1
/*
2
 * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.  Oracle designates this
8
 * particular file as subject to the "Classpath" exception as provided
9
 * by Oracle in the LICENSE file that accompanied this code.
10
 *
11
 * This code is distributed in the hope that it will be useful, but WITHOUT
12
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14
 * version 2 for more details (a copy is included in the LICENSE file that
15
 * accompanied this code).
16
 *
17
 * You should have received a copy of the GNU General Public License version
18
 * 2 along with this work; if not, write to the Free Software Foundation,
19
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20
 *
21
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22
 * or visit www.oracle.com if you need additional information or have any
23
 * questions.
24
 */
25

26
/*
27
 * Pathname canonicalization for Win32 file systems
28
 */
29

30
#include <stdio.h>
31
#include <stdlib.h>
32
#include <string.h>
33
#include <ctype.h>
34
#include <assert.h>
35
#include <sys/stat.h>
36

37
#include <windows.h>
38
#include <winbase.h>
39
#include <errno.h>
40
#include "io_util_md.h"
41

42
#undef DEBUG_PATH        /* Define this to debug path code */
43

44
#define isfilesep(c) ((c) == '/' || (c) == '\\')
45
#define wisfilesep(c) ((c) == L'/' || (c) == L'\\')
46
#define islb(c)      (IsDBCSLeadByte((BYTE)(c)))
47

48

49
/* Copy bytes to dst, not going past dend; return dst + number of bytes copied,
50
   or NULL if dend would have been exceeded.  If first != '\0', copy that byte
51
   before copying bytes from src to send - 1. */
52

53
static char *
54
cp(char *dst, char *dend, char first, char *src, char *send)
55
{
56
    char *p = src, *q = dst;
57
    if (first != '\0') {
58
        if (q < dend) {
59
            *q++ = first;
60
        } else {
61
            errno = ENAMETOOLONG;
62
            return NULL;
63
        }
64
    }
65
    if (send - p > dend - q) {
66
        errno = ENAMETOOLONG;
67
        return NULL;
68
    }
69
    while (p < send) {
70
        *q++ = *p++;
71
    }
72
    return q;
73
}
74

75
/* Wide character version of cp */
76

77
static WCHAR*
78
wcp(WCHAR *dst, WCHAR *dend, WCHAR first, WCHAR *src, WCHAR *send)
79
{
80
    WCHAR *p = src, *q = dst;
81
    if (first != L'\0') {
82
        if (q < dend) {
83
            *q++ = first;
84
        } else {
85
            errno = ENAMETOOLONG;
86
            return NULL;
87
        }
88
    }
89
    if (send - p > dend - q) {
90
        errno = ENAMETOOLONG;
91
        return NULL;
92
    }
93
    while (p < send)
94
        *q++ = *p++;
95
    return q;
96
}
97

98

99
/* Find first instance of '\\' at or following start.  Return the address of
100
   that byte or the address of the null terminator if '\\' is not found. */
101

102
static char *
103
nextsep(char *start)
104
{
105
    char *p = start;
106
    int c;
107
    while ((c = *p) && (c != '\\')) {
108
        p += ((islb(c) && p[1]) ? 2 : 1);
109
    }
110
    return p;
111
}
112

113
/* Wide character version of nextsep */
114

115
static WCHAR *
116
wnextsep(WCHAR *start)
117
{
118
    WCHAR *p = start;
119
    int c;
120
    while ((c = *p) && (c != L'\\'))
121
        p++;
122
    return p;
123
}
124

125
/* Tell whether the given string contains any wildcard characters */
126

127
static int
128
wild(char *start)
129
{
130
    char *p = start;
131
    int c;
132
    while (c = *p) {
133
        if ((c == '*') || (c == '?')) return 1;
134
        p += ((islb(c) && p[1]) ? 2 : 1);
135
    }
136
    return 0;
137
}
138

139
/* Wide character version of wild */
140

141
static int
142
wwild(WCHAR *start)
143
{
144
    WCHAR *p = start;
145
    int c;
146
    while (c = *p) {
147
        if ((c == L'*') || (c == L'?'))
148
            return 1;
149
        p++;
150
    }
151
    return 0;
152
}
153

154
/* Tell whether the given string contains prohibited combinations of dots.
155
   In the canonicalized form no path element may have dots at its end.
156
   Allowed canonical paths: c:\xa...dksd\..ksa\.lk    c:\...a\.b\cd..x.x
157
   Prohibited canonical paths: c:\..\x  c:\x.\d c:\...
158
*/
159
static int
160
dots(char *start)
161
{
162
    char *p = start;
163
    while (*p) {
164
        if ((p = strchr(p, '.')) == NULL) // find next occurrence of '.'
165
            return 0; // no more dots
166
        p++; // next char
167
        while ((*p) == '.') // go to the end of dots
168
            p++;
169
        if (*p && (*p != '\\')) // path element does not end with a dot
170
            p++; // go to the next char
171
        else
172
            return 1; // path element does end with a dot - prohibited
173
    }
174
    return 0; // no prohibited combinations of dots found
175
}
176

177
/* Wide character version of dots */
178
static int
179
wdots(WCHAR *start)
180
{
181
    WCHAR *p = start;
182
    // Skip "\\.\" prefix
183
    if (wcslen(p) > 4 && !wcsncmp(p, L"\\\\.\\", 4))
184
        p = p + 4;
185

186
    while (*p) {
187
        if ((p = wcschr(p, L'.')) == NULL) // find next occurrence of '.'
188
            return 0; // no more dots
189
        p++; // next char
190
        while ((*p) == L'.') // go to the end of dots
191
            p++;
192
        if (*p && (*p != L'\\')) // path element does not end with a dot
193
            p++; // go to the next char
194
        else
195
            return 1; // path element does end with a dot - prohibited
196
    }
197
    return 0; // no prohibited combinations of dots found
198
}
199

200
/* If the lookup of a particular prefix fails because the file does not exist,
201
   because it is of the wrong type, because access is denied, or because the
202
   network is unreachable then canonicalization does not fail, it terminates
203
   successfully after copying the rest of the original path to the result path.
204
   Other I/O errors cause an error return.
205
*/
206

207
int
208
lastErrorReportable()
209
{
210
    DWORD errval = GetLastError();
211
    if ((errval == ERROR_FILE_NOT_FOUND)
212
        || (errval == ERROR_DIRECTORY)
213
        || (errval == ERROR_PATH_NOT_FOUND)
214
        || (errval == ERROR_BAD_NETPATH)
215
        || (errval == ERROR_BAD_NET_NAME)
216
        || (errval == ERROR_ACCESS_DENIED)
217
        || (errval == ERROR_NETWORK_UNREACHABLE)
218
        || (errval == ERROR_NETWORK_ACCESS_DENIED)) {
219
        return 0;
220
    }
221

222
#ifdef DEBUG_PATH
223
    jio_fprintf(stderr, "canonicalize: errval %d\n", errval);
224
#endif
225
    return 1;
226
}
227

228
/* Convert a pathname to canonical form.  The input orig_path is assumed to
229
   have been converted to native form already, via JVM_NativePath().  This is
230
   necessary because _fullpath() rejects duplicate separator characters on
231
   Win95, though it accepts them on NT. */
232

233
int
234
canonicalize(char *orig_path, char *result, int size)
235
{
236
    WIN32_FIND_DATA fd;
237
    HANDLE h;
238
    char path[1024];    /* Working copy of path */
239
    char *src, *dst, *dend;
240

241
    /* Reject paths that contain wildcards */
242
    if (wild(orig_path)) {
243
        errno = EINVAL;
244
        return -1;
245
    }
246

247
    /* Collapse instances of "foo\.." and ensure absoluteness.  Note that
248
       contrary to the documentation, the _fullpath procedure does not require
249
       the drive to be available.  It also does not reliably change all
250
       occurrences of '/' to '\\' on Win95, so now JVM_NativePath does that. */
251
    if(!_fullpath(path, orig_path, sizeof(path))) {
252
        return -1;
253
    }
254

255
    /* Correction for Win95: _fullpath may leave a trailing "\\"
256
       on a UNC pathname */
257
    if ((path[0] == '\\') && (path[1] == '\\')) {
258
        char *p = path + strlen(path);
259
        if ((p[-1] == '\\') && !islb(p[-2])) {
260
            p[-1] = '\0';
261
        }
262
    }
263

264
    if (dots(path)) /* Check for prohibited combinations of dots */
265
        return -1;
266

267
    src = path;            /* Start scanning here */
268
    dst = result;        /* Place results here */
269
    dend = dst + size;        /* Don't go to or past here */
270

271
    /* Copy prefix, assuming path is absolute */
272
    if (isalpha(src[0]) && (src[1] == ':') && (src[2] == '\\')) {
273
        /* Drive specifier */
274
        *src = toupper(*src);    /* Canonicalize drive letter */
275
        if (!(dst = cp(dst, dend, '\0', src, src + 2))) {
276
            return -1;
277
        }
278
        src += 2;
279
    } else if ((src[0] == '\\') && (src[1] == '\\')) {
280
        /* UNC pathname */
281
        char *p;
282
        p = nextsep(src + 2);    /* Skip past host name */
283
        if (!*p) {
284
        /* A UNC pathname must begin with "\\\\host\\share",
285
           so reject this path as invalid if there is no share name */
286
            errno = EINVAL;
287
            return -1;
288
    }
289
    p = nextsep(p + 1);    /* Skip past share name */
290
    if (!(dst = cp(dst, dend, '\0', src, p))) {
291
        return -1;
292
    }
293
    src = p;
294
    } else {
295
        /* Invalid path */
296
        errno = EINVAL;
297
        return -1;
298
    }
299

300
    /* Windows 95/98/Me bug - FindFirstFile fails on network mounted drives */
301
    /* for root pathes like "E:\" . If the path has this form, we should  */
302
    /* simply return it, it is already canonicalized. */
303
    if (strlen(path) == 3 && path[1] == ':' && path[2] == '\\') {
304
        /* At this point we have already copied the drive specifier ("z:")*/
305
        /* so we need to copy "\" and the null character. */
306
        result[2] = '\\';
307
        result[3] = '\0';
308
        return 0;
309
    }
310

311
    /* At this point we have copied either a drive specifier ("z:") or a UNC
312
       prefix ("\\\\host\\share") to the result buffer, and src points to the
313
       first byte of the remainder of the path.  We now scan through the rest
314
       of the path, looking up each prefix in order to find the true name of
315
       the last element of each prefix, thereby computing the full true name of
316
       the original path. */
317
    while (*src) {
318
        char *p = nextsep(src + 1);    /* Find next separator */
319
        char c = *p;
320
        assert(*src == '\\');        /* Invariant */
321
        *p = '\0';            /* Temporarily clear separator */
322
        h = FindFirstFile(path, &fd);    /* Look up prefix */
323
        *p = c;                /* Restore separator */
324
        if (h != INVALID_HANDLE_VALUE) {
325
            /* Lookup succeeded; append true name to result and continue */
326
            FindClose(h);
327
            if (!(dst = cp(dst, dend, '\\',
328
                           fd.cFileName,
329
                           fd.cFileName + strlen(fd.cFileName)))) {
330
                return -1;
331
            }
332
            src = p;
333
            continue;
334
        } else {
335
            if (!lastErrorReportable()) {
336
                if (!(dst = cp(dst, dend, '\0', src, src + strlen(src)))) {
337
                    return -1;
338
                }
339
                break;
340
            } else {
341
                return -1;
342
            }
343
        }
344
    }
345

346
    if (dst >= dend) {
347
    errno = ENAMETOOLONG;
348
    return -1;
349
    }
350
    *dst = '\0';
351
    return 0;
352

353
}
354

355

356
/* Convert a pathname to canonical form.  The input prefix is assumed
357
   to be in canonical form already, and the trailing filename must not
358
   contain any wildcard, dot/double dot, or other "tricky" characters
359
   that are rejected by the canonicalize() routine above.  This
360
   routine is present to allow the canonicalization prefix cache to be
361
   used while still returning canonical names with the correct
362
   capitalization. */
363

364
int
365
canonicalizeWithPrefix(char* canonicalPrefix, char* pathWithCanonicalPrefix, char *result, int size)
366
{
367
    WIN32_FIND_DATA fd;
368
    HANDLE h;
369
    char *src, *dst, *dend;
370

371
    src = pathWithCanonicalPrefix;
372
    dst = result;        /* Place results here */
373
    dend = dst + size;   /* Don't go to or past here */
374

375
    h = FindFirstFile(pathWithCanonicalPrefix, &fd);    /* Look up file */
376
    if (h != INVALID_HANDLE_VALUE) {
377
        /* Lookup succeeded; concatenate true name to prefix */
378
        FindClose(h);
379
        if (!(dst = cp(dst, dend, '\0',
380
                       canonicalPrefix,
381
                       canonicalPrefix + strlen(canonicalPrefix)))) {
382
            return -1;
383
        }
384
        if (!(dst = cp(dst, dend, '\\',
385
                       fd.cFileName,
386
                       fd.cFileName + strlen(fd.cFileName)))) {
387
            return -1;
388
        }
389
    } else {
390
        if (!lastErrorReportable()) {
391
            if (!(dst = cp(dst, dend, '\0', src, src + strlen(src)))) {
392
                return -1;
393
            }
394
        } else {
395
            return -1;
396
        }
397
    }
398

399
    if (dst >= dend) {
400
        errno = ENAMETOOLONG;
401
        return -1;
402
    }
403
    *dst = '\0';
404
    return 0;
405
}
406

407

408
/* Wide character version of canonicalize. Size is a wide-character size. */
409

410
int
411
wcanonicalize(WCHAR *orig_path, WCHAR *result, int size)
412
{
413
    WIN32_FIND_DATAW fd;
414
    HANDLE h;
415
    WCHAR *path;    /* Working copy of path */
416
    WCHAR *src, *dst, *dend, c;
417

418
    /* Reject paths that contain wildcards */
419
    if (wwild(orig_path)) {
420
        errno = EINVAL;
421
        return -1;
422
    }
423

424
    if ((path = (WCHAR*)malloc(size * sizeof(WCHAR))) == NULL)
425
        return -1;
426

427
    /* Collapse instances of "foo\.." and ensure absoluteness.  Note that
428
       contrary to the documentation, the _fullpath procedure does not require
429
       the drive to be available.  */
430
    if(!_wfullpath(path, orig_path, size)) {
431
        goto err;
432
    }
433

434
    if (wdots(path)) /* Check for prohibited combinations of dots */
435
        goto err;
436

437
    src = path;            /* Start scanning here */
438
    dst = result;        /* Place results here */
439
    dend = dst + size;        /* Don't go to or past here */
440

441
    /* Copy prefix, assuming path is absolute */
442
    c = src[0];
443
    if (((c <= L'z' && c >= L'a') || (c <= L'Z' && c >= L'A'))
444
       && (src[1] == L':') && (src[2] == L'\\')) {
445
        /* Drive specifier */
446
        *src = towupper(*src);    /* Canonicalize drive letter */
447
        if (!(dst = wcp(dst, dend, L'\0', src, src + 2))) {
448
            goto err;
449
        }
450

451
        src += 2;
452
    } else if ((src[0] == L'\\') && (src[1] == L'\\')) {
453
        /* UNC pathname */
454
        WCHAR *p;
455
        p = wnextsep(src + 2);    /* Skip past host name */
456
        if (!*p) {
457
            /* A UNC pathname must begin with "\\\\host\\share",
458
               so reject this path as invalid if there is no share name */
459
            errno = EINVAL;
460
            goto err;
461
        }
462
        p = wnextsep(p + 1);    /* Skip past share name */
463
        if (!(dst = wcp(dst, dend, L'\0', src, p)))
464
            goto err;
465
        src = p;
466
    } else {
467
        /* Invalid path */
468
        errno = EINVAL;
469
        goto err;
470
    }
471
    /* At this point we have copied either a drive specifier ("z:") or a UNC
472
       prefix ("\\\\host\\share") to the result buffer, and src points to the
473
       first byte of the remainder of the path.  We now scan through the rest
474
       of the path, looking up each prefix in order to find the true name of
475
       the last element of each prefix, thereby computing the full true name of
476
       the original path. */
477
    while (*src) {
478
        WCHAR *p = wnextsep(src + 1);    /* Find next separator */
479
        WCHAR c = *p;
480
        WCHAR *pathbuf;
481
        int pathlen;
482

483
        assert(*src == L'\\');        /* Invariant */
484
        *p = L'\0';            /* Temporarily clear separator */
485

486
        if ((pathlen = (int)wcslen(path)) > MAX_PATH - 1) {
487
            pathbuf = getPrefixed(path, pathlen);
488
            h = FindFirstFileW(pathbuf, &fd);    /* Look up prefix */
489
            free(pathbuf);
490
        } else
491
            h = FindFirstFileW(path, &fd);    /* Look up prefix */
492

493
        *p = c;                /* Restore separator */
494
        if (h != INVALID_HANDLE_VALUE) {
495
            /* Lookup succeeded; append true name to result and continue */
496
            FindClose(h);
497
            if (!(dst = wcp(dst, dend, L'\\', fd.cFileName,
498
                            fd.cFileName + wcslen(fd.cFileName)))){
499
                goto err;
500
            }
501
            src = p;
502
            continue;
503
        } else {
504
            if (!lastErrorReportable()) {
505
               if (!(dst = wcp(dst, dend, L'\0', src, src + wcslen(src)))){
506
                   goto err;
507
               }
508
                break;
509
            } else {
510
                goto err;
511
            }
512
        }
513
    }
514

515
    if (dst >= dend) {
516
    errno = ENAMETOOLONG;
517
        goto err;
518
    }
519
    *dst = L'\0';
520
    free(path);
521
    return 0;
522

523
 err:
524
    free(path);
525
    return -1;
526
}
527

528

529
/* Wide character version of canonicalizeWithPrefix. */
530

531
int
532
wcanonicalizeWithPrefix(WCHAR *canonicalPrefix, WCHAR *pathWithCanonicalPrefix, WCHAR *result, int size)
533
{
534
    WIN32_FIND_DATAW fd;
535
    HANDLE h;
536
    WCHAR *src, *dst, *dend;
537
    WCHAR *pathbuf;
538
    int pathlen;
539

540
    src = pathWithCanonicalPrefix;
541
    dst = result;        /* Place results here */
542
    dend = dst + size;   /* Don't go to or past here */
543

544

545
    if ((pathlen=(int)wcslen(pathWithCanonicalPrefix)) > MAX_PATH - 1) {
546
        pathbuf = getPrefixed(pathWithCanonicalPrefix, pathlen);
547
        h = FindFirstFileW(pathbuf, &fd);    /* Look up prefix */
548
        free(pathbuf);
549
    } else
550
        h = FindFirstFileW(pathWithCanonicalPrefix, &fd);    /* Look up prefix */
551
    if (h != INVALID_HANDLE_VALUE) {
552
        /* Lookup succeeded; append true name to result and continue */
553
        FindClose(h);
554
        if (!(dst = wcp(dst, dend, L'\0',
555
                        canonicalPrefix,
556
                        canonicalPrefix + wcslen(canonicalPrefix)))) {
557
            return -1;
558
        }
559
        if (!(dst = wcp(dst, dend, L'\\',
560
                        fd.cFileName,
561
                        fd.cFileName + wcslen(fd.cFileName)))) {
562
            return -1;
563
        }
564
    } else {
565
        if (!lastErrorReportable()) {
566
            if (!(dst = wcp(dst, dend, L'\0', src, src + wcslen(src)))) {
567
                return -1;
568
            }
569
        } else {
570
            return -1;
571
        }
572
    }
573

574
    if (dst >= dend) {
575
        errno = ENAMETOOLONG;
576
        return -1;
577
    }
578
    *dst = L'\0';
579
    return 0;
580
}
581

582

583
/* The appropriate location of getPrefixed() should be io_util_md.c, but
584
   java.lang.instrument package has hardwired canonicalize_md.c into their
585
   dll, to avoid complicate solution such as including io_util_md.c into
586
   that package, as a workaround we put this method here.
587
 */
588

589
/* copy \\?\ or \\?\UNC\ to the front of path*/
590
WCHAR*
591
getPrefixed(const WCHAR* path, int pathlen) {
592
    WCHAR* pathbuf = (WCHAR*)malloc((pathlen + 10) * sizeof (WCHAR));
593
    if (pathbuf != 0) {
594
        if (path[0] == L'\\' && path[1] == L'\\') {
595
            if (path[2] == L'?' && path[3] == L'\\'){
596
                /* if it already has a \\?\ don't do the prefix */
597
                wcscpy(pathbuf, path );
598
            } else {
599
                /* only UNC pathname includes double slashes here */
600
                wcscpy(pathbuf, L"\\\\?\\UNC\0");
601
                wcscat(pathbuf, path + 1);
602
            }
603
        } else {
604
            wcscpy(pathbuf, L"\\\\?\\\0");
605
            wcscat(pathbuf, path );
606
        }
607
    }
608
    return pathbuf;
609
}
610

611