Commit Graph

34 Commits

Author SHA1 Message Date
Pedro F. Giffuni
d915a14ef0 libc: further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 2-Clause license, however the tool I
was using mis-identified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
2017-11-25 17:12:48 +00:00
Konstantin Belousov
cf5cedd785 Style.
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2017-05-15 17:54:36 +00:00
Konstantin Belousov
d933a4c06b Simplify cleanup on failure in realpath(3).
If realpath() allocated memory for result and failed, the memory is
freed in each place where return is performed.  More, the function
needs to track the allocation status, to not free user-supplied
buffer.

Consolidate the memory handling in the wrapper, freeing the buffer if
the actual worker failed.

Reviewed by:	emaste (previous version)
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
Differential revision:	https://reviews.freebsd.org/D10670
2017-05-15 17:34:17 +00:00
Konstantin Belousov
f81e5b2d9b Fix several buffer overflows in realpath(3).
- The statement "left_len -= s - left;" does not take the slash into
  account if one was found. This results in the invariant
  "left[left_len] == '\0'" being violated (and possible buffer
  overflows). The patch replaces the variable "s" with a size_t
  "next_token_len" for more clarity.
- "slen" from readlink(2) can be 0 when encountering empty
  symlinks. Then, further down, "symlink[slen - 1]" underflows the
  buffer. When slen == 0, realpath(3) should probably return ENOENT
  (http://austingroupbugs.net/view.php?id=825,
  https://lwn.net/Articles/551224/).

Some other minor issues:
- The condition "resolved_len >= PATH_MAX" cannot be true.
- Similarly, "s - left >= sizeof(next_token)" cannot be true, as long
  as "sizeof(next_token) >= sizeof(left)".
- Return ENAMETOOLONG when a resolved symlink from readlink(2) is too
  long for the symlink buffer (instead of just truncating it).
- "resolved_len > 1" below the call to readlink(2) is always true as
  "strlcat(resolved, next_token, PATH_MAX);" always results in a
  string of length > 1. Also, "resolved[resolved_len - 1] = '\0';" is
  not needed; there can never be a trailing slash here.
- The truncation check for "strlcat(symlink, left, sizeof(symlink));"
  should be against "sizeof(symlink)" (the third argument to strlcat)
  instead of "sizeof(left)".

Submitted by:	Jan Kokemц╪ller <jan.kokemueller@gmail.com>
PR:	219154
MFC after:	2 weeks
2017-05-15 17:14:53 +00:00
Jilles Tjoelker
310c8f3c99 realpath(): Properly fail "." or ".." components after non-directories.
If realpath() is called on pathnames like "/dev/null/." or "/dev/null/..",
it should fail with [ENOTDIR]. Pathnames like "/dev/null/" already failed as
they should.

Also, put the check for non-directories after lstatting the previous
component instead of when the empty component (consecutive or trailing
slashes) is detected, saving an lstat() call and some lines of code.

PR:		kern/82980
MFC after:	2 weeks
2014-04-13 19:48:28 +00:00
Gabor Kovesdan
ab3f6b347e - Correct mispellings of the word occurrence
Submitted by:	Christoph Mallon <christoph.mallon@gmx.de> (via private mail)
2013-04-17 11:40:10 +00:00
Ed Maste
7877ed7ce3 Avoid mapping ENOENT to ENOTDIR for non-existent path components.
The ENOTDIR mapping was introduced in r235266 for kern/128933 based on
an interpretation of the somewhat ambiguous language in the POSIX realpath
specification.  The interpretation is inconsistent with Solaris and Linux,
a regression from 9.0, and does not appear to be permitted by the
description of ENOTDIR:

     20 ENOTDIR Not a directory.  A component of the specified pathname
             existed, but it was not a directory, when a directory was
             expected.

PR:		standards/171577
MFC after:	3 days
2012-09-12 17:05:39 +00:00
Andrey A. Chernov
5f5a50728c 1) Although unpublished version of standard
http://austingroupbugs.net/view.php?id=385#c713
(Resolved state) recommend this way for the current standard (called
"earlier" in the text)

"However, earlier versions of this standard did not require this, and the
same example had to be written as:

    // buf was obtained by malloc(buflen)
    ret = write(fd, buf, buflen);
    if (ret < 0) {
        int save = errno;
        free(buf);
        errno = save;
        return ret;
    }
"

from feedback I have for previous commit it seems that many people prefer
to avoid mass code change needed for current standard compliance
and prefer to track unpublished standard instead, which requires now
that free() itself must save errno, not its usage code.

So, I back out "save errno across free()" part of previous commit,
and will fill PR for changing free() isntead.

2) Remove now unused serrno.

MFC after:      1 week
2012-06-05 16:16:33 +00:00
Andrey A. Chernov
96700463ec 1) IEEE Std 1003.1-2008, "errno" section, is explicit that
"The setting of errno after a successful call to a function is
unspecified unless the description of that function specifies that
errno shall not be modified."

However, free() in IEEE Std 1003.1-2008 does not mention its interaction
with errno, so MAY modify it after successful call
(it depends on particular free() implementation, OS-specific, etc.).

So, save errno across free() calls to make code portable and
POSIX-conformant.

2) Remove unused serrno assignment.

MFC after:      1 week
2012-06-04 21:34:49 +00:00
Konstantin Belousov
fdbe55fccb According to SUSv4, realpath(3) must fail if
[ENOENT]  A component of file_name does not name an existing file or
    file_name points to an empty string.
[ENOTDIR] A component of the path prefix is not a directory, or the
    file_name argument contains at least one non- <slash> character
    and ends with one or more trailing <slash> characters and the last
    pathname component names an existing file that is neither a
    directory nor a symbolic link to a directory.
Add checks for the listed conditions, and set errno accordingly.

Update the realpath(3) manpage to mention SUS behaviour. Remove the
requirement to include sys/param.h before stdlib.h.

PR:	    128933
MFC after:  3 weeks
2012-05-11 11:29:08 +00:00
Ed Schouten
24a92ae013 Fix a warning emitted by Clang.
The size passed to strlcat() must depend on the input length, not the
output length. Because the input and output buffers are equal in size,
the resulting binary does not change at all.
2011-11-04 19:56:34 +00:00
Konstantin Belousov
4e738f5a8d Fix some style(9) issues.
Do not use strlcpy() where simple assignment is enough.

Noted by:	bde (long time ago)
MFC after:	1 week
2011-01-08 11:04:30 +00:00
Konstantin Belousov
655c8a600b Free() is not allowed to modify errno, remove safety brackets around it [1].
Add small optimization, do not copy a string to the buffer that is
to be freed immediately after.

Noted by:	jh [1]
Reviewed by:	jh
MFC after:	2 weeks
2010-04-20 14:22:29 +00:00
Konstantin Belousov
9d79ec20fb Slightly modernize realpath(3).
SUSv4 requires that implementation returns EINVAL if supplied path is NULL,
and ENOENT if path is empty string [1].
Bring prototype in conformance with SUSv4, adding restrict keywords.
Allow the resolved path buffer pointer be NULL, in which case realpath(3)
allocates storage with malloc().

PR:	kern/121897 [1]
MFC after:	2 weeks
2010-04-20 10:16:44 +00:00
Max Khon
f4203da86c Fix stripping last path component when only one path component left.
PR:		52686
MFC after:	1 day
2003-05-28 08:23:01 +00:00
Jacques Vidrine
d05090827f Back out the `hiding' of strlcpy and strlcat. Several people
vocally objected to this safety belt.
2003-05-01 19:03:14 +00:00
Jacques Vidrine
5723e501ab `Hide' strlcpy and strlcat (using the namespace.h / __weak_reference
technique) so that we don't wind up calling into an application's
version if the application defines them.

Inspired by:	qpopper's interfering and buggy version of strlcpy
2003-04-29 21:13:50 +00:00
Max Khon
839e119ec8 BDE'ify 2003-03-29 21:56:59 +00:00
Max Khon
057e4034dd fix truncation check and buffer overflow check 2003-03-29 21:34:13 +00:00
Max Khon
be6a158e0f - MAXPATHLEN -> PATH_MAX (pass correct buffer size to readlink as well)
Requested by:		bde
2003-03-28 12:05:45 +00:00
Max Khon
226a0f0f8b Make realpath() thread-safe. New implementation does not use chdir(2) at all.
Submitted by:	Constantin S. Svintsoff <kostik (at) iclub.nsu.ru>
2003-03-27 20:48:53 +00:00
Johan Karlsson
484251e7c4 Use strlcpy instead of strncpy.
Submitted by:	imp
Reviewed by:	silence on -audit
2003-02-22 18:08:34 +00:00
Johan Karlsson
de216a83c2 realpath(3) should use PATH_MAX instead of MAXPATHLEN according to POSIX.
This also reverts the PATH_MAX -> MAXPATHLEN part of
rev 1.3 of src/bin/realpath/realpath.c

Requested by:	imp
Reviewed by:	imp, bde
2003-01-15 21:22:55 +00:00
David E. O'Brien
333fc21e3c Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.
2002-03-22 21:53:29 +00:00
Daniel Eischen
d201fe46e3 Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions.  If the threads library is linked in, the real
pthread functions will pulled in.

Use the following convention for system calls wrapped by the
threads library:
	__sys_foo - actual system call
	_foo - weak definition to __sys_foo
	foo - weak definition to __sys_foo

Change all libc uses of system calls wrapped by the threads
library from foo to _foo.  In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde).  All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes.  <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h  namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.

Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE.  We have recursive mutexes, but would like to avoid
using them if possible.

Remove uneeded includes of <errno.h> from a few files.

Add $FreeBSD$ to a few files in order to pass commitprep.

Approved by:	-arch
2001-01-24 13:01:12 +00:00
Jason Evans
9233c4d942 Simplify sytem call renaming. Instead of _foo() <-- _libc_foo <-- foo(),
just use _foo() <-- foo().  In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate.  In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().

Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().

Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().

Make thread cancellation fully POSIX-compliant.

Suggested by:	deischen
2000-01-27 23:07:25 +00:00
Jason Evans
929273386f Add three-tier symbol naming in support of POSIX thread cancellation
points.  For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep().  The arrows represent weak aliases.  For
system calls, the pattern is _read() <-- _libc_read() <-- read().
2000-01-12 09:23:48 +00:00
Andrey A. Chernov
be92e0e6cd fix tabs lost apparently in copy&paste 1999-02-12 19:45:53 +00:00
Warner Losh
e8420087b0 Replace memory leaking instances of realloc with non-leaking reallocf.
In some cases replace if (a == null) a = malloc(x); else a =
realloc(a, x); with simple reallocf(a, x).  Per ANSI-C, this is
guaranteed to be the same thing.

I've been running these on my system here w/o ill effects for some
time.  However, the CTM-express is at part 6 of 34 for the CAM
changes, so I've not been able to do a build world with the CAM in the
tree with these changes.  Shouldn't impact anything, but...
1998-09-16 04:17:47 +00:00
Poul-Henning Kamp
e53211ce4d realpath() should break on looped symlinks.
PR:		3911
Reviewed by:	phk
Submitted by:	Shigio Yamaguchi <shigio@wafu.netgate.net>
1997-07-16 11:25:48 +00:00
Peter Wemm
d01a28e222 Part 2 of a failed commit (cvs broke). Original message:
Back out a dubious Lite2 change to "optimise" getcwd() to look at $PWD
because it's potentially dangerous (think: symlink races).  Move
realpath() back to it's original location, and remove getcwd_physical()
by renaming it back to getcwd() and zapping the original getcwd wrapper.

Noticed by: bde

The following commits already happened but the log message got lost:

Modified Files:
   gen/Makefile.inc gen/getcwd.c stdlib/Makefile.inc
Removed Files:
   gen/realpath.3
1997-03-13 06:58:46 +00:00
Peter Wemm
9dc1164189 merge from Lite2 - realpath() now shares a lot of code with getcwd()
and is now in the same file.
1997-03-11 11:37:59 +00:00
Bruce Evans
5dddb8148b Don't attempt to lstat() the POSIXLY invalid empty pathname.
realpath() still accepts "" as an arg and converts it to a canonical
pathname for the current directory.
1995-02-25 16:06:07 +00:00
Rodney W. Grimes
58f0484fa2 BSD 4.4 Lite Lib Sources 1994-05-27 05:00:24 +00:00