Changeset 3232 in MondoRescue for branches/3.2/mindi-busybox/archival/libarchive/get_header_tar.c

Timestamp:

Jan 1, 2014, 12:47:38 AM (10 years ago)

Author:

Bruno Cornec

Message:

• Update mindi-busybox to 1.21.1

File:

• branches/3.2/mindi-busybox/archival/libarchive/get_header_tar.c (modified) (11 diffs)

branches/3.2/mindi-busybox/archival/libarchive/get_header_tar.c

@@ -13 +13 @@
 
 #include "libbb.h"
-#include "archive.h"
+#include "bb_archive.h"
 
 typedef uint32_t aliased_uint32_t FIX_ALIASING;
 typedef off_t    aliased_off_t    FIX_ALIASING;
 
+
+const char* FAST_FUNC strip_unsafe_prefix(const char *str)
+{
+    const char *cp = str;
+    while (1) {
+        char *cp2;
+        if (*cp == '/') {
+            cp++;
+            continue;
+        }
+        if (strncmp(cp, "/../"+1, 3) == 0) {
+            cp += 3;
+            continue;
+        }
+        cp2 = strstr(cp, "/../");
+        if (!cp2)
+            break;
+        cp = cp2 + 4;
+    }
+    if (cp != str) {
+        static smallint warned = 0;
+        if (!warned) {
+            warned = 1;
+            bb_error_msg("removing leading '%.*s' from member names",
+                (int)(cp - str), str);
+        }
+    }
+    return cp;
+}
 
 /* NB: _DESTROYS_ str[len] character! */
@@ -51 +80 @@
          * NB: tarballs with NEGATIVE unix times encoded that way were seen!
          */
-        v = first;
-        /* Sign-extend using 6th bit: */
-        v <<= sizeof(unsigned long long)*8 - 7;
-        v = (long long)v >> (sizeof(unsigned long long)*8 - 7);
+        /* Sign-extend 7bit 'first' to 64bit 'v' (that is, using 6th bit as sign): */
+        first <<= 1;
+        first >>= 1; /* now 7th bit = 6th bit */
+        v = first;   /* sign-extend 8 bits to 64 */
         while (--len != 0)
-            v = (v << 8) + (unsigned char) *str++;
+            v = (v << 8) + (uint8_t) *++str;
     }
     return v;
@@ -62 +91 @@
 #define GET_OCTAL(a) getOctal((a), sizeof(a))
 
-#if ENABLE_FEATURE_TAR_SELINUX
-/* Scan a PAX header for SELinux contexts, via "RHT.security.selinux" keyword.
- * This is what Red Hat's patched version of tar uses.
- */
-# define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
-static char *get_selinux_sctx_from_pax_hdr(archive_handle_t *archive_handle, unsigned sz)
+/* "global" is 0 or 1 */
+static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int global)
 {
     char *buf, *p;
-    char *result;
-
-    p = buf = xmalloc(sz + 1);
+    unsigned blk_sz;
+
+    blk_sz = (sz + 511) & (~511);
+    p = buf = xmalloc(blk_sz + 1);
+    xread(archive_handle->src_fd, buf, blk_sz);
+    archive_handle->offset += blk_sz;
+
     /* prevent bb_strtou from running off the buffer */
     buf[sz] = '\0';
-    xread(archive_handle->src_fd, buf, sz);
-    archive_handle->offset += sz;
-
-    result = NULL;
+
     while (sz != 0) {
         char *end, *value;
@@ -105 +131 @@
          */
         p[-1] = '\0';
-        /* Is it selinux security context? */
         value = end + 1;
+
+#if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
+        if (!global && strncmp(value, "path=", sizeof("path=") - 1) == 0) {
+            value += sizeof("path=") - 1;
+            free(archive_handle->tar__longname);
+            archive_handle->tar__longname = xstrdup(value);
+            continue;
+        }
+#endif
+
+#if ENABLE_FEATURE_TAR_SELINUX
+        /* Scan for SELinux contexts, via "RHT.security.selinux" keyword.
+         * This is what Red Hat's patched version of tar uses.
+         */
+# define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
         if (strncmp(value, SELINUX_CONTEXT_KEYWORD"=", sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1) == 0) {
             value += sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1;
-            result = xstrdup(value);
-            break;
-        }
+            free(archive_handle->tar__sctx[global]);
+            archive_handle->tar__sctx[global] = xstrdup(value);
+            continue;
+        }
+#endif
     }
 
     free(buf);
-    return result;
 }
-#endif
 
 char FAST_FUNC get_header_tar(archive_handle_t *archive_handle)
@@ -196 +236 @@
     ) {
 #if ENABLE_FEATURE_TAR_AUTODETECT
-        char FAST_FUNC (*get_header_ptr)(archive_handle_t *);
-        uint16_t magic2;
-
  autodetect:
-        magic2 = *(uint16_t*)tar.name;
-        /* tar gz/bz autodetect: check for gz/bz2 magic.
-         * If we see the magic, and it is the very first block,
-         * we can switch to get_header_tar_gz/bz2/lzma().
-         * Needs seekable fd. I wish recv(MSG_PEEK) works
-         * on any fd... */
-# if ENABLE_FEATURE_SEAMLESS_GZ
-        if (magic2 == GZIP_MAGIC) {
-            get_header_ptr = get_header_tar_gz;
-        } else
-# endif
-# if ENABLE_FEATURE_SEAMLESS_BZ2
-        if (magic2 == BZIP2_MAGIC
-         && tar.name[2] == 'h' && isdigit(tar.name[3])
-        ) { /* bzip2 */
-            get_header_ptr = get_header_tar_bz2;
-        } else
-# endif
-# if ENABLE_FEATURE_SEAMLESS_XZ
-        //TODO: if (magic2 == XZ_MAGIC1)...
-        //else
-# endif
-            goto err;
         /* Two different causes for lseek() != 0:
          * unseekable fd (would like to support that too, but...),
@@ -228 +242 @@
         if (lseek(archive_handle->src_fd, -i, SEEK_CUR) != 0)
             goto err;
-        while (get_header_ptr(archive_handle) == EXIT_SUCCESS)
-            continue;
-        return EXIT_FAILURE;
+        if (setup_unzip_on_fd(archive_handle->src_fd, /*fail_if_not_detected:*/ 0) != 0)
  err:
-#endif /* FEATURE_TAR_AUTODETECT */
+            bb_error_msg_and_die("invalid tar magic");
+        archive_handle->offset = 0;
+        goto again_after_align;
+#endif
         bb_error_msg_and_die("invalid tar magic");
     }
@@ -320 +335 @@
     /* (typeflag was not trashed because chksum does not use getOctal) */
     switch (tar.typeflag) {
-    /* busybox identifies hard links as being regular files with 0 size and a link name */
-    case '1':
+    case '1': /* hardlink */
+        /* we mark hardlinks as regular files with zero size and a link name */
         file_header->mode |= S_IFREG;
-        break;
+        /* on size of link fields from star(4)
+         * ... For tar archives written by pre POSIX.1-1988
+         * implementations, the size field usually contains the size of
+         * the file and needs to be ignored as no data may follow this
+         * header type.  For POSIX.1- 1988 compliant archives, the size
+         * field needs to be 0.  For POSIX.1-2001 compliant archives,
+         * the size field may be non zero, indicating that file data is
+         * included in the archive.
+         * i.e; always assume this is zero for safety.
+         */
+        goto size0;
     case '7':
     /* case 0: */
@@ -380 +405 @@
     case 'V':   /* Volume header */
 #endif
-#if !ENABLE_FEATURE_TAR_SELINUX
     case 'g':   /* pax global header */
-    case 'x':   /* pax extended header */
-#else
+    case 'x': { /* pax extended header */
+        if ((uoff_t)file_header->size > 0xfffff) /* paranoia */
+            goto skip_ext_hdr;
+        process_pax_hdr(archive_handle, file_header->size, (tar.typeflag == 'g'));
+        goto again_after_align;
+    }
  skip_ext_hdr:
-#endif
     {
         off_t sz;
@@ -397 +424 @@
         goto again_after_align;
     }
-#if ENABLE_FEATURE_TAR_SELINUX
-    case 'g':   /* pax global header */
-    case 'x': { /* pax extended header */
-        char **pp;
-        if ((uoff_t)file_header->size > 0xfffff) /* paranoia */
-            goto skip_ext_hdr;
-        pp = (tar.typeflag == 'g') ? &archive_handle->tar__global_sctx : &archive_handle->tar__next_file_sctx;
-        free(*pp);
-        *pp = get_selinux_sctx_from_pax_hdr(archive_handle, file_header->size);
-        goto again;
-    }
-#endif
     default:
         bb_error_msg_and_die("unknown typeflag: 0x%x", tar.typeflag);
@@ -423 +438 @@
     }
 #endif
-    if (strncmp(file_header->name, "/../"+1, 3) == 0
-     || strstr(file_header->name, "/../")
-    ) {
-        bb_error_msg_and_die("name with '..' encountered: '%s'",
-                file_header->name);
-    }
+
+    /* Everything up to and including last ".." component is stripped */
+    overlapping_strcpy(file_header->name, strip_unsafe_prefix(file_header->name));
 
     /* Strip trailing '/' in directories */
@@ -441 +453 @@
             *cp = '\0';
         archive_handle->action_data(archive_handle);
-        if (archive_handle->accept || archive_handle->reject)
+        if (archive_handle->accept || archive_handle->reject
+         || (archive_handle->ah_flags & ARCHIVE_REMEMBER_NAMES)
+        ) {
             llist_add_to(&archive_handle->passed, file_header->name);
-        else /* Caller isn't interested in list of unpacked files */
+        } else /* Caller isn't interested in list of unpacked files */
             free(file_header->name);
     } else {