xref: /freebsd/crypto/openssh/sftp-realpath.c (revision 3332f1b444d4a73238e9f59cca27bfc95fe936bd)
1 /*	$OpenBSD: sftp-realpath.c,v 1.1 2019/07/05 04:55:40 djm Exp $ */
2 /*
3  * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. The names of the authors may not be used to endorse or promote
14  *    products derived from this software without specific prior written
15  *    permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #include "includes.h"
31 
32 #include <sys/types.h>
33 #include <sys/param.h>
34 #include <sys/stat.h>
35 
36 #include <errno.h>
37 #include <stdlib.h>
38 #include <stddef.h>
39 #include <string.h>
40 #include <unistd.h>
41 #include <limits.h>
42 
43 #ifndef SYMLOOP_MAX
44 # define SYMLOOP_MAX 32
45 #endif
46 
47 /* XXX rewrite sftp-server to use POSIX realpath and remove this hack */
48 
49 char *sftp_realpath(const char *path, char *resolved);
50 
51 /*
52  * char *realpath(const char *path, char resolved[PATH_MAX]);
53  *
54  * Find the real name of path, by removing all ".", ".." and symlink
55  * components.  Returns (resolved) on success, or (NULL) on failure,
56  * in which case the path which caused trouble is left in (resolved).
57  */
58 char *
59 sftp_realpath(const char *path, char *resolved)
60 {
61 	struct stat sb;
62 	char *p, *q, *s;
63 	size_t left_len, resolved_len;
64 	unsigned symlinks;
65 	int serrno, slen, mem_allocated;
66 	char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
67 
68 	if (path[0] == '\0') {
69 		errno = ENOENT;
70 		return (NULL);
71 	}
72 
73 	serrno = errno;
74 
75 	if (resolved == NULL) {
76 		resolved = malloc(PATH_MAX);
77 		if (resolved == NULL)
78 			return (NULL);
79 		mem_allocated = 1;
80 	} else
81 		mem_allocated = 0;
82 
83 	symlinks = 0;
84 	if (path[0] == '/') {
85 		resolved[0] = '/';
86 		resolved[1] = '\0';
87 		if (path[1] == '\0')
88 			return (resolved);
89 		resolved_len = 1;
90 		left_len = strlcpy(left, path + 1, sizeof(left));
91 	} else {
92 		if (getcwd(resolved, PATH_MAX) == NULL) {
93 			if (mem_allocated)
94 				free(resolved);
95 			else
96 				strlcpy(resolved, ".", PATH_MAX);
97 			return (NULL);
98 		}
99 		resolved_len = strlen(resolved);
100 		left_len = strlcpy(left, path, sizeof(left));
101 	}
102 	if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
103 		errno = ENAMETOOLONG;
104 		goto err;
105 	}
106 
107 	/*
108 	 * Iterate over path components in `left'.
109 	 */
110 	while (left_len != 0) {
111 		/*
112 		 * Extract the next path component and adjust `left'
113 		 * and its length.
114 		 */
115 		p = strchr(left, '/');
116 		s = p ? p : left + left_len;
117 		if (s - left >= (ptrdiff_t)sizeof(next_token)) {
118 			errno = ENAMETOOLONG;
119 			goto err;
120 		}
121 		memcpy(next_token, left, s - left);
122 		next_token[s - left] = '\0';
123 		left_len -= s - left;
124 		if (p != NULL)
125 			memmove(left, s + 1, left_len + 1);
126 		if (resolved[resolved_len - 1] != '/') {
127 			if (resolved_len + 1 >= PATH_MAX) {
128 				errno = ENAMETOOLONG;
129 				goto err;
130 			}
131 			resolved[resolved_len++] = '/';
132 			resolved[resolved_len] = '\0';
133 		}
134 		if (next_token[0] == '\0')
135 			continue;
136 		else if (strcmp(next_token, ".") == 0)
137 			continue;
138 		else if (strcmp(next_token, "..") == 0) {
139 			/*
140 			 * Strip the last path component except when we have
141 			 * single "/"
142 			 */
143 			if (resolved_len > 1) {
144 				resolved[resolved_len - 1] = '\0';
145 				q = strrchr(resolved, '/') + 1;
146 				*q = '\0';
147 				resolved_len = q - resolved;
148 			}
149 			continue;
150 		}
151 
152 		/*
153 		 * Append the next path component and lstat() it. If
154 		 * lstat() fails we still can return successfully if
155 		 * there are no more path components left.
156 		 */
157 		resolved_len = strlcat(resolved, next_token, PATH_MAX);
158 		if (resolved_len >= PATH_MAX) {
159 			errno = ENAMETOOLONG;
160 			goto err;
161 		}
162 		if (lstat(resolved, &sb) != 0) {
163 			if (errno == ENOENT && p == NULL) {
164 				errno = serrno;
165 				return (resolved);
166 			}
167 			goto err;
168 		}
169 		if (S_ISLNK(sb.st_mode)) {
170 			if (symlinks++ > SYMLOOP_MAX) {
171 				errno = ELOOP;
172 				goto err;
173 			}
174 			slen = readlink(resolved, symlink, sizeof(symlink) - 1);
175 			if (slen < 0)
176 				goto err;
177 			symlink[slen] = '\0';
178 			if (symlink[0] == '/') {
179 				resolved[1] = 0;
180 				resolved_len = 1;
181 			} else if (resolved_len > 1) {
182 				/* Strip the last path component. */
183 				resolved[resolved_len - 1] = '\0';
184 				q = strrchr(resolved, '/') + 1;
185 				*q = '\0';
186 				resolved_len = q - resolved;
187 			}
188 
189 			/*
190 			 * If there are any path components left, then
191 			 * append them to symlink. The result is placed
192 			 * in `left'.
193 			 */
194 			if (p != NULL) {
195 				if (symlink[slen - 1] != '/') {
196 					if (slen + 1 >=
197 					    (ptrdiff_t)sizeof(symlink)) {
198 						errno = ENAMETOOLONG;
199 						goto err;
200 					}
201 					symlink[slen] = '/';
202 					symlink[slen + 1] = 0;
203 				}
204 				left_len = strlcat(symlink, left, sizeof(symlink));
205 				if (left_len >= sizeof(symlink)) {
206 					errno = ENAMETOOLONG;
207 					goto err;
208 				}
209 			}
210 			left_len = strlcpy(left, symlink, sizeof(left));
211 		}
212 	}
213 
214 	/*
215 	 * Remove trailing slash except when the resolved pathname
216 	 * is a single "/".
217 	 */
218 	if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
219 		resolved[resolved_len - 1] = '\0';
220 	return (resolved);
221 
222 err:
223 	if (mem_allocated)
224 		free(resolved);
225 	return (NULL);
226 }
227