sftp-realpath.c 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227
  1. /* $OpenBSD: sftp-realpath.c,v 1.1 2019/07/05 04:55:40 djm Exp $ */
  2. /*
  3. * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions
  7. * are met:
  8. * 1. Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * 2. Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in the
  12. * documentation and/or other materials provided with the distribution.
  13. * 3. The names of the authors may not be used to endorse or promote
  14. * products derived from this software without specific prior written
  15. * permission.
  16. *
  17. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  18. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  19. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  20. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  21. * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  22. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  23. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  24. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  25. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  26. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  27. * SUCH DAMAGE.
  28. */
  29. #include "includes.h"
  30. #include <sys/types.h>
  31. #include <sys/param.h>
  32. #include <sys/stat.h>
  33. #include <errno.h>
  34. #include <stdlib.h>
  35. #include <stddef.h>
  36. #include <string.h>
  37. #include <unistd.h>
  38. #include <limits.h>
  39. #ifndef SYMLOOP_MAX
  40. # define SYMLOOP_MAX 32
  41. #endif
  42. /* XXX rewrite sftp-server to use POSIX realpath and remove this hack */
  43. char *sftp_realpath(const char *path, char *resolved);
  44. /*
  45. * char *realpath(const char *path, char resolved[PATH_MAX]);
  46. *
  47. * Find the real name of path, by removing all ".", ".." and symlink
  48. * components. Returns (resolved) on success, or (NULL) on failure,
  49. * in which case the path which caused trouble is left in (resolved).
  50. */
  51. char *
  52. sftp_realpath(const char *path, char *resolved)
  53. {
  54. struct stat sb;
  55. char *p, *q, *s;
  56. size_t left_len, resolved_len;
  57. unsigned symlinks;
  58. int serrno, slen, mem_allocated;
  59. char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
  60. if (path[0] == '\0') {
  61. errno = ENOENT;
  62. return (NULL);
  63. }
  64. serrno = errno;
  65. if (resolved == NULL) {
  66. resolved = malloc(PATH_MAX);
  67. if (resolved == NULL)
  68. return (NULL);
  69. mem_allocated = 1;
  70. } else
  71. mem_allocated = 0;
  72. symlinks = 0;
  73. if (path[0] == '/') {
  74. resolved[0] = '/';
  75. resolved[1] = '\0';
  76. if (path[1] == '\0')
  77. return (resolved);
  78. resolved_len = 1;
  79. left_len = strlcpy(left, path + 1, sizeof(left));
  80. } else {
  81. if (getcwd(resolved, PATH_MAX) == NULL) {
  82. if (mem_allocated)
  83. free(resolved);
  84. else
  85. strlcpy(resolved, ".", PATH_MAX);
  86. return (NULL);
  87. }
  88. resolved_len = strlen(resolved);
  89. left_len = strlcpy(left, path, sizeof(left));
  90. }
  91. if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
  92. errno = ENAMETOOLONG;
  93. goto err;
  94. }
  95. /*
  96. * Iterate over path components in `left'.
  97. */
  98. while (left_len != 0) {
  99. /*
  100. * Extract the next path component and adjust `left'
  101. * and its length.
  102. */
  103. p = strchr(left, '/');
  104. s = p ? p : left + left_len;
  105. if (s - left >= (ptrdiff_t)sizeof(next_token)) {
  106. errno = ENAMETOOLONG;
  107. goto err;
  108. }
  109. memcpy(next_token, left, s - left);
  110. next_token[s - left] = '\0';
  111. left_len -= s - left;
  112. if (p != NULL)
  113. memmove(left, s + 1, left_len + 1);
  114. if (resolved[resolved_len - 1] != '/') {
  115. if (resolved_len + 1 >= PATH_MAX) {
  116. errno = ENAMETOOLONG;
  117. goto err;
  118. }
  119. resolved[resolved_len++] = '/';
  120. resolved[resolved_len] = '\0';
  121. }
  122. if (next_token[0] == '\0')
  123. continue;
  124. else if (strcmp(next_token, ".") == 0)
  125. continue;
  126. else if (strcmp(next_token, "..") == 0) {
  127. /*
  128. * Strip the last path component except when we have
  129. * single "/"
  130. */
  131. if (resolved_len > 1) {
  132. resolved[resolved_len - 1] = '\0';
  133. q = strrchr(resolved, '/') + 1;
  134. *q = '\0';
  135. resolved_len = q - resolved;
  136. }
  137. continue;
  138. }
  139. /*
  140. * Append the next path component and lstat() it. If
  141. * lstat() fails we still can return successfully if
  142. * there are no more path components left.
  143. */
  144. resolved_len = strlcat(resolved, next_token, PATH_MAX);
  145. if (resolved_len >= PATH_MAX) {
  146. errno = ENAMETOOLONG;
  147. goto err;
  148. }
  149. if (lstat(resolved, &sb) != 0) {
  150. if (errno == ENOENT && p == NULL) {
  151. errno = serrno;
  152. return (resolved);
  153. }
  154. goto err;
  155. }
  156. if (S_ISLNK(sb.st_mode)) {
  157. if (symlinks++ > SYMLOOP_MAX) {
  158. errno = ELOOP;
  159. goto err;
  160. }
  161. slen = readlink(resolved, symlink, sizeof(symlink) - 1);
  162. if (slen < 0)
  163. goto err;
  164. symlink[slen] = '\0';
  165. if (symlink[0] == '/') {
  166. resolved[1] = 0;
  167. resolved_len = 1;
  168. } else if (resolved_len > 1) {
  169. /* Strip the last path component. */
  170. resolved[resolved_len - 1] = '\0';
  171. q = strrchr(resolved, '/') + 1;
  172. *q = '\0';
  173. resolved_len = q - resolved;
  174. }
  175. /*
  176. * If there are any path components left, then
  177. * append them to symlink. The result is placed
  178. * in `left'.
  179. */
  180. if (p != NULL) {
  181. if (symlink[slen - 1] != '/') {
  182. if (slen + 1 >=
  183. (ptrdiff_t)sizeof(symlink)) {
  184. errno = ENAMETOOLONG;
  185. goto err;
  186. }
  187. symlink[slen] = '/';
  188. symlink[slen + 1] = 0;
  189. }
  190. left_len = strlcat(symlink, left, sizeof(symlink));
  191. if (left_len >= sizeof(symlink)) {
  192. errno = ENAMETOOLONG;
  193. goto err;
  194. }
  195. }
  196. left_len = strlcpy(left, symlink, sizeof(left));
  197. }
  198. }
  199. /*
  200. * Remove trailing slash except when the resolved pathname
  201. * is a single "/".
  202. */
  203. if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
  204. resolved[resolved_len - 1] = '\0';
  205. return (resolved);
  206. err:
  207. if (mem_allocated)
  208. free(resolved);
  209. return (NULL);
  210. }