execvpe.c

/* Copyright (C) 1991-2016 Free Software Foundation, Inc.
   This file is part of the GNU C Library.

   The GNU C Library is free software; you can redistribute it and/or
   modify it under the terms of the GNU Lesser General Public
   License as published by the Free Software Foundation; either
   version 2.1 of the License, or (at your option) any later version.

   The GNU C Library is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   Lesser General Public License for more details.

   You should have received a copy of the GNU Lesser General Public
   License along with the GNU C Library; if not, see
   <http://www.gnu.org/licenses/>.  */

#include <unistd.h>
#include <stdarg.h>
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <paths.h>
#include <confstr.h>
#include <sys/param.h>

#ifndef PATH_MAX
# ifdef MAXPATHLEN
#  define PATH_MAX MAXPATHLEN
# else
#  define PATH_MAX 1024
# endif
#endif

/* The file is accessible but it is not an executable file.  Invoke
   the shell to interpret it as a script.  */
static void
maybe_script_execute (const char *file, char *const argv[], char *const envp[])
{
  ptrdiff_t argc = 0;
  while (argv[argc++] != NULL)
    {
      if (argc == INT_MAX - 1)
	{
	  errno = E2BIG;
	  return;
	}
    }

  /* Construct an argument list for the shell.  */
  char *new_argv[argc + 1];
  new_argv[0] = (char *) _PATH_BSHELL;
  new_argv[1] = (char *) file;
  if (argc > 1)
    memcpy (new_argv + 2, argv + 1, argc * sizeof(char *));
  else
    new_argv[2] = NULL;

  /* Execute the shell.  */
  __execve (new_argv[0], new_argv, envp);
}


/* Execute FILE, searching in the `PATH' environment variable if it contains
   no slashes, with arguments ARGV and environment from ENVP.  */
int
__execvpe (const char *file, char *const argv[], char *const envp[])
{
  /* We check the simple case first. */
  if (*file == '\0')
    {
      __set_errno (ENOENT);
      return -1;
    }

  /* Don't search when it contains a slash.  */
  if (strchr (file, '/') != NULL)
    {
      __execve (file, argv, envp);

      if (errno == ENOEXEC)
        maybe_script_execute (file, argv, envp);

      return -1;
    }

  const char *path = getenv ("PATH");
  if (!path)
    path = CS_PATH;
  /* Although GLIBC does not enforce NAME_MAX, we set it as the maximum
     size to avoid unbounded stack allocation.  Same applies for
     PATH_MAX.  */
  size_t file_len = __strnlen (file, NAME_MAX + 1);
  size_t path_len = __strnlen (path, PATH_MAX - 1) + 1;

  if ((file_len > NAME_MAX)
      || !__libc_alloca_cutoff (path_len + file_len + 1))
    {
      errno = ENAMETOOLONG;
      return -1;
    }

  const char *subp;
  bool got_eacces = false;
  char buffer[path_len + file_len + 1];
  for (const char *p = path; ; p = subp)
    {
      subp = __strchrnul (p, ':');

      /* PATH is larger than PATH_MAX and thus potentially larger than
	 the stack allocation.  */
      if (subp - p >= path_len)
	{
          /* If there is only one path, bail out.  */
	  if (*subp == '\0')
	    break;
	  /* Otherwise skip to next one.  */
	  continue;
	}

      /* Use the current path entry, plus a '/' if nonempty, plus the file to
         execute.  */
      char *pend = mempcpy (buffer, p, subp - p);
      *pend = '/';
      memcpy (pend + (p < subp), file, file_len + 1);

      __execve (buffer, argv, envp);

      if (errno == ENOEXEC)
        /* This has O(P*C) behavior, where P is the length of the path and C
           is the argument count.  A better strategy would be allocate the
           substitute argv and reuse it each time through the loop (so it
           behaves as O(P+C) instead.  */
        maybe_script_execute (buffer, argv, envp);

      switch (errno)
	{
	  case EACCES:
	  /* Record that we got a 'Permission denied' error.  If we end
	     up finding no executable we can use, we want to diagnose
	     that we did find one but were denied access.  */
	    got_eacces = true;
	  case ENOENT:
	  case ESTALE:
	  case ENOTDIR:
	  /* Those errors indicate the file is missing or not executable
	     by us, in which case we want to just try the next path
	     directory.  */
	  case ENODEV:
	  case ETIMEDOUT:
	  /* Some strange filesystems like AFS return even
	     stranger error numbers.  They cannot reasonably mean
	     anything else so ignore those, too.  */
	    break;

          default:
	  /* Some other error means we found an executable file, but
	     something went wrong executing it; return the error to our
	     caller.  */
	    return -1;
	}

      if (*subp++ == '\0')
	break;
    }

  /* We tried every element and none of them worked.  */
  if (got_eacces)
    /* At least one failure was due to permissions, so report that
       error.  */
    __set_errno (EACCES);

  return -1;
}

weak_alias (__execvpe, execvpe)
	/* Copyright (C) 1991-2016 Free Software Foundation, Inc.
	This file is part of the GNU C Library.

	The GNU C Library is free software; you can redistribute it and/or
	modify it under the terms of the GNU Lesser General Public
	License as published by the Free Software Foundation; either
	version 2.1 of the License, or (at your option) any later version.

	The GNU C Library is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	Lesser General Public License for more details.

	You should have received a copy of the GNU Lesser General Public
	License along with the GNU C Library; if not, see
	<http://www.gnu.org/licenses/>. */

	#include <unistd.h>
	#include <stdarg.h>
	#include <stdbool.h>
	#include <stdlib.h>
	#include <string.h>
	#include <errno.h>
	#include <paths.h>
	#include <confstr.h>
	#include <sys/param.h>

	#ifndef PATH_MAX
	# ifdef MAXPATHLEN
	# define PATH_MAX MAXPATHLEN
	# else
	# define PATH_MAX 1024
	# endif
	#endif

	/* The file is accessible but it is not an executable file. Invoke
	the shell to interpret it as a script. */
	static void
	maybe_script_execute (const char file, char const argv[], char *const envp[])
	{
	ptrdiff_t argc = 0;
	while (argv[argc++] != NULL)
	{
	if (argc == INT_MAX - 1)
	{
	errno = E2BIG;
	return;
	}
	}

	/* Construct an argument list for the shell. */
	char *new_argv[argc + 1];
	new_argv[0] = (char *) _PATH_BSHELL;
	new_argv[1] = (char *) file;
	if (argc > 1)
	memcpy (new_argv + 2, argv + 1, argc * sizeof(char *));
	else
	new_argv[2] = NULL;

	/* Execute the shell. */
	__execve (new_argv[0], new_argv, envp);
	}


	/* Execute FILE, searching in the `PATH' environment variable if it contains
	no slashes, with arguments ARGV and environment from ENVP. */
	int
	__execvpe (const char file, char const argv[], char *const envp[])
	{
	/* We check the simple case first. */
	if (*file == '\0')
	{
	__set_errno (ENOENT);
	return -1;
	}

	/* Don't search when it contains a slash. */
	if (strchr (file, '/') != NULL)
	{
	__execve (file, argv, envp);

	if (errno == ENOEXEC)
	maybe_script_execute (file, argv, envp);

	return -1;
	}

	const char *path = getenv ("PATH");
	if (!path)
	path = CS_PATH;
	/* Although GLIBC does not enforce NAME_MAX, we set it as the maximum
	size to avoid unbounded stack allocation. Same applies for
	PATH_MAX. */
	size_t file_len = __strnlen (file, NAME_MAX + 1);
	size_t path_len = __strnlen (path, PATH_MAX - 1) + 1;

	if ((file_len > NAME_MAX)
	\|\| !__libc_alloca_cutoff (path_len + file_len + 1))
	{
	errno = ENAMETOOLONG;
	return -1;
	}

	const char *subp;
	bool got_eacces = false;
	char buffer[path_len + file_len + 1];
	for (const char *p = path; ; p = subp)
	{
	subp = __strchrnul (p, ':');

	/* PATH is larger than PATH_MAX and thus potentially larger than
	the stack allocation. */
	if (subp - p >= path_len)
	{
	/* If there is only one path, bail out. */
	if (*subp == '\0')
	break;
	/* Otherwise skip to next one. */
	continue;
	}

	/* Use the current path entry, plus a '/' if nonempty, plus the file to
	execute. */
	char *pend = mempcpy (buffer, p, subp - p);
	*pend = '/';
	memcpy (pend + (p < subp), file, file_len + 1);

	__execve (buffer, argv, envp);

	if (errno == ENOEXEC)
	/* This has O(P*C) behavior, where P is the length of the path and C
	is the argument count. A better strategy would be allocate the
	substitute argv and reuse it each time through the loop (so it
	behaves as O(P+C) instead. */
	maybe_script_execute (buffer, argv, envp);

	switch (errno)
	{
	case EACCES:
	/* Record that we got a 'Permission denied' error. If we end
	up finding no executable we can use, we want to diagnose
	that we did find one but were denied access. */
	got_eacces = true;
	case ENOENT:
	case ESTALE:
	case ENOTDIR:
	/* Those errors indicate the file is missing or not executable
	by us, in which case we want to just try the next path
	directory. */
	case ENODEV:
	case ETIMEDOUT:
	/* Some strange filesystems like AFS return even
	stranger error numbers. They cannot reasonably mean
	anything else so ignore those, too. */
	break;

	default:
	/* Some other error means we found an executable file, but
	something went wrong executing it; return the error to our
	caller. */
	return -1;
	}

	if (*subp++ == '\0')
	break;
	}

	/* We tried every element and none of them worked. */
	if (got_eacces)
	/* At least one failure was due to permissions, so report that
	error. */
	__set_errno (EACCES);

	return -1;
	}

	weak_alias (__execvpe, execvpe)