wordexp.c revision 289938 
1/*-
2 * Copyright (c) 2002 Tim J. Robbins.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27#include "namespace.h"
28#include <sys/cdefs.h>
29#include <sys/types.h>
30#include <sys/wait.h>
31#include <errno.h>
32#include <fcntl.h>
33#include <paths.h>
34#include <signal.h>
35#include <stdbool.h>
36#include <stdio.h>
37#include <stdlib.h>
38#include <string.h>
39#include <unistd.h>
40#include <wordexp.h>
41#include "un-namespace.h"
42#include "libc_private.h"
43
44__FBSDID("$FreeBSD: stable/10/lib/libc/gen/wordexp.c 289938 2015-10-25 17:17:50Z jilles $");
45
46static int	we_askshell(const char *, wordexp_t *, int);
47static int	we_check(const char *);
48
49/*
50 * wordexp --
51 *	Perform shell word expansion on `words' and place the resulting list
52 *	of words in `we'. See wordexp(3).
53 *
54 *	Specified by IEEE Std. 1003.1-2001.
55 */
56int
57wordexp(const char * __restrict words, wordexp_t * __restrict we, int flags)
58{
59	int error;
60
61	if (flags & WRDE_REUSE)
62		wordfree(we);
63	if ((flags & WRDE_APPEND) == 0) {
64		we->we_wordc = 0;
65		we->we_wordv = NULL;
66		we->we_strings = NULL;
67		we->we_nbytes = 0;
68	}
69	if ((error = we_check(words)) != 0) {
70		wordfree(we);
71		return (error);
72	}
73	if ((error = we_askshell(words, we, flags)) != 0) {
74		wordfree(we);
75		return (error);
76	}
77	return (0);
78}
79
80static size_t
81we_read_fully(int fd, char *buffer, size_t len)
82{
83	size_t done;
84	ssize_t nread;
85
86	done = 0;
87	do {
88		nread = _read(fd, buffer + done, len - done);
89		if (nread == -1 && errno == EINTR)
90			continue;
91		if (nread <= 0)
92			break;
93		done += nread;
94	} while (done != len);
95	return done;
96}
97
98static bool
99we_write_fully(int fd, const char *buffer, size_t len)
100{
101	size_t done;
102	ssize_t nwritten;
103
104	done = 0;
105	do {
106		nwritten = _write(fd, buffer + done, len - done);
107		if (nwritten == -1 && errno == EINTR)
108			continue;
109		if (nwritten <= 0)
110			return (false);
111		done += nwritten;
112	} while (done != len);
113	return (true);
114}
115
116/*
117 * we_askshell --
118 *	Use the `freebsd_wordexp' /bin/sh builtin function to do most of the
119 *	work in expanding the word string. This function is complicated by
120 *	memory management.
121 */
122static int
123we_askshell(const char *words, wordexp_t *we, int flags)
124{
125	int pdesw[2];			/* Pipe for writing words */
126	int pdes[2];			/* Pipe for reading output */
127	char wfdstr[sizeof(int) * 3 + 1];
128	char buf[35];			/* Buffer for byte and word count */
129	long nwords, nbytes;		/* Number of words, bytes from child */
130	long i;				/* Handy integer */
131	size_t sofs;			/* Offset into we->we_strings */
132	size_t vofs;			/* Offset into we->we_wordv */
133	pid_t pid;			/* Process ID of child */
134	pid_t wpid;			/* waitpid return value */
135	int status;			/* Child exit status */
136	int error;			/* Our return value */
137	int serrno;			/* errno to return */
138	char *np, *p;			/* Handy pointers */
139	char *nstrings;			/* Temporary for realloc() */
140	char **nwv;			/* Temporary for realloc() */
141	sigset_t newsigblock, oldsigblock;
142	const char *ifs;
143
144	serrno = errno;
145	ifs = getenv("IFS");
146
147	if (pipe2(pdesw, O_CLOEXEC) < 0)
148		return (WRDE_NOSPACE);	/* XXX */
149	snprintf(wfdstr, sizeof(wfdstr), "%d", pdesw[0]);
150	if (pipe2(pdes, O_CLOEXEC) < 0) {
151		_close(pdesw[0]);
152		_close(pdesw[1]);
153		return (WRDE_NOSPACE);	/* XXX */
154	}
155	(void)sigemptyset(&newsigblock);
156	(void)sigaddset(&newsigblock, SIGCHLD);
157	(void)__libc_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
158	if ((pid = fork()) < 0) {
159		serrno = errno;
160		_close(pdesw[0]);
161		_close(pdesw[1]);
162		_close(pdes[0]);
163		_close(pdes[1]);
164		(void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
165		errno = serrno;
166		return (WRDE_NOSPACE);	/* XXX */
167	}
168	else if (pid == 0) {
169		/*
170		 * We are the child; make /bin/sh expand `words'.
171		 */
172		(void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
173		if ((pdes[1] != STDOUT_FILENO ?
174		    _dup2(pdes[1], STDOUT_FILENO) :
175		    _fcntl(pdes[1], F_SETFD, 0)) < 0)
176			_exit(1);
177		if (_fcntl(pdesw[0], F_SETFD, 0) < 0)
178			_exit(1);
179		execl(_PATH_BSHELL, "sh", flags & WRDE_UNDEF ? "-u" : "+u",
180		    "-c", "IFS=$1;eval \"$2\";"
181		    "freebsd_wordexp -f \"$3\" ${4:+\"$4\"}",
182		    "",
183		    ifs != NULL ? ifs : " \t\n",
184		    flags & WRDE_SHOWERR ? "" : "exec 2>/dev/null",
185		    wfdstr,
186		    flags & WRDE_NOCMD ? "-p" : "",
187		    (char *)NULL);
188		_exit(1);
189	}
190
191	/*
192	 * We are the parent; write the words.
193	 */
194	_close(pdes[1]);
195	_close(pdesw[0]);
196	if (!we_write_fully(pdesw[1], words, strlen(words))) {
197		_close(pdesw[1]);
198		error = WRDE_SYNTAX;
199		goto cleanup;
200	}
201	_close(pdesw[1]);
202	/*
203	 * Read the output of the shell wordexp function,
204	 * which is a byte indicating that the words were parsed successfully,
205	 * a 64-bit hexadecimal word count, a dummy byte, a 64-bit hexadecimal
206	 * byte count (not including terminating null bytes), followed by the
207	 * expanded words separated by nulls.
208	 */
209	switch (we_read_fully(pdes[0], buf, 34)) {
210	case 1:
211		error = buf[0] == 'C' ? WRDE_CMDSUB :
212		    flags & WRDE_UNDEF ? WRDE_BADVAL :
213		    WRDE_SYNTAX;
214		serrno = errno;
215		goto cleanup;
216	case 34:
217		break;
218	default:
219		error = WRDE_SYNTAX;
220		serrno = errno;
221		goto cleanup;
222	}
223	buf[17] = '\0';
224	nwords = strtol(buf + 1, NULL, 16);
225	buf[34] = '\0';
226	nbytes = strtol(buf + 18, NULL, 16) + nwords;
227
228	/*
229	 * Allocate or reallocate (when flags & WRDE_APPEND) the word vector
230	 * and string storage buffers for the expanded words we're about to
231	 * read from the child.
232	 */
233	sofs = we->we_nbytes;
234	vofs = we->we_wordc;
235	if ((flags & (WRDE_DOOFFS|WRDE_APPEND)) == (WRDE_DOOFFS|WRDE_APPEND))
236		vofs += we->we_offs;
237	we->we_wordc += nwords;
238	we->we_nbytes += nbytes;
239	if ((nwv = realloc(we->we_wordv, (we->we_wordc + 1 +
240	    (flags & WRDE_DOOFFS ?  we->we_offs : 0)) *
241	    sizeof(char *))) == NULL) {
242		error = WRDE_NOSPACE;
243		goto cleanup;
244	}
245	we->we_wordv = nwv;
246	if ((nstrings = realloc(we->we_strings, we->we_nbytes)) == NULL) {
247		error = WRDE_NOSPACE;
248		goto cleanup;
249	}
250	for (i = 0; i < vofs; i++)
251		if (we->we_wordv[i] != NULL)
252			we->we_wordv[i] += nstrings - we->we_strings;
253	we->we_strings = nstrings;
254
255	if (we_read_fully(pdes[0], we->we_strings + sofs, nbytes) != nbytes) {
256		error = flags & WRDE_UNDEF ? WRDE_BADVAL : WRDE_SYNTAX;
257		serrno = errno;
258		goto cleanup;
259	}
260
261	error = 0;
262cleanup:
263	_close(pdes[0]);
264	do
265		wpid = _waitpid(pid, &status, 0);
266	while (wpid < 0 && errno == EINTR);
267	(void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
268	if (error != 0) {
269		errno = serrno;
270		return (error);
271	}
272	if (wpid < 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0)
273		return (flags & WRDE_UNDEF ? WRDE_BADVAL : WRDE_SYNTAX);
274
275	/*
276	 * Break the null-terminated expanded word strings out into
277	 * the vector.
278	 */
279	if (vofs == 0 && flags & WRDE_DOOFFS)
280		while (vofs < we->we_offs)
281			we->we_wordv[vofs++] = NULL;
282	p = we->we_strings + sofs;
283	while (nwords-- != 0) {
284		we->we_wordv[vofs++] = p;
285		if ((np = memchr(p, '\0', nbytes)) == NULL)
286			return (WRDE_NOSPACE);	/* XXX */
287		nbytes -= np - p + 1;
288		p = np + 1;
289	}
290	we->we_wordv[vofs] = NULL;
291
292	return (0);
293}
294
295/*
296 * we_check --
297 *	Check that the string contains none of the following unquoted
298 *	special characters: <newline> |&;<>(){}
299 *	This mainly serves for {} which are normally legal in sh.
300 *	It deliberately does not attempt to model full sh syntax.
301 */
302static int
303we_check(const char *words)
304{
305	char c;
306	/* Saw \ or $, possibly not special: */
307	bool quote = false, dollar = false;
308	/* Saw ', ", ${, ` or $(, possibly not special: */
309	bool have_sq = false, have_dq = false, have_par_begin = false;
310	bool have_cmd = false;
311	/* Definitely saw a ', ", ${, ` or $(, need a closing character: */
312	bool need_sq = false, need_dq = false, need_par_end = false;
313	bool need_cmd_old = false, need_cmd_new = false;
314
315	while ((c = *words++) != '\0') {
316		switch (c) {
317		case '\\':
318			quote = !quote;
319			continue;
320		case '$':
321			if (quote)
322				quote = false;
323			else
324				dollar = !dollar;
325			continue;
326		case '\'':
327			if (!quote && !have_sq && !have_dq)
328				need_sq = true;
329			else
330				need_sq = false;
331			have_sq = true;
332			break;
333		case '"':
334			if (!quote && !have_sq && !have_dq)
335				need_dq = true;
336			else
337				need_dq = false;
338			have_dq = true;
339			break;
340		case '`':
341			if (!quote && !have_sq && !have_cmd)
342				need_cmd_old = true;
343			else
344				need_cmd_old = false;
345			have_cmd = true;
346			break;
347		case '{':
348			if (!quote && !dollar && !have_sq && !have_dq &&
349			    !have_cmd)
350				return (WRDE_BADCHAR);
351			if (dollar) {
352				if (!quote && !have_sq)
353					need_par_end = true;
354				have_par_begin = true;
355			}
356			break;
357		case '}':
358			if (!quote && !have_sq && !have_dq && !have_par_begin &&
359			    !have_cmd)
360				return (WRDE_BADCHAR);
361			need_par_end = false;
362			break;
363		case '(':
364			if (!quote && !dollar && !have_sq && !have_dq &&
365			    !have_cmd)
366				return (WRDE_BADCHAR);
367			if (dollar) {
368				if (!quote && !have_sq)
369					need_cmd_new = true;
370				have_cmd = true;
371			}
372			break;
373		case ')':
374			if (!quote && !have_sq && !have_dq && !have_cmd)
375				return (WRDE_BADCHAR);
376			need_cmd_new = false;
377			break;
378		case '|': case '&': case ';': case '<': case '>': case '\n':
379			if (!quote && !have_sq && !have_dq && !have_cmd)
380				return (WRDE_BADCHAR);
381			break;
382		default:
383			break;
384		}
385		quote = dollar = false;
386	}
387	if (quote || dollar || need_sq || need_dq || need_par_end ||
388	    need_cmd_old || need_cmd_new)
389		return (WRDE_SYNTAX);
390
391	return (0);
392}
393
394/*
395 * wordfree --
396 *	Free the result of wordexp(). See wordexp(3).
397 *
398 *	Specified by IEEE Std. 1003.1-2001.
399 */
400void
401wordfree(wordexp_t *we)
402{
403
404	if (we == NULL)
405		return;
406	free(we->we_wordv);
407	free(we->we_strings);
408	we->we_wordv = NULL;
409	we->we_strings = NULL;
410	we->we_nbytes = 0;
411	we->we_wordc = 0;
412}
413