posix/execvpe.c

   1 /* Copyright (C) 1991-2018 Free Software Foundation, Inc.
   2    This file is part of the GNU C Library.
   3
   4    The GNU C Library is free software; you can redistribute it and/or
   5    modify it under the terms of the GNU Lesser General Public
   6    License as published by the Free Software Foundation; either
   7    version 2.1 of the License, or (at your option) any later version.
   8
   9    The GNU C Library is distributed in the hope that it will be useful,
  10    but WITHOUT ANY WARRANTY; without even the implied warranty of
  11    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12    Lesser General Public License for more details.
  13
  14    You should have received a copy of the GNU Lesser General Public
  15    License along with the GNU C Library; if not, see
  16    <http://www.gnu.org/licenses/>.  */
  17
  18 #include <unistd.h>
  19 #include <stdarg.h>
  20 #include <stdbool.h>
  21 #include <stdlib.h>
  22 #include <string.h>
  23 #include <errno.h>
  24 #include <paths.h>
  25 #include <confstr.h>
  26 #include <sys/param.h>
  27
  28 #ifndef PATH_MAX
  29 # ifdef MAXPATHLEN
  30 #  define PATH_MAX MAXPATHLEN
  31 # else
  32 #  define PATH_MAX 1024
  33 # endif
  34 #endif
  35
  36 /* The file is accessible but it is not an executable file.  Invoke
  37    the shell to interpret it as a script.  */
  38 static void
  39 maybe_script_execute (const char *file, char *const argv[], char *const envp[])
  40 {
  41   ptrdiff_t argc;
  42   for (argc = 0; argv[argc] != NULL; argc++)
  43     {
  44       if (argc == INT_MAX - 1)
  45         {
  46           errno = E2BIG;
  47           return;
  48         }
  49     }
  50
  51   /* Construct an argument list for the shell based on original arguments:
  52      1. Empty list (argv = { NULL }, argc = 1 }: new argv will contain 3
  53         arguments - default shell, script to execute, and ending NULL.
  54      2. Non empty argument list (argc = { ..., NULL }, argc > 1}: new argv
  55         will contain also the default shell and the script to execute.  It
  56         will also skip the script name in arguments and only copy script
  57         arguments.  */
  58   char *new_argv[argc > 1 ? 2 + argc : 3];
  59   new_argv[0] = (char *) _PATH_BSHELL;
  60   new_argv[1] = (char *) file;
  61   if (argc > 1)
  62     memcpy (new_argv + 2, argv + 1, argc * sizeof(char *));
  63   else
  64     new_argv[2] = NULL;
  65
  66   /* Execute the shell.  */
  67   __execve (new_argv[0], new_argv, envp);
  68 }
  69
  70 static int
  71 __execvpe_common (const char *file, char *const argv[], char *const envp[],
  72                   bool exec_script)
  73 {
  74   /* We check the simple case first. */
  75   if (*file == '\0')
  76     {
  77       __set_errno (ENOENT);
  78       return -1;
  79     }
  80
  81   /* Don't search when it contains a slash.  */
  82   if (strchr (file, '/') != NULL)
  83     {
  84       __execve (file, argv, envp);
  85
  86       if (errno == ENOEXEC && exec_script)
  87         maybe_script_execute (file, argv, envp);
  88
  89       return -1;
  90     }
  91
  92   const char *path = getenv ("PATH");
  93   if (!path)
  94     path = CS_PATH;
  95   /* Although GLIBC does not enforce NAME_MAX, we set it as the maximum
  96      size to avoid unbounded stack allocation.  Same applies for
  97      PATH_MAX.  */
  98   size_t file_len = __strnlen (file, NAME_MAX) + 1;
  99   size_t path_len = __strnlen (path, PATH_MAX - 1) + 1;
 100
 101   /* NAME_MAX does not include the terminating null character.  */
 102   if ((file_len - 1 > NAME_MAX)
 103       || !__libc_alloca_cutoff (path_len + file_len + 1))
 104     {
 105       errno = ENAMETOOLONG;
 106       return -1;
 107     }
 108
 109   const char *subp;
 110   bool got_eacces = false;
 111   /* The resulting string maximum size would be potentially a entry
 112      in PATH plus '/' (path_len + 1) and then the the resulting file name
 113      plus '\0' (file_len since it already accounts for the '\0').  */
 114   char buffer[path_len + file_len + 1];
 115   for (const char *p = path; ; p = subp)
 116     {
 117       subp = __strchrnul (p, ':');
 118
 119       /* PATH is larger than PATH_MAX and thus potentially larger than
 120          the stack allocation.  */
 121       if (subp - p >= path_len)
 122         {
 123           /* If there is only one path, bail out.  */
 124           if (*subp == '\0')
 125             break;
 126           /* Otherwise skip to next one.  */
 127           continue;
 128         }
 129
 130       /* Use the current path entry, plus a '/' if nonempty, plus the file to
 131          execute.  */
 132       char *pend = mempcpy (buffer, p, subp - p);
 133       *pend = '/';
 134       memcpy (pend + (p < subp), file, file_len);
 135
 136       __execve (buffer, argv, envp);
 137
 138       if (errno == ENOEXEC && exec_script)
 139         /* This has O(P*C) behavior, where P is the length of the path and C
 140            is the argument count.  A better strategy would be allocate the
 141            substitute argv and reuse it each time through the loop (so it
 142            behaves as O(P+C) instead.  */
 143         maybe_script_execute (buffer, argv, envp);
 144
 145       switch (errno)
 146         {
 147           case EACCES:
 148           /* Record that we got a 'Permission denied' error.  If we end
 149              up finding no executable we can use, we want to diagnose
 150              that we did find one but were denied access.  */
 151             got_eacces = true;
 152           case ENOENT:
 153           case ESTALE:
 154           case ENOTDIR:
 155           /* Those errors indicate the file is missing or not executable
 156              by us, in which case we want to just try the next path
 157              directory.  */
 158           case ENODEV:
 159           case ETIMEDOUT:
 160           /* Some strange filesystems like AFS return even
 161              stranger error numbers.  They cannot reasonably mean
 162              anything else so ignore those, too.  */
 163             break;
 164
 165           default:
 166           /* Some other error means we found an executable file, but
 167              something went wrong executing it; return the error to our
 168              caller.  */
 169             return -1;
 170         }
 171
 172       if (*subp++ == '\0')
 173         break;
 174     }
 175
 176   /* We tried every element and none of them worked.  */
 177   if (got_eacces)
 178     /* At least one failure was due to permissions, so report that
 179        error.  */
 180     __set_errno (EACCES);
 181
 182   return -1;
 183 }
 184
 185 /* Execute FILE, searching in the `PATH' environment variable if it contains
 186    no slashes, with arguments ARGV and environment from ENVP.  */
 187 int
 188 __execvpe (const char *file, char *const argv[], char *const envp[])
 189 {
 190   return __execvpe_common (file, argv, envp, true);
 191 }
 192 weak_alias (__execvpe, execvpe)
 193
 194 /* Same as __EXECVPE, but does not try to execute NOEXEC files.  */
 195 int
 196 __execvpex (const char *file, char *const argv[], char *const envp[])
 197 {
 198   return __execvpe_common (file, argv, envp, false);
 199 }