diff options
author | Bradford C. Smith <bradford.carl.smith@gmail.com> | 2007-07-26 13:34:14 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2007-07-27 00:02:05 -0700 |
commit | 5d5a7a67384ad03007eea1f365ee255c02a40fa3 (patch) | |
tree | 6064b9f7a5608bcf253066bb4579a415a7d7e4c4 | |
parent | 7ab3cc70a6aad2e4f8ccaa98e5520aa126eaef8f (diff) | |
download | git-5d5a7a67384ad03007eea1f365ee255c02a40fa3.tar.gz git-5d5a7a67384ad03007eea1f365ee255c02a40fa3.tar.xz |
fully resolve symlinks when creating lockfiles
Make the code for resolving symlinks in lockfile.c more robust as
follows:
1. Handle relative symlinks
2. recursively resolve symlink chains up to 5
[jc: removed lstat/stat calls to do things stupid way]
Signed-off-by: Bradford C. Smith <bradford.carl.smith@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rw-r--r-- | lockfile.c | 116 |
1 files changed, 102 insertions, 14 deletions
diff --git a/lockfile.c b/lockfile.c index 920247249..9a1f64d8d 100644 --- a/lockfile.c +++ b/lockfile.c @@ -25,23 +25,111 @@ static void remove_lock_file_on_signal(int signo) raise(signo); } +/* + * p = absolute or relative path name + * + * Return a pointer into p showing the beginning of the last path name + * element. If p is empty or the root directory ("/"), just return p. + */ +static char *last_path_elm(char *p) +{ + /* r starts pointing to null at the end of the string */ + char *r = strchr(p, '\0'); + + if (r == p) + return p; /* just return empty string */ + + r--; /* back up to last non-null character */ + + /* back up past trailing slashes, if any */ + while (r > p && *r == '/') + r--; + + /* + * then go backwards until I hit a slash, or the beginning of + * the string + */ + while (r > p && *(r-1) != '/') + r--; + return r; +} + + +/* We allow "recursive" symbolic links. Only within reason, though */ +#define MAXDEPTH 5 + +/* + * p = path that may be a symlink + * s = full size of p + * + * If p is a symlink, attempt to overwrite p with a path to the real + * file or directory (which may or may not exist), following a chain of + * symlinks if necessary. Otherwise, leave p unmodified. + * + * This is a best-effort routine. If an error occurs, p will either be + * left unmodified or will name a different symlink in a symlink chain + * that started with p's initial contents. + * + * Always returns p. + */ + +static char *resolve_symlink(char *p, size_t s) +{ + int depth = MAXDEPTH; + + while (depth--) { + char link[PATH_MAX]; + int link_len = readlink(p, link, sizeof(link)); + if (link_len < 0) { + /* not a symlink anymore */ + return p; + } + else if (link_len < sizeof(link)) + /* readlink() never null-terminates */ + link[link_len] = '\0'; + else { + warning("%s: symlink too long", p); + return p; + } + + if (link[0] == '/') { + /* absolute path simply replaces p */ + if (link_len < s) + strcpy(p, link); + else { + warning("%s: symlink too long", p); + return p; + } + } else { + /* + * link is a relative path, so I must replace the + * last element of p with it. + */ + char *r = (char*)last_path_elm(p); + if (r - p + link_len < s) + strcpy(r, link); + else { + warning("%s: symlink too long", p); + return p; + } + } + } + return p; +} + + static int lock_file(struct lock_file *lk, const char *path) { int fd; - struct stat st; - - if ((!lstat(path, &st)) && S_ISLNK(st.st_mode)) { - ssize_t sz; - static char target[PATH_MAX]; - sz = readlink(path, target, sizeof(target)); - if (sz < 0) - warning("Cannot readlink %s", path); - else if (target[0] != '/') - warning("Cannot lock target of relative symlink %s", path); - else - path = target; - } - sprintf(lk->filename, "%s.lock", path); + + if (strlen(path) >= sizeof(lk->filename)) return -1; + strcpy(lk->filename, path); + /* + * subtract 5 from size to make sure there's room for adding + * ".lock" for the lock file name + */ + resolve_symlink(lk->filename, sizeof(lk->filename)-5); + strcat(lk->filename, ".lock"); fd = open(lk->filename, O_RDWR | O_CREAT | O_EXCL, 0666); if (0 <= fd) { if (!lock_file_list) { |