src/pathchk.c

   1 /* pathchk -- check whether file names are valid or portable
   2    Copyright (C) 1991-2011 Free Software Foundation, Inc.
   3
   4    This program is free software: you can redistribute it and/or modify
   5    it under the terms of the GNU General Public License as published by
   6    the Free Software Foundation, either version 3 of the License, or
   7    (at your option) any later version.
   8
   9    This program is distributed in the hope that it will be useful,
  10    but WITHOUT ANY WARRANTY; without even the implied warranty of
  11    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12    GNU General Public License for more details.
  13
  14    You should have received a copy of the GNU General Public License
  15    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
  16
  17 #include <config.h>
  18 #include <stdio.h>
  19 #include <getopt.h>
  20 #include <sys/types.h>
  21 #include <wchar.h>
  22
  23 #include "system.h"
  24 #include "error.h"
  25 #include "quote.h"
  26 #include "quotearg.h"
  27
  28 /* The official name of this program (e.g., no `g' prefix).  */
  29 #define PROGRAM_NAME "pathchk"
  30
  31 #define AUTHORS \
  32   proper_name ("Paul Eggert"), \
  33   proper_name ("David MacKenzie"), \
  34   proper_name ("Jim Meyering")
  35
  36 #ifndef _POSIX_PATH_MAX
  37 # define _POSIX_PATH_MAX 256
  38 #endif
  39 #ifndef _POSIX_NAME_MAX
  40 # define _POSIX_NAME_MAX 14
  41 #endif
  42
  43 #ifdef _XOPEN_NAME_MAX
  44 # define NAME_MAX_MINIMUM _XOPEN_NAME_MAX
  45 #else
  46 # define NAME_MAX_MINIMUM _POSIX_NAME_MAX
  47 #endif
  48 #ifdef _XOPEN_PATH_MAX
  49 # define PATH_MAX_MINIMUM _XOPEN_PATH_MAX
  50 #else
  51 # define PATH_MAX_MINIMUM _POSIX_PATH_MAX
  52 #endif
  53
  54 #if ! (HAVE_PATHCONF && defined _PC_NAME_MAX && defined _PC_PATH_MAX)
  55 # ifndef _PC_NAME_MAX
  56 #  define _PC_NAME_MAX 0
  57 #  define _PC_PATH_MAX 1
  58 # endif
  59 # ifndef pathconf
  60 #  define pathconf(file, flag) \
  61      (flag == _PC_NAME_MAX ? NAME_MAX_MINIMUM : PATH_MAX_MINIMUM)
  62 # endif
  63 #endif
  64
  65 static bool validate_file_name (char *, bool, bool);
  66
  67 /* For long options that have no equivalent short option, use a
  68    non-character as a pseudo short option, starting with CHAR_MAX + 1.  */
  69 enum
  70 {
  71   PORTABILITY_OPTION = CHAR_MAX + 1
  72 };
  73
  74 static struct option const longopts[] =
  75 {
  76   {"portability", no_argument, NULL, PORTABILITY_OPTION},
  77   {GETOPT_HELP_OPTION_DECL},
  78   {GETOPT_VERSION_OPTION_DECL},
  79   {NULL, 0, NULL, 0}
  80 };
  81
  82 void
  83 usage (int status)
  84 {
  85   if (status != EXIT_SUCCESS)
  86     fprintf (stderr, _("Try `%s --help' for more information.\n"),
  87              program_name);
  88   else
  89     {
  90       printf (_("Usage: %s [OPTION]... NAME...\n"), program_name);
  91       fputs (_("\
  92 Diagnose invalid or unportable file names.\n\
  93 \n\
  94   -p                  check for most POSIX systems\n\
  95   -P                  check for empty names and leading \"-\"\n\
  96       --portability   check for all POSIX systems (equivalent to -p -P)\n\
  97 "), stdout);
  98       fputs (HELP_OPTION_DESCRIPTION, stdout);
  99       fputs (VERSION_OPTION_DESCRIPTION, stdout);
 100       emit_ancillary_info ();
 101     }
 102   exit (status);
 103 }
 104
 105 int
 106 main (int argc, char **argv)
 107 {
 108   bool ok = true;
 109   bool check_basic_portability = false;
 110   bool check_extra_portability = false;
 111   int optc;
 112
 113   initialize_main (&argc, &argv);
 114   set_program_name (argv[0]);
 115   setlocale (LC_ALL, "");
 116   bindtextdomain (PACKAGE, LOCALEDIR);
 117   textdomain (PACKAGE);
 118
 119   atexit (close_stdout);
 120
 121   while ((optc = getopt_long (argc, argv, "+pP", longopts, NULL)) != -1)
 122     {
 123       switch (optc)
 124         {
 125         case PORTABILITY_OPTION:
 126           check_basic_portability = true;
 127           check_extra_portability = true;
 128           break;
 129
 130         case 'p':
 131           check_basic_portability = true;
 132           break;
 133
 134         case 'P':
 135           check_extra_portability = true;
 136           break;
 137
 138         case_GETOPT_HELP_CHAR;
 139
 140         case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
 141
 142         default:
 143           usage (EXIT_FAILURE);
 144         }
 145     }
 146
 147   if (optind == argc)
 148     {
 149       error (0, 0, _("missing operand"));
 150       usage (EXIT_FAILURE);
 151     }
 152
 153   for (; optind < argc; ++optind)
 154     ok &= validate_file_name (argv[optind],
 155                               check_basic_portability, check_extra_portability);
 156
 157   exit (ok ? EXIT_SUCCESS : EXIT_FAILURE);
 158 }
 159
 160 /* If FILE contains a component with a leading "-", report an error
 161    and return false; otherwise, return true.  */
 162
 163 static bool
 164 no_leading_hyphen (char const *file)
 165 {
 166   char const *p;
 167
 168   for (p = file;  (p = strchr (p, '-'));  p++)
 169     if (p == file || p[-1] == '/')
 170       {
 171         error (0, 0, _("leading `-' in a component of file name %s"),
 172                quote (file));
 173         return false;
 174       }
 175
 176   return true;
 177 }
 178
 179 /* If FILE (of length FILELEN) contains only portable characters,
 180    return true, else report an error and return false.  */
 181
 182 static bool
 183 portable_chars_only (char const *file, size_t filelen)
 184 {
 185   size_t validlen = strspn (file,
 186                             ("/"
 187                              "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
 188                              "abcdefghijklmnopqrstuvwxyz"
 189                              "0123456789._-"));
 190   char const *invalid = file + validlen;
 191
 192   if (*invalid)
 193     {
 194       mbstate_t mbstate = { 0, };
 195       size_t charlen = mbrlen (invalid, filelen - validlen, &mbstate);
 196       error (0, 0,
 197              _("nonportable character %s in file name %s"),
 198              quotearg_n_style_mem (1, locale_quoting_style, invalid,
 199                                    (charlen <= MB_LEN_MAX ? charlen : 1)),
 200              quote_n (0, file));
 201       return false;
 202     }
 203
 204   return true;
 205 }
 206
 207 /* Return the address of the start of the next file name component in F.  */
 208
 209 static char * _GL_ATTRIBUTE_PURE
 210 component_start (char *f)
 211 {
 212   while (*f == '/')
 213     f++;
 214   return f;
 215 }
 216
 217 /* Return the size of the file name component F.  F must be nonempty.  */
 218
 219 static size_t _GL_ATTRIBUTE_PURE
 220 component_len (char const *f)
 221 {
 222   size_t len;
 223   for (len = 1; f[len] != '/' && f[len]; len++)
 224     continue;
 225   return len;
 226 }
 227
 228 /* Make sure that
 229    strlen (FILE) <= PATH_MAX
 230    && strlen (each-existing-directory-in-FILE) <= NAME_MAX
 231
 232    If CHECK_BASIC_PORTABILITY is true, compare against _POSIX_PATH_MAX and
 233    _POSIX_NAME_MAX instead, and make sure that FILE contains no
 234    characters not in the POSIX portable filename character set, which
 235    consists of A-Z, a-z, 0-9, ., _, - (plus / for separators).
 236
 237    If CHECK_BASIC_PORTABILITY is false, make sure that all leading directories
 238    along FILE that exist are searchable.
 239
 240    If CHECK_EXTRA_PORTABILITY is true, check that file name components do not
 241    begin with "-".
 242
 243    If either CHECK_BASIC_PORTABILITY or CHECK_EXTRA_PORTABILITY is true,
 244    check that the file name is not empty.
 245
 246    Return true if all of these tests are successful, false if any fail.  */
 247
 248 static bool
 249 validate_file_name (char *file, bool check_basic_portability,
 250                     bool check_extra_portability)
 251 {
 252   size_t filelen = strlen (file);
 253
 254   /* Start of file name component being checked.  */
 255   char *start;
 256
 257   /* True if component lengths need to be checked.  */
 258   bool check_component_lengths;
 259
 260   /* True if the file is known to exist.  */
 261   bool file_exists = false;
 262
 263   if (check_extra_portability && ! no_leading_hyphen (file))
 264     return false;
 265
 266   if ((check_basic_portability || check_extra_portability)
 267       && filelen == 0)
 268     {
 269       /* Fail, since empty names are not portable.  As of
 270          2005-01-06 POSIX does not address whether "pathchk -p ''"
 271          should (or is allowed to) fail, so this is not a
 272          conformance violation.  */
 273       error (0, 0, _("empty file name"));
 274       return false;
 275     }
 276
 277   if (check_basic_portability)
 278     {
 279       if (! portable_chars_only (file, filelen))
 280         return false;
 281     }
 282   else
 283     {
 284       /* Check whether a file name component is in a directory that
 285          is not searchable, or has some other serious problem.
 286          POSIX does not allow "" as a file name, but some non-POSIX
 287          hosts do (as an alias for "."), so allow "" if lstat does.  */
 288
 289       struct stat st;
 290       if (lstat (file, &st) == 0)
 291         file_exists = true;
 292       else if (errno != ENOENT || filelen == 0)
 293         {
 294           error (0, errno, "%s", file);
 295           return false;
 296         }
 297     }
 298
 299   if (check_basic_portability
 300       || (! file_exists && PATH_MAX_MINIMUM <= filelen))
 301     {
 302       size_t maxsize;
 303
 304       if (check_basic_portability)
 305         maxsize = _POSIX_PATH_MAX;
 306       else
 307         {
 308           long int size;
 309           char const *dir = (*file == '/' ? "/" : ".");
 310           errno = 0;
 311           size = pathconf (dir, _PC_PATH_MAX);
 312           if (size < 0 && errno != 0)
 313             {
 314               error (0, errno,
 315                      _("%s: unable to determine maximum file name length"),
 316                      dir);
 317               return false;
 318             }
 319           maxsize = MIN (size, SSIZE_MAX);
 320         }
 321
 322       if (maxsize <= filelen)
 323         {
 324           unsigned long int len = filelen;
 325           unsigned long int maxlen = maxsize - 1;
 326           error (0, 0, _("limit %lu exceeded by length %lu of file name %s"),
 327                  maxlen, len, quote (file));
 328           return false;
 329         }
 330     }
 331
 332   /* Check whether pathconf (..., _PC_NAME_MAX) can be avoided, i.e.,
 333      whether all file name components are so short that they are valid
 334      in any file system on this platform.  If CHECK_BASIC_PORTABILITY, though,
 335      it's more convenient to check component lengths below.  */
 336
 337   check_component_lengths = check_basic_portability;
 338   if (! check_component_lengths && ! file_exists)
 339     {
 340       for (start = file; *(start = component_start (start)); )
 341         {
 342           size_t length = component_len (start);
 343
 344           if (NAME_MAX_MINIMUM < length)
 345             {
 346               check_component_lengths = true;
 347               break;
 348             }
 349
 350           start += length;
 351         }
 352     }
 353
 354   if (check_component_lengths)
 355     {
 356       /* The limit on file name components for the current component.
 357          This defaults to NAME_MAX_MINIMUM, for the sake of non-POSIX
 358          systems (NFS, say?) where pathconf fails on "." or "/" with
 359          errno == ENOENT.  */
 360       size_t name_max = NAME_MAX_MINIMUM;
 361
 362       /* If nonzero, the known limit on file name components.  */
 363       size_t known_name_max = (check_basic_portability ? _POSIX_NAME_MAX : 0);
 364
 365       for (start = file; *(start = component_start (start)); )
 366         {
 367           size_t length;
 368
 369           if (known_name_max)
 370             name_max = known_name_max;
 371           else
 372             {
 373               long int len;
 374               char const *dir = (start == file ? "." : file);
 375               char c = *start;
 376               errno = 0;
 377               *start = '\0';
 378               len = pathconf (dir, _PC_NAME_MAX);
 379               *start = c;
 380               if (0 <= len)
 381                 name_max = MIN (len, SSIZE_MAX);
 382               else
 383                 switch (errno)
 384                   {
 385                   case 0:
 386                     /* There is no limit.  */
 387                     name_max = SIZE_MAX;
 388                     break;
 389
 390                   case ENOENT:
 391                     /* DIR does not exist; use its parent's maximum.  */
 392                     known_name_max = name_max;
 393                     break;
 394
 395                   default:
 396                     *start = '\0';
 397                     error (0, errno, "%s", dir);
 398                     *start = c;
 399                     return false;
 400                   }
 401             }
 402
 403           length = component_len (start);
 404
 405           if (name_max < length)
 406             {
 407               unsigned long int len = length;
 408               unsigned long int maxlen = name_max;
 409               char c = start[len];
 410               start[len] = '\0';
 411               error (0, 0,
 412                      _("limit %lu exceeded by length %lu "
 413                        "of file name component %s"),
 414                      maxlen, len, quote (start));
 415               start[len] = c;
 416               return false;
 417             }
 418
 419           start += length;
 420         }
 421     }
 422
 423   return true;
 424 }