Home | History | Annotate | Download | only in lib 
      1 /***************************************************************************
      2  *                                  _   _ ____  _
      3  *  Project                     ___| | | |  _ \| |
      4  *                             / __| | | | |_) | |
      5  *                            | (__| |_| |  _ <| |___
      6  *                             \___|\___/|_| \_\_____|
      7  *
      8  * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel (at) haxx.se>, et al.
      9  *
     10  * This software is licensed as described in the file COPYING, which
     11  * you should have received as part of this distribution. The terms
     12  * are also available at https://curl.haxx.se/docs/copyright.html.
     13  *
     14  * You may opt to use, copy, modify, merge, publish, distribute and/or sell
     15  * copies of the Software, and permit persons to whom the Software is
     16  * furnished to do so, under the terms of the COPYING file.
     17  *
     18  * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
     19  * KIND, either express or implied.
     20  *
     21  ***************************************************************************/
     22 
     23 #include "curl_setup.h"
     24 
     25 #include <curl/curl.h>
     26 #include "curl_memory.h"
     27 #include "curl_path.h"
     28 #include "escape.h"
     29 #include "memdebug.h"
     30 
     31 /* figure out the path to work with in this particular request */
     32 CURLcode Curl_getworkingpath(struct connectdata *conn,
     33                              char *homedir,  /* when SFTP is used */
     34                              char **path) /* returns the  allocated
     35                                              real path to work with */
     36 {
     37   struct Curl_easy *data = conn->data;
     38   char *real_path = NULL;
     39   char *working_path;
     40   size_t working_path_len;
     41   CURLcode result =
     42     Curl_urldecode(data, data->state.path, 0, &working_path,
     43                    &working_path_len, FALSE);
     44   if(result)
     45     return result;
     46 
     47   /* Check for /~/, indicating relative to the user's home directory */
     48   if(conn->handler->protocol & CURLPROTO_SCP) {
     49     real_path = malloc(working_path_len + 1);
     50     if(real_path == NULL) {
     51       free(working_path);
     52       return CURLE_OUT_OF_MEMORY;
     53     }
     54     if((working_path_len > 3) && (!memcmp(working_path, "/~/", 3)))
     55       /* It is referenced to the home directory, so strip the leading '/~/' */
     56       memcpy(real_path, working_path + 3, 4 + working_path_len-3);
     57     else
     58       memcpy(real_path, working_path, 1 + working_path_len);
     59   }
     60   else if(conn->handler->protocol & CURLPROTO_SFTP) {
     61     if((working_path_len > 1) && (working_path[1] == '~')) {
     62       size_t homelen = strlen(homedir);
     63       real_path = malloc(homelen + working_path_len + 1);
     64       if(real_path == NULL) {
     65         free(working_path);
     66         return CURLE_OUT_OF_MEMORY;
     67       }
     68       /* It is referenced to the home directory, so strip the
     69          leading '/' */
     70       memcpy(real_path, homedir, homelen);
     71       real_path[homelen] = '/';
     72       real_path[homelen + 1] = '\0';
     73       if(working_path_len > 3) {
     74         memcpy(real_path + homelen + 1, working_path + 3,
     75                1 + working_path_len -3);
     76       }
     77     }
     78     else {
     79       real_path = malloc(working_path_len + 1);
     80       if(real_path == NULL) {
     81         free(working_path);
     82         return CURLE_OUT_OF_MEMORY;
     83       }
     84       memcpy(real_path, working_path, 1 + working_path_len);
     85     }
     86   }
     87 
     88   free(working_path);
     89 
     90   /* store the pointer for the caller to receive */
     91   *path = real_path;
     92 
     93   return CURLE_OK;
     94 }
     95 
     96 /* The get_pathname() function is being borrowed from OpenSSH sftp.c
     97    version 4.6p1. */
     98 /*
     99  * Copyright (c) 2001-2004 Damien Miller <djm (at) openbsd.org>
    100  *
    101  * Permission to use, copy, modify, and distribute this software for any
    102  * purpose with or without fee is hereby granted, provided that the above
    103  * copyright notice and this permission notice appear in all copies.
    104  *
    105  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
    106  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
    107  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
    108  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
    109  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
    110  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
    111  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
    112  */
    113 CURLcode Curl_get_pathname(const char **cpp, char **path, char *homedir)
    114 {
    115   const char *cp = *cpp, *end;
    116   char quot;
    117   unsigned int i, j;
    118   size_t fullPathLength, pathLength;
    119   bool relativePath = false;
    120   static const char WHITESPACE[] = " \t\r\n";
    121 
    122   if(!*cp) {
    123     *cpp = NULL;
    124     *path = NULL;
    125     return CURLE_QUOTE_ERROR;
    126   }
    127   /* Ignore leading whitespace */
    128   cp += strspn(cp, WHITESPACE);
    129   /* Allocate enough space for home directory and filename + separator */
    130   fullPathLength = strlen(cp) + strlen(homedir) + 2;
    131   *path = malloc(fullPathLength);
    132   if(*path == NULL)
    133     return CURLE_OUT_OF_MEMORY;
    134 
    135   /* Check for quoted filenames */
    136   if(*cp == '\"' || *cp == '\'') {
    137     quot = *cp++;
    138 
    139     /* Search for terminating quote, unescape some chars */
    140     for(i = j = 0; i <= strlen(cp); i++) {
    141       if(cp[i] == quot) {  /* Found quote */
    142         i++;
    143         (*path)[j] = '\0';
    144         break;
    145       }
    146       if(cp[i] == '\0') {  /* End of string */
    147         /*error("Unterminated quote");*/
    148         goto fail;
    149       }
    150       if(cp[i] == '\\') {  /* Escaped characters */
    151         i++;
    152         if(cp[i] != '\'' && cp[i] != '\"' &&
    153             cp[i] != '\\') {
    154           /*error("Bad escaped character '\\%c'",
    155               cp[i]);*/
    156           goto fail;
    157         }
    158       }
    159       (*path)[j++] = cp[i];
    160     }
    161 
    162     if(j == 0) {
    163       /*error("Empty quotes");*/
    164       goto fail;
    165     }
    166     *cpp = cp + i + strspn(cp + i, WHITESPACE);
    167   }
    168   else {
    169     /* Read to end of filename - either to white space or terminator */
    170     end = strpbrk(cp, WHITESPACE);
    171     if(end == NULL)
    172       end = strchr(cp, '\0');
    173     /* return pointer to second parameter if it exists */
    174     *cpp = end + strspn(end, WHITESPACE);
    175     pathLength = 0;
    176     relativePath = (cp[0] == '/' && cp[1] == '~' && cp[2] == '/');
    177     /* Handling for relative path - prepend home directory */
    178     if(relativePath) {
    179       strcpy(*path, homedir);
    180       pathLength = strlen(homedir);
    181       (*path)[pathLength++] = '/';
    182       (*path)[pathLength] = '\0';
    183       cp += 3;
    184     }
    185     /* Copy path name up until first "white space" */
    186     memcpy(&(*path)[pathLength], cp, (int)(end - cp));
    187     pathLength += (int)(end - cp);
    188     (*path)[pathLength] = '\0';
    189   }
    190   return CURLE_OK;
    191 
    192   fail:
    193   Curl_safefree(*path);
    194   return CURLE_QUOTE_ERROR;
    195 }
    196