int
main (void)
{
int result;
/* Remove any leftovers from a previous partial run. */
ignore_value (system ("rm -rf " BASE "*"));
/* Basic tests. */
result = test_areadlink (do_areadlinkat, false);
dfd = open (".", O_RDONLY);
ASSERT (0 <= dfd);
ASSERT (test_areadlink (do_areadlinkat, false) == result);
/* Relative tests. */
if (result == 77)
fputs ("skipping test: symlinks not supported on this file system\n",
stderr);
else
{
char *buf;
ASSERT (symlink ("nowhere", BASE "link") == 0);
ASSERT (mkdir (BASE "dir", 0700) == 0);
ASSERT (chdir (BASE "dir") == 0);
buf = areadlinkat (dfd, BASE "link");
ASSERT (buf);
ASSERT (strcmp (buf, "nowhere") == 0);
free (buf);
errno = 0;
ASSERT (areadlinkat (-1, BASE "link") == NULL);
ASSERT (errno == EBADF);
errno = 0;
ASSERT (areadlinkat (AT_FDCWD, BASE "link") == NULL);
ASSERT (errno == ENOENT);
ASSERT (chdir ("..") == 0);
ASSERT (rmdir (BASE "dir") == 0);
ASSERT (unlink (BASE "link") == 0);
}
ASSERT (close (dfd) == 0);
return result;
}
static int
linkat_follow (int fd1, char const *file1, int fd2, char const *file2)
{
char *name = (char *) file1;
char *target;
int result;
int i = MAXSYMLINKS;
/* There is no realpathat. */
while (i-- && (target = areadlinkat (fd1, name)))
{
if (IS_ABSOLUTE_FILE_NAME (target))
{
if (name != file1)
free (name);
name = target;
}
else
{
char *dir = mdir_name (name);
if (name != file1)
free (name);
if (!dir)
{
free (target);
errno = ENOMEM;
return -1;
}
name = mfile_name_concat (dir, target, NULL);
free (dir);
free (target);
if (!name)
{
errno = ENOMEM;
return -1;
}
}
}
if (i < 0)
{
target = NULL;
errno = ELOOP;
}
if (!target && errno != EINVAL)
{
if (name != file1)
{
int saved_errno = errno;
free (name);
errno = saved_errno;
}
return -1;
}
result = linkat (fd1, name, fd2, file2, 0);
if (name != file1)
{
int saved_errno = errno;
free (name);
errno = saved_errno;
}
return result;
}
static void
do_fprintf (struct format_val *dest,
struct segment *segment,
const char *pathname,
const struct stat *stat_buf)
{
char hbuf[LONGEST_HUMAN_READABLE + 1];
const char *cp;
switch (segment->segkind)
{
case KIND_PLAIN: /* Plain text string (no % conversion). */
/* trusted */
checked_fwrite(segment->text, 1, segment->text_len, dest);
break;
case KIND_STOP: /* Terminate argument and flush output. */
/* trusted */
checked_fwrite (segment->text, 1, segment->text_len, dest);
checked_fflush (dest);
break;
case KIND_FORMAT:
switch (segment->format_char[0])
{
case 'a': /* atime in `ctime' format. */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text, ctime_format (get_stat_atime (stat_buf)));
break;
case 'b': /* size in 512-byte blocks */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text,
human_readable ((uintmax_t) ST_NBLOCKS (*stat_buf),
hbuf, human_ceiling,
ST_NBLOCKSIZE, 512));
break;
case 'c': /* ctime in `ctime' format */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text, ctime_format (get_stat_ctime (stat_buf)));
break;
case 'd': /* depth in search tree */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text, state.curdepth);
break;
case 'D': /* Device on which file exists (stat.st_dev) */
/* trusted */
checked_fprintf (dest, segment->text,
human_readable ((uintmax_t) stat_buf->st_dev, hbuf,
human_ceiling, 1, 1));
break;
case 'f': /* base name of path */
/* sanitised */
{
char *base = base_name (pathname);
checked_print_quoted (dest, segment->text, base);
free (base);
}
break;
case 'F': /* file system type */
/* trusted */
checked_print_quoted (dest, segment->text, filesystem_type (stat_buf, pathname));
break;
case 'g': /* group name */
/* trusted */
/* (well, the actual group is selected by the user but
* its name was selected by the system administrator)
*/
{
struct group *g;
g = getgrgid (stat_buf->st_gid);
if (g)
{
segment->text[segment->text_len] = 's';
checked_fprintf (dest, segment->text, g->gr_name);
break;
}
else
{
/* Do nothing. */
/*FALLTHROUGH*/
}
}
/*FALLTHROUGH*/ /*...sometimes, so 'G' case.*/
case 'G': /* GID number */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text,
human_readable ((uintmax_t) stat_buf->st_gid, hbuf,
human_ceiling, 1, 1));
break;
case 'h': /* leading directories part of path */
/* sanitised */
{
cp = strrchr (pathname, '/');
if (cp == NULL) /* No leading directories. */
{
/* If there is no slash in the pathname, we still
* print the string because it contains characters
* other than just '%s'. The %h expands to ".".
*/
checked_print_quoted (dest, segment->text, ".");
}
else
{
char *s = strdup (pathname);
s[cp - pathname] = 0;
checked_print_quoted (dest, segment->text, s);
free (s);
}
}
break;
case 'H': /* ARGV element file was found under */
/* trusted */
{
char *s = xmalloc (state.starting_path_length+1);
memcpy (s, pathname, state.starting_path_length);
s[state.starting_path_length] = 0;
checked_fprintf (dest, segment->text, s);
free (s);
}
break;
case 'i': /* inode number */
/* UNTRUSTED, but not exploitable I think */
/* POSIX does not guarantee that ino_t is unsigned or even
* integral (except as an XSI extension), but we'll work on
* fixing that if we ever get a report of a system where
* ino_t is indeed a signed integral type or a non-integral
* arithmetic type. */
checked_fprintf (dest, segment->text,
human_readable ((uintmax_t) stat_buf->st_ino, hbuf,
human_ceiling,
1, 1));
break;
case 'k': /* size in 1K blocks */
/* UNTRUSTED, but not exploitable I think */
checked_fprintf (dest, segment->text,
human_readable ((uintmax_t) ST_NBLOCKS (*stat_buf),
hbuf, human_ceiling,
ST_NBLOCKSIZE, 1024));
break;
case 'l': /* object of symlink */
/* sanitised */
#ifdef S_ISLNK
{
char *linkname = 0;
if (S_ISLNK (stat_buf->st_mode))
{
linkname = areadlinkat (state.cwd_dir_fd, state.rel_pathname);
if (linkname == NULL)
{
nonfatal_target_file_error (errno, pathname);
state.exit_status = 1;
}
}
if (linkname)
{
checked_print_quoted (dest, segment->text, linkname);
}
else
{
/* We still need to honour the field width etc., so this is
* not a no-op.
*/
checked_print_quoted (dest, segment->text, "");
}
free (linkname);
}
#endif /* S_ISLNK */
break;
case 'M': /* mode as 10 chars (eg., "-rwxr-x--x" */
/* UNTRUSTED, probably unexploitable */
{
char modestring[16] ;
filemodestring (stat_buf, modestring);
modestring[10] = '\0';
checked_fprintf (dest, segment->text, modestring);
}
break;
case 'm': /* mode as octal number (perms only) */
/* UNTRUSTED, probably unexploitable */
{
/* Output the mode portably using the traditional numbers,
even if the host unwisely uses some other numbering
scheme. But help the compiler in the common case where
the host uses the traditional numbering scheme. */
mode_t m = stat_buf->st_mode;
bool traditional_numbering_scheme =
(S_ISUID == 04000 && S_ISGID == 02000 && S_ISVTX == 01000
&& S_IRUSR == 00400 && S_IWUSR == 00200 && S_IXUSR == 00100
&& S_IRGRP == 00040 && S_IWGRP == 00020 && S_IXGRP == 00010
&& S_IROTH == 00004 && S_IWOTH == 00002 && S_IXOTH == 00001);
checked_fprintf (dest, segment->text,
(traditional_numbering_scheme
? m & MODE_ALL
: ((m & S_ISUID ? 04000 : 0)
| (m & S_ISGID ? 02000 : 0)
| (m & S_ISVTX ? 01000 : 0)
| (m & S_IRUSR ? 00400 : 0)
| (m & S_IWUSR ? 00200 : 0)
| (m & S_IXUSR ? 00100 : 0)
| (m & S_IRGRP ? 00040 : 0)
| (m & S_IWGRP ? 00020 : 0)
| (m & S_IXGRP ? 00010 : 0)
| (m & S_IROTH ? 00004 : 0)
| (m & S_IWOTH ? 00002 : 0)
| (m & S_IXOTH ? 00001 : 0))));
}
break;
case 'n': /* number of links */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text,
human_readable ((uintmax_t) stat_buf->st_nlink,
hbuf,
human_ceiling,
1, 1));
break;
case 'p': /* pathname */
/* sanitised */
checked_print_quoted (dest, segment->text, pathname);
break;
case 'P': /* pathname with ARGV element stripped */
/* sanitised */
if (state.curdepth > 0)
{
cp = pathname + state.starting_path_length;
if (*cp == '/')
/* Move past the slash between the ARGV element
and the rest of the pathname. But if the ARGV element
ends in a slash, we didn't add another, so we've
already skipped past it. */
cp++;
}
else
{
cp = "";
}
checked_print_quoted (dest, segment->text, cp);
break;
case 's': /* size in bytes */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text,
human_readable ((uintmax_t) stat_buf->st_size,
hbuf, human_ceiling, 1, 1));
break;
case 'S': /* sparseness */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text, file_sparseness (stat_buf));
break;
case 't': /* mtime in `ctime' format */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text,
ctime_format (get_stat_mtime (stat_buf)));
break;
case 'u': /* user name */
/* trusted */
/* (well, the actual user is selected by the user on systems
* where chown is not restricted, but the user name was
* selected by the system administrator)
*/
{
struct passwd *p;
p = getpwuid (stat_buf->st_uid);
if (p)
{
segment->text[segment->text_len] = 's';
checked_fprintf (dest, segment->text, p->pw_name);
break;
}
/* else fallthru */
}
/* FALLTHROUGH*/ /* .. to case U */
case 'U': /* UID number */
/* UNTRUSTED, probably unexploitable */
checked_fprintf (dest, segment->text,
human_readable ((uintmax_t) stat_buf->st_uid, hbuf,
human_ceiling, 1, 1));
break;
/* %Y: type of file system entry like `ls -l`:
* (d,-,l,s,p,b,c,n) n=nonexistent (symlink)
*/
case 'Y': /* in case of symlink */
/* trusted */
{
#ifdef S_ISLNK
if (S_ISLNK (stat_buf->st_mode))
{
struct stat sbuf;
/* If we would normally follow links, do not do so.
* If we would normally not follow links, do so.
*/
if ((following_links () ? optionp_stat : optionl_stat)
(state.rel_pathname, &sbuf) != 0)
{
if ( errno == ENOENT )
{
checked_fprintf (dest, segment->text, "N");
break;
}
else if ( errno == ELOOP )
{
checked_fprintf (dest, segment->text, "L");
break;
}
else
{
checked_fprintf (dest, segment->text, "?");
error (0, errno, "%s",
safely_quote_err_filename (0, pathname));
/* exit_status = 1;
return ; */
break;
}
}
checked_fprintf (dest, segment->text,
mode_to_filetype (sbuf.st_mode & S_IFMT));
}
#endif /* S_ISLNK */
else
{
checked_fprintf (dest, segment->text,
mode_to_filetype (stat_buf->st_mode & S_IFMT));
}
}
break;
case 'y':
/* trusted */
{
checked_fprintf (dest, segment->text,
mode_to_filetype (stat_buf->st_mode & S_IFMT));
}
break;
case 'Z': /* SELinux security context */
{
security_context_t scontext;
int rv = (*options.x_getfilecon) (state.cwd_dir_fd, state.rel_pathname,
&scontext);
if (rv < 0)
{
/* If getfilecon fails, there will in the general case
still be some text to print. We just make %Z expand
to an empty string. */
checked_fprintf (dest, segment->text, "");
error (0, errno, _("getfilecon failed: %s"),
safely_quote_err_filename (0, pathname));
state.exit_status = 1;
}
else
{
checked_fprintf (dest, segment->text, scontext);
freecon (scontext);
}
}
break;
case 0:
case '%':
checked_fprintf (dest, segment->text);
break;
}
/* end of KIND_FORMAT case */
break;
}
}
/* Wrapper for testing areadlinkat. */
static char *
do_areadlinkat (char const *name, size_t ignored _GL_UNUSED)
{
return areadlinkat (dfd, name);
}
