1 /* Read symbolic links into a buffer without size limitation, relative to fd.
2
3 Copyright (C) 2001, 2003-2004, 2007, 2009-2020 Free Software Foundation,
4 Inc.
5
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <https://www.gnu.org/licenses/>. */
18
19 /* Written by Paul Eggert, Bruno Haible, and Jim Meyering. */
20
21 #include <config.h>
22
23 #include "careadlinkat.h"
24
25 #include <errno.h>
26 #include <limits.h>
27 #include <string.h>
28 #include <unistd.h>
29
30 /* Define this independently so that stdint.h is not a prerequisite. */
31 #ifndef SIZE_MAX
32 # define SIZE_MAX ((size_t) -1)
33 #endif
34
35 #ifndef SSIZE_MAX
36 # define SSIZE_MAX ((ssize_t) (SIZE_MAX / 2))
37 #endif
38
39 #include "allocator.h"
40
41 /* Assuming the current directory is FD, get the symbolic link value
42 of FILENAME as a null-terminated string and put it into a buffer.
43 If FD is AT_FDCWD, FILENAME is interpreted relative to the current
44 working directory, as in openat.
45
46 If the link is small enough to fit into BUFFER put it there.
47 BUFFER's size is BUFFER_SIZE, and BUFFER can be null
48 if BUFFER_SIZE is zero.
49
50 If the link is not small, put it into a dynamically allocated
51 buffer managed by ALLOC. It is the caller's responsibility to free
52 the returned value if it is nonnull and is not BUFFER. A null
53 ALLOC stands for the standard allocator.
54
55 The PREADLINKAT function specifies how to read links. It operates
56 like POSIX readlinkat()
57 <https://pubs.opengroup.org/onlinepubs/9699919799/functions/readlink.html>
58 but can assume that its first argument is the same as FD.
59
60 If successful, return the buffer address; otherwise return NULL and
61 set errno. */
62
63 char *
careadlinkat(int fd,char const * filename,char * buffer,size_t buffer_size,struct allocator const * alloc,ssize_t (* preadlinkat)(int,char const *,char *,size_t))64 careadlinkat (int fd, char const *filename,
65 char *buffer, size_t buffer_size,
66 struct allocator const *alloc,
67 ssize_t (*preadlinkat) (int, char const *, char *, size_t))
68 {
69 char *buf;
70 size_t buf_size;
71 size_t buf_size_max =
72 SSIZE_MAX < SIZE_MAX ? (size_t) SSIZE_MAX + 1 : SIZE_MAX;
73 char stack_buf[1024];
74
75 #if (defined GCC_LINT || defined lint) && _GL_GNUC_PREREQ (10, 1)
76 /* Pacify preadlinkat without creating a pointer to the stack
77 that a broken gcc -Wreturn-local-addr would cry wolf about. See:
78 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95044
79 This workaround differs from the mainline code, but
80 no other way to pacify GCC 10.1.0 is known; even an explicit
81 #pragma does not pacify GCC. When the GCC bug is fixed this
82 workaround should be limited to the broken GCC versions. */
83 # define WORK_AROUND_GCC_BUG_95044
84 #endif
85
86 if (! alloc)
87 alloc = &stdlib_allocator;
88
89 if (!buffer)
90 {
91 #ifdef WORK_AROUND_GCC_BUG_95044
92 buffer = alloc->allocate (sizeof stack_buf);
93 #else
94 /* Allocate the initial buffer on the stack. This way, in the
95 common case of a symlink of small size, we get away with a
96 single small malloc() instead of a big malloc() followed by a
97 shrinking realloc(). */
98 buffer = stack_buf;
99 #endif
100 buffer_size = sizeof stack_buf;
101 }
102
103 buf = buffer;
104 buf_size = buffer_size;
105
106 while (buf)
107 {
108 /* Attempt to read the link into the current buffer. */
109 ssize_t link_length = preadlinkat (fd, filename, buf, buf_size);
110 size_t link_size;
111 if (link_length < 0)
112 {
113 /* On AIX 5L v5.3 and HP-UX 11i v2 04/09, readlink returns -1
114 with errno == ERANGE if the buffer is too small. */
115 int readlinkat_errno = errno;
116 if (readlinkat_errno != ERANGE)
117 {
118 if (buf != buffer)
119 {
120 alloc->free (buf);
121 errno = readlinkat_errno;
122 }
123 return NULL;
124 }
125 }
126
127 link_size = link_length;
128
129 if (link_size < buf_size)
130 {
131 buf[link_size++] = '\0';
132
133 if (buf == stack_buf)
134 {
135 char *b = alloc->allocate (link_size);
136 buf_size = link_size;
137 if (! b)
138 break;
139 return memcpy (b, buf, link_size);
140 }
141
142 if (link_size < buf_size && buf != buffer && alloc->reallocate)
143 {
144 /* Shrink BUF before returning it. */
145 char *b = alloc->reallocate (buf, link_size);
146 if (b)
147 return b;
148 }
149
150 return buf;
151 }
152
153 if (buf != buffer)
154 alloc->free (buf);
155
156 if (buf_size < buf_size_max / 2)
157 buf_size = 2 * buf_size + 1;
158 else if (buf_size < buf_size_max)
159 buf_size = buf_size_max;
160 else if (buf_size_max < SIZE_MAX)
161 {
162 errno = ENAMETOOLONG;
163 return NULL;
164 }
165 else
166 break;
167 buf = alloc->allocate (buf_size);
168 }
169
170 if (alloc->die)
171 alloc->die (buf_size);
172 errno = ENOMEM;
173 return NULL;
174 }
175