Commit | Line | Data |
---|---|---|
c0c3707f | 1 | /* Copyright (C) 1991-1999, 2004-2019 Free Software Foundation, Inc. |
6ec2e0f5 SDJ |
2 | This file is part of the GNU C Library. |
3 | ||
4 | This program is free software: you can redistribute it and/or modify | |
5 | it under the terms of the GNU General Public License as published by | |
6 | the Free Software Foundation; either version 3 of the License, or | |
7 | (at your option) any later version. | |
8 | ||
9 | This program is distributed in the hope that it will be useful, | |
10 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
12 | GNU General Public License for more details. | |
13 | ||
14 | You should have received a copy of the GNU General Public License | |
c0c3707f | 15 | along with this program. If not, see <https://www.gnu.org/licenses/>. */ |
6ec2e0f5 SDJ |
16 | |
17 | #if !_LIBC | |
18 | # include <config.h> | |
19 | # include <unistd.h> | |
20 | #endif | |
21 | ||
22 | #include <errno.h> | |
23 | #include <sys/types.h> | |
24 | #include <sys/stat.h> | |
25 | #include <stdbool.h> | |
26 | #include <stddef.h> | |
27 | ||
28 | #include <fcntl.h> /* For AT_FDCWD on Solaris 9. */ | |
29 | ||
30 | /* If this host provides the openat function or if we're using the | |
31 | gnulib replacement function with a native fdopendir, then enable | |
32 | code below to make getcwd more efficient and robust. */ | |
33 | #if defined HAVE_OPENAT || (defined GNULIB_OPENAT && defined HAVE_FDOPENDIR) | |
34 | # define HAVE_OPENAT_SUPPORT 1 | |
35 | #else | |
36 | # define HAVE_OPENAT_SUPPORT 0 | |
37 | #endif | |
38 | ||
39 | #ifndef __set_errno | |
40 | # define __set_errno(val) (errno = (val)) | |
41 | #endif | |
42 | ||
43 | #include <dirent.h> | |
44 | #ifndef _D_EXACT_NAMLEN | |
45 | # define _D_EXACT_NAMLEN(d) strlen ((d)->d_name) | |
46 | #endif | |
47 | #ifndef _D_ALLOC_NAMLEN | |
48 | # define _D_ALLOC_NAMLEN(d) (_D_EXACT_NAMLEN (d) + 1) | |
49 | #endif | |
50 | ||
51 | #include <unistd.h> | |
52 | #include <stdlib.h> | |
53 | #include <string.h> | |
54 | ||
55 | #if _LIBC | |
56 | # ifndef mempcpy | |
57 | # define mempcpy __mempcpy | |
58 | # endif | |
59 | #endif | |
60 | ||
61 | #ifndef MAX | |
62 | # define MAX(a, b) ((a) < (b) ? (b) : (a)) | |
63 | #endif | |
64 | #ifndef MIN | |
65 | # define MIN(a, b) ((a) < (b) ? (a) : (b)) | |
66 | #endif | |
67 | ||
68 | #include "pathmax.h" | |
69 | ||
70 | /* In this file, PATH_MAX only serves as a threshold for choosing among two | |
71 | algorithms. */ | |
72 | #ifndef PATH_MAX | |
73 | # define PATH_MAX 8192 | |
74 | #endif | |
75 | ||
76 | #if D_INO_IN_DIRENT | |
77 | # define MATCHING_INO(dp, ino) ((dp)->d_ino == (ino)) | |
78 | #else | |
79 | # define MATCHING_INO(dp, ino) true | |
80 | #endif | |
81 | ||
c0c3707f CB |
82 | #if HAVE_MSVC_INVALID_PARAMETER_HANDLER |
83 | # include "msvc-inval.h" | |
84 | #endif | |
85 | ||
6ec2e0f5 SDJ |
86 | #if !_LIBC |
87 | # define __getcwd rpl_getcwd | |
88 | # define __lstat lstat | |
89 | # define __closedir closedir | |
90 | # define __opendir opendir | |
91 | # define __readdir readdir | |
92 | #endif | |
93 | ||
94 | /* The results of opendir() in this file are not used with dirfd and fchdir, | |
95 | and we do not leak fds to any single-threaded code that could use stdio, | |
96 | therefore save some unnecessary recursion in fchdir.c. | |
97 | FIXME - if the kernel ever adds support for multi-thread safety for | |
98 | avoiding standard fds, then we should use opendir_safer and | |
99 | openat_safer. */ | |
100 | #ifdef GNULIB_defined_opendir | |
101 | # undef opendir | |
102 | #endif | |
103 | #ifdef GNULIB_defined_closedir | |
104 | # undef closedir | |
105 | #endif | |
106 | \f | |
c0c3707f CB |
107 | #ifdef _MSC_VER |
108 | # if HAVE_MSVC_INVALID_PARAMETER_HANDLER | |
109 | static char * | |
110 | getcwd_nothrow (char *buf, size_t size) | |
111 | { | |
112 | char *result; | |
113 | ||
114 | TRY_MSVC_INVAL | |
115 | { | |
116 | result = _getcwd (buf, size); | |
117 | } | |
118 | CATCH_MSVC_INVAL | |
119 | { | |
120 | result = NULL; | |
121 | errno = ERANGE; | |
122 | } | |
123 | DONE_MSVC_INVAL; | |
124 | ||
125 | return result; | |
126 | } | |
127 | # else | |
128 | # define getcwd_nothrow _getcwd | |
129 | # endif | |
130 | # define getcwd_system getcwd_nothrow | |
131 | #else | |
132 | # define getcwd_system getcwd | |
133 | #endif | |
134 | ||
6ec2e0f5 SDJ |
135 | /* Get the name of the current working directory, and put it in SIZE |
136 | bytes of BUF. Returns NULL if the directory couldn't be determined or | |
137 | SIZE was too small. If successful, returns BUF. In GNU, if BUF is | |
138 | NULL, an array is allocated with 'malloc'; the array is SIZE bytes long, | |
139 | unless SIZE == 0, in which case it is as big as necessary. */ | |
140 | ||
141 | char * | |
142 | __getcwd (char *buf, size_t size) | |
143 | { | |
144 | /* Lengths of big file name components and entire file names, and a | |
145 | deep level of file name nesting. These numbers are not upper | |
146 | bounds; they are merely large values suitable for initial | |
147 | allocations, designed to be large enough for most real-world | |
148 | uses. */ | |
149 | enum | |
150 | { | |
151 | BIG_FILE_NAME_COMPONENT_LENGTH = 255, | |
152 | BIG_FILE_NAME_LENGTH = MIN (4095, PATH_MAX - 1), | |
153 | DEEP_NESTING = 100 | |
154 | }; | |
155 | ||
156 | #if HAVE_OPENAT_SUPPORT | |
157 | int fd = AT_FDCWD; | |
158 | bool fd_needs_closing = false; | |
159 | #else | |
160 | char dots[DEEP_NESTING * sizeof ".." + BIG_FILE_NAME_COMPONENT_LENGTH + 1]; | |
161 | char *dotlist = dots; | |
162 | size_t dotsize = sizeof dots; | |
163 | size_t dotlen = 0; | |
164 | #endif | |
165 | DIR *dirstream = NULL; | |
166 | dev_t rootdev, thisdev; | |
167 | ino_t rootino, thisino; | |
168 | char *dir; | |
169 | register char *dirp; | |
170 | struct stat st; | |
171 | size_t allocated = size; | |
172 | size_t used; | |
173 | ||
174 | #if HAVE_MINIMALLY_WORKING_GETCWD | |
175 | /* If AT_FDCWD is not defined, the algorithm below is O(N**2) and | |
176 | this is much slower than the system getcwd (at least on | |
177 | GNU/Linux). So trust the system getcwd's results unless they | |
178 | look suspicious. | |
179 | ||
180 | Use the system getcwd even if we have openat support, since the | |
181 | system getcwd works even when a parent is unreadable, while the | |
182 | openat-based approach does not. | |
183 | ||
184 | But on AIX 5.1..7.1, the system getcwd is not even minimally | |
185 | working: If the current directory name is slightly longer than | |
186 | PATH_MAX, it omits the first directory component and returns | |
187 | this wrong result with errno = 0. */ | |
188 | ||
189 | # undef getcwd | |
c0c3707f | 190 | dir = getcwd_system (buf, size); |
6ec2e0f5 SDJ |
191 | if (dir || (size && errno == ERANGE)) |
192 | return dir; | |
193 | ||
194 | /* Solaris getcwd (NULL, 0) fails with errno == EINVAL, but it has | |
195 | internal magic that lets it work even if an ancestor directory is | |
196 | inaccessible, which is better in many cases. So in this case try | |
197 | again with a buffer that's almost always big enough. */ | |
198 | if (errno == EINVAL && buf == NULL && size == 0) | |
199 | { | |
200 | char big_buffer[BIG_FILE_NAME_LENGTH + 1]; | |
c0c3707f | 201 | dir = getcwd_system (big_buffer, sizeof big_buffer); |
6ec2e0f5 SDJ |
202 | if (dir) |
203 | return strdup (dir); | |
204 | } | |
205 | ||
206 | # if HAVE_PARTLY_WORKING_GETCWD | |
207 | /* The system getcwd works, except it sometimes fails when it | |
208 | shouldn't, setting errno to ERANGE, ENAMETOOLONG, or ENOENT. */ | |
209 | if (errno != ERANGE && errno != ENAMETOOLONG && errno != ENOENT) | |
210 | return NULL; | |
211 | # endif | |
212 | #endif | |
213 | ||
214 | if (size == 0) | |
215 | { | |
216 | if (buf != NULL) | |
217 | { | |
218 | __set_errno (EINVAL); | |
219 | return NULL; | |
220 | } | |
221 | ||
222 | allocated = BIG_FILE_NAME_LENGTH + 1; | |
223 | } | |
224 | ||
225 | if (buf == NULL) | |
226 | { | |
227 | dir = malloc (allocated); | |
228 | if (dir == NULL) | |
229 | return NULL; | |
230 | } | |
231 | else | |
232 | dir = buf; | |
233 | ||
234 | dirp = dir + allocated; | |
235 | *--dirp = '\0'; | |
236 | ||
237 | if (__lstat (".", &st) < 0) | |
238 | goto lose; | |
239 | thisdev = st.st_dev; | |
240 | thisino = st.st_ino; | |
241 | ||
242 | if (__lstat ("/", &st) < 0) | |
243 | goto lose; | |
244 | rootdev = st.st_dev; | |
245 | rootino = st.st_ino; | |
246 | ||
247 | while (!(thisdev == rootdev && thisino == rootino)) | |
248 | { | |
249 | struct dirent *d; | |
250 | dev_t dotdev; | |
251 | ino_t dotino; | |
252 | bool mount_point; | |
253 | int parent_status; | |
254 | size_t dirroom; | |
255 | size_t namlen; | |
256 | bool use_d_ino = true; | |
257 | ||
258 | /* Look at the parent directory. */ | |
259 | #if HAVE_OPENAT_SUPPORT | |
260 | fd = openat (fd, "..", O_RDONLY); | |
261 | if (fd < 0) | |
262 | goto lose; | |
263 | fd_needs_closing = true; | |
264 | parent_status = fstat (fd, &st); | |
265 | #else | |
266 | dotlist[dotlen++] = '.'; | |
267 | dotlist[dotlen++] = '.'; | |
268 | dotlist[dotlen] = '\0'; | |
269 | parent_status = __lstat (dotlist, &st); | |
270 | #endif | |
271 | if (parent_status != 0) | |
272 | goto lose; | |
273 | ||
274 | if (dirstream && __closedir (dirstream) != 0) | |
275 | { | |
276 | dirstream = NULL; | |
277 | goto lose; | |
278 | } | |
279 | ||
280 | /* Figure out if this directory is a mount point. */ | |
281 | dotdev = st.st_dev; | |
282 | dotino = st.st_ino; | |
283 | mount_point = dotdev != thisdev; | |
284 | ||
285 | /* Search for the last directory. */ | |
286 | #if HAVE_OPENAT_SUPPORT | |
287 | dirstream = fdopendir (fd); | |
288 | if (dirstream == NULL) | |
289 | goto lose; | |
290 | fd_needs_closing = false; | |
291 | #else | |
292 | dirstream = __opendir (dotlist); | |
293 | if (dirstream == NULL) | |
294 | goto lose; | |
295 | dotlist[dotlen++] = '/'; | |
296 | #endif | |
297 | for (;;) | |
298 | { | |
299 | /* Clear errno to distinguish EOF from error if readdir returns | |
300 | NULL. */ | |
301 | __set_errno (0); | |
302 | d = __readdir (dirstream); | |
303 | ||
304 | /* When we've iterated through all directory entries without finding | |
305 | one with a matching d_ino, rewind the stream and consider each | |
306 | name again, but this time, using lstat. This is necessary in a | |
307 | chroot on at least one system (glibc-2.3.6 + linux 2.6.12), where | |
308 | .., ../.., ../../.., etc. all had the same device number, yet the | |
309 | d_ino values for entries in / did not match those obtained | |
310 | via lstat. */ | |
311 | if (d == NULL && errno == 0 && use_d_ino) | |
312 | { | |
313 | use_d_ino = false; | |
314 | rewinddir (dirstream); | |
315 | d = __readdir (dirstream); | |
316 | } | |
317 | ||
318 | if (d == NULL) | |
319 | { | |
320 | if (errno == 0) | |
321 | /* EOF on dirstream, which can mean e.g., that the current | |
322 | directory has been removed. */ | |
323 | __set_errno (ENOENT); | |
324 | goto lose; | |
325 | } | |
326 | if (d->d_name[0] == '.' && | |
327 | (d->d_name[1] == '\0' || | |
328 | (d->d_name[1] == '.' && d->d_name[2] == '\0'))) | |
329 | continue; | |
330 | ||
331 | if (use_d_ino) | |
332 | { | |
333 | bool match = (MATCHING_INO (d, thisino) || mount_point); | |
334 | if (! match) | |
335 | continue; | |
336 | } | |
337 | ||
338 | { | |
339 | int entry_status; | |
340 | #if HAVE_OPENAT_SUPPORT | |
341 | entry_status = fstatat (fd, d->d_name, &st, AT_SYMLINK_NOFOLLOW); | |
342 | #else | |
343 | /* Compute size needed for this file name, or for the file | |
344 | name ".." in the same directory, whichever is larger. | |
345 | Room for ".." might be needed the next time through | |
346 | the outer loop. */ | |
347 | size_t name_alloc = _D_ALLOC_NAMLEN (d); | |
348 | size_t filesize = dotlen + MAX (sizeof "..", name_alloc); | |
349 | ||
350 | if (filesize < dotlen) | |
351 | goto memory_exhausted; | |
352 | ||
353 | if (dotsize < filesize) | |
354 | { | |
355 | /* My, what a deep directory tree you have, Grandma. */ | |
356 | size_t newsize = MAX (filesize, dotsize * 2); | |
357 | size_t i; | |
358 | if (newsize < dotsize) | |
359 | goto memory_exhausted; | |
360 | if (dotlist != dots) | |
361 | free (dotlist); | |
362 | dotlist = malloc (newsize); | |
363 | if (dotlist == NULL) | |
364 | goto lose; | |
365 | dotsize = newsize; | |
366 | ||
367 | i = 0; | |
368 | do | |
369 | { | |
370 | dotlist[i++] = '.'; | |
371 | dotlist[i++] = '.'; | |
372 | dotlist[i++] = '/'; | |
373 | } | |
374 | while (i < dotlen); | |
375 | } | |
376 | ||
377 | memcpy (dotlist + dotlen, d->d_name, _D_ALLOC_NAMLEN (d)); | |
378 | entry_status = __lstat (dotlist, &st); | |
379 | #endif | |
380 | /* We don't fail here if we cannot stat() a directory entry. | |
381 | This can happen when (network) file systems fail. If this | |
382 | entry is in fact the one we are looking for we will find | |
383 | out soon as we reach the end of the directory without | |
384 | having found anything. */ | |
385 | if (entry_status == 0 && S_ISDIR (st.st_mode) | |
386 | && st.st_dev == thisdev && st.st_ino == thisino) | |
387 | break; | |
388 | } | |
389 | } | |
390 | ||
391 | dirroom = dirp - dir; | |
392 | namlen = _D_EXACT_NAMLEN (d); | |
393 | ||
394 | if (dirroom <= namlen) | |
395 | { | |
396 | if (size != 0) | |
397 | { | |
398 | __set_errno (ERANGE); | |
399 | goto lose; | |
400 | } | |
401 | else | |
402 | { | |
403 | char *tmp; | |
404 | size_t oldsize = allocated; | |
405 | ||
406 | allocated += MAX (allocated, namlen); | |
407 | if (allocated < oldsize | |
408 | || ! (tmp = realloc (dir, allocated))) | |
409 | goto memory_exhausted; | |
410 | ||
411 | /* Move current contents up to the end of the buffer. | |
412 | This is guaranteed to be non-overlapping. */ | |
413 | dirp = memcpy (tmp + allocated - (oldsize - dirroom), | |
414 | tmp + dirroom, | |
415 | oldsize - dirroom); | |
416 | dir = tmp; | |
417 | } | |
418 | } | |
419 | dirp -= namlen; | |
420 | memcpy (dirp, d->d_name, namlen); | |
421 | *--dirp = '/'; | |
422 | ||
423 | thisdev = dotdev; | |
424 | thisino = dotino; | |
425 | } | |
426 | ||
427 | if (dirstream && __closedir (dirstream) != 0) | |
428 | { | |
429 | dirstream = NULL; | |
430 | goto lose; | |
431 | } | |
432 | ||
433 | if (dirp == &dir[allocated - 1]) | |
434 | *--dirp = '/'; | |
435 | ||
436 | #if ! HAVE_OPENAT_SUPPORT | |
437 | if (dotlist != dots) | |
438 | free (dotlist); | |
439 | #endif | |
440 | ||
441 | used = dir + allocated - dirp; | |
442 | memmove (dir, dirp, used); | |
443 | ||
444 | if (size == 0) | |
445 | /* Ensure that the buffer is only as large as necessary. */ | |
c0c3707f | 446 | buf = (used < allocated ? realloc (dir, used) : dir); |
6ec2e0f5 SDJ |
447 | |
448 | if (buf == NULL) | |
449 | /* Either buf was NULL all along, or 'realloc' failed but | |
450 | we still have the original string. */ | |
451 | buf = dir; | |
452 | ||
453 | return buf; | |
454 | ||
455 | memory_exhausted: | |
456 | __set_errno (ENOMEM); | |
457 | lose: | |
458 | { | |
459 | int save = errno; | |
460 | if (dirstream) | |
461 | __closedir (dirstream); | |
462 | #if HAVE_OPENAT_SUPPORT | |
463 | if (fd_needs_closing) | |
464 | close (fd); | |
465 | #else | |
466 | if (dotlist != dots) | |
467 | free (dotlist); | |
468 | #endif | |
469 | if (buf == NULL) | |
470 | free (dir); | |
471 | __set_errno (save); | |
472 | } | |
473 | return NULL; | |
474 | } | |
475 | ||
476 | #ifdef weak_alias | |
477 | weak_alias (__getcwd, getcwd) | |
478 | #endif |