1 /* Return the canonical absolute name of a given file.
2 Copyright (C) 1996-2024 Free Software Foundation, Inc.
4 This program is free software: you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation, either version 3 of the License, or
7 (at your option) any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <https://www.gnu.org/licenses/>. */
19 #include "canonicalize.h"
30 #include <scratch_buffer.h>
32 #include "attribute.h"
34 #include "hash-triple.h"
37 #ifndef DOUBLE_SLASH_IS_DISTINCT_ROOT
38 # define DOUBLE_SLASH_IS_DISTINCT_ROOT false
42 # define SLASHES "/\\"
47 /* Avoid false GCC warning "'end_idx' may be used uninitialized". */
48 #if __GNUC__ + (__GNUC_MINOR__ >= 7) > 4
49 # pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
52 /* Return true if FILE's existence can be shown, false (setting errno)
53 otherwise. Follow symbolic links. */
55 file_accessible (char const *file
)
58 return faccessat (AT_FDCWD
, file
, F_OK
, AT_EACCESS
) == 0;
61 return stat (file
, &st
) == 0 || errno
== EOVERFLOW
;
65 /* True if concatenating END as a suffix to a file name means that the
66 code needs to check that the file name is that of a searchable
67 directory, since the canonicalize_filename_mode_stk code won't
68 check this later anyway when it checks an ordinary file name
69 component within END. END must either be empty, or start with a
72 static bool _GL_ATTRIBUTE_PURE
73 suffix_requires_dir_check (char const *end
)
75 /* If END does not start with a slash, the suffix is OK. */
76 while (ISSLASH (*end
))
78 /* Two or more slashes act like a single slash. */
81 while (ISSLASH (*end
));
85 default: return false; /* An ordinary file name component is OK. */
86 case '\0': return true; /* Trailing "/" is trouble. */
87 case '.': break; /* Possibly "." or "..". */
89 /* Trailing "/.", or "/.." even if not trailing, is trouble. */
90 if (!*end
|| (*end
== '.' && (!end
[1] || ISSLASH (end
[1]))))
97 /* Append this to a file name to test whether it is a searchable directory.
98 On POSIX platforms "/" suffices, but "/./" is sometimes needed on
99 macOS 10.13 <https://bugs.gnu.org/30350>, and should also work on
100 platforms like AIX 7.2 that need at least "/.". */
102 #ifdef LSTAT_FOLLOWS_SLASHED_SYMLINK
103 static char const dir_suffix
[] = "/";
105 static char const dir_suffix
[] = "/./";
108 /* Return true if DIR is a searchable dir, false (setting errno) otherwise.
109 DIREND points to the NUL byte at the end of the DIR string.
110 Store garbage into DIREND[0 .. strlen (dir_suffix)]. */
113 dir_check (char *dir
, char *dirend
)
115 strcpy (dirend
, dir_suffix
);
116 return file_accessible (dir
);
119 #if !((HAVE_CANONICALIZE_FILE_NAME && FUNC_REALPATH_WORKS) \
120 || GNULIB_CANONICALIZE_LGPL)
121 /* Return the canonical absolute name of file NAME. A canonical name
122 does not contain any ".", ".." components nor any repeated file name
123 separators ('/') or symlinks. All components must exist.
124 The result is malloc'd. */
127 canonicalize_file_name (const char *name
)
129 return canonicalize_filename_mode (name
, CAN_EXISTING
);
131 #endif /* !HAVE_CANONICALIZE_FILE_NAME */
134 multiple_bits_set (canonicalize_mode_t i
)
136 return (i
& (i
- 1)) != 0;
139 /* Return true if we've already seen the triple, <FILENAME, dev, ino>.
140 If *HT is not initialized, initialize it. */
142 seen_triple (Hash_table
**ht
, char const *filename
, struct stat
const *st
)
146 idx_t initial_capacity
= 7;
147 *ht
= hash_initialize (initial_capacity
,
150 triple_compare_ino_str
,
156 if (seen_file (*ht
, filename
, st
))
159 record_file (*ht
, filename
, st
);
163 /* Scratch buffers used by canonicalize_filename_mode_stk and managed
167 struct scratch_buffer rname
;
168 struct scratch_buffer extra
;
169 struct scratch_buffer link
;
173 canonicalize_filename_mode_stk (const char *name
, canonicalize_mode_t can_mode
,
174 struct realpath_bufs
*bufs
)
179 Hash_table
*ht
= NULL
;
180 bool logical
= (can_mode
& CAN_NOLINKS
) != 0;
183 canonicalize_mode_t can_exist
= can_mode
& CAN_MODE_MASK
;
184 if (multiple_bits_set (can_exist
))
202 char *rname
= bufs
->rname
.data
;
203 bool end_in_extra_buffer
= false;
206 /* This is always zero for Posix hosts, but can be 2 for MS-Windows
207 and MS-DOS X:/foo/bar file names. */
208 idx_t prefix_len
= FILE_SYSTEM_PREFIX_LEN (name
);
210 if (!IS_ABSOLUTE_FILE_NAME (name
))
212 while (!getcwd (bufs
->rname
.data
, bufs
->rname
.length
))
217 if (scratch_buffer_grow (&bufs
->rname
))
227 rname
= bufs
->rname
.data
;
229 dest
= rawmemchr (rname
, '\0');
231 prefix_len
= FILE_SYSTEM_PREFIX_LEN (rname
);
235 dest
= mempcpy (rname
, name
, prefix_len
);
237 if (DOUBLE_SLASH_IS_DISTINCT_ROOT
)
239 if (prefix_len
== 0 /* implies ISSLASH (name[0]) */
240 && ISSLASH (name
[1]) && !ISSLASH (name
[2]))
243 #if defined _WIN32 && !defined __CYGWIN__
244 /* For UNC file names '\\server\path\to\file', extend the prefix
245 to include the server: '\\server\'. */
248 for (i
= 2; name
[i
] != '\0' && !ISSLASH (name
[i
]); )
250 if (name
[i
] != '\0' /* implies ISSLASH (name[i]) */
251 && i
+ 1 < bufs
->rname
.length
)
254 memcpy (dest
, name
+ 2, i
- 2 + 1);
259 /* Either name = '\\server'; this is an invalid file name.
260 Or name = '\\server\...' and server is more than
261 bufs->rname.length - 4 bytes long. In either
262 case, stop the UNC processing. */
269 start
= name
+ prefix_len
;
272 for ( ; *start
; start
= end
)
274 /* Skip sequence of multiple file name separators. */
275 while (ISSLASH (*start
))
278 /* Find end of component. */
279 for (end
= start
; *end
&& !ISSLASH (*end
); ++end
)
282 /* Length of this file name component; it can be zero if a file
284 idx_t startlen
= end
- start
;
288 else if (startlen
== 1 && start
[0] == '.')
290 else if (startlen
== 2 && start
[0] == '.' && start
[1] == '.')
292 /* Back up to previous component, ignore if at root already. */
293 if (dest
> rname
+ prefix_len
+ 1)
294 for (--dest
; dest
> rname
&& !ISSLASH (dest
[-1]); --dest
)
296 if (DOUBLE_SLASH_IS_DISTINCT_ROOT
297 && dest
== rname
+ 1 && !prefix_len
298 && ISSLASH (*dest
) && !ISSLASH (dest
[1]))
303 if (!ISSLASH (dest
[-1]))
306 while (rname
+ bufs
->rname
.length
- dest
307 < startlen
+ sizeof dir_suffix
)
309 idx_t dest_offset
= dest
- rname
;
310 if (!scratch_buffer_grow_preserve (&bufs
->rname
))
312 rname
= bufs
->rname
.data
;
313 dest
= rname
+ dest_offset
;
316 dest
= mempcpy (dest
, start
, startlen
);
325 buf
= bufs
->link
.data
;
326 idx_t bufsize
= bufs
->link
.length
;
327 n
= readlink (rname
, buf
, bufsize
- 1);
330 if (!scratch_buffer_grow (&bufs
->link
))
336 /* A physical traversal and RNAME is a symbolic link. */
342 /* Enough symlinks have been seen that it is time to
343 worry about being in a symlink cycle.
344 Get the device and inode of the parent directory, as
345 pre-2017 POSIX says this info is not reliable for
348 dest
[- startlen
] = '\0';
349 if (stat (*rname
? rname
: ".", &st
) != 0)
351 dest
[- startlen
] = *start
;
353 /* Detect loops. We cannot use the cycle-check module here,
354 since it's possible to encounter the same parent
355 directory more than once in a given traversal. However,
356 encountering the same (parentdir, START) pair twice does
358 if (seen_triple (&ht
, start
, &st
))
360 if (can_exist
== CAN_MISSING
)
369 char *extra_buf
= bufs
->extra
.data
;
371 if (end_in_extra_buffer
)
372 end_idx
= end
- extra_buf
;
373 size_t len
= strlen (end
);
374 if (INT_ADD_OVERFLOW (len
, n
))
376 while (bufs
->extra
.length
<= len
+ n
)
378 if (!scratch_buffer_grow_preserve (&bufs
->extra
))
380 extra_buf
= bufs
->extra
.data
;
382 if (end_in_extra_buffer
)
383 end
= extra_buf
+ end_idx
;
385 /* Careful here, end may be a pointer into extra_buf... */
386 memmove (&extra_buf
[n
], end
, len
+ 1);
387 name
= end
= memcpy (extra_buf
, buf
, n
);
388 end_in_extra_buffer
= true;
390 if (IS_ABSOLUTE_FILE_NAME (buf
))
392 idx_t pfxlen
= FILE_SYSTEM_PREFIX_LEN (buf
);
394 dest
= mempcpy (rname
, buf
, pfxlen
);
395 *dest
++ = '/'; /* It's an absolute symlink */
396 if (DOUBLE_SLASH_IS_DISTINCT_ROOT
)
398 if (ISSLASH (buf
[1]) && !ISSLASH (buf
[2]) && !pfxlen
)
402 /* Install the new prefix to be in effect hereafter. */
407 /* Back up to previous component, ignore if at root
409 if (dest
> rname
+ prefix_len
+ 1)
410 for (--dest
; dest
> rname
&& !ISSLASH (dest
[-1]); --dest
)
412 if (DOUBLE_SLASH_IS_DISTINCT_ROOT
&& dest
== rname
+ 1
413 && ISSLASH (*dest
) && !ISSLASH (dest
[1]) && !prefix_len
)
417 else if (! (can_exist
== CAN_MISSING
418 || (suffix_requires_dir_check (end
)
419 ? dir_check (rname
, dest
)
422 : *end
|| file_accessible (rname
))
423 || (can_exist
== CAN_ALL_BUT_LAST
425 && !end
[strspn (end
, SLASHES
)])))
429 if (dest
> rname
+ prefix_len
+ 1 && ISSLASH (dest
[-1]))
431 if (DOUBLE_SLASH_IS_DISTINCT_ROOT
&& dest
== rname
+ 1 && !prefix_len
432 && ISSLASH (*dest
) && !ISSLASH (dest
[1]))
444 char *result
= malloc (dest
- rname
);
447 return memcpy (result
, rname
, dest
- rname
);
450 /* Return the canonical absolute name of file NAME, while treating
451 missing elements according to CAN_MODE. A canonical name
452 does not contain any ".", ".." components nor any repeated file name
453 separators ('/') or, depending on other CAN_MODE flags, symlinks.
454 Whether components must exist or not depends on canonicalize mode.
455 The result is malloc'd. */
458 canonicalize_filename_mode (const char *name
, canonicalize_mode_t can_mode
)
460 struct realpath_bufs bufs
;
461 scratch_buffer_init (&bufs
.rname
);
462 scratch_buffer_init (&bufs
.extra
);
463 scratch_buffer_init (&bufs
.link
);
464 char *result
= canonicalize_filename_mode_stk (name
, can_mode
, &bufs
);
465 scratch_buffer_free (&bufs
.link
);
466 scratch_buffer_free (&bufs
.extra
);
467 scratch_buffer_free (&bufs
.rname
);