1/* Copyright (C) 1991-2020 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
8
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
13
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <https://www.gnu.org/licenses/>. */
17
18#include <unistd.h>
19#include <stdarg.h>
20#include <stdbool.h>
21#include <stdlib.h>
22#include <string.h>
23#include <errno.h>
24#include <paths.h>
25#include <confstr.h>
26#include <sys/param.h>
27
28#ifndef PATH_MAX
29# ifdef MAXPATHLEN
30# define PATH_MAX MAXPATHLEN
31# else
32# define PATH_MAX 1024
33# endif
34#endif
35
36/* The file is accessible but it is not an executable file. Invoke
37 the shell to interpret it as a script. */
38static void
39maybe_script_execute (const char *file, char *const argv[], char *const envp[])
40{
41 ptrdiff_t argc;
42 for (argc = 0; argv[argc] != NULL; argc++)
43 {
44 if (argc == INT_MAX - 1)
45 {
46 errno = E2BIG;
47 return;
48 }
49 }
50
51 /* Construct an argument list for the shell based on original arguments:
52 1. Empty list (argv = { NULL }, argc = 1 }: new argv will contain 3
53 arguments - default shell, script to execute, and ending NULL.
54 2. Non empty argument list (argc = { ..., NULL }, argc > 1}: new argv
55 will contain also the default shell and the script to execute. It
56 will also skip the script name in arguments and only copy script
57 arguments. */
58 char *new_argv[argc > 1 ? 2 + argc : 3];
59 new_argv[0] = (char *) _PATH_BSHELL;
60 new_argv[1] = (char *) file;
61 if (argc > 1)
62 memcpy (new_argv + 2, argv + 1, argc * sizeof (char *));
63 else
64 new_argv[2] = NULL;
65
66 /* Execute the shell. */
67 __execve (new_argv[0], new_argv, envp);
68}
69
70static int
71__execvpe_common (const char *file, char *const argv[], char *const envp[],
72 bool exec_script)
73{
74 /* We check the simple case first. */
75 if (*file == '\0')
76 {
77 __set_errno (ENOENT);
78 return -1;
79 }
80
81 /* Don't search when it contains a slash. */
82 if (strchr (file, '/') != NULL)
83 {
84 __execve (file, argv, envp);
85
86 if (errno == ENOEXEC && exec_script)
87 maybe_script_execute (file, argv, envp);
88
89 return -1;
90 }
91
92 const char *path = getenv ("PATH");
93 if (!path)
94 path = CS_PATH;
95 /* Although GLIBC does not enforce NAME_MAX, we set it as the maximum
96 size to avoid unbounded stack allocation. Same applies for
97 PATH_MAX. */
98 size_t file_len = __strnlen (file, NAME_MAX) + 1;
99 size_t path_len = __strnlen (path, PATH_MAX - 1) + 1;
100
101 /* NAME_MAX does not include the terminating null character. */
102 if ((file_len - 1 > NAME_MAX)
103 || !__libc_alloca_cutoff (path_len + file_len + 1))
104 {
105 errno = ENAMETOOLONG;
106 return -1;
107 }
108
109 const char *subp;
110 bool got_eacces = false;
111 /* The resulting string maximum size would be potentially a entry
112 in PATH plus '/' (path_len + 1) and then the the resulting file name
113 plus '\0' (file_len since it already accounts for the '\0'). */
114 char buffer[path_len + file_len + 1];
115 for (const char *p = path; ; p = subp)
116 {
117 subp = __strchrnul (p, ':');
118
119 /* PATH is larger than PATH_MAX and thus potentially larger than
120 the stack allocation. */
121 if (subp - p >= path_len)
122 {
123 /* If there is only one path, bail out. */
124 if (*subp == '\0')
125 break;
126 /* Otherwise skip to next one. */
127 continue;
128 }
129
130 /* Use the current path entry, plus a '/' if nonempty, plus the file to
131 execute. */
132 char *pend = mempcpy (buffer, p, subp - p);
133 *pend = '/';
134 memcpy (pend + (p < subp), file, file_len);
135
136 __execve (buffer, argv, envp);
137
138 if (errno == ENOEXEC && exec_script)
139 /* This has O(P*C) behavior, where P is the length of the path and C
140 is the argument count. A better strategy would be allocate the
141 substitute argv and reuse it each time through the loop (so it
142 behaves as O(P+C) instead. */
143 maybe_script_execute (buffer, argv, envp);
144
145 switch (errno)
146 {
147 case EACCES:
148 /* Record that we got a 'Permission denied' error. If we end
149 up finding no executable we can use, we want to diagnose
150 that we did find one but were denied access. */
151 got_eacces = true;
152 case ENOENT:
153 case ESTALE:
154 case ENOTDIR:
155 /* Those errors indicate the file is missing or not executable
156 by us, in which case we want to just try the next path
157 directory. */
158 case ENODEV:
159 case ETIMEDOUT:
160 /* Some strange filesystems like AFS return even
161 stranger error numbers. They cannot reasonably mean
162 anything else so ignore those, too. */
163 break;
164
165 default:
166 /* Some other error means we found an executable file, but
167 something went wrong executing it; return the error to our
168 caller. */
169 return -1;
170 }
171
172 if (*subp++ == '\0')
173 break;
174 }
175
176 /* We tried every element and none of them worked. */
177 if (got_eacces)
178 /* At least one failure was due to permissions, so report that
179 error. */
180 __set_errno (EACCES);
181
182 return -1;
183}
184
185/* Execute FILE, searching in the `PATH' environment variable if it contains
186 no slashes, with arguments ARGV and environment from ENVP. */
187int
188__execvpe (const char *file, char *const argv[], char *const envp[])
189{
190 return __execvpe_common (file, argv, envp, true);
191}
192weak_alias (__execvpe, execvpe)
193
194/* Same as __EXECVPE, but does not try to execute NOEXEC files. */
195int
196__execvpex (const char *file, char *const argv[], char *const envp[])
197{
198 return __execvpe_common (file, argv, envp, false);
199}
200