* print.c (printchar, strout): Check for string overflow.
[emacs.git] / nt / cmdproxy.c
blob8c39694deccc87b4964ed36f679e17f6b98b2b17
1 /* Proxy shell designed for use with Emacs on Windows 95 and NT.
2 Copyright (C) 1997, 2001-2011 Free Software Foundation, Inc.
4 Accepts subset of Unix sh(1) command-line options, for compatibility
5 with elisp code written for Unix. When possible, executes external
6 programs directly (a common use of /bin/sh by Emacs), otherwise
7 invokes the user-specified command processor to handle built-in shell
8 commands, batch files and interactive mode.
10 The main function is simply to process the "-c string" option in the
11 way /bin/sh does, since the standard Windows command shells use the
12 convention that everything after "/c" (the Windows equivalent of
13 "-c") is the input string.
15 This file is part of GNU Emacs.
17 GNU Emacs is free software: you can redistribute it and/or modify
18 it under the terms of the GNU General Public License as published by
19 the Free Software Foundation, either version 3 of the License, or
20 (at your option) any later version.
22 GNU Emacs is distributed in the hope that it will be useful,
23 but WITHOUT ANY WARRANTY; without even the implied warranty of
24 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
25 GNU General Public License for more details.
27 You should have received a copy of the GNU General Public License
28 along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
30 #include <windows.h>
32 #include <stdarg.h> /* va_args */
33 #include <malloc.h> /* alloca */
34 #include <stdlib.h> /* getenv */
35 #include <string.h> /* strlen */
36 #include <ctype.h> /* isspace, isalpha */
38 /* We don't want to include stdio.h because we are already duplicating
39 lots of it here */
40 extern int _snprintf (char *buffer, size_t count, const char *format, ...);
42 /******* Mock C library routines *********************************/
44 /* These routines are used primarily to minimize the executable size. */
46 #define stdout GetStdHandle (STD_OUTPUT_HANDLE)
47 #define stderr GetStdHandle (STD_ERROR_HANDLE)
49 int
50 vfprintf (HANDLE hnd, const char * msg, va_list args)
52 DWORD bytes_written;
53 char buf[1024];
55 wvsprintf (buf, msg, args);
56 return WriteFile (hnd, buf, strlen (buf), &bytes_written, NULL);
59 int
60 fprintf (HANDLE hnd, const char * msg, ...)
62 va_list args;
63 int rc;
65 va_start (args, msg);
66 rc = vfprintf (hnd, msg, args);
67 va_end (args);
69 return rc;
72 int
73 printf (const char * msg, ...)
75 va_list args;
76 int rc;
78 va_start (args, msg);
79 rc = vfprintf (stdout, msg, args);
80 va_end (args);
82 return rc;
85 void
86 fail (const char * msg, ...)
88 va_list args;
90 va_start (args, msg);
91 vfprintf (stderr, msg, args);
92 va_end (args);
94 exit (-1);
97 void
98 warn (const char * msg, ...)
100 va_list args;
102 va_start (args, msg);
103 vfprintf (stderr, msg, args);
104 va_end (args);
107 /******************************************************************/
109 char *
110 canon_filename (char *fname)
112 char *p = fname;
114 while (*p)
116 if (*p == '/')
117 *p = '\\';
118 p++;
121 return fname;
124 const char *
125 skip_space (const char *str)
127 while (isspace (*str)) str++;
128 return str;
131 const char *
132 skip_nonspace (const char *str)
134 while (*str && !isspace (*str)) str++;
135 return str;
138 int escape_char = '\\';
140 /* Get next token from input, advancing pointer. */
142 get_next_token (char * buf, const char ** pSrc)
144 const char * p = *pSrc;
145 char * o = buf;
147 p = skip_space (p);
148 if (*p == '"')
150 int escape_char_run = 0;
152 /* Go through src until an ending quote is found, unescaping
153 quotes along the way. If the escape char is not quote, then do
154 special handling of multiple escape chars preceding a quote
155 char (ie. the reverse of what Emacs does to escape quotes). */
156 p++;
157 while (1)
159 if (p[0] == escape_char && escape_char != '"')
161 escape_char_run++;
162 p++;
163 continue;
165 else if (p[0] == '"')
167 while (escape_char_run > 1)
169 *o++ = escape_char;
170 escape_char_run -= 2;
173 if (escape_char_run > 0)
175 /* escaped quote */
176 *o++ = *p++;
177 escape_char_run = 0;
179 else if (p[1] == escape_char && escape_char == '"')
181 /* quote escaped by doubling */
182 *o++ = *p;
183 p += 2;
185 else
187 /* The ending quote. */
188 *o = '\0';
189 /* Leave input pointer after token. */
190 p++;
191 break;
194 else if (p[0] == '\0')
196 /* End of string, but no ending quote found. We might want to
197 flag this as an error, but for now will consider the end as
198 the end of the token. */
199 *o = '\0';
200 break;
202 else
204 *o++ = *p++;
208 else
210 /* Next token is delimited by whitespace. */
211 const char * p1 = skip_nonspace (p);
212 memcpy (o, p, p1 - p);
213 o += (p1 - p);
214 *o = '\0';
215 p = p1;
218 *pSrc = p;
220 return o - buf;
223 /* Search for EXEC file in DIR. If EXEC does not have an extension,
224 DIR is searched for EXEC with the standard extensions appended. */
226 search_dir (const char *dir, const char *exec, int bufsize, char *buffer)
228 const char *exts[] = {".bat", ".cmd", ".exe", ".com"};
229 int n_exts = sizeof (exts) / sizeof (char *);
230 char *dummy;
231 int i, rc;
233 /* Search the directory for the program. */
234 for (i = 0; i < n_exts; i++)
236 rc = SearchPath (dir, exec, exts[i], bufsize, buffer, &dummy);
237 if (rc > 0)
238 return rc;
241 return 0;
244 /* Return the absolute name of executable file PROG, including
245 any file extensions. If an absolute name for PROG cannot be found,
246 return NULL. */
247 char *
248 make_absolute (const char *prog)
250 char absname[MAX_PATH];
251 char dir[MAX_PATH];
252 char curdir[MAX_PATH];
253 char *p, *path;
254 const char *fname;
256 /* At least partial absolute path specified; search there. */
257 if ((isalpha (prog[0]) && prog[1] == ':') ||
258 (prog[0] == '\\'))
260 /* Split the directory from the filename. */
261 fname = strrchr (prog, '\\');
262 if (!fname)
263 /* Only a drive specifier is given. */
264 fname = prog + 2;
265 strncpy (dir, prog, fname - prog);
266 dir[fname - prog] = '\0';
268 /* Search the directory for the program. */
269 if (search_dir (dir, prog, MAX_PATH, absname) > 0)
270 return strdup (absname);
271 else
272 return NULL;
275 if (GetCurrentDirectory (MAX_PATH, curdir) <= 0)
276 return NULL;
278 /* Relative path; search in current dir. */
279 if (strpbrk (prog, "\\"))
281 if (search_dir (curdir, prog, MAX_PATH, absname) > 0)
282 return strdup (absname);
283 else
284 return NULL;
287 /* Just filename; search current directory then PATH. */
288 path = alloca (strlen (getenv ("PATH")) + strlen (curdir) + 2);
289 strcpy (path, curdir);
290 strcat (path, ";");
291 strcat (path, getenv ("PATH"));
293 while (*path)
295 /* Get next directory from path. */
296 p = path;
297 while (*p && *p != ';') p++;
298 strncpy (dir, path, p - path);
299 dir[p - path] = '\0';
301 /* Search the directory for the program. */
302 if (search_dir (dir, prog, MAX_PATH, absname) > 0)
303 return strdup (absname);
305 /* Move to the next directory. */
306 path = p + 1;
309 return NULL;
312 /* Try to decode the given command line the way cmd would do it. On
313 success, return 1 with cmdline dequoted. Otherwise, when we've
314 found constructs only cmd can properly interpret, return 0 and
315 leave cmdline unchanged. */
317 try_dequote_cmdline (char* cmdline)
319 /* Dequoting can only subtract characters, so the length of the
320 original command line is a bound on the amount of scratch space
321 we need. This length, in turn, is bounded by the 32k
322 CreateProces limit. */
323 char * old_pos = cmdline;
324 char * new_cmdline = alloca (strlen(cmdline));
325 char * new_pos = new_cmdline;
326 char c;
328 enum {
329 NORMAL,
330 AFTER_CARET,
331 INSIDE_QUOTE
332 } state = NORMAL;
334 while ((c = *old_pos++))
336 switch (state)
338 case NORMAL:
339 switch(c)
341 case '"':
342 *new_pos++ = c;
343 state = INSIDE_QUOTE;
344 break;
345 case '^':
346 state = AFTER_CARET;
347 break;
348 case '<': case '>':
349 case '&': case '|':
350 case '(': case ')':
351 case '%': case '!':
352 /* We saw an unquoted shell metacharacter and we don't
353 understand it. Bail out. */
354 return 0;
355 default:
356 *new_pos++ = c;
357 break;
359 break;
360 case AFTER_CARET:
361 *new_pos++ = c;
362 state = NORMAL;
363 break;
364 case INSIDE_QUOTE:
365 switch (c)
367 case '"':
368 *new_pos++ = c;
369 state = NORMAL;
370 break;
371 case '%':
372 case '!':
373 /* Variable substitution inside quote. Bail out. */
374 return 0;
375 default:
376 *new_pos++ = c;
377 break;
379 break;
383 /* We were able to dequote the entire string. Copy our scratch
384 buffer on top of the original buffer and return success. */
385 memcpy (cmdline, new_cmdline, new_pos - new_cmdline);
386 cmdline[new_pos - new_cmdline] = '\0';
387 return 1;
390 /*****************************************************************/
392 #if 0
393 char ** _argv;
394 int _argc;
396 /* Parse commandline into argv array, allowing proper quoting of args. */
397 void
398 setup_argv (void)
400 char * cmdline = GetCommandLine ();
401 int arg_bytes = 0;
405 #endif
407 /* Information about child proc is global, to allow for automatic
408 termination when interrupted. At the moment, only one child process
409 can be running at any one time. */
411 PROCESS_INFORMATION child;
412 int interactive = TRUE;
414 BOOL
415 console_event_handler (DWORD event)
417 switch (event)
419 case CTRL_C_EVENT:
420 case CTRL_BREAK_EVENT:
421 if (!interactive)
423 /* Both command.com and cmd.exe have the annoying behavior of
424 prompting "Terminate batch job (y/n)?" when interrupted
425 while running a batch file, even if running in
426 non-interactive (-c) mode. Try to make up for this
427 deficiency by forcibly terminating the subprocess if
428 running non-interactively. */
429 if (child.hProcess &&
430 WaitForSingleObject (child.hProcess, 500) != WAIT_OBJECT_0)
431 TerminateProcess (child.hProcess, 0);
432 exit (STATUS_CONTROL_C_EXIT);
434 break;
436 #if 0
437 default:
438 /* CLOSE, LOGOFF and SHUTDOWN events - actually we don't get these
439 under Windows 95. */
440 fail ("cmdproxy: received %d event\n", event);
441 if (child.hProcess)
442 TerminateProcess (child.hProcess, 0);
443 #endif
445 return TRUE;
448 /* Change from normal usage; return value indicates whether spawn
449 succeeded or failed - program return code is returned separately. */
451 spawn (const char *progname, char *cmdline, const char *dir, int *retcode)
453 BOOL success = FALSE;
454 SECURITY_ATTRIBUTES sec_attrs;
455 STARTUPINFO start;
456 /* In theory, passing NULL for the environment block to CreateProcess
457 is the same as passing the value of GetEnvironmentStrings, but
458 doing this explicitly seems to cure problems running DOS programs
459 in some cases. */
460 char * envblock = GetEnvironmentStrings ();
462 sec_attrs.nLength = sizeof (sec_attrs);
463 sec_attrs.lpSecurityDescriptor = NULL;
464 sec_attrs.bInheritHandle = FALSE;
466 memset (&start, 0, sizeof (start));
467 start.cb = sizeof (start);
469 if (CreateProcess (progname, cmdline, &sec_attrs, NULL, TRUE,
470 0, envblock, dir, &start, &child))
472 success = TRUE;
473 /* wait for completion and pass on return code */
474 WaitForSingleObject (child.hProcess, INFINITE);
475 if (retcode)
476 GetExitCodeProcess (child.hProcess, (DWORD *)retcode);
477 CloseHandle (child.hThread);
478 CloseHandle (child.hProcess);
479 child.hProcess = NULL;
482 FreeEnvironmentStrings (envblock);
484 return success;
487 /* Return size of current environment block. */
489 get_env_size (void)
491 char * start = GetEnvironmentStrings ();
492 char * tmp = start;
494 while (tmp[0] || tmp[1])
495 ++tmp;
496 FreeEnvironmentStrings (start);
497 return tmp + 2 - start;
500 /******* Main program ********************************************/
503 main (int argc, char ** argv)
505 int rc;
506 int need_shell;
507 char * cmdline;
508 char * progname;
509 int envsize;
510 char **pass_through_args;
511 int num_pass_through_args;
512 char modname[MAX_PATH];
513 char path[MAX_PATH];
514 char dir[MAX_PATH];
517 interactive = TRUE;
519 SetConsoleCtrlHandler ((PHANDLER_ROUTINE) console_event_handler, TRUE);
521 if (!GetCurrentDirectory (sizeof (dir), dir))
522 fail ("error: GetCurrentDirectory failed\n");
524 /* We serve double duty: we can be called either as a proxy for the
525 real shell (that is, because we are defined to be the user shell),
526 or in our role as a helper application for running DOS programs.
527 In the former case, we interpret the command line options as if we
528 were a Unix shell, but in the latter case we simply pass our
529 command line to CreateProcess. We know which case we are dealing
530 with by whether argv[0] refers to ourself or to some other program.
531 (This relies on an arcane feature of CreateProcess, where we can
532 specify cmdproxy as the module to run, but specify a different
533 program in the command line - the MSVC startup code sets argv[0]
534 from the command line.) */
536 if (!GetModuleFileName (NULL, modname, sizeof (modname)))
537 fail ("error: GetModuleFileName failed\n");
539 /* Change directory to location of .exe so startup directory can be
540 deleted. */
541 progname = strrchr (modname, '\\');
542 *progname = '\0';
543 SetCurrentDirectory (modname);
544 *progname = '\\';
546 /* Due to problems with interaction between API functions that use "OEM"
547 codepage vs API functions that use the "ANSI" codepage, we need to
548 make things consistent by choosing one and sticking with it. */
549 SetConsoleCP (GetACP ());
550 SetConsoleOutputCP (GetACP ());
552 /* Although Emacs always sets argv[0] to an absolute pathname, we
553 might get run in other ways as well, so convert argv[0] to an
554 absolute name before comparing to the module name. Don't get
555 caught out by mixed short and long names. */
556 GetShortPathName (modname, modname, sizeof (modname));
557 path[0] = '\0';
558 if (!SearchPath (NULL, argv[0], ".exe", sizeof (path), path, &progname)
559 || !GetShortPathName (path, path, sizeof (path))
560 || stricmp (modname, path) != 0)
562 /* We are being used as a helper to run a DOS app; just pass
563 command line to DOS app without change. */
564 /* TODO: fill in progname. */
565 if (spawn (NULL, GetCommandLine (), dir, &rc))
566 return rc;
567 fail ("Could not run %s\n", GetCommandLine ());
570 /* Process command line. If running interactively (-c or /c not
571 specified) then spawn a real command shell, passing it the command
572 line arguments.
574 If not running interactively, then attempt to execute the specified
575 command directly. If necessary, spawn a real shell to execute the
576 command.
580 progname = NULL;
581 cmdline = NULL;
582 /* If no args, spawn real shell for interactive use. */
583 need_shell = TRUE;
584 interactive = TRUE;
585 /* Ask command.com to create an environment block with a reasonable
586 amount of free space. */
587 envsize = get_env_size () + 300;
588 pass_through_args = (char **) alloca (argc * sizeof (char *));
589 num_pass_through_args = 0;
591 while (--argc > 0)
593 ++argv;
594 /* Act on switches we recognize (mostly single letter switches,
595 except for -e); all unrecognized switches and extra args are
596 passed on to real shell if used (only really of benefit for
597 interactive use, but allow for batch use as well). Accept / as
598 switch char for compatibility with cmd.exe. */
599 if (((*argv)[0] == '-' || (*argv)[0] == '/') && (*argv)[1] != '\0')
601 if (((*argv)[1] == 'c' || (*argv)[1] == 'C') && ((*argv)[2] == '\0'))
603 if (--argc == 0)
604 fail ("error: expecting arg for %s\n", *argv);
605 cmdline = *(++argv);
606 interactive = FALSE;
608 else if (((*argv)[1] == 'i' || (*argv)[1] == 'I') && ((*argv)[2] == '\0'))
610 if (cmdline)
611 warn ("warning: %s ignored because of -c\n", *argv);
613 else if (((*argv)[1] == 'e' || (*argv)[1] == 'E') && ((*argv)[2] == ':'))
615 int requested_envsize = atoi (*argv + 3);
616 /* Enforce a reasonable minimum size, as above. */
617 if (requested_envsize > envsize)
618 envsize = requested_envsize;
619 /* For sanity, enforce a reasonable maximum. */
620 if (envsize > 32768)
621 envsize = 32768;
623 else
625 /* warn ("warning: unknown option %s ignored", *argv); */
626 pass_through_args[num_pass_through_args++] = *argv;
629 else
630 break;
633 #if 0
634 /* I think this is probably not useful - cmd.exe ignores extra
635 (non-switch) args in interactive mode, and they cannot be passed on
636 when -c was given. */
638 /* Collect any remaining args after (initial) switches. */
639 while (argc-- > 0)
641 pass_through_args[num_pass_through_args++] = *argv++;
643 #else
644 /* Probably a mistake for there to be extra args; not fatal. */
645 if (argc > 0)
646 warn ("warning: extra args ignored after '%s'\n", argv[-1]);
647 #endif
649 pass_through_args[num_pass_through_args] = NULL;
651 /* If -c option, determine if we must spawn a real shell, or if we can
652 execute the command directly ourself. */
653 if (cmdline)
655 const char *args;
657 /* The program name is the first token of cmdline. Since
658 filenames cannot legally contain embedded quotes, the value
659 of escape_char doesn't matter. */
660 args = cmdline;
661 if (!get_next_token (path, &args))
662 fail ("error: no program name specified.\n");
664 canon_filename (path);
665 progname = make_absolute (path);
667 /* If we found the program and the rest of the command line does
668 not contain unquoted shell metacharacters, run the program
669 directly (if not found it might be an internal shell command,
670 so don't fail). */
671 if (progname != NULL && try_dequote_cmdline (cmdline))
672 need_shell = FALSE;
673 else
674 progname = NULL;
677 pass_to_shell:
678 if (need_shell)
680 char * p;
681 int extra_arg_space = 0;
682 int maxlen, remlen;
683 int run_command_dot_com;
685 progname = getenv ("COMSPEC");
686 if (!progname)
687 fail ("error: COMSPEC is not set\n");
689 canon_filename (progname);
690 progname = make_absolute (progname);
692 if (progname == NULL || strchr (progname, '\\') == NULL)
693 fail ("error: the program %s could not be found.\n", getenv ("COMSPEC"));
695 /* Need to set environment size when running command.com. */
696 run_command_dot_com =
697 (stricmp (strrchr (progname, '\\'), "command.com") == 0);
699 /* Work out how much extra space is required for
700 pass_through_args. */
701 for (argv = pass_through_args; *argv != NULL; ++argv)
702 /* We don't expect to have to quote switches. */
703 extra_arg_space += strlen (*argv) + 2;
705 if (cmdline)
707 char * buf;
709 /* Convert to syntax expected by cmd.exe/command.com for
710 running non-interactively. Always quote program name in
711 case path contains spaces (fortunately it can't contain
712 quotes, since they are illegal in path names). */
714 remlen = maxlen =
715 strlen (progname) + extra_arg_space + strlen (cmdline) + 16;
716 buf = p = alloca (maxlen + 1);
718 /* Quote progname in case it contains spaces. */
719 p += _snprintf (p, remlen, "\"%s\"", progname);
720 remlen = maxlen - (p - buf);
722 /* Include pass_through_args verbatim; these are just switches
723 so should not need quoting. */
724 for (argv = pass_through_args; *argv != NULL; ++argv)
726 p += _snprintf (p, remlen, " %s", *argv);
727 remlen = maxlen - (p - buf);
730 if (run_command_dot_com)
731 _snprintf (p, remlen, " /e:%d /c %s", envsize, cmdline);
732 else
733 _snprintf (p, remlen, " /c %s", cmdline);
734 cmdline = buf;
736 else
738 if (run_command_dot_com)
740 /* Provide dir arg expected by command.com when first
741 started interactively (the "command search path"). To
742 avoid potential problems with spaces in command dir
743 (which cannot be quoted - command.com doesn't like it),
744 we always use the 8.3 form. */
745 GetShortPathName (progname, path, sizeof (path));
746 p = strrchr (path, '\\');
747 /* Trailing slash is acceptable, so always leave it. */
748 *(++p) = '\0';
750 else
751 path[0] = '\0';
753 remlen = maxlen =
754 strlen (progname) + extra_arg_space + strlen (path) + 13;
755 cmdline = p = alloca (maxlen + 1);
757 /* Quote progname in case it contains spaces. */
758 p += _snprintf (p, remlen, "\"%s\" %s", progname, path);
759 remlen = maxlen - (p - cmdline);
761 /* Include pass_through_args verbatim; these are just switches
762 so should not need quoting. */
763 for (argv = pass_through_args; *argv != NULL; ++argv)
765 p += _snprintf (p, remlen, " %s", *argv);
766 remlen = maxlen - (p - cmdline);
769 if (run_command_dot_com)
770 _snprintf (p, remlen, " /e:%d", envsize);
774 if (!progname)
775 fail ("Internal error: program name not defined\n");
777 if (!cmdline)
778 cmdline = progname;
780 if (spawn (progname, cmdline, dir, &rc))
781 return rc;
783 if (!need_shell)
785 need_shell = TRUE;
786 goto pass_to_shell;
789 fail ("Could not run %s\n", progname);
791 return 0;