1 /* $OpenBSD: sftp-realpath.c,v 1.1 2019/07/05 04:55:40 djm Exp $ */ 2 /* 3 * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru> 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. The names of the authors may not be used to endorse or promote 14 * products derived from this software without specific prior written 15 * permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 #include "includes.h" 31 32 #include <sys/types.h> 33 #include <sys/param.h> 34 #include <sys/stat.h> 35 36 #include <errno.h> 37 #include <stdlib.h> 38 #include <stddef.h> 39 #include <string.h> 40 #include <unistd.h> 41 #include <limits.h> 42 43 #ifndef SYMLOOP_MAX 44 # define SYMLOOP_MAX 32 45 #endif 46 47 /* XXX rewrite sftp-server to use POSIX realpath and remove this hack */ 48 49 char *sftp_realpath(const char *path, char *resolved); 50 51 /* 52 * char *realpath(const char *path, char resolved[PATH_MAX]); 53 * 54 * Find the real name of path, by removing all ".", ".." and symlink 55 * components. Returns (resolved) on success, or (NULL) on failure, 56 * in which case the path which caused trouble is left in (resolved). 57 */ 58 char * 59 sftp_realpath(const char *path, char *resolved) 60 { 61 struct stat sb; 62 char *p, *q, *s; 63 size_t left_len, resolved_len; 64 unsigned symlinks; 65 int serrno, slen, mem_allocated; 66 char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX]; 67 68 if (path[0] == '\0') { 69 errno = ENOENT; 70 return (NULL); 71 } 72 73 serrno = errno; 74 75 if (resolved == NULL) { 76 resolved = malloc(PATH_MAX); 77 if (resolved == NULL) 78 return (NULL); 79 mem_allocated = 1; 80 } else 81 mem_allocated = 0; 82 83 symlinks = 0; 84 if (path[0] == '/') { 85 resolved[0] = '/'; 86 resolved[1] = '\0'; 87 if (path[1] == '\0') 88 return (resolved); 89 resolved_len = 1; 90 left_len = strlcpy(left, path + 1, sizeof(left)); 91 } else { 92 if (getcwd(resolved, PATH_MAX) == NULL) { 93 if (mem_allocated) 94 free(resolved); 95 else 96 strlcpy(resolved, ".", PATH_MAX); 97 return (NULL); 98 } 99 resolved_len = strlen(resolved); 100 left_len = strlcpy(left, path, sizeof(left)); 101 } 102 if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) { 103 errno = ENAMETOOLONG; 104 goto err; 105 } 106 107 /* 108 * Iterate over path components in `left'. 109 */ 110 while (left_len != 0) { 111 /* 112 * Extract the next path component and adjust `left' 113 * and its length. 114 */ 115 p = strchr(left, '/'); 116 s = p ? p : left + left_len; 117 if (s - left >= (ptrdiff_t)sizeof(next_token)) { 118 errno = ENAMETOOLONG; 119 goto err; 120 } 121 memcpy(next_token, left, s - left); 122 next_token[s - left] = '\0'; 123 left_len -= s - left; 124 if (p != NULL) 125 memmove(left, s + 1, left_len + 1); 126 if (resolved[resolved_len - 1] != '/') { 127 if (resolved_len + 1 >= PATH_MAX) { 128 errno = ENAMETOOLONG; 129 goto err; 130 } 131 resolved[resolved_len++] = '/'; 132 resolved[resolved_len] = '\0'; 133 } 134 if (next_token[0] == '\0') 135 continue; 136 else if (strcmp(next_token, ".") == 0) 137 continue; 138 else if (strcmp(next_token, "..") == 0) { 139 /* 140 * Strip the last path component except when we have 141 * single "/" 142 */ 143 if (resolved_len > 1) { 144 resolved[resolved_len - 1] = '\0'; 145 q = strrchr(resolved, '/') + 1; 146 *q = '\0'; 147 resolved_len = q - resolved; 148 } 149 continue; 150 } 151 152 /* 153 * Append the next path component and lstat() it. If 154 * lstat() fails we still can return successfully if 155 * there are no more path components left. 156 */ 157 resolved_len = strlcat(resolved, next_token, PATH_MAX); 158 if (resolved_len >= PATH_MAX) { 159 errno = ENAMETOOLONG; 160 goto err; 161 } 162 if (lstat(resolved, &sb) != 0) { 163 if (errno == ENOENT && p == NULL) { 164 errno = serrno; 165 return (resolved); 166 } 167 goto err; 168 } 169 if (S_ISLNK(sb.st_mode)) { 170 if (symlinks++ > SYMLOOP_MAX) { 171 errno = ELOOP; 172 goto err; 173 } 174 slen = readlink(resolved, symlink, sizeof(symlink) - 1); 175 if (slen < 0) 176 goto err; 177 symlink[slen] = '\0'; 178 if (symlink[0] == '/') { 179 resolved[1] = 0; 180 resolved_len = 1; 181 } else if (resolved_len > 1) { 182 /* Strip the last path component. */ 183 resolved[resolved_len - 1] = '\0'; 184 q = strrchr(resolved, '/') + 1; 185 *q = '\0'; 186 resolved_len = q - resolved; 187 } 188 189 /* 190 * If there are any path components left, then 191 * append them to symlink. The result is placed 192 * in `left'. 193 */ 194 if (p != NULL) { 195 if (symlink[slen - 1] != '/') { 196 if (slen + 1 >= 197 (ptrdiff_t)sizeof(symlink)) { 198 errno = ENAMETOOLONG; 199 goto err; 200 } 201 symlink[slen] = '/'; 202 symlink[slen + 1] = 0; 203 } 204 left_len = strlcat(symlink, left, sizeof(symlink)); 205 if (left_len >= sizeof(symlink)) { 206 errno = ENAMETOOLONG; 207 goto err; 208 } 209 } 210 left_len = strlcpy(left, symlink, sizeof(left)); 211 } 212 } 213 214 /* 215 * Remove trailing slash except when the resolved pathname 216 * is a single "/". 217 */ 218 if (resolved_len > 1 && resolved[resolved_len - 1] == '/') 219 resolved[resolved_len - 1] = '\0'; 220 return (resolved); 221 222 err: 223 if (mem_allocated) 224 free(resolved); 225 return (NULL); 226 } 227