Changeset 2725 in MondoRescue for branches/2.2.9/mindi-busybox/libbb/copy_file.c

Timestamp:

Feb 25, 2011, 9:26:54 PM (13 years ago)

Author:

Bruno Cornec

Message:

• Update mindi-busybox to 1.18.3 to avoid problems with the tar command which is now failing on recent versions with busybox 1.7.3

File:

• branches/2.2.9/mindi-busybox/libbb/copy_file.c (modified) (21 diffs)

branches/2.2.9/mindi-busybox/libbb/copy_file.c

@@ -6 +6 @@
  * SELinux support by Yuichi Nakamura <ynakam@hitachisoft.jp>
  *
- * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
- *
+ * Licensed under GPLv2 or later, see file LICENSE in this source tree.
  */
-
 #include "libbb.h"
 
+// FEATURE_NON_POSIX_CP:
+//
 // POSIX: if exists and -i, ask (w/o -i assume yes).
 // Then open w/o EXCL (yes, not unlink!).
 // If open still fails and -f, try unlink, then try open again.
 // Result: a mess:
-// If dest is a softlink, we overwrite softlink's destination!
+// If dest is a (sym)link, we overwrite link destination!
 // (or fail, if it points to dir/nonexistent location/etc).
 // This is strange, but POSIX-correct.
 // coreutils cp has --remove-destination to override this...
-//
-// NB: we have special code which still allows for "cp file /dev/node"
-// to work POSIX-ly (the only realistic case where it makes sense)
-
-#define DO_POSIX_CP 0  /* 1 - POSIX behavior, 0 - safe behavior */
-
-// errno must be set to relevant value ("why we cannot create dest?")
-// for POSIX mode to give reasonable error message
+
+/* Called if open of destination, link creation etc fails.
+ * errno must be set to relevant value ("why we cannot create dest?")
+ * to give reasonable error message */
 static int ask_and_unlink(const char *dest, int flags)
 {
-#if DO_POSIX_CP
+    int e = errno;
+
+#if !ENABLE_FEATURE_NON_POSIX_CP
     if (!(flags & (FILEUTILS_FORCE|FILEUTILS_INTERACTIVE))) {
-        // Either it exists, or the *path* doesnt exist
-        bb_perror_msg("cannot create '%s'", dest);
+        /* Either it exists, or the *path* doesnt exist */
+        bb_perror_msg("can't create '%s'", dest);
         return -1;
     }
 #endif
-    // If !DO_POSIX_CP, act as if -f is always in effect - we don't want
-    // "cannot create" msg, we want unlink to be done (silently unless -i).
-
-    // TODO: maybe we should do it only if ctty is present?
+    // else: act as if -f is always in effect.
+    // We don't want "can't create" msg, we want unlink to be done
+    // (silently unless -i). Why? POSIX cp usually succeeds with
+    // O_TRUNC open of existing file, and user is left ignorantly happy.
+    // With above block unconditionally enabled, non-POSIX cp
+    // will complain a lot more than POSIX one.
+
+    /* TODO: maybe we should do it only if ctty is present? */
     if (flags & FILEUTILS_INTERACTIVE) {
         // We would not do POSIX insanity. -i asks,
@@ -48 +50 @@
         fprintf(stderr, "%s: overwrite '%s'? ", applet_name, dest);
         if (!bb_ask_confirmation())
-            return 0; // not allowed to overwrite
+            return 0; /* not allowed to overwrite */
     }
     if (unlink(dest) < 0) {
-        bb_perror_msg("cannot remove '%s'", dest);
-        return -1; // error
-    }
-    return 1; // ok (to try again)
+#if ENABLE_FEATURE_VERBOSE_CP_MESSAGE
+        if (e == errno && e == ENOENT) {
+            /* e == ENOTDIR is similar: path has non-dir component,
+             * but in this case we don't even reach copy_file() */
+            bb_error_msg("can't create '%s': Path does not exist", dest);
+            return -1; /* error */
+        }
+#endif
+        errno = e; /* do not use errno from unlink */
+        bb_perror_msg("can't create '%s'", dest);
+        return -1; /* error */
+    }
+    return 1; /* ok (to try again) */
 }
 
@@ -62 +73 @@
  *    (failures to preserve mode/owner/times are not reported in exit code)
  */
-int copy_file(const char *source, const char *dest, int flags)
+int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
 {
     /* This is a recursive function, try to minimize stack usage */
@@ -72 +83 @@
     signed char ovr;
 
-#define FLAGS_DEREF (flags & FILEUTILS_DEREFERENCE)
+/* Inverse of cp -d ("cp without -d") */
+#define FLAGS_DEREF (flags & (FILEUTILS_DEREFERENCE + FILEUTILS_DEREFERENCE_L0))
 
     if ((FLAGS_DEREF ? stat : lstat)(source, &source_stat) < 0) {
-        // This may be a dangling symlink.
-        // Making [sym]links to dangling symlinks works, so...
+        /* This may be a dangling symlink.
+         * Making [sym]links to dangling symlinks works, so... */
         if (flags & (FILEUTILS_MAKE_SOFTLINK|FILEUTILS_MAKE_HARDLINK))
             goto make_links;
-        bb_perror_msg("cannot stat '%s'", source);
+        bb_perror_msg("can't stat '%s'", source);
         return -1;
     }
@@ -85 +97 @@
     if (lstat(dest, &dest_stat) < 0) {
         if (errno != ENOENT) {
-            bb_perror_msg("cannot stat '%s'", dest);
+            bb_perror_msg("can't stat '%s'", dest);
             return -1;
         }
@@ -103 +115 @@
         if (lgetfilecon(source, &con) >= 0) {
             if (setfscreatecon(con) < 0) {
-                bb_perror_msg("cannot set setfscreatecon %s", con);
+                bb_perror_msg("can't set setfscreatecon %s", con);
                 freecon(con);
                 return -1;
@@ -110 +122 @@
             setfscreatecon_or_die(NULL);
         } else {
-            bb_perror_msg("cannot lgetfilecon %s", source);
+            bb_perror_msg("can't lgetfilecon %s", source);
             return -1;
         }
@@ -155 +167 @@
             if (mkdir(dest, mode) < 0) {
                 umask(saved_umask);
-                bb_perror_msg("cannot create directory '%s'", dest);
+                bb_perror_msg("can't create directory '%s'", dest);
                 return -1;
             }
@@ -161 +173 @@
             /* need stat info for add_to_ino_dev_hashtable */
             if (lstat(dest, &dest_stat) < 0) {
-                bb_perror_msg("cannot stat '%s'", dest);
+                bb_perror_msg("can't stat '%s'", dest);
                 return -1;
             }
@@ -183 +195 @@
                 continue;
             new_dest = concat_path_file(dest, d->d_name);
-            if (copy_file(new_source, new_dest, flags) < 0)
+            if (copy_file(new_source, new_dest, flags & ~FILEUTILS_DEREFERENCE_L0) < 0)
                 retval = -1;
             free(new_source);
@@ -193 +205 @@
          && chmod(dest, source_stat.st_mode & ~saved_umask) < 0
         ) {
-            bb_perror_msg("cannot preserve %s of '%s'", "permissions", dest);
+            bb_perror_msg("can't preserve %s of '%s'", "permissions", dest);
             /* retval = -1; - WRONG! copy *WAS* made */
         }
@@ -202 +214 @@
         int (*lf)(const char *oldpath, const char *newpath);
  make_links:
-        // Hmm... maybe
-        // if (DEREF && MAKE_SOFTLINK) source = realpath(source) ?
-        // (but realpath returns NULL on dangling symlinks...)
+        /* Hmm... maybe
+         * if (DEREF && MAKE_SOFTLINK) source = realpath(source) ?
+         * (but realpath returns NULL on dangling symlinks...) */
         lf = (flags & FILEUTILS_MAKE_SOFTLINK) ? symlink : link;
         if (lf(source, dest) < 0) {
@@ -211 +223 @@
                 return ovr;
             if (lf(source, dest) < 0) {
-                bb_perror_msg("cannot create link '%s'", dest);
+                bb_perror_msg("can't create link '%s'", dest);
                 return -1;
             }
         }
         /* _Not_ jumping to preserve_mode_ugid_time:
-         * hard/softlinks don't have those */
+         * (sym)links don't have those */
         return 0;
     }
 
-    if (S_ISREG(source_stat.st_mode)
-     /* DEREF uses stat, which never returns S_ISLNK() == true. */
+    if (/* "cp thing1 thing2" without -R: just open and read() from thing1 */
+        !(flags & FILEUTILS_RECUR)
+        /* "cp [-opts] regular_file thing2" */
+     || S_ISREG(source_stat.st_mode)
+     /* DEREF uses stat, which never returns S_ISLNK() == true.
+      * So the below is never true: */
      /* || (FLAGS_DEREF && S_ISLNK(source_stat.st_mode)) */
     ) {
         int src_fd;
         int dst_fd;
+        mode_t new_mode;
+
+        if (!FLAGS_DEREF && S_ISLNK(source_stat.st_mode)) {
+            /* "cp -d symlink dst": create a link */
+            goto dont_cat;
+        }
 
         if (ENABLE_FEATURE_PRESERVE_HARDLINKS && !FLAGS_DEREF) {
@@ -236 +258 @@
                         return ovr;
                     if (link(link_target, dest) < 0) {
-                        bb_perror_msg("cannot create link '%s'", dest);
+                        bb_perror_msg("can't create link '%s'", dest);
                         return -1;
                     }
@@ -249 +271 @@
             return -1;
 
-        /* POSIX way is a security problem versus symlink attacks,
-         * we do it only for non-symlinks, and only for non-recursive,
-         * non-interactive cp. NB: it is still racy
-         * for "cp file /home/bad_user/file" case
-         * (user can rm file and create a link to /etc/passwd) */
-        if (DO_POSIX_CP
-         || (dest_exists && !(flags & (FILEUTILS_RECUR|FILEUTILS_INTERACTIVE))
-             && !S_ISLNK(dest_stat.st_mode))
-        ) {
-            dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, source_stat.st_mode);
-        } else  /* safe way: */
-            dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, source_stat.st_mode);
+        /* Do not try to open with weird mode fields */
+        new_mode = source_stat.st_mode;
+        if (!S_ISREG(source_stat.st_mode))
+            new_mode = 0666;
+
+        // POSIX way is a security problem versus (sym)link attacks
+        if (!ENABLE_FEATURE_NON_POSIX_CP) {
+            dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, new_mode);
+        } else { /* safe way: */
+            dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, new_mode);
+        }
         if (dst_fd == -1) {
             ovr = ask_and_unlink(dest, flags);
@@ -268 +289 @@
             }
             /* It shouldn't exist. If it exists, do not open (symlink attack?) */
-            dst_fd = open3_or_warn(dest, O_WRONLY|O_CREAT|O_EXCL, source_stat.st_mode);
+            dst_fd = open3_or_warn(dest, O_WRONLY|O_CREAT|O_EXCL, new_mode);
             if (dst_fd < 0) {
                 close(src_fd);
@@ -276 +297 @@
 
 #if ENABLE_SELINUX
-        if (((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT)
-            || (flags & FILEUTILS_SET_SECURITY_CONTEXT))
+        if ((flags & (FILEUTILS_PRESERVE_SECURITY_CONTEXT|FILEUTILS_SET_SECURITY_CONTEXT))
          && is_selinux_enabled() > 0
         ) {
@@ -297 +317 @@
         if (bb_copyfd_eof(src_fd, dst_fd) == -1)
             retval = -1;
-        /* Ok, writing side I can understand... */
+        /* Careful with writing... */
         if (close(dst_fd) < 0) {
-            bb_perror_msg("cannot close '%s'", dest);
+            bb_perror_msg("error writing to '%s'", dest);
             retval = -1;
         }
         /* ...but read size is already checked by bb_copyfd_eof */
         close(src_fd);
+        /* "cp /dev/something new_file" should not
+         * copy mode of /dev/something */
+        if (!S_ISREG(source_stat.st_mode))
+            return retval;
         goto preserve_mode_ugid_time;
     }
+ dont_cat:
 
     /* Source is a symlink or a special file */
@@ -321 +346 @@
             free(lpath);
             if (r < 0) {
-                bb_perror_msg("cannot create symlink '%s'", dest);
+                bb_perror_msg("can't create symlink '%s'", dest);
                 return -1;
             }
             if (flags & FILEUTILS_PRESERVE_STATUS)
                 if (lchown(dest, source_stat.st_uid, source_stat.st_gid) < 0)
-                    bb_perror_msg("cannot preserve %s of '%s'", "ownership", dest);
+                    bb_perror_msg("can't preserve %s of '%s'", "ownership", dest);
         }
         /* _Not_ jumping to preserve_mode_ugid_time:
@@ -336 +361 @@
     ) {
         if (mknod(dest, source_stat.st_mode, source_stat.st_rdev) < 0) {
-            bb_perror_msg("cannot create '%s'", dest);
+            bb_perror_msg("can't create '%s'", dest);
             return -1;
         }
@@ -350 +375 @@
     /* && !(flags & (FILEUTILS_MAKE_SOFTLINK|FILEUTILS_MAKE_HARDLINK)) */
     ) {
-        struct utimbuf times;
-
-        times.actime = source_stat.st_atime;
-        times.modtime = source_stat.st_mtime;
+        struct timeval times[2];
+
+        times[1].tv_sec = times[0].tv_sec = source_stat.st_mtime;
+        times[1].tv_usec = times[0].tv_usec = 0;
         /* BTW, utimes sets usec-precision time - just FYI */
-        if (utime(dest, &times) < 0)
-            bb_perror_msg("cannot preserve %s of '%s'", "times", dest);
+        if (utimes(dest, times) < 0)
+            bb_perror_msg("can't preserve %s of '%s'", "times", dest);
         if (chown(dest, source_stat.st_uid, source_stat.st_gid) < 0) {
             source_stat.st_mode &= ~(S_ISUID | S_ISGID);
-            bb_perror_msg("cannot preserve %s of '%s'", "ownership", dest);
+            bb_perror_msg("can't preserve %s of '%s'", "ownership", dest);
         }
         if (chmod(dest, source_stat.st_mode) < 0)
-            bb_perror_msg("cannot preserve %s of '%s'", "permissions", dest);
+            bb_perror_msg("can't preserve %s of '%s'", "permissions", dest);
     }