Re: Re: Implementation of GLOB_TILDE

[Rich Felker <dalias@libc.org>]

On Tue, Jan 17, 2017 at 03:49:03PM +0000, Bernardo Pascoal Figueiredo wrote:
> >I have a few questions though:
> > * How do I contribute to musl? Should I just send patches to this
> >mailing list

This is the preferred way, yes.

> > * I defined GLOB_TILDE as 0x100, but I think this won't work on
> >architectures
> >   that have sizeof(int) == 2, as the flags argument in glob is an int.

That's not an issue. (1) POSIX requires >=32bit int; musl is even more
restrictive. (2) 0xff is 8 bits, not 16. Even ISO C requires 0x100 to
fit in int. You do need to match whatever value glibc uses, though; I
haven't checked that.

> > * I think it's best to define GLOB_TILDE in glob.h inside a '#if
> >   defined(_GNU_SOURCE) || defined(_BSD_SOURCE)' what do you think?
> >
> > * I had to copy strlcat and strlcpy to glob.c so I could use
> >them. I had to do
> >   this because musl isn't compile as _GNU_SOURCE or _BSD_SOURCE
> >so string.h
> >   doesn't expose these functions. How should I fix this?

Just don't use them. The same thing can be achieved much better with
portable functions strnlen and memcpy.

Note that even if you added #define for _GNU_SOURCE to this file, you
couldn't reference these functions because then a function in the
standard namespace would depend on symbols in nonstandard namespace.

> diff --git a/src/regex/glob.c b/src/regex/glob.c
> index 5b6ff124..f40da380 100644
> --- a/src/regex/glob.c
> +++ b/src/regex/glob.c
> @@ -8,6 +8,9 @@
>  #include <errno.h>
>  #include <stddef.h>
>  #include "libc.h"
> +#include <stdbool.h>

Just use int for boolean values; bool is not idiomatic in musl.

> +/*"~" or "~/(...)" case*/
> +static bool expand_tilde_cur_user(const char *pat_after_tilde, char *new_pat, size_t new_pat_size)
> +{
> +	char *home;
> +	struct passwd pw_store, *pw_result;
> +	char pw_buf[1024];
> +
> +	/*FIXME: add check for issetugid as in libc of openbsd?*/
> +	home = getenv("HOME");
> +	if(home == NULL) {
> +		getpwuid_r(getuid(), &pw_store, pw_buf, sizeof(pw_buf), &pw_result);
> +		if(pw_result == NULL) {
> +			return false;
> +		}
> +		home = pw_store.pw_dir;
> +	}
> +
> +	return glob_strlcpy(new_pat, home, new_pat_size) < new_pat_size
> +		&& glob_strlcat(new_pat, pat_after_tilde, new_pat_size) < new_pat_size;
> +}
> +
> +/* "~user/(...) case*/
> +static bool expand_tilde_named_user(const char *pat_after_tilde, char *new_pat, size_t new_pat_size)
> +{
> +	struct passwd pw_store, *pw_result;
> +	char pw_buf[1024], username[1024];
> +	const char *slash_pos = strchr(pat_after_tilde, '/');
> +	if(slash_pos == NULL) {
> +		return false;
> +	}
> +
> +	ptrdiff_t pat_username_size = slash_pos - pat_after_tilde;
> +	if(pat_username_size <= 0 || pat_username_size >= sizeof(username)) {
> +		return false;
> +	}
> +	strncpy(username, pat_after_tilde, pat_username_size);
> +	username[pat_username_size] = '\0';
> +
> +	getpwnam_r(username, &pw_store, pw_buf, sizeof(pw_buf), &pw_result);
> +	if (pw_result == NULL)
> +		return false;
> +
> +	return glob_strlcpy(new_pat, pw_store.pw_dir, new_pat_size) < new_pat_size
> +		&& glob_strlcat(new_pat, slash_pos, new_pat_size) < new_pat_size;
> +}

It should be possible to reduce this code considerably, and to avoid
some of the large stack buffers. Certainly username[] does not need to
be 1k; I believe there's a macro for the max supported in limits.h or
such and it's something like 16 or 32 bytes.

>  int glob(const char *restrict pat, int flags, int (*errfunc)(const char *path, int err), glob_t *restrict g)
>  {
> -	const char *p=pat, *d;
> +	const char *p, *d;
> +	char new_pat[PATH_MAX + 1];
>  	struct match head = { .next = NULL }, *tail = &head;
>  	size_t cnt, i;
>  	size_t offs = (flags & GLOB_DOOFFS) ? g->gl_offs : 0;
>  	int error = 0;
> +
> +	/*even if expanding fails(e.g. expansion make pat too big)
> +	 * we should try to match the ~ or ~user literally*/
> +	bool should_expand_tilde = (flags & GLOB_TILDE) && (pat[0] == '~');
> +	if(should_expand_tilde && expand_tilde(pat, new_pat, sizeof(new_pat))) {
> +		p = new_pat;
> +	} else {
> +		p = pat;
> +	}

Don't introduce gratuitous variables for expressions used just once.
The conditions going into that bool can just be part of the if.

I haven't checked what happens when the input pat is too long to fit
in new_pat. This needs to be an error condition, not silent
truncation, but error conditions can't be handled until further down;
see commit 769f53598e781ffc89191520f3f8a93cb58db91f for why. Also,
new_pat should probably be a VLA whose length is 1 unless tilde
expansion is needed, and PATH_MAX otherwise, so that glob doesn't blow
an extra page on the stack when tilde expansion is not in use.

Rich