]>
Commit | Line | Data |
---|---|---|
26c8a533 LT |
1 | /* |
2 | * I'm tired of doing "vsnprintf()" etc just to open a | |
3 | * file, so here's a "return static buffer with printf" | |
4 | * interface for paths. | |
5 | * | |
6 | * It's obviously not thread-safe. Sue me. But it's quite | |
7 | * useful for doing things like | |
8 | * | |
9 | * f = open(mkpath("%s/%s.git", base, name), O_RDONLY); | |
10 | * | |
11 | * which is what it's designed for. | |
12 | */ | |
13 | #include "cache.h" | |
395de250 | 14 | #include "strbuf.h" |
26c8a533 | 15 | |
26c8a533 LT |
16 | static char bad_path[] = "/bad-path/"; |
17 | ||
e7676d2f LT |
18 | static char *get_pathname(void) |
19 | { | |
20 | static char pathname_array[4][PATH_MAX]; | |
21 | static int index; | |
22 | return pathname_array[3 & ++index]; | |
23 | } | |
24 | ||
26c8a533 LT |
25 | static char *cleanup_path(char *path) |
26 | { | |
27 | /* Clean it up */ | |
28 | if (!memcmp(path, "./", 2)) { | |
29 | path += 2; | |
30 | while (*path == '/') | |
31 | path++; | |
32 | } | |
33 | return path; | |
34 | } | |
35 | ||
108bebea AR |
36 | char *mksnpath(char *buf, size_t n, const char *fmt, ...) |
37 | { | |
38 | va_list args; | |
39 | unsigned len; | |
40 | ||
41 | va_start(args, fmt); | |
42 | len = vsnprintf(buf, n, fmt, args); | |
43 | va_end(args); | |
44 | if (len >= n) { | |
9db56f71 | 45 | strlcpy(buf, bad_path, n); |
108bebea AR |
46 | return buf; |
47 | } | |
48 | return cleanup_path(buf); | |
49 | } | |
50 | ||
aba13e7c | 51 | static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args) |
fe2d7776 AR |
52 | { |
53 | const char *git_dir = get_git_dir(); | |
fe2d7776 AR |
54 | size_t len; |
55 | ||
56 | len = strlen(git_dir); | |
57 | if (n < len + 1) | |
58 | goto bad; | |
59 | memcpy(buf, git_dir, len); | |
60 | if (len && !is_dir_sep(git_dir[len-1])) | |
61 | buf[len++] = '/'; | |
fe2d7776 | 62 | len += vsnprintf(buf + len, n - len, fmt, args); |
fe2d7776 AR |
63 | if (len >= n) |
64 | goto bad; | |
65 | return cleanup_path(buf); | |
66 | bad: | |
9db56f71 | 67 | strlcpy(buf, bad_path, n); |
fe2d7776 AR |
68 | return buf; |
69 | } | |
70 | ||
aba13e7c AR |
71 | char *git_snpath(char *buf, size_t n, const char *fmt, ...) |
72 | { | |
73 | va_list args; | |
74 | va_start(args, fmt); | |
75 | (void)git_vsnpath(buf, n, fmt, args); | |
76 | va_end(args); | |
77 | return buf; | |
78 | } | |
79 | ||
80 | char *git_pathdup(const char *fmt, ...) | |
81 | { | |
82 | char path[PATH_MAX]; | |
83 | va_list args; | |
84 | va_start(args, fmt); | |
85 | (void)git_vsnpath(path, sizeof(path), fmt, args); | |
86 | va_end(args); | |
87 | return xstrdup(path); | |
88 | } | |
89 | ||
26c8a533 LT |
90 | char *mkpath(const char *fmt, ...) |
91 | { | |
92 | va_list args; | |
93 | unsigned len; | |
e7676d2f | 94 | char *pathname = get_pathname(); |
26c8a533 LT |
95 | |
96 | va_start(args, fmt); | |
97 | len = vsnprintf(pathname, PATH_MAX, fmt, args); | |
98 | va_end(args); | |
99 | if (len >= PATH_MAX) | |
100 | return bad_path; | |
101 | return cleanup_path(pathname); | |
102 | } | |
103 | ||
104 | char *git_path(const char *fmt, ...) | |
105 | { | |
5da1606d | 106 | const char *git_dir = get_git_dir(); |
e7676d2f | 107 | char *pathname = get_pathname(); |
26c8a533 LT |
108 | va_list args; |
109 | unsigned len; | |
110 | ||
111 | len = strlen(git_dir); | |
112 | if (len > PATH_MAX-100) | |
113 | return bad_path; | |
114 | memcpy(pathname, git_dir, len); | |
115 | if (len && git_dir[len-1] != '/') | |
116 | pathname[len++] = '/'; | |
117 | va_start(args, fmt); | |
118 | len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args); | |
119 | va_end(args); | |
120 | if (len >= PATH_MAX) | |
121 | return bad_path; | |
122 | return cleanup_path(pathname); | |
123 | } | |
f2db68ed HE |
124 | |
125 | ||
126 | /* git_mkstemp() - create tmp file honoring TMPDIR variable */ | |
127 | int git_mkstemp(char *path, size_t len, const char *template) | |
128 | { | |
e7a7be88 JH |
129 | const char *tmp; |
130 | size_t n; | |
131 | ||
132 | tmp = getenv("TMPDIR"); | |
133 | if (!tmp) | |
134 | tmp = "/tmp"; | |
135 | n = snprintf(path, len, "%s/%s", tmp, template); | |
136 | if (len <= n) { | |
137 | errno = ENAMETOOLONG; | |
138 | return -1; | |
35c3c629 | 139 | } |
f2db68ed HE |
140 | return mkstemp(path); |
141 | } | |
142 | ||
003b33a8 DA |
143 | /* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */ |
144 | int git_mkstemps(char *path, size_t len, const char *template, int suffix_len) | |
145 | { | |
146 | const char *tmp; | |
147 | size_t n; | |
148 | ||
149 | tmp = getenv("TMPDIR"); | |
150 | if (!tmp) | |
151 | tmp = "/tmp"; | |
152 | n = snprintf(path, len, "%s/%s", tmp, template); | |
153 | if (len <= n) { | |
154 | errno = ENAMETOOLONG; | |
155 | return -1; | |
156 | } | |
157 | return mkstemps(path, suffix_len); | |
158 | } | |
f2db68ed | 159 | |
c847f537 | 160 | int validate_headref(const char *path) |
0870ca7f JH |
161 | { |
162 | struct stat st; | |
163 | char *buf, buffer[256]; | |
c847f537 | 164 | unsigned char sha1[20]; |
0104ca09 HO |
165 | int fd; |
166 | ssize_t len; | |
0870ca7f JH |
167 | |
168 | if (lstat(path, &st) < 0) | |
169 | return -1; | |
170 | ||
171 | /* Make sure it is a "refs/.." symlink */ | |
172 | if (S_ISLNK(st.st_mode)) { | |
173 | len = readlink(path, buffer, sizeof(buffer)-1); | |
222b1673 | 174 | if (len >= 5 && !memcmp("refs/", buffer, 5)) |
0870ca7f JH |
175 | return 0; |
176 | return -1; | |
177 | } | |
178 | ||
179 | /* | |
180 | * Anything else, just open it and try to see if it is a symbolic ref. | |
181 | */ | |
182 | fd = open(path, O_RDONLY); | |
183 | if (fd < 0) | |
184 | return -1; | |
93d26e4c | 185 | len = read_in_full(fd, buffer, sizeof(buffer)-1); |
0870ca7f JH |
186 | close(fd); |
187 | ||
188 | /* | |
189 | * Is it a symbolic ref? | |
190 | */ | |
c847f537 | 191 | if (len < 4) |
0870ca7f | 192 | return -1; |
c847f537 JH |
193 | if (!memcmp("ref:", buffer, 4)) { |
194 | buf = buffer + 4; | |
195 | len -= 4; | |
196 | while (len && isspace(*buf)) | |
197 | buf++, len--; | |
222b1673 | 198 | if (len >= 5 && !memcmp("refs/", buf, 5)) |
c847f537 JH |
199 | return 0; |
200 | } | |
201 | ||
202 | /* | |
203 | * Is this a detached HEAD? | |
204 | */ | |
205 | if (!get_sha1_hex(buffer, sha1)) | |
0870ca7f | 206 | return 0; |
c847f537 | 207 | |
0870ca7f JH |
208 | return -1; |
209 | } | |
210 | ||
395de250 | 211 | static struct passwd *getpw_str(const char *username, size_t len) |
54f4b874 | 212 | { |
d79374c7 | 213 | struct passwd *pw; |
395de250 MM |
214 | char *username_z = xmalloc(len + 1); |
215 | memcpy(username_z, username, len); | |
216 | username_z[len] = '\0'; | |
217 | pw = getpwnam(username_z); | |
218 | free(username_z); | |
219 | return pw; | |
220 | } | |
54f4b874 | 221 | |
395de250 MM |
222 | /* |
223 | * Return a string with ~ and ~user expanded via getpw*. If buf != NULL, | |
224 | * then it is a newly allocated string. Returns NULL on getpw failure or | |
225 | * if path is NULL. | |
226 | */ | |
227 | char *expand_user_path(const char *path) | |
228 | { | |
229 | struct strbuf user_path = STRBUF_INIT; | |
230 | const char *first_slash = strchrnul(path, '/'); | |
231 | const char *to_copy = path; | |
232 | ||
233 | if (path == NULL) | |
234 | goto return_null; | |
235 | if (path[0] == '~') { | |
236 | const char *username = path + 1; | |
237 | size_t username_len = first_slash - username; | |
df2a79f4 MM |
238 | if (username_len == 0) { |
239 | const char *home = getenv("HOME"); | |
240 | strbuf_add(&user_path, home, strlen(home)); | |
241 | } else { | |
242 | struct passwd *pw = getpw_str(username, username_len); | |
243 | if (!pw) | |
244 | goto return_null; | |
245 | strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir)); | |
54f4b874 | 246 | } |
395de250 | 247 | to_copy = first_slash; |
d79374c7 | 248 | } |
395de250 MM |
249 | strbuf_add(&user_path, to_copy, strlen(to_copy)); |
250 | return strbuf_detach(&user_path, NULL); | |
251 | return_null: | |
252 | strbuf_release(&user_path); | |
253 | return NULL; | |
54f4b874 AE |
254 | } |
255 | ||
d79374c7 JH |
256 | /* |
257 | * First, one directory to try is determined by the following algorithm. | |
258 | * | |
259 | * (0) If "strict" is given, the path is used as given and no DWIM is | |
260 | * done. Otherwise: | |
261 | * (1) "~/path" to mean path under the running user's home directory; | |
262 | * (2) "~user/path" to mean path under named user's home directory; | |
263 | * (3) "relative/path" to mean cwd relative directory; or | |
264 | * (4) "/absolute/path" to mean absolute directory. | |
265 | * | |
266 | * Unless "strict" is given, we try access() for existence of "%s.git/.git", | |
267 | * "%s/.git", "%s.git", "%s" in this order. The first one that exists is | |
268 | * what we try. | |
269 | * | |
270 | * Second, we try chdir() to that. Upon failure, we return NULL. | |
271 | * | |
272 | * Then, we try if the current directory is a valid git repository. | |
273 | * Upon failure, we return NULL. | |
274 | * | |
275 | * If all goes well, we return the directory we used to chdir() (but | |
276 | * before ~user is expanded), avoiding getcwd() resolving symbolic | |
277 | * links. User relative paths are also returned as they are given, | |
278 | * except DWIM suffixing. | |
279 | */ | |
54f4b874 AE |
280 | char *enter_repo(char *path, int strict) |
281 | { | |
d79374c7 JH |
282 | static char used_path[PATH_MAX]; |
283 | static char validated_path[PATH_MAX]; | |
284 | ||
285 | if (!path) | |
54f4b874 AE |
286 | return NULL; |
287 | ||
d79374c7 JH |
288 | if (!strict) { |
289 | static const char *suffix[] = { | |
290 | ".git/.git", "/.git", ".git", "", NULL, | |
291 | }; | |
292 | int len = strlen(path); | |
293 | int i; | |
294 | while ((1 < len) && (path[len-1] == '/')) { | |
295 | path[len-1] = 0; | |
296 | len--; | |
297 | } | |
298 | if (PATH_MAX <= len) | |
54f4b874 | 299 | return NULL; |
d79374c7 | 300 | if (path[0] == '~') { |
395de250 MM |
301 | char *newpath = expand_user_path(path); |
302 | if (!newpath || (PATH_MAX - 10 < strlen(newpath))) { | |
303 | free(newpath); | |
d79374c7 | 304 | return NULL; |
395de250 MM |
305 | } |
306 | /* | |
307 | * Copy back into the static buffer. A pity | |
308 | * since newpath was not bounded, but other | |
309 | * branches of the if are limited by PATH_MAX | |
310 | * anyway. | |
311 | */ | |
312 | strcpy(used_path, newpath); free(newpath); | |
d79374c7 JH |
313 | strcpy(validated_path, path); |
314 | path = used_path; | |
315 | } | |
316 | else if (PATH_MAX - 10 < len) | |
317 | return NULL; | |
318 | else { | |
319 | path = strcpy(used_path, path); | |
320 | strcpy(validated_path, path); | |
321 | } | |
322 | len = strlen(path); | |
323 | for (i = 0; suffix[i]; i++) { | |
324 | strcpy(path + len, suffix[i]); | |
325 | if (!access(path, F_OK)) { | |
326 | strcat(validated_path, suffix[i]); | |
327 | break; | |
328 | } | |
329 | } | |
330 | if (!suffix[i] || chdir(path)) | |
0870ca7f | 331 | return NULL; |
d79374c7 | 332 | path = validated_path; |
0870ca7f | 333 | } |
d79374c7 JH |
334 | else if (chdir(path)) |
335 | return NULL; | |
54f4b874 | 336 | |
d79374c7 | 337 | if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 && |
c847f537 | 338 | validate_headref("HEAD") == 0) { |
7627943a | 339 | setenv(GIT_DIR_ENVIRONMENT, ".", 1); |
1644162a | 340 | check_repository_format(); |
d79374c7 | 341 | return path; |
54f4b874 AE |
342 | } |
343 | ||
344 | return NULL; | |
345 | } | |
138086a7 | 346 | |
17e61b82 | 347 | int set_shared_perm(const char *path, int mode) |
138086a7 JH |
348 | { |
349 | struct stat st; | |
17e61b82 | 350 | int tweak, shared, orig_mode; |
138086a7 | 351 | |
17e61b82 JH |
352 | if (!shared_repository) { |
353 | if (mode) | |
354 | return chmod(path, mode & ~S_IFMT); | |
138086a7 | 355 | return 0; |
17e61b82 JH |
356 | } |
357 | if (!mode) { | |
358 | if (lstat(path, &st) < 0) | |
359 | return -1; | |
360 | mode = st.st_mode; | |
361 | orig_mode = mode; | |
362 | } else | |
363 | orig_mode = 0; | |
5a688fe4 JH |
364 | if (shared_repository < 0) |
365 | shared = -shared_repository; | |
366 | else | |
367 | shared = shared_repository; | |
368 | tweak = shared; | |
369 | ||
370 | if (!(mode & S_IWUSR)) | |
371 | tweak &= ~0222; | |
372 | if (mode & S_IXUSR) | |
373 | /* Copy read bits to execute bits */ | |
374 | tweak |= (tweak & 0444) >> 2; | |
375 | if (shared_repository < 0) | |
376 | mode = (mode & ~0777) | tweak; | |
377 | else | |
8c6202d8 | 378 | mode |= tweak; |
06cbe855 HO |
379 | |
380 | if (S_ISDIR(mode)) { | |
06cbe855 | 381 | /* Copy read bits to execute bits */ |
5a688fe4 JH |
382 | mode |= (shared & 0444) >> 2; |
383 | mode |= FORCE_DIR_SET_GID; | |
06cbe855 HO |
384 | } |
385 | ||
5a688fe4 | 386 | if (((shared_repository < 0 |
17e61b82 JH |
387 | ? (orig_mode & (FORCE_DIR_SET_GID | 0777)) |
388 | : (orig_mode & mode)) != mode) && | |
389 | chmod(path, (mode & ~S_IFMT)) < 0) | |
138086a7 JH |
390 | return -2; |
391 | return 0; | |
392 | } | |
e5392c51 | 393 | |
044bbbcb LT |
394 | const char *make_relative_path(const char *abs, const char *base) |
395 | { | |
396 | static char buf[PATH_MAX + 1]; | |
288123f0 JH |
397 | int i = 0, j = 0; |
398 | ||
399 | if (!base || !base[0]) | |
044bbbcb | 400 | return abs; |
288123f0 JH |
401 | while (base[i]) { |
402 | if (is_dir_sep(base[i])) { | |
403 | if (!is_dir_sep(abs[j])) | |
404 | return abs; | |
405 | while (is_dir_sep(base[i])) | |
406 | i++; | |
407 | while (is_dir_sep(abs[j])) | |
408 | j++; | |
409 | continue; | |
410 | } else if (abs[j] != base[i]) { | |
411 | return abs; | |
412 | } | |
413 | i++; | |
414 | j++; | |
415 | } | |
416 | if ( | |
417 | /* "/foo" is a prefix of "/foo" */ | |
418 | abs[j] && | |
419 | /* "/foo" is not a prefix of "/foobar" */ | |
420 | !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j]) | |
421 | ) | |
044bbbcb | 422 | return abs; |
288123f0 JH |
423 | while (is_dir_sep(abs[j])) |
424 | j++; | |
425 | if (!abs[j]) | |
426 | strcpy(buf, "."); | |
427 | else | |
428 | strcpy(buf, abs + j); | |
044bbbcb LT |
429 | return buf; |
430 | } | |
ae299be0 DR |
431 | |
432 | /* | |
f2a782b8 | 433 | * It is okay if dst == src, but they should not overlap otherwise. |
ae299be0 | 434 | * |
f2a782b8 JS |
435 | * Performs the following normalizations on src, storing the result in dst: |
436 | * - Ensures that components are separated by '/' (Windows only) | |
437 | * - Squashes sequences of '/'. | |
ae299be0 DR |
438 | * - Removes "." components. |
439 | * - Removes ".." components, and the components the precede them. | |
f2a782b8 JS |
440 | * Returns failure (non-zero) if a ".." component appears as first path |
441 | * component anytime during the normalization. Otherwise, returns success (0). | |
ae299be0 DR |
442 | * |
443 | * Note that this function is purely textual. It does not follow symlinks, | |
444 | * verify the existence of the path, or make any system calls. | |
445 | */ | |
f3cad0ad | 446 | int normalize_path_copy(char *dst, const char *src) |
ae299be0 | 447 | { |
f3cad0ad | 448 | char *dst0; |
ae299be0 | 449 | |
f3cad0ad JS |
450 | if (has_dos_drive_prefix(src)) { |
451 | *dst++ = *src++; | |
452 | *dst++ = *src++; | |
ae299be0 | 453 | } |
f3cad0ad | 454 | dst0 = dst; |
ae299be0 | 455 | |
f3cad0ad | 456 | if (is_dir_sep(*src)) { |
ae299be0 | 457 | *dst++ = '/'; |
f3cad0ad JS |
458 | while (is_dir_sep(*src)) |
459 | src++; | |
460 | } | |
461 | ||
462 | for (;;) { | |
463 | char c = *src; | |
464 | ||
465 | /* | |
466 | * A path component that begins with . could be | |
467 | * special: | |
468 | * (1) "." and ends -- ignore and terminate. | |
469 | * (2) "./" -- ignore them, eat slash and continue. | |
470 | * (3) ".." and ends -- strip one and terminate. | |
471 | * (4) "../" -- strip one, eat slash and continue. | |
472 | */ | |
473 | if (c == '.') { | |
474 | if (!src[1]) { | |
475 | /* (1) */ | |
476 | src++; | |
477 | } else if (is_dir_sep(src[1])) { | |
478 | /* (2) */ | |
479 | src += 2; | |
480 | while (is_dir_sep(*src)) | |
481 | src++; | |
482 | continue; | |
483 | } else if (src[1] == '.') { | |
484 | if (!src[2]) { | |
485 | /* (3) */ | |
486 | src += 2; | |
487 | goto up_one; | |
488 | } else if (is_dir_sep(src[2])) { | |
489 | /* (4) */ | |
490 | src += 3; | |
491 | while (is_dir_sep(*src)) | |
492 | src++; | |
493 | goto up_one; | |
494 | } | |
495 | } | |
496 | } | |
ae299be0 | 497 | |
f3cad0ad JS |
498 | /* copy up to the next '/', and eat all '/' */ |
499 | while ((c = *src++) != '\0' && !is_dir_sep(c)) | |
500 | *dst++ = c; | |
501 | if (is_dir_sep(c)) { | |
502 | *dst++ = '/'; | |
503 | while (is_dir_sep(c)) | |
504 | c = *src++; | |
505 | src--; | |
506 | } else if (!c) | |
507 | break; | |
508 | continue; | |
509 | ||
510 | up_one: | |
511 | /* | |
512 | * dst0..dst is prefix portion, and dst[-1] is '/'; | |
513 | * go up one level. | |
514 | */ | |
f42302b4 JS |
515 | dst--; /* go to trailing '/' */ |
516 | if (dst <= dst0) | |
f3cad0ad | 517 | return -1; |
f42302b4 JS |
518 | /* Windows: dst[-1] cannot be backslash anymore */ |
519 | while (dst0 < dst && dst[-1] != '/') | |
520 | dst--; | |
f3cad0ad | 521 | } |
ae299be0 | 522 | *dst = '\0'; |
f3cad0ad | 523 | return 0; |
ae299be0 | 524 | } |
0454dd93 DR |
525 | |
526 | /* | |
527 | * path = Canonical absolute path | |
528 | * prefix_list = Colon-separated list of absolute paths | |
529 | * | |
2860b57a | 530 | * Determines, for each path in prefix_list, whether the "prefix" really |
0454dd93 DR |
531 | * is an ancestor directory of path. Returns the length of the longest |
532 | * ancestor directory, excluding any trailing slashes, or -1 if no prefix | |
533 | * is an ancestor. (Note that this means 0 is returned if prefix_list is | |
534 | * "/".) "/foo" is not considered an ancestor of "/foobar". Directories | |
535 | * are not considered to be their own ancestors. path must be in a | |
536 | * canonical form: empty components, or "." or ".." components are not | |
537 | * allowed. prefix_list may be null, which is like "". | |
538 | */ | |
539 | int longest_ancestor_length(const char *path, const char *prefix_list) | |
540 | { | |
541 | char buf[PATH_MAX+1]; | |
542 | const char *ceil, *colon; | |
543 | int len, max_len = -1; | |
544 | ||
545 | if (prefix_list == NULL || !strcmp(path, "/")) | |
546 | return -1; | |
547 | ||
548 | for (colon = ceil = prefix_list; *colon; ceil = colon+1) { | |
43a7ddb5 | 549 | for (colon = ceil; *colon && *colon != PATH_SEP; colon++); |
0454dd93 DR |
550 | len = colon - ceil; |
551 | if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil)) | |
552 | continue; | |
553 | strlcpy(buf, ceil, len+1); | |
43a7ddb5 RS |
554 | if (normalize_path_copy(buf, buf) < 0) |
555 | continue; | |
556 | len = strlen(buf); | |
557 | if (len > 0 && buf[len-1] == '/') | |
558 | buf[--len] = '\0'; | |
0454dd93 DR |
559 | |
560 | if (!strncmp(path, buf, len) && | |
561 | path[len] == '/' && | |
562 | len > max_len) { | |
563 | max_len = len; | |
564 | } | |
565 | } | |
566 | ||
567 | return max_len; | |
568 | } | |
4fcc86b0 JS |
569 | |
570 | /* strip arbitrary amount of directory separators at end of path */ | |
571 | static inline int chomp_trailing_dir_sep(const char *path, int len) | |
572 | { | |
573 | while (len && is_dir_sep(path[len - 1])) | |
574 | len--; | |
575 | return len; | |
576 | } | |
577 | ||
578 | /* | |
579 | * If path ends with suffix (complete path components), returns the | |
580 | * part before suffix (sans trailing directory separators). | |
581 | * Otherwise returns NULL. | |
582 | */ | |
583 | char *strip_path_suffix(const char *path, const char *suffix) | |
584 | { | |
585 | int path_len = strlen(path), suffix_len = strlen(suffix); | |
586 | ||
587 | while (suffix_len) { | |
588 | if (!path_len) | |
589 | return NULL; | |
590 | ||
591 | if (is_dir_sep(path[path_len - 1])) { | |
592 | if (!is_dir_sep(suffix[suffix_len - 1])) | |
593 | return NULL; | |
594 | path_len = chomp_trailing_dir_sep(path, path_len); | |
595 | suffix_len = chomp_trailing_dir_sep(suffix, suffix_len); | |
596 | } | |
597 | else if (path[--path_len] != suffix[--suffix_len]) | |
598 | return NULL; | |
599 | } | |
600 | ||
601 | if (path_len && !is_dir_sep(path[path_len - 1])) | |
602 | return NULL; | |
603 | return xstrndup(path, chomp_trailing_dir_sep(path, path_len)); | |
604 | } | |
34b6cb8b SP |
605 | |
606 | int daemon_avoid_alias(const char *p) | |
607 | { | |
608 | int sl, ndot; | |
609 | ||
610 | /* | |
611 | * This resurrects the belts and suspenders paranoia check by HPA | |
612 | * done in <435560F7.4080006@zytor.com> thread, now enter_repo() | |
9517e6b8 | 613 | * does not do getcwd() based path canonicalization. |
34b6cb8b SP |
614 | * |
615 | * sl becomes true immediately after seeing '/' and continues to | |
616 | * be true as long as dots continue after that without intervening | |
617 | * non-dot character. | |
618 | */ | |
619 | if (!p || (*p != '/' && *p != '~')) | |
620 | return -1; | |
621 | sl = 1; ndot = 0; | |
622 | p++; | |
623 | ||
624 | while (1) { | |
625 | char ch = *p++; | |
626 | if (sl) { | |
627 | if (ch == '.') | |
628 | ndot++; | |
629 | else if (ch == '/') { | |
630 | if (ndot < 3) | |
631 | /* reject //, /./ and /../ */ | |
632 | return -1; | |
633 | ndot = 0; | |
634 | } | |
635 | else if (ch == 0) { | |
636 | if (0 < ndot && ndot < 3) | |
637 | /* reject /.$ and /..$ */ | |
638 | return -1; | |
639 | return 0; | |
640 | } | |
641 | else | |
642 | sl = ndot = 0; | |
643 | } | |
644 | else if (ch == 0) | |
645 | return 0; | |
646 | else if (ch == '/') { | |
647 | sl = 1; | |
648 | ndot = 0; | |
649 | } | |
650 | } | |
651 | } |