X-Git-Url: https://git.cameronkatri.com/mandoc.git/blobdiff_plain/a28faa272ac76185bf26ae465660f613bdac74c7..8eb0cfe199b90872bf8e9411ce6d59e3de0b9418:/mandocdb.c diff --git a/mandocdb.c b/mandocdb.c index a74d40a2..b3e34d05 100644 --- a/mandocdb.c +++ b/mandocdb.c @@ -1,4 +1,4 @@ -/* $Id: mandocdb.c,v 1.139 2014/04/19 02:30:19 schwarze Exp $ */ +/* $Id: mandocdb.c,v 1.153 2014/06/21 16:18:25 schwarze Exp $ */ /* * Copyright (c) 2011, 2012 Kristaps Dzonsons * Copyright (c) 2011, 2012, 2013, 2014 Ingo Schwarze @@ -145,8 +145,8 @@ static int dbopen(int); static void dbprune(void); static void filescan(const char *); static void *hash_alloc(size_t, void *); -static void hash_free(void *, size_t, void *); -static void *hash_halloc(size_t, void *); +static void hash_free(void *, void *); +static void *hash_calloc(size_t, size_t, void *); static void mlink_add(struct mlink *, const struct stat *); static void mlink_check(struct mpage *, struct mlink *); static void mlink_free(struct mlink *); @@ -180,12 +180,12 @@ static char tempfilename[32]; static char *progname; static int nodb; /* no database changes */ static int mparse_options; /* abort the parse early */ -static int use_all; /* use all found files */ -static int debug; /* print what we're doing */ -static int warnings; /* warn about crap */ +static int use_all; /* use all found files */ +static int debug; /* print what we're doing */ +static int warnings; /* warn about crap */ static int write_utf8; /* write UTF-8 output; else ASCII */ static int exitcode; /* to be returned by main */ -static enum op op; /* operational mode */ +static enum op op; /* operational mode */ static char basedir[PATH_MAX]; /* current base directory */ static struct ohash mpages; /* table of distinct manual pages */ static struct ohash mlinks; /* table of directory entries */ @@ -320,6 +320,7 @@ static const struct mdoc_handler mdocs[MDOC_MAX] = { { NULL, 0 }, /* Ta */ }; + int main(int argc, char *argv[]) { @@ -335,8 +336,8 @@ main(int argc, char *argv[]) memset(&dirs, 0, sizeof(struct manpaths)); mpages_info.alloc = mlinks_info.alloc = hash_alloc; - mpages_info.halloc = mlinks_info.halloc = hash_halloc; - mpages_info.hfree = mlinks_info.hfree = hash_free; + mpages_info.calloc = mlinks_info.calloc = hash_calloc; + mpages_info.free = mlinks_info.free = hash_free; mpages_info.key_offset = offsetof(struct mpage, inodev); mlinks_info.key_offset = offsetof(struct mlink, file); @@ -348,13 +349,14 @@ main(int argc, char *argv[]) ++progname; /* - * We accept a few different invocations. + * We accept a few different invocations. * The CHECKOP macro makes sure that invocation styles don't * clobber each other. */ #define CHECKOP(_op, _ch) do \ if (OP_DEFAULT != (_op)) { \ - fprintf(stderr, "-%c: Conflicting option\n", (_ch)); \ + fprintf(stderr, "%s: -%c: Conflicting option\n", \ + progname, (_ch)); \ goto usage; \ } while (/*CONSTCOND*/0) @@ -363,51 +365,52 @@ main(int argc, char *argv[]) while (-1 != (ch = getopt(argc, argv, "aC:Dd:npQT:tu:v"))) switch (ch) { - case ('a'): + case 'a': use_all = 1; break; - case ('C'): + case 'C': CHECKOP(op, ch); path_arg = optarg; op = OP_CONFFILE; break; - case ('D'): + case 'D': debug++; break; - case ('d'): + case 'd': CHECKOP(op, ch); path_arg = optarg; op = OP_UPDATE; break; - case ('n'): + case 'n': nodb = 1; break; - case ('p'): + case 'p': warnings = 1; break; - case ('Q'): + case 'Q': mparse_options |= MPARSE_QUICK; break; - case ('T'): + case 'T': if (strcmp(optarg, "utf8")) { - fprintf(stderr, "-T%s: Unsupported " - "output format\n", optarg); + fprintf(stderr, "%s: -T%s: " + "Unsupported output format\n", + progname, optarg); goto usage; } write_utf8 = 1; break; - case ('t'): + case 't': CHECKOP(op, ch); dup2(STDOUT_FILENO, STDERR_FILENO); op = OP_TEST; nodb = warnings = 1; break; - case ('u'): + case 'u': CHECKOP(op, ch); path_arg = optarg; op = OP_DELETE; break; - case ('v'): + case 'v': /* Compatibility with espie@'s makewhatis. */ break; default: @@ -418,7 +421,8 @@ main(int argc, char *argv[]) argv += optind; if (OP_CONFFILE == op && argc > 0) { - fprintf(stderr, "-C: Too many arguments\n"); + fprintf(stderr, "%s: -C: Too many arguments\n", + progname); goto usage; } @@ -430,19 +434,20 @@ main(int argc, char *argv[]) ohash_init(&mlinks, 6, &mlinks_info); if (OP_UPDATE == op || OP_DELETE == op || OP_TEST == op) { - /* - * Force processing all files. - */ - use_all = 1; /* - * All of these deal with a specific directory. - * Jump into that directory then collect files specified - * on the command-line. + * Most of these deal with a specific directory. + * Jump into that directory first. */ - if (0 == set_basedir(path_arg)) + if (OP_TEST != op && 0 == set_basedir(path_arg)) goto out; + if (dbopen(1)) { + /* + * The existing database is usable. Process + * all files specified on the command-line. + */ + use_all = 1; for (i = 0; i < argc; i++) filescan(argv[i]); if (OP_TEST != op) @@ -452,6 +457,7 @@ main(int argc, char *argv[]) * Database missing or corrupt. * Recreate from scratch. */ + exitcode = (int)MANDOCLEVEL_OK; op = OP_DEFAULT; if (0 == treescan()) goto out; @@ -468,8 +474,8 @@ main(int argc, char *argv[]) * manpath_parse() wants to do it. */ if (argc > 0) { - dirs.paths = mandoc_calloc - (argc, sizeof(char *)); + dirs.paths = mandoc_reallocarray(NULL, + argc, sizeof(char *)); dirs.sz = (size_t)argc; for (i = 0; i < argc; i++) dirs.paths[i] = mandoc_strdup(argv[i]); @@ -503,13 +509,11 @@ main(int argc, char *argv[]) goto out; if (0 == treescan()) goto out; - if (0 == set_basedir(dirs.paths[j])) - goto out; if (0 == dbopen(0)) goto out; mpages_merge(mc, mp); - if (warnings && + if (warnings && !nodb && ! (MPARSE_QUICK & mparse_options)) names_check(); dbclose(0); @@ -522,7 +526,6 @@ main(int argc, char *argv[]) } } out: - set_basedir(NULL); manpath_free(&dirs); mchars_free(mc); mparse_free(mp); @@ -536,7 +539,7 @@ usage: " %s [-DnpQ] [-Tutf8] -d dir [file ...]\n" " %s [-Dnp] -u dir [file ...]\n" " %s [-Q] -t file ...\n", - progname, progname, progname, + progname, progname, progname, progname, progname); return((int)MANDOCLEVEL_BADARG); @@ -550,7 +553,7 @@ usage: * If use_all has been specified, grok all files. * If not, sanitise paths to the following: * - * [./]man*[/]/.
+ * [./]man*[/]/.
* or * [./]cat
[/]/.0 * @@ -590,7 +593,7 @@ treescan(void) * Symbolic links require various sanity checks, * then get handled just like regular files. */ - case (FTS_SL): + case FTS_SL: if (NULL == realpath(path, buf)) { if (warnings) say(path, "&realpath"); @@ -613,7 +616,7 @@ treescan(void) * If we're a regular file, add an mlink by using the * stored directory data and handling the filename. */ - case (FTS_F): + case FTS_F: if (0 == strcmp(path, MANDOC_DB)) continue; if ( ! use_all && ff->fts_level < 2) { @@ -660,7 +663,13 @@ treescan(void) fsec[-1] = '\0'; mlink = mandoc_calloc(1, sizeof(struct mlink)); - strlcpy(mlink->file, path, sizeof(mlink->file)); + if (strlcpy(mlink->file, path, + sizeof(mlink->file)) >= + sizeof(mlink->file)) { + say(path, "Filename too long"); + free(mlink); + continue; + } mlink->dform = dform; mlink->dsec = dsec; mlink->arch = arch; @@ -670,9 +679,9 @@ treescan(void) mlink_add(mlink, ff->fts_statp); continue; - case (FTS_D): + case FTS_D: /* FALLTHROUGH */ - case (FTS_DP): + case FTS_DP: break; default: @@ -682,10 +691,10 @@ treescan(void) } switch (ff->fts_level) { - case (0): + case 0: /* Ignore the root directory. */ break; - case (1): + case 1: /* * This might contain manX/ or catX/. * Try to infer this from the name. @@ -706,14 +715,14 @@ treescan(void) dsec = NULL; } - if (NULL != dsec || use_all) + if (NULL != dsec || use_all) break; if (warnings) say(path, "Unknown directory part"); fts_set(f, ff, FTS_SKIP); break; - case (2): + case 2: /* * Possibly our architecture. * If we're descending, keep tabs on it. @@ -745,7 +754,7 @@ treescan(void) * Try to infer the manual section, architecture, and page name from the * path, assuming it looks like * - * [./]man*[/]/.
+ * [./]man*[/]/.
* or * [./]cat
[/]/.0 * @@ -791,10 +800,10 @@ filescan(const char *file) return; } - if (strstr(buf, basedir) == buf) - start = buf + strlen(basedir) + 1; - else if (OP_TEST == op) + if (OP_TEST == op) start = buf; + else if (strstr(buf, basedir) == buf) + start = buf + strlen(basedir); else { exitcode = (int)MANDOCLEVEL_BADARG; say("", "%s: outside base directory", buf); @@ -816,13 +825,21 @@ filescan(const char *file) say(file, "&stat"); return; } - strlcpy(buf, file, sizeof(buf)); - start = strstr(buf, basedir) == buf ? - buf + strlen(basedir) + 1 : buf; + if (strlcpy(buf, file, sizeof(buf)) >= sizeof(buf)) { + say(file, "Filename too long"); + return; + } + start = buf; + if (OP_TEST != op && strstr(buf, basedir) == buf) + start += strlen(basedir); } mlink = mandoc_calloc(1, sizeof(struct mlink)); - strlcpy(mlink->file, start, sizeof(mlink->file)); + if (strlcpy(mlink->file, start, sizeof(mlink->file)) >= + sizeof(mlink->file)) { + say(start, "Filename too long"); + return; + } /* * First try to guess our directory structure. @@ -970,19 +987,15 @@ mlinks_undupe(struct mpage *mpage) mpage->form = FORM_NONE; goto nextlink; } - if (strlcpy(buf, mlink->file, PATH_MAX) >= PATH_MAX) { - if (warnings) - say(mlink->file, "Filename too long"); - goto nextlink; - } + (void)strlcpy(buf, mlink->file, sizeof(buf)); bufp = strstr(buf, "cat"); assert(NULL != bufp); memcpy(bufp, "man", 3); if (NULL != (bufp = strrchr(buf, '.'))) *++bufp = '\0'; - strlcat(buf, mlink->dsec, PATH_MAX); + (void)strlcat(buf, mlink->dsec, sizeof(buf)); if (NULL == ohash_find(&mlinks, - ohash_qlookup(&mlinks, buf))) + ohash_qlookup(&mlinks, buf))) goto nextlink; if (warnings) say(mlink->file, "Man source exists: %s", buf); @@ -1078,8 +1091,8 @@ mpages_merge(struct mchars *mc, struct mparse *mp) enum mandoclevel lvl; str_info.alloc = hash_alloc; - str_info.halloc = hash_halloc; - str_info.hfree = hash_free; + str_info.calloc = hash_calloc; + str_info.free = hash_free; str_info.key_offset = offsetof(struct str, key); if (0 == nodb) @@ -1111,14 +1124,14 @@ mpages_merge(struct mchars *mc, struct mparse *mp) goto nextpage; } switch (child_pid = fork()) { - case (-1): + case -1: exitcode = (int)MANDOCLEVEL_SYSERR; say(mpage->mlinks->file, "&fork gunzip"); child_pid = 0; close(fd[1]); close(fd[0]); goto nextpage; - case (0): + case 0: close(fd[0]); if (-1 == dup2(fd[1], STDOUT_FILENO)) { say(mpage->mlinks->file, @@ -1284,7 +1297,8 @@ names_check(void) "AND mlinks.name == names.name" ")" ") JOIN (" - "SELECT * FROM mlinks GROUP BY pageid" + "SELECT sec, arch, name, pageid FROM mlinks " + "GROUP BY pageid" ") USING (pageid);", -1, &stmt, NULL); @@ -1333,7 +1347,7 @@ parse_cat(struct mpage *mpage, int fd) while (NULL != (line = fgetln(stream, &len))) if ('\n' != *line && ' ' != *line) break; - + /* * Read up until the next section into a buffer. * Strip the leading and trailing newline from each read line, @@ -1403,7 +1417,7 @@ parse_cat(struct mpage *mpage, int fd) if (0 == len) { memmove(line, line + 1, plen--); continue; - } + } memmove(line - 1, line + 1, plen - len); plen -= 2; } @@ -1467,11 +1481,11 @@ parse_man(struct mpage *mpage, const struct man_node *n) body = n; assert(body->parent); if (NULL != (head = body->parent->head) && - 1 == head->nchild && - NULL != (head = (head->child)) && - MAN_TEXT == head->type && - 0 == strcmp(head->string, "NAME") && - NULL != body->child) { + 1 == head->nchild && + NULL != (head = (head->child)) && + MAN_TEXT == head->type && + 0 == strcmp(head->string, "NAME") && + NULL != body->child) { /* * Suck the entire NAME section into memory. @@ -1485,7 +1499,7 @@ parse_man(struct mpage *mpage, const struct man_node *n) if (NULL == title) return; - /* + /* * Go through a special heuristic dance here. * Conventionally, one or more manual names are * comma-specified prior to a whitespace, then a @@ -1567,15 +1581,15 @@ parse_mdoc(struct mpage *mpage, const struct mdoc_node *n) assert(NULL != n); for (n = n->child; NULL != n; n = n->next) { switch (n->type) { - case (MDOC_ELEM): + case MDOC_ELEM: /* FALLTHROUGH */ - case (MDOC_BLOCK): + case MDOC_BLOCK: /* FALLTHROUGH */ - case (MDOC_HEAD): + case MDOC_HEAD: /* FALLTHROUGH */ - case (MDOC_BODY): + case MDOC_BODY: /* FALLTHROUGH */ - case (MDOC_TAIL): + case MDOC_TAIL: if (NULL != mdocs[n->tok].fp) if (0 == (*mdocs[n->tok].fp)(mpage, n)) break; @@ -1599,8 +1613,8 @@ parse_mdoc_Fd(struct mpage *mpage, const struct mdoc_node *n) size_t sz; if (SEC_SYNOPSIS != n->sec || - NULL == (n = n->child) || - MDOC_TEXT != n->type) + NULL == (n = n->child) || + MDOC_TEXT != n->type) return(0); /* @@ -1643,11 +1657,11 @@ parse_mdoc_Fn(struct mpage *mpage, const struct mdoc_node *n) if (NULL == (n = n->child) || MDOC_TEXT != n->type) return(0); - /* + /* * Parse: .Fn "struct type *name" "char *arg". - * First strip away pointer symbol. + * First strip away pointer symbol. * Then store the function name, then type. - * Finally, store the arguments. + * Finally, store the arguments. */ if (NULL == (cp = strrchr(n->string, ' '))) @@ -1771,7 +1785,7 @@ putkeys(const struct mpage *mpage, s->mask |= v; return; } else if (NULL == s) { - s = mandoc_calloc(sizeof(struct str) + sz + 1, 1); + s = mandoc_calloc(1, sizeof(struct str) + sz + 1); memcpy(s->key, cp, sz); ohash_insert(htab, slot, s); } @@ -1864,7 +1878,7 @@ render_key(struct mchars *mc, struct str *key) if (strcspn(val, res) == bsz) { key->rendered = key->key; return; - } + } /* Pre-allocate by the length of the input */ @@ -1884,17 +1898,17 @@ render_key(struct mchars *mc, struct str *key) } switch (*val) { - case (ASCII_HYPH): + case ASCII_HYPH: buf[pos++] = '-'; val++; continue; - case ('\t'): + case '\t': /* FALLTHROUGH */ - case (ASCII_NBRSP): + case ASCII_NBRSP: buf[pos++] = ' '; val++; /* FALLTHROUGH */ - case (ASCII_BREAK): + case ASCII_BREAK: continue; default: break; @@ -1911,8 +1925,8 @@ render_key(struct mchars *mc, struct str *key) * predefined character or special character. */ - esc = mandoc_escape - ((const char **)&val, &seq, &len); + esc = mandoc_escape((const char **)&val, + &seq, &len); if (ESCAPE_ERROR == esc) break; if (ESCAPE_SPECIAL != esc) @@ -1983,6 +1997,20 @@ dbadd(struct mpage *mpage, struct mchars *mc) mlink = mpage->mlinks; if (nodb) { + for (key = ohash_first(&names, &slot); NULL != key; + key = ohash_next(&names, &slot)) { + if (key->rendered != key->key) + free(key->rendered); + free(key); + } + for (key = ohash_first(&strings, &slot); NULL != key; + key = ohash_next(&strings, &slot)) { + if (key->rendered != key->key) + free(key->rendered); + free(key); + } + if (0 == debug) + return; while (NULL != mlink) { fputs(mlink->name, stdout); if (NULL == mlink->next || @@ -2009,13 +2037,22 @@ dbadd(struct mpage *mpage, struct mchars *mc) if (debug) say(mlink->file, "Adding to database"); + i = strlen(mpage->desc) + 1; + key = mandoc_calloc(1, sizeof(struct str) + i); + memcpy(key->key, mpage->desc, i); + render_key(mc, key); + i = 1; - SQL_BIND_TEXT(stmts[STMT_INSERT_PAGE], i, mpage->desc); + SQL_BIND_TEXT(stmts[STMT_INSERT_PAGE], i, key->rendered); SQL_BIND_INT(stmts[STMT_INSERT_PAGE], i, FORM_SRC == mpage->form); SQL_STEP(stmts[STMT_INSERT_PAGE]); mpage->pageid = sqlite3_last_insert_rowid(db); sqlite3_reset(stmts[STMT_INSERT_PAGE]); + if (key->rendered != key->key) + free(key->rendered); + free(key); + while (NULL != mlink) { dbadd_mlink(mlink); mlink = mlink->next; @@ -2123,11 +2160,11 @@ dbclose(int real) } switch (child = fork()) { - case (-1): + case -1: exitcode = (int)MANDOCLEVEL_SYSERR; say("", "&fork cmp"); return; - case (0): + case 0: execlp("cmp", "cmp", "-s", tempfilename, MANDOC_DB, NULL); say("", "&exec cmp"); @@ -2149,11 +2186,11 @@ dbclose(int real) *strrchr(tempfilename, '/') = '\0'; switch (child = fork()) { - case (-1): + case -1: exitcode = (int)MANDOCLEVEL_SYSERR; say("", "&fork rm"); return; - case (0): + case 0: execlp("rm", "rm", "-rf", tempfilename, NULL); say("", "&exec rm"); exit((int)MANDOCLEVEL_SYSERR); @@ -2184,7 +2221,7 @@ dbopen(int real) const char *sql; int rc, ofl; - if (nodb) + if (nodb) return(1); *tempfilename = '\0'; @@ -2194,7 +2231,8 @@ dbopen(int real) rc = sqlite3_open_v2(MANDOC_DB, &db, ofl, NULL); if (SQLITE_OK != rc) { exitcode = (int)MANDOCLEVEL_SYSERR; - say(MANDOC_DB, "%s", sqlite3_errmsg(db)); + if (SQLITE_CANTOPEN != rc) + say(MANDOC_DB, "%s", sqlite3_errstr(rc)); return(0); } goto prepare_statements; @@ -2204,36 +2242,27 @@ dbopen(int real) remove(MANDOC_DB "~"); rc = sqlite3_open_v2(MANDOC_DB "~", &db, ofl, NULL); - if (SQLITE_OK == rc) + if (SQLITE_OK == rc) goto create_tables; if (MPARSE_QUICK & mparse_options) { exitcode = (int)MANDOCLEVEL_SYSERR; - say(MANDOC_DB "~", "%s", sqlite3_errmsg(db)); + say(MANDOC_DB "~", "%s", sqlite3_errstr(rc)); return(0); } - if (strlcpy(tempfilename, "/tmp/mandocdb.XXXXXX", - sizeof(tempfilename)) >= sizeof(tempfilename)) { - exitcode = (int)MANDOCLEVEL_SYSERR; - say("", "/tmp/mandocdb.XXXXXX: Filename too long"); - return(0); - } + (void)strlcpy(tempfilename, "/tmp/mandocdb.XXXXXX", + sizeof(tempfilename)); if (NULL == mkdtemp(tempfilename)) { exitcode = (int)MANDOCLEVEL_SYSERR; say("", "&%s", tempfilename); return(0); } - if (strlcat(tempfilename, "/" MANDOC_DB, - sizeof(tempfilename)) >= sizeof(tempfilename)) { - exitcode = (int)MANDOCLEVEL_SYSERR; - say("", "%s/" MANDOC_DB ": Filename too long", - tempfilename); - return(0); - } + (void)strlcat(tempfilename, "/" MANDOC_DB, + sizeof(tempfilename)); rc = sqlite3_open_v2(tempfilename, &db, ofl, NULL); if (SQLITE_OK != rc) { exitcode = (int)MANDOCLEVEL_SYSERR; - say("", "%s: %s", tempfilename, sqlite3_errmsg(db)); + say("", "%s: %s", tempfilename, sqlite3_errstr(rc)); return(0); } @@ -2271,11 +2300,20 @@ create_tables: if (SQLITE_OK != sqlite3_exec(db, sql, NULL, NULL, NULL)) { exitcode = (int)MANDOCLEVEL_SYSERR; say(MANDOC_DB, "%s", sqlite3_errmsg(db)); + sqlite3_close(db); return(0); } prepare_statements: - SQL_EXEC("PRAGMA foreign_keys = ON"); + if (SQLITE_OK != sqlite3_exec(db, + "PRAGMA foreign_keys = ON", NULL, NULL, NULL)) { + exitcode = (int)MANDOCLEVEL_SYSERR; + say(MANDOC_DB, "PRAGMA foreign_keys: %s", + sqlite3_errmsg(db)); + sqlite3_close(db); + return(0); + } + sql = "DELETE FROM mpages WHERE pageid IN " "(SELECT pageid FROM mlinks WHERE " "sec=? AND arch=? AND name=?)"; @@ -2299,18 +2337,24 @@ prepare_statements: * synchronous mode for much better performance. */ - if (real) - SQL_EXEC("PRAGMA synchronous = OFF"); + if (real && SQLITE_OK != sqlite3_exec(db, + "PRAGMA synchronous = OFF", NULL, NULL, NULL)) { + exitcode = (int)MANDOCLEVEL_SYSERR; + say(MANDOC_DB, "PRAGMA synchronous: %s", + sqlite3_errmsg(db)); + sqlite3_close(db); + return(0); + } #endif return(1); } static void * -hash_halloc(size_t sz, void *arg) +hash_calloc(size_t n, size_t sz, void *arg) { - return(mandoc_calloc(sz, 1)); + return(mandoc_calloc(n, sz)); } static void * @@ -2321,7 +2365,7 @@ hash_alloc(size_t sz, void *arg) } static void -hash_free(void *p, size_t sz, void *arg) +hash_free(void *p, void *arg) { free(p); @@ -2331,45 +2375,56 @@ static int set_basedir(const char *targetdir) { static char startdir[PATH_MAX]; - static int fd; + static int getcwd_status; /* 1 = ok, 2 = failure */ + static int chdir_status; /* 1 = changed directory */ + char *cp; /* - * Remember where we started by keeping a fd open to the origin - * path component: throughout this utility, we chdir() a lot to - * handle relative paths, and by doing this, we can return to - * the starting point. + * Remember the original working directory, if possible. + * This will be needed if the second or a later directory + * on the command line is given as a relative path. + * Do not error out if the current directory is not + * searchable: Maybe it won't be needed after all. */ - if ('\0' == *startdir) { - if (NULL == getcwd(startdir, PATH_MAX)) { - exitcode = (int)MANDOCLEVEL_SYSERR; - if (NULL != targetdir) - say("", "&getcwd"); - return(0); - } - if (-1 == (fd = open(startdir, O_RDONLY, 0))) { + if (0 == getcwd_status) { + if (NULL == getcwd(startdir, sizeof(startdir))) { + getcwd_status = 2; + (void)strlcpy(startdir, strerror(errno), + sizeof(startdir)); + } else + getcwd_status = 1; + } + + /* + * We are leaving the old base directory. + * Do not use it any longer, not even for messages. + */ + *basedir = '\0'; + + /* + * If and only if the directory was changed earlier and + * the next directory to process is given as a relative path, + * first go back, or bail out if that is impossible. + */ + if (chdir_status && '/' != *targetdir) { + if (2 == getcwd_status) { exitcode = (int)MANDOCLEVEL_SYSERR; - say("", "&open %s", startdir); + say("", "getcwd: %s", startdir); return(0); } - if (NULL == targetdir) - targetdir = startdir; - } else { - if (-1 == fd) - return(0); - if (-1 == fchdir(fd)) { - close(fd); - basedir[0] = '\0'; + if (-1 == chdir(startdir)) { exitcode = (int)MANDOCLEVEL_SYSERR; say("", "&chdir %s", startdir); return(0); } - if (NULL == targetdir) { - close(fd); - return(1); - } } + + /* + * Always resolve basedir to the canonicalized absolute + * pathname and append a trailing slash, such that + * we can reliably check whether files are inside. + */ if (NULL == realpath(targetdir, basedir)) { - basedir[0] = '\0'; exitcode = (int)MANDOCLEVEL_BADARG; say("", "&%s: realpath", targetdir); return(0); @@ -2378,6 +2433,17 @@ set_basedir(const char *targetdir) say("", "&chdir"); return(0); } + chdir_status = 1; + cp = strchr(basedir, '\0'); + if ('/' != cp[-1]) { + if (cp - basedir >= PATH_MAX - 1) { + exitcode = (int)MANDOCLEVEL_SYSERR; + say("", "Filename too long"); + return(0); + } + *cp++ = '/'; + *cp = '\0'; + } return(1); } @@ -2390,17 +2456,17 @@ say(const char *file, const char *format, ...) if ('\0' != *basedir) fprintf(stderr, "%s", basedir); if ('\0' != *basedir && '\0' != *file) - fputs("//", stderr); + fputc('/', stderr); if ('\0' != *file) fprintf(stderr, "%s", file); use_errno = 1; if (NULL != format) { switch (*format) { - case ('&'): + case '&': format++; break; - case ('\0'): + case '\0': format = NULL; break; default: