GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: usr.bin/vi/build/../ex/ex_init.c Lines: 0 143 0.0 %
Date: 2017-11-07 Branches: 0 140 0.0 %

Line Branch Exec Source
1
/*	$OpenBSD: ex_init.c,v 1.18 2017/04/18 01:45:35 deraadt Exp $	*/
2
3
/*-
4
 * Copyright (c) 1992, 1993, 1994
5
 *	The Regents of the University of California.  All rights reserved.
6
 * Copyright (c) 1992, 1993, 1994, 1995, 1996
7
 *	Keith Bostic.  All rights reserved.
8
 *
9
 * See the LICENSE file for redistribution information.
10
 */
11
12
#include "config.h"
13
14
#include <sys/queue.h>
15
#include <sys/stat.h>
16
17
#include <bitstring.h>
18
#include <errno.h>
19
#include <fcntl.h>
20
#include <limits.h>
21
#include <stdio.h>
22
#include <stdlib.h>
23
#include <string.h>
24
#include <unistd.h>
25
26
#include "../common/common.h"
27
#include "tag.h"
28
#include "pathnames.h"
29
30
enum rc { NOEXIST, NOPERM, RCOK };
31
static enum rc	exrc_isok(SCR *, struct stat *, int *, char *, int, int);
32
33
static int ex_run_file(SCR *, int, char *);
34
35
/*
36
 * ex_screen_copy --
37
 *	Copy ex screen.
38
 *
39
 * PUBLIC: int ex_screen_copy(SCR *, SCR *);
40
 */
41
int
42
ex_screen_copy(SCR *orig, SCR *sp)
43
{
44
	EX_PRIVATE *oexp, *nexp;
45
46
	/* Create the private ex structure. */
47
	CALLOC_RET(orig, nexp, 1, sizeof(EX_PRIVATE));
48
	sp->ex_private = nexp;
49
50
	/* Initialize queues. */
51
	TAILQ_INIT(&nexp->tq);
52
	TAILQ_INIT(&nexp->tagfq);
53
54
	if (orig == NULL) {
55
	} else {
56
		oexp = EXP(orig);
57
58
		if (oexp->lastbcomm != NULL &&
59
		    (nexp->lastbcomm = strdup(oexp->lastbcomm)) == NULL) {
60
			msgq(sp, M_SYSERR, NULL);
61
			return(1);
62
		}
63
		if (ex_tag_copy(orig, sp))
64
			return (1);
65
	}
66
	return (0);
67
}
68
69
/*
70
 * ex_screen_end --
71
 *	End a vi screen.
72
 *
73
 * PUBLIC: int ex_screen_end(SCR *);
74
 */
75
int
76
ex_screen_end(SCR *sp)
77
{
78
	EX_PRIVATE *exp;
79
	int rval;
80
81
	if ((exp = EXP(sp)) == NULL)
82
		return (0);
83
84
	rval = 0;
85
86
	/* Close down script connections. */
87
	if (F_ISSET(sp, SC_SCRIPT) && sscr_end(sp))
88
		rval = 1;
89
90
	if (argv_free(sp))
91
		rval = 1;
92
93
	free(exp->ibp);
94
	free(exp->lastbcomm);
95
96
	if (ex_tag_free(sp))
97
		rval = 1;
98
99
	/* Free private memory. */
100
	free(exp);
101
	sp->ex_private = NULL;
102
103
	return (rval);
104
}
105
106
/*
107
 * ex_optchange --
108
 *	Handle change of options for ex.
109
 *
110
 * PUBLIC: int ex_optchange(SCR *, int, char *, u_long *);
111
 */
112
int
113
ex_optchange(SCR *sp, int offset, char *str, u_long *valp)
114
{
115
	switch (offset) {
116
	case O_TAGS:
117
		return (ex_tagf_alloc(sp, str));
118
	}
119
	return (0);
120
}
121
122
/*
123
 * ex_exrc --
124
 *	Read the EXINIT environment variable and the startup exrc files,
125
 *	and execute their commands.
126
 *
127
 * PUBLIC: int ex_exrc(SCR *);
128
 */
129
int
130
ex_exrc(SCR *sp)
131
{
132
	struct stat hsb, lsb;
133
	char *p, path[PATH_MAX];
134
	int fd;
135
136
	/*
137
	 * Source the system, environment, $HOME and local .exrc values.
138
	 * Vi historically didn't check $HOME/.exrc if the environment
139
	 * variable EXINIT was set.  This is all done before the file is
140
	 * read in, because things in the .exrc information can set, for
141
	 * example, the recovery directory.
142
	 *
143
	 * !!!
144
	 * While nvi can handle any of the options settings of historic vi,
145
	 * the converse is not true.  Since users are going to have to have
146
	 * files and environmental variables that work with both, we use nvi
147
	 * versions of both the $HOME and local startup files if they exist,
148
	 * otherwise the historic ones.
149
	 *
150
	 * !!!
151
	 * For a discussion of permissions and when what .exrc files are
152
	 * read, see the comment above the exrc_isok() function below.
153
	 *
154
	 * !!!
155
	 * If the user started the historic of vi in $HOME, vi read the user's
156
	 * .exrc file twice, as $HOME/.exrc and as ./.exrc.  We avoid this, as
157
	 * it's going to make some commands behave oddly, and I can't imagine
158
	 * anyone depending on it.
159
	 */
160
	switch (exrc_isok(sp, &hsb, &fd, _PATH_SYSEXRC, 1, 0)) {
161
	case NOEXIST:
162
	case NOPERM:
163
		break;
164
	case RCOK:
165
		if (ex_run_file(sp, fd, _PATH_SYSEXRC))
166
			return (1);
167
		break;
168
	}
169
170
	/* Run the commands. */
171
	if (EXCMD_RUNNING(sp->gp))
172
		(void)ex_cmd(sp);
173
	if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
174
		return (0);
175
176
	if ((p = getenv("NEXINIT")) != NULL) {
177
		if (ex_run_str(sp, "NEXINIT", p, strlen(p), 1, 0))
178
			return (1);
179
	} else if ((p = getenv("EXINIT")) != NULL) {
180
		if (ex_run_str(sp, "EXINIT", p, strlen(p), 1, 0))
181
			return (1);
182
	} else if ((p = getenv("HOME")) != NULL && *p) {
183
		(void)snprintf(path, sizeof(path), "%s/%s", p, _PATH_NEXRC);
184
		switch (exrc_isok(sp, &hsb, &fd, path, 0, 1)) {
185
		case NOEXIST:
186
			(void)snprintf(path,
187
			    sizeof(path), "%s/%s", p, _PATH_EXRC);
188
			if (exrc_isok(sp, &hsb, &fd, path, 0, 1) == RCOK &&
189
			    ex_run_file(sp, fd, path))
190
				return (1);
191
			break;
192
		case NOPERM:
193
			break;
194
		case RCOK:
195
			if (ex_run_file(sp, fd, path))
196
				return (1);
197
			break;
198
		}
199
	}
200
201
	/* Run the commands. */
202
	if (EXCMD_RUNNING(sp->gp))
203
		(void)ex_cmd(sp);
204
	if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
205
		return (0);
206
207
	/* Previous commands may have set the exrc option. */
208
	if (O_ISSET(sp, O_EXRC)) {
209
		switch (exrc_isok(sp, &lsb, &fd, _PATH_NEXRC, 0, 0)) {
210
		case NOEXIST:
211
			if (exrc_isok(sp, &lsb, &fd, _PATH_EXRC, 0, 0)
212
			    == RCOK) {
213
				if (lsb.st_dev != hsb.st_dev ||
214
				    lsb.st_ino != hsb.st_ino) {
215
					if (ex_run_file(sp, fd, _PATH_EXRC))
216
						return (1);
217
				} else
218
					close(fd);
219
			}
220
			break;
221
		case NOPERM:
222
			break;
223
		case RCOK:
224
			if (lsb.st_dev != hsb.st_dev ||
225
			    lsb.st_ino != hsb.st_ino) {
226
				if (ex_run_file(sp, fd, _PATH_NEXRC))
227
					return (1);
228
			} else
229
				close(fd);
230
			break;
231
		}
232
		/* Run the commands. */
233
		if (EXCMD_RUNNING(sp->gp))
234
			(void)ex_cmd(sp);
235
		if (F_ISSET(sp, SC_EXIT | SC_EXIT_FORCE))
236
			return (0);
237
	}
238
239
	return (0);
240
}
241
242
/*
243
 * ex_run_file --
244
 *	Set up a file of ex commands to run.
245
 */
246
static int
247
ex_run_file(SCR *sp, int fd, char *name)
248
{
249
	ARGS *ap[2], a;
250
	EXCMD cmd;
251
252
	ex_cinit(&cmd, C_SOURCE, 0, OOBLNO, OOBLNO, 0, ap);
253
	ex_cadd(&cmd, &a, name, strlen(name));
254
	return (ex_sourcefd(sp, &cmd, fd));
255
}
256
257
/*
258
 * ex_run_str --
259
 *	Set up a string of ex commands to run.
260
 *
261
 * PUBLIC: int ex_run_str(SCR *, char *, char *, size_t, int, int);
262
 */
263
int
264
ex_run_str(SCR *sp, char *name, char *str, size_t len, int ex_flags,
265
    int nocopy)
266
{
267
	GS *gp;
268
	EXCMD *ecp;
269
270
	gp = sp->gp;
271
	if (EXCMD_RUNNING(gp)) {
272
		CALLOC_RET(sp, ecp, 1, sizeof(EXCMD));
273
		LIST_INSERT_HEAD(&gp->ecq, ecp, q);
274
	} else
275
		ecp = &gp->excmd;
276
277
	F_INIT(ecp,
278
	    ex_flags ? E_BLIGNORE | E_NOAUTO | E_NOPRDEF | E_VLITONLY : 0);
279
280
	if (nocopy)
281
		ecp->cp = str;
282
	else
283
		if ((ecp->cp = v_strdup(sp, str, len)) == NULL)
284
			return (1);
285
	ecp->clen = len;
286
287
	if (name == NULL)
288
		ecp->if_name = NULL;
289
	else {
290
		if ((ecp->if_name = v_strdup(sp, name, strlen(name))) == NULL)
291
			return (1);
292
		ecp->if_lno = 1;
293
		F_SET(ecp, E_NAMEDISCARD);
294
	}
295
296
	return (0);
297
}
298
299
/*
300
 * exrc_isok --
301
 *	Open and check a .exrc file for source-ability.
302
 *
303
 * !!!
304
 * Historically, vi read the $HOME and local .exrc files if they were owned
305
 * by the user's real ID, or the "sourceany" option was set, regardless of
306
 * any other considerations.  We no longer support the sourceany option as
307
 * it's a security problem of mammoth proportions.  We require the system
308
 * .exrc file to be owned by root, the $HOME .exrc file to be owned by the
309
 * user's effective ID (or that the user's effective ID be root) and the
310
 * local .exrc files to be owned by the user's effective ID.  In all cases,
311
 * the file cannot be writeable by anyone other than its owner.
312
 *
313
 * In O'Reilly ("Learning the VI Editor", Fifth Ed., May 1992, page 106),
314
 * it notes that System V release 3.2 and later has an option "[no]exrc".
315
 * The behavior is that local .exrc files are read only if the exrc option
316
 * is set.  The default for the exrc option was off, so, by default, local
317
 * .exrc files were not read.  The problem this was intended to solve was
318
 * that System V permitted users to give away files, so there's no possible
319
 * ownership or writeability test to ensure that the file is safe.
320
 *
321
 * POSIX 1003.2-1992 standardized exrc as an option.  It required the exrc
322
 * option to be off by default, thus local .exrc files are not to be read
323
 * by default.  The Rationale noted (incorrectly) that this was a change
324
 * to historic practice, but correctly noted that a default of off improves
325
 * system security.  POSIX also required that vi check the effective user
326
 * ID instead of the real user ID, which is why we've switched from historic
327
 * practice.
328
 *
329
 * We initialize the exrc variable to off.  If it's turned on by the system
330
 * or $HOME .exrc files, and the local .exrc file passes the ownership and
331
 * writeability tests, then we read it.  This breaks historic 4BSD practice,
332
 * but it gives us a measure of security on systems where users can give away
333
 * files.
334
 */
335
static enum rc
336
exrc_isok(SCR *sp, struct stat *sbp, int *fdp, char *path, int rootown,
337
    int rootid)
338
{
339
	enum { ROOTOWN, OWN, WRITER } etype;
340
	uid_t euid;
341
	int nf1, nf2;
342
	char *a, *b, buf[PATH_MAX];
343
344
	if ((*fdp = open(path, O_RDONLY, 0)) < 0) {
345
		if (errno == ENOENT)
346
                        /* This is the only case where ex_exrc()
347
                         * should silently try the next file, for
348
                         * example .exrc after .nexrc.
349
			 */
350
			return (NOEXIST);
351
352
		msgq_str(sp, M_SYSERR, path, "%s");
353
		return (NOPERM);
354
	}
355
356
	if (fstat(*fdp, sbp)) {
357
		msgq_str(sp, M_SYSERR, path, "%s");
358
		close(*fdp);
359
		return (NOPERM);
360
	}
361
362
	/* Check ownership permissions. */
363
	euid = geteuid();
364
	if (!(rootown && sbp->st_uid == 0) &&
365
	    !(rootid && euid == 0) && sbp->st_uid != euid) {
366
		etype = rootown ? ROOTOWN : OWN;
367
		goto denied;
368
	}
369
370
	/* Check writeability. */
371
	if (sbp->st_mode & (S_IWGRP | S_IWOTH)) {
372
		etype = WRITER;
373
		goto denied;
374
	}
375
	return (RCOK);
376
377
denied:	a = msg_print(sp, path, &nf1);
378
	if (strchr(path, '/') == NULL && getcwd(buf, sizeof(buf)) != NULL) {
379
		b = msg_print(sp, buf, &nf2);
380
		switch (etype) {
381
		case ROOTOWN:
382
			msgq(sp, M_ERR,
383
			    "%s/%s: not sourced: not owned by you or root",
384
			    b, a);
385
			break;
386
		case OWN:
387
			msgq(sp, M_ERR,
388
			    "%s/%s: not sourced: not owned by you", b, a);
389
			break;
390
		case WRITER:
391
			msgq(sp, M_ERR,
392
    "%s/%s: not sourced: writable by a user other than the owner", b, a);
393
			break;
394
		}
395
		if (nf2)
396
			FREE_SPACE(sp, b, 0);
397
	} else
398
		switch (etype) {
399
		case ROOTOWN:
400
			msgq(sp, M_ERR,
401
			    "%s: not sourced: not owned by you or root", a);
402
			break;
403
		case OWN:
404
			msgq(sp, M_ERR,
405
			    "%s: not sourced: not owned by you", a);
406
			break;
407
		case WRITER:
408
			msgq(sp, M_ERR,
409
	    "%s: not sourced: writable by a user other than the owner", a);
410
			break;
411
		}
412
413
	if (nf1)
414
		FREE_SPACE(sp, a, 0);
415
	close(*fdp);
416
	return (NOPERM);
417
}