1/*	$OpenBSD: sftp-realpath.c,v 1.2 2021/09/02 21:03:54 deraadt Exp $ */
2/*
3 * Copyright (c) 2003 Constantin S. Svintsoff <kostik@iclub.nsu.ru>
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 * 3. The names of the authors may not be used to endorse or promote
14 *    products derived from this software without specific prior written
15 *    permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 */
29
30#include "includes.h"
31
32#include <sys/types.h>
33#include <sys/stat.h>
34
35#include <errno.h>
36#include <stdlib.h>
37#include <stddef.h>
38#include <string.h>
39#include <unistd.h>
40#include <limits.h>
41
42#ifndef SYMLOOP_MAX
43# define SYMLOOP_MAX 32
44#endif
45
46/* XXX rewrite sftp-server to use POSIX realpath and remove this hack */
47
48char *sftp_realpath(const char *path, char *resolved);
49
50/*
51 * char *realpath(const char *path, char resolved[PATH_MAX]);
52 *
53 * Find the real name of path, by removing all ".", ".." and symlink
54 * components.  Returns (resolved) on success, or (NULL) on failure,
55 * in which case the path which caused trouble is left in (resolved).
56 */
57char *
58sftp_realpath(const char *path, char *resolved)
59{
60	struct stat sb;
61	char *p, *q, *s;
62	size_t left_len, resolved_len;
63	unsigned symlinks;
64	int serrno, slen, mem_allocated;
65	char left[PATH_MAX], next_token[PATH_MAX], symlink[PATH_MAX];
66
67	if (path[0] == '\0') {
68		errno = ENOENT;
69		return (NULL);
70	}
71
72	serrno = errno;
73
74	if (resolved == NULL) {
75		resolved = malloc(PATH_MAX);
76		if (resolved == NULL)
77			return (NULL);
78		mem_allocated = 1;
79	} else
80		mem_allocated = 0;
81
82	symlinks = 0;
83	if (path[0] == '/') {
84		resolved[0] = '/';
85		resolved[1] = '\0';
86		if (path[1] == '\0')
87			return (resolved);
88		resolved_len = 1;
89		left_len = strlcpy(left, path + 1, sizeof(left));
90	} else {
91		if (getcwd(resolved, PATH_MAX) == NULL) {
92			if (mem_allocated)
93				free(resolved);
94			else
95				strlcpy(resolved, ".", PATH_MAX);
96			return (NULL);
97		}
98		resolved_len = strlen(resolved);
99		left_len = strlcpy(left, path, sizeof(left));
100	}
101	if (left_len >= sizeof(left) || resolved_len >= PATH_MAX) {
102		errno = ENAMETOOLONG;
103		goto err;
104	}
105
106	/*
107	 * Iterate over path components in `left'.
108	 */
109	while (left_len != 0) {
110		/*
111		 * Extract the next path component and adjust `left'
112		 * and its length.
113		 */
114		p = strchr(left, '/');
115		s = p ? p : left + left_len;
116		if (s - left >= (ptrdiff_t)sizeof(next_token)) {
117			errno = ENAMETOOLONG;
118			goto err;
119		}
120		memcpy(next_token, left, s - left);
121		next_token[s - left] = '\0';
122		left_len -= s - left;
123		if (p != NULL)
124			memmove(left, s + 1, left_len + 1);
125		if (resolved[resolved_len - 1] != '/') {
126			if (resolved_len + 1 >= PATH_MAX) {
127				errno = ENAMETOOLONG;
128				goto err;
129			}
130			resolved[resolved_len++] = '/';
131			resolved[resolved_len] = '\0';
132		}
133		if (next_token[0] == '\0')
134			continue;
135		else if (strcmp(next_token, ".") == 0)
136			continue;
137		else if (strcmp(next_token, "..") == 0) {
138			/*
139			 * Strip the last path component except when we have
140			 * single "/"
141			 */
142			if (resolved_len > 1) {
143				resolved[resolved_len - 1] = '\0';
144				q = strrchr(resolved, '/') + 1;
145				*q = '\0';
146				resolved_len = q - resolved;
147			}
148			continue;
149		}
150
151		/*
152		 * Append the next path component and lstat() it. If
153		 * lstat() fails we still can return successfully if
154		 * there are no more path components left.
155		 */
156		resolved_len = strlcat(resolved, next_token, PATH_MAX);
157		if (resolved_len >= PATH_MAX) {
158			errno = ENAMETOOLONG;
159			goto err;
160		}
161		if (lstat(resolved, &sb) != 0) {
162			if (errno == ENOENT && p == NULL) {
163				errno = serrno;
164				return (resolved);
165			}
166			goto err;
167		}
168		if (S_ISLNK(sb.st_mode)) {
169			if (symlinks++ > SYMLOOP_MAX) {
170				errno = ELOOP;
171				goto err;
172			}
173			slen = readlink(resolved, symlink, sizeof(symlink) - 1);
174			if (slen < 0)
175				goto err;
176			symlink[slen] = '\0';
177			if (symlink[0] == '/') {
178				resolved[1] = 0;
179				resolved_len = 1;
180			} else if (resolved_len > 1) {
181				/* Strip the last path component. */
182				resolved[resolved_len - 1] = '\0';
183				q = strrchr(resolved, '/') + 1;
184				*q = '\0';
185				resolved_len = q - resolved;
186			}
187
188			/*
189			 * If there are any path components left, then
190			 * append them to symlink. The result is placed
191			 * in `left'.
192			 */
193			if (p != NULL) {
194				if (symlink[slen - 1] != '/') {
195					if (slen + 1 >=
196					    (ptrdiff_t)sizeof(symlink)) {
197						errno = ENAMETOOLONG;
198						goto err;
199					}
200					symlink[slen] = '/';
201					symlink[slen + 1] = 0;
202				}
203				left_len = strlcat(symlink, left, sizeof(symlink));
204				if (left_len >= sizeof(symlink)) {
205					errno = ENAMETOOLONG;
206					goto err;
207				}
208			}
209			left_len = strlcpy(left, symlink, sizeof(left));
210		}
211	}
212
213	/*
214	 * Remove trailing slash except when the resolved pathname
215	 * is a single "/".
216	 */
217	if (resolved_len > 1 && resolved[resolved_len - 1] == '/')
218		resolved[resolved_len - 1] = '\0';
219	return (resolved);
220
221err:
222	if (mem_allocated)
223		free(resolved);
224	return (NULL);
225}
226