Changeset 3621 in MondoRescue for branches/3.3/mindi-busybox/archival/libarchive/get_header_tar.c

Timestamp:

Dec 20, 2016, 4:07:32 PM (7 years ago)

Author:

Bruno Cornec

Message:

New 3?3 banch for incorporation of latest busybox 1.25. Changing minor version to handle potential incompatibilities.

Location:

branches/3.3

Files:

• . (copied) (copied from branches/3.2 )
• mindi-busybox/archival/libarchive/get_header_tar.c (modified) (14 diffs)

branches/3.3/mindi-busybox/archival/libarchive/get_header_tar.c

@@ -17 +17 @@
 typedef uint32_t aliased_uint32_t FIX_ALIASING;
 typedef off_t    aliased_off_t    FIX_ALIASING;
-
-
-const char* FAST_FUNC strip_unsafe_prefix(const char *str)
-{
-    const char *cp = str;
-    while (1) {
-        char *cp2;
-        if (*cp == '/') {
-            cp++;
-            continue;
-        }
-        if (strncmp(cp, "/../"+1, 3) == 0) {
-            cp += 3;
-            continue;
-        }
-        cp2 = strstr(cp, "/../");
-        if (!cp2)
-            break;
-        cp = cp2 + 4;
-    }
-    if (cp != str) {
-        static smallint warned = 0;
-        if (!warned) {
-            warned = 1;
-            bb_error_msg("removing leading '%.*s' from member names",
-                (int)(cp - str), str);
-        }
-    }
-    return cp;
-}
 
 /* NB: _DESTROYS_ str[len] character! */
@@ -91 +61 @@
 #define GET_OCTAL(a) getOctal((a), sizeof(a))
 
+#define TAR_EXTD (ENABLE_FEATURE_TAR_GNU_EXTENSIONS || ENABLE_FEATURE_TAR_SELINUX)
+#if !TAR_EXTD
+#define process_pax_hdr(archive_handle, sz, global) \
+    process_pax_hdr(archive_handle, sz)
+#endif
 /* "global" is 0 or 1 */
 static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int global)
 {
+#if !TAR_EXTD
+    unsigned blk_sz = (sz + 511) & (~511);
+    seek_by_read(archive_handle->src_fd, blk_sz);
+#else
+    unsigned blk_sz = (sz + 511) & (~511);
     char *buf, *p;
-    unsigned blk_sz;
-
-    blk_sz = (sz + 511) & (~511);
+
     p = buf = xmalloc(blk_sz + 1);
     xread(archive_handle->src_fd, buf, blk_sz);
@@ -116 +94 @@
         p += len;
         sz -= len;
-        if ((int)sz < 0
+        if (
+        /** (int)sz < 0 - not good enough for huge malicious VALUE of 2^32-1 */
+            (int)(sz|len) < 0 /* this works */
          || len == 0
          || errno != EINVAL
@@ -133 +113 @@
         value = end + 1;
 
-#if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
-        if (!global && strncmp(value, "path=", sizeof("path=") - 1) == 0) {
+# if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
+        if (!global && is_prefixed_with(value, "path=")) {
             value += sizeof("path=") - 1;
             free(archive_handle->tar__longname);
@@ -140 +120 @@
             continue;
         }
-#endif
-
-#if ENABLE_FEATURE_TAR_SELINUX
+# endif
+
+# if ENABLE_FEATURE_TAR_SELINUX
         /* Scan for SELinux contexts, via "RHT.security.selinux" keyword.
          * This is what Red Hat's patched version of tar uses.
          */
-# define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
-        if (strncmp(value, SELINUX_CONTEXT_KEYWORD"=", sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1) == 0) {
+#  define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
+        if (is_prefixed_with(value, SELINUX_CONTEXT_KEYWORD"=")) {
             value += sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1;
             free(archive_handle->tar__sctx[global]);
@@ -153 +133 @@
             continue;
         }
-#endif
+# endif
     }
 
     free(buf);
+#endif
 }
 
@@ -199 +180 @@
      * saw zero block directly before this. */
     if (i == 0) {
-        xfunc_error_retval = 0;
- short_read:
-        bb_error_msg_and_die("short read");
+        bb_error_msg("short read");
+        /* this merely signals end of archive, not exit(1): */
+        return EXIT_FAILURE;
     }
     if (i != 512) {
         IF_FEATURE_TAR_AUTODETECT(goto autodetect;)
-        goto short_read;
+        bb_error_msg_and_die("short read");
     }
 
@@ -222 +203 @@
             while (full_read(archive_handle->src_fd, &tar, 512) == 512)
                 continue;
-            return EXIT_FAILURE;
+            return EXIT_FAILURE; /* "end of archive" */
         }
         archive_handle->tar__end = 1;
-        return EXIT_SUCCESS;
+        return EXIT_SUCCESS; /* "decoded one header" */
     }
     archive_handle->tar__end = 0;
@@ -231 +212 @@
     /* Check header has valid magic, "ustar" is for the proper tar,
      * five NULs are for the old tar format  */
-    if (strncmp(tar.magic, "ustar", 5) != 0
+    if (!is_prefixed_with(tar.magic, "ustar")
      && (!ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
          || memcmp(tar.magic, "\0\0\0\0", 5) != 0)
@@ -242 +223 @@
         if (lseek(archive_handle->src_fd, -i, SEEK_CUR) != 0)
             goto err;
-        if (setup_unzip_on_fd(archive_handle->src_fd, /*fail_if_not_detected:*/ 0) != 0)
+        if (setup_unzip_on_fd(archive_handle->src_fd, /*fail_if_not_compressed:*/ 0) != 0)
  err:
             bb_error_msg_and_die("invalid tar magic");
@@ -379 +360 @@
         file_header->mode |= S_IFIFO;
         goto size0;
+    case 'g':   /* pax global header */
+    case 'x': { /* pax extended header */
+        if ((uoff_t)file_header->size > 0xfffff) /* paranoia */
+            goto skip_ext_hdr;
+        process_pax_hdr(archive_handle, file_header->size, (tar.typeflag == 'g'));
+        goto again_after_align;
 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
+/* See http://www.gnu.org/software/tar/manual/html_node/Extensions.html */
     case 'L':
         /* free: paranoia: tar with several consecutive longnames */
@@ -399 +387 @@
         /* return get_header_tar(archive_handle); */
         goto again;
-    case 'D':   /* GNU dump dir */
-    case 'M':   /* Continuation of multi volume archive */
-    case 'N':   /* Old GNU for names > 100 characters */
-    case 'S':   /* Sparse file */
-    case 'V':   /* Volume header */
-#endif
-    case 'g':   /* pax global header */
-    case 'x': { /* pax extended header */
-        if ((uoff_t)file_header->size > 0xfffff) /* paranoia */
-            goto skip_ext_hdr;
-        process_pax_hdr(archive_handle, file_header->size, (tar.typeflag == 'g'));
-        goto again_after_align;
+/*
+ *  case 'S':   // Sparse file
+ * Was seen in the wild. Not supported (yet?).
+ * See https://www.gnu.org/software/tar/manual/html_section/tar_92.html
+ * for the format. (An "Old GNU Format" was seen, not PAX formats).
+ */
+//  case 'D':   /* GNU dump dir */
+//  case 'M':   /* Continuation of multi volume archive */
+//  case 'N':   /* Old GNU for names > 100 characters */
+//  case 'V':   /* Volume header */
+#endif
     }
  skip_ext_hdr:
@@ -441 +428 @@
     /* Everything up to and including last ".." component is stripped */
     overlapping_strcpy(file_header->name, strip_unsafe_prefix(file_header->name));
+//TODO: do the same for file_header->link_target?
 
     /* Strip trailing '/' in directories */
@@ -472 +460 @@
     free(file_header->tar__gname);
 #endif
-    return EXIT_SUCCESS;
+    return EXIT_SUCCESS; /* "decoded one header" */
 }