xref: /netbsd-src/lib/libc/gen/posix_spawnp.c (revision 53b02e147d4ed531c0d2a5ca9b3e8026ba3e99b5) 
1 /*	$NetBSD: posix_spawnp.c,v 1.4 2020/05/11 14:54:34 kre Exp $	*/
2 
3 /*-
4  * Copyright (c) 2011 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Martin Husemann <martin@NetBSD.org>.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
20  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
21  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
22  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
23  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 #if defined(LIBC_SCCS) && !defined(lint)
34 __RCSID("$NetBSD: posix_spawnp.c,v 1.4 2020/05/11 14:54:34 kre Exp $");
35 #endif /* LIBC_SCCS and not lint */
36 
37 #include "namespace.h"
38 
39 #include <assert.h>
40 #include <errno.h>
41 #include <paths.h>
42 #include <spawn.h>
43 #include <stdio.h>
44 #include <stdlib.h>
45 #include <string.h>
46 #include <unistd.h>
47 
48 
49 int posix_spawnp(pid_t * __restrict pid, const char * __restrict file,
50     const posix_spawn_file_actions_t *fa,
51     const posix_spawnattr_t * __restrict sa,
52     char * const *__restrict cav, char * const *__restrict env)
53 {
54 	char fpath[FILENAME_MAX];
55 	const char *path, *p;
56 	size_t lp, ln;
57 	int err;
58 
59 	_DIAGASSERT(file != NULL);
60 
61 	/*
62 	 * If there is a / in the name, fall straight through to posix_spawn().
63 	 */
64 	if (strchr(file, '/') != NULL)
65 		return posix_spawn(pid, file, fa, sa, cav, env);
66 
67 	/* Get the path we're searching. */
68 	if ((path = getenv("PATH")) == NULL)
69 		path = _PATH_DEFPATH;
70 
71 	/*
72 	 * Find an executable image with the given name in the PATH
73 	 */
74 
75 	ln = strlen(file);
76 	err = 0;
77 	do {
78 		/* Find the end of this path element. */
79 		for (p = path; *path != 0 && *path != ':'; path++)
80 			continue;
81 		/*
82 		 * It's a SHELL path -- double, leading and trailing colons
83 		 * mean the current directory.
84 		 */
85 		if (p == path) {
86 			p = ".";
87 			lp = 1;
88 		} else
89 			lp = (size_t)(path - p);
90 
91 		/*
92 		 * Once we gain chdir/fchdir file actions, this will need
93 		 * serious work, as we must treat "." relative to the
94 		 * target of the (final) chdir performed.
95 		 *
96 		 * Fortunately, that day is yet to come.
97 		 */
98 
99 		/*
100 		 * If the path is too long complain.  This is a possible
101 		 * security issue; given a way to make the path too long
102 		 * the user may execute the wrong program.
103 		 */
104 		if (lp + ln + 2 > sizeof(fpath)) {
105 			(void)write(STDERR_FILENO, "posix_spawnp: ", 14);
106 			(void)write(STDERR_FILENO, p, lp);
107 			(void)write(STDERR_FILENO, ": path too long\n", 16);
108 			continue;
109 		}
110 		memcpy(fpath, p, lp);
111 		fpath[lp] = '/';
112 		memcpy(fpath + lp + 1, file, ln);
113 		fpath[lp + ln + 1] = '\0';
114 
115 		/*
116 		 * It would be nice (much better) to try posix_spawn()
117 		 * here, using the current fpath as the filename, but
118 		 * there's no guarantee that it is safe to execute it
119 		 * twice (the file actions may screw us) so that we
120 		 * cannot do.   This test is weak, barely even adequate.
121 		 * but unless we are forced into making posix_spawmp()
122 		 * become a system call (with PATH as an arg, or an array
123 		 * of possible paths to try, based upon PATH and file)
124 		 * we really have no better method.
125 		 */
126 		if (access(fpath, X_OK) == 0)
127 			break;
128 
129 		if (err == 0)
130 			err = errno;
131 
132 		fpath[0] = '\0';
133 
134 
135 	} while (*path++ == ':');	/* Otherwise, *path was NUL */
136 
137 	if (fpath[0] == '\0')
138 		return err;
139 
140 	/*
141 	 * Use posix_spawn() with the found binary
142 	 */
143 	return posix_spawn(pid, fpath, fa, sa, cav, env);
144 }
145