mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-27 11:20:58 +01:00
ac1e4103b9
fields in FTS and FTSENT structs being too narrow. In addition, the narrow types creep from there into fts.c. As a result, fts(3) consumers, e.g., find(1) or rm(1), can't handle file trees an ordinary user can create, which can have security implications. To fix the historic implementation of fts(3), OpenBSD and NetBSD have already changed <fts.h> in somewhat incompatible ways, so we are free to do so, too. This change is a superset of changes from the other BSDs with a few more improvements. It doesn't touch fts(3) functionality; it just extends integer types used by it to match modern reality and the C standard. Here are its points: o For C object sizes, use size_t unless it's 100% certain that the object will be really small. (Note that fts(3) can construct pathnames _much_ longer than PATH_MAX for its consumers.) o Avoid the short types because on modern platforms using them results in larger and slower code. Change shorts to ints as follows: - For variables than count simple, limited things like states, use plain vanilla `int' as it's the type of choice in C. - For a limited number of bit flags use `unsigned' because signed bit-wise operations are implementation-defined, i.e., unportable, in C. o For things that should be at least 64 bits wide, use long long and not int64_t, as the latter is an optional type. See FTSENT.fts_number aka FTS.fts_bignum. Extending fts_number `to satisfy future needs' is pointless because there is fts_pointer, which can be used to link to arbitrary data from an FTSENT. However, there already are fts(3) consumers that require fts_number, or fts_bignum, have at least 64 bits in it, so we must allow for them. o For the tree depth, use `long'. This is a trade-off between making this field too wide and allowing for 64-bit inode numbers and/or chain-mounted filesystems. On the one hand, `long' is almost enough for 32-bit filesystems on a 32-bit platform (our ino_t is uint32_t now). On the other hand, platforms with a 64-bit (or wider) `long' will be ready for 64-bit inode numbers, as well as for several 32-bit filesystems mounted one under another. Note that fts_level has to be signed because -1 is a magic value for it, FTS_ROOTPARENTLEVEL. o For the `nlinks' local var in fts_build(), use `long'. The logic in fts_build() requires that `nlinks' be signed, but our nlink_t currently is uint16_t. Therefore let's make the signed var wide enough to be able to represent 2^16-1 in pure C99, and even 2^32-1 on a 64-bit platform. Perhaps the logic should be changed just to use nlink_t, but it can be done later w/o breaking fts(3) ABI any more because `nlinks' is just a local var. This commit also inludes supporting stuff for the fts change: o Preserve the old versions of fts(3) functions through libc symbol versioning because the old versions appeared in all our former releases. o Bump __FreeBSD_version just in case. There is a small chance that some ill-written 3-rd party apps may fail to build or work correctly if compiled after this change. o Update the fts(3) manpage accordingly. In particular, remove references to fts_bignum, which was a FreeBSD-specific hack to work around the too narrow types of FTSENT members. Now fts_number is at least 64 bits wide (long long) and fts_bignum is an undocumented alias for fts_number kept around for compatibility reasons. According to Google Code Search, the only big consumers of fts_bignum are in our own source tree, so they can be fixed easily to use fts_number. o Mention the change in src/UPDATING. PR: bin/104458 Approved by: re (quite a while ago) Discussed with: deischen (the symbol versioning part) Reviewed by: -arch (mostly silence); das (generally OK, but we didn't agree on some types used; assuming that no objections on -arch let me to stick to my opinion)
139 lines
5.6 KiB
C
139 lines
5.6 KiB
C
/*
|
|
* Copyright (c) 1989, 1993
|
|
* The Regents of the University of California. All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
* must display the following acknowledgement:
|
|
* This product includes software developed by the University of
|
|
* California, Berkeley and its contributors.
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
* may be used to endorse or promote products derived from this software
|
|
* without specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*
|
|
* @(#)fts.h 8.3 (Berkeley) 8/14/94
|
|
* $FreeBSD$
|
|
*/
|
|
|
|
#ifndef _FTS_H_
|
|
#define _FTS_H_
|
|
|
|
typedef struct {
|
|
struct _ftsent *fts_cur; /* current node */
|
|
struct _ftsent *fts_child; /* linked list of children */
|
|
struct _ftsent **fts_array; /* sort array */
|
|
dev_t fts_dev; /* starting device # */
|
|
char *fts_path; /* path for this descent */
|
|
int fts_rfd; /* fd for root */
|
|
size_t fts_pathlen; /* sizeof(path) */
|
|
size_t fts_nitems; /* elements in the sort array */
|
|
int (*fts_compar) /* compare function */
|
|
(const struct _ftsent * const *, const struct _ftsent * const *);
|
|
|
|
#define FTS_COMFOLLOW 0x001 /* follow command line symlinks */
|
|
#define FTS_LOGICAL 0x002 /* logical walk */
|
|
#define FTS_NOCHDIR 0x004 /* don't change directories */
|
|
#define FTS_NOSTAT 0x008 /* don't get stat info */
|
|
#define FTS_PHYSICAL 0x010 /* physical walk */
|
|
#define FTS_SEEDOT 0x020 /* return dot and dot-dot */
|
|
#define FTS_XDEV 0x040 /* don't cross devices */
|
|
#define FTS_WHITEOUT 0x080 /* return whiteout information */
|
|
#define FTS_OPTIONMASK 0x0ff /* valid user option mask */
|
|
|
|
#define FTS_NAMEONLY 0x100 /* (private) child names only */
|
|
#define FTS_STOP 0x200 /* (private) unrecoverable error */
|
|
int fts_options; /* fts_open options, global flags */
|
|
void *fts_clientptr; /* thunk for sort function */
|
|
} FTS;
|
|
|
|
typedef struct _ftsent {
|
|
struct _ftsent *fts_cycle; /* cycle node */
|
|
struct _ftsent *fts_parent; /* parent directory */
|
|
struct _ftsent *fts_link; /* next file in directory */
|
|
long long fts_number; /* local numeric value */
|
|
#define fts_bignum fts_number /* XXX non-std, should go away */
|
|
void *fts_pointer; /* local address value */
|
|
char *fts_accpath; /* access path */
|
|
char *fts_path; /* root path */
|
|
int fts_errno; /* errno for this node */
|
|
int fts_symfd; /* fd for symlink */
|
|
size_t fts_pathlen; /* strlen(fts_path) */
|
|
size_t fts_namelen; /* strlen(fts_name) */
|
|
|
|
ino_t fts_ino; /* inode */
|
|
dev_t fts_dev; /* device */
|
|
nlink_t fts_nlink; /* link count */
|
|
|
|
#define FTS_ROOTPARENTLEVEL -1
|
|
#define FTS_ROOTLEVEL 0
|
|
long fts_level; /* depth (-1 to N) */
|
|
|
|
#define FTS_D 1 /* preorder directory */
|
|
#define FTS_DC 2 /* directory that causes cycles */
|
|
#define FTS_DEFAULT 3 /* none of the above */
|
|
#define FTS_DNR 4 /* unreadable directory */
|
|
#define FTS_DOT 5 /* dot or dot-dot */
|
|
#define FTS_DP 6 /* postorder directory */
|
|
#define FTS_ERR 7 /* error; errno is set */
|
|
#define FTS_F 8 /* regular file */
|
|
#define FTS_INIT 9 /* initialized only */
|
|
#define FTS_NS 10 /* stat(2) failed */
|
|
#define FTS_NSOK 11 /* no stat(2) requested */
|
|
#define FTS_SL 12 /* symbolic link */
|
|
#define FTS_SLNONE 13 /* symbolic link without target */
|
|
#define FTS_W 14 /* whiteout object */
|
|
int fts_info; /* user status for FTSENT structure */
|
|
|
|
#define FTS_DONTCHDIR 0x01 /* don't chdir .. to the parent */
|
|
#define FTS_SYMFOLLOW 0x02 /* followed a symlink to get here */
|
|
#define FTS_ISW 0x04 /* this is a whiteout object */
|
|
unsigned fts_flags; /* private flags for FTSENT structure */
|
|
|
|
#define FTS_AGAIN 1 /* read node again */
|
|
#define FTS_FOLLOW 2 /* follow symbolic link */
|
|
#define FTS_NOINSTR 3 /* no instructions */
|
|
#define FTS_SKIP 4 /* discard node */
|
|
int fts_instr; /* fts_set() instructions */
|
|
|
|
struct stat *fts_statp; /* stat(2) information */
|
|
char *fts_name; /* file name */
|
|
FTS *fts_fts; /* back pointer to main FTS */
|
|
} FTSENT;
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
__BEGIN_DECLS
|
|
FTSENT *fts_children(FTS *, int);
|
|
int fts_close(FTS *);
|
|
void *fts_get_clientptr(FTS *);
|
|
#define fts_get_clientptr(fts) ((fts)->fts_clientptr)
|
|
FTS *fts_get_stream(FTSENT *);
|
|
#define fts_get_stream(ftsent) ((ftsent)->fts_fts)
|
|
FTS *fts_open(char * const *, int,
|
|
int (*)(const FTSENT * const *, const FTSENT * const *));
|
|
FTSENT *fts_read(FTS *);
|
|
int fts_set(FTS *, FTSENT *, int);
|
|
void fts_set_clientptr(FTS *, void *);
|
|
__END_DECLS
|
|
|
|
#endif /* !_FTS_H_ */
|