elf/chroot_canon.c

   1 /* Return the canonical absolute name of a given file inside chroot.
   2    Copyright (C) 1996,1997,1998,1999,2000,2001,2004,2005,2010,2011
   3         Free Software Foundation, Inc.
   4    This file is part of the GNU C Library.
   5
   6    This program is free software; you can redistribute it and/or modify
   7    it under the terms of the GNU General Public License as published
   8    by the Free Software Foundation; version 2 of the License, or
   9    (at your option) any later version.
  10
  11    This program is distributed in the hope that it will be useful,
  12    but WITHOUT ANY WARRANTY; without even the implied warranty of
  13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14    GNU General Public License for more details.
  15
  16    You should have received a copy of the GNU General Public License
  17    along with this program; if not, see <http://www.gnu.org/licenses/>.  */
  18
  19 #include <stdlib.h>
  20 #include <string.h>
  21 #include <unistd.h>
  22 #include <limits.h>
  23 #include <sys/param.h>
  24 #include <sys/stat.h>
  25 #include <errno.h>
  26 #include <stddef.h>
  27 #include <stdint.h>
  28
  29 #include <ldconfig.h>
  30
  31 #ifndef PATH_MAX
  32 #define PATH_MAX 1024
  33 #endif
  34
  35 /* Return the canonical absolute name of file NAME as if chroot(CHROOT) was
  36    done first.  A canonical name does not contain any `.', `..' components
  37    nor any repeated path separators ('/') or symlinks.  All path components
  38    must exist and NAME must be absolute filename.  The result is malloc'd.
  39    The returned name includes the CHROOT prefix.  */
  40
  41 char *
  42 chroot_canon (const char *chroot, const char *name)
  43 {
  44   char *rpath;
  45   char *dest;
  46   char *extra_buf = NULL;
  47   char *rpath_root;
  48   const char *start;
  49   const char *end;
  50   const char *rpath_limit;
  51   int num_links = 0;
  52   size_t chroot_len = strlen (chroot);
  53
  54   if (chroot_len < 1)
  55     {
  56       __set_errno (EINVAL);
  57       return NULL;
  58     }
  59
  60   rpath = xmalloc (chroot_len + PATH_MAX);
  61
  62   rpath_limit = rpath + chroot_len + PATH_MAX;
  63
  64   rpath_root = (char *) mempcpy (rpath, chroot, chroot_len) - 1;
  65   if (*rpath_root != '/')
  66     *++rpath_root = '/';
  67   dest = rpath_root + 1;
  68
  69   for (start = end = name; *start; start = end)
  70     {
  71       struct stat64 st;
  72
  73       /* Skip sequence of multiple path-separators.  */
  74       while (*start == '/')
  75         ++start;
  76
  77       /* Find end of path component.  */
  78       for (end = start; *end && *end != '/'; ++end)
  79         /* Nothing.  */;
  80
  81       if (end - start == 0)
  82         break;
  83       else if (end - start == 1 && start[0] == '.')
  84         /* nothing */;
  85       else if (end - start == 2 && start[0] == '.' && start[1] == '.')
  86         {
  87           /* Back up to previous component, ignore if at root already.  */
  88           if (dest > rpath_root + 1)
  89             while ((--dest)[-1] != '/');
  90         }
  91       else
  92         {
  93           size_t new_size;
  94
  95           if (dest[-1] != '/')
  96             *dest++ = '/';
  97
  98           if (dest + (end - start) >= rpath_limit)
  99             {
 100               ptrdiff_t dest_offset = dest - rpath;
 101               char *new_rpath;
 102
 103               new_size = rpath_limit - rpath;
 104               if (end - start + 1 > PATH_MAX)
 105                 new_size += end - start + 1;
 106               else
 107                 new_size += PATH_MAX;
 108               new_rpath = (char *) xrealloc (rpath, new_size);
 109               rpath = new_rpath;
 110               rpath_limit = rpath + new_size;
 111
 112               dest = rpath + dest_offset;
 113             }
 114
 115           dest = mempcpy (dest, start, end - start);
 116           *dest = '\0';
 117
 118           if (lstat64 (rpath, &st) < 0)
 119             {
 120               if (*end == '\0')
 121                 goto done;
 122               goto error;
 123             }
 124
 125           if (S_ISLNK (st.st_mode))
 126             {
 127               char *buf = alloca (PATH_MAX);
 128               size_t len;
 129
 130               if (++num_links > MAXSYMLINKS)
 131                 {
 132                   __set_errno (ELOOP);
 133                   goto error;
 134                 }
 135
 136               ssize_t n = readlink (rpath, buf, PATH_MAX - 1);
 137               if (n < 0)
 138                 {
 139                   if (*end == '\0')
 140                     goto done;
 141                   goto error;
 142                 }
 143               buf[n] = '\0';
 144
 145               if (!extra_buf)
 146                 extra_buf = alloca (PATH_MAX);
 147
 148               len = strlen (end);
 149               if (len >= PATH_MAX - n)
 150                 {
 151                   __set_errno (ENAMETOOLONG);
 152                   goto error;
 153                 }
 154
 155               /* Careful here, end may be a pointer into extra_buf... */
 156               memmove (&extra_buf[n], end, len + 1);
 157               name = end = memcpy (extra_buf, buf, n);
 158
 159               if (buf[0] == '/')
 160                 dest = rpath_root + 1;  /* It's an absolute symlink */
 161               else
 162                 /* Back up to previous component, ignore if at root already: */
 163                 if (dest > rpath_root + 1)
 164                   while ((--dest)[-1] != '/');
 165             }
 166         }
 167     }
 168  done:
 169   if (dest > rpath_root + 1 && dest[-1] == '/')
 170     --dest;
 171   *dest = '\0';
 172
 173   return rpath;
 174
 175  error:
 176   free (rpath);
 177   return NULL;
 178 }