--- parser3/src/main/pa_exec.C	2001/04/17 19:00:41	1.2
+++ parser3/src/main/pa_exec.C	2009/10/02 01:18:27	1.78
@@ -1,15 +1,20 @@
 /** @file
 	Parser: program executing for different OS-es.
 
-	Copyright(c) 2000,2001 ArtLebedev Group(http://www.artlebedev.com)
+	Copyright(c) 2000-2009 ArtLebedev Group(http://www.artlebedev.com)
+	Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
 
-	Author: Alexander Petrosyan <paf@design.ru>(http://design.ru/paf)
-
-	$Id: pa_exec.C,v 1.2 2001/04/17 19:00:41 paf Exp $
+	@todo setrlimit
 */
 
+static const char * const IDENT_EXEC_C="$Date: 2009/10/02 01:18:27 $";
+
 #include "pa_config_includes.h"
 
+#include "pa_exec.h"
+#include "pa_exception.h"
+#include "pa_common.h"
+
 #ifdef WIN32
 #	include <windows.h>
 #else
@@ -18,140 +23,172 @@
 #	include <sys/wait.h>
 #endif
 
-#include <stdio.h>
-#include <errno.h>
-
-#include "pa_exec.h"
-#include "pa_exception.h"
-#include "pa_common.h"
-
-
 #ifdef WIN32
 
 /// this func from http://www.ccas.ru/~posp/popov/spawn.htm
-static BOOL WINAPI CreateHiddenConsoleProcess( LPCTSTR szChildName,
+static DWORD CreateHiddenConsoleProcess(LPCTSTR szCmdLine,
+										LPCTSTR szScriptFileSpec,
 										char *szEnv,
-                                        PROCESS_INFORMATION* ppi, 
-                                        LPHANDLE phInWrite,
-                                        LPHANDLE phOutRead,
-                                        LPHANDLE phErrRead )
+										PROCESS_INFORMATION* ppi, 
+										LPHANDLE phInWrite,
+										LPHANDLE phOutRead,
+										LPHANDLE phErrRead)
 {
-    BOOL fCreated;
-    STARTUPINFO si;
-    SECURITY_ATTRIBUTES sa={0};
-    HANDLE hInRead;
-    HANDLE hOutWrite;
-    HANDLE hErrWrite;
-
-    // Create pipes
-    // initialize security attributes for handle inheritance (for WinNT)
-    sa.nLength = sizeof( sa );
-    sa.bInheritHandle = TRUE;
-    sa.lpSecurityDescriptor  = NULL;
-
-    // create STDIN pipe
-    if( !CreatePipe( &hInRead, phInWrite, &sa, 0 ))
-        goto error;
-
-    // create STDOUT pipe
-    if( !CreatePipe( phOutRead, &hOutWrite, &sa, 0 ))
-        goto error;
-
-    // create STDERR pipe
-    if( !CreatePipe( phErrRead, &hErrWrite, &sa, 0 ))
-        goto error;
-
-    // process startup information
-    memset( &si, 0, sizeof( si ));
-    si.cb = sizeof( si ); 
-    si.dwFlags = STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
-    // child process' console must be hidden for Win95 compatibility
-    si.wShowWindow = SW_HIDE;
-    // assign "other" sides of pipes
-//    si.hStdInput = hInRead;
-    si.hStdOutput = hOutWrite;
-    si.hStdError = hErrWrite;
-
-    // Create a child process (suspended)
-    fCreated = CreateProcess( NULL,
-                              (LPTSTR)szChildName,
-                              NULL,
-                              NULL,
-                              TRUE,
-                              DETACHED_PROCESS,
-                              szEnv,
-                              NULL,
-                              &si,
-                              ppi );
-
-    CloseHandle( hInRead );
-    CloseHandle( hOutWrite );
-    CloseHandle( hErrWrite );
+	DWORD result=0;
+	BOOL fCreated;
+	STARTUPINFO si;
+	SECURITY_ATTRIBUTES sa={0};
+	HANDLE hInRead;
+	HANDLE hOutWrite;
+	HANDLE hErrWrite;
+	
+	// Create pipes
+	// initialize security attributes for handle inheritance (for WinNT)
+	sa.nLength=sizeof(sa);
+	sa.bInheritHandle=TRUE;
+	sa.lpSecurityDescriptor=NULL;
+	
+	// create STDIN pipe
+	if(!CreatePipe(&hInRead, phInWrite, &sa, 0))
+		goto error;
+	
+	// create STDOUT pipe
+	if(!CreatePipe(phOutRead, &hOutWrite, &sa, 0))
+		goto error;
+	
+	// create STDERR pipe
+	if(!CreatePipe(phErrRead, &hErrWrite, &sa, 0))
+		goto error;
+	
+	// process startup information
+	memset(&si, 0, sizeof(si));
+	si.cb=sizeof(si); 
+	si.dwFlags=STARTF_USESHOWWINDOW | STARTF_USESTDHANDLES;
+	// child process' console must be hidden for Win95 compatibility
+	si.wShowWindow=SW_HIDE;
+	// assign "other" sides of pipes
+	si.hStdInput=hInRead;
+	si.hStdOutput=hOutWrite;
+	si.hStdError=hErrWrite;
+	
+	// calculating script's directory
+	char dir[MAX_STRING];
+	strncpy(dir, szScriptFileSpec, MAX_STRING-1); dir[MAX_STRING-1]=0;
+	lsplit(dir,' '); // trim arguments
+	rsplit(dir,'/'); rsplit(dir,'\\'); // trim filename
+	
+	// Create a child process (suspended)
+	fCreated=CreateProcess(NULL,
+		(LPTSTR)szCmdLine,
+		NULL,
+		NULL,
+		TRUE,
+		CREATE_NO_WINDOW,
+		szEnv,
+		dir,
+		&si,
+		ppi);
+	if(!fCreated)
+		result=GetLastError();
+	
+	CloseHandle(hInRead);
+	CloseHandle(hOutWrite);
+	CloseHandle(hErrWrite);
+	
+	if(!fCreated)
+		goto error;
+	
+	return result;
+	
+error:
+	if(!result/*yet*/)
+		result=GetLastError(); // get it
+	
+	CloseHandle(*phInWrite);
+	CloseHandle(*phOutRead);
+	CloseHandle(*phErrRead);
+	
+	return result;
+}
 
-    if( !fCreated )
-        goto error;
+static void read_pipe(String& result, HANDLE hOutRead, String::Language lang){
+	while(true) {
+		char *buf=new(PointerFreeGC) char[MAX_STRING+1];
+		DWORD size=0;
+		if(!ReadFile(hOutRead, buf, MAX_STRING, &size, NULL) || !size) 
+			break;
+		buf[size]=0;
+		result.append_know_length(buf, size, lang);
+	}
+}
 
-    return TRUE;
+static void read_pipe(File_read_result& result, HANDLE hOutRead){
 
-error:
-    CloseHandle( *phInWrite );
-    CloseHandle( *phOutRead );
-    CloseHandle( *phErrRead );
+	char *buf=(char*)pa_malloc(MAX_STRING+1);
+	DWORD bufsize = MAX_STRING;
 
-    return FALSE;
-}
+	result.headers = 0;
+	result.length = 0;
+	result.str = 0;
+	result.success = false;
 
-static void read_pipe(String& result, HANDLE hOutRead, const char *file_spec){
 	while(true) {
-		char *buf=(char *)result.pool().malloc(MAX_STRING);
-		unsigned long size;
-		ReadFile( hOutRead, buf, MAX_STRING, &size, NULL );
-		if(!size) 
+		DWORD size=0;
+		if(!ReadFile(hOutRead, buf + result.length, bufsize - result.length, &size, NULL) || !size)
 			break;
-		result.APPEND_CLEAN(buf, size, file_spec, 0);
-    }
+		result.length += size;
+		if(result.length >= bufsize){
+			bufsize *= 2;
+			buf=(char*)pa_realloc(buf, bufsize+1);
+		}
+		result.str=buf;
+	}
 }
 
-
-static const char *buildCommand(Pool& pool, 
-								const String& origin_string,
-								const char *file_spec_cstr, const Array *argv) {
-	FILE *f=fopen(file_spec_cstr, "r");
-	if(f) {
+static const char* buildCommand(const char* file_spec_cstr, const ArrayString& argv) {
+	const char* result=file_spec_cstr;
+	if(FILE *f=fopen(file_spec_cstr, "r")) {
+		try {
 		char buf[MAX_STRING];
 		size_t size=fread(buf, 1, MAX_STRING-1, f);
 		if(size>2) {
 			buf[size]=0;
 			if(strncmp(buf, "#!", 2)==0) {
-				char *atEOL=strchr(buf, '\n');
-				if(atEOL) {
-					String string(pool);
-					string.APPEND_CLEAN(buf+2, atEOL-(buf+2), 
-						origin_string.origin().file, 0);
+				const char* begin=buf+2;
+				while(*begin==' ') // alx: were an old magic for some linux-es
+					begin++;
+				if(const char *end=strchr(begin, '\n')) {
+					String string(pa_strdup(begin, end-begin));
 					string << " " << file_spec_cstr;
-					if(argv)
-						for(int i=0; i<argv->size(); i++)
-							string << argv->get_string(i)->cstr(String::UL_AS_IS);
-					file_spec_cstr=string.cstr();
+					result=string.cstr();
 				}
 			}
 		}
+		} catch(...) {
+			fclose(f);
+			rethrow;
+		}
 		fclose(f);
 	}
-	return file_spec_cstr;
+	{ // appending argv
+		String string(result);
+		for(size_t i=0; i<argv.count(); i++) {
+			string << " ";
+			string << *argv[i];
+		}
+
+		result=string.cstr();
+	}
+
+	return result;
 }
 
 #else
 
-static int execle_piped(const char *path, 
-						const char *arg1,
-						const char *arg2,
-						const char *arg3,
-						const char *arg4,
-						const char *arg5,
-						char * const env[],
-						int *pipe_in, int *pipe_out, int *pipe_err) {
-	int pid;
+static pid_t execve_piped(const char* file_spec_cstr, 
+			char * const argv[], char * const env[],
+			int *pipe_in, int *pipe_out, int *pipe_err) {
+	pid_t pid;
 	int in_fds[2];
 	int out_fds[2];
 	int err_fds[2];
@@ -196,7 +233,7 @@ static int execle_piped(const char *path
 			close(err_fds[0]); close(err_fds[1]);
 		}
 		errno=save_errno;
-		return 0;
+		return -1;
 	}
 	
 	if(!pid) {
@@ -220,10 +257,18 @@ static int execle_piped(const char *path
 			close(err_fds[1]);
 		}
 		
-		/* HP-UX SIGCHLD fix goes here, if someone will remind me what it is... */
+		/* grabbed this from Apache source: */
+		/*  HP-UX SIGCHLD fix goes here, if someone will remind me what it is... */
 		signal(SIGCHLD, SIG_DFL);	/* Was that it? */
 	
-		execle(path, arg1, arg2, arg3, arg4, arg5, NULL, env);
+		// chdir to script's directory
+		char dir[MAX_STRING];
+		strncpy(dir, file_spec_cstr, MAX_STRING-1); dir[MAX_STRING-1]=0;
+		rsplit(dir,'/'); // trim filename
+		chdir(dir);
+
+		//  execute
+		execve(file_spec_cstr, argv, env);
 		exit(-errno);
 	}
 	
@@ -249,134 +294,209 @@ static int execle_piped(const char *path
 
 static int get_exit_status(int pid) {
 	int status;
-	if(!waitpid(pid, &status, 0))
+	pid_t cid;
+	while ((cid=waitpid(pid, &status, WUNTRACED)) == -1 && errno == EINTR);	
+	if(!cid)
 		return -1;
 	return WIFEXITED(status) ? 
 		WEXITSTATUS(status) : -2;
 }
 
-static void read_pipe(String& result, int file, const char *file_spec){
+static void read_pipe(String& result, int file, String::Language lang){
 	while(true) {
-		char *buf=(char *)result.pool().malloc(MAX_STRING);
-		size_t size=read(file, buf, MAX_STRING);
-		if(!size) 
+		char *buf=new(PointerFreeGC) char[MAX_STRING+1];
+		ssize_t length=read(file, buf, MAX_STRING);
+		if(length<=0)
 			break;
-		result.APPEND_CLEAN(buf, size, file_spec, 0);
-    }
+		buf[length]=0;
+		result.append_know_length(buf, length, lang);
+	}
+}
+
+static void read_pipe(File_read_result& result, int file){
+	char *buf=(char*)pa_malloc(MAX_STRING+1);
+	ssize_t bufsize = MAX_STRING;
+
+	result.headers = 0;
+	result.length = 0;
+	result.str = 0;
+	result.success = false;
+
+	while(true) {
+		ssize_t size=read(file, buf + result.length, bufsize - result.length);
+		if(size <= 0)
+			break;
+		result.length += size;
+		if(result.length >= bufsize){
+			bufsize *= 2;
+			buf=(char*)pa_realloc(buf, bufsize+1);
+		}
+		result.str=buf;
+	}
 }
 
 #endif
 
-static void append_env_pair(const Hash::Key& key, Hash::Val *value, void *info) {
+#ifndef DOXYGEN
+struct Append_env_pair_info {
 #ifdef WIN32
-	String& string=*static_cast<String *>(info);
-	
-	string << key << "=" << *static_cast<String *>(value);
-	string.APPEND_CLEAN("", 1, 0, 0); // zero byte
+	String::Body& body;
+	Append_env_pair_info(String::Body& abody): body(abody) {}
 #else
-	String string(key.pool());
-	string << key << "=" << *static_cast<String *>(value);
+	char **env_ref;
+#endif
+};
+#endif
+///@test maybe here and at argv construction --- untaint_cstr(String::L_AS_IS
+static void append_env_pair(HashStringString::key_type key, HashStringString::value_type value,
+		Append_env_pair_info *info) {
+#ifdef WIN32
+	info->body << key << "=" << value;
+	info->body.append_know_length("\1", 1); // placeholder for of zero byte
+#else
+	String::Body body;
+	body << key << "=" << value.cstr();
 
-	char ***env_ref=static_cast<char ***>(info);
-	**env_ref=string.cstr();  (*env_ref)++;
+	*(info->env_ref++)=body.cstrm();
 #endif
 }
-int pa_exec(const String& file_spec, 
-			const Hash *env,
-			const Array *argv,
-			const String& in, String& out, String& err) {
-	Pool& pool=file_spec.pool();
 
-#ifdef WIN32
+PA_exec_result pa_exec(
+			bool 
+#if defined(NO_PA_EXEC) || defined(PA_SAFE_MODE)
+			forced_allow
+#endif
+			, 
+			const String& file_spec, 
+			const HashStringString* env, 
+			const ArrayString& argv, 
+			String& in) {
+	PA_exec_result result;
+
+#ifdef NO_PA_EXECS
+	if(!forced_allow)
+		throw Exception(PARSER_RUNTIME,
+			&file_spec,
+			"parser execs are disabled [recompile parser without --disable-execs configure option]");
+#endif
 
-	char pwd[MAX_STRING];
-	GetCurrentDirectory(sizeof(pwd), pwd);
-	char *dir=file_spec.cstr(String::UL_FILE_NAME);
-	rsplit(dir, '/'); SetCurrentDirectory(dir);
+#ifdef WIN32
 
 	PROCESS_INFORMATION pi;	
 	HANDLE hInWrite, hOutRead, hErrRead;
-	char *file_spec_cstr=file_spec.cstr(String::UL_FILE_NAME); 
-	const char *cmd=buildCommand(file_spec.pool(), file_spec, file_spec_cstr, argv);
-	char *env_cstr=0;
+	const char* script_spec_cstr=file_spec.taint_cstr(String::L_FILE_SPEC);
+	const char* cmd=buildCommand(script_spec_cstr, argv);
+	char* env_cstr=0;
 	if(env) {
-		String string(env->pool());
-		env->for_each(append_env_pair, &string);
-		env_cstr=string.cstr(String::UL_AS_IS);
-	}
-	if( CreateHiddenConsoleProcess(cmd, env_cstr, &pi, &hInWrite, &hOutRead, &hErrRead )) {
-		SetCurrentDirectory(pwd);
-
-		read_pipe(out, hOutRead, file_spec_cstr);
-		read_pipe(err, hErrRead, file_spec_cstr);
-		CloseHandle( hInWrite );
-		CloseHandle( hOutRead );
-		CloseHandle( hErrRead );
+		String::Body body;
+		Append_env_pair_info info(body);
+		env->for_each<Append_env_pair_info*>(append_env_pair, &info);
+		env_cstr=info.body.cstrm();
+		for(char* replacer=env_cstr; *replacer; replacer++)
+			if(*replacer=='\1')
+				*replacer=0;
+	}
+	if(DWORD error=CreateHiddenConsoleProcess(cmd, script_spec_cstr, env_cstr, &pi, &hInWrite, &hOutRead, &hErrRead)) {
+		char szErrorDesc[MAX_STRING];
+		const char* param="the file you tried to run";
+		size_t error_size=FormatMessage(
+			FORMAT_MESSAGE_FROM_SYSTEM|FORMAT_MESSAGE_ARGUMENT_ARRAY , NULL, error,
+			MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL),
+			szErrorDesc, sizeof(szErrorDesc), (va_list *)&param);
+		if(error_size>3) // ".\r\n"
+			szErrorDesc[error_size-3]=0;
+
+		throw Exception("file.execute",
+			&file_spec,
+			"exec failed - %s (%u). Consider adding shbang line (#!x:\\interpreter\\command line)", 
+				error_size?szErrorDesc:"<unknown>", error);
+	} else {
+		const char* in_cstr=in.cstr();
+		DWORD written_size;
+		WriteFile(hInWrite, in_cstr, in.length(), &written_size, NULL);
+		// EOF for stupid text reads
+		// normally they should read CONTENT_LENGTH bytes,
+		// without this char
+		WriteFile(hInWrite, "\x1A", 1, &written_size, NULL);
+		CloseHandle(hInWrite);
+		read_pipe(result.out, hOutRead);
+		CloseHandle(hOutRead);
+		read_pipe(result.err, hErrRead, String::L_TAINTED);		
+		CloseHandle(hErrRead);
 /*	
 from http://www.apache.org/websrc/cvsweb.cgi/apache-1.3/src/main/util_script.c?rev=1.151&content-type=text/vnd.viewcvs-markup
 
 	* We must close the handles to the new process and its main thread
-    * to prevent handle and memory leaks.
+	* to prevent handle and memory leaks.
 */	
 		CloseHandle(pi.hProcess);
-        CloseHandle(pi.hThread);
-	} else {
-		SetCurrentDirectory(pwd);
-
-		DWORD error=GetLastError();
-		char szErrorDesc[MAX_STRING];
-		FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error,
-                MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL),
-                szErrorDesc, sizeof(szErrorDesc), NULL);
-		size_t error_size=strlen(szErrorDesc);
-		if(error_size>3) // ".\r\n"
-			szErrorDesc[error_size-3]=0;
-            
-		PTHROW(0, 0,
-			&file_spec,
-			"exec failed - %s (%d)",
-				szErrorDesc,
-				(long)error);
+		CloseHandle(pi.hThread);
 	}
 
 #else
 
+	// execve needs non const
+	char* file_spec_cstr=file_spec.taint_cstrm(String::L_FILE_SPEC); 
+
 	int pipe_write, pipe_read, pipe_err;
-	const char *argv_cstrs[5]={"", "", "", "", ""};
-	if(argv) {
-		int size=min(5, argv->size());
-		for(int i=0; i<size; i++)
-			argv_cstrs[i]=argv->get_string(i)->cstr(String::UL_AS_IS);
+
+#ifdef PA_SAFE_MODE
+	if(!forced_allow) {
+		struct stat finfo;
+		if(stat(file_spec_cstr, &finfo)!=0)
+			throw Exception("file.missing", 
+				&file_spec, 
+				"stat failed: %s (%d), actual filename '%s'", 
+					strerror(errno), errno, file_spec_cstr);
+
+		check_safe_mode(finfo, file_spec, file_spec_cstr);
 	}
-	const char *file_spec_cstr=file_spec.cstr(String::UL_FILE_NAME);
-	char **env_cstrs=0;
+#endif
+
+	char* argv_cstrs[1+100+1]={file_spec_cstr, 0};
+	const int argv_size=argv.count();
+	const int argv_max=sizeof(argv_cstrs)/sizeof(argv_cstrs[0])-1-1;
+	if(argv_size>argv_max)
+		throw Exception(PARSER_RUNTIME,
+			&file_spec,
+			"too many arguments (%d > max %d)", argv_size, argv_max);
+	for(int i=0; i<argv_size; i++)
+		argv_cstrs[1+i]=argv[i]->cstrm();
+	argv_cstrs[1+argv_size]=0;
+
+	char **env_cstrs;
 	if(env) {
-		env_cstrs=
-			(char **)env->pool().malloc(sizeof(char *)*(env->size()+1/*0*/));
-		char **env_ref=env_cstrs;
-		env->for_each(append_env_pair, &env_ref);
-		*env_ref=0;
-	}
-	if(int pid=execle_piped(
-		file_spec_cstr,
-		argv_cstrs[0], argv_cstrs[1], argv_cstrs[2], argv_cstrs[3], argv_cstrs[4],
-		env_cstrs,
-		&pipe_write, &pipe_read, &pipe_err)) {
+		env_cstrs=new(PointerFreeGC) char *[env->count()+1/*0*/];
+		Append_env_pair_info info={env_cstrs}; 
+		env->for_each(append_env_pair, &info);
+		*info.env_ref=0;
+	} else
+		env_cstrs=0;
 
-		const char *in_cstr=in.cstr(String::UL_AS_IS);
-		write(pipe_write, in_cstr, in.size());
+	pid_t pid=execve_piped(
+		file_spec_cstr,
+		argv_cstrs, env_cstrs,
+		&pipe_write, &pipe_read, &pipe_err);
+	if(pid>0) {
+		// in child
+		if(!in.is_empty()) {// there is some in data
+			const char* in_cstr=in.cstr();
+			write(pipe_write, in_cstr, in.length());
+		}
 		close(pipe_write);
-		read_pipe(out, pipe_read, file_spec_cstr);
-		read_pipe(err, pipe_err, file_spec_cstr);
+		read_pipe(result.out, pipe_read);
 		close(pipe_read);
+		read_pipe(result.err, pipe_err, String::L_TAINTED);
 		close(pipe_err);
 
-		return get_exit_status(pid); // negative may mean "-errno[execl()]"
-	} else 
-		PTHROW(0, 0,
+		result.status=get_exit_status(pid); // negative may mean "-errno[execl()]"
+	} else { 
+		const char* str=strerror(errno);
+		throw Exception("file.execute",
 			&file_spec,
-			"pipe error");
+			"%s error: %s (%d)", pid<0?"fork":"pipe", str?str:"<unknown>", errno); 
+	}
 #endif
 
-	return 0;
+	return result;
 }