--- parser3/src/main/pa_exec.C	2001/10/30 15:08:19	1.16
+++ parser3/src/main/pa_exec.C	2002/04/16 09:38:49	1.35
@@ -1,14 +1,21 @@
 /** @file
 	Parser: program executing for different OS-es.
 
-	Copyright(c) 2000,2001 ArtLebedev Group(http://www.artlebedev.com)
-	Author: Alexander Petrosyan <paf@design.ru>(http://design.ru/paf)
+	Copyright(c) 2000,2001, 2002 ArtLebedev Group(http://www.artlebedev.com)
+	Author: Alexandr Petrosian <paf@design.ru> (http://paf.design.ru)
 
-	$Id: pa_exec.C,v 1.16 2001/10/30 15:08:19 paf Exp $
+	$Id: pa_exec.C,v 1.35 2002/04/16 09:38:49 paf Exp $
+
+
+	@todo setrlimit
 */
 
 #include "pa_config_includes.h"
 
+#include "pa_exec.h"
+#include "pa_exception.h"
+#include "pa_common.h"
+
 #ifdef WIN32
 #	include <windows.h>
 #else
@@ -17,18 +24,10 @@
 #	include <sys/wait.h>
 #endif
 
-#include <stdio.h>
-#include <errno.h>
-
-#include "pa_exec.h"
-#include "pa_exception.h"
-#include "pa_common.h"
-
-
 #ifdef WIN32
 
 /// this func from http://www.ccas.ru/~posp/popov/spawn.htm
-static BOOL WINAPI CreateHiddenConsoleProcess(LPCTSTR szChildName,
+static BOOL WINAPI CreateHiddenConsoleProcess(LPCTSTR szCmdLine,
 										char *szEnv,
                                         PROCESS_INFORMATION* ppi, 
                                         LPHANDLE phInWrite,
@@ -71,15 +70,22 @@ static BOOL WINAPI CreateHiddenConsolePr
     si.hStdOutput=hOutWrite;
     si.hStdError=hErrWrite;
 
+	// calculating script's directory
+	char dir[MAX_STRING];
+	strncpy(dir, szCmdLine, MAX_STRING-1); dir[MAX_STRING-1]=0;
+	lsplit(dir,' '); // trim arguments
+	rsplit(dir,'/'); rsplit(dir,'\\'); // trim filename
+	chdir(dir);
+
     // Create a child process (suspended)
     fCreated=CreateProcess(NULL,
-                              (LPTSTR)szChildName,
+                              (LPTSTR)szCmdLine,
                               NULL,
                               NULL,
                               TRUE,
-                              0, //todo CREATE_NO_WINDOW,
+                              CREATE_NO_WINDOW,
                               szEnv,
-                              NULL,
+                              dir,
                               &si,
                               ppi);
 
@@ -100,14 +106,14 @@ error:
     return FALSE;
 }
 
-static void read_pipe(String& result, HANDLE hOutRead, const char *file_spec){
+static void read_pipe(String& result, HANDLE hOutRead, const char *file_spec, 
+					  String::Untaint_lang lang){
 	while(true) {
 		char *buf=(char *)result.pool().malloc(MAX_STRING);
 		unsigned long size;
-		ReadFile(hOutRead, buf, MAX_STRING, &size, NULL);
-		if(!size) 
+		if(!ReadFile(hOutRead, buf, MAX_STRING, &size, NULL) || !size) 
 			break;
-		result.APPEND_AS_IS(buf, size, file_spec, 0);
+		result.APPEND(buf, size, lang, file_spec, 0);
     }
 }
 
@@ -155,14 +161,9 @@ static const char *buildCommand(Pool& po
 
 #else
 
-static int execle_piped(const char *path, 
-						const char *arg1, const char *arg2,
-						const char *arg3, const char *arg4,
-						const char *arg5, const char *arg6,
-						const char *arg7, const char *arg8,
-						const char *arg9, const char *arg10,
-						char * const env[],
-						int *pipe_in, int *pipe_out, int *pipe_err) {
+static int execve_piped(const char *file_spec_cstr, 
+			char * const argv[], char * const env[],
+			int *pipe_in, int *pipe_out, int *pipe_err) {
 	int pid;
 	int in_fds[2];
 	int out_fds[2];
@@ -235,7 +236,14 @@ static int execle_piped(const char *path
 		/* HP-UX SIGCHLD fix goes here, if someone will remind me what it is... */
 		signal(SIGCHLD, SIG_DFL);	/* Was that it? */
 	
-		execle(path, arg1, arg2, arg3, arg4, arg5, NULL, env);
+		// chdir to script's directory
+		char dir[MAX_STRING];
+		strncpy(dir, file_spec_cstr, MAX_STRING-1); dir[MAX_STRING-1]=0;
+		rsplit(dir,'/'); // trim filename
+		chdir(dir);
+
+		//  execute
+		execve(file_spec_cstr, argv, env);
 		exit(-errno);
 	}
 	
@@ -267,18 +275,19 @@ static int get_exit_status(int pid) {
 		WEXITSTATUS(status) : -2;
 }
 
-static void read_pipe(String& result, int file, const char *file_spec){
+static void read_pipe(String& result, int file, const char *file_spec, String::Untaint_lang lang){
 	while(true) {
 		char *buf=(char *)result.pool().malloc(MAX_STRING);
 		size_t size=read(file, buf, MAX_STRING);
-		if(!size) 
+		if(!size)
 			break;
-		result.APPEND_AS_IS(buf, size, file_spec, 0);
+		result.APPEND(buf, size, lang, file_spec, 0);
     }
 }
 
 #endif
 
+///@test maybe here and at argv construction --- cstr(String::UL_UNSPECIFIED
 static void append_env_pair(const Hash::Key& key, Hash::Val *value, void *info) {
 #ifdef WIN32
 	String& string=*static_cast<String *>(info);
@@ -293,18 +302,23 @@ static void append_env_pair(const Hash::
 	**env_ref=string.cstr();  (*env_ref)++;
 #endif
 }
-int pa_exec(const String& file_spec, 
+
+int pa_exec(
+			bool forced_allow,
+			const String& file_spec, 
 			const Hash *env,
 			const Array *argv,
 			const String& in, String& out, String& err) {
 	Pool& pool=file_spec.pool();
 
-#ifdef WIN32
+#ifdef NO_PA_EXECS
+	if(!forced_allow)
+		throw Exception("parser.runtime",
+			&file_spec,
+			"parser execs are disabled [recompile parser without --disable-execs configure option]");
+#endif
 
-	char pwd[MAX_STRING];
-	GetCurrentDirectory(sizeof(pwd), pwd);
-	char *dir=file_spec.cstr(String::UL_FILE_SPEC);
-	rsplit(dir, '/'); SetCurrentDirectory(dir);
+#ifdef WIN32
 
 	PROCESS_INFORMATION pi;	
 	HANDLE hInWrite, hOutRead, hErrRead;
@@ -317,8 +331,6 @@ int pa_exec(const String& file_spec,
 		env_cstr=string.cstr();
 	}
 	if(CreateHiddenConsoleProcess(cmd, env_cstr, &pi, &hInWrite, &hOutRead, &hErrRead)) {
-		SetCurrentDirectory(pwd);
-
 		const char *in_cstr=in.cstr();
 		DWORD written_size;
 		WriteFile(hInWrite, in_cstr, in.size(), &written_size, NULL);
@@ -327,9 +339,9 @@ int pa_exec(const String& file_spec,
 		// without this char
 		WriteFile(hInWrite, "\x1A", 1, &written_size, NULL);
 		CloseHandle(hInWrite);
-		read_pipe(out, hOutRead, file_spec_cstr);
+		read_pipe(out, hOutRead, file_spec_cstr, String::UL_AS_IS);
 		CloseHandle(hOutRead);
-		read_pipe(err, hErrRead, file_spec_cstr);		
+		read_pipe(err, hErrRead, file_spec_cstr, String::UL_TAINTED);		
 		CloseHandle(hErrRead);
 /*	
 from http://www.apache.org/websrc/cvsweb.cgi/apache-1.3/src/main/util_script.c?rev=1.151&content-type=text/vnd.viewcvs-markup
@@ -340,8 +352,6 @@ from http://www.apache.org/websrc/cvsweb
 		CloseHandle(pi.hProcess);
         CloseHandle(pi.hThread);
 	} else {
-		SetCurrentDirectory(pwd);
-
 		DWORD error=GetLastError();
 		char szErrorDesc[MAX_STRING];
 		FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, error,
@@ -351,9 +361,9 @@ from http://www.apache.org/websrc/cvsweb
 		if(error_size>3) // ".\r\n"
 			szErrorDesc[error_size-3]=0;
             
-		throw Exception(0, 0,
+		throw Exception(0,
 			&file_spec,
-			"(real filename=\"%s\") exec failed - %s (%ld)",
+			"(real command line=\"%s\") exec failed - %s (%ld)",
 				cmd,
 				szErrorDesc, (long)error);
 	}
@@ -361,13 +371,37 @@ from http://www.apache.org/websrc/cvsweb
 #else
 
 	int pipe_write, pipe_read, pipe_err;
-	const char *argv_cstrs[5]={"", "", "", "", ""};
+	char *file_spec_cstr=file_spec.cstr(String::UL_FILE_SPEC);
+
+#ifdef NO_FOREIGN_GROUP_FILES
+	if(!forced_allow) {
+		struct stat finfo;
+		if(stat(file_spec_cstr, &finfo)!=0)
+			throw Exception("file.missing", 
+					&file_spec, 
+					"stat failed: %s (%d), actual filename '%s'", 
+						strerror(errno), errno, file_spec_cstr);
+
+		if(finfo.st_gid/*foreign?*/!=getegid())
+			throw Exception("parser.runtime",
+				&file_spec,
+				"parser executing files of foreign group is	disabled [recompile parser without --disable-foreign-group-files configure option], actual filename '%s'", 
+					file_spec_cstr);
+	}
+#endif
+
+	char *argv_cstrs[1+10+1]={file_spec_cstr, 0};
 	if(argv) {
-		int size=min(5, argv->size());
-		for(int i=0; i<size; i++)
-			argv_cstrs[i]=argv->get_string(i)->cstr();
+		const int argv_size=argv->size();
+		const int argv_max=sizeof(argv_cstrs)/sizeof(argv_cstrs[0])-1-1;
+		if(argv_size>argv_max)
+			throw Exception("parser.runtime",
+				&file_spec,
+				"too many arguments (%d > max %d)", argv_size, argv_max);
+		for(int i=0; i<argv_size; i++)
+			argv_cstrs[1+i]=argv->get_string(i)->cstr();
+		argv_cstrs[1+argv_size]=0;
 	}
-	const char *file_spec_cstr=file_spec.cstr(String::UL_FILE_SPEC);
 	char **env_cstrs=0;
 	if(env) {
 		env_cstrs=
@@ -376,24 +410,24 @@ from http://www.apache.org/websrc/cvsweb
 		env->for_each(append_env_pair, &env_ref);
 		*env_ref=0;
 	}
-	if(int pid=execle_piped(
-		file_spec_cstr,
-		argv_cstrs[0], argv_cstrs[1], argv_cstrs[2], argv_cstrs[3], argv_cstrs[4],
-		argv_cstrs[5], argv_cstrs[6], argv_cstrs[7], argv_cstrs[8], argv_cstrs[9],
-		env_cstrs,
-		&pipe_write, &pipe_read, &pipe_err)) {
 
+	int pid=execve_piped(
+		file_spec_cstr,
+		argv_cstrs, env_cstrs,
+		&pipe_write, &pipe_read, &pipe_err);
+	if(pid) {
+		// in child
 		const char *in_cstr=in.cstr();
 		write(pipe_write, in_cstr, in.size());
 		close(pipe_write);
-		read_pipe(out, pipe_read, file_spec_cstr);
+		read_pipe(out, pipe_read, file_spec_cstr, String::UL_AS_IS);
 		close(pipe_read);
-		read_pipe(err, pipe_err, file_spec_cstr);
+		read_pipe(err, pipe_err, file_spec_cstr, String::UL_TAINTED);
 		close(pipe_err);
 
 		return get_exit_status(pid); // negative may mean "-errno[execl()]"
 	} else 
-		throw Exception(0, 0,
+		throw Exception(0,
 			&file_spec,
 			"pipe error");
 #endif