]>
Commit | Line | Data |
---|---|---|
26c8a533 LT |
1 | /* |
2 | * I'm tired of doing "vsnprintf()" etc just to open a | |
3 | * file, so here's a "return static buffer with printf" | |
4 | * interface for paths. | |
5 | * | |
6 | * It's obviously not thread-safe. Sue me. But it's quite | |
7 | * useful for doing things like | |
8 | * | |
9 | * f = open(mkpath("%s/%s.git", base, name), O_RDONLY); | |
10 | * | |
11 | * which is what it's designed for. | |
12 | */ | |
13 | #include "cache.h" | |
395de250 | 14 | #include "strbuf.h" |
26c8a533 | 15 | |
26c8a533 LT |
16 | static char bad_path[] = "/bad-path/"; |
17 | ||
e7676d2f LT |
18 | static char *get_pathname(void) |
19 | { | |
20 | static char pathname_array[4][PATH_MAX]; | |
21 | static int index; | |
22 | return pathname_array[3 & ++index]; | |
23 | } | |
24 | ||
26c8a533 LT |
25 | static char *cleanup_path(char *path) |
26 | { | |
27 | /* Clean it up */ | |
28 | if (!memcmp(path, "./", 2)) { | |
29 | path += 2; | |
30 | while (*path == '/') | |
31 | path++; | |
32 | } | |
33 | return path; | |
34 | } | |
35 | ||
108bebea AR |
36 | char *mksnpath(char *buf, size_t n, const char *fmt, ...) |
37 | { | |
38 | va_list args; | |
39 | unsigned len; | |
40 | ||
41 | va_start(args, fmt); | |
42 | len = vsnprintf(buf, n, fmt, args); | |
43 | va_end(args); | |
44 | if (len >= n) { | |
9db56f71 | 45 | strlcpy(buf, bad_path, n); |
108bebea AR |
46 | return buf; |
47 | } | |
48 | return cleanup_path(buf); | |
49 | } | |
50 | ||
aba13e7c | 51 | static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args) |
fe2d7776 AR |
52 | { |
53 | const char *git_dir = get_git_dir(); | |
fe2d7776 AR |
54 | size_t len; |
55 | ||
56 | len = strlen(git_dir); | |
57 | if (n < len + 1) | |
58 | goto bad; | |
59 | memcpy(buf, git_dir, len); | |
60 | if (len && !is_dir_sep(git_dir[len-1])) | |
61 | buf[len++] = '/'; | |
fe2d7776 | 62 | len += vsnprintf(buf + len, n - len, fmt, args); |
fe2d7776 AR |
63 | if (len >= n) |
64 | goto bad; | |
65 | return cleanup_path(buf); | |
66 | bad: | |
9db56f71 | 67 | strlcpy(buf, bad_path, n); |
fe2d7776 AR |
68 | return buf; |
69 | } | |
70 | ||
aba13e7c AR |
71 | char *git_snpath(char *buf, size_t n, const char *fmt, ...) |
72 | { | |
73 | va_list args; | |
74 | va_start(args, fmt); | |
75 | (void)git_vsnpath(buf, n, fmt, args); | |
76 | va_end(args); | |
77 | return buf; | |
78 | } | |
79 | ||
80 | char *git_pathdup(const char *fmt, ...) | |
81 | { | |
82 | char path[PATH_MAX]; | |
83 | va_list args; | |
84 | va_start(args, fmt); | |
85 | (void)git_vsnpath(path, sizeof(path), fmt, args); | |
86 | va_end(args); | |
87 | return xstrdup(path); | |
88 | } | |
89 | ||
26c8a533 LT |
90 | char *mkpath(const char *fmt, ...) |
91 | { | |
92 | va_list args; | |
93 | unsigned len; | |
e7676d2f | 94 | char *pathname = get_pathname(); |
26c8a533 LT |
95 | |
96 | va_start(args, fmt); | |
97 | len = vsnprintf(pathname, PATH_MAX, fmt, args); | |
98 | va_end(args); | |
99 | if (len >= PATH_MAX) | |
100 | return bad_path; | |
101 | return cleanup_path(pathname); | |
102 | } | |
103 | ||
104 | char *git_path(const char *fmt, ...) | |
105 | { | |
5da1606d | 106 | const char *git_dir = get_git_dir(); |
e7676d2f | 107 | char *pathname = get_pathname(); |
26c8a533 LT |
108 | va_list args; |
109 | unsigned len; | |
110 | ||
111 | len = strlen(git_dir); | |
112 | if (len > PATH_MAX-100) | |
113 | return bad_path; | |
114 | memcpy(pathname, git_dir, len); | |
115 | if (len && git_dir[len-1] != '/') | |
116 | pathname[len++] = '/'; | |
117 | va_start(args, fmt); | |
118 | len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args); | |
119 | va_end(args); | |
120 | if (len >= PATH_MAX) | |
121 | return bad_path; | |
122 | return cleanup_path(pathname); | |
123 | } | |
f2db68ed HE |
124 | |
125 | ||
126 | /* git_mkstemp() - create tmp file honoring TMPDIR variable */ | |
127 | int git_mkstemp(char *path, size_t len, const char *template) | |
128 | { | |
e7a7be88 JH |
129 | const char *tmp; |
130 | size_t n; | |
131 | ||
132 | tmp = getenv("TMPDIR"); | |
133 | if (!tmp) | |
134 | tmp = "/tmp"; | |
135 | n = snprintf(path, len, "%s/%s", tmp, template); | |
136 | if (len <= n) { | |
137 | errno = ENAMETOOLONG; | |
138 | return -1; | |
35c3c629 | 139 | } |
f2db68ed HE |
140 | return mkstemp(path); |
141 | } | |
142 | ||
003b33a8 DA |
143 | /* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */ |
144 | int git_mkstemps(char *path, size_t len, const char *template, int suffix_len) | |
145 | { | |
146 | const char *tmp; | |
147 | size_t n; | |
148 | ||
149 | tmp = getenv("TMPDIR"); | |
150 | if (!tmp) | |
151 | tmp = "/tmp"; | |
152 | n = snprintf(path, len, "%s/%s", tmp, template); | |
153 | if (len <= n) { | |
154 | errno = ENAMETOOLONG; | |
155 | return -1; | |
156 | } | |
157 | return mkstemps(path, suffix_len); | |
158 | } | |
f2db68ed | 159 | |
c847f537 | 160 | int validate_headref(const char *path) |
0870ca7f JH |
161 | { |
162 | struct stat st; | |
163 | char *buf, buffer[256]; | |
c847f537 | 164 | unsigned char sha1[20]; |
0104ca09 HO |
165 | int fd; |
166 | ssize_t len; | |
0870ca7f JH |
167 | |
168 | if (lstat(path, &st) < 0) | |
169 | return -1; | |
170 | ||
171 | /* Make sure it is a "refs/.." symlink */ | |
172 | if (S_ISLNK(st.st_mode)) { | |
173 | len = readlink(path, buffer, sizeof(buffer)-1); | |
222b1673 | 174 | if (len >= 5 && !memcmp("refs/", buffer, 5)) |
0870ca7f JH |
175 | return 0; |
176 | return -1; | |
177 | } | |
178 | ||
179 | /* | |
180 | * Anything else, just open it and try to see if it is a symbolic ref. | |
181 | */ | |
182 | fd = open(path, O_RDONLY); | |
183 | if (fd < 0) | |
184 | return -1; | |
93d26e4c | 185 | len = read_in_full(fd, buffer, sizeof(buffer)-1); |
0870ca7f JH |
186 | close(fd); |
187 | ||
188 | /* | |
189 | * Is it a symbolic ref? | |
190 | */ | |
c847f537 | 191 | if (len < 4) |
0870ca7f | 192 | return -1; |
c847f537 JH |
193 | if (!memcmp("ref:", buffer, 4)) { |
194 | buf = buffer + 4; | |
195 | len -= 4; | |
196 | while (len && isspace(*buf)) | |
197 | buf++, len--; | |
222b1673 | 198 | if (len >= 5 && !memcmp("refs/", buf, 5)) |
c847f537 JH |
199 | return 0; |
200 | } | |
201 | ||
202 | /* | |
203 | * Is this a detached HEAD? | |
204 | */ | |
205 | if (!get_sha1_hex(buffer, sha1)) | |
0870ca7f | 206 | return 0; |
c847f537 | 207 | |
0870ca7f JH |
208 | return -1; |
209 | } | |
210 | ||
395de250 | 211 | static struct passwd *getpw_str(const char *username, size_t len) |
54f4b874 | 212 | { |
d79374c7 | 213 | struct passwd *pw; |
395de250 MM |
214 | char *username_z = xmalloc(len + 1); |
215 | memcpy(username_z, username, len); | |
216 | username_z[len] = '\0'; | |
217 | pw = getpwnam(username_z); | |
218 | free(username_z); | |
219 | return pw; | |
220 | } | |
54f4b874 | 221 | |
395de250 MM |
222 | /* |
223 | * Return a string with ~ and ~user expanded via getpw*. If buf != NULL, | |
224 | * then it is a newly allocated string. Returns NULL on getpw failure or | |
225 | * if path is NULL. | |
226 | */ | |
227 | char *expand_user_path(const char *path) | |
228 | { | |
229 | struct strbuf user_path = STRBUF_INIT; | |
230 | const char *first_slash = strchrnul(path, '/'); | |
231 | const char *to_copy = path; | |
232 | ||
233 | if (path == NULL) | |
234 | goto return_null; | |
235 | if (path[0] == '~') { | |
236 | const char *username = path + 1; | |
237 | size_t username_len = first_slash - username; | |
df2a79f4 MM |
238 | if (username_len == 0) { |
239 | const char *home = getenv("HOME"); | |
240 | strbuf_add(&user_path, home, strlen(home)); | |
241 | } else { | |
242 | struct passwd *pw = getpw_str(username, username_len); | |
243 | if (!pw) | |
244 | goto return_null; | |
245 | strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir)); | |
54f4b874 | 246 | } |
395de250 | 247 | to_copy = first_slash; |
d79374c7 | 248 | } |
395de250 MM |
249 | strbuf_add(&user_path, to_copy, strlen(to_copy)); |
250 | return strbuf_detach(&user_path, NULL); | |
251 | return_null: | |
252 | strbuf_release(&user_path); | |
253 | return NULL; | |
54f4b874 AE |
254 | } |
255 | ||
d79374c7 JH |
256 | /* |
257 | * First, one directory to try is determined by the following algorithm. | |
258 | * | |
259 | * (0) If "strict" is given, the path is used as given and no DWIM is | |
260 | * done. Otherwise: | |
261 | * (1) "~/path" to mean path under the running user's home directory; | |
262 | * (2) "~user/path" to mean path under named user's home directory; | |
263 | * (3) "relative/path" to mean cwd relative directory; or | |
264 | * (4) "/absolute/path" to mean absolute directory. | |
265 | * | |
266 | * Unless "strict" is given, we try access() for existence of "%s.git/.git", | |
267 | * "%s/.git", "%s.git", "%s" in this order. The first one that exists is | |
268 | * what we try. | |
269 | * | |
270 | * Second, we try chdir() to that. Upon failure, we return NULL. | |
271 | * | |
272 | * Then, we try if the current directory is a valid git repository. | |
273 | * Upon failure, we return NULL. | |
274 | * | |
275 | * If all goes well, we return the directory we used to chdir() (but | |
276 | * before ~user is expanded), avoiding getcwd() resolving symbolic | |
277 | * links. User relative paths are also returned as they are given, | |
278 | * except DWIM suffixing. | |
279 | */ | |
54f4b874 AE |
280 | char *enter_repo(char *path, int strict) |
281 | { | |
d79374c7 JH |
282 | static char used_path[PATH_MAX]; |
283 | static char validated_path[PATH_MAX]; | |
284 | ||
285 | if (!path) | |
54f4b874 AE |
286 | return NULL; |
287 | ||
d79374c7 JH |
288 | if (!strict) { |
289 | static const char *suffix[] = { | |
290 | ".git/.git", "/.git", ".git", "", NULL, | |
291 | }; | |
292 | int len = strlen(path); | |
293 | int i; | |
294 | while ((1 < len) && (path[len-1] == '/')) { | |
295 | path[len-1] = 0; | |
296 | len--; | |
297 | } | |
298 | if (PATH_MAX <= len) | |
54f4b874 | 299 | return NULL; |
d79374c7 | 300 | if (path[0] == '~') { |
395de250 MM |
301 | char *newpath = expand_user_path(path); |
302 | if (!newpath || (PATH_MAX - 10 < strlen(newpath))) { | |
303 | free(newpath); | |
d79374c7 | 304 | return NULL; |
395de250 MM |
305 | } |
306 | /* | |
307 | * Copy back into the static buffer. A pity | |
308 | * since newpath was not bounded, but other | |
309 | * branches of the if are limited by PATH_MAX | |
310 | * anyway. | |
311 | */ | |
312 | strcpy(used_path, newpath); free(newpath); | |
d79374c7 JH |
313 | strcpy(validated_path, path); |
314 | path = used_path; | |
315 | } | |
316 | else if (PATH_MAX - 10 < len) | |
317 | return NULL; | |
318 | else { | |
319 | path = strcpy(used_path, path); | |
320 | strcpy(validated_path, path); | |
321 | } | |
322 | len = strlen(path); | |
323 | for (i = 0; suffix[i]; i++) { | |
324 | strcpy(path + len, suffix[i]); | |
325 | if (!access(path, F_OK)) { | |
326 | strcat(validated_path, suffix[i]); | |
327 | break; | |
328 | } | |
329 | } | |
330 | if (!suffix[i] || chdir(path)) | |
0870ca7f | 331 | return NULL; |
d79374c7 | 332 | path = validated_path; |
0870ca7f | 333 | } |
d79374c7 JH |
334 | else if (chdir(path)) |
335 | return NULL; | |
54f4b874 | 336 | |
d79374c7 | 337 | if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 && |
c847f537 | 338 | validate_headref("HEAD") == 0) { |
7627943a | 339 | setenv(GIT_DIR_ENVIRONMENT, ".", 1); |
1644162a | 340 | check_repository_format(); |
d79374c7 | 341 | return path; |
54f4b874 AE |
342 | } |
343 | ||
344 | return NULL; | |
345 | } | |
138086a7 | 346 | |
17e61b82 | 347 | int set_shared_perm(const char *path, int mode) |
138086a7 JH |
348 | { |
349 | struct stat st; | |
17e61b82 | 350 | int tweak, shared, orig_mode; |
138086a7 | 351 | |
17e61b82 JH |
352 | if (!shared_repository) { |
353 | if (mode) | |
354 | return chmod(path, mode & ~S_IFMT); | |
138086a7 | 355 | return 0; |
17e61b82 JH |
356 | } |
357 | if (!mode) { | |
358 | if (lstat(path, &st) < 0) | |
359 | return -1; | |
360 | mode = st.st_mode; | |
361 | orig_mode = mode; | |
362 | } else | |
363 | orig_mode = 0; | |
5a688fe4 JH |
364 | if (shared_repository < 0) |
365 | shared = -shared_repository; | |
366 | else | |
367 | shared = shared_repository; | |
368 | tweak = shared; | |
369 | ||
370 | if (!(mode & S_IWUSR)) | |
371 | tweak &= ~0222; | |
372 | if (mode & S_IXUSR) | |
373 | /* Copy read bits to execute bits */ | |
374 | tweak |= (tweak & 0444) >> 2; | |
375 | if (shared_repository < 0) | |
376 | mode = (mode & ~0777) | tweak; | |
377 | else | |
8c6202d8 | 378 | mode |= tweak; |
06cbe855 HO |
379 | |
380 | if (S_ISDIR(mode)) { | |
06cbe855 | 381 | /* Copy read bits to execute bits */ |
5a688fe4 JH |
382 | mode |= (shared & 0444) >> 2; |
383 | mode |= FORCE_DIR_SET_GID; | |
06cbe855 HO |
384 | } |
385 | ||
5a688fe4 | 386 | if (((shared_repository < 0 |
17e61b82 JH |
387 | ? (orig_mode & (FORCE_DIR_SET_GID | 0777)) |
388 | : (orig_mode & mode)) != mode) && | |
389 | chmod(path, (mode & ~S_IFMT)) < 0) | |
138086a7 JH |
390 | return -2; |
391 | return 0; | |
392 | } | |
e5392c51 | 393 | |
044bbbcb LT |
394 | const char *make_relative_path(const char *abs, const char *base) |
395 | { | |
396 | static char buf[PATH_MAX + 1]; | |
397 | int baselen; | |
398 | if (!base) | |
399 | return abs; | |
400 | baselen = strlen(base); | |
401 | if (prefixcmp(abs, base)) | |
402 | return abs; | |
403 | if (abs[baselen] == '/') | |
404 | baselen++; | |
405 | else if (base[baselen - 1] != '/') | |
406 | return abs; | |
407 | strcpy(buf, abs + baselen); | |
408 | return buf; | |
409 | } | |
ae299be0 DR |
410 | |
411 | /* | |
f2a782b8 | 412 | * It is okay if dst == src, but they should not overlap otherwise. |
ae299be0 | 413 | * |
f2a782b8 JS |
414 | * Performs the following normalizations on src, storing the result in dst: |
415 | * - Ensures that components are separated by '/' (Windows only) | |
416 | * - Squashes sequences of '/'. | |
ae299be0 DR |
417 | * - Removes "." components. |
418 | * - Removes ".." components, and the components the precede them. | |
f2a782b8 JS |
419 | * Returns failure (non-zero) if a ".." component appears as first path |
420 | * component anytime during the normalization. Otherwise, returns success (0). | |
ae299be0 DR |
421 | * |
422 | * Note that this function is purely textual. It does not follow symlinks, | |
423 | * verify the existence of the path, or make any system calls. | |
424 | */ | |
f3cad0ad | 425 | int normalize_path_copy(char *dst, const char *src) |
ae299be0 | 426 | { |
f3cad0ad | 427 | char *dst0; |
ae299be0 | 428 | |
f3cad0ad JS |
429 | if (has_dos_drive_prefix(src)) { |
430 | *dst++ = *src++; | |
431 | *dst++ = *src++; | |
ae299be0 | 432 | } |
f3cad0ad | 433 | dst0 = dst; |
ae299be0 | 434 | |
f3cad0ad | 435 | if (is_dir_sep(*src)) { |
ae299be0 | 436 | *dst++ = '/'; |
f3cad0ad JS |
437 | while (is_dir_sep(*src)) |
438 | src++; | |
439 | } | |
440 | ||
441 | for (;;) { | |
442 | char c = *src; | |
443 | ||
444 | /* | |
445 | * A path component that begins with . could be | |
446 | * special: | |
447 | * (1) "." and ends -- ignore and terminate. | |
448 | * (2) "./" -- ignore them, eat slash and continue. | |
449 | * (3) ".." and ends -- strip one and terminate. | |
450 | * (4) "../" -- strip one, eat slash and continue. | |
451 | */ | |
452 | if (c == '.') { | |
453 | if (!src[1]) { | |
454 | /* (1) */ | |
455 | src++; | |
456 | } else if (is_dir_sep(src[1])) { | |
457 | /* (2) */ | |
458 | src += 2; | |
459 | while (is_dir_sep(*src)) | |
460 | src++; | |
461 | continue; | |
462 | } else if (src[1] == '.') { | |
463 | if (!src[2]) { | |
464 | /* (3) */ | |
465 | src += 2; | |
466 | goto up_one; | |
467 | } else if (is_dir_sep(src[2])) { | |
468 | /* (4) */ | |
469 | src += 3; | |
470 | while (is_dir_sep(*src)) | |
471 | src++; | |
472 | goto up_one; | |
473 | } | |
474 | } | |
475 | } | |
ae299be0 | 476 | |
f3cad0ad JS |
477 | /* copy up to the next '/', and eat all '/' */ |
478 | while ((c = *src++) != '\0' && !is_dir_sep(c)) | |
479 | *dst++ = c; | |
480 | if (is_dir_sep(c)) { | |
481 | *dst++ = '/'; | |
482 | while (is_dir_sep(c)) | |
483 | c = *src++; | |
484 | src--; | |
485 | } else if (!c) | |
486 | break; | |
487 | continue; | |
488 | ||
489 | up_one: | |
490 | /* | |
491 | * dst0..dst is prefix portion, and dst[-1] is '/'; | |
492 | * go up one level. | |
493 | */ | |
f42302b4 JS |
494 | dst--; /* go to trailing '/' */ |
495 | if (dst <= dst0) | |
f3cad0ad | 496 | return -1; |
f42302b4 JS |
497 | /* Windows: dst[-1] cannot be backslash anymore */ |
498 | while (dst0 < dst && dst[-1] != '/') | |
499 | dst--; | |
f3cad0ad | 500 | } |
ae299be0 | 501 | *dst = '\0'; |
f3cad0ad | 502 | return 0; |
ae299be0 | 503 | } |
0454dd93 DR |
504 | |
505 | /* | |
506 | * path = Canonical absolute path | |
507 | * prefix_list = Colon-separated list of absolute paths | |
508 | * | |
2860b57a | 509 | * Determines, for each path in prefix_list, whether the "prefix" really |
0454dd93 DR |
510 | * is an ancestor directory of path. Returns the length of the longest |
511 | * ancestor directory, excluding any trailing slashes, or -1 if no prefix | |
512 | * is an ancestor. (Note that this means 0 is returned if prefix_list is | |
513 | * "/".) "/foo" is not considered an ancestor of "/foobar". Directories | |
514 | * are not considered to be their own ancestors. path must be in a | |
515 | * canonical form: empty components, or "." or ".." components are not | |
516 | * allowed. prefix_list may be null, which is like "". | |
517 | */ | |
518 | int longest_ancestor_length(const char *path, const char *prefix_list) | |
519 | { | |
520 | char buf[PATH_MAX+1]; | |
521 | const char *ceil, *colon; | |
522 | int len, max_len = -1; | |
523 | ||
524 | if (prefix_list == NULL || !strcmp(path, "/")) | |
525 | return -1; | |
526 | ||
527 | for (colon = ceil = prefix_list; *colon; ceil = colon+1) { | |
43a7ddb5 | 528 | for (colon = ceil; *colon && *colon != PATH_SEP; colon++); |
0454dd93 DR |
529 | len = colon - ceil; |
530 | if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil)) | |
531 | continue; | |
532 | strlcpy(buf, ceil, len+1); | |
43a7ddb5 RS |
533 | if (normalize_path_copy(buf, buf) < 0) |
534 | continue; | |
535 | len = strlen(buf); | |
536 | if (len > 0 && buf[len-1] == '/') | |
537 | buf[--len] = '\0'; | |
0454dd93 DR |
538 | |
539 | if (!strncmp(path, buf, len) && | |
540 | path[len] == '/' && | |
541 | len > max_len) { | |
542 | max_len = len; | |
543 | } | |
544 | } | |
545 | ||
546 | return max_len; | |
547 | } | |
4fcc86b0 JS |
548 | |
549 | /* strip arbitrary amount of directory separators at end of path */ | |
550 | static inline int chomp_trailing_dir_sep(const char *path, int len) | |
551 | { | |
552 | while (len && is_dir_sep(path[len - 1])) | |
553 | len--; | |
554 | return len; | |
555 | } | |
556 | ||
557 | /* | |
558 | * If path ends with suffix (complete path components), returns the | |
559 | * part before suffix (sans trailing directory separators). | |
560 | * Otherwise returns NULL. | |
561 | */ | |
562 | char *strip_path_suffix(const char *path, const char *suffix) | |
563 | { | |
564 | int path_len = strlen(path), suffix_len = strlen(suffix); | |
565 | ||
566 | while (suffix_len) { | |
567 | if (!path_len) | |
568 | return NULL; | |
569 | ||
570 | if (is_dir_sep(path[path_len - 1])) { | |
571 | if (!is_dir_sep(suffix[suffix_len - 1])) | |
572 | return NULL; | |
573 | path_len = chomp_trailing_dir_sep(path, path_len); | |
574 | suffix_len = chomp_trailing_dir_sep(suffix, suffix_len); | |
575 | } | |
576 | else if (path[--path_len] != suffix[--suffix_len]) | |
577 | return NULL; | |
578 | } | |
579 | ||
580 | if (path_len && !is_dir_sep(path[path_len - 1])) | |
581 | return NULL; | |
582 | return xstrndup(path, chomp_trailing_dir_sep(path, path_len)); | |
583 | } | |
34b6cb8b SP |
584 | |
585 | int daemon_avoid_alias(const char *p) | |
586 | { | |
587 | int sl, ndot; | |
588 | ||
589 | /* | |
590 | * This resurrects the belts and suspenders paranoia check by HPA | |
591 | * done in <435560F7.4080006@zytor.com> thread, now enter_repo() | |
592 | * does not do getcwd() based path canonicalizations. | |
593 | * | |
594 | * sl becomes true immediately after seeing '/' and continues to | |
595 | * be true as long as dots continue after that without intervening | |
596 | * non-dot character. | |
597 | */ | |
598 | if (!p || (*p != '/' && *p != '~')) | |
599 | return -1; | |
600 | sl = 1; ndot = 0; | |
601 | p++; | |
602 | ||
603 | while (1) { | |
604 | char ch = *p++; | |
605 | if (sl) { | |
606 | if (ch == '.') | |
607 | ndot++; | |
608 | else if (ch == '/') { | |
609 | if (ndot < 3) | |
610 | /* reject //, /./ and /../ */ | |
611 | return -1; | |
612 | ndot = 0; | |
613 | } | |
614 | else if (ch == 0) { | |
615 | if (0 < ndot && ndot < 3) | |
616 | /* reject /.$ and /..$ */ | |
617 | return -1; | |
618 | return 0; | |
619 | } | |
620 | else | |
621 | sl = ndot = 0; | |
622 | } | |
623 | else if (ch == 0) | |
624 | return 0; | |
625 | else if (ch == '/') { | |
626 | sl = 1; | |
627 | ndot = 0; | |
628 | } | |
629 | } | |
630 | } |