installboot: adapt fileprefix() to future realpath(3) behavior

This was relying on realpath(3) working for paths that don't exist
yet, which will be changing soon.

Use a combination of dirname(3), realpath(3), and basename(3) to
construct a sane path while still ensuring that the target directory
exists.

with martijn
ok martijn, deraadt

1 files changed, 25 insertions, 9 deletions

diff --git a/usr.sbin/installboot/util.c b/usr.sbin/installboot/util.c
index ddb890a85c6..c62d145b875 100644
--- a/usr.sbin/installboot/util.c
+++ b/usr.sbin/installboot/util.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: util.c,v 1.11 2015/11/04 02:12:49 jsg Exp $	*/
+/*	$OpenBSD: util.c,v 1.12 2018/07/03 20:14:41 jcs Exp $	*/
 
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -25,6 +25,7 @@
 #include <string.h>
 #include <unistd.h>
 #include <limits.h>
+#include <libgen.h>
 
 #include "installboot.h"
 
@@ -98,7 +99,7 @@ filecopy(const char *srcfile, const char *dstfile)
 char *
 fileprefix(const char *base, const char *path)
 {
-	char *r, *s;
+	char *r = NULL, *d, *b, *s;
 	int n;
 
 	if ((s = malloc(PATH_MAX)) == NULL) {
@@ -107,18 +108,33 @@ fileprefix(const char *base, const char *path)
 	}
 	n = snprintf(s, PATH_MAX, "%s/%s", base, path);
 	if (n < 1 || n >= PATH_MAX) {
-		free(s);
 		warn("snprintf");
-		return (NULL);
+		goto err;
+	}
+	if ((d = dirname(s)) == NULL) {
+		warn("dirname");
+		goto err;
 	}
-	if ((r = realpath(s, NULL)) == NULL) {
-		free(s);
+	if ((r = realpath(d, NULL)) == NULL) {
 		warn("realpath");
-		return (NULL);
+		goto err;
 	}
-	free(s);
+	if ((b = basename(s)) == NULL) {
+		warn("basename");
+		goto err;
+	}
+	n = snprintf(s, PATH_MAX, "%s/%s", r, b);
+	free(r);
+	if (n < 1 || n >= PATH_MAX) {
+		warn("snprintf");
+		goto err;
+	}
+	return (s);
 
-	return (r);
+err:
+	free(s);
+	free(r);
+	return (NULL);
 }
 
 /*