posix: Fix posix_spawn invalid memory access
[glibc.git] / stdlib / canonicalize.c
blob58bb8de949bc8cc705de7c0840c859fed7b06c01
1 /* Return the canonical absolute name of a given file.
2 Copyright (C) 1996-2016 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
19 #include <assert.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <unistd.h>
23 #include <limits.h>
24 #include <sys/stat.h>
25 #include <errno.h>
26 #include <stddef.h>
28 #include <eloop-threshold.h>
29 #include <shlib-compat.h>
31 /* Return the canonical absolute name of file NAME. A canonical name
32 does not contain any `.', `..' components nor any repeated path
33 separators ('/') or symlinks. All path components must exist. If
34 RESOLVED is null, the result is malloc'd; otherwise, if the
35 canonical name is PATH_MAX chars or more, returns null with `errno'
36 set to ENAMETOOLONG; if the name fits in fewer than PATH_MAX chars,
37 returns the name in RESOLVED. If the name cannot be resolved and
38 RESOLVED is non-NULL, it contains the path of the first component
39 that cannot be resolved. If the path can be resolved, RESOLVED
40 holds the same value as the value returned. */
42 char *
43 __realpath (const char *name, char *resolved)
45 char *rpath, *dest, *extra_buf = NULL;
46 const char *start, *end, *rpath_limit;
47 long int path_max;
48 int num_links = 0;
50 if (name == NULL)
52 /* As per Single Unix Specification V2 we must return an error if
53 either parameter is a null pointer. We extend this to allow
54 the RESOLVED parameter to be NULL in case the we are expected to
55 allocate the room for the return value. */
56 __set_errno (EINVAL);
57 return NULL;
60 if (name[0] == '\0')
62 /* As per Single Unix Specification V2 we must return an error if
63 the name argument points to an empty string. */
64 __set_errno (ENOENT);
65 return NULL;
68 #ifdef PATH_MAX
69 path_max = PATH_MAX;
70 #else
71 path_max = pathconf (name, _PC_PATH_MAX);
72 if (path_max <= 0)
73 path_max = 1024;
74 #endif
76 if (resolved == NULL)
78 rpath = malloc (path_max);
79 if (rpath == NULL)
80 return NULL;
82 else
83 rpath = resolved;
84 rpath_limit = rpath + path_max;
86 if (name[0] != '/')
88 if (!__getcwd (rpath, path_max))
90 rpath[0] = '\0';
91 goto error;
93 dest = __rawmemchr (rpath, '\0');
95 else
97 rpath[0] = '/';
98 dest = rpath + 1;
101 for (start = end = name; *start; start = end)
103 struct stat64 st;
104 int n;
106 /* Skip sequence of multiple path-separators. */
107 while (*start == '/')
108 ++start;
110 /* Find end of path component. */
111 for (end = start; *end && *end != '/'; ++end)
112 /* Nothing. */;
114 if (end - start == 0)
115 break;
116 else if (end - start == 1 && start[0] == '.')
117 /* nothing */;
118 else if (end - start == 2 && start[0] == '.' && start[1] == '.')
120 /* Back up to previous component, ignore if at root already. */
121 if (dest > rpath + 1)
122 while ((--dest)[-1] != '/');
124 else
126 size_t new_size;
128 if (dest[-1] != '/')
129 *dest++ = '/';
131 if (dest + (end - start) >= rpath_limit)
133 ptrdiff_t dest_offset = dest - rpath;
134 char *new_rpath;
136 if (resolved)
138 __set_errno (ENAMETOOLONG);
139 if (dest > rpath + 1)
140 dest--;
141 *dest = '\0';
142 goto error;
144 new_size = rpath_limit - rpath;
145 if (end - start + 1 > path_max)
146 new_size += end - start + 1;
147 else
148 new_size += path_max;
149 new_rpath = (char *) realloc (rpath, new_size);
150 if (new_rpath == NULL)
151 goto error;
152 rpath = new_rpath;
153 rpath_limit = rpath + new_size;
155 dest = rpath + dest_offset;
158 dest = __mempcpy (dest, start, end - start);
159 *dest = '\0';
161 if (__lxstat64 (_STAT_VER, rpath, &st) < 0)
162 goto error;
164 if (S_ISLNK (st.st_mode))
166 char *buf = __alloca (path_max);
167 size_t len;
169 if (++num_links > __eloop_threshold ())
171 __set_errno (ELOOP);
172 goto error;
175 n = __readlink (rpath, buf, path_max - 1);
176 if (n < 0)
177 goto error;
178 buf[n] = '\0';
180 if (!extra_buf)
181 extra_buf = __alloca (path_max);
183 len = strlen (end);
184 if ((long int) (n + len) >= path_max)
186 __set_errno (ENAMETOOLONG);
187 goto error;
190 /* Careful here, end may be a pointer into extra_buf... */
191 memmove (&extra_buf[n], end, len + 1);
192 name = end = memcpy (extra_buf, buf, n);
194 if (buf[0] == '/')
195 dest = rpath + 1; /* It's an absolute symlink */
196 else
197 /* Back up to previous component, ignore if at root already: */
198 if (dest > rpath + 1)
199 while ((--dest)[-1] != '/');
201 else if (!S_ISDIR (st.st_mode) && *end != '\0')
203 __set_errno (ENOTDIR);
204 goto error;
208 if (dest > rpath + 1 && dest[-1] == '/')
209 --dest;
210 *dest = '\0';
212 assert (resolved == NULL || resolved == rpath);
213 return rpath;
215 error:
216 assert (resolved == NULL || resolved == rpath);
217 if (resolved == NULL)
218 free (rpath);
219 return NULL;
221 versioned_symbol (libc, __realpath, realpath, GLIBC_2_3);
224 #if SHLIB_COMPAT(libc, GLIBC_2_0, GLIBC_2_3)
225 char *
226 attribute_compat_text_section
227 __old_realpath (const char *name, char *resolved)
229 if (resolved == NULL)
231 __set_errno (EINVAL);
232 return NULL;
235 return __realpath (name, resolved);
237 compat_symbol (libc, __old_realpath, realpath, GLIBC_2_0);
238 #endif
241 char *
242 __canonicalize_file_name (const char *name)
244 return __realpath (name, NULL);
246 weak_alias (__canonicalize_file_name, canonicalize_file_name)