sbase/tar.c

578 lines
12 KiB
C
Raw Normal View History

2013-07-18 11:15:35 -04:00
/* See LICENSE file for copyright and license details. */
#include <sys/stat.h>
#include <sys/time.h>
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
#include <errno.h>
#include <fcntl.h>
#include <grp.h>
#include <libgen.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
2013-07-18 11:15:35 -04:00
#include <string.h>
#include <unistd.h>
#include "fs.h"
2013-07-18 11:15:35 -04:00
#include "util.h"
2015-04-23 12:45:35 -04:00
#define BLKSIZ 512
enum Type {
REG = '0',
AREG = '\0',
HARDLINK = '1',
SYMLINK = '2',
CHARDEV = '3',
BLOCKDEV = '4',
DIRECTORY = '5',
FIFO = '6',
RESERVED = '7'
2015-04-23 12:45:35 -04:00
};
2015-02-16 13:47:36 -05:00
struct header {
2013-07-18 11:15:35 -04:00
char name[100];
char mode[8];
char uid[8];
char gid[8];
char size[12];
char mtime[12];
char chksum[8];
char type;
2015-04-23 11:14:09 -04:00
char linkname[100];
char magic[6];
char version[2];
2013-07-18 11:15:35 -04:00
char uname[32];
char gname[32];
char major[8];
char minor[8];
char prefix[155];
2013-07-18 11:15:35 -04:00
};
2015-04-23 12:45:35 -04:00
static struct ent {
char *name;
time_t mtime;
} *ents;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
2015-04-23 12:45:35 -04:00
static size_t entslen;
2013-07-18 11:15:35 -04:00
static int tarfd;
static ino_t tarinode;
static dev_t tardev;
2013-07-18 11:15:35 -04:00
2015-05-08 06:28:51 -04:00
static int mflag, vflag;
static int filtermode;
static const char *filtertool;
static const char *filtertools[] = {
['J'] = "xz",
['Z'] = "compress",
['a'] = "lzma",
['j'] = "bzip2",
['z'] = "gzip",
};
2013-07-18 11:15:35 -04:00
static void
pushent(char *name, time_t mtime)
{
2015-04-23 12:45:35 -04:00
ents = reallocarray(ents, entslen + 1, sizeof(*ents));
ents[entslen].name = strdup(name);
ents[entslen].mtime = mtime;
entslen++;
}
2015-04-23 07:38:32 -04:00
static struct ent *
popent(void)
{
2015-04-23 12:45:35 -04:00
if (entslen) {
entslen--;
return &ents[entslen];
}
return NULL;
}
static int
comp(int fd, const char *tool, const char *flags)
{
int fds[2];
if (pipe(fds) < 0)
eprintf("pipe:");
switch (fork()) {
case -1:
eprintf("fork:");
case 0:
dup2(fd, 1);
dup2(fds[0], 0);
close(fds[0]);
close(fds[1]);
execlp(tool, tool, flags, NULL);
weprintf("execlp %s:", tool);
_exit(1);
}
close(fds[0]);
return fds[1];
}
static int
decomp(int fd, const char *tool, const char *flags)
2013-07-18 11:15:35 -04:00
{
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
int fds[2];
if (pipe(fds) < 0)
eprintf("pipe:");
switch (fork()) {
case -1:
eprintf("fork:");
case 0:
dup2(fd, 0);
dup2(fds[1], 1);
close(fds[0]);
close(fds[1]);
execlp(tool, tool, flags, NULL);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
weprintf("execlp %s:", tool);
_exit(1);
2013-07-18 11:15:35 -04:00
}
close(fds[1]);
return fds[0];
}
static ssize_t
eread(int fd, void *buf, size_t n)
{
ssize_t r;
again:
r = read(fd, buf, n);
if (r < 0) {
if (errno == EINTR)
goto again;
eprintf("read:");
}
return r;
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
static ssize_t
ewrite(int fd, const void *buf, size_t n)
{
ssize_t r;
if ((r = write(fd, buf, n)) != n)
eprintf("write:");
return r;
2013-07-18 11:15:35 -04:00
}
static void
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
putoctal(char *dst, unsigned num, int size)
2013-07-18 11:15:35 -04:00
{
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (snprintf(dst, size, "%.*o", size - 1, num) >= size)
eprintf("snprintf: input number too large\n");
2013-07-18 11:15:35 -04:00
}
static int
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
archive(const char *path)
2013-07-18 11:15:35 -04:00
{
2015-04-23 10:31:26 -04:00
char b[BLKSIZ];
2015-02-16 13:47:36 -05:00
struct group *gr;
struct header *h;
struct passwd *pw;
struct stat st;
size_t chksum, i;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
ssize_t l, r;
int fd = -1;
2013-07-18 11:15:35 -04:00
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (lstat(path, &st) < 0) {
weprintf("lstat %s:", path);
return 0;
} else if (st.st_ino == tarinode && st.st_dev == tardev) {
weprintf("ignoring %s\n", path);
return 0;
}
pw = getpwuid(st.st_uid);
gr = getgrgid(st.st_gid);
2013-07-18 11:15:35 -04:00
h = (struct header *)b;
2015-02-16 13:47:36 -05:00
memset(b, 0, sizeof(b));
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
estrlcpy(h->name, path, sizeof(h->name));
putoctal(h->mode, (unsigned)st.st_mode & 0777, sizeof(h->mode));
putoctal(h->uid, (unsigned)st.st_uid, sizeof(h->uid));
putoctal(h->gid, (unsigned)st.st_gid, sizeof(h->gid));
putoctal(h->size, 0, sizeof(h->size));
putoctal(h->mtime, (unsigned)st.st_mtime, sizeof(h->mtime));
memcpy( h->magic, "ustar", sizeof(h->magic));
memcpy( h->version, "00", sizeof(h->version));
estrlcpy(h->uname, pw ? pw->pw_name : "", sizeof(h->uname));
estrlcpy(h->gname, gr ? gr->gr_name : "", sizeof(h->gname));
if (S_ISREG(st.st_mode)) {
2013-07-18 11:15:35 -04:00
h->type = REG;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
putoctal(h->size, (unsigned)st.st_size, sizeof(h->size));
fd = open(path, O_RDONLY);
if (fd < 0)
eprintf("open %s:", path);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
} else if (S_ISDIR(st.st_mode)) {
2013-07-18 11:15:35 -04:00
h->type = DIRECTORY;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
} else if (S_ISLNK(st.st_mode)) {
2013-07-18 11:15:35 -04:00
h->type = SYMLINK;
2015-04-23 11:14:09 -04:00
if ((r = readlink(path, h->linkname, sizeof(h->linkname) - 1)) < 0)
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
eprintf("readlink %s:", path);
2015-04-23 11:14:09 -04:00
h->linkname[r] = '\0';
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
} else if (S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode)) {
h->type = S_ISCHR(st.st_mode) ? CHARDEV : BLOCKDEV;
putoctal(h->major, (unsigned)major(st.st_dev), sizeof(h->major));
putoctal(h->minor, (unsigned)minor(st.st_dev), sizeof(h->minor));
} else if (S_ISFIFO(st.st_mode)) {
2013-07-18 11:15:35 -04:00
h->type = FIFO;
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
memset(h->chksum, ' ', sizeof(h->chksum));
for (i = 0, chksum = 0; i < sizeof(*h); i++)
chksum += (unsigned char)b[i];
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
putoctal(h->chksum, chksum, sizeof(h->chksum));
ewrite(tarfd, b, BLKSIZ);
2013-07-18 11:15:35 -04:00
if (fd != -1) {
while ((l = eread(fd, b, BLKSIZ)) > 0) {
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (l < BLKSIZ)
memset(b + l, 0, BLKSIZ - l);
ewrite(tarfd, b, BLKSIZ);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
}
close(fd);
2013-07-18 11:15:35 -04:00
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
2013-07-19 12:05:28 -04:00
return 0;
2013-07-18 11:15:35 -04:00
}
static int
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
unarchive(char *fname, ssize_t l, char b[BLKSIZ])
2013-07-18 11:15:35 -04:00
{
char lname[101], *tmp, *p;
long mode, major, minor, type, mtime, uid, gid;
struct header *h = (struct header *)b;
int fd = -1;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (!mflag && ((mtime = strtol(h->mtime, &p, 8)) < 0 || *p != '\0'))
eprintf("strtol %s: invalid number\n", h->mtime);
if (remove(fname) < 0 && errno != ENOENT)
2015-04-23 14:46:41 -04:00
eprintf("remove %s:", fname);
2013-07-18 11:15:35 -04:00
2015-04-20 12:32:15 -04:00
tmp = estrdup(fname);
mkdirp(dirname(tmp));
free(tmp);
switch (h->type) {
2013-07-18 11:15:35 -04:00
case REG:
case AREG:
case RESERVED:
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->mode);
fd = open(fname, O_WRONLY | O_TRUNC | O_CREAT, 0644);
if (fd < 0)
eprintf("open %s:", fname);
if (fchmod(fd, mode) < 0)
eprintf("fchmod %s:", fname);
2013-07-18 11:15:35 -04:00
break;
case HARDLINK:
case SYMLINK:
2015-04-23 11:14:09 -04:00
snprintf(lname, sizeof(lname), "%.*s", (int)sizeof(h->linkname),
h->linkname);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (((h->type == HARDLINK) ? link : symlink)(lname, fname) < 0)
eprintf("%s %s -> %s:",
(h->type == HARDLINK) ? "link" : "symlink",
fname, lname);
2013-07-18 11:15:35 -04:00
break;
case DIRECTORY:
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->mode);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (mkdir(fname, (mode_t)mode) < 0 && errno != EEXIST)
eprintf("mkdir %s:", fname);
2013-07-18 11:15:35 -04:00
break;
case CHARDEV:
case BLOCKDEV:
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->mode);
if ((major = strtol(h->major, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->major);
if ((minor = strtol(h->minor, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->minor);
2013-07-18 11:15:35 -04:00
type = (h->type == CHARDEV) ? S_IFCHR : S_IFBLK;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (mknod(fname, type | mode, makedev(major, minor)) < 0)
eprintf("mknod %s:", fname);
2013-07-18 11:15:35 -04:00
break;
case FIFO:
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->mode);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (mknod(fname, S_IFIFO | mode, 0) < 0)
eprintf("mknod %s:", fname);
2013-07-18 11:15:35 -04:00
break;
default:
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
eprintf("unsupported tar-filetype %c\n", h->type);
2013-07-18 11:15:35 -04:00
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if ((uid = strtol(h->uid, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->uid);
if ((gid = strtol(h->gid, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->gid);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (!getuid() && chown(fname, uid, gid))
weprintf("chown %s:", fname);
2013-07-18 11:15:35 -04:00
if (fd != -1) {
for (; l > 0; l -= BLKSIZ)
if (eread(tarfd, b, BLKSIZ) > 0)
ewrite(fd, b, MIN(l, BLKSIZ));
close(fd);
2013-07-18 11:15:35 -04:00
}
pushent(fname, mtime);
2013-07-18 11:15:35 -04:00
return 0;
}
2015-04-23 07:06:44 -04:00
static void
skipblk(ssize_t l)
2013-07-18 11:15:35 -04:00
{
2015-04-23 07:06:44 -04:00
char b[BLKSIZ];
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
2015-02-16 13:47:36 -05:00
for (; l > 0; l -= BLKSIZ)
if (!eread(tarfd, b, BLKSIZ))
break;
2015-04-23 07:06:44 -04:00
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
2015-04-23 07:06:44 -04:00
static int
print(char *fname, ssize_t l, char b[BLKSIZ])
{
puts(fname);
skipblk(l);
2013-07-18 11:15:35 -04:00
return 0;
}
static void
Refactor recurse() again Okay, why yet another recurse()-refactor? The last one added the recursor-struct, which simplified things on the user-end, but there was still one thing that bugged me a lot: Previously, all fn()'s were forced to (l)stat the paths themselves. This does not work well when you try to keep up with H-, L- and P- flags at the same time, as each utility-function would have to set the right function-pointer for (l)stat every single time. This is not desirable. Furthermore, recurse should be easy to use and not involve trouble finding the right (l)stat-function to do it right. So, what we needed was a stat-argument for each fn(), so it is directly accessible. This was impossible to do though when the fn()'s are still directly called by the programs to "start" the recurse. Thus, the fundamental change is to make recurse() the function to go, while designing the fn()'s in a way they can "live" with st being NULL (we don't want a null-pointer-deref). What you can see in this commit is the result of this work. Why all this trouble instead of using nftw? The special thing about recurse() is that you tell the function when to recurse() in your fn(). You don't need special flags to tell nftw() to skip the subtree, just to give an example. The only single downside to this is that now, you are not allowed to unconditionally call recurse() from your fn(). It has to be a directory. However, that is a cost I think is easily weighed up by the advantages. Another thing is the history: I added a procedure at the end of the outmost recurse to free the history. This way we don't leak memory. A simple optimization on the side: - if (h->dev == st.st_dev && h->ino == st.st_ino) + if (h->ino == st.st_ino && h->dev == st.st_dev) First compare the likely difference in inode-numbers instead of checking the unlikely condition that the device-numbers are different.
2015-03-18 19:53:42 -04:00
c(const char *path, struct stat *st, void *data, struct recursor *r)
2013-07-18 11:15:35 -04:00
{
archive(path);
2015-05-08 06:28:51 -04:00
if (vflag)
puts(path);
Refactor recurse() again Okay, why yet another recurse()-refactor? The last one added the recursor-struct, which simplified things on the user-end, but there was still one thing that bugged me a lot: Previously, all fn()'s were forced to (l)stat the paths themselves. This does not work well when you try to keep up with H-, L- and P- flags at the same time, as each utility-function would have to set the right function-pointer for (l)stat every single time. This is not desirable. Furthermore, recurse should be easy to use and not involve trouble finding the right (l)stat-function to do it right. So, what we needed was a stat-argument for each fn(), so it is directly accessible. This was impossible to do though when the fn()'s are still directly called by the programs to "start" the recurse. Thus, the fundamental change is to make recurse() the function to go, while designing the fn()'s in a way they can "live" with st being NULL (we don't want a null-pointer-deref). What you can see in this commit is the result of this work. Why all this trouble instead of using nftw? The special thing about recurse() is that you tell the function when to recurse() in your fn(). You don't need special flags to tell nftw() to skip the subtree, just to give an example. The only single downside to this is that now, you are not allowed to unconditionally call recurse() from your fn(). It has to be a directory. However, that is a cost I think is easily weighed up by the advantages. Another thing is the history: I added a procedure at the end of the outmost recurse to free the history. This way we don't leak memory. A simple optimization on the side: - if (h->dev == st.st_dev && h->ino == st.st_ino) + if (h->ino == st.st_ino && h->dev == st.st_dev) First compare the likely difference in inode-numbers instead of checking the unlikely condition that the device-numbers are different.
2015-03-18 19:53:42 -04:00
if (st && S_ISDIR(st->st_mode))
recurse(path, NULL, r);
2013-07-18 11:15:35 -04:00
}
static void
sanitize(struct header *h)
{
size_t i, j;
struct {
char *f;
size_t l;
} fields[] = {
{ h->mode, sizeof(h->mode) },
{ h->uid, sizeof(h->uid) },
{ h->gid, sizeof(h->gid) },
{ h->size, sizeof(h->size) },
{ h->mtime, sizeof(h->mtime) },
{ h->chksum, sizeof(h->chksum) },
{ h->major, sizeof(h->major) },
{ h->minor, sizeof(h->minor) }
};
/* Numeric fields can be terminated with spaces instead of
* NULs as per the ustar specification. Patch all of them to
* use NULs so we can perform string operations on them. */
for (i = 0; i < LEN(fields); i++)
for (j = 0; j < fields[i].l; j++)
if (fields[i].f[j] == ' ')
fields[i].f[j] = '\0';
}
static void
chktar(struct header *h)
{
char tmp[8], *err;
char *p = (char *)h;
long s1, s2, i;
if (h->prefix[0] == '\0' && h->name[0] == '\0')
goto bad;
if (h->magic[0] && strncmp("ustar", h->magic, 5))
goto bad;
memcpy(tmp, h->chksum, sizeof(tmp));
for (i = 0; i < sizeof(tmp); i++)
if (tmp[i] == ' ')
tmp[i] = '\0';
s1 = strtol(tmp, &err, 8);
if (s1 < 0 || *err != '\0')
goto bad;
memset(h->chksum, ' ', sizeof(h->chksum));
for (i = 0, s2 = 0; i < sizeof(*h); i++)
s2 += (unsigned char)p[i];
if (s1 != s2)
goto bad;
memcpy(h->chksum, tmp, sizeof(h->chksum));
return;
bad:
eprintf("malformed tar archive\n");
}
static void
xt(int argc, char *argv[], int mode)
2013-07-18 11:15:35 -04:00
{
char b[BLKSIZ], fname[256 + 1], *p;
struct timeval times[2];
struct header *h = (struct header *)b;
struct ent *ent;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
long size;
int i, n;
int (*fn)(char *, ssize_t, char[BLKSIZ]) = (mode == 'x') ? unarchive : print;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
while (eread(tarfd, b, BLKSIZ) > 0 && h->name[0]) {
chktar(h);
sanitize(h), n = 0;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
/* small dance around non-null terminated fields */
if (h->prefix[0])
n = snprintf(fname, sizeof(fname), "%.*s/",
(int)sizeof(h->prefix), h->prefix);
snprintf(fname + n, sizeof(fname) - n, "%.*s",
(int)sizeof(h->name), h->name);
if ((size = strtol(h->size, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->size);
if (argc) {
/* only extract the given files */
for (i = 0; i < argc; i++)
if (!strcmp(argv[i], fname))
break;
if (i == argc) {
2015-04-23 07:06:44 -04:00
skipblk(size);
continue;
}
}
/* ignore global pax header craziness */
if (h->type == 'g' || h->type == 'x') {
2015-04-23 07:06:44 -04:00
skipblk(size);
continue;
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
fn(fname, size, b);
2015-05-08 06:28:51 -04:00
if (vflag && mode != 't')
puts(fname);
2013-07-18 11:15:35 -04:00
}
if (!mflag) {
while ((ent = popent())) {
times[0].tv_sec = times[1].tv_sec = ent->mtime;
times[0].tv_usec = times[1].tv_usec = 0;
if (utimes(ent->name, times) < 0)
weprintf("utimes %s:", ent->name);
free(ent->name);
}
free(ents);
ents = NULL;
}
2013-07-18 11:15:35 -04:00
}
static void
usage(void)
{
eprintf("usage: %s [-C dir] [-J | -Z | -a | -j | -z] -x [-m | -t] [-f file] [file ...]\n"
" %s [-C dir] [-J | -Z | -a | -j | -z] [-h] -c path ... [-f file]\n", argv0, argv0);
}
int
main(int argc, char *argv[])
{
struct recursor r = { .fn = c, .hist = NULL, .depth = 0, .maxdepth = 0,
.follow = 'P', .flags = DIRFIRST };
2015-02-16 13:47:36 -05:00
struct stat st;
char *file = NULL, *dir = ".", mode = '\0';
int fd;
ARGBEGIN {
case 'x':
case 'c':
case 't':
mode = ARGC();
break;
case 'C':
dir = EARGF(usage());
break;
case 'f':
file = EARGF(usage());
break;
case 'm':
mflag = 1;
break;
case 'J':
case 'Z':
case 'a':
case 'j':
case 'z':
filtermode = ARGC();
filtertool = filtertools[filtermode];
break;
case 'h':
r.follow = 'L';
break;
2015-05-08 06:28:51 -04:00
case 'v':
vflag = 1;
break;
default:
usage();
} ARGEND
if (!mode)
usage();
if (mode == 'c')
if (!argc)
usage();
switch (mode) {
case 'c':
tarfd = 1;
if (file) {
tarfd = open(file, O_WRONLY | O_TRUNC | O_CREAT, 0644);
if (tarfd < 0)
eprintf("open %s:", file);
if (lstat(file, &st) < 0)
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
eprintf("lstat %s:", file);
tarinode = st.st_ino;
tardev = st.st_dev;
}
if (filtertool)
tarfd = comp(tarfd, filtertool, "-cf");
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (chdir(dir) < 0)
eprintf("chdir %s:", dir);
for (; *argv; argc--, argv++)
recurse(*argv, NULL, &r);
break;
case 't':
case 'x':
tarfd = 0;
if (file) {
tarfd = open(file, O_RDONLY);
if (tarfd < 0)
eprintf("open %s:", file);
}
if (filtertool) {
fd = tarfd;
tarfd = decomp(tarfd, filtertool, "-cd");
close(fd);
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
if (chdir(dir) < 0)
eprintf("chdir %s:", dir);
xt(argc, argv, mode);
break;
}
return recurse_status;
}