1 /* readlinkat wrapper to return the link name in malloc'd storage.
2 Unlike xreadlinkat, only call exit on failure to change directory.
3
4 Copyright (C) 2001, 2003-2007, 2009-2023 Free Software Foundation, Inc.
5
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation, either version 3 of the License, or
9 (at your option) any later version.
10
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
15
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <https://www.gnu.org/licenses/>. */
18
19 /* Written by Jim Meyering <jim@meyering.net>
20 and Eric Blake <ebb9@byu.net>. */
21
22 #include <config.h>
23
24 #include "areadlink.h"
25
26 #include <errno.h>
27 #include <limits.h>
28 #include <stdint.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <unistd.h>
32
33 #if HAVE_READLINKAT
34
35 /* SYMLINK_MAX is used only for an initial memory-allocation sanity
36 check, so it's OK to guess too small on hosts where there is no
37 arbitrary limit to symbolic link length. */
38 # ifndef SYMLINK_MAX
39 # define SYMLINK_MAX 1024
40 # endif
41
42 # define MAXSIZE (SIZE_MAX < SSIZE_MAX ? SIZE_MAX : SSIZE_MAX)
43
44 /* Call readlinkat to get the symbolic link value of FILE, relative to FD.
45 SIZE is a hint as to how long the link is expected to be;
46 typically it is taken from st_size. It need not be correct.
47 Return a pointer to that NUL-terminated string in malloc'd storage.
48 If readlinkat fails, malloc fails, or if the link value is longer
49 than SSIZE_MAX, return NULL (caller may use errno to diagnose).
50 However, failure to change directory during readlinkat will issue
51 a diagnostic and exit. */
52
53 char *
54 areadlinkat_with_size (int fd, char const *file, size_t size)
55 {
56 /* Some buggy file systems report garbage in st_size. Defend
57 against them by ignoring outlandish st_size values in the initial
58 memory allocation. */
59 size_t symlink_max = SYMLINK_MAX;
60 size_t INITIAL_LIMIT_BOUND = 8 * 1024;
61 size_t initial_limit = (symlink_max < INITIAL_LIMIT_BOUND
62 ? symlink_max + 1
63 : INITIAL_LIMIT_BOUND);
64
65 enum { stackbuf_size = 128 };
66
67 /* The initial buffer size for the link value. */
68 size_t buf_size = (size == 0 ? stackbuf_size
69 : size < initial_limit ? size + 1 : initial_limit);
70
71 while (1)
72 {
73 ssize_t r;
74 size_t link_length;
75 char stackbuf[stackbuf_size];
76 char *buf = stackbuf;
77 char *buffer = NULL;
78
79 if (! (size == 0 && buf_size == stackbuf_size))
80 {
81 buf = buffer = malloc (buf_size);
82 if (!buffer)
83 /* We can assume errno == ENOMEM here, since all platforms that have
84 readlinkat() have a POSIX compliant malloc(). */
85 return NULL;
86 }
87
88 r = readlinkat (fd, file, buf, buf_size);
89 link_length = r;
90
91 if (r < 0)
92 {
93 free (buffer);
94 return NULL;
95 }
96
97 if (link_length < buf_size)
98 {
99 buf[link_length] = 0;
100 if (!buffer)
101 {
102 buffer = malloc (link_length + 1);
103 if (buffer)
104 return memcpy (buffer, buf, link_length + 1);
105 }
106 else if (link_length + 1 < buf_size)
107 {
108 /* Shrink BUFFER before returning it. */
109 char *shrinked_buffer = realloc (buffer, link_length + 1);
110 if (shrinked_buffer != NULL)
111 buffer = shrinked_buffer;
112 }
113 return buffer;
114 }
115
116 free (buffer);
117 if (buf_size <= MAXSIZE / 2)
118 buf_size *= 2;
119 else if (buf_size < MAXSIZE)
120 buf_size = MAXSIZE;
121 else
122 {
123 errno = ENOMEM;
124 return NULL;
125 }
126 }
127 }
128
129 #else /* !HAVE_READLINKAT */
130
131
132 /* It is more efficient to change directories only once and call
133 areadlink_with_size, rather than repeatedly call the replacement
134 readlinkat. */
135
136 # define AT_FUNC_NAME areadlinkat_with_size
137 # define AT_FUNC_F1 areadlink_with_size
138 # define AT_FUNC_POST_FILE_PARAM_DECLS , size_t size
139 # define AT_FUNC_POST_FILE_ARGS , size
140 # define AT_FUNC_RESULT char *
141 # define AT_FUNC_FAIL NULL
142 # include "at-func.c"
143 # undef AT_FUNC_NAME
144 # undef AT_FUNC_F1
145 # undef AT_FUNC_POST_FILE_PARAM_DECLS
146 # undef AT_FUNC_POST_FILE_ARGS
147 # undef AT_FUNC_RESULT
148 # undef AT_FUNC_FAIL
149
150 #endif /* !HAVE_READLINKAT */