diff options
| author | Paul Eggert <eggert@cs.ucla.edu> | 2020-12-24 11:38:48 -0800 |
|---|---|---|
| committer | Paul Eggert <eggert@cs.ucla.edu> | 2020-12-24 12:06:48 -0800 |
| commit | f58714504e607a7c9d631073a356b2cd3cbf96c7 (patch) | |
| tree | c1f6d14c4920f4effa37ba1f1595dc717a0e91f0 /lib/canonicalize-lgpl.c | |
| parent | 6c98a29696b591c9a357183fac657f5547b6118a (diff) | |
| download | gnulib-f58714504e607a7c9d631073a356b2cd3cbf96c7.tar.gz | |
canonicalize: prefer faccessat to stat
A proper faccessat doesn't have the EOVERFLOW problem, and can be
more efficient as it needn't gather data from the filesystem to
fill in struct stat. So use stat only if faccessat is absent,
or when checking for symlink loops in canonicalize.c.
* lib/canonicalize-lgpl.c, lib/canonicalize.c:
Include fcntl.h, for AT_EACCESS.
(FACCESSAT_NEVER_EOVERFLOWS): Default to false.
(file_accessible): New function, based on faccessat but with
a fallback to stat and with an EOVERFLOW workaround.
(dir_check): Use it.
(dir_suffix): New static constant.
* lib/canonicalize-lgpl.c (FACCESSAT_NEVER_EOVERFLOWS) [_LIBC]:
Use __ASSUME_FACCESSAT2 to set FACCESSAT_NEVER_EOVERFLOWS
(__faccessat) [!_LIBC]: Define.
(realpath_stk): Use dir_suffix now.
* lib/canonicalize.c (canonicalize_filename_mode_stk):
If logical, don't check each component's existence; just check
at the end, as that's enough.
* m4/canonicalize.m4 (gl_FUNC_CANONICALIZE_FILENAME_MODE)
(gl_CANONICALIZE_LGPL_SEPARATE):
Require gl_FUNC_FACCESSAT_EOVERFLOW,
gl_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK, and check for faccessat.
(gl_CANONICALIZE_LGPL_SEPARATE): Do not check for readlink,
as the code does not use HAVE_READLINK.
* modules/canonicalize, modules/canonicalize-lgpl (Files):
Add m4/faccessat.m4, m4/lstat.m4.
(Depends-on): Add fcntl-lh.
Diffstat (limited to 'lib/canonicalize-lgpl.c')
| -rw-r--r-- | lib/canonicalize-lgpl.c | 55 |
1 files changed, 45 insertions, 10 deletions
diff --git a/lib/canonicalize-lgpl.c b/lib/canonicalize-lgpl.c index 431dc5a3ba..3d42185169 100644 --- a/lib/canonicalize-lgpl.c +++ b/lib/canonicalize-lgpl.c @@ -29,6 +29,7 @@ #include <stdlib.h> #include <errno.h> +#include <fcntl.h> #include <limits.h> #include <stdbool.h> #include <stddef.h> @@ -46,12 +47,19 @@ typedef ptrdiff_t idx_t; # define FILE_SYSTEM_PREFIX_LEN(name) 0 # define IS_ABSOLUTE_FILE_NAME(name) ISSLASH(*(name)) # define ISSLASH(c) ((c) == '/') +# include <sysdep.h> +# ifdef __ASSUME_FACCESSAT2 +# define FACCESSAT_NEVER_EOVERFLOWS __ASSUME_FACCESSAT2 +# else +# define FACCESSAT_NEVER_EOVERFLOWS true +# endif #else # define __canonicalize_file_name canonicalize_file_name # define __realpath realpath # include "idx.h" # include "pathmax.h" # include "filename.h" +# define __faccessat faccessat # if defined _WIN32 && !defined __CYGWIN__ # define __getcwd _getcwd # elif HAVE_GETCWD @@ -88,11 +96,30 @@ typedef ptrdiff_t idx_t; #endif #ifndef DOUBLE_SLASH_IS_DISTINCT_ROOT -# define DOUBLE_SLASH_IS_DISTINCT_ROOT 0 +# define DOUBLE_SLASH_IS_DISTINCT_ROOT false +#endif +#ifndef FACCESSAT_NEVER_EOVERFLOWS +# define FACCESSAT_NEVER_EOVERFLOWS false #endif #if !FUNC_REALPATH_WORKS || defined _LIBC +/* Return true if FILE's existence can be shown, false (setting errno) + otherwise. Follow symbolic links. */ +static bool +file_accessible (char const *file) +{ +# if defined _LIBC || HAVE_FACCESSAT + int r = __faccessat (AT_FDCWD, file, F_OK, AT_EACCESS); +# else + struct stat st; + int r = __stat (file, &st); +# endif + + return ((!FACCESSAT_NEVER_EOVERFLOWS && r < 0 && errno == EOVERFLOW) + || r == 0); +} + /* True if concatenating END as a suffix to a file name means that the code needs to check that the file name is that of a searchable directory, since the canonicalize_filename_mode_stk code won't @@ -125,18 +152,26 @@ suffix_requires_dir_check (char const *end) return false; } -/* Return true if DIR is a directory, false (setting errno) otherwise. +/* Append this to a file name to test whether it is a searchable directory. + On POSIX platforms "/" suffices, but "/./" is sometimes needed on + macOS 10.13 <https://bugs.gnu.org/30350>, and should also work on + platforms like AIX 7.2 that need at least "/.". */ + +#if defined _LIBC || defined LSTAT_FOLLOWS_SLASHED_SYMLINK +static char const dir_suffix[] = "/"; +#else +static char const dir_suffix[] = "/./"; +#endif + +/* Return true if DIR is a searchable dir, false (setting errno) otherwise. DIREND points to the NUL byte at the end of the DIR string. - Store garbage into DIREND[0] and DIREND[1]. */ + Store garbage into DIREND[0 .. strlen (dir_suffix)]. */ static bool dir_check (char *dir, char *dirend) { - /* Append "/"; otherwise EOVERFLOW would be ambiguous. */ - strcpy (dirend, "/"); - - struct stat st; - return __stat (dir, &st) == 0 || errno == EOVERFLOW; + strcpy (dirend, dir_suffix); + return file_accessible (dir); } static idx_t @@ -280,8 +315,8 @@ realpath_stk (const char *name, char *resolved, if (!ISSLASH (dest[-1])) *dest++ = '/'; - enum { dir_check_room = sizeof "/" }; - while (rname + rname_buf->length - dest < startlen + dir_check_room) + while (rname + rname_buf->length - dest + < startlen + sizeof dir_suffix) { idx_t dest_offset = dest - rname; if (!scratch_buffer_grow_preserve (rname_buf)) |