fully resolve symlinks when creating lockfiles
authorBradford C. Smith <bradford.carl.smith@gmail.com>
Thu, 26 Jul 2007 17:34:14 +0000 (13:34 -0400)
committerJunio C Hamano <gitster@pobox.com>
Fri, 27 Jul 2007 07:02:05 +0000 (00:02 -0700)
Make the code for resolving symlinks in lockfile.c more robust as
follows:

1. Handle relative symlinks
2. recursively resolve symlink chains up to 5

[jc: removed lstat/stat calls to do things stupid way]

Signed-off-by: Bradford C. Smith <bradford.carl.smith@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
lockfile.c
index 920247249823b8f69524b845d6bdb0cb0b1b802b..9a1f64d8d71d13ee6be48c539d79764066288f07 100644 (file)
@@ -25,23 +25,111 @@ static void remove_lock_file_on_signal(int signo)
        raise(signo);
 }
 
+/*
+ * p = absolute or relative path name
+ *
+ * Return a pointer into p showing the beginning of the last path name
+ * element.  If p is empty or the root directory ("/"), just return p.
+ */
+static char *last_path_elm(char *p)
+{
+       /* r starts pointing to null at the end of the string */
+       char *r = strchr(p, '\0');
+
+       if (r == p)
+               return p; /* just return empty string */
+
+       r--; /* back up to last non-null character */
+
+       /* back up past trailing slashes, if any */
+       while (r > p && *r == '/')
+               r--;
+
+       /*
+        * then go backwards until I hit a slash, or the beginning of
+        * the string
+        */
+       while (r > p && *(r-1) != '/')
+               r--;
+       return r;
+}
+
+
+/* We allow "recursive" symbolic links. Only within reason, though */
+#define MAXDEPTH 5
+
+/*
+ * p = path that may be a symlink
+ * s = full size of p
+ *
+ * If p is a symlink, attempt to overwrite p with a path to the real
+ * file or directory (which may or may not exist), following a chain of
+ * symlinks if necessary.  Otherwise, leave p unmodified.
+ *
+ * This is a best-effort routine.  If an error occurs, p will either be
+ * left unmodified or will name a different symlink in a symlink chain
+ * that started with p's initial contents.
+ *
+ * Always returns p.
+ */
+
+static char *resolve_symlink(char *p, size_t s)
+{
+       int depth = MAXDEPTH;
+
+       while (depth--) {
+               char link[PATH_MAX];
+               int link_len = readlink(p, link, sizeof(link));
+               if (link_len < 0) {
+                       /* not a symlink anymore */
+                       return p;
+               }
+               else if (link_len < sizeof(link))
+                       /* readlink() never null-terminates */
+                       link[link_len] = '\0';
+               else {
+                       warning("%s: symlink too long", p);
+                       return p;
+               }
+
+               if (link[0] == '/') {
+                       /* absolute path simply replaces p */
+                       if (link_len < s)
+                               strcpy(p, link);
+                       else {
+                               warning("%s: symlink too long", p);
+                               return p;
+                       }
+               } else {
+                       /*
+                        * link is a relative path, so I must replace the
+                        * last element of p with it.
+                        */
+                       char *r = (char*)last_path_elm(p);
+                       if (r - p + link_len < s)
+                               strcpy(r, link);
+                       else {
+                               warning("%s: symlink too long", p);
+                               return p;
+                       }
+               }
+       }
+       return p;
+}
+
+
 static int lock_file(struct lock_file *lk, const char *path)
 {
        int fd;
-       struct stat st;
-
-       if ((!lstat(path, &st)) && S_ISLNK(st.st_mode)) {
-               ssize_t sz;
-               static char target[PATH_MAX];
-               sz = readlink(path, target, sizeof(target));
-               if (sz < 0)
-                       warning("Cannot readlink %s", path);
-               else if (target[0] != '/')
-                       warning("Cannot lock target of relative symlink %s", path);
-               else
-                       path = target;
-       }
-       sprintf(lk->filename, "%s.lock", path);
+
+       if (strlen(path) >= sizeof(lk->filename)) return -1;
+       strcpy(lk->filename, path);
+       /*
+        * subtract 5 from size to make sure there's room for adding
+        * ".lock" for the lock file name
+        */
+       resolve_symlink(lk->filename, sizeof(lk->filename)-5);
+       strcat(lk->filename, ".lock");
        fd = open(lk->filename, O_RDWR | O_CREAT | O_EXCL, 0666);
        if (0 <= fd) {
                if (!lock_file_list) {