/* Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "apr.h" #include "apr_private.h" #include "apr_arch_file_io.h" #include "apr_file_io.h" #include "apr_strings.h" #define APR_WANT_STRFUNC #include "apr_want.h" #if APR_HAVE_UNISTD_H #include #endif /* Win32 malpropism that can go away once everyone believes this * code is golden, and I'm not testing it anymore :-) */ #if APR_HAVE_DIRENT_H #include #endif /* Any OS that requires/refuses trailing slashes should be dealt with here. */ APR_DECLARE(apr_status_t) apr_filepath_get(char **defpath, apr_int32_t flags, apr_pool_t *p) { char path[APR_PATH_MAX]; if (!getcwd(path, sizeof(path))) { if (errno == ERANGE) return APR_ENAMETOOLONG; else return errno; } *defpath = apr_pstrdup(p, path); return APR_SUCCESS; } /* Any OS that requires/refuses trailing slashes should be dealt with here */ APR_DECLARE(apr_status_t) apr_filepath_set(const char *path, apr_pool_t *p) { if (chdir(path) != 0) return errno; return APR_SUCCESS; } APR_DECLARE(apr_status_t) apr_filepath_root(const char **rootpath, const char **inpath, apr_int32_t flags, apr_pool_t *p) { if (**inpath == '/') { *rootpath = apr_pstrdup(p, "/"); do { ++(*inpath); } while (**inpath == '/'); return APR_SUCCESS; } return APR_ERELATIVE; } APR_DECLARE(apr_status_t) apr_filepath_merge(char **newpath, const char *rootpath, const char *addpath, apr_int32_t flags, apr_pool_t *p) { char *path; apr_size_t rootlen; /* is the length of the src rootpath */ apr_size_t maxlen; /* maximum total path length */ apr_size_t keptlen; /* is the length of the retained rootpath */ apr_size_t pathlen; /* is the length of the result path */ apr_size_t seglen; /* is the end of the current segment */ apr_status_t rv; /* Treat null as an empty path. */ if (!addpath) addpath = ""; if (addpath[0] == '/') { /* If addpath is rooted, then rootpath is unused. * Ths violates any APR_FILEPATH_SECUREROOTTEST and * APR_FILEPATH_NOTABSOLUTE flags specified. */ if (flags & APR_FILEPATH_SECUREROOTTEST) return APR_EABOVEROOT; if (flags & APR_FILEPATH_NOTABSOLUTE) return APR_EABSOLUTE; /* If APR_FILEPATH_NOTABOVEROOT wasn't specified, * we won't test the root again, it's ignored. * Waste no CPU retrieving the working path. */ if (!rootpath && !(flags & APR_FILEPATH_NOTABOVEROOT)) rootpath = ""; } else { /* If APR_FILEPATH_NOTABSOLUTE is specified, the caller * requires a relative result. If the rootpath is * ommitted, we do not retrieve the working path, * if rootpath was supplied as absolute then fail. */ if (flags & APR_FILEPATH_NOTABSOLUTE) { if (!rootpath) rootpath = ""; else if (rootpath[0] == '/') return APR_EABSOLUTE; } } if (!rootpath) { /* Start with the current working path. This is bass akwards, * but required since the compiler (at least vc) doesn't like * passing the address of a char const* for a char** arg. */ char *getpath = NULL; rv = apr_filepath_get(&getpath, flags, p); rootpath = getpath; if (rv != APR_SUCCESS) return errno; if (!getpath) return APR_ENOMEM; /* XXX: Any kernel subject to goofy, uncanonical results * must run the rootpath against the user's given flags. * Simplest would be a recursive call to apr_filepath_merge * with an empty (not null) rootpath and addpath of the cwd. */ } rootlen = strlen(rootpath); maxlen = rootlen + strlen(addpath) + 4; /* 4 for slashes at start, after * root, and at end, plus trailing * null */ if (maxlen > APR_PATH_MAX) { return APR_ENAMETOOLONG; } path = (char *)apr_palloc(p, maxlen); if (addpath[0] == '/') { /* Ignore the given root path, strip off leading * '/'s to a single leading '/' from the addpath, * and leave addpath at the first non-'/' character. */ keptlen = 0; while (addpath[0] == '/') ++addpath; path[0] = '/'; pathlen = 1; } else { /* If both paths are relative, fail early */ if (rootpath[0] != '/' && (flags & APR_FILEPATH_NOTRELATIVE)) return APR_ERELATIVE; /* Base the result path on the rootpath */ keptlen = rootlen; memcpy(path, rootpath, rootlen); /* Always '/' terminate the given root path */ if (keptlen && path[keptlen - 1] != '/') { path[keptlen++] = '/'; } pathlen = keptlen; } while (*addpath) { /* Parse each segment, find the closing '/' */ const char *next = addpath; while (*next && (*next != '/')) { ++next; } seglen = next - addpath; if (seglen == 0 || (seglen == 1 && addpath[0] == '.')) { /* noop segment (/ or ./) so skip it */ } else if (seglen == 2 && addpath[0] == '.' && addpath[1] == '.') { /* backpath (../) */ if (pathlen == 1 && path[0] == '/') { /* Attempt to move above root. Always die if the * APR_FILEPATH_SECUREROOTTEST flag is specified. */ if (flags & APR_FILEPATH_SECUREROOTTEST) { return APR_EABOVEROOT; } /* Otherwise this is simply a noop, above root is root. * Flag that rootpath was entirely replaced. */ keptlen = 0; } else if (pathlen == 0 || (pathlen == 3 && !memcmp(path + pathlen - 3, "../", 3)) || (pathlen > 3 && !memcmp(path + pathlen - 4, "/../", 4))) { /* Path is already backpathed or empty, if the * APR_FILEPATH_SECUREROOTTEST.was given die now. */ if (flags & APR_FILEPATH_SECUREROOTTEST) { return APR_EABOVEROOT; } /* Otherwise append another backpath, including * trailing slash if present. */ memcpy(path + pathlen, "../", *next ? 3 : 2); pathlen += *next ? 3 : 2; } else { /* otherwise crop the prior segment */ do { --pathlen; } while (pathlen && path[pathlen - 1] != '/'); } /* Now test if we are above where we started and back up * the keptlen offset to reflect the added/altered path. */ if (pathlen < keptlen) { if (flags & APR_FILEPATH_SECUREROOTTEST) { return APR_EABOVEROOT; } keptlen = pathlen; } } else { /* An actual segment, append it to the destination path */ if (*next) { seglen++; } memcpy(path + pathlen, addpath, seglen); pathlen += seglen; } /* Skip over trailing slash to the next segment */ if (*next) { ++next; } addpath = next; } path[pathlen] = '\0'; /* keptlen will be the rootlen unless the addpath contained * backpath elements. If so, and APR_FILEPATH_NOTABOVEROOT * is specified (APR_FILEPATH_SECUREROOTTEST was caught above), * compare the original root to assure the result path is * still within given root path. */ if ((flags & APR_FILEPATH_NOTABOVEROOT) && keptlen < rootlen) { if (strncmp(rootpath, path, rootlen)) { return APR_EABOVEROOT; } if (rootpath[rootlen - 1] != '/' && path[rootlen] && path[rootlen] != '/') { return APR_EABOVEROOT; } } *newpath = path; return APR_SUCCESS; } APR_DECLARE(apr_status_t) apr_filepath_list_split(apr_array_header_t **pathelts, const char *liststr, apr_pool_t *p) { return apr_filepath_list_split_impl(pathelts, liststr, ':', p); } APR_DECLARE(apr_status_t) apr_filepath_list_merge(char **liststr, apr_array_header_t *pathelts, apr_pool_t *p) { return apr_filepath_list_merge_impl(liststr, pathelts, ':', p); } APR_DECLARE(apr_status_t) apr_filepath_encoding(int *style, apr_pool_t *p) { *style = APR_FILEPATH_ENCODING_LOCALE; return APR_SUCCESS; }