1/* POSIX.2 wordexp implementation.
2 Copyright (C) 1997-2019 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Tim Waugh <tim@cyberelk.demon.co.uk>.
5
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
10
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, see
18 <http://www.gnu.org/licenses/>. */
19
20#include <ctype.h>
21#include <errno.h>
22#include <fcntl.h>
23#include <fnmatch.h>
24#include <glob.h>
25#include <libintl.h>
26#include <paths.h>
27#include <pwd.h>
28#include <signal.h>
29#include <stdbool.h>
30#include <stdio.h>
31#include <stdlib.h>
32#include <string.h>
33#include <sys/param.h>
34#include <sys/stat.h>
35#include <sys/time.h>
36#include <sys/types.h>
37#include <sys/types.h>
38#include <sys/wait.h>
39#include <unistd.h>
40#include <wchar.h>
41#include <wordexp.h>
42#include <kernel-features.h>
43#include <scratch_buffer.h>
44
45#include <libc-lock.h>
46#include <_itoa.h>
47
48/* Undefine the following line for the production version. */
49/* #define NDEBUG 1 */
50#include <assert.h>
51
52/* Get some device information. */
53#include <device-nrs.h>
54
55/*
56 * This is a recursive-descent-style word expansion routine.
57 */
58
59/* These variables are defined and initialized in the startup code. */
60extern int __libc_argc attribute_hidden;
61extern char **__libc_argv attribute_hidden;
62
63/* Some forward declarations */
64static int parse_dollars (char **word, size_t *word_length, size_t *max_length,
65 const char *words, size_t *offset, int flags,
66 wordexp_t *pwordexp, const char *ifs,
67 const char *ifs_white, int quoted);
68static int parse_backtick (char **word, size_t *word_length,
69 size_t *max_length, const char *words,
70 size_t *offset, int flags, wordexp_t *pwordexp,
71 const char *ifs, const char *ifs_white);
72static int parse_dquote (char **word, size_t *word_length, size_t *max_length,
73 const char *words, size_t *offset, int flags,
74 wordexp_t *pwordexp, const char *ifs,
75 const char *ifs_white);
76static int eval_expr (char *expr, long int *result);
77
78/* The w_*() functions manipulate word lists. */
79
80#define W_CHUNK (100)
81
82/* Result of w_newword will be ignored if it's the last word. */
83static inline char *
84w_newword (size_t *actlen, size_t *maxlen)
85{
86 *actlen = *maxlen = 0;
87 return NULL;
88}
89
90static char *
91w_addchar (char *buffer, size_t *actlen, size_t *maxlen, char ch)
92 /* (lengths exclude trailing zero) */
93{
94 /* Add a character to the buffer, allocating room for it if needed. */
95
96 if (*actlen == *maxlen)
97 {
98 char *old_buffer = buffer;
99 assert (buffer == NULL || *maxlen != 0);
100 *maxlen += W_CHUNK;
101 buffer = (char *) realloc (buffer, 1 + *maxlen);
102
103 if (buffer == NULL)
104 free (old_buffer);
105 }
106
107 if (buffer != NULL)
108 {
109 buffer[*actlen] = ch;
110 buffer[++(*actlen)] = '\0';
111 }
112
113 return buffer;
114}
115
116static char *
117w_addmem (char *buffer, size_t *actlen, size_t *maxlen, const char *str,
118 size_t len)
119{
120 /* Add a string to the buffer, allocating room for it if needed.
121 */
122 if (*actlen + len > *maxlen)
123 {
124 char *old_buffer = buffer;
125 assert (buffer == NULL || *maxlen != 0);
126 *maxlen += MAX (2 * len, W_CHUNK);
127 buffer = realloc (old_buffer, 1 + *maxlen);
128
129 if (buffer == NULL)
130 free (old_buffer);
131 }
132
133 if (buffer != NULL)
134 {
135 *((char *) __mempcpy (&buffer[*actlen], str, len)) = '\0';
136 *actlen += len;
137 }
138
139 return buffer;
140}
141
142static char *
143w_addstr (char *buffer, size_t *actlen, size_t *maxlen, const char *str)
144 /* (lengths exclude trailing zero) */
145{
146 /* Add a string to the buffer, allocating room for it if needed.
147 */
148 size_t len;
149
150 assert (str != NULL); /* w_addstr only called from this file */
151 len = strlen (str);
152
153 return w_addmem (buffer, actlen, maxlen, str, len);
154}
155
156static int
157w_addword (wordexp_t *pwordexp, char *word)
158{
159 /* Add a word to the wordlist */
160 size_t num_p;
161 char **new_wordv;
162 bool allocated = false;
163
164 /* Internally, NULL acts like "". Convert NULLs to "" before
165 * the caller sees them.
166 */
167 if (word == NULL)
168 {
169 word = __strdup ("");
170 if (word == NULL)
171 goto no_space;
172 allocated = true;
173 }
174
175 num_p = 2 + pwordexp->we_wordc + pwordexp->we_offs;
176 new_wordv = realloc (pwordexp->we_wordv, sizeof (char *) * num_p);
177 if (new_wordv != NULL)
178 {
179 pwordexp->we_wordv = new_wordv;
180 pwordexp->we_wordv[pwordexp->we_offs + pwordexp->we_wordc++] = word;
181 pwordexp->we_wordv[pwordexp->we_offs + pwordexp->we_wordc] = NULL;
182 return 0;
183 }
184
185 if (allocated)
186 free (word);
187
188no_space:
189 return WRDE_NOSPACE;
190}
191
192/* The parse_*() functions should leave *offset being the offset in 'words'
193 * to the last character processed.
194 */
195
196static int
197parse_backslash (char **word, size_t *word_length, size_t *max_length,
198 const char *words, size_t *offset)
199{
200 /* We are poised _at_ a backslash, not in quotes */
201
202 switch (words[1 + *offset])
203 {
204 case 0:
205 /* Backslash is last character of input words */
206 return WRDE_SYNTAX;
207
208 case '\n':
209 ++(*offset);
210 break;
211
212 default:
213 *word = w_addchar (*word, word_length, max_length, words[1 + *offset]);
214 if (*word == NULL)
215 return WRDE_NOSPACE;
216
217 ++(*offset);
218 break;
219 }
220
221 return 0;
222}
223
224static int
225parse_qtd_backslash (char **word, size_t *word_length, size_t *max_length,
226 const char *words, size_t *offset)
227{
228 /* We are poised _at_ a backslash, inside quotes */
229
230 switch (words[1 + *offset])
231 {
232 case 0:
233 /* Backslash is last character of input words */
234 return WRDE_SYNTAX;
235
236 case '\n':
237 ++(*offset);
238 break;
239
240 case '$':
241 case '`':
242 case '"':
243 case '\\':
244 *word = w_addchar (*word, word_length, max_length, words[1 + *offset]);
245 if (*word == NULL)
246 return WRDE_NOSPACE;
247
248 ++(*offset);
249 break;
250
251 default:
252 *word = w_addchar (*word, word_length, max_length, words[*offset]);
253 if (*word != NULL)
254 *word = w_addchar (*word, word_length, max_length, words[1 + *offset]);
255
256 if (*word == NULL)
257 return WRDE_NOSPACE;
258
259 ++(*offset);
260 break;
261 }
262
263 return 0;
264}
265
266static int
267parse_tilde (char **word, size_t *word_length, size_t *max_length,
268 const char *words, size_t *offset, size_t wordc)
269{
270 /* We are poised _at_ a tilde */
271 size_t i;
272
273 if (*word_length != 0)
274 {
275 if (!((*word)[*word_length - 1] == '=' && wordc == 0))
276 {
277 if (!((*word)[*word_length - 1] == ':'
278 && strchr (*word, '=') && wordc == 0))
279 {
280 *word = w_addchar (*word, word_length, max_length, '~');
281 return *word ? 0 : WRDE_NOSPACE;
282 }
283 }
284 }
285
286 for (i = 1 + *offset; words[i]; i++)
287 {
288 if (words[i] == ':' || words[i] == '/' || words[i] == ' '
289 || words[i] == '\t' || words[i] == 0 )
290 break;
291
292 if (words[i] == '\\')
293 {
294 *word = w_addchar (*word, word_length, max_length, '~');
295 return *word ? 0 : WRDE_NOSPACE;
296 }
297 }
298
299 if (i == 1 + *offset)
300 {
301 /* Tilde appears on its own */
302 char* home;
303
304 /* POSIX.2 says ~ expands to $HOME and if HOME is unset the
305 results are unspecified. We do a lookup on the uid if
306 HOME is unset. */
307
308 home = getenv ("HOME");
309 if (home != NULL)
310 {
311 *word = w_addstr (*word, word_length, max_length, home);
312 if (*word == NULL)
313 return WRDE_NOSPACE;
314 }
315 else
316 {
317 struct passwd pwd, *tpwd;
318 uid_t uid = __getuid ();
319 int result;
320 struct scratch_buffer tmpbuf;
321 scratch_buffer_init (&tmpbuf);
322
323 while ((result = __getpwuid_r (uid, &pwd,
324 tmpbuf.data, tmpbuf.length,
325 &tpwd)) != 0
326 && errno == ERANGE)
327 if (!scratch_buffer_grow (&tmpbuf))
328 return WRDE_NOSPACE;
329
330 if (result == 0 && tpwd != NULL && pwd.pw_dir != NULL)
331 {
332 *word = w_addstr (*word, word_length, max_length, pwd.pw_dir);
333 if (*word == NULL)
334 {
335 scratch_buffer_free (&tmpbuf);
336 return WRDE_NOSPACE;
337 }
338 }
339 else
340 {
341 *word = w_addchar (*word, word_length, max_length, '~');
342 if (*word == NULL)
343 {
344 scratch_buffer_free (&tmpbuf);
345 return WRDE_NOSPACE;
346 }
347 }
348 scratch_buffer_free (&tmpbuf);
349 }
350 }
351 else
352 {
353 /* Look up user name in database to get home directory */
354 char *user = strndupa (&words[1 + *offset], i - (1 + *offset));
355 struct passwd pwd, *tpwd;
356 int result;
357 struct scratch_buffer tmpbuf;
358 scratch_buffer_init (&tmpbuf);
359
360 while ((result = __getpwnam_r (user, &pwd, tmpbuf.data, tmpbuf.length,
361 &tpwd)) != 0
362 && errno == ERANGE)
363 if (!scratch_buffer_grow (&tmpbuf))
364 return WRDE_NOSPACE;
365
366 if (result == 0 && tpwd != NULL && pwd.pw_dir)
367 *word = w_addstr (*word, word_length, max_length, pwd.pw_dir);
368 else
369 {
370 /* (invalid login name) */
371 *word = w_addchar (*word, word_length, max_length, '~');
372 if (*word != NULL)
373 *word = w_addstr (*word, word_length, max_length, user);
374 }
375
376 scratch_buffer_free (&tmpbuf);
377
378 *offset = i - 1;
379 }
380 return *word ? 0 : WRDE_NOSPACE;
381}
382
383
384static int
385do_parse_glob (const char *glob_word, char **word, size_t *word_length,
386 size_t *max_length, wordexp_t *pwordexp, const char *ifs,
387 const char *ifs_white)
388{
389 int error;
390 unsigned int match;
391 glob_t globbuf;
392
393 error = glob (glob_word, GLOB_NOCHECK, NULL, &globbuf);
394
395 if (error != 0)
396 {
397 /* We can only run into memory problems. */
398 assert (error == GLOB_NOSPACE);
399 return WRDE_NOSPACE;
400 }
401
402 if (ifs && !*ifs)
403 {
404 /* No field splitting allowed. */
405 assert (globbuf.gl_pathv[0] != NULL);
406 *word = w_addstr (*word, word_length, max_length, globbuf.gl_pathv[0]);
407 for (match = 1; match < globbuf.gl_pathc && *word != NULL; ++match)
408 {
409 *word = w_addchar (*word, word_length, max_length, ' ');
410 if (*word != NULL)
411 *word = w_addstr (*word, word_length, max_length,
412 globbuf.gl_pathv[match]);
413 }
414
415 globfree (&globbuf);
416 return *word ? 0 : WRDE_NOSPACE;
417 }
418
419 assert (ifs == NULL || *ifs != '\0');
420 if (*word != NULL)
421 {
422 free (*word);
423 *word = w_newword (word_length, max_length);
424 }
425
426 for (match = 0; match < globbuf.gl_pathc; ++match)
427 {
428 char *matching_word = __strdup (globbuf.gl_pathv[match]);
429 if (matching_word == NULL || w_addword (pwordexp, matching_word))
430 {
431 globfree (&globbuf);
432 return WRDE_NOSPACE;
433 }
434 }
435
436 globfree (&globbuf);
437 return 0;
438}
439
440static int
441parse_glob (char **word, size_t *word_length, size_t *max_length,
442 const char *words, size_t *offset, int flags,
443 wordexp_t *pwordexp, const char *ifs, const char *ifs_white)
444{
445 /* We are poised just after a '*', a '[' or a '?'. */
446 int error = WRDE_NOSPACE;
447 int quoted = 0; /* 1 if singly-quoted, 2 if doubly */
448 size_t i;
449 wordexp_t glob_list; /* List of words to glob */
450
451 glob_list.we_wordc = 0;
452 glob_list.we_wordv = NULL;
453 glob_list.we_offs = 0;
454 for (; words[*offset] != '\0'; ++*offset)
455 {
456 if (strchr (ifs, words[*offset]) != NULL)
457 /* Reached IFS */
458 break;
459
460 /* Sort out quoting */
461 if (words[*offset] == '\'')
462 {
463 if (quoted == 0)
464 {
465 quoted = 1;
466 continue;
467 }
468 else if (quoted == 1)
469 {
470 quoted = 0;
471 continue;
472 }
473 }
474 else if (words[*offset] == '"')
475 {
476 if (quoted == 0)
477 {
478 quoted = 2;
479 continue;
480 }
481 else if (quoted == 2)
482 {
483 quoted = 0;
484 continue;
485 }
486 }
487
488 /* Sort out other special characters */
489 if (quoted != 1 && words[*offset] == '$')
490 {
491 error = parse_dollars (word, word_length, max_length, words,
492 offset, flags, &glob_list, ifs, ifs_white,
493 quoted == 2);
494 if (error)
495 goto tidy_up;
496
497 continue;
498 }
499 else if (words[*offset] == '\\')
500 {
501 if (quoted)
502 error = parse_qtd_backslash (word, word_length, max_length,
503 words, offset);
504 else
505 error = parse_backslash (word, word_length, max_length,
506 words, offset);
507
508 if (error)
509 goto tidy_up;
510
511 continue;
512 }
513
514 *word = w_addchar (*word, word_length, max_length, words[*offset]);
515 if (*word == NULL)
516 goto tidy_up;
517 }
518
519 /* Don't forget to re-parse the character we stopped at. */
520 --*offset;
521
522 /* Glob the words */
523 error = w_addword (&glob_list, *word);
524 *word = w_newword (word_length, max_length);
525 for (i = 0; error == 0 && i < glob_list.we_wordc; i++)
526 error = do_parse_glob (glob_list.we_wordv[i], word, word_length,
527 max_length, pwordexp, ifs, ifs_white);
528
529 /* Now tidy up */
530tidy_up:
531 wordfree (&glob_list);
532 return error;
533}
534
535static int
536parse_squote (char **word, size_t *word_length, size_t *max_length,
537 const char *words, size_t *offset)
538{
539 /* We are poised just after a single quote */
540 for (; words[*offset]; ++(*offset))
541 {
542 if (words[*offset] != '\'')
543 {
544 *word = w_addchar (*word, word_length, max_length, words[*offset]);
545 if (*word == NULL)
546 return WRDE_NOSPACE;
547 }
548 else return 0;
549 }
550
551 /* Unterminated string */
552 return WRDE_SYNTAX;
553}
554
555/* Functions to evaluate an arithmetic expression */
556static int
557eval_expr_val (char **expr, long int *result)
558{
559 char *digit;
560
561 /* Skip white space */
562 for (digit = *expr; digit && *digit && isspace (*digit); ++digit);
563
564 if (*digit == '(')
565 {
566 /* Scan for closing paren */
567 for (++digit; **expr && **expr != ')'; ++(*expr));
568
569 /* Is there one? */
570 if (!**expr)
571 return WRDE_SYNTAX;
572
573 *(*expr)++ = 0;
574
575 if (eval_expr (digit, result))
576 return WRDE_SYNTAX;
577
578 return 0;
579 }
580
581 /* POSIX requires that decimal, octal, and hexadecimal constants are
582 recognized. Therefore we pass 0 as the third parameter to strtol. */
583 *result = strtol (digit, expr, 0);
584 if (digit == *expr)
585 return WRDE_SYNTAX;
586
587 return 0;
588}
589
590static int
591eval_expr_multdiv (char **expr, long int *result)
592{
593 long int arg;
594
595 /* Read a Value */
596 if (eval_expr_val (expr, result) != 0)
597 return WRDE_SYNTAX;
598
599 while (**expr)
600 {
601 /* Skip white space */
602 for (; *expr && **expr && isspace (**expr); ++(*expr));
603
604 if (**expr == '*')
605 {
606 ++(*expr);
607 if (eval_expr_val (expr, &arg) != 0)
608 return WRDE_SYNTAX;
609
610 *result *= arg;
611 }
612 else if (**expr == '/')
613 {
614 ++(*expr);
615 if (eval_expr_val (expr, &arg) != 0)
616 return WRDE_SYNTAX;
617
618 /* Division by zero or integer overflow. */
619 if (arg == 0 || (arg == -1 && *result == LONG_MIN))
620 return WRDE_SYNTAX;
621
622 *result /= arg;
623 }
624 else break;
625 }
626
627 return 0;
628}
629
630static int
631eval_expr (char *expr, long int *result)
632{
633 long int arg;
634
635 /* Read a Multdiv */
636 if (eval_expr_multdiv (&expr, result) != 0)
637 return WRDE_SYNTAX;
638
639 while (*expr)
640 {
641 /* Skip white space */
642 for (; expr && *expr && isspace (*expr); ++expr);
643
644 if (*expr == '+')
645 {
646 ++expr;
647 if (eval_expr_multdiv (&expr, &arg) != 0)
648 return WRDE_SYNTAX;
649
650 *result += arg;
651 }
652 else if (*expr == '-')
653 {
654 ++expr;
655 if (eval_expr_multdiv (&expr, &arg) != 0)
656 return WRDE_SYNTAX;
657
658 *result -= arg;
659 }
660 else break;
661 }
662
663 return 0;
664}
665
666static int
667parse_arith (char **word, size_t *word_length, size_t *max_length,
668 const char *words, size_t *offset, int flags, int bracket)
669{
670 /* We are poised just after "$((" or "$[" */
671 int error;
672 int paren_depth = 1;
673 size_t expr_length;
674 size_t expr_maxlen;
675 char *expr;
676
677 expr = w_newword (&expr_length, &expr_maxlen);
678 for (; words[*offset]; ++(*offset))
679 {
680 switch (words[*offset])
681 {
682 case '$':
683 error = parse_dollars (&expr, &expr_length, &expr_maxlen,
684 words, offset, flags, NULL, NULL, NULL, 1);
685 /* The ``1'' here is to tell parse_dollars not to
686 * split the fields.
687 */
688 if (error)
689 {
690 free (expr);
691 return error;
692 }
693 break;
694
695 case '`':
696 (*offset)++;
697 error = parse_backtick (&expr, &expr_length, &expr_maxlen,
698 words, offset, flags, NULL, NULL, NULL);
699 /* The first NULL here is to tell parse_backtick not to
700 * split the fields.
701 */
702 if (error)
703 {
704 free (expr);
705 return error;
706 }
707 break;
708
709 case '\\':
710 error = parse_qtd_backslash (&expr, &expr_length, &expr_maxlen,
711 words, offset);
712 if (error)
713 {
714 free (expr);
715 return error;
716 }
717 /* I think that a backslash within an
718 * arithmetic expansion is bound to
719 * cause an error sooner or later anyway though.
720 */
721 break;
722
723 case ')':
724 if (--paren_depth == 0)
725 {
726 char result[21]; /* 21 = ceil(log10(2^64)) + 1 */
727 long int numresult = 0;
728 long long int convertme;
729
730 if (bracket || words[1 + *offset] != ')')
731 {
732 free (expr);
733 return WRDE_SYNTAX;
734 }
735
736 ++(*offset);
737
738 /* Go - evaluate. */
739 if (*expr && eval_expr (expr, &numresult) != 0)
740 {
741 free (expr);
742 return WRDE_SYNTAX;
743 }
744
745 if (numresult < 0)
746 {
747 convertme = -numresult;
748 *word = w_addchar (*word, word_length, max_length, '-');
749 if (!*word)
750 {
751 free (expr);
752 return WRDE_NOSPACE;
753 }
754 }
755 else
756 convertme = numresult;
757
758 result[20] = '\0';
759 *word = w_addstr (*word, word_length, max_length,
760 _itoa (convertme, &result[20], 10, 0));
761 free (expr);
762 return *word ? 0 : WRDE_NOSPACE;
763 }
764 expr = w_addchar (expr, &expr_length, &expr_maxlen, words[*offset]);
765 if (expr == NULL)
766 return WRDE_NOSPACE;
767
768 break;
769
770 case ']':
771 if (bracket && paren_depth == 1)
772 {
773 char result[21]; /* 21 = ceil(log10(2^64)) + 1 */
774 long int numresult = 0;
775
776 /* Go - evaluate. */
777 if (*expr && eval_expr (expr, &numresult) != 0)
778 {
779 free (expr);
780 return WRDE_SYNTAX;
781 }
782
783 result[20] = '\0';
784 *word = w_addstr (*word, word_length, max_length,
785 _itoa_word (numresult, &result[20], 10, 0));
786 free (expr);
787 return *word ? 0 : WRDE_NOSPACE;
788 }
789
790 free (expr);
791 return WRDE_SYNTAX;
792
793 case '\n':
794 case ';':
795 case '{':
796 case '}':
797 free (expr);
798 return WRDE_BADCHAR;
799
800 case '(':
801 ++paren_depth;
802 /* Fall through. */
803 default:
804 expr = w_addchar (expr, &expr_length, &expr_maxlen, words[*offset]);
805 if (expr == NULL)
806 return WRDE_NOSPACE;
807 }
808 }
809
810 /* Premature end */
811 free (expr);
812 return WRDE_SYNTAX;
813}
814
815/* Function called by child process in exec_comm() */
816static inline void
817__attribute__ ((always_inline))
818exec_comm_child (char *comm, int *fildes, int showerr, int noexec)
819{
820 const char *args[4] = { _PATH_BSHELL, "-c", comm, NULL };
821
822 /* Execute the command, or just check syntax? */
823 if (noexec)
824 args[1] = "-nc";
825
826 /* Redirect output. */
827 if (__glibc_likely (fildes[1] != STDOUT_FILENO))
828 {
829 __dup2 (fildes[1], STDOUT_FILENO);
830 __close (fildes[1]);
831 }
832 else
833 /* Reset the close-on-exec flag (if necessary). */
834 __fcntl (fildes[1], F_SETFD, 0);
835
836 /* Redirect stderr to /dev/null if we have to. */
837 if (showerr == 0)
838 {
839 struct stat64 st;
840 int fd;
841 __close (STDERR_FILENO);
842 fd = __open (_PATH_DEVNULL, O_WRONLY);
843 if (fd >= 0 && fd != STDERR_FILENO)
844 {
845 __dup2 (fd, STDERR_FILENO);
846 __close (fd);
847 }
848 /* Be paranoid. Check that we actually opened the /dev/null
849 device. */
850 if (__builtin_expect (__fxstat64 (_STAT_VER, STDERR_FILENO, &st), 0) != 0
851 || __builtin_expect (S_ISCHR (st.st_mode), 1) == 0
852#if defined DEV_NULL_MAJOR && defined DEV_NULL_MINOR
853 || st.st_rdev != __gnu_dev_makedev (DEV_NULL_MAJOR, DEV_NULL_MINOR)
854#endif
855 )
856 /* It's not the /dev/null device. Stop right here. The
857 problem is: how do we stop? We use _exit() with an
858 hopefully unusual exit code. */
859 _exit (90);
860 }
861
862 /* Make sure the subshell doesn't field-split on our behalf. */
863 __unsetenv ("IFS");
864
865 __close (fildes[0]);
866 __execve (_PATH_BSHELL, (char *const *) args, __environ);
867
868 /* Bad. What now? */
869 abort ();
870}
871
872/* Function to execute a command and retrieve the results */
873/* pwordexp contains NULL if field-splitting is forbidden */
874static int
875exec_comm (char *comm, char **word, size_t *word_length, size_t *max_length,
876 int flags, wordexp_t *pwordexp, const char *ifs,
877 const char *ifs_white)
878{
879 int fildes[2];
880#define bufsize 128
881 int buflen;
882 int i;
883 int status = 0;
884 size_t maxnewlines = 0;
885 char buffer[bufsize];
886 pid_t pid;
887 int noexec = 0;
888
889 /* Do nothing if command substitution should not succeed. */
890 if (flags & WRDE_NOCMD)
891 return WRDE_CMDSUB;
892
893 /* Don't fork() unless necessary */
894 if (!comm || !*comm)
895 return 0;
896
897 if (__pipe2 (fildes, O_CLOEXEC) < 0)
898 return WRDE_NOSPACE;
899
900 again:
901 if ((pid = __fork ()) < 0)
902 {
903 /* Bad */
904 __close (fildes[0]);
905 __close (fildes[1]);
906 return WRDE_NOSPACE;
907 }
908
909 if (pid == 0)
910 exec_comm_child (comm, fildes, noexec ? 0 : flags & WRDE_SHOWERR, noexec);
911
912 /* Parent */
913
914 /* If we are just testing the syntax, only wait. */
915 if (noexec)
916 return (TEMP_FAILURE_RETRY (__waitpid (pid, &status, 0)) == pid
917 && status != 0) ? WRDE_SYNTAX : 0;
918
919 __close (fildes[1]);
920 fildes[1] = -1;
921
922 if (!pwordexp)
923 /* Quoted - no field splitting */
924 {
925 while (1)
926 {
927 if ((buflen = TEMP_FAILURE_RETRY (__read (fildes[0], buffer,
928 bufsize))) < 1)
929 {
930 /* If read returned 0 then the process has closed its
931 stdout. Don't use WNOHANG in that case to avoid busy
932 looping until the process eventually exits. */
933 if (TEMP_FAILURE_RETRY (__waitpid (pid, &status,
934 buflen == 0 ? 0 : WNOHANG))
935 == 0)
936 continue;
937 if ((buflen = TEMP_FAILURE_RETRY (__read (fildes[0], buffer,
938 bufsize))) < 1)
939 break;
940 }
941
942 maxnewlines += buflen;
943
944 *word = w_addmem (*word, word_length, max_length, buffer, buflen);
945 if (*word == NULL)
946 goto no_space;
947 }
948 }
949 else
950 /* Not quoted - split fields */
951 {
952 int copying = 0;
953 /* 'copying' is:
954 * 0 when searching for first character in a field not IFS white space
955 * 1 when copying the text of a field
956 * 2 when searching for possible non-whitespace IFS
957 * 3 when searching for non-newline after copying field
958 */
959
960 while (1)
961 {
962 if ((buflen = TEMP_FAILURE_RETRY (__read (fildes[0], buffer,
963 bufsize))) < 1)
964 {
965 /* If read returned 0 then the process has closed its
966 stdout. Don't use WNOHANG in that case to avoid busy
967 looping until the process eventually exits. */
968 if (TEMP_FAILURE_RETRY (__waitpid (pid, &status,
969 buflen == 0 ? 0 : WNOHANG))
970 == 0)
971 continue;
972 if ((buflen = TEMP_FAILURE_RETRY (__read (fildes[0], buffer,
973 bufsize))) < 1)
974 break;
975 }
976
977 for (i = 0; i < buflen; ++i)
978 {
979 if (strchr (ifs, buffer[i]) != NULL)
980 {
981 /* Current character is IFS */
982 if (strchr (ifs_white, buffer[i]) == NULL)
983 {
984 /* Current character is IFS but not whitespace */
985 if (copying == 2)
986 {
987 /* current character
988 * |
989 * V
990 * eg: text<space><comma><space>moretext
991 *
992 * So, strip whitespace IFS (like at the start)
993 */
994 copying = 0;
995 continue;
996 }
997
998 copying = 0;
999 /* fall through and delimit field.. */
1000 }
1001 else
1002 {
1003 if (buffer[i] == '\n')
1004 {
1005 /* Current character is (IFS) newline */
1006
1007 /* If copying a field, this is the end of it,
1008 but maybe all that's left is trailing newlines.
1009 So start searching for a non-newline. */
1010 if (copying == 1)
1011 copying = 3;
1012
1013 continue;
1014 }
1015 else
1016 {
1017 /* Current character is IFS white space, but
1018 not a newline */
1019
1020 /* If not either copying a field or searching
1021 for non-newline after a field, ignore it */
1022 if (copying != 1 && copying != 3)
1023 continue;
1024
1025 /* End of field (search for non-ws IFS afterwards) */
1026 copying = 2;
1027 }
1028 }
1029
1030 /* First IFS white space (non-newline), or IFS non-whitespace.
1031 * Delimit the field. Nulls are converted by w_addword. */
1032 if (w_addword (pwordexp, *word) == WRDE_NOSPACE)
1033 goto no_space;
1034
1035 *word = w_newword (word_length, max_length);
1036
1037 maxnewlines = 0;
1038 /* fall back round the loop.. */
1039 }
1040 else
1041 {
1042 /* Not IFS character */
1043
1044 if (copying == 3)
1045 {
1046 /* Nothing but (IFS) newlines since the last field,
1047 so delimit it here before starting new word */
1048 if (w_addword (pwordexp, *word) == WRDE_NOSPACE)
1049 goto no_space;
1050
1051 *word = w_newword (word_length, max_length);
1052 }
1053
1054 copying = 1;
1055
1056 if (buffer[i] == '\n') /* happens if newline not in IFS */
1057 maxnewlines++;
1058 else
1059 maxnewlines = 0;
1060
1061 *word = w_addchar (*word, word_length, max_length,
1062 buffer[i]);
1063 if (*word == NULL)
1064 goto no_space;
1065 }
1066 }
1067 }
1068 }
1069
1070 /* Chop off trailing newlines (required by POSIX.2) */
1071 /* Ensure we don't go back further than the beginning of the
1072 substitution (i.e. remove maxnewlines bytes at most) */
1073 while (maxnewlines-- != 0
1074 && *word_length > 0 && (*word)[*word_length - 1] == '\n')
1075 {
1076 (*word)[--*word_length] = '\0';
1077
1078 /* If the last word was entirely newlines, turn it into a new word
1079 * which can be ignored if there's nothing following it. */
1080 if (*word_length == 0)
1081 {
1082 free (*word);
1083 *word = w_newword (word_length, max_length);
1084 break;
1085 }
1086 }
1087
1088 __close (fildes[0]);
1089 fildes[0] = -1;
1090
1091 /* Check for syntax error (re-execute but with "-n" flag) */
1092 if (buflen < 1 && status != 0)
1093 {
1094 noexec = 1;
1095 goto again;
1096 }
1097
1098 return 0;
1099
1100no_space:
1101 __kill (pid, SIGKILL);
1102 TEMP_FAILURE_RETRY (__waitpid (pid, NULL, 0));
1103 __close (fildes[0]);
1104 return WRDE_NOSPACE;
1105}
1106
1107static int
1108parse_comm (char **word, size_t *word_length, size_t *max_length,
1109 const char *words, size_t *offset, int flags, wordexp_t *pwordexp,
1110 const char *ifs, const char *ifs_white)
1111{
1112 /* We are poised just after "$(" */
1113 int paren_depth = 1;
1114 int error = 0;
1115 int quoted = 0; /* 1 for singly-quoted, 2 for doubly-quoted */
1116 size_t comm_length;
1117 size_t comm_maxlen;
1118 char *comm = w_newword (&comm_length, &comm_maxlen);
1119
1120 for (; words[*offset]; ++(*offset))
1121 {
1122 switch (words[*offset])
1123 {
1124 case '\'':
1125 if (quoted == 0)
1126 quoted = 1;
1127 else if (quoted == 1)
1128 quoted = 0;
1129
1130 break;
1131
1132 case '"':
1133 if (quoted == 0)
1134 quoted = 2;
1135 else if (quoted == 2)
1136 quoted = 0;
1137
1138 break;
1139
1140 case ')':
1141 if (!quoted && --paren_depth == 0)
1142 {
1143 /* Go -- give script to the shell */
1144 if (comm)
1145 {
1146#ifdef __libc_ptf_call
1147 /* We do not want the exec_comm call to be cut short
1148 by a thread cancellation since cleanup is very
1149 ugly. Therefore disable cancellation for
1150 now. */
1151 // XXX Ideally we do want the thread being cancelable.
1152 // XXX If demand is there we'll change it.
1153 int state = PTHREAD_CANCEL_ENABLE;
1154 __libc_ptf_call (__pthread_setcancelstate,
1155 (PTHREAD_CANCEL_DISABLE, &state), 0);
1156#endif
1157
1158 error = exec_comm (comm, word, word_length, max_length,
1159 flags, pwordexp, ifs, ifs_white);
1160
1161#ifdef __libc_ptf_call
1162 __libc_ptf_call (__pthread_setcancelstate,
1163 (state, NULL), 0);
1164#endif
1165
1166 free (comm);
1167 }
1168
1169 return error;
1170 }
1171
1172 /* This is just part of the script */
1173 break;
1174
1175 case '(':
1176 if (!quoted)
1177 ++paren_depth;
1178 }
1179
1180 comm = w_addchar (comm, &comm_length, &comm_maxlen, words[*offset]);
1181 if (comm == NULL)
1182 return WRDE_NOSPACE;
1183 }
1184
1185 /* Premature end. */
1186 free (comm);
1187
1188 return WRDE_SYNTAX;
1189}
1190
1191#define CHAR_IN_SET(ch, char_set) \
1192 (memchr (char_set "", ch, sizeof (char_set) - 1) != NULL)
1193
1194static int
1195parse_param (char **word, size_t *word_length, size_t *max_length,
1196 const char *words, size_t *offset, int flags, wordexp_t *pwordexp,
1197 const char *ifs, const char *ifs_white, int quoted)
1198{
1199 /* We are poised just after "$" */
1200 enum action
1201 {
1202 ACT_NONE,
1203 ACT_RP_SHORT_LEFT = '#',
1204 ACT_RP_LONG_LEFT = 'L',
1205 ACT_RP_SHORT_RIGHT = '%',
1206 ACT_RP_LONG_RIGHT = 'R',
1207 ACT_NULL_ERROR = '?',
1208 ACT_NULL_SUBST = '-',
1209 ACT_NONNULL_SUBST = '+',
1210 ACT_NULL_ASSIGN = '='
1211 };
1212 size_t env_length;
1213 size_t env_maxlen;
1214 size_t pat_length;
1215 size_t pat_maxlen;
1216 size_t start = *offset;
1217 char *env;
1218 char *pattern;
1219 char *value = NULL;
1220 enum action action = ACT_NONE;
1221 int depth = 0;
1222 int colon_seen = 0;
1223 int seen_hash = 0;
1224 int free_value = 0;
1225 int pattern_is_quoted = 0; /* 1 for singly-quoted, 2 for doubly-quoted */
1226 int error;
1227 int special = 0;
1228 char buffer[21];
1229 int brace = words[*offset] == '{';
1230
1231 env = w_newword (&env_length, &env_maxlen);
1232 pattern = w_newword (&pat_length, &pat_maxlen);
1233
1234 if (brace)
1235 ++*offset;
1236
1237 /* First collect the parameter name. */
1238
1239 if (words[*offset] == '#')
1240 {
1241 seen_hash = 1;
1242 if (!brace)
1243 goto envsubst;
1244 ++*offset;
1245 }
1246
1247 if (isalpha (words[*offset]) || words[*offset] == '_')
1248 {
1249 /* Normal parameter name. */
1250 do
1251 {
1252 env = w_addchar (env, &env_length, &env_maxlen,
1253 words[*offset]);
1254 if (env == NULL)
1255 goto no_space;
1256 }
1257 while (isalnum (words[++*offset]) || words[*offset] == '_');
1258 }
1259 else if (isdigit (words[*offset]))
1260 {
1261 /* Numeric parameter name. */
1262 special = 1;
1263 do
1264 {
1265 env = w_addchar (env, &env_length, &env_maxlen,
1266 words[*offset]);
1267 if (env == NULL)
1268 goto no_space;
1269 if (!brace)
1270 goto envsubst;
1271 }
1272 while (isdigit(words[++*offset]));
1273 }
1274 else if (CHAR_IN_SET (words[*offset], "*@$"))
1275 {
1276 /* Special parameter. */
1277 special = 1;
1278 env = w_addchar (env, &env_length, &env_maxlen,
1279 words[*offset]);
1280 if (env == NULL)
1281 goto no_space;
1282 ++*offset;
1283 }
1284 else
1285 {
1286 if (brace)
1287 goto syntax;
1288 }
1289
1290 if (brace)
1291 {
1292 /* Check for special action to be applied to the value. */
1293 switch (words[*offset])
1294 {
1295 case '}':
1296 /* Evaluate. */
1297 goto envsubst;
1298
1299 case '#':
1300 action = ACT_RP_SHORT_LEFT;
1301 if (words[1 + *offset] == '#')
1302 {
1303 ++*offset;
1304 action = ACT_RP_LONG_LEFT;
1305 }
1306 break;
1307
1308 case '%':
1309 action = ACT_RP_SHORT_RIGHT;
1310 if (words[1 + *offset] == '%')
1311 {
1312 ++*offset;
1313 action = ACT_RP_LONG_RIGHT;
1314 }
1315 break;
1316
1317 case ':':
1318 if (!CHAR_IN_SET (words[1 + *offset], "-=?+"))
1319 goto syntax;
1320
1321 colon_seen = 1;
1322 action = words[++*offset];
1323 break;
1324
1325 case '-':
1326 case '=':
1327 case '?':
1328 case '+':
1329 action = words[*offset];
1330 break;
1331
1332 default:
1333 goto syntax;
1334 }
1335
1336 /* Now collect the pattern, but don't expand it yet. */
1337 ++*offset;
1338 for (; words[*offset]; ++(*offset))
1339 {
1340 switch (words[*offset])
1341 {
1342 case '{':
1343 if (!pattern_is_quoted)
1344 ++depth;
1345 break;
1346
1347 case '}':
1348 if (!pattern_is_quoted)
1349 {
1350 if (depth == 0)
1351 goto envsubst;
1352 --depth;
1353 }
1354 break;
1355
1356 case '\\':
1357 if (pattern_is_quoted)
1358 /* Quoted; treat as normal character. */
1359 break;
1360
1361 /* Otherwise, it's an escape: next character is literal. */
1362 if (words[++*offset] == '\0')
1363 goto syntax;
1364
1365 pattern = w_addchar (pattern, &pat_length, &pat_maxlen, '\\');
1366 if (pattern == NULL)
1367 goto no_space;
1368
1369 break;
1370
1371 case '\'':
1372 if (pattern_is_quoted == 0)
1373 pattern_is_quoted = 1;
1374 else if (pattern_is_quoted == 1)
1375 pattern_is_quoted = 0;
1376
1377 break;
1378
1379 case '"':
1380 if (pattern_is_quoted == 0)
1381 pattern_is_quoted = 2;
1382 else if (pattern_is_quoted == 2)
1383 pattern_is_quoted = 0;
1384
1385 break;
1386 }
1387
1388 pattern = w_addchar (pattern, &pat_length, &pat_maxlen,
1389 words[*offset]);
1390 if (pattern == NULL)
1391 goto no_space;
1392 }
1393 }
1394
1395 /* End of input string -- remember to reparse the character that we
1396 * stopped at. */
1397 --(*offset);
1398
1399envsubst:
1400 if (words[start] == '{' && words[*offset] != '}')
1401 goto syntax;
1402
1403 if (env == NULL)
1404 {
1405 if (seen_hash)
1406 {
1407 /* $# expands to the number of positional parameters */
1408 buffer[20] = '\0';
1409 value = _itoa_word (__libc_argc - 1, &buffer[20], 10, 0);
1410 seen_hash = 0;
1411 }
1412 else
1413 {
1414 /* Just $ on its own */
1415 *offset = start - 1;
1416 *word = w_addchar (*word, word_length, max_length, '$');
1417 return *word ? 0 : WRDE_NOSPACE;
1418 }
1419 }
1420 /* Is it a numeric parameter? */
1421 else if (isdigit (env[0]))
1422 {
1423 int n = atoi (env);
1424
1425 if (n >= __libc_argc)
1426 /* Substitute NULL. */
1427 value = NULL;
1428 else
1429 /* Replace with appropriate positional parameter. */
1430 value = __libc_argv[n];
1431 }
1432 /* Is it a special parameter? */
1433 else if (special)
1434 {
1435 /* Is it `$$'? */
1436 if (*env == '$')
1437 {
1438 buffer[20] = '\0';
1439 value = _itoa_word (__getpid (), &buffer[20], 10, 0);
1440 }
1441 /* Is it `${#*}' or `${#@}'? */
1442 else if ((*env == '*' || *env == '@') && seen_hash)
1443 {
1444 buffer[20] = '\0';
1445 value = _itoa_word (__libc_argc > 0 ? __libc_argc - 1 : 0,
1446 &buffer[20], 10, 0);
1447 *word = w_addstr (*word, word_length, max_length, value);
1448 free (env);
1449 free (pattern);
1450 return *word ? 0 : WRDE_NOSPACE;
1451 }
1452 /* Is it `$*' or `$@' (unquoted) ? */
1453 else if (*env == '*' || (*env == '@' && !quoted))
1454 {
1455 size_t plist_len = 0;
1456 int p;
1457 char *end;
1458
1459 /* Build up value parameter by parameter (copy them) */
1460 for (p = 1; __libc_argv[p]; ++p)
1461 plist_len += strlen (__libc_argv[p]) + 1; /* for space */
1462 value = malloc (plist_len);
1463 if (value == NULL)
1464 goto no_space;
1465 end = value;
1466 *end = 0;
1467 for (p = 1; __libc_argv[p]; ++p)
1468 {
1469 if (p > 1)
1470 *end++ = ' ';
1471 end = __stpcpy (end, __libc_argv[p]);
1472 }
1473
1474 free_value = 1;
1475 }
1476 else
1477 {
1478 /* Must be a quoted `$@' */
1479 assert (*env == '@' && quoted);
1480
1481 /* Each parameter is a separate word ("$@") */
1482 if (__libc_argc == 2)
1483 value = __libc_argv[1];
1484 else if (__libc_argc > 2)
1485 {
1486 int p;
1487
1488 /* Append first parameter to current word. */
1489 value = w_addstr (*word, word_length, max_length,
1490 __libc_argv[1]);
1491 if (value == NULL || w_addword (pwordexp, value))
1492 goto no_space;
1493
1494 for (p = 2; __libc_argv[p + 1]; p++)
1495 {
1496 char *newword = __strdup (__libc_argv[p]);
1497 if (newword == NULL || w_addword (pwordexp, newword))
1498 goto no_space;
1499 }
1500
1501 /* Start a new word with the last parameter. */
1502 *word = w_newword (word_length, max_length);
1503 value = __libc_argv[p];
1504 }
1505 else
1506 {
1507 free (env);
1508 free (pattern);
1509 return 0;
1510 }
1511 }
1512 }
1513 else
1514 value = getenv (env);
1515
1516 if (value == NULL && (flags & WRDE_UNDEF))
1517 {
1518 /* Variable not defined. */
1519 error = WRDE_BADVAL;
1520 goto do_error;
1521 }
1522
1523 if (action != ACT_NONE)
1524 {
1525 int expand_pattern = 0;
1526
1527 /* First, find out if we need to expand pattern (i.e. if we will
1528 * use it). */
1529 switch (action)
1530 {
1531 case ACT_RP_SHORT_LEFT:
1532 case ACT_RP_LONG_LEFT:
1533 case ACT_RP_SHORT_RIGHT:
1534 case ACT_RP_LONG_RIGHT:
1535 /* Always expand for these. */
1536 expand_pattern = 1;
1537 break;
1538
1539 case ACT_NULL_ERROR:
1540 case ACT_NULL_SUBST:
1541 case ACT_NULL_ASSIGN:
1542 if (!value || (!*value && colon_seen))
1543 /* If param is unset, or set but null and a colon has been seen,
1544 the expansion of the pattern will be needed. */
1545 expand_pattern = 1;
1546
1547 break;
1548
1549 case ACT_NONNULL_SUBST:
1550 /* Expansion of word will be needed if parameter is set and not null,
1551 or set null but no colon has been seen. */
1552 if (value && (*value || !colon_seen))
1553 expand_pattern = 1;
1554
1555 break;
1556
1557 default:
1558 assert (! "Unrecognised action!");
1559 }
1560
1561 if (expand_pattern)
1562 {
1563 /* We need to perform tilde expansion, parameter expansion,
1564 command substitution, and arithmetic expansion. We also
1565 have to be a bit careful with wildcard characters, as
1566 pattern might be given to fnmatch soon. To do this, we
1567 convert quotes to escapes. */
1568
1569 char *expanded;
1570 size_t exp_len;
1571 size_t exp_maxl;
1572 char *p;
1573 int quoted = 0; /* 1: single quotes; 2: double */
1574
1575 expanded = w_newword (&exp_len, &exp_maxl);
1576 for (p = pattern; p && *p; p++)
1577 {
1578 size_t offset;
1579
1580 switch (*p)
1581 {
1582 case '"':
1583 if (quoted == 2)
1584 quoted = 0;
1585 else if (quoted == 0)
1586 quoted = 2;
1587 else break;
1588
1589 continue;
1590
1591 case '\'':
1592 if (quoted == 1)
1593 quoted = 0;
1594 else if (quoted == 0)
1595 quoted = 1;
1596 else break;
1597
1598 continue;
1599
1600 case '*':
1601 case '?':
1602 if (quoted)
1603 {
1604 /* Convert quoted wildchar to escaped wildchar. */
1605 expanded = w_addchar (expanded, &exp_len,
1606 &exp_maxl, '\\');
1607
1608 if (expanded == NULL)
1609 goto no_space;
1610 }
1611 break;
1612
1613 case '$':
1614 offset = 0;
1615 error = parse_dollars (&expanded, &exp_len, &exp_maxl, p,
1616 &offset, flags, NULL, NULL, NULL, 1);
1617 if (error)
1618 {
1619 if (free_value)
1620 free (value);
1621
1622 free (expanded);
1623
1624 goto do_error;
1625 }
1626
1627 p += offset;
1628 continue;
1629
1630 case '~':
1631 if (quoted || exp_len)
1632 break;
1633
1634 offset = 0;
1635 error = parse_tilde (&expanded, &exp_len, &exp_maxl, p,
1636 &offset, 0);
1637 if (error)
1638 {
1639 if (free_value)
1640 free (value);
1641
1642 free (expanded);
1643
1644 goto do_error;
1645 }
1646
1647 p += offset;
1648 continue;
1649
1650 case '\\':
1651 expanded = w_addchar (expanded, &exp_len, &exp_maxl, '\\');
1652 ++p;
1653 assert (*p); /* checked when extracted initially */
1654 if (expanded == NULL)
1655 goto no_space;
1656 }
1657
1658 expanded = w_addchar (expanded, &exp_len, &exp_maxl, *p);
1659
1660 if (expanded == NULL)
1661 goto no_space;
1662 }
1663
1664 free (pattern);
1665
1666 pattern = expanded;
1667 }
1668
1669 switch (action)
1670 {
1671 case ACT_RP_SHORT_LEFT:
1672 case ACT_RP_LONG_LEFT:
1673 case ACT_RP_SHORT_RIGHT:
1674 case ACT_RP_LONG_RIGHT:
1675 {
1676 char *p;
1677 char c;
1678 char *end;
1679
1680 if (value == NULL || pattern == NULL || *pattern == '\0')
1681 break;
1682
1683 end = value + strlen (value);
1684
1685 switch (action)
1686 {
1687 case ACT_RP_SHORT_LEFT:
1688 for (p = value; p <= end; ++p)
1689 {
1690 c = *p;
1691 *p = '\0';
1692 if (fnmatch (pattern, value, 0) != FNM_NOMATCH)
1693 {
1694 *p = c;
1695 if (free_value)
1696 {
1697 char *newval = __strdup (p);
1698 if (newval == NULL)
1699 {
1700 free (value);
1701 goto no_space;
1702 }
1703 free (value);
1704 value = newval;
1705 }
1706 else
1707 value = p;
1708 break;
1709 }
1710 *p = c;
1711 }
1712
1713 break;
1714
1715 case ACT_RP_LONG_LEFT:
1716 for (p = end; p >= value; --p)
1717 {
1718 c = *p;
1719 *p = '\0';
1720 if (fnmatch (pattern, value, 0) != FNM_NOMATCH)
1721 {
1722 *p = c;
1723 if (free_value)
1724 {
1725 char *newval = __strdup (p);
1726 if (newval == NULL)
1727 {
1728 free (value);
1729 goto no_space;
1730 }
1731 free (value);
1732 value = newval;
1733 }
1734 else
1735 value = p;
1736 break;
1737 }
1738 *p = c;
1739 }
1740
1741 break;
1742
1743 case ACT_RP_SHORT_RIGHT:
1744 for (p = end; p >= value; --p)
1745 {
1746 if (fnmatch (pattern, p, 0) != FNM_NOMATCH)
1747 {
1748 char *newval;
1749 newval = malloc (p - value + 1);
1750
1751 if (newval == NULL)
1752 {
1753 if (free_value)
1754 free (value);
1755 goto no_space;
1756 }
1757
1758 *(char *) __mempcpy (newval, value, p - value) = '\0';
1759 if (free_value)
1760 free (value);
1761 value = newval;
1762 free_value = 1;
1763 break;
1764 }
1765 }
1766
1767 break;
1768
1769 case ACT_RP_LONG_RIGHT:
1770 for (p = value; p <= end; ++p)
1771 {
1772 if (fnmatch (pattern, p, 0) != FNM_NOMATCH)
1773 {
1774 char *newval;
1775 newval = malloc (p - value + 1);
1776
1777 if (newval == NULL)
1778 {
1779 if (free_value)
1780 free (value);
1781 goto no_space;
1782 }
1783
1784 *(char *) __mempcpy (newval, value, p - value) = '\0';
1785 if (free_value)
1786 free (value);
1787 value = newval;
1788 free_value = 1;
1789 break;
1790 }
1791 }
1792
1793 break;
1794
1795 default:
1796 break;
1797 }
1798
1799 break;
1800 }
1801
1802 case ACT_NULL_ERROR:
1803 if (value && *value)
1804 /* Substitute parameter */
1805 break;
1806
1807 error = 0;
1808 if (!colon_seen && value)
1809 /* Substitute NULL */
1810 ;
1811 else
1812 {
1813 const char *str = pattern;
1814
1815 if (str[0] == '\0')
1816 str = _("parameter null or not set");
1817
1818 __fxprintf (NULL, "%s: %s\n", env, str);
1819 }
1820
1821 if (free_value)
1822 free (value);
1823 goto do_error;
1824
1825 case ACT_NULL_SUBST:
1826 if (value && *value)
1827 /* Substitute parameter */
1828 break;
1829
1830 if (free_value)
1831 free (value);
1832
1833 if (!colon_seen && value)
1834 /* Substitute NULL */
1835 goto success;
1836
1837 value = pattern ? __strdup (pattern) : pattern;
1838 free_value = 1;
1839
1840 if (pattern && !value)
1841 goto no_space;
1842
1843 break;
1844
1845 case ACT_NONNULL_SUBST:
1846 if (value && (*value || !colon_seen))
1847 {
1848 if (free_value)
1849 free (value);
1850
1851 value = pattern ? __strdup (pattern) : pattern;
1852 free_value = 1;
1853
1854 if (pattern && !value)
1855 goto no_space;
1856
1857 break;
1858 }
1859
1860 /* Substitute NULL */
1861 if (free_value)
1862 free (value);
1863 goto success;
1864
1865 case ACT_NULL_ASSIGN:
1866 if (value && *value)
1867 /* Substitute parameter */
1868 break;
1869
1870 if (!colon_seen && value)
1871 {
1872 /* Substitute NULL */
1873 if (free_value)
1874 free (value);
1875 goto success;
1876 }
1877
1878 if (free_value)
1879 free (value);
1880
1881 value = pattern ? __strdup (pattern) : pattern;
1882 free_value = 1;
1883
1884 if (pattern && !value)
1885 goto no_space;
1886
1887 __setenv (env, value ?: "", 1);
1888 break;
1889
1890 default:
1891 assert (! "Unrecognised action!");
1892 }
1893 }
1894
1895 free (env);
1896 env = NULL;
1897 free (pattern);
1898 pattern = NULL;
1899
1900 if (seen_hash)
1901 {
1902 char param_length[21];
1903 param_length[20] = '\0';
1904 *word = w_addstr (*word, word_length, max_length,
1905 _itoa_word (value ? strlen (value) : 0,
1906 &param_length[20], 10, 0));
1907 if (free_value)
1908 {
1909 assert (value != NULL);
1910 free (value);
1911 }
1912
1913 return *word ? 0 : WRDE_NOSPACE;
1914 }
1915
1916 if (value == NULL)
1917 return 0;
1918
1919 if (quoted || !pwordexp)
1920 {
1921 /* Quoted - no field split */
1922 *word = w_addstr (*word, word_length, max_length, value);
1923 if (free_value)
1924 free (value);
1925
1926 return *word ? 0 : WRDE_NOSPACE;
1927 }
1928 else
1929 {
1930 /* Need to field-split */
1931 char *value_copy = __strdup (value); /* Don't modify value */
1932 char *field_begin = value_copy;
1933 int seen_nonws_ifs = 0;
1934
1935 if (free_value)
1936 free (value);
1937
1938 if (value_copy == NULL)
1939 goto no_space;
1940
1941 do
1942 {
1943 char *field_end = field_begin;
1944 char *next_field;
1945
1946 /* If this isn't the first field, start a new word */
1947 if (field_begin != value_copy)
1948 {
1949 if (w_addword (pwordexp, *word) == WRDE_NOSPACE)
1950 {
1951 free (value_copy);
1952 goto no_space;
1953 }
1954
1955 *word = w_newword (word_length, max_length);
1956 }
1957
1958 /* Skip IFS whitespace before the field */
1959 field_begin += strspn (field_begin, ifs_white);
1960
1961 if (!seen_nonws_ifs && *field_begin == 0)
1962 /* Nothing but whitespace */
1963 break;
1964
1965 /* Search for the end of the field */
1966 field_end = field_begin + strcspn (field_begin, ifs);
1967
1968 /* Set up pointer to the character after end of field and
1969 skip whitespace IFS after it. */
1970 next_field = field_end + strspn (field_end, ifs_white);
1971
1972 /* Skip at most one non-whitespace IFS character after the field */
1973 seen_nonws_ifs = 0;
1974 if (*next_field && strchr (ifs, *next_field))
1975 {
1976 seen_nonws_ifs = 1;
1977 next_field++;
1978 }
1979
1980 /* Null-terminate it */
1981 *field_end = 0;
1982
1983 /* Tag a copy onto the current word */
1984 *word = w_addstr (*word, word_length, max_length, field_begin);
1985
1986 if (*word == NULL && *field_begin != '\0')
1987 {
1988 free (value_copy);
1989 goto no_space;
1990 }
1991
1992 field_begin = next_field;
1993 }
1994 while (seen_nonws_ifs || *field_begin);
1995
1996 free (value_copy);
1997 }
1998
1999 return 0;
2000
2001success:
2002 error = 0;
2003 goto do_error;
2004
2005no_space:
2006 error = WRDE_NOSPACE;
2007 goto do_error;
2008
2009syntax:
2010 error = WRDE_SYNTAX;
2011
2012do_error:
2013 free (env);
2014
2015 free (pattern);
2016
2017 return error;
2018}
2019
2020#undef CHAR_IN_SET
2021
2022static int
2023parse_dollars (char **word, size_t *word_length, size_t *max_length,
2024 const char *words, size_t *offset, int flags,
2025 wordexp_t *pwordexp, const char *ifs, const char *ifs_white,
2026 int quoted)
2027{
2028 /* We are poised _at_ "$" */
2029 switch (words[1 + *offset])
2030 {
2031 case '"':
2032 case '\'':
2033 case 0:
2034 *word = w_addchar (*word, word_length, max_length, '$');
2035 return *word ? 0 : WRDE_NOSPACE;
2036
2037 case '(':
2038 if (words[2 + *offset] == '(')
2039 {
2040 /* Differentiate between $((1+3)) and $((echo);(ls)) */
2041 int i = 3 + *offset;
2042 int depth = 0;
2043 while (words[i] && !(depth == 0 && words[i] == ')'))
2044 {
2045 if (words[i] == '(')
2046 ++depth;
2047 else if (words[i] == ')')
2048 --depth;
2049
2050 ++i;
2051 }
2052
2053 if (words[i] == ')' && words[i + 1] == ')')
2054 {
2055 (*offset) += 3;
2056 /* Call parse_arith -- 0 is for "no brackets" */
2057 return parse_arith (word, word_length, max_length, words, offset,
2058 flags, 0);
2059 }
2060 }
2061
2062 (*offset) += 2;
2063 return parse_comm (word, word_length, max_length, words, offset, flags,
2064 quoted? NULL : pwordexp, ifs, ifs_white);
2065
2066 case '[':
2067 (*offset) += 2;
2068 /* Call parse_arith -- 1 is for "brackets" */
2069 return parse_arith (word, word_length, max_length, words, offset, flags,
2070 1);
2071
2072 case '{':
2073 default:
2074 ++(*offset); /* parse_param needs to know if "{" is there */
2075 return parse_param (word, word_length, max_length, words, offset, flags,
2076 pwordexp, ifs, ifs_white, quoted);
2077 }
2078}
2079
2080static int
2081parse_backtick (char **word, size_t *word_length, size_t *max_length,
2082 const char *words, size_t *offset, int flags,
2083 wordexp_t *pwordexp, const char *ifs, const char *ifs_white)
2084{
2085 /* We are poised just after "`" */
2086 int error;
2087 int squoting = 0;
2088 size_t comm_length;
2089 size_t comm_maxlen;
2090 char *comm = w_newword (&comm_length, &comm_maxlen);
2091
2092 for (; words[*offset]; ++(*offset))
2093 {
2094 switch (words[*offset])
2095 {
2096 case '`':
2097 /* Go -- give the script to the shell */
2098 error = exec_comm (comm, word, word_length, max_length, flags,
2099 pwordexp, ifs, ifs_white);
2100 free (comm);
2101 return error;
2102
2103 case '\\':
2104 if (squoting)
2105 {
2106 error = parse_qtd_backslash (&comm, &comm_length, &comm_maxlen,
2107 words, offset);
2108
2109 if (error)
2110 {
2111 free (comm);
2112 return error;
2113 }
2114
2115 break;
2116 }
2117
2118 error = parse_backslash (&comm, &comm_length, &comm_maxlen, words,
2119 offset);
2120
2121 if (error)
2122 {
2123 free (comm);
2124 return error;
2125 }
2126
2127 break;
2128
2129 case '\'':
2130 squoting = 1 - squoting;
2131 /* Fall through. */
2132 default:
2133 comm = w_addchar (comm, &comm_length, &comm_maxlen, words[*offset]);
2134 if (comm == NULL)
2135 return WRDE_NOSPACE;
2136 }
2137 }
2138
2139 /* Premature end */
2140 free (comm);
2141 return WRDE_SYNTAX;
2142}
2143
2144static int
2145parse_dquote (char **word, size_t *word_length, size_t *max_length,
2146 const char *words, size_t *offset, int flags,
2147 wordexp_t *pwordexp, const char * ifs, const char * ifs_white)
2148{
2149 /* We are poised just after a double-quote */
2150 int error;
2151
2152 for (; words[*offset]; ++(*offset))
2153 {
2154 switch (words[*offset])
2155 {
2156 case '"':
2157 return 0;
2158
2159 case '$':
2160 error = parse_dollars (word, word_length, max_length, words, offset,
2161 flags, pwordexp, ifs, ifs_white, 1);
2162 /* The ``1'' here is to tell parse_dollars not to
2163 * split the fields. It may need to, however ("$@").
2164 */
2165 if (error)
2166 return error;
2167
2168 break;
2169
2170 case '`':
2171 ++(*offset);
2172 error = parse_backtick (word, word_length, max_length, words,
2173 offset, flags, NULL, NULL, NULL);
2174 /* The first NULL here is to tell parse_backtick not to
2175 * split the fields.
2176 */
2177 if (error)
2178 return error;
2179
2180 break;
2181
2182 case '\\':
2183 error = parse_qtd_backslash (word, word_length, max_length, words,
2184 offset);
2185
2186 if (error)
2187 return error;
2188
2189 break;
2190
2191 default:
2192 *word = w_addchar (*word, word_length, max_length, words[*offset]);
2193 if (*word == NULL)
2194 return WRDE_NOSPACE;
2195 }
2196 }
2197
2198 /* Unterminated string */
2199 return WRDE_SYNTAX;
2200}
2201
2202/*
2203 * wordfree() is to be called after pwordexp is finished with.
2204 */
2205
2206void
2207wordfree (wordexp_t *pwordexp)
2208{
2209
2210 /* wordexp can set pwordexp to NULL */
2211 if (pwordexp && pwordexp->we_wordv)
2212 {
2213 char **wordv = pwordexp->we_wordv;
2214
2215 for (wordv += pwordexp->we_offs; *wordv; ++wordv)
2216 free (*wordv);
2217
2218 free (pwordexp->we_wordv);
2219 pwordexp->we_wordv = NULL;
2220 }
2221}
2222libc_hidden_def (wordfree)
2223
2224/*
2225 * wordexp()
2226 */
2227
2228int
2229wordexp (const char *words, wordexp_t *pwordexp, int flags)
2230{
2231 size_t words_offset;
2232 size_t word_length;
2233 size_t max_length;
2234 char *word = w_newword (&word_length, &max_length);
2235 int error;
2236 char *ifs;
2237 char ifs_white[4];
2238 wordexp_t old_word = *pwordexp;
2239
2240 if (flags & WRDE_REUSE)
2241 {
2242 /* Minimal implementation of WRDE_REUSE for now */
2243 wordfree (pwordexp);
2244 old_word.we_wordv = NULL;
2245 }
2246
2247 if ((flags & WRDE_APPEND) == 0)
2248 {
2249 pwordexp->we_wordc = 0;
2250
2251 if (flags & WRDE_DOOFFS)
2252 {
2253 pwordexp->we_wordv = calloc (1 + pwordexp->we_offs, sizeof (char *));
2254 if (pwordexp->we_wordv == NULL)
2255 {
2256 error = WRDE_NOSPACE;
2257 goto do_error;
2258 }
2259 }
2260 else
2261 {
2262 pwordexp->we_wordv = calloc (1, sizeof (char *));
2263 if (pwordexp->we_wordv == NULL)
2264 {
2265 error = WRDE_NOSPACE;
2266 goto do_error;
2267 }
2268
2269 pwordexp->we_offs = 0;
2270 }
2271 }
2272
2273 /* Find out what the field separators are.
2274 * There are two types: whitespace and non-whitespace.
2275 */
2276 ifs = getenv ("IFS");
2277
2278 if (ifs == NULL)
2279 /* IFS unset - use <space><tab><newline>. */
2280 ifs = strcpy (ifs_white, " \t\n");
2281 else
2282 {
2283 char *ifsch = ifs;
2284 char *whch = ifs_white;
2285
2286 while (*ifsch != '\0')
2287 {
2288 if (*ifsch == ' ' || *ifsch == '\t' || *ifsch == '\n')
2289 {
2290 /* Whitespace IFS. See first whether it is already in our
2291 collection. */
2292 char *runp = ifs_white;
2293
2294 while (runp < whch && *runp != *ifsch)
2295 ++runp;
2296
2297 if (runp == whch)
2298 *whch++ = *ifsch;
2299 }
2300
2301 ++ifsch;
2302 }
2303 *whch = '\0';
2304 }
2305
2306 for (words_offset = 0 ; words[words_offset] ; ++words_offset)
2307 switch (words[words_offset])
2308 {
2309 case '\\':
2310 error = parse_backslash (&word, &word_length, &max_length, words,
2311 &words_offset);
2312
2313 if (error)
2314 goto do_error;
2315
2316 break;
2317
2318 case '$':
2319 error = parse_dollars (&word, &word_length, &max_length, words,
2320 &words_offset, flags, pwordexp, ifs, ifs_white,
2321 0);
2322
2323 if (error)
2324 goto do_error;
2325
2326 break;
2327
2328 case '`':
2329 ++words_offset;
2330 error = parse_backtick (&word, &word_length, &max_length, words,
2331 &words_offset, flags, pwordexp, ifs,
2332 ifs_white);
2333
2334 if (error)
2335 goto do_error;
2336
2337 break;
2338
2339 case '"':
2340 ++words_offset;
2341 error = parse_dquote (&word, &word_length, &max_length, words,
2342 &words_offset, flags, pwordexp, ifs, ifs_white);
2343
2344 if (error)
2345 goto do_error;
2346
2347 if (!word_length)
2348 {
2349 error = w_addword (pwordexp, NULL);
2350
2351 if (error)
2352 return error;
2353 }
2354
2355 break;
2356
2357 case '\'':
2358 ++words_offset;
2359 error = parse_squote (&word, &word_length, &max_length, words,
2360 &words_offset);
2361
2362 if (error)
2363 goto do_error;
2364
2365 if (!word_length)
2366 {
2367 error = w_addword (pwordexp, NULL);
2368
2369 if (error)
2370 return error;
2371 }
2372
2373 break;
2374
2375 case '~':
2376 error = parse_tilde (&word, &word_length, &max_length, words,
2377 &words_offset, pwordexp->we_wordc);
2378
2379 if (error)
2380 goto do_error;
2381
2382 break;
2383
2384 case '*':
2385 case '[':
2386 case '?':
2387 error = parse_glob (&word, &word_length, &max_length, words,
2388 &words_offset, flags, pwordexp, ifs, ifs_white);
2389
2390 if (error)
2391 goto do_error;
2392
2393 break;
2394
2395 default:
2396 /* Is it a word separator? */
2397 if (strchr (" \t", words[words_offset]) == NULL)
2398 {
2399 char ch = words[words_offset];
2400
2401 /* Not a word separator -- but is it a valid word char? */
2402 if (strchr ("\n|&;<>(){}", ch))
2403 {
2404 /* Fail */
2405 error = WRDE_BADCHAR;
2406 goto do_error;
2407 }
2408
2409 /* "Ordinary" character -- add it to word */
2410 word = w_addchar (word, &word_length, &max_length,
2411 ch);
2412 if (word == NULL)
2413 {
2414 error = WRDE_NOSPACE;
2415 goto do_error;
2416 }
2417
2418 break;
2419 }
2420
2421 /* If a word has been delimited, add it to the list. */
2422 if (word != NULL)
2423 {
2424 error = w_addword (pwordexp, word);
2425 if (error)
2426 goto do_error;
2427 }
2428
2429 word = w_newword (&word_length, &max_length);
2430 }
2431
2432 /* End of string */
2433
2434 /* There was a word separator at the end */
2435 if (word == NULL) /* i.e. w_newword */
2436 return 0;
2437
2438 /* There was no field separator at the end */
2439 return w_addword (pwordexp, word);
2440
2441do_error:
2442 /* Error:
2443 * free memory used (unless error is WRDE_NOSPACE), and
2444 * set pwordexp members back to what they were.
2445 */
2446
2447 free (word);
2448
2449 if (error == WRDE_NOSPACE)
2450 return WRDE_NOSPACE;
2451
2452 if ((flags & WRDE_APPEND) == 0)
2453 wordfree (pwordexp);
2454
2455 *pwordexp = old_word;
2456 return error;
2457}
2458