unix: asserting wrappers around unix fs calls

2024-12-11 11:02:25 +03:00 · 2022-01-28 22:59:17 -08:00 · 2022-01-28 22:59:17 -08:00 · d2fc42c3ea
commit d2fc42c3ea
parent 2e53930d5a
4 changed files with 127 additions and 0 deletions
--- a/pkg/urbit/include/c/defs.h
+++ b/pkg/urbit/include/c/defs.h
@ -122,4 +122,27 @@
        }                                                       \
        rut;})

+    /* Asserting unix fs wrappers.
+    */
+      // defined in vere/io/unix.c.
+      c3_t u3_unix_safe(const c3_c* pax_c);
+#     define c3_open(a, ...) ({                                 \
+        c3_assert(u3_unix_safe(a));                             \
+        open(a, __VA_ARGS__);})
+#     define c3_opendir(a) ({                                   \
+        c3_assert(u3_unix_safe(a));                             \
+        opendir(a);})
+#     define c3_mkdir(a, b) ({                                  \
+        c3_assert(u3_unix_safe(a));                             \
+        mkdir(a, b);})
+#     define c3_rmdir(a) ({                                     \
+        c3_assert(u3_unix_safe(a));                             \
+        rmdir(a);})
+#     define c3_unlink(a) ({                                    \
+        c3_assert(u3_unix_safe(a));                             \
+        unlink(a);})
+#     define c3_fopen(a, b) ({                                  \
+        c3_assert(u3_unix_safe(a));                             \
+        fopen(a, b);})
+
 #endif /* ifndef C3_DEFS_H */
--- a/pkg/urbit/include/vere/vere.h
+++ b/pkg/urbit/include/vere/vere.h
@ -1168,6 +1168,11 @@

    /**  Storage, new school.
    **/
+      /* u3_unix_safe(): true iff path is canonical.
+      */
+        c3_t
+        u3_unix_safe(const c3_c* pax_c);
+
      /* u3_unix_initial_into_card(): create initial filesystem sync card.
      */
        u3_noun
--- a/pkg/urbit/tests/unix_tests.c
+++ b/pkg/urbit/tests/unix_tests.c
@ -0,0 +1,64 @@
+#include "all.h"
+#include "vere/vere.h"
+
+/* _setup(): prepare for tests.
+*/
+static void
+_setup(void)
+{
+}
+
+/* _test_safe():
+*/
+static c3_i
+_test_safe()
+{
+  c3_i ret_i = 1;
+
+  if ( !u3_unix_safe("a") ||
+       !u3_unix_safe("a/b") ||
+       !u3_unix_safe("a/b/c/defg/h/ijklmnop") )
+  {
+    fprintf(stderr, "_safe fail 1\n");
+    ret_i = 0;
+  }
+
+  if ( u3_unix_safe("") ||
+       u3_unix_safe(".") ||
+       u3_unix_safe("..") ||
+       u3_unix_safe("/.") ||
+       u3_unix_safe("a/b/c//") ||
+       u3_unix_safe("a/b/.") ||
+       u3_unix_safe("/././../.") ||
+       u3_unix_safe("a\\b\\c") ||
+       u3_unix_safe("/../etc") )
+  {
+    fprintf(stderr, "_safe fail 2\r\n");
+    ret_i = 0;
+  }
+
+  if ( !u3_unix_safe(".a") ||
+       !u3_unix_safe("/.a.b.c/..c") )
+  {
+    fprintf(stderr, "_safe fail 3\r\n");
+    ret_i = 0;
+  }
+
+  return ret_i;
+}
+
+/* main(): run all test cases.
+*/
+int
+main(int argc, char* argv[])
+{
+  _setup();
+
+  if ( !_test_safe() ) {
+    fprintf(stderr, "test unix: failed\r\n");
+    exit(1);
+  }
+
+  fprintf(stderr, "test unix: ok\r\n");
+  return 0;
+}
--- a/pkg/urbit/vere/io/unix.c
+++ b/pkg/urbit/vere/io/unix.c
@ -72,6 +72,41 @@ struct _u3_ufil;
 void
 u3_unix_ef_look(u3_unix* unx_u, u3_noun mon, u3_noun all);

+/* u3_unix_safe(): true iff path is canonical.
+*/
+c3_t
+u3_unix_safe(const c3_c* pax_c)
+{
+  if ( 0 == pax_c ||
+       0 != strchr(pax_c, '\\') )
+  {
+    return 0;
+  }
+  //  allow root.
+  //
+  if ( 0 == strcmp("/", pax_c) ) {
+    return 1;
+  }
+  //  allow absolute paths.
+  //
+  if ( '/' == *pax_c ) {
+    pax_c++;
+  }
+  do {
+    if (  0 == *pax_c
+       || 0 == strcmp(".",    pax_c)
+       || 0 == strcmp("..",   pax_c)
+       || 0 == strncmp("/",   pax_c, 1)
+       || 0 == strncmp("./",  pax_c, 2)
+       || 0 == strncmp("../", pax_c, 3) )
+    {
+      return 0;
+    }
+    pax_c = strchr(pax_c, '/');
+  } while ( 0 != pax_c++ );
+  return 1;
+}
+
 /* u3_readdir_r():
 */
 c3_w