/* gspawn-win32-helper.c - Helper program for process launching on Win32.
*
* Copyright 2000 Red Hat, Inc.
* Copyright 2000 Tor Lillqvist
*
* SPDX-License-Identifier: LGPL-2.1-or-later
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with this library; if not, see .
*/
#include "config.h"
#include
#undef G_LOG_DOMAIN
#include "glib.h"
#define GSPAWN_HELPER
#include "gspawn-win32.c" /* For shared definitions */
#include "glib/glib-private.h"
static void
write_err_and_exit (gint fd,
gintptr msg)
{
gintptr en = errno;
write (fd, &msg, sizeof(gintptr));
write (fd, &en, sizeof(gintptr));
_exit (1);
}
#ifdef __GNUC__
# ifndef _stdcall
# define _stdcall __attribute__((stdcall))
# endif
#endif
/* We build gspawn-win32-helper.exe as a Windows GUI application
* to avoid any temporarily flashing console windows in case
* the gspawn function is invoked by a GUI program. Thus, no main()
* but a WinMain().
*/
/* Copy of protect_argv that handles wchar_t strings */
static gint
protect_wargv (gint argc,
wchar_t **wargv,
wchar_t ***new_wargv)
{
gint i;
*new_wargv = g_new (wchar_t *, argc+1);
/* Quote each argv element if necessary, so that it will get
* reconstructed correctly in the C runtime startup code. Note that
* the unquoting algorithm in the C runtime is really weird, and
* rather different than what Unix shells do. See stdargv.c in the C
* runtime sources (in the Platform SDK, in src/crt).
*
* Note that a new_wargv[0] constructed by this function should
* *not* be passed as the filename argument to a _wspawn* or _wexec*
* family function. That argument should be the real file name
* without any quoting.
*/
for (i = 0; i < argc; i++)
{
wchar_t *p = wargv[i];
wchar_t *q;
gint len = 0;
gint pre_bslash = 0;
gboolean need_dblquotes = FALSE;
while (*p)
{
if (*p == ' ' || *p == '\t')
need_dblquotes = TRUE;
/* estimate max len, assuming that all escapable characters will be escaped */
if (*p == '"' || *p == '\\')
len += 2;
else
len += 1;
p++;
}
q = (*new_wargv)[i] = g_new (wchar_t, len + need_dblquotes*2 + 1);
p = wargv[i];
if (need_dblquotes)
*q++ = '"';
/* Only quotes and backslashes preceding quotes are escaped:
* see "Parsing C Command-Line Arguments" at
* https://docs.microsoft.com/en-us/cpp/c-language/parsing-c-command-line-arguments
*/
while (*p)
{
if (*p == '"')
{
/* Add backslash for escaping quote itself */
*q++ = '\\';
/* Add backslash for every preceding backslash for escaping it */
for (;pre_bslash > 0; --pre_bslash)
*q++ = '\\';
}
/* Count length of continuous sequence of preceding backslashes. */
if (*p == '\\')
++pre_bslash;
else
pre_bslash = 0;
*q++ = *p;
p++;
}
if (need_dblquotes)
{
/* Add backslash for every preceding backslash for escaping it,
* do NOT escape quote itself.
*/
for (;pre_bslash > 0; --pre_bslash)
*q++ = '\\';
*q++ = '"';
}
*q++ = '\0';
}
(*new_wargv)[argc] = NULL;
return argc;
}
static int
checked_dup2 (int oldfd, int newfd, int report_fd)
{
if (oldfd == newfd)
return newfd;
if (dup2 (oldfd, newfd) == -1)
write_err_and_exit (report_fd, CHILD_DUP_FAILED);
return newfd;
}
#ifndef HELPER_CONSOLE
int _stdcall
WinMain (struct HINSTANCE__ *hInstance,
struct HINSTANCE__ *hPrevInstance,
char *lpszCmdLine,
int nCmdShow)
#else
int
main (int ignored_argc, char **ignored_argv)
#endif
{
GHashTable *fds; /* (element-type int int) */
int child_err_report_fd = -1;
int helper_sync_fd = -1;
int saved_stderr_fd = -1;
int i;
int fd;
int mode;
int maxfd = 2;
gintptr handle;
int saved_errno;
gintptr no_error = CHILD_NO_ERROR;
gint argv_zero_offset = ARG_PROGRAM;
wchar_t **new_wargv;
int argc;
char **argv;
wchar_t **wargv;
char c;
GWin32InvalidParameterHandler handler;
/* Fetch the wide-char argument vector */
wargv = CommandLineToArgvW (GetCommandLineW(), &argc);
g_assert (argc >= ARG_COUNT);
/* Convert unicode wargs to utf8 */
argv = g_new(char *, argc + 1);
for (i = 0; i < argc; i++)
argv[i] = g_utf16_to_utf8(wargv[i], -1, NULL, NULL, NULL);
argv[i] = NULL;
/* argv[ARG_CHILD_ERR_REPORT] is the file descriptor number onto
* which write error messages.
*/
child_err_report_fd = atoi (argv[ARG_CHILD_ERR_REPORT]);
maxfd = MAX (child_err_report_fd, maxfd);
/* Hack to implement G_SPAWN_FILE_AND_ARGV_ZERO. If
* argv[ARG_CHILD_ERR_REPORT] is suffixed with a '#' it means we get
* the program to run and its argv[0] separately.
*/
if (argv[ARG_CHILD_ERR_REPORT][strlen (argv[ARG_CHILD_ERR_REPORT]) - 1] == '#')
argv_zero_offset++;
/* argv[ARG_HELPER_SYNC] is the file descriptor number we read a
* byte that tells us it is OK to exit. We have to wait until the
* parent allows us to exit, so that the parent has had time to
* duplicate the process handle we sent it. Duplicating a handle
* from another process works only if that other process exists.
*/
helper_sync_fd = atoi (argv[ARG_HELPER_SYNC]);
maxfd = MAX (helper_sync_fd, maxfd);
/* argv[ARG_STDIN..ARG_STDERR] are the file descriptor numbers that
* should be dup2'd to 0, 1 and 2. '-' if the corresponding fd
* should be left alone, and 'z' if it should be connected to the
* bit bucket NUL:.
*/
if (argv[ARG_STDIN][0] == '-')
; /* Nothing */
else if (argv[ARG_STDIN][0] == 'z')
{
fd = open ("NUL:", O_RDONLY);
checked_dup2 (fd, 0, child_err_report_fd);
}
else
{
fd = atoi (argv[ARG_STDIN]);
checked_dup2 (fd, 0, child_err_report_fd);
}
if (argv[ARG_STDOUT][0] == '-')
; /* Nothing */
else if (argv[ARG_STDOUT][0] == 'z')
{
fd = open ("NUL:", O_WRONLY);
checked_dup2 (fd, 1, child_err_report_fd);
}
else
{
fd = atoi (argv[ARG_STDOUT]);
checked_dup2 (fd, 1, child_err_report_fd);
}
/* GUI application do not necessarily have a stderr */
if (_fileno (stderr) == 2)
{
saved_stderr_fd = GLIB_PRIVATE_CALL (g_win32_reopen_noninherited) (
dup (2), _O_WRONLY, NULL);
if (saved_stderr_fd == -1)
write_err_and_exit (child_err_report_fd, CHILD_DUP_FAILED);
}
maxfd = MAX (saved_stderr_fd, maxfd);
if (argv[ARG_STDERR][0] == '-')
; /* Nothing */
else if (argv[ARG_STDERR][0] == 'z')
{
fd = open ("NUL:", O_WRONLY);
checked_dup2 (fd, 2, child_err_report_fd);
}
else
{
fd = atoi (argv[ARG_STDERR]);
checked_dup2 (fd, 2, child_err_report_fd);
}
/* argv[ARG_WORKING_DIRECTORY] is the directory in which to run the
* process. If "-", don't change directory.
*/
if (argv[ARG_WORKING_DIRECTORY][0] == '-' &&
argv[ARG_WORKING_DIRECTORY][1] == 0)
; /* Nothing */
else if (_wchdir (wargv[ARG_WORKING_DIRECTORY]) < 0)
write_err_and_exit (child_err_report_fd, CHILD_CHDIR_FAILED);
fds = g_hash_table_new (NULL, NULL);
if (argv[ARG_FDS][0] != '-')
{
gchar **fdsv = g_strsplit (argv[ARG_FDS], ",", -1);
gsize i;
for (i = 0; fdsv[i]; i++)
{
char *endptr = NULL;
int sourcefd, targetfd;
gint64 val;
val = g_ascii_strtoll (fdsv[i], &endptr, 10);
g_assert (val <= G_MAXINT32);
sourcefd = val;
g_assert (endptr != fdsv[i]);
g_assert (*endptr == ':');
val = g_ascii_strtoll (endptr + 1, &endptr, 10);
targetfd = val;
g_assert (val <= G_MAXINT32);
g_assert (*endptr == '\0');
maxfd = MAX (maxfd, sourcefd);
maxfd = MAX (maxfd, targetfd);
g_hash_table_insert (fds, GINT_TO_POINTER (targetfd), GINT_TO_POINTER (sourcefd));
}
g_strfreev (fdsv);
}
maxfd++;
child_err_report_fd = checked_dup2 (child_err_report_fd, maxfd, child_err_report_fd);
maxfd++;
helper_sync_fd = checked_dup2 (helper_sync_fd, maxfd, child_err_report_fd);
if (saved_stderr_fd >= 0)
{
maxfd++;
saved_stderr_fd = checked_dup2 (saved_stderr_fd, maxfd, child_err_report_fd);
}
{
GHashTableIter iter;
gpointer sourcefd, targetfd;
g_hash_table_iter_init (&iter, fds);
while (g_hash_table_iter_next (&iter, &targetfd, &sourcefd))
{
/* If we're doing remapping fd assignments, we need to handle
* the case where the user has specified e.g. 5 -> 4, 4 -> 6.
* We do this by duping all source fds, taking care to ensure the new
* fds are larger than any target fd to avoid introducing new conflicts.
*/
maxfd++;
checked_dup2 (GPOINTER_TO_INT (sourcefd), maxfd, child_err_report_fd);
g_hash_table_iter_replace (&iter, GINT_TO_POINTER (maxfd));
}
g_hash_table_iter_init (&iter, fds);
while (g_hash_table_iter_next (&iter, &targetfd, &sourcefd))
checked_dup2 (GPOINTER_TO_INT (sourcefd), GPOINTER_TO_INT (targetfd), child_err_report_fd);
}
g_hash_table_add (fds, GINT_TO_POINTER (child_err_report_fd));
g_hash_table_add (fds, GINT_TO_POINTER (helper_sync_fd));
if (saved_stderr_fd >= 0)
g_hash_table_add (fds, GINT_TO_POINTER (saved_stderr_fd));
/* argv[ARG_CLOSE_DESCRIPTORS] is "y" if file descriptors from 3
* upwards should be closed
*/
GLIB_PRIVATE_CALL (g_win32_push_empty_invalid_parameter_handler) (&handler);
if (argv[ARG_CLOSE_DESCRIPTORS][0] == 'y')
for (i = 3; i < 1000; i++) /* FIXME real limit? */
if (!g_hash_table_contains (fds, GINT_TO_POINTER (i)))
if (_get_osfhandle (i) != -1)
close (i);
GLIB_PRIVATE_CALL (g_win32_pop_invalid_parameter_handler) (&handler);
/* We don't want our child to inherit the error report and
* helper sync fds.
*/
child_err_report_fd = GLIB_PRIVATE_CALL (g_win32_reopen_noninherited) (
child_err_report_fd, _O_WRONLY, NULL);
helper_sync_fd = GLIB_PRIVATE_CALL (g_win32_reopen_noninherited) (
helper_sync_fd, _O_RDONLY, NULL);
if (helper_sync_fd == -1)
write_err_and_exit (child_err_report_fd, CHILD_DUP_FAILED);
/* argv[ARG_WAIT] is "w" to wait for the program to exit */
if (argv[ARG_WAIT][0] == 'w')
mode = P_WAIT;
else
mode = P_NOWAIT;
/* argv[ARG_USE_PATH] is "y" to use PATH, otherwise not */
/* argv[ARG_PROGRAM] is executable file to run,
* argv[argv_zero_offset]... is its argv. argv_zero_offset equals
* ARG_PROGRAM unless G_SPAWN_FILE_AND_ARGV_ZERO was used, in which
* case we have a separate executable name and argv[0].
*/
/* For the program name passed to spawnv(), don't use the quoted
* version.
*/
protect_wargv (argc - argv_zero_offset, wargv + argv_zero_offset, &new_wargv);
if (argv[ARG_USE_PATH][0] == 'y')
handle = _wspawnvp (mode, wargv[ARG_PROGRAM], (const wchar_t **) new_wargv);
else
handle = _wspawnv (mode, wargv[ARG_PROGRAM], (const wchar_t **) new_wargv);
saved_errno = errno;
/* Some coverage warnings may be printed on stderr during this process exit.
* Remove redirection so that they would go to original stderr
* instead of being treated as part of stderr of child process.
*/
if (saved_stderr_fd >= 0)
dup2 (saved_stderr_fd, 2);
if (handle == -1 && saved_errno != 0)
{
int ec = (saved_errno == ENOENT)
? CHILD_SPAWN_NOENT
: CHILD_SPAWN_FAILED;
write_err_and_exit (child_err_report_fd, ec);
}
write (child_err_report_fd, &no_error, sizeof (no_error));
write (child_err_report_fd, &handle, sizeof (handle));
read (helper_sync_fd, &c, 1);
LocalFree (wargv);
g_strfreev (argv);
g_hash_table_unref (fds);
return 0;
}