1/*-
2 * Copyright (c) 2002 Tim J. Robbins.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27#include "namespace.h"
28#include <sys/cdefs.h>
29#include <sys/types.h>
30#include <sys/wait.h>
31#include <errno.h>
32#include <fcntl.h>
33#include <paths.h>
34#include <signal.h>
35#include <stdbool.h>
36#include <stdio.h>
37#include <stdlib.h>
38#include <string.h>
39#include <unistd.h>
40#include <wordexp.h>
41#include "un-namespace.h"
42#include "libc_private.h"
43
44__FBSDID("$FreeBSD$");
45
46static int	we_askshell(const char *, wordexp_t *, int);
47static int	we_check(const char *);
48
49/*
50 * wordexp --
51 *	Perform shell word expansion on `words' and place the resulting list
52 *	of words in `we'. See wordexp(3).
53 *
54 *	Specified by IEEE Std. 1003.1-2001.
55 */
56int
57wordexp(const char * __restrict words, wordexp_t * __restrict we, int flags)
58{
59	int error;
60
61	if (flags & WRDE_REUSE)
62		wordfree(we);
63	if ((flags & WRDE_APPEND) == 0) {
64		we->we_wordc = 0;
65		we->we_wordv = NULL;
66		we->we_strings = NULL;
67		we->we_nbytes = 0;
68	}
69	if ((error = we_check(words)) != 0) {
70		wordfree(we);
71		return (error);
72	}
73	if ((error = we_askshell(words, we, flags)) != 0) {
74		wordfree(we);
75		return (error);
76	}
77	return (0);
78}
79
80static size_t
81we_read_fully(int fd, char *buffer, size_t len)
82{
83	size_t done;
84	ssize_t nread;
85
86	done = 0;
87	do {
88		nread = _read(fd, buffer + done, len - done);
89		if (nread == -1 && errno == EINTR)
90			continue;
91		if (nread <= 0)
92			break;
93		done += nread;
94	} while (done != len);
95	return done;
96}
97
98static bool
99we_write_fully(int fd, const char *buffer, size_t len)
100{
101	size_t done;
102	ssize_t nwritten;
103
104	done = 0;
105	do {
106		nwritten = _write(fd, buffer + done, len - done);
107		if (nwritten == -1 && errno == EINTR)
108			continue;
109		if (nwritten <= 0)
110			return (false);
111		done += nwritten;
112	} while (done != len);
113	return (true);
114}
115
116/*
117 * we_askshell --
118 *	Use the `freebsd_wordexp' /bin/sh builtin function to do most of the
119 *	work in expanding the word string. This function is complicated by
120 *	memory management.
121 */
122static int
123we_askshell(const char *words, wordexp_t *we, int flags)
124{
125	int pdesw[2];			/* Pipe for writing words */
126	int pdes[2];			/* Pipe for reading output */
127	char wfdstr[sizeof(int) * 3 + 1];
128	char buf[35];			/* Buffer for byte and word count */
129	long nwords, nbytes;		/* Number of words, bytes from child */
130	long i;				/* Handy integer */
131	size_t sofs;			/* Offset into we->we_strings */
132	size_t vofs;			/* Offset into we->we_wordv */
133	pid_t pid;			/* Process ID of child */
134	pid_t wpid;			/* waitpid return value */
135	int status;			/* Child exit status */
136	int error;			/* Our return value */
137	int serrno;			/* errno to return */
138	char *np, *p;			/* Handy pointers */
139	char *nstrings;			/* Temporary for realloc() */
140	char **nwv;			/* Temporary for realloc() */
141	sigset_t newsigblock, oldsigblock;
142	const char *ifs;
143
144	serrno = errno;
145	ifs = getenv("IFS");
146
147	if (pipe2(pdesw, O_CLOEXEC) < 0)
148		return (WRDE_NOSPACE);	/* XXX */
149	snprintf(wfdstr, sizeof(wfdstr), "%d", pdesw[0]);
150	if (pipe2(pdes, O_CLOEXEC) < 0) {
151		_close(pdesw[0]);
152		_close(pdesw[1]);
153		return (WRDE_NOSPACE);	/* XXX */
154	}
155	(void)sigemptyset(&newsigblock);
156	(void)sigaddset(&newsigblock, SIGCHLD);
157	(void)__libc_sigprocmask(SIG_BLOCK, &newsigblock, &oldsigblock);
158	if ((pid = fork()) < 0) {
159		serrno = errno;
160		_close(pdesw[0]);
161		_close(pdesw[1]);
162		_close(pdes[0]);
163		_close(pdes[1]);
164		(void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
165		errno = serrno;
166		return (WRDE_NOSPACE);	/* XXX */
167	}
168	else if (pid == 0) {
169		/*
170		 * We are the child; make /bin/sh expand `words'.
171		 */
172		(void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
173		if ((pdes[1] != STDOUT_FILENO ?
174		    _dup2(pdes[1], STDOUT_FILENO) :
175		    _fcntl(pdes[1], F_SETFD, 0)) < 0)
176			_exit(1);
177		if (_fcntl(pdesw[0], F_SETFD, 0) < 0)
178			_exit(1);
179		execl(_PATH_BSHELL, "sh", flags & WRDE_UNDEF ? "-u" : "+u",
180		    "-c", "IFS=$1;eval \"$2\";"
181		    "freebsd_wordexp -f \"$3\" ${4:+\"$4\"}",
182		    "",
183		    ifs != NULL ? ifs : " \t\n",
184		    flags & WRDE_SHOWERR ? "" : "exec 2>/dev/null",
185		    wfdstr,
186		    flags & WRDE_NOCMD ? "-p" : "",
187		    (char *)NULL);
188		_exit(1);
189	}
190
191	/*
192	 * We are the parent; write the words.
193	 */
194	_close(pdes[1]);
195	_close(pdesw[0]);
196	if (!we_write_fully(pdesw[1], words, strlen(words))) {
197		_close(pdesw[1]);
198		error = WRDE_SYNTAX;
199		goto cleanup;
200	}
201	_close(pdesw[1]);
202	/*
203	 * Read the output of the shell wordexp function,
204	 * which is a byte indicating that the words were parsed successfully,
205	 * a 64-bit hexadecimal word count, a dummy byte, a 64-bit hexadecimal
206	 * byte count (not including terminating null bytes), followed by the
207	 * expanded words separated by nulls.
208	 */
209	switch (we_read_fully(pdes[0], buf, 34)) {
210	case 1:
211		error = buf[0] == 'C' ? WRDE_CMDSUB : WRDE_BADVAL;
212		serrno = errno;
213		goto cleanup;
214	case 34:
215		break;
216	default:
217		error = WRDE_SYNTAX;
218		serrno = errno;
219		goto cleanup;
220	}
221	buf[17] = '\0';
222	nwords = strtol(buf + 1, NULL, 16);
223	buf[34] = '\0';
224	nbytes = strtol(buf + 18, NULL, 16) + nwords;
225
226	/*
227	 * Allocate or reallocate (when flags & WRDE_APPEND) the word vector
228	 * and string storage buffers for the expanded words we're about to
229	 * read from the child.
230	 */
231	sofs = we->we_nbytes;
232	vofs = we->we_wordc;
233	if ((flags & (WRDE_DOOFFS|WRDE_APPEND)) == (WRDE_DOOFFS|WRDE_APPEND))
234		vofs += we->we_offs;
235	we->we_wordc += nwords;
236	we->we_nbytes += nbytes;
237	if ((nwv = realloc(we->we_wordv, (we->we_wordc + 1 +
238	    (flags & WRDE_DOOFFS ?  we->we_offs : 0)) *
239	    sizeof(char *))) == NULL) {
240		error = WRDE_NOSPACE;
241		goto cleanup;
242	}
243	we->we_wordv = nwv;
244	if ((nstrings = realloc(we->we_strings, we->we_nbytes)) == NULL) {
245		error = WRDE_NOSPACE;
246		goto cleanup;
247	}
248	for (i = 0; i < vofs; i++)
249		if (we->we_wordv[i] != NULL)
250			we->we_wordv[i] += nstrings - we->we_strings;
251	we->we_strings = nstrings;
252
253	if (we_read_fully(pdes[0], we->we_strings + sofs, nbytes) != nbytes) {
254		error = WRDE_NOSPACE; /* abort for unknown reason */
255		serrno = errno;
256		goto cleanup;
257	}
258
259	error = 0;
260cleanup:
261	_close(pdes[0]);
262	do
263		wpid = _waitpid(pid, &status, 0);
264	while (wpid < 0 && errno == EINTR);
265	(void)__libc_sigprocmask(SIG_SETMASK, &oldsigblock, NULL);
266	if (error != 0) {
267		errno = serrno;
268		return (error);
269	}
270	if (wpid < 0 || !WIFEXITED(status) || WEXITSTATUS(status) != 0)
271		return (WRDE_NOSPACE); /* abort for unknown reason */
272
273	/*
274	 * Break the null-terminated expanded word strings out into
275	 * the vector.
276	 */
277	if (vofs == 0 && flags & WRDE_DOOFFS)
278		while (vofs < we->we_offs)
279			we->we_wordv[vofs++] = NULL;
280	p = we->we_strings + sofs;
281	while (nwords-- != 0) {
282		we->we_wordv[vofs++] = p;
283		if ((np = memchr(p, '\0', nbytes)) == NULL)
284			return (WRDE_NOSPACE);	/* XXX */
285		nbytes -= np - p + 1;
286		p = np + 1;
287	}
288	we->we_wordv[vofs] = NULL;
289
290	return (0);
291}
292
293/*
294 * we_check --
295 *	Check that the string contains none of the following unquoted
296 *	special characters: <newline> |&;<>(){}
297 *	This mainly serves for {} which are normally legal in sh.
298 *	It deliberately does not attempt to model full sh syntax.
299 */
300static int
301we_check(const char *words)
302{
303	char c;
304	/* Saw \ or $, possibly not special: */
305	bool quote = false, dollar = false;
306	/* Saw ', ", ${, ` or $(, possibly not special: */
307	bool have_sq = false, have_dq = false, have_par_begin = false;
308	bool have_cmd = false;
309	/* Definitely saw a ', ", ${, ` or $(, need a closing character: */
310	bool need_sq = false, need_dq = false, need_par_end = false;
311	bool need_cmd_old = false, need_cmd_new = false;
312
313	while ((c = *words++) != '\0') {
314		switch (c) {
315		case '\\':
316			quote = !quote;
317			continue;
318		case '$':
319			if (quote)
320				quote = false;
321			else
322				dollar = !dollar;
323			continue;
324		case '\'':
325			if (!quote && !have_sq && !have_dq)
326				need_sq = true;
327			else
328				need_sq = false;
329			have_sq = true;
330			break;
331		case '"':
332			if (!quote && !have_sq && !have_dq)
333				need_dq = true;
334			else
335				need_dq = false;
336			have_dq = true;
337			break;
338		case '`':
339			if (!quote && !have_sq && !have_cmd)
340				need_cmd_old = true;
341			else
342				need_cmd_old = false;
343			have_cmd = true;
344			break;
345		case '{':
346			if (!quote && !dollar && !have_sq && !have_dq &&
347			    !have_cmd)
348				return (WRDE_BADCHAR);
349			if (dollar) {
350				if (!quote && !have_sq)
351					need_par_end = true;
352				have_par_begin = true;
353			}
354			break;
355		case '}':
356			if (!quote && !have_sq && !have_dq && !have_par_begin &&
357			    !have_cmd)
358				return (WRDE_BADCHAR);
359			need_par_end = false;
360			break;
361		case '(':
362			if (!quote && !dollar && !have_sq && !have_dq &&
363			    !have_cmd)
364				return (WRDE_BADCHAR);
365			if (dollar) {
366				if (!quote && !have_sq)
367					need_cmd_new = true;
368				have_cmd = true;
369			}
370			break;
371		case ')':
372			if (!quote && !have_sq && !have_dq && !have_cmd)
373				return (WRDE_BADCHAR);
374			need_cmd_new = false;
375			break;
376		case '|': case '&': case ';': case '<': case '>': case '\n':
377			if (!quote && !have_sq && !have_dq && !have_cmd)
378				return (WRDE_BADCHAR);
379			break;
380		default:
381			break;
382		}
383		quote = dollar = false;
384	}
385	if (quote || dollar || need_sq || need_dq || need_par_end ||
386	    need_cmd_old || need_cmd_new)
387		return (WRDE_SYNTAX);
388
389	return (0);
390}
391
392/*
393 * wordfree --
394 *	Free the result of wordexp(). See wordexp(3).
395 *
396 *	Specified by IEEE Std. 1003.1-2001.
397 */
398void
399wordfree(wordexp_t *we)
400{
401
402	if (we == NULL)
403		return;
404	free(we->we_wordv);
405	free(we->we_strings);
406	we->we_wordv = NULL;
407	we->we_strings = NULL;
408	we->we_nbytes = 0;
409	we->we_wordc = 0;
410}
411