/src/sudo/plugins/sudoers/exptilde.c

Source (jump to first uncovered line)
/*
 * SPDX-License-Identifier: ISC
 *
 * Copyright (c) 2020 Todd C. Miller <Todd.Miller@sudo.ws>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

/*
 * This is an open source non-commercial project. Dear PVS-Studio, please check it.
 * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
 */

#include <config.h>

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <grp.h>
#include <pwd.h>

#include <sudoers.h>
#include <pwutil.h>

/*
 * Expand leading tilde in *path, which must be dynamically allocated.
 * Replaces path with the expanded version as needed, freeing the old one.
 * Returns true on success, false on failure.
 */
bool
expand_tilde(char **path, const char *user)
{
    char *npath, *opath = *path;
    char *slash = NULL;
    struct passwd *pw;
    int len;
    debug_decl(expand_tilde, SUDOERS_DEBUG_UTIL);

    switch (*opath++) {
    case '/':
  /* A fully-qualified path, nothing to do. */
  debug_return_bool(true);
    case '~':
  /* See below. */
  break;
    default:
  /* Not a fully-qualified path or one that starts with a tilde. */
  debug_return_bool(false);
    }

    switch (*opath) {
    case '\0':
  /* format: ~ */
  break;
    case '/':
  /* format: ~/foo */
  opath++;
  break;
    default:
  /* format: ~user/foo */
  user = opath;
  slash = strchr(opath, '/');
  if (slash != NULL) {
      *slash = '\0';
      opath = slash + 1;
  } else {
      opath = (char *)"";
  }
    }
    pw = sudo_getpwnam(user);
    if (slash != NULL)
  *slash = '/';
    if (pw == NULL) {
  /* Unknown user. */
  sudo_warnx(U_("unknown user %s"), user);
  debug_return_bool(false);
    }

    len = asprintf(&npath, "%s%s%s", pw->pw_dir, *opath ? "/" : "", opath);
    sudo_pw_delref(pw);
    if (len == -1) {
  sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
  debug_return_bool(false);
    }

    free(*path);
    *path = npath;
    debug_return_bool(true);
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* SPDX-License-Identifier: ISC
3		*
4		* Copyright (c) 2020 Todd C. Miller <Todd.Miller@sudo.ws>
5		*
6		* Permission to use, copy, modify, and distribute this software for any
7		* purpose with or without fee is hereby granted, provided that the above
8		* copyright notice and this permission notice appear in all copies.
9		*
10		* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11		* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12		* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13		* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14		* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15		* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16		* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17		*/
18
19		/*
20		* This is an open source non-commercial project. Dear PVS-Studio, please check it.
21		* PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
22		*/
23
24		#include <config.h>
25
26		#include <stdio.h>
27		#include <stdlib.h>
28		#include <string.h>
29		#include <grp.h>
30		#include <pwd.h>
31
32		#include <sudoers.h>
33		#include <pwutil.h>
34
35		/*
36		* Expand leading tilde in *path, which must be dynamically allocated.
37		* Replaces path with the expanded version as needed, freeing the old one.
38		* Returns true on success, false on failure.
39		*/
40		bool
41		expand_tilde(char *path, const char user)
42	0	{
43	0	char npath, opath = *path;
44	0	char *slash = NULL;
45	0	struct passwd *pw;
46	0	int len;
47	0	debug_decl(expand_tilde, SUDOERS_DEBUG_UTIL);
48
49	0	switch (*opath++) {
50	0	case '/':
51		/* A fully-qualified path, nothing to do. */
52	0	debug_return_bool(true);
53	0	case '~':
54		/* See below. */
55	0	break;
56	0	default:
57		/* Not a fully-qualified path or one that starts with a tilde. */
58	0	debug_return_bool(false);
59	0	}
60
61	0	switch (*opath) {
62	0	case '\0':
63		/* format: ~ */
64	0	break;
65	0	case '/':
66		/* format: ~/foo */
67	0	opath++;
68	0	break;
69	0	default:
70		/* format: ~user/foo */
71	0	user = opath;
72	0	slash = strchr(opath, '/');
73	0	if (slash != NULL) {
74	0	*slash = '\0';
75	0	opath = slash + 1;
76	0	} else {
77	0	opath = (char *)"";
78	0	}
79	0	}
80	0	pw = sudo_getpwnam(user);
81	0	if (slash != NULL)
82	0	*slash = '/';
83	0	if (pw == NULL) {
84		/* Unknown user. */
85	0	sudo_warnx(U_("unknown user %s"), user);
86	0	debug_return_bool(false);
87	0	}
88
89	0	len = asprintf(&npath, "%s%s%s", pw->pw_dir, *opath ? "/" : "", opath);
90	0	sudo_pw_delref(pw);
91	0	if (len == -1) {
92	0	sudo_warnx(U_("%s: %s"), __func__, U_("unable to allocate memory"));
93	0	debug_return_bool(false);
94	0	}
95
96	0	free(*path);
97	0	*path = npath;
98	0	debug_return_bool(true);
99	0	}

Coverage Report

Created: 2025-07-12 06:27