR to VEC. If VEC is NULL, it
is allocated as needed. Return the new value of the vector. */
char **
vec_append (char **vec, const char *str)
{
int cnt; /* count of vector elements, including
the one we're about to append */
if (vec != NULL)
{
for (cnt = 0; vec[cnt]; cnt++)
;
++cnt;
}
else
cnt = 1;
/* Reallocate the array to fit the new element and the NULL. */
vec = xrealloc (vec, (cnt + 1) * sizeof (char *));
/* Append a copy of STR to the vector. */
vec[cnt - 1] = xstrdup (str);
vec[cnt] = NULL;
return vec;
}
/* Sometimes it's useful to create "sets" of strings, i.e. special
hash tables where you want to store strings as keys and merely
query for their existence. Here is a set of utility routines that
makes that transparent. */
void
string_set_add (struct hash_table *ht, const char *s)
{
/* First check whether the set element already exists. If it does,
do nothing so that we don't have to free() the old element and
then strdup() a new one. */
if (hash_table_contains (ht, s))
return;
/* We use "1" as value. It provides us a useful and clear arbitrary
value, and it consumes no memory -- the pointers to the same
string "1" will be shared by all the key-value pairs in all `set'
hash tables. */
hash_table_put (ht, xstrdup (s), "1");
}
/* Synonym for hash_table_contains... */
int
string_set_contains (struct hash_table *ht, const char *s)
{
return hash_table_contains (ht, s);
}
/* Convert the specified string set to array. ARRAY should be large
enough to hold hash_table_count(ht) char pointers. */
void string_set_to_array (struct hash_table *ht, char **array)
{
hash_table_iterator iter;
for (hash_table_iterate (ht, &iter); hash_table_iter_next (&iter); )
*array++ = iter.key;
}
/* Free the string set. This frees both the storage allocated for
keys and the actual hash table. (hash_table_destroy would only
destroy the hash table.) */
void
string_set_free (struct hash_table *ht)
{
hash_table_iterator iter;
for (hash_table_iterate (ht, &iter); hash_table_iter_next (&iter); )
xfree (iter.key);
hash_table_destroy (ht);
}
/* Utility function: simply call xfree() on all keys and values of HT. */
void
free_keys_and_values (struct hash_table *ht)
{
hash_table_iterator iter;
for (hash_table_iterate (ht, &iter); hash_table_iter_next (&iter); )
{
xfree (iter.key);
xfree (iter.value);
}
}
/* Get digit grouping data for thousand separors by calling
localeconv(). The data includes separator string and grouping info
and is cached after the first call to the function.
In locales that don't set a thousand separator (such as the "C"
locale), this forces it to be ",". We are now only showing
thousand separators in one place, so this shouldn't be a problem in
practice. */
static void
get_grouping_data (const char **sep, const char **grouping)
{
static const char *cached_sep;
static const char *cached_grouping;
static bool initialized;
if (!initialized)
{
/* Get the grouping info from the locale. */
struct lconv *lconv = localeconv ();
cached_sep = lconv->thousands_sep;
cached_grouping = lconv->grouping;
#if ! USE_NLS_PROGRESS_BAR
/* We can't count column widths, so ensure that the separator
* is single-byte only (let check below determine what byte). */
if (strlen(cached_sep) > 1)
cached_sep = "";
#endif
if (!*cached_sep)
{
/* Many locales (such as "C" or "hr_HR") don't specify
grouping, which we still want to use it for legibility.
In those locales set the sep char to ',', unless that
character is used for decimal point, in which case set it
to ".". */
if (*lconv->decimal_point != ',')
cached_sep = ",";
else
cached_sep = ".";
cached_grouping = "\x03";
}
initialized = true;
}
*sep = cached_sep;
*grouping = cached_grouping;
}
/* Return a printed representation of N with thousand separators.
This should respect locale settings, with the exception of the "C"
locale which mandates no separator, but we use one anyway.
Unfortunately, we cannot use %'d (in fact it would be %'j) to get
the separators because it's too non-portable, and it's hard to test
for this feature at configure time. Besides, it wouldn't display
separators in the "C" locale, still used by many Unix users. */
const char *
with_thousand_seps (wgint n)
{
static char outbuf[48];
char *p = outbuf + sizeof outbuf;
/* Info received from locale */
const char *grouping, *sep;
int seplen;
/* State information */
int i = 0, groupsize;
const char *atgroup;
bool negative = n < 0;
/* Initialize grouping data. */
get_grouping_data (&sep, &grouping);
seplen = strlen (sep);
atgroup = grouping;
groupsize = *atgroup++;
/* This would overflow on WGINT_MIN, but printing negative numbers
is not an important goal of this fuinction. */
if (negative)
n = -n;
/* Write the number into the buffer, backwards, inserting the
separators as necessary. */
*--p = '\0';
while (1)
{
*--p = n % 10 + '0';
n /= 10;
if (n == 0)
break;
/* Prepend SEP to every groupsize'd digit and get new groupsize. */
if (++i == groupsize)
{
if (seplen == 1)
*--p = *sep;
else
memcpy (p -= seplen, sep, seplen);
i = 0;
if (*atgroup)
groupsize = *atgroup++;
}
}
if (negative)
*--p = '-';
return p;
}
/* N, a byte quantity, is converted to a human-readable abberviated
form a la sizes printed by `ls -lh'. The result is written to a
static buffer, a pointer to which is returned.
Unlike `with_thousand_seps', this approximates to the nearest unit.
Quoting GNU libit: "Most people visually process strings of 3-4
digits effectively, but longer strings of digits are more prone to
misinterpretation. Hence, converting to an abbreviated form
usually improves readability."
This intentionally uses kilobyte (KB), megabyte (MB), etc. in their
original computer-related meaning of "powers of 1024". We don't
use the "*bibyte" names invented in 1998, and seldom used in
practice. Wikipedia's entry on "binary prefix" discusses this in
some detail. */
char *
human_readable (wgint n, const int acc, const int decimals)
{
/* These suffixes are compatible with those of GNU `ls -lh'. */
static char powers[] =
{
'K', /* kilobyte, 2^10 bytes */
'M', /* megabyte, 2^20 bytes */
'G', /* gigabyte, 2^30 bytes */
'T', /* terabyte, 2^40 bytes */
'P', /* petabyte, 2^50 bytes */
'E', /* exabyte, 2^60 bytes */
};
static char buf[8];
size_t i;
/* If the quantity is smaller than 1K, just print it. */
if (n < 1024)
{
snprintf (buf, sizeof (buf), "%d", (int) n);
return buf;
}
/* Loop over powers, dividing N with 1024 in each iteration. This
works unchanged for all sizes of wgint, while still avoiding
non-portable `long double' arithmetic. */
for (i = 0; i < countof (powers); i++)
{
/* At each iteration N is greater than the *subsequent* power.
That way N/1024.0 produces a decimal number in the units of
*this* power. */
if ((n / 1024) < 1024 || i == countof (powers) - 1)
{
double val = n / 1024.0;
/* Print values smaller than the accuracy level (acc) with (decimal)
* decimal digits, and others without any decimals. */
snprintf (buf, sizeof (buf), "%.*f%c",
val < acc ? decimals : 0, val, powers[i]);
return buf;
}
n /= 1024;
}
return NULL; /* unreached */
}
/* Count the digits in the provided number. Used to allocate space
when printing numbers. */
int
numdigit (wgint number)
{
int cnt = 1;
if (number < 0)
++cnt; /* accommodate '-' */
while ((number /= 10) != 0)
++cnt;
return cnt;
}
#define PR(mask) *p++ = n / (mask) + '0'
/* DIGITS_ is used to print a D-digit number and should be called
with mask==10^(D-1). It prints n/mask (the first digit), reducing
n to n%mask (the remaining digits), and calling DIGITS_.
Recursively this continues until DIGITS_1 is invoked. */
#define DIGITS_1(mask) PR (mask)
#define DIGITS_2(mask) PR (mask), n %= (mask), DIGITS_1 ((mask) / 10)
#define DIGITS_3(mask) PR (mask), n %= (mask), DIGITS_2 ((mask) / 10)
#define DIGITS_4(mask) PR (mask), n %= (mask), DIGITS_3 ((mask) / 10)
#define DIGITS_5(mask) PR (mask), n %= (mask), DIGITS_4 ((mask) / 10)
#define DIGITS_6(mask) PR (mask), n %= (mask), DIGITS_5 ((mask) / 10)
#define DIGITS_7(mask) PR (mask), n %= (mask), DIGITS_6 ((mask) / 10)
#define DIGITS_8(mask) PR (mask), n %= (mask), DIGITS_7 ((mask) / 10)
#define DIGITS_9(mask) PR (mask), n %= (mask), DIGITS_8 ((mask) / 10)
#define DIGITS_10(mask) PR (mask), n %= (mask), DIGITS_9 ((mask) / 10)
/* DIGITS_<11-20> are only used on machines with 64-bit wgints. */
#define DIGITS_11(mask) PR (mask), n %= (mask), DIGITS_10 ((mask) / 10)
#define DIGITS_12(mask) PR (mask), n %= (mask), DIGITS_11 ((mask) / 10)
#define DIGITS_13(mask) PR (mask), n %= (mask), DIGITS_12 ((mask) / 10)
#define DIGITS_14(mask) PR (mask), n %= (mask), DIGITS_13 ((mask) / 10)
#define DIGITS_15(mask) PR (mask), n %= (mask), DIGITS_14 ((mask) / 10)
#define DIGITS_16(mask) PR (mask), n %= (mask), DIGITS_15 ((mask) / 10)
#define DIGITS_17(mask) PR (mask), n %= (mask), DIGITS_16 ((mask) / 10)
#define DIGITS_18(mask) PR (mask), n %= (mask), DIGITS_17 ((mask) / 10)
#define DIGITS_19(mask) PR (mask), n %= (mask), DIGITS_18 ((mask) / 10)
/* Shorthand for casting to wgint. */
#define W wgint
/* Print NUMBER to BUFFER in base 10. This is equivalent to
`sprintf(buffer, "%lld", (long long) number)', only typically much
faster and portable to machines without long long.
The speedup may make a difference in programs that frequently
convert numbers to strings. Some implementations of sprintf,
particularly the one in some versions of GNU libc, have been known
to be quite slow when converting integers to strings.
Return the pointer to the location where the terminating zero was
printed. (Equivalent to calling buffer+strlen(buffer) after the
function is done.)
BUFFER should be large enough to accept as many bytes as you expect
the number to take up. On machines with 64-bit wgints the maximum
needed size is 24 bytes. That includes the digits needed for the
largest 64-bit number, the `-' sign in case it's negative, and the
terminating '\0'. */
char *
number_to_string (char *buffer, wgint number)
{
char *p = buffer;
wgint n = number;
int last_digit_char = 0;
if (n < 0)
{
if (n < -WGINT_MAX)
{
/* n = -n would overflow because -n would evaluate to a
wgint value larger than WGINT_MAX. Need to make n
smaller and handle the last digit separately. */
int last_digit = n % 10;
/* The sign of n%10 is implementation-defined. */
if (last_digit < 0)
last_digit_char = '0' - last_digit;
else
last_digit_char = '0' + last_digit;
/* After n is made smaller, -n will not overflow. */
n /= 10;
}
*p++ = '-';
n = -n;
}
/* Use the DIGITS_ macro appropriate for N's number of digits. That
way printing any N is fully open-coded without a loop or jump.
(Also see description of DIGITS_*.) */
if (n < 10) DIGITS_1 (1);
else if (n < 100) DIGITS_2 (10);
else if (n < 1000) DIGITS_3 (100);
else if (n < 10000) DIGITS_4 (1000);
else if (n < 100000) DIGITS_5 (10000);
else if (n < 1000000) DIGITS_6 (100000);
else if (n < 10000000) DIGITS_7 (1000000);
else if (n < 100000000) DIGITS_8 (10000000);
else if (n < 1000000000) DIGITS_9 (100000000);
else if (n < 10*(W)1000000000) DIGITS_10 (1000000000);
else if (n < 100*(W)1000000000) DIGITS_11 (10*(W)1000000000);
else if (n < 1000*(W)1000000000) DIGITS_12 (100*(W)1000000000);
else if (n < 10000*(W)1000000000) DIGITS_13 (1000*(W)1000000000);
else if (n < 100000*(W)1000000000) DIGITS_14 (10000*(W)1000000000);
else if (n < 1000000*(W)1000000000) DIGITS_15 (100000*(W)1000000000);
else if (n < 10000000*(W)1000000000) DIGITS_16 (1000000*(W)1000000000);
else if (n < 100000000*(W)1000000000) DIGITS_17 (10000000*(W)1000000000);
else if (n < 1000000000*(W)1000000000) DIGITS_18 (100000000*(W)1000000000);
else DIGITS_19 (1000000000*(W)1000000000);
if (last_digit_char)
*p++ = last_digit_char;
*p = '\0';
return p;
}
#undef PR
#undef W
#undef SPRINTF_WGINT
#undef DIGITS_1
#undef DIGITS_2
#undef DIGITS_3
#undef DIGITS_4
#undef DIGITS_5
#undef DIGITS_6
#undef DIGITS_7
#undef DIGITS_8
#undef DIGITS_9
#undef DIGITS_10
#undef DIGITS_11
#undef DIGITS_12
#undef DIGITS_13
#undef DIGITS_14
#undef DIGITS_15
#undef DIGITS_16
#undef DIGITS_17
#undef DIGITS_18
#undef DIGITS_19
#define RING_SIZE 3
/* Print NUMBER to a statically allocated string and return a pointer
to the printed representation.
This function is intended to be used in conjunction with printf.
It is hard to portably print wgint values:
a) you cannot use printf("%ld", number) because wgint can be long
long on 32-bit machines with LFS.
b) you cannot use printf("%lld", number) because NUMBER could be
long on 32-bit machines without LFS, or on 64-bit machines,
which do not require LFS. Also, Windows doesn't support %lld.
c) you cannot use printf("%j", (int_max_t) number) because not all
versions of printf support "%j", the most notable being the one
on Windows.
d) you cannot #define WGINT_FMT to the appropriate format and use
printf(WGINT_FMT, number) because that would break translations
for user-visible messages, such as printf("Downloaded: %d
bytes\n", number).
What you should use instead is printf("%s", number_to_static_string
(number)).
CAVEAT: since the function returns pointers to static data, you
must be careful to copy its result before calling it again.
However, to make it more useful with printf, the function maintains
an internal ring of static buffers to return. That way things like
printf("%s %s", number_to_static_string (num1),
number_to_static_string (num2)) work as expected. Three buffers
are currently used, which means that "%s %s %s" will work, but "%s
%s %s %s" won't. If you need to print more than three wgints,
bump the RING_SIZE (or rethink your message.) */
char *
number_to_static_string (wgint number)
{
static char ring[RING_SIZE][24];
static int ringpos;
char *buf = ring[ringpos];
number_to_string (buf, number);
ringpos = (ringpos + 1) % RING_SIZE;
return buf;
}
/* Converts the byte to bits format if --report-bps option is enabled
*/
wgint
convert_to_bits (wgint num)
{
if (opt.report_bps)
return num * 8;
return num;
}
/* Determine the width of the terminal we're running on. If that's
not possible, return 0. */
int
determine_screen_width (void)
{
/* If there's a way to get the terminal size using POSIX
tcgetattr(), somebody please tell me. */
#ifdef TIOCGWINSZ
int fd;
struct winsize wsz;
if (opt.lfilename != NULL && opt.show_progress != 1)
return 0;
fd = fileno (stderr);
if (ioctl (fd, TIOCGWINSZ, &wsz) < 0)
return 0; /* most likely ENOTTY */
return wsz.ws_col;
#elif defined(WINDOWS)
CONSOLE_SCREEN_BUFFER_INFO csbi;
if (!GetConsoleScreenBufferInfo (GetStdHandle (STD_ERROR_HANDLE), &csbi))
return 0;
return csbi.dwSize.X;
#else /* neither TIOCGWINSZ nor WINDOWS */
return 0;
#endif /* neither TIOCGWINSZ nor WINDOWS */
}
/* Whether the rnd system (either rand or [dl]rand48) has been
seeded. */
static int rnd_seeded;
/* Return a random number between 0 and MAX-1, inclusive.
If the system does not support lrand48 and MAX is greater than the
value of RAND_MAX+1 on the system, the returned value will be in
the range [0, RAND_MAX]. This may be fixed in a future release.
The random number generator is seeded automatically the first time
it is called.
This uses lrand48 where available, rand elsewhere. DO NOT use it
for cryptography. It is only meant to be used in situations where
quality of the random numbers returned doesn't really matter. */
int
random_number (int max)
{
#ifdef HAVE_RANDOM
if (!rnd_seeded)
{
srandom ((long) time (NULL) ^ (long) getpid ());
rnd_seeded = 1;
}
return random () % max;
#elif defined HAVE_DRAND48
if (!rnd_seeded)
{
srand48 ((long) time (NULL) ^ (long) getpid ());
rnd_seeded = 1;
}
return lrand48 () % max;
#else /* not HAVE_DRAND48 */
double bounded;
int rnd;
if (!rnd_seeded)
{
srand ((unsigned) time (NULL) ^ (unsigned) getpid ());
rnd_seeded = 1;
}
rnd = rand ();
/* Like rand() % max, but uses the high-order bits for better
randomness on architectures where rand() is implemented using a
simple congruential generator. */
bounded = (double) max * rnd / (RAND_MAX + 1.0);
return (int) bounded;
#endif /* not HAVE_DRAND48 */
}
/* Return a random uniformly distributed floating point number in the
[0, 1) range. Uses drand48 where available, and a really lame
kludge elsewhere. */
double
random_float (void)
{
#ifdef HAVE_RANDOM
return ((double) random_number (RAND_MAX)) / RAND_MAX;
#elif defined HAVE_DRAND48
if (!rnd_seeded)
{
srand48 ((long) time (NULL) ^ (long) getpid ());
rnd_seeded = 1;
}
return drand48 ();
#else /* not HAVE_DRAND48 */
return ( random_number (10000) / 10000.0
+ random_number (10000) / (10000.0 * 10000.0)
+ random_number (10000) / (10000.0 * 10000.0 * 10000.0)
+ random_number (10000) / (10000.0 * 10000.0 * 10000.0 * 10000.0));
#endif /* not HAVE_DRAND48 */
}
/* Implementation of run_with_timeout, a generic timeout-forcing
routine for systems with Unix-like signal handling. */
#ifdef USE_SIGNAL_TIMEOUT
# ifdef HAVE_SIGSETJMP
# define SETJMP(env) sigsetjmp (env, 1)
static sigjmp_buf run_with_timeout_env;
_Noreturn static void
abort_run_with_timeout (int sig _GL_UNUSED)
{
assert (sig == SIGALRM);
siglongjmp (run_with_timeout_env, -1);
}
# else /* not HAVE_SIGSETJMP */
# define SETJMP(env) setjmp (env)
static jmp_buf run_with_timeout_env;
static void _Noreturn
abort_run_with_timeout (int sig _GL_UNUSED)
{
assert (sig == SIGALRM);
/* We don't have siglongjmp to preserve the set of blocked signals;
if we longjumped out of the handler at this point, SIGALRM would
remain blocked. We must unblock it manually. */
sigset_t set;
sigemptyset (&set);
sigaddset (&set, SIGALRM);
sigprocmask (SIG_BLOCK, &set, NULL);
/* Now it's safe to longjump. */
longjmp (run_with_timeout_env, -1);
}
# endif /* not HAVE_SIGSETJMP */
/* Arrange for SIGALRM to be delivered in TIMEOUT seconds. This uses
setitimer where available, alarm otherwise.
TIMEOUT should be non-zero. If the timeout value is so small that
it would be rounded to zero, it is rounded to the least legal value
instead (1us for setitimer, 1s for alarm). That ensures that
SIGALRM will be delivered in all cases. */
static void
alarm_set (double timeout)
{
#ifdef ITIMER_REAL
/* Use the modern itimer interface. */
struct itimerval itv;
xzero (itv);
itv.it_value.tv_sec = (long) timeout;
itv.it_value.tv_usec = 1000000 * (timeout - (long)timeout);
if (itv.it_value.tv_sec == 0 && itv.it_value.tv_usec == 0)
/* Ensure that we wait for at least the minimum interval.
Specifying zero would mean "wait forever". */
itv.it_value.tv_usec = 1;
setitimer (ITIMER_REAL, &itv, NULL);
#else /* not ITIMER_REAL */
/* Use the old alarm() interface. */
int secs = (int) timeout;
if (secs == 0)
/* Round TIMEOUTs smaller than 1 to 1, not to zero. This is
because alarm(0) means "never deliver the alarm", i.e. "wait
forever", which is not what someone who specifies a 0.5s
timeout would expect. */
secs = 1;
alarm (secs);
#endif /* not ITIMER_REAL */
}
/* Cancel the alarm set with alarm_set. */
static void
alarm_cancel (void)
{
#ifdef ITIMER_REAL
struct itimerval disable;
xzero (disable);
setitimer (ITIMER_REAL, &disable, NULL);
#else /* not ITIMER_REAL */
alarm (0);
#endif /* not ITIMER_REAL */
}
/* Call FUN(ARG), but don't allow it to run for more than TIMEOUT
seconds. Returns true if the function was interrupted with a
timeout, false otherwise.
This works by setting up SIGALRM to be delivered in TIMEOUT seconds
using setitimer() or alarm(). The timeout is enforced by
longjumping out of the SIGALRM handler. This has several
advantages compared to the traditional approach of relying on
signals causing system calls to exit with EINTR:
* The callback function is *forcibly* interrupted after the
timeout expires, (almost) regardless of what it was doing and
whether it was in a syscall. For example, a calculation that
takes a long time is interrupted as reliably as an IO
operation.
* It works with both SYSV and BSD signals because it doesn't
depend on the default setting of SA_RESTART.
* It doesn't require special handler setup beyond a simple call
to signal(). (It does use sigsetjmp/siglongjmp, but they're
optional.)
The only downside is that, if FUN allocates internal resources that
are normally freed prior to exit from the functions, they will be
lost in case of timeout. */
bool
run_with_timeout (double timeout, void (*fun) (void *), void *arg)
{
int saved_errno;
if (timeout == 0)
{
fun (arg);
return false;
}
if (SETJMP (run_with_timeout_env) != 0)
{
/* Longjumped out of FUN with a timeout. */
signal (SIGALRM, SIG_DFL);
return true;
}
else
{
signal (SIGALRM, abort_run_with_timeout);
}
alarm_set (timeout);
fun (arg);
/* Preserve errno in case alarm() or signal() modifies it. */
saved_errno = errno;
alarm_cancel ();
signal (SIGALRM, SIG_DFL);
errno = saved_errno;
return false;
}
#else /* not USE_SIGNAL_TIMEOUT */
#ifndef WINDOWS
/* A stub version of run_with_timeout that just calls FUN(ARG). Don't
define it under Windows, because Windows has its own version of
run_with_timeout that uses threads. */
bool
run_with_timeout (double timeout, void (*fun) (void *), void *arg)
{
fun (arg);
return false;
}
#endif /* not WINDOWS */
#endif /* not USE_SIGNAL_TIMEOUT */
#ifndef WINDOWS
/* Sleep the specified amount of seconds. On machines without
nanosleep(), this may sleep shorter if interrupted by signals. */
#if defined FUZZING && defined TESTING
void
xsleep (double seconds)
{
// Don't wait when fuzzing
}
#else
void
xsleep (double seconds)
{
#ifdef HAVE_NANOSLEEP
/* nanosleep is the preferred interface because it offers high
accuracy and, more importantly, because it allows us to reliably
restart receiving a signal such as SIGWINCH. (There was an
actual Debian bug report about --limit-rate malfunctioning while
the terminal was being resized.) */
struct timespec sleep, remaining;
sleep.tv_sec = (long) seconds;
sleep.tv_nsec = 1000000000 * (seconds - (long) seconds);
while (nanosleep (&sleep, &remaining) < 0 && errno == EINTR)
/* If nanosleep has been interrupted by a signal, adjust the
sleeping period and return to sleep. */
sleep = remaining;
#elif defined(HAVE_USLEEP)
/* If usleep is available, use it in preference to select. */
if (seconds >= 1)
{
/* On some systems, usleep cannot handle values larger than
1,000,000. If the period is larger than that, use sleep
first, then add usleep for subsecond accuracy. */
sleep (seconds);
seconds -= (long) seconds;
}
usleep (seconds * 1000000);
#else /* fall back select */
/* Note that, although Windows supports select, it can't be used to
implement sleeping because Winsock's select doesn't implement
timeout when it is passed NULL pointers for all fd sets. (But it
does under Cygwin, which implements Unix-compatible select.) */
struct timeval sleep;
sleep.tv_sec = (long) seconds;
sleep.tv_usec = 1000000 * (seconds - (long) seconds);
select (0, NULL, NULL, NULL, &sleep);
/* If select returns -1 and errno is EINTR, it means we were
interrupted by a signal. But without knowing how long we've
actually slept, we can't return to sleep. Using gettimeofday to
track sleeps is slow and unreliable due to clock skew. */
#endif
}
#endif
#endif /* not WINDOWS */
/* Encode the octets in DATA of length LENGTH to base64 format,
storing the result to DEST. The output will be zero-terminated,
and must point to a writable buffer of at least
1+BASE64_LENGTH(length) bytes. The function returns the length of
the resulting base64 data, not counting the terminating zero.
This implementation does not emit newlines after 76 characters of
base64 data. */
size_t
wget_base64_encode (const void *data, size_t length, char *dest)
{
/* Conversion table. */
static const char tbl[64] = {
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P',
'Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f',
'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
'w','x','y','z','0','1','2','3','4','5','6','7','8','9','+','/'
};
/* Access bytes in DATA as unsigned char, otherwise the shifts below
don't work for data with MSB set. */
const unsigned char *s = data;
/* Theoretical ANSI violation when length < 3. */
const unsigned char *end = (const unsigned char *) data + length - 2;
char *p = dest;
/* Transform the 3x8 bits to 4x6 bits, as required by base64. */
for (; s < end; s += 3)
{
*p++ = tbl[s[0] >> 2];
*p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)];
*p++ = tbl[((s[1] & 0xf) << 2) + (s[2] >> 6)];
*p++ = tbl[s[2] & 0x3f];
}
/* Pad the result if necessary... */
switch (length % 3)
{
case 1:
*p++ = tbl[s[0] >> 2];
*p++ = tbl[(s[0] & 3) << 4];
*p++ = '=';
*p++ = '=';
break;
case 2:
*p++ = tbl[s[0] >> 2];
*p++ = tbl[((s[0] & 3) << 4) + (s[1] >> 4)];
*p++ = tbl[((s[1] & 0xf) << 2)];
*p++ = '=';
break;
}
/* ...and zero-terminate it. */
*p = '\0';
return p - dest;
}
/* Store in C the next non-whitespace character from the string, or \0
when end of string is reached. */
#define NEXT_CHAR(c, p) do { \
c = (unsigned char) *p++; \
} while (c_isspace (c))
#define IS_ASCII(c) (((c) & 0x80) == 0)
/* Decode data from BASE64 (a null-terminated string) into memory
pointed to by DEST. DEST is assumed to be large enough to
accommodate the decoded data, which is guaranteed to be no more than
3/4*strlen(base64).
Since DEST is assumed to contain binary data, it is not
NUL-terminated. The function returns the length of the data
written to "TO". -1 is returned in case of error caused by malformed
base64 input.
This function originates from Free Recode. */
ssize_t
wget_base64_decode (const char *base64, void *dest, size_t size)
{
/* Table of base64 values for first 128 characters. Note that this
assumes ASCII (but so does Wget in other places). */
static const signed char base64_char_to_value[128] =
{
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 0- 9 */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 10- 19 */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 20- 29 */
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /* 30- 39 */
-1, -1, -1, 62, -1, -1, -1, 63, 52, 53, /* 40- 49 */
54, 55, 56, 57, 58, 59, 60, 61, -1, -1, /* 50- 59 */
-1, -1, -1, -1, -1, 0, 1, 2, 3, 4, /* 60- 69 */
5, 6, 7, 8, 9, 10, 11, 12, 13, 14, /* 70- 79 */
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, /* 80- 89 */
25, -1, -1, -1, -1, -1, -1, 26, 27, 28, /* 90- 99 */
29, 30, 31, 32, 33, 34, 35, 36, 37, 38, /* 100-109 */
39, 40, 41, 42, 43, 44, 45, 46, 47, 48, /* 110-119 */
49, 50, 51, -1, -1, -1, -1, -1 /* 120-127 */
};
#define BASE64_CHAR_TO_VALUE(c) ((int) base64_char_to_value[c])
#define IS_BASE64(c) ((IS_ASCII (c) && BASE64_CHAR_TO_VALUE (c) >= 0) || c == '=')
const char *p = base64;
unsigned char *q = dest;
ssize_t n = 0;
while (1)
{
unsigned char c;
unsigned long value;
/* Process first byte of a quadruplet. */
NEXT_CHAR (c, p);
if (!c)
break;
if (c == '=' || !IS_BASE64 (c))
return -1; /* illegal char while decoding base64 */
value = BASE64_CHAR_TO_VALUE (c) << 18;
/* Process second byte of a quadruplet. */
NEXT_CHAR (c, p);
if (!c)
return -1; /* premature EOF while decoding base64 */
if (c == '=' || !IS_BASE64 (c))
return -1; /* illegal char while decoding base64 */
value |= BASE64_CHAR_TO_VALUE (c) << 12;
if (size)
{
*q++ = value >> 16;
size--;
}
n++;
/* Process third byte of a quadruplet. */
NEXT_CHAR (c, p);
if (!c)
return -1; /* premature EOF while decoding base64 */
if (!IS_BASE64 (c))
return -1; /* illegal char while decoding base64 */
if (c == '=')
{
NEXT_CHAR (c, p);
if (!c)
return -1; /* premature EOF while decoding base64 */
if (c != '=')
return -1; /* padding `=' expected but not found */
continue;
}
value |= BASE64_CHAR_TO_VALUE (c) << 6;
if (size)
{
*q++ = 0xff & value >> 8;
size--;
}
n++;
/* Process fourth byte of a quadruplet. */
NEXT_CHAR (c, p);
if (!c)
return -1; /* premature EOF while decoding base64 */
if (c == '=')
continue;
if (!IS_BASE64 (c))
return -1; /* illegal char while decoding base64 */
value |= BASE64_CHAR_TO_VALUE (c);
if (size)
{
*q++ = 0xff & value;
size--;
}
n++;
}
#undef IS_BASE64
#undef BASE64_CHAR_TO_VALUE
return n;
}
#ifdef HAVE_LIBPCRE2
/* Compiles the PCRE2 regex. */
void *
compile_pcre2_regex (const char *str)
{
int errornumber;
PCRE2_SIZE erroroffset;
pcre2_code *regex = pcre2_compile((PCRE2_SPTR) str, PCRE2_ZERO_TERMINATED, 0, &errornumber, &erroroffset, NULL);
if (! regex)
{
fprintf (stderr, _("Invalid regular expression %s, PCRE2 error %d\n"),
quote (str), errornumber);
}
return regex;
}
#endif
#ifdef HAVE_LIBPCRE
/* Compiles the PCRE regex. */
void *
compile_pcre_regex (const char *str)
{
const char *errbuf;
int erroffset;
pcre *regex = pcre_compile (str, 0, &errbuf, &erroffset, 0);
if (! regex)
{
fprintf (stderr, _("Invalid regular expression %s, %s\n"),
quote (str), errbuf);
}
return regex;
}
#endif
/* Compiles the POSIX regex. */
void *
compile_posix_regex (const char *str)
{
regex_t *regex = xmalloc (sizeof (regex_t));
#ifdef TESTING
/* regcomp might be *very* cpu+memory intensive,
* see https://sourceware.org/glibc/wiki/Security%20Exceptions */
str = "a";
#endif
int errcode = regcomp ((regex_t *) regex, str, REG_EXTENDED | REG_NOSUB);
if (errcode != 0)
{
size_t errbuf_size = regerror (errcode, (regex_t *) regex, NULL, 0);
char *errbuf = xmalloc (errbuf_size);
regerror (errcode, (regex_t *) regex, errbuf, errbuf_size);
fprintf (stderr, _("Invalid regular expression %s, %s\n"),
quote (str), errbuf);
xfree (errbuf);
xfree (regex);
return NULL;
}
return regex;
}
#ifdef HAVE_LIBPCRE2
/* Matches a PCRE2 regex. */
bool
match_pcre2_regex (const void *regex, const char *str)
{
int rc;
pcre2_match_data *match_data;
match_data = pcre2_match_data_create_from_pattern(regex, NULL);
if (match_data)
{
rc = pcre2_match(regex, (PCRE2_SPTR) str, strlen(str), 0, 0, match_data, NULL);
pcre2_match_data_free(match_data);
}
else
rc = PCRE2_ERROR_NOMEMORY;
if (rc < 0 && rc != PCRE2_ERROR_NOMATCH)
{
logprintf (LOG_VERBOSE, _("Error while matching %s: %d\n"),
quote (str), rc);
}
return rc >= 0;
}
#endif
#ifdef HAVE_LIBPCRE
#define OVECCOUNT 30
/* Matches a PCRE regex. */
bool
match_pcre_regex (const void *regex, const char *str)
{
size_t l = strlen (str);
int ovector[OVECCOUNT];
int rc = pcre_exec ((pcre *) regex, 0, str, (int) l, 0, 0, ovector, OVECCOUNT);
if (rc == PCRE_ERROR_NOMATCH)
return false;
else if (rc < 0)
{
logprintf (LOG_VERBOSE, _("Error while matching %s: %d\n"),
quote (str), rc);
return false;
}
else
return true;
}
#undef OVECCOUNT
#endif
/* Matches a POSIX regex. */
bool
match_posix_regex (const void *regex, const char *str)
{
int rc = regexec ((regex_t *) regex, str, 0, NULL, 0);
if (rc == REG_NOMATCH)
return false;
else if (rc == 0)
return true;
else
{
size_t errbuf_size = regerror (rc, opt.acceptregex, NULL, 0);
char *errbuf = xmalloc (errbuf_size);
regerror (rc, opt.acceptregex, errbuf, errbuf_size);
logprintf (LOG_VERBOSE, _("Error while matching %s: %d\n"),
quote (str), rc);
xfree (errbuf);
return false;
}
}
#undef IS_ASCII
#undef NEXT_CHAR
/* Simple merge sort for use by stable_sort. Implementation courtesy
Zeljko Vrba with additional debugging by Nenad Barbutov. */
static void
mergesort_internal (void *base, void *temp, size_t size, size_t from, size_t to,
int (*cmpfun) (const void *, const void *))
{
#define ELT(array, pos) ((char *)(array) + (pos) * size)
if (from < to)
{
size_t i, j, k;
size_t mid = (to + from) / 2;
mergesort_internal (base, temp, size, from, mid, cmpfun);
mergesort_internal (base, temp, size, mid + 1, to, cmpfun);
i = from;
j = mid + 1;
for (k = from; (i <= mid) && (j <= to); k++)
if (cmpfun (ELT (base, i), ELT (base, j)) <= 0)
memcpy (ELT (temp, k), ELT (base, i++), size);
else
memcpy (ELT (temp, k), ELT (base, j++), size);
while (i <= mid)
memcpy (ELT (temp, k++), ELT (base, i++), size);
while (j <= to)
memcpy (ELT (temp, k++), ELT (base, j++), size);
for (k = from; k <= to; k++)
memcpy (ELT (base, k), ELT (temp, k), size);
}
#undef ELT
}
/* Stable sort with interface exactly like standard library's qsort.
Uses mergesort internally. */
void
stable_sort (void *base, size_t nmemb, size_t size,
int (*cmpfun) (const void *, const void *))
{
if (nmemb > 1 && size > 1)
{
void *temp = xmalloc (nmemb * size);
mergesort_internal (base, temp, size, 0, nmemb - 1, cmpfun);
xfree(temp);
}
}
/* Print a decimal number. If it is equal to or larger than ten, the
number is rounded. Otherwise it is printed with one significant
digit without trailing zeros and with no more than three fractional
digits total. For example, 0.1 is printed as "0.1", 0.035 is
printed as "0.04", 0.0091 as "0.009", and 0.0003 as simply "0".
This is useful for displaying durations because it provides
order-of-magnitude information without unnecessary clutter --
long-running downloads are shown without the fractional part, and
short ones still retain one significant digit. */
const char *
print_decimal (double number)
{
static char buf[32];
double n = number >= 0 ? number : -number;
if (n >= 9.95)
/* Cut off at 9.95 because the below %.1f would round 9.96 to
"10.0" instead of "10". OTOH 9.94 will print as "9.9". */
snprintf (buf, sizeof buf, "%.0f", number);
else if (n >= 0.95)
snprintf (buf, sizeof buf, "%.1f", number);
else if (n >= 0.001)
snprintf (buf, sizeof buf, "%.1g", number);
else if (n >= 0.0005)
/* round [0.0005, 0.001) to 0.001 */
snprintf (buf, sizeof buf, "%.3f", number);
else
/* print numbers close to 0 as 0, not 0.000 */
strcpy (buf, "0");
return buf;
}
/* Get the maximum name length for the given path. */
/* Return 0 if length is unknown. */
long
get_max_length (const char *path, int length, int name)
{
long ret;
char *p, *d;
/* Make a copy of the path that we can modify. */
p = path ? strdupdelim (path, path + length) : strdup ("");
for (;;)
{
errno = 0;
/* For an empty path query the current directory. */
#if HAVE_PATHCONF
ret = pathconf (*p ? p : ".", name);
if (!(ret < 0 && errno == ENOENT))
break;
#else
ret = PATH_MAX;
#endif
/* The path does not exist yet, but may be created. */
/* Already at current or root directory, give up. */
if (!*p || strcmp (p, "/") == 0)
break;
/* Remove one directory level and try again. */
d = strrchr (p, '/');
if (d == p)
p[1] = '\0'; /* check root directory */
else if (d)
*d = '\0'; /* remove last directory part */
else
*p = '\0'; /* check current directory */
}
xfree (p);
if (ret < 0)
{
/* pathconf() has a message for us. */
if (errno != 0)
perror ("pathconf");
/* If (errno == 0) then there is no max length.
Even on error return 0 so the caller can continue. */
return 0;
}
return ret;
}
void
wg_hex_to_string (char *str_buffer, const char *hex_buffer, size_t hex_len)
{
size_t i;
for (i = 0; i < hex_len; i++)
{
/* Each byte takes 2 characters. */
sprintf (str_buffer + 2 * i, "%02x", (unsigned) (hex_buffer[i] & 0xFF));
}
/* Null-terminate result. */
str_buffer[2 * i] = '\0';
}
#ifdef HAVE_SSL
/*
* Public key pem to der conversion
*/
static bool
wg_pubkey_pem_to_der (const char *pem, unsigned char **der, size_t *der_len)
{
char *stripped_pem, *begin_pos, *end_pos;
size_t pem_count, stripped_pem_count = 0, pem_len;
ssize_t size;
unsigned char *base64data;
*der = NULL;
*der_len = 0;
/* if no pem, exit. */
if (!pem)
return false;
begin_pos = strstr (pem, "-----BEGIN PUBLIC KEY-----");
if (!begin_pos)
return false;
pem_count = begin_pos - pem;
/* Invalid if not at beginning AND not directly following \n */
if (0 != pem_count && '\n' != pem[pem_count - 1])
return false;
/* 26 is length of "-----BEGIN PUBLIC KEY-----" */
pem_count += 26;
/* Invalid if not directly following \n */
end_pos = strstr (pem + pem_count, "\n-----END PUBLIC KEY-----");
if (!end_pos)
return false;
pem_len = end_pos - pem;
stripped_pem = xmalloc (pem_len - pem_count + 1);
/*
* Here we loop through the pem array one character at a time between the
* correct indices, and place each character that is not '\n' or '\r'
* into the stripped_pem array, which should represent the raw base64 string
*/
while (pem_count < pem_len) {
if ('\n' != pem[pem_count] && '\r' != pem[pem_count])
stripped_pem[stripped_pem_count++] = pem[pem_count];
++pem_count;
}
/* Place the null terminator in the correct place */
stripped_pem[stripped_pem_count] = '\0';
base64data = xmalloc (BASE64_LENGTH(stripped_pem_count));
size = wget_base64_decode (stripped_pem, base64data, BASE64_LENGTH(stripped_pem_count));
if (size < 0) {
xfree (base64data); /* malformed base64 from server */
} else {
*der = base64data;
*der_len = (size_t) size;
}
xfree (stripped_pem);
return *der_len > 0;
}
/*
* Generic pinned public key check.
*/
bool
wg_pin_peer_pubkey (const char *pinnedpubkey, const char *pubkey, size_t pubkeylen)
{
struct file_memory *fm;
unsigned char *buf = NULL, *pem_ptr = NULL;
size_t size, pem_len;
bool pem_read;
bool result = false;
size_t pinkeylen;
ssize_t decoded_hash_length;
char *pinkeycopy, *begin_pos, *end_pos;
unsigned char *sha256sumdigest = NULL, *expectedsha256sumdigest = NULL;
/* if a path wasn't specified, don't pin */
if (!pinnedpubkey)
return true;
if (!pubkey || !pubkeylen)
return result;
/* only do this if pinnedpubkey starts with "sha256//", length 8 */
if (strncmp (pinnedpubkey, "sha256//", 8) == 0)
{
/* compute sha256sum of public key */
sha256sumdigest = xmalloc (SHA256_DIGEST_SIZE);
sha256_buffer (pubkey, pubkeylen, sha256sumdigest);
expectedsha256sumdigest = xmalloc (SHA256_DIGEST_SIZE);
/* it starts with sha256//, copy so we can modify it */
pinkeylen = strlen (pinnedpubkey) + 1;
pinkeycopy = xmalloc (pinkeylen);
memcpy (pinkeycopy, pinnedpubkey, pinkeylen);
/* point begin_pos to the copy, and start extracting keys */
begin_pos = pinkeycopy;
do
{
end_pos = strstr (begin_pos, ";sha256//");
/*
* if there is an end_pos, null terminate,
* otherwise it'll go to the end of the original string
*/
if (end_pos)
end_pos[0] = '\0';
/* decode base64 pinnedpubkey, 8 is length of "sha256//" */
decoded_hash_length = wget_base64_decode (begin_pos + 8, expectedsha256sumdigest, SHA256_DIGEST_SIZE);
/* if valid base64, compare sha256 digests directly */
if (SHA256_DIGEST_SIZE == decoded_hash_length)
{
if (!memcmp (sha256sumdigest, expectedsha256sumdigest, SHA256_DIGEST_SIZE))
{
result = true;
break;
}
}
else
logprintf (LOG_VERBOSE, _ ("Skipping key with wrong size (%d/%d): %s\n"),
(int) (strlen (begin_pos + 8) * 3) / 4, SHA256_DIGEST_SIZE,
quote (begin_pos + 8));
/*
* change back the null-terminator we changed earlier,
* and look for next begin
*/
if (end_pos)
{
end_pos[0] = ';';
begin_pos = strstr (end_pos, "sha256//");
}
}
while (end_pos && begin_pos);
xfree (sha256sumdigest);
xfree (expectedsha256sumdigest);
xfree (pinkeycopy);
return result;
}
/* fall back to assuming this is a file path */
fm = wget_read_file (pinnedpubkey);
if (!fm)
return result;
/* Check the file's size */
if (fm->length < 0 || fm->length > MAX_PINNED_PUBKEY_SIZE)
goto cleanup;
/*
* if the size of our certificate is bigger than the file
* size then it can't match
*/
size = (size_t) fm->length;
if (pubkeylen > size)
goto cleanup;
/* If the sizes are the same, it can't be base64 encoded, must be der */
if (pubkeylen == size)
{
if (!memcmp (pubkey, fm->content, pubkeylen))
result = true;
goto cleanup;
}
/*
* Otherwise we will assume it's PEM and try to decode it
* after placing null terminator
*/
buf = xmalloc (size + 1);
memcpy (buf, fm->content, size);
buf[size] = '\0';
pem_read = wg_pubkey_pem_to_der ((const char *) buf, &pem_ptr, &pem_len);
/* if it wasn't read successfully, exit */
if (!pem_read)
goto cleanup;
/*
* if the size of our certificate doesn't match the size of
* the decoded file, they can't be the same, otherwise compare
*/
if (pubkeylen == pem_len && !memcmp (pubkey, pem_ptr, pubkeylen))
result = true;
cleanup:
xfree (buf);
xfree (pem_ptr);
wget_read_file_free (fm);
return result;
}
#endif /* HAVE_SSL */
#ifdef TESTING
const char *
test_subdir_p(void)
{
static const struct {
const char *d1;
const char *d2;
bool result;
} test_array[] = {
{ "/somedir", "/somedir", true },
{ "/somedir", "/somedir/d2", true },
{ "/somedir/d1", "/somedir", false },
};
unsigned i;
for (i = 0; i < countof(test_array); ++i)
{
bool res = subdir_p (test_array[i].d1, test_array[i].d2);
mu_assert ("test_subdir_p: wrong result",
res == test_array[i].result);
}
return NULL;
}
const char *
test_dir_matches_p(void)
{
static struct {
const char *dirlist[3];
const char *dir;
bool result;
} test_array[] = {
{ { "/somedir", "/someotherdir", NULL }, "somedir", true },
{ { "/somedir", "/someotherdir", NULL }, "anotherdir", false },
{ { "/somedir", "/*otherdir", NULL }, "anotherdir", true },
{ { "/somedir/d1", "/someotherdir", NULL }, "somedir/d1", true },
{ { "*/*d1", "/someotherdir", NULL }, "somedir/d1", true },
{ { "/somedir/d1", "/someotherdir", NULL }, "d1", false },
{ { "!COMPLETE", NULL, NULL }, "!COMPLETE", true },
{ { "*COMPLETE", NULL, NULL }, "!COMPLETE", true },
{ { "*/!COMPLETE", NULL, NULL }, "foo/!COMPLETE", true },
{ { "*COMPLETE", NULL, NULL }, "foo/!COMPLETE", false },
{ { "*/*COMPLETE", NULL, NULL }, "foo/!COMPLETE", true },
{ { "/dir with spaces", NULL, NULL }, "dir with spaces", true },
{ { "/dir*with*spaces", NULL, NULL }, "dir with spaces", true },
{ { "/Tmp/has", NULL, NULL }, "/Tmp/has space", false },
{ { "/Tmp/has", NULL, NULL }, "/Tmp/has,comma", false },
};
unsigned i;
for (i = 0; i < countof(test_array); ++i)
{
bool res = dir_matches_p (test_array[i].dirlist, test_array[i].dir);
mu_assert ("test_dir_matches_p: wrong result",
res == test_array[i].result);
}
return NULL;
}
#endif /* TESTING */