mirror of git://sourceware.org/git/glibc.git
				
				
				
			
		
			
				
	
	
		
			178 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			C
		
	
	
	
			
		
		
	
	
			178 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			C
		
	
	
	
| /* Return the canonical absolute name of a given file inside chroot.
 | |
|    Copyright (C) 1996-2018 Free Software Foundation, Inc.
 | |
|    This file is part of the GNU C Library.
 | |
| 
 | |
|    This program is free software; you can redistribute it and/or modify
 | |
|    it under the terms of the GNU General Public License as published
 | |
|    by the Free Software Foundation; version 2 of the License, or
 | |
|    (at your option) any later version.
 | |
| 
 | |
|    This program is distributed in the hope that it will be useful,
 | |
|    but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 | |
|    GNU General Public License for more details.
 | |
| 
 | |
|    You should have received a copy of the GNU General Public License
 | |
|    along with this program; if not, see <http://www.gnu.org/licenses/>.  */
 | |
| 
 | |
| #include <stdlib.h>
 | |
| #include <string.h>
 | |
| #include <unistd.h>
 | |
| #include <limits.h>
 | |
| #include <sys/stat.h>
 | |
| #include <errno.h>
 | |
| #include <stddef.h>
 | |
| #include <stdint.h>
 | |
| 
 | |
| #include <eloop-threshold.h>
 | |
| #include <ldconfig.h>
 | |
| 
 | |
| #ifndef PATH_MAX
 | |
| #define PATH_MAX 1024
 | |
| #endif
 | |
| 
 | |
| /* Return the canonical absolute name of file NAME as if chroot(CHROOT) was
 | |
|    done first.  A canonical name does not contain any `.', `..' components
 | |
|    nor any repeated path separators ('/') or symlinks.  All path components
 | |
|    must exist and NAME must be absolute filename.  The result is malloc'd.
 | |
|    The returned name includes the CHROOT prefix.  */
 | |
| 
 | |
| char *
 | |
| chroot_canon (const char *chroot, const char *name)
 | |
| {
 | |
|   char *rpath;
 | |
|   char *dest;
 | |
|   char *extra_buf = NULL;
 | |
|   char *rpath_root;
 | |
|   const char *start;
 | |
|   const char *end;
 | |
|   const char *rpath_limit;
 | |
|   int num_links = 0;
 | |
|   size_t chroot_len = strlen (chroot);
 | |
| 
 | |
|   if (chroot_len < 1)
 | |
|     {
 | |
|       __set_errno (EINVAL);
 | |
|       return NULL;
 | |
|     }
 | |
| 
 | |
|   rpath = xmalloc (chroot_len + PATH_MAX);
 | |
| 
 | |
|   rpath_limit = rpath + chroot_len + PATH_MAX;
 | |
| 
 | |
|   rpath_root = (char *) mempcpy (rpath, chroot, chroot_len) - 1;
 | |
|   if (*rpath_root != '/')
 | |
|     *++rpath_root = '/';
 | |
|   dest = rpath_root + 1;
 | |
| 
 | |
|   for (start = end = name; *start; start = end)
 | |
|     {
 | |
|       struct stat64 st;
 | |
| 
 | |
|       /* Skip sequence of multiple path-separators.  */
 | |
|       while (*start == '/')
 | |
| 	++start;
 | |
| 
 | |
|       /* Find end of path component.  */
 | |
|       for (end = start; *end && *end != '/'; ++end)
 | |
| 	/* Nothing.  */;
 | |
| 
 | |
|       if (end - start == 0)
 | |
| 	break;
 | |
|       else if (end - start == 1 && start[0] == '.')
 | |
| 	/* nothing */;
 | |
|       else if (end - start == 2 && start[0] == '.' && start[1] == '.')
 | |
| 	{
 | |
| 	  /* Back up to previous component, ignore if at root already.  */
 | |
| 	  if (dest > rpath_root + 1)
 | |
| 	    while ((--dest)[-1] != '/');
 | |
| 	}
 | |
|       else
 | |
| 	{
 | |
| 	  size_t new_size;
 | |
| 
 | |
| 	  if (dest[-1] != '/')
 | |
| 	    *dest++ = '/';
 | |
| 
 | |
| 	  if (dest + (end - start) >= rpath_limit)
 | |
| 	    {
 | |
| 	      ptrdiff_t dest_offset = dest - rpath;
 | |
| 	      char *new_rpath;
 | |
| 
 | |
| 	      new_size = rpath_limit - rpath;
 | |
| 	      if (end - start + 1 > PATH_MAX)
 | |
| 		new_size += end - start + 1;
 | |
| 	      else
 | |
| 		new_size += PATH_MAX;
 | |
| 	      new_rpath = (char *) xrealloc (rpath, new_size);
 | |
| 	      rpath = new_rpath;
 | |
| 	      rpath_limit = rpath + new_size;
 | |
| 
 | |
| 	      dest = rpath + dest_offset;
 | |
| 	    }
 | |
| 
 | |
| 	  dest = mempcpy (dest, start, end - start);
 | |
| 	  *dest = '\0';
 | |
| 
 | |
| 	  if (lstat64 (rpath, &st) < 0)
 | |
| 	    {
 | |
| 	      if (*end == '\0')
 | |
| 		goto done;
 | |
| 	      goto error;
 | |
| 	    }
 | |
| 
 | |
| 	  if (S_ISLNK (st.st_mode))
 | |
| 	    {
 | |
| 	      char *buf = alloca (PATH_MAX);
 | |
| 	      size_t len;
 | |
| 
 | |
| 	      if (++num_links > __eloop_threshold ())
 | |
| 		{
 | |
| 		  __set_errno (ELOOP);
 | |
| 		  goto error;
 | |
| 		}
 | |
| 
 | |
| 	      ssize_t n = readlink (rpath, buf, PATH_MAX - 1);
 | |
| 	      if (n < 0)
 | |
| 		{
 | |
| 		  if (*end == '\0')
 | |
| 		    goto done;
 | |
| 		  goto error;
 | |
| 		}
 | |
| 	      buf[n] = '\0';
 | |
| 
 | |
| 	      if (!extra_buf)
 | |
| 		extra_buf = alloca (PATH_MAX);
 | |
| 
 | |
| 	      len = strlen (end);
 | |
| 	      if (len >= PATH_MAX - n)
 | |
| 		{
 | |
| 		  __set_errno (ENAMETOOLONG);
 | |
| 		  goto error;
 | |
| 		}
 | |
| 
 | |
| 	      /* Careful here, end may be a pointer into extra_buf... */
 | |
| 	      memmove (&extra_buf[n], end, len + 1);
 | |
| 	      name = end = memcpy (extra_buf, buf, n);
 | |
| 
 | |
| 	      if (buf[0] == '/')
 | |
| 		dest = rpath_root + 1;	/* It's an absolute symlink */
 | |
| 	      else
 | |
| 		/* Back up to previous component, ignore if at root already: */
 | |
| 		if (dest > rpath_root + 1)
 | |
| 		  while ((--dest)[-1] != '/');
 | |
| 	    }
 | |
| 	}
 | |
|     }
 | |
|  done:
 | |
|   if (dest > rpath_root + 1 && dest[-1] == '/')
 | |
|     --dest;
 | |
|   *dest = '\0';
 | |
| 
 | |
|   return rpath;
 | |
| 
 | |
|  error:
 | |
|   free (rpath);
 | |
|   return NULL;
 | |
| }
 |