/* Return the canonical absolute name of a given file inside chroot.

   Copyright (C) 1996-2018 Free Software Foundation, Inc.

   This file is part of the GNU C Library.

   This program is free software; you can redistribute it and/or modify

   it under the terms of the GNU General Public License as published

   by the Free Software Foundation; version 2 of the License, or

   (at your option) any later version.

   This program is distributed in the hope that it will be useful,

   but WITHOUT ANY WARRANTY; without even the implied warranty of

   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License

   along with this program; if not, see <http://www.gnu.org/licenses/>.  */

#include <stdlib.h>

#include <string.h>

#include <unistd.h>

#include <limits.h>

#include <sys/stat.h>

#include <errno.h>

#include <stddef.h>

#include <stdint.h>

#include <eloop-threshold.h>

#include <ldconfig.h>

#ifndef PATH_MAX

#define PATH_MAX 1024

#endif

/* Return the canonical absolute name of file NAME as if chroot(CHROOT) was

   done first.  A canonical name does not contain any `.', `..' components

   nor any repeated path separators ('/') or symlinks.  All path components

   must exist and NAME must be absolute filename.  The result is malloc'd.

   The returned name includes the CHROOT prefix.  */

char *

chroot_canon (const char *chroot, const char *name)

{

  char *rpath;

  char *dest;

  char *extra_buf = NULL;

  char *rpath_root;

  const char *start;

  const char *end;

  const char *rpath_limit;

  int num_links = 0;

  size_t chroot_len = strlen (chroot);

  if (chroot_len < 1)

    {

      __set_errno (EINVAL);

      return NULL;

    }

  rpath = xmalloc (chroot_len + PATH_MAX);

  rpath_limit = rpath + chroot_len + PATH_MAX;

  rpath_root = (char *) mempcpy (rpath, chroot, chroot_len) - 1;

  if (*rpath_root != '/')

    *++rpath_root = '/';

  dest = rpath_root + 1;

  for (start = end = name; *start; start = end)

    {

      struct stat64 st;

      /* Skip sequence of multiple path-separators.  */

      while (*start == '/')

	++start;

      /* Find end of path component.  */

      for (end = start; *end && *end != '/'; ++end)

	/* Nothing.  */;

      if (end - start == 0)

	break;

      else if (end - start == 1 && start[0] == '.')

	/* nothing */;

      else if (end - start == 2 && start[0] == '.' && start[1] == '.')

	{

	  /* Back up to previous component, ignore if at root already.  */

	  if (dest > rpath_root + 1)

	    while ((--dest)[-1] != '/');

	}

      else

	{

	  size_t new_size;

	  if (dest[-1] != '/')

	    *dest++ = '/';

	  if (dest + (end - start) >= rpath_limit)

	    {

	      ptrdiff_t dest_offset = dest - rpath;

	      char *new_rpath;

	      new_size = rpath_limit - rpath;

	      if (end - start + 1 > PATH_MAX)

		new_size += end - start + 1;

	      else

		new_size += PATH_MAX;

	      new_rpath = (char *) xrealloc (rpath, new_size);

	      rpath = new_rpath;

	      rpath_limit = rpath + new_size;

	      dest = rpath + dest_offset;

	    }

	  dest = mempcpy (dest, start, end - start);

	  *dest = '\0';

	  if (lstat64 (rpath, &st) < 0)

	    {

	      if (*end == '\0')

		goto done;

	      goto error;

	    }

	  if (S_ISLNK (st.st_mode))

	    {

	      char *buf = alloca (PATH_MAX);

	      size_t len;

	      if (++num_links > __eloop_threshold ())

		{

		  __set_errno (ELOOP);

		  goto error;

		}

	      ssize_t n = readlink (rpath, buf, PATH_MAX - 1);

	      if (n < 0)

		{

		  if (*end == '\0')

		    goto done;

		  goto error;

		}

	      buf[n] = '\0';

	      if (!extra_buf)

		extra_buf = alloca (PATH_MAX);

	      len = strlen (end);

	      if (len >= PATH_MAX - n)

		{

		  __set_errno (ENAMETOOLONG);

		  goto error;

		}

	      /* Careful here, end may be a pointer into extra_buf... */

	      memmove (&extra_buf[n], end, len + 1);

	      name = end = memcpy (extra_buf, buf, n);

	      if (buf[0] == '/')

		dest = rpath_root + 1;	/* It's an absolute symlink */

	      else

		/* Back up to previous component, ignore if at root already: */

		if (dest > rpath_root + 1)

		  while ((--dest)[-1] != '/');

	    }

	}

    }

 done:

  if (dest > rpath_root + 1 && dest[-1] == '/')

    --dest;

  *dest = '\0';

  return rpath;

 error:

  free (rpath);

  return NULL;

}