===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/mandoc/mandocdb.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -c -r1.34 -r1.35
*** src/usr.bin/mandoc/mandocdb.c	2012/01/05 22:48:52	1.34
--- src/usr.bin/mandoc/mandocdb.c	2012/01/07 15:32:24	1.35
***************
*** 1,4 ****
! /*	$Id: mandocdb.c,v 1.34 2012/01/05 22:48:52 schwarze Exp $ */
  /*
   * Copyright (c) 2011 Kristaps Dzonsons <kristaps@bsd.lv>
   * Copyright (c) 2011 Ingo Schwarze <schwarze@openbsd.org>
--- 1,4 ----
! /*	$Id: mandocdb.c,v 1.35 2012/01/07 15:32:24 schwarze Exp $ */
  /*
   * Copyright (c) 2011 Kristaps Dzonsons <kristaps@bsd.lv>
   * Copyright (c) 2011 Ingo Schwarze <schwarze@openbsd.org>
***************
*** 114,120 ****
  				struct mdb *, struct recs *);
  static	void		  index_prune(const struct of *, struct mdb *,
  				struct recs *);
! static	void		  ofile_argbuild(int, char *[], struct of **);
  static	void		  ofile_dirbuild(const char *, const char *,
  				const char *, int, struct of **);
  static	void		  ofile_free(struct of *);
--- 114,121 ----
  				struct mdb *, struct recs *);
  static	void		  index_prune(const struct of *, struct mdb *,
  				struct recs *);
! static	void		  ofile_argbuild(int, char *[], struct of **,
! 				const char *);
  static	void		  ofile_dirbuild(const char *, const char *,
  				const char *, int, struct of **);
  static	void		  ofile_free(struct of *);
***************
*** 384,390 ****
  	dbuf.cp = mandoc_malloc(dbuf.size);
  
  	if (OP_TEST == op) {
! 		ofile_argbuild(argc, argv, &of);
  		if (NULL == of)
  			goto out;
  		index_merge(of, mp, &dbuf, &buf, hash, &mdb, &recs);
--- 385,391 ----
  	dbuf.cp = mandoc_malloc(dbuf.size);
  
  	if (OP_TEST == op) {
! 		ofile_argbuild(argc, argv, &of, NULL);
  		if (NULL == of)
  			goto out;
  		index_merge(of, mp, &dbuf, &buf, hash, &mdb, &recs);
***************
*** 392,407 ****
  	}
  
  	if (OP_UPDATE == op || OP_DELETE == op) {
! 		strlcat(mdb.dbn, dir, MAXPATHLEN);
! 		strlcat(mdb.dbn, "/", MAXPATHLEN);
  		sz1 = strlcat(mdb.dbn, MANDOC_DB, MAXPATHLEN);
  
! 		strlcat(mdb.idxn, dir, MAXPATHLEN);
! 		strlcat(mdb.idxn, "/", MAXPATHLEN);
  		sz2 = strlcat(mdb.idxn, MANDOC_IDX, MAXPATHLEN);
  
  		if (sz1 >= MAXPATHLEN || sz2 >= MAXPATHLEN) {
! 			fprintf(stderr, "%s: path too long\n", dir);
  			exit((int)MANDOCLEVEL_BADARG);
  		}
  
--- 393,415 ----
  	}
  
  	if (OP_UPDATE == op || OP_DELETE == op) {
! 		if (NULL == realpath(dir, pbuf)) {
! 			perror(dir);
! 			exit((int)MANDOCLEVEL_BADARG);
! 		}
! 		if (strlcat(pbuf, "/", PATH_MAX) >= PATH_MAX) {
! 			fprintf(stderr, "%s: path too long\n", pbuf);
! 			exit((int)MANDOCLEVEL_BADARG);
! 		}
! 
! 		strlcat(mdb.dbn, pbuf, MAXPATHLEN);
  		sz1 = strlcat(mdb.dbn, MANDOC_DB, MAXPATHLEN);
  
! 		strlcat(mdb.idxn, pbuf, MAXPATHLEN);
  		sz2 = strlcat(mdb.idxn, MANDOC_IDX, MAXPATHLEN);
  
  		if (sz1 >= MAXPATHLEN || sz2 >= MAXPATHLEN) {
! 			fprintf(stderr, "%s: path too long\n", mdb.idxn);
  			exit((int)MANDOCLEVEL_BADARG);
  		}
  
***************
*** 417,423 ****
  			exit((int)MANDOCLEVEL_SYSERR);
  		}
  
! 		ofile_argbuild(argc, argv, &of);
  
  		if (NULL == of)
  			goto out;
--- 425,431 ----
  			exit((int)MANDOCLEVEL_SYSERR);
  		}
  
! 		ofile_argbuild(argc, argv, &of, pbuf);
  
  		if (NULL == of)
  			goto out;
***************
*** 1507,1521 ****
  }
  
  static void
! ofile_argbuild(int argc, char *argv[], struct of **of)
  {
  	char		 buf[MAXPATHLEN];
  	const char	*sec, *arch, *title;
! 	char		*p;
  	int		 i, src_form;
  	struct of	*nof;
  
  	for (i = 0; i < argc; i++) {
  
  		/*
  		 * Try to infer the manual section, architecture and
--- 1515,1544 ----
  }
  
  static void
! ofile_argbuild(int argc, char *argv[], struct of **of,
! 		const char *basedir)
  {
  	char		 buf[MAXPATHLEN];
+ 	char		 pbuf[PATH_MAX];
  	const char	*sec, *arch, *title;
! 	char		*relpath, *p;
  	int		 i, src_form;
  	struct of	*nof;
  
  	for (i = 0; i < argc; i++) {
+ 		if (NULL == (relpath = realpath(argv[i], pbuf))) {
+ 			perror(argv[i]);
+ 			continue;
+ 		}
+ 		if (NULL != basedir) {
+ 			if (strstr(pbuf, basedir) != pbuf) {
+ 				fprintf(stderr, "%s: file outside "
+ 				    "base directory %s\n",
+ 				    pbuf, basedir);
+ 				continue;
+ 			}
+ 			relpath = pbuf + strlen(basedir);
+ 		}
  
  		/*
  		 * Try to infer the manual section, architecture and
***************
*** 1524,1531 ****
  		 *   cat<section>[/<arch>]/<title>.0
  		 */
  
! 		if (strlcpy(buf, argv[i], sizeof(buf)) >= sizeof(buf)) {
! 			fprintf(stderr, "%s: path too long\n", argv[i]);
  			continue;
  		}
  		sec = arch = title = "";
--- 1547,1554 ----
  		 *   cat<section>[/<arch>]/<title>.0
  		 */
  
! 		if (strlcpy(buf, relpath, sizeof(buf)) >= sizeof(buf)) {
! 			fprintf(stderr, "%s: path too long\n", relpath);
  			continue;
  		}
  		sec = arch = title = "";
***************
*** 1561,1567 ****
  				fprintf(stderr,
  				    "%s: cannot deduce title "
  				    "from filename\n",
! 				    argv[i]);
  			title = buf;
  		}
  
--- 1584,1590 ----
  				fprintf(stderr,
  				    "%s: cannot deduce title "
  				    "from filename\n",
! 				    relpath);
  			title = buf;
  		}
  
***************
*** 1570,1576 ****
  		 */
  
  		nof = mandoc_calloc(1, sizeof(struct of));
! 		nof->fname = mandoc_strdup(argv[i]);
  		nof->sec = mandoc_strdup(sec);
  		nof->arch = mandoc_strdup(arch);
  		nof->title = mandoc_strdup(title);
--- 1593,1599 ----
  		 */
  
  		nof = mandoc_calloc(1, sizeof(struct of));
! 		nof->fname = mandoc_strdup(relpath);
  		nof->sec = mandoc_strdup(sec);
  		nof->arch = mandoc_strdup(arch);
  		nof->title = mandoc_strdup(title);
***************
*** 1581,1587 ****
  		 */
  
  		if (verb > 1)
! 			printf("%s: scheduling\n", argv[i]);
  		if (NULL == *of) {
  			*of = nof;
  			(*of)->first = nof;
--- 1604,1610 ----
  		 */
  
  		if (verb > 1)
! 			printf("%s: scheduling\n", relpath);
  		if (NULL == *of) {
  			*of = nof;
  			(*of)->first = nof;