1 files changed, 45 insertions, 11 deletions
diff --git a/lib/readlinkat.c b/lib/readlinkat.c
index c9880e1c704..ab45e140b59 100644
--- a/lib/readlinkat.c
+++ b/lib/readlinkat.c
@@ -1,9 +1,9 @@
 /* Read a symlink relative to an open directory.
-   Copyright (C) 2009-2017 Free Software Foundation, Inc.
+   Copyright (C) 2009-2022 Free Software Foundation, Inc.
 
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
-   the Free Software Foundation; either version 3 of the License, or
+   the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
 
    This program is distributed in the hope that it will be useful,
@@ -18,17 +18,21 @@
 
 #include <config.h>
 
-#include <errno.h>
+/* Specification.  */
 #include <unistd.h>
+
+#include <errno.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/stat.h>
 
 #if HAVE_READLINKAT
 
+# undef fstatat
 # undef readlinkat
 
 ssize_t
-rpl_readlinkat (int fd, char const *file, char *buf, size_t len)
+rpl_readlinkat (int fd, char const *file, char *buf, size_t bufsize)
 {
 # if READLINK_TRAILING_SLASH_BUG
   size_t file_len = strlen (file);
@@ -37,15 +41,45 @@ rpl_readlinkat (int fd, char const *file, char *buf, size_t len)
       /* Even if FILE without the slash is a symlink to a directory,
          both lstat() and stat() must resolve the trailing slash to
          the directory rather than the symlink.  We can therefore
-         safely use stat() to distinguish between EINVAL and
-         ENOTDIR/ENOENT, avoiding extra overhead of rpl_lstat().  */
+         safely use fstatat(..., 0) to distinguish between EINVAL and
+         ENOTDIR/ENOENT, avoiding extra overhead of rpl_fstatat().  */
       struct stat st;
-      if (stat (file, &st) == 0)
+      if (fstatat (fd, file, &st, 0) == 0 || errno == EOVERFLOW)
         errno = EINVAL;
       return -1;
     }
 # endif /* READLINK_TRAILING_SLASH_BUG */
-  return readlinkat (fd, file, buf, len);
+
+  ssize_t r = readlinkat (fd, file, buf, bufsize);
+
+# if READLINK_TRUNCATE_BUG
+  if (r < 0 && errno == ERANGE)
+    {
+      /* Try again with a bigger buffer.  This is just for test cases;
+         real code invariably discards short reads.  */
+      char stackbuf[4032];
+      r = readlinkat (fd, file, stackbuf, sizeof stackbuf);
+      if (r < 0)
+        {
+          if (errno == ERANGE)
+            {
+              /* Clear the buffer, which is good enough for real code.
+                 Thankfully, no test cases try short reads of enormous
+                 symlinks and what would be the point anyway?  */
+              r = bufsize;
+              memset (buf, 0, r);
+            }
+        }
+      else
+        {
+          if (bufsize < r)
+            r = bufsize;
+          memcpy (buf, stackbuf, r);
+        }
+    }
+# endif
+
+  return r;
 }
 
 #else
@@ -58,7 +92,7 @@ rpl_readlinkat (int fd, char const *file, char *buf, size_t len)
    readlinkat worthless since readlink does not guarantee a
    NUL-terminated buffer.  Assume this was a bug in POSIX.  */
 
-/* Read the contents of symlink FILE into buffer BUF of size LEN, in the
+/* Read the contents of symlink FILE into buffer BUF of size BUFSIZE, in the
    directory open on descriptor FD.  If possible, do it without changing
    the working directory.  Otherwise, resort to using save_cwd/fchdir,
    then readlink/restore_cwd.  If either the save_cwd or the restore_cwd
@@ -66,8 +100,8 @@ rpl_readlinkat (int fd, char const *file, char *buf, size_t len)
 
 # define AT_FUNC_NAME readlinkat
 # define AT_FUNC_F1 readlink
-# define AT_FUNC_POST_FILE_PARAM_DECLS , char *buf, size_t len
-# define AT_FUNC_POST_FILE_ARGS        , buf, len
+# define AT_FUNC_POST_FILE_PARAM_DECLS , char *buf, size_t bufsize
+# define AT_FUNC_POST_FILE_ARGS        , buf, bufsize
 # define AT_FUNC_RESULT ssize_t
 # include "at-func.c"
 # undef AT_FUNC_NAME