2013-07-18 11:15:35 -04:00
|
|
|
/* See LICENSE file for copyright and license details. */
|
2015-01-26 10:07:42 -05:00
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/time.h>
|
|
|
|
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
#include <errno.h>
|
2015-04-23 10:20:10 -04:00
|
|
|
#include <fcntl.h>
|
2014-11-13 13:54:28 -05:00
|
|
|
#include <grp.h>
|
2015-04-20 11:31:51 -04:00
|
|
|
#include <libgen.h>
|
2014-11-13 13:54:28 -05:00
|
|
|
#include <pwd.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
2013-07-18 11:15:35 -04:00
|
|
|
#include <string.h>
|
2014-11-13 13:54:28 -05:00
|
|
|
#include <unistd.h>
|
2014-11-13 12:29:30 -05:00
|
|
|
|
2015-03-12 19:25:32 -04:00
|
|
|
#include "fs.h"
|
2013-07-18 11:15:35 -04:00
|
|
|
#include "util.h"
|
|
|
|
|
2015-04-23 12:45:35 -04:00
|
|
|
#define BLKSIZ 512
|
|
|
|
|
|
|
|
enum Type {
|
|
|
|
REG = '0',
|
|
|
|
AREG = '\0',
|
|
|
|
HARDLINK = '1',
|
|
|
|
SYMLINK = '2',
|
|
|
|
CHARDEV = '3',
|
|
|
|
BLOCKDEV = '4',
|
|
|
|
DIRECTORY = '5',
|
2015-05-10 05:13:25 -04:00
|
|
|
FIFO = '6',
|
|
|
|
RESERVED = '7'
|
2015-04-23 12:45:35 -04:00
|
|
|
};
|
|
|
|
|
2015-02-16 13:47:36 -05:00
|
|
|
struct header {
|
2013-07-18 11:15:35 -04:00
|
|
|
char name[100];
|
|
|
|
char mode[8];
|
|
|
|
char uid[8];
|
|
|
|
char gid[8];
|
|
|
|
char size[12];
|
|
|
|
char mtime[12];
|
|
|
|
char chksum[8];
|
|
|
|
char type;
|
2015-04-23 11:14:09 -04:00
|
|
|
char linkname[100];
|
2015-02-16 14:01:33 -05:00
|
|
|
char magic[6];
|
|
|
|
char version[2];
|
2013-07-18 11:15:35 -04:00
|
|
|
char uname[32];
|
|
|
|
char gname[32];
|
|
|
|
char major[8];
|
|
|
|
char minor[8];
|
2014-11-01 16:36:40 -04:00
|
|
|
char prefix[155];
|
2013-07-18 11:15:35 -04:00
|
|
|
};
|
|
|
|
|
2015-11-18 21:50:50 -05:00
|
|
|
static struct dirtime {
|
2015-04-23 12:45:35 -04:00
|
|
|
char *name;
|
|
|
|
time_t mtime;
|
2015-11-18 21:50:50 -05:00
|
|
|
} *dirtimes;
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
|
2015-11-18 21:50:50 -05:00
|
|
|
static size_t dirtimeslen;
|
2013-07-18 11:15:35 -04:00
|
|
|
|
2015-04-23 10:20:10 -04:00
|
|
|
static int tarfd;
|
2013-07-20 12:08:58 -04:00
|
|
|
static ino_t tarinode;
|
2013-07-28 12:12:03 -04:00
|
|
|
static dev_t tardev;
|
2013-07-18 11:15:35 -04:00
|
|
|
|
2015-05-08 06:28:51 -04:00
|
|
|
static int mflag, vflag;
|
2015-04-23 10:29:37 -04:00
|
|
|
static int filtermode;
|
2015-05-08 06:43:33 -04:00
|
|
|
static const char *filtertool;
|
|
|
|
|
|
|
|
static const char *filtertools[] = {
|
|
|
|
['J'] = "xz",
|
|
|
|
['Z'] = "compress",
|
|
|
|
['a'] = "lzma",
|
|
|
|
['j'] = "bzip2",
|
|
|
|
['z'] = "gzip",
|
|
|
|
};
|
2013-07-18 11:15:35 -04:00
|
|
|
|
2015-04-23 07:34:37 -04:00
|
|
|
static void
|
2015-11-18 21:50:50 -05:00
|
|
|
pushdirtime(char *name, time_t mtime)
|
2015-04-23 07:34:37 -04:00
|
|
|
{
|
2015-11-18 21:50:50 -05:00
|
|
|
dirtimes = reallocarray(dirtimes, dirtimeslen + 1, sizeof(*dirtimes));
|
|
|
|
dirtimes[dirtimeslen].name = strdup(name);
|
|
|
|
dirtimes[dirtimeslen].mtime = mtime;
|
|
|
|
dirtimeslen++;
|
2015-04-23 07:34:37 -04:00
|
|
|
}
|
|
|
|
|
2015-11-18 21:50:50 -05:00
|
|
|
static struct dirtime *
|
|
|
|
popdirtime(void)
|
2015-04-23 07:34:37 -04:00
|
|
|
{
|
2015-11-18 21:50:50 -05:00
|
|
|
if (dirtimeslen) {
|
|
|
|
dirtimeslen--;
|
|
|
|
return &dirtimes[dirtimeslen];
|
2015-04-23 07:34:37 -04:00
|
|
|
}
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2015-04-23 10:20:10 -04:00
|
|
|
static int
|
2015-05-08 06:43:33 -04:00
|
|
|
comp(int fd, const char *tool, const char *flags)
|
|
|
|
{
|
|
|
|
int fds[2];
|
|
|
|
|
|
|
|
if (pipe(fds) < 0)
|
|
|
|
eprintf("pipe:");
|
|
|
|
|
|
|
|
switch (fork()) {
|
|
|
|
case -1:
|
|
|
|
eprintf("fork:");
|
|
|
|
case 0:
|
|
|
|
dup2(fd, 1);
|
|
|
|
dup2(fds[0], 0);
|
|
|
|
close(fds[0]);
|
|
|
|
close(fds[1]);
|
|
|
|
|
|
|
|
execlp(tool, tool, flags, NULL);
|
|
|
|
weprintf("execlp %s:", tool);
|
|
|
|
_exit(1);
|
|
|
|
}
|
|
|
|
close(fds[0]);
|
|
|
|
return fds[1];
|
|
|
|
}
|
|
|
|
|
|
|
|
static int
|
|
|
|
decomp(int fd, const char *tool, const char *flags)
|
2013-07-18 11:15:35 -04:00
|
|
|
{
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
int fds[2];
|
2015-01-26 10:07:42 -05:00
|
|
|
|
|
|
|
if (pipe(fds) < 0)
|
|
|
|
eprintf("pipe:");
|
|
|
|
|
2015-03-09 10:01:29 -04:00
|
|
|
switch (fork()) {
|
|
|
|
case -1:
|
2015-03-10 15:05:18 -04:00
|
|
|
eprintf("fork:");
|
2015-03-09 10:01:29 -04:00
|
|
|
case 0:
|
2015-04-23 10:20:10 -04:00
|
|
|
dup2(fd, 0);
|
2015-01-26 10:07:42 -05:00
|
|
|
dup2(fds[1], 1);
|
|
|
|
close(fds[0]);
|
|
|
|
close(fds[1]);
|
|
|
|
|
2015-05-08 06:43:33 -04:00
|
|
|
execlp(tool, tool, flags, NULL);
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
weprintf("execlp %s:", tool);
|
|
|
|
_exit(1);
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
2015-01-26 10:07:42 -05:00
|
|
|
close(fds[1]);
|
2015-04-23 10:20:10 -04:00
|
|
|
return fds[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t
|
|
|
|
eread(int fd, void *buf, size_t n)
|
|
|
|
{
|
|
|
|
ssize_t r;
|
|
|
|
|
|
|
|
again:
|
|
|
|
r = read(fd, buf, n);
|
|
|
|
if (r < 0) {
|
|
|
|
if (errno == EINTR)
|
|
|
|
goto again;
|
|
|
|
eprintf("read:");
|
|
|
|
}
|
|
|
|
return r;
|
|
|
|
}
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
|
2015-04-23 10:20:10 -04:00
|
|
|
static ssize_t
|
|
|
|
ewrite(int fd, const void *buf, size_t n)
|
|
|
|
{
|
|
|
|
ssize_t r;
|
|
|
|
|
|
|
|
if ((r = write(fd, buf, n)) != n)
|
|
|
|
eprintf("write:");
|
|
|
|
return r;
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
|
|
|
|
2014-06-01 08:59:47 -04:00
|
|
|
static void
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
putoctal(char *dst, unsigned num, int size)
|
2013-07-18 11:15:35 -04:00
|
|
|
{
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
if (snprintf(dst, size, "%.*o", size - 1, num) >= size)
|
|
|
|
eprintf("snprintf: input number too large\n");
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
|
|
|
|
2014-06-01 08:59:47 -04:00
|
|
|
static int
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
archive(const char *path)
|
2013-07-18 11:15:35 -04:00
|
|
|
{
|
2015-04-23 10:31:26 -04:00
|
|
|
char b[BLKSIZ];
|
2015-02-16 13:47:36 -05:00
|
|
|
struct group *gr;
|
|
|
|
struct header *h;
|
|
|
|
struct passwd *pw;
|
|
|
|
struct stat st;
|
2015-04-23 10:43:30 -04:00
|
|
|
size_t chksum, i;
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
ssize_t l, r;
|
2015-04-23 10:20:10 -04:00
|
|
|
int fd = -1;
|
2013-07-18 11:15:35 -04:00
|
|
|
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
if (lstat(path, &st) < 0) {
|
|
|
|
weprintf("lstat %s:", path);
|
|
|
|
return 0;
|
|
|
|
} else if (st.st_ino == tarinode && st.st_dev == tardev) {
|
|
|
|
weprintf("ignoring %s\n", path);
|
|
|
|
return 0;
|
|
|
|
}
|
2015-04-21 11:18:08 -04:00
|
|
|
|
|
|
|
pw = getpwuid(st.st_uid);
|
|
|
|
gr = getgrgid(st.st_gid);
|
2013-07-18 11:15:35 -04:00
|
|
|
|
2015-04-21 11:19:41 -04:00
|
|
|
h = (struct header *)b;
|
2015-02-16 13:47:36 -05:00
|
|
|
memset(b, 0, sizeof(b));
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
estrlcpy(h->name, path, sizeof(h->name));
|
|
|
|
putoctal(h->mode, (unsigned)st.st_mode & 0777, sizeof(h->mode));
|
|
|
|
putoctal(h->uid, (unsigned)st.st_uid, sizeof(h->uid));
|
|
|
|
putoctal(h->gid, (unsigned)st.st_gid, sizeof(h->gid));
|
|
|
|
putoctal(h->size, 0, sizeof(h->size));
|
|
|
|
putoctal(h->mtime, (unsigned)st.st_mtime, sizeof(h->mtime));
|
|
|
|
memcpy( h->magic, "ustar", sizeof(h->magic));
|
|
|
|
memcpy( h->version, "00", sizeof(h->version));
|
|
|
|
estrlcpy(h->uname, pw ? pw->pw_name : "", sizeof(h->uname));
|
|
|
|
estrlcpy(h->gname, gr ? gr->gr_name : "", sizeof(h->gname));
|
|
|
|
|
|
|
|
if (S_ISREG(st.st_mode)) {
|
2013-07-18 11:15:35 -04:00
|
|
|
h->type = REG;
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
putoctal(h->size, (unsigned)st.st_size, sizeof(h->size));
|
2015-04-23 10:20:10 -04:00
|
|
|
fd = open(path, O_RDONLY);
|
|
|
|
if (fd < 0)
|
|
|
|
eprintf("open %s:", path);
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
} else if (S_ISDIR(st.st_mode)) {
|
2013-07-18 11:15:35 -04:00
|
|
|
h->type = DIRECTORY;
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
} else if (S_ISLNK(st.st_mode)) {
|
2013-07-18 11:15:35 -04:00
|
|
|
h->type = SYMLINK;
|
2015-04-23 11:14:09 -04:00
|
|
|
if ((r = readlink(path, h->linkname, sizeof(h->linkname) - 1)) < 0)
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
eprintf("readlink %s:", path);
|
2015-04-23 11:14:09 -04:00
|
|
|
h->linkname[r] = '\0';
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
} else if (S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode)) {
|
|
|
|
h->type = S_ISCHR(st.st_mode) ? CHARDEV : BLOCKDEV;
|
|
|
|
putoctal(h->major, (unsigned)major(st.st_dev), sizeof(h->major));
|
|
|
|
putoctal(h->minor, (unsigned)minor(st.st_dev), sizeof(h->minor));
|
|
|
|
} else if (S_ISFIFO(st.st_mode)) {
|
2013-07-18 11:15:35 -04:00
|
|
|
h->type = FIFO;
|
|
|
|
}
|
|
|
|
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
memset(h->chksum, ' ', sizeof(h->chksum));
|
2015-04-23 10:43:30 -04:00
|
|
|
for (i = 0, chksum = 0; i < sizeof(*h); i++)
|
2015-05-08 16:01:37 -04:00
|
|
|
chksum += (unsigned char)b[i];
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
putoctal(h->chksum, chksum, sizeof(h->chksum));
|
2015-04-23 10:20:10 -04:00
|
|
|
ewrite(tarfd, b, BLKSIZ);
|
2013-07-18 11:15:35 -04:00
|
|
|
|
2015-04-23 10:20:10 -04:00
|
|
|
if (fd != -1) {
|
|
|
|
while ((l = eread(fd, b, BLKSIZ)) > 0) {
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
if (l < BLKSIZ)
|
|
|
|
memset(b + l, 0, BLKSIZ - l);
|
2015-04-23 10:20:10 -04:00
|
|
|
ewrite(tarfd, b, BLKSIZ);
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
}
|
2015-04-23 10:20:10 -04:00
|
|
|
close(fd);
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
|
2013-07-19 12:05:28 -04:00
|
|
|
return 0;
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
|
|
|
|
2014-06-01 08:59:47 -04:00
|
|
|
static int
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
unarchive(char *fname, ssize_t l, char b[BLKSIZ])
|
2013-07-18 11:15:35 -04:00
|
|
|
{
|
2015-04-20 11:31:51 -04:00
|
|
|
char lname[101], *tmp, *p;
|
2015-04-23 10:20:10 -04:00
|
|
|
long mode, major, minor, type, mtime, uid, gid;
|
|
|
|
struct header *h = (struct header *)b;
|
|
|
|
int fd = -1;
|
2015-11-18 21:50:50 -05:00
|
|
|
struct timespec times[2];
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
|
2015-04-20 11:33:24 -04:00
|
|
|
if (!mflag && ((mtime = strtol(h->mtime, &p, 8)) < 0 || *p != '\0'))
|
|
|
|
eprintf("strtol %s: invalid number\n", h->mtime);
|
2015-04-23 09:05:43 -04:00
|
|
|
if (remove(fname) < 0 && errno != ENOENT)
|
2016-02-15 09:00:00 -05:00
|
|
|
weprintf("remove %s:", fname);
|
2013-07-18 11:15:35 -04:00
|
|
|
|
2015-04-20 12:32:15 -04:00
|
|
|
tmp = estrdup(fname);
|
2016-12-14 22:40:06 -05:00
|
|
|
mkdirp(dirname(tmp), 0777, 0777);
|
2015-04-20 11:31:51 -04:00
|
|
|
free(tmp);
|
|
|
|
|
2014-11-13 12:29:30 -05:00
|
|
|
switch (h->type) {
|
2013-07-18 11:15:35 -04:00
|
|
|
case REG:
|
2014-11-01 16:36:38 -04:00
|
|
|
case AREG:
|
2015-05-10 05:13:25 -04:00
|
|
|
case RESERVED:
|
2015-04-20 11:33:24 -04:00
|
|
|
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
|
|
|
|
eprintf("strtol %s: invalid number\n", h->mode);
|
2015-11-18 21:49:07 -05:00
|
|
|
fd = open(fname, O_WRONLY | O_TRUNC | O_CREAT, 0600);
|
2015-04-23 10:20:10 -04:00
|
|
|
if (fd < 0)
|
|
|
|
eprintf("open %s:", fname);
|
2013-07-18 11:15:35 -04:00
|
|
|
break;
|
|
|
|
case HARDLINK:
|
|
|
|
case SYMLINK:
|
2015-04-23 11:14:09 -04:00
|
|
|
snprintf(lname, sizeof(lname), "%.*s", (int)sizeof(h->linkname),
|
|
|
|
h->linkname);
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
if (((h->type == HARDLINK) ? link : symlink)(lname, fname) < 0)
|
|
|
|
eprintf("%s %s -> %s:",
|
|
|
|
(h->type == HARDLINK) ? "link" : "symlink",
|
|
|
|
fname, lname);
|
2013-07-18 11:15:35 -04:00
|
|
|
break;
|
|
|
|
case DIRECTORY:
|
2015-04-20 11:33:24 -04:00
|
|
|
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
|
|
|
|
eprintf("strtol %s: invalid number\n", h->mode);
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
if (mkdir(fname, (mode_t)mode) < 0 && errno != EEXIST)
|
|
|
|
eprintf("mkdir %s:", fname);
|
2015-11-18 21:50:50 -05:00
|
|
|
pushdirtime(fname, mtime);
|
2013-07-18 11:15:35 -04:00
|
|
|
break;
|
|
|
|
case CHARDEV:
|
|
|
|
case BLOCKDEV:
|
2015-04-20 11:33:24 -04:00
|
|
|
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
|
|
|
|
eprintf("strtol %s: invalid number\n", h->mode);
|
|
|
|
if ((major = strtol(h->major, &p, 8)) < 0 || *p != '\0')
|
|
|
|
eprintf("strtol %s: invalid number\n", h->major);
|
|
|
|
if ((minor = strtol(h->minor, &p, 8)) < 0 || *p != '\0')
|
|
|
|
eprintf("strtol %s: invalid number\n", h->minor);
|
2013-07-18 11:15:35 -04:00
|
|
|
type = (h->type == CHARDEV) ? S_IFCHR : S_IFBLK;
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
if (mknod(fname, type | mode, makedev(major, minor)) < 0)
|
|
|
|
eprintf("mknod %s:", fname);
|
2013-07-18 11:15:35 -04:00
|
|
|
break;
|
|
|
|
case FIFO:
|
2015-04-20 11:33:24 -04:00
|
|
|
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
|
|
|
|
eprintf("strtol %s: invalid number\n", h->mode);
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
if (mknod(fname, S_IFIFO | mode, 0) < 0)
|
|
|
|
eprintf("mknod %s:", fname);
|
2013-07-18 11:15:35 -04:00
|
|
|
break;
|
|
|
|
default:
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
eprintf("unsupported tar-filetype %c\n", h->type);
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
|
2015-04-20 11:33:24 -04:00
|
|
|
if ((uid = strtol(h->uid, &p, 8)) < 0 || *p != '\0')
|
|
|
|
eprintf("strtol %s: invalid number\n", h->uid);
|
|
|
|
if ((gid = strtol(h->gid, &p, 8)) < 0 || *p != '\0')
|
|
|
|
eprintf("strtol %s: invalid number\n", h->gid);
|
2013-07-18 11:15:35 -04:00
|
|
|
|
2015-04-23 10:20:10 -04:00
|
|
|
if (fd != -1) {
|
|
|
|
for (; l > 0; l -= BLKSIZ)
|
|
|
|
if (eread(tarfd, b, BLKSIZ) > 0)
|
|
|
|
ewrite(fd, b, MIN(l, BLKSIZ));
|
|
|
|
close(fd);
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
2014-11-01 16:36:39 -04:00
|
|
|
|
2016-02-15 03:03:17 -05:00
|
|
|
if (h->type == HARDLINK)
|
|
|
|
return 0;
|
|
|
|
|
2015-11-18 21:50:50 -05:00
|
|
|
times[0].tv_sec = times[1].tv_sec = mtime;
|
|
|
|
times[0].tv_nsec = times[1].tv_nsec = 0;
|
|
|
|
if (!mflag && utimensat(AT_FDCWD, fname, times, AT_SYMLINK_NOFOLLOW) < 0)
|
|
|
|
weprintf("utimensat %s:\n", fname);
|
|
|
|
if (h->type == SYMLINK) {
|
|
|
|
if (!getuid() && lchown(fname, uid, gid))
|
|
|
|
weprintf("lchown %s:\n", fname);
|
|
|
|
} else {
|
|
|
|
if (!getuid() && chown(fname, uid, gid))
|
|
|
|
weprintf("chown %s:\n", fname);
|
|
|
|
if (chmod(fname, mode) < 0)
|
|
|
|
eprintf("fchmod %s:\n", fname);
|
|
|
|
}
|
|
|
|
|
2013-07-18 11:15:35 -04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2015-04-23 07:06:44 -04:00
|
|
|
static void
|
|
|
|
skipblk(ssize_t l)
|
2013-07-18 11:15:35 -04:00
|
|
|
{
|
2015-04-23 07:06:44 -04:00
|
|
|
char b[BLKSIZ];
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
|
2015-02-16 13:47:36 -05:00
|
|
|
for (; l > 0; l -= BLKSIZ)
|
2015-04-23 10:20:10 -04:00
|
|
|
if (!eread(tarfd, b, BLKSIZ))
|
|
|
|
break;
|
2015-04-23 07:06:44 -04:00
|
|
|
}
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
|
2015-04-23 07:06:44 -04:00
|
|
|
static int
|
|
|
|
print(char *fname, ssize_t l, char b[BLKSIZ])
|
|
|
|
{
|
|
|
|
puts(fname);
|
|
|
|
skipblk(l);
|
2013-07-18 11:15:35 -04:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2014-06-01 08:59:47 -04:00
|
|
|
static void
|
Refactor recurse() again
Okay, why yet another recurse()-refactor?
The last one added the recursor-struct, which simplified things
on the user-end, but there was still one thing that bugged me a lot:
Previously, all fn()'s were forced to (l)stat the paths themselves.
This does not work well when you try to keep up with H-, L- and P-
flags at the same time, as each utility-function would have to set
the right function-pointer for (l)stat every single time.
This is not desirable. Furthermore, recurse should be easy to use
and not involve trouble finding the right (l)stat-function to do it
right.
So, what we needed was a stat-argument for each fn(), so it is
directly accessible. This was impossible to do though when the
fn()'s are still directly called by the programs to "start" the
recurse.
Thus, the fundamental change is to make recurse() the function to
go, while designing the fn()'s in a way they can "live" with st
being NULL (we don't want a null-pointer-deref).
What you can see in this commit is the result of this work. Why
all this trouble instead of using nftw?
The special thing about recurse() is that you tell the function
when to recurse() in your fn(). You don't need special flags to
tell nftw() to skip the subtree, just to give an example.
The only single downside to this is that now, you are not allowed
to unconditionally call recurse() from your fn(). It has to be
a directory.
However, that is a cost I think is easily weighed up by the
advantages.
Another thing is the history: I added a procedure at the end of
the outmost recurse to free the history. This way we don't leak
memory.
A simple optimization on the side:
- if (h->dev == st.st_dev && h->ino == st.st_ino)
+ if (h->ino == st.st_ino && h->dev == st.st_dev)
First compare the likely difference in inode-numbers instead of
checking the unlikely condition that the device-numbers are
different.
2015-03-18 19:53:42 -04:00
|
|
|
c(const char *path, struct stat *st, void *data, struct recursor *r)
|
2013-07-18 11:15:35 -04:00
|
|
|
{
|
2014-01-30 09:12:12 -05:00
|
|
|
archive(path);
|
2015-05-08 06:28:51 -04:00
|
|
|
if (vflag)
|
|
|
|
puts(path);
|
Refactor recurse() again
Okay, why yet another recurse()-refactor?
The last one added the recursor-struct, which simplified things
on the user-end, but there was still one thing that bugged me a lot:
Previously, all fn()'s were forced to (l)stat the paths themselves.
This does not work well when you try to keep up with H-, L- and P-
flags at the same time, as each utility-function would have to set
the right function-pointer for (l)stat every single time.
This is not desirable. Furthermore, recurse should be easy to use
and not involve trouble finding the right (l)stat-function to do it
right.
So, what we needed was a stat-argument for each fn(), so it is
directly accessible. This was impossible to do though when the
fn()'s are still directly called by the programs to "start" the
recurse.
Thus, the fundamental change is to make recurse() the function to
go, while designing the fn()'s in a way they can "live" with st
being NULL (we don't want a null-pointer-deref).
What you can see in this commit is the result of this work. Why
all this trouble instead of using nftw?
The special thing about recurse() is that you tell the function
when to recurse() in your fn(). You don't need special flags to
tell nftw() to skip the subtree, just to give an example.
The only single downside to this is that now, you are not allowed
to unconditionally call recurse() from your fn(). It has to be
a directory.
However, that is a cost I think is easily weighed up by the
advantages.
Another thing is the history: I added a procedure at the end of
the outmost recurse to free the history. This way we don't leak
memory.
A simple optimization on the side:
- if (h->dev == st.st_dev && h->ino == st.st_ino)
+ if (h->ino == st.st_ino && h->dev == st.st_dev)
First compare the likely difference in inode-numbers instead of
checking the unlikely condition that the device-numbers are
different.
2015-03-18 19:53:42 -04:00
|
|
|
|
2016-12-14 22:40:02 -05:00
|
|
|
if (S_ISDIR(st->st_mode))
|
Refactor recurse() again
Okay, why yet another recurse()-refactor?
The last one added the recursor-struct, which simplified things
on the user-end, but there was still one thing that bugged me a lot:
Previously, all fn()'s were forced to (l)stat the paths themselves.
This does not work well when you try to keep up with H-, L- and P-
flags at the same time, as each utility-function would have to set
the right function-pointer for (l)stat every single time.
This is not desirable. Furthermore, recurse should be easy to use
and not involve trouble finding the right (l)stat-function to do it
right.
So, what we needed was a stat-argument for each fn(), so it is
directly accessible. This was impossible to do though when the
fn()'s are still directly called by the programs to "start" the
recurse.
Thus, the fundamental change is to make recurse() the function to
go, while designing the fn()'s in a way they can "live" with st
being NULL (we don't want a null-pointer-deref).
What you can see in this commit is the result of this work. Why
all this trouble instead of using nftw?
The special thing about recurse() is that you tell the function
when to recurse() in your fn(). You don't need special flags to
tell nftw() to skip the subtree, just to give an example.
The only single downside to this is that now, you are not allowed
to unconditionally call recurse() from your fn(). It has to be
a directory.
However, that is a cost I think is easily weighed up by the
advantages.
Another thing is the history: I added a procedure at the end of
the outmost recurse to free the history. This way we don't leak
memory.
A simple optimization on the side:
- if (h->dev == st.st_dev && h->ino == st.st_ino)
+ if (h->ino == st.st_ino && h->dev == st.st_dev)
First compare the likely difference in inode-numbers instead of
checking the unlikely condition that the device-numbers are
different.
2015-03-18 19:53:42 -04:00
|
|
|
recurse(path, NULL, r);
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
|
|
|
|
2015-04-20 11:29:21 -04:00
|
|
|
static void
|
|
|
|
sanitize(struct header *h)
|
|
|
|
{
|
|
|
|
size_t i, j;
|
|
|
|
struct {
|
|
|
|
char *f;
|
|
|
|
size_t l;
|
|
|
|
} fields[] = {
|
|
|
|
{ h->mode, sizeof(h->mode) },
|
|
|
|
{ h->uid, sizeof(h->uid) },
|
|
|
|
{ h->gid, sizeof(h->gid) },
|
|
|
|
{ h->size, sizeof(h->size) },
|
|
|
|
{ h->mtime, sizeof(h->mtime) },
|
|
|
|
{ h->chksum, sizeof(h->chksum) },
|
|
|
|
{ h->major, sizeof(h->major) },
|
|
|
|
{ h->minor, sizeof(h->minor) }
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Numeric fields can be terminated with spaces instead of
|
|
|
|
* NULs as per the ustar specification. Patch all of them to
|
|
|
|
* use NULs so we can perform string operations on them. */
|
|
|
|
for (i = 0; i < LEN(fields); i++)
|
|
|
|
for (j = 0; j < fields[i].l; j++)
|
|
|
|
if (fields[i].f[j] == ' ')
|
|
|
|
fields[i].f[j] = '\0';
|
|
|
|
}
|
|
|
|
|
2015-04-23 11:31:02 -04:00
|
|
|
static void
|
|
|
|
chktar(struct header *h)
|
|
|
|
{
|
2017-02-03 17:56:49 -05:00
|
|
|
char tmp[8], *err, *p = (char *)h;
|
|
|
|
const char *reason;
|
2015-04-23 11:31:02 -04:00
|
|
|
long s1, s2, i;
|
|
|
|
|
2017-02-03 17:56:49 -05:00
|
|
|
if (h->prefix[0] == '\0' && h->name[0] == '\0') {
|
|
|
|
reason = "empty filename";
|
2015-04-23 11:31:02 -04:00
|
|
|
goto bad;
|
2017-02-03 17:56:49 -05:00
|
|
|
}
|
|
|
|
if (h->magic[0] && strncmp("ustar", h->magic, 5)) {
|
|
|
|
reason = "not ustar format";
|
2015-04-23 11:31:02 -04:00
|
|
|
goto bad;
|
2017-02-03 17:56:49 -05:00
|
|
|
}
|
2015-04-23 11:31:02 -04:00
|
|
|
memcpy(tmp, h->chksum, sizeof(tmp));
|
|
|
|
for (i = 0; i < sizeof(tmp); i++)
|
|
|
|
if (tmp[i] == ' ')
|
|
|
|
tmp[i] = '\0';
|
|
|
|
s1 = strtol(tmp, &err, 8);
|
2017-02-03 17:56:49 -05:00
|
|
|
if (s1 < 0 || *err != '\0') {
|
|
|
|
reason = "invalid checksum";
|
2015-04-23 11:31:02 -04:00
|
|
|
goto bad;
|
2017-02-03 17:56:49 -05:00
|
|
|
}
|
2015-04-23 11:31:02 -04:00
|
|
|
memset(h->chksum, ' ', sizeof(h->chksum));
|
|
|
|
for (i = 0, s2 = 0; i < sizeof(*h); i++)
|
2015-05-08 16:01:37 -04:00
|
|
|
s2 += (unsigned char)p[i];
|
2017-02-03 17:56:49 -05:00
|
|
|
if (s1 != s2) {
|
|
|
|
reason = "incorrect checksum";
|
2015-04-23 11:31:02 -04:00
|
|
|
goto bad;
|
2017-02-03 17:56:49 -05:00
|
|
|
}
|
2015-04-23 11:31:02 -04:00
|
|
|
memcpy(h->chksum, tmp, sizeof(h->chksum));
|
|
|
|
return;
|
|
|
|
bad:
|
2017-02-03 17:56:49 -05:00
|
|
|
eprintf("malformed tar archive: %s\n", reason);
|
2015-04-23 11:31:02 -04:00
|
|
|
}
|
|
|
|
|
2014-06-01 08:59:47 -04:00
|
|
|
static void
|
2015-05-08 06:43:33 -04:00
|
|
|
xt(int argc, char *argv[], int mode)
|
2013-07-18 11:15:35 -04:00
|
|
|
{
|
2015-04-21 10:05:51 -04:00
|
|
|
char b[BLKSIZ], fname[256 + 1], *p;
|
2015-11-18 21:50:50 -05:00
|
|
|
struct timespec times[2];
|
2015-04-21 10:29:22 -04:00
|
|
|
struct header *h = (struct header *)b;
|
2015-11-18 21:50:50 -05:00
|
|
|
struct dirtime *dirtime;
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
long size;
|
2015-04-21 10:29:22 -04:00
|
|
|
int i, n;
|
2015-05-08 06:43:33 -04:00
|
|
|
int (*fn)(char *, ssize_t, char[BLKSIZ]) = (mode == 'x') ? unarchive : print;
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
|
2015-04-23 10:20:10 -04:00
|
|
|
while (eread(tarfd, b, BLKSIZ) > 0 && h->name[0]) {
|
2015-04-23 11:31:02 -04:00
|
|
|
chktar(h);
|
2015-04-21 10:29:22 -04:00
|
|
|
sanitize(h), n = 0;
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
|
2015-04-21 10:29:22 -04:00
|
|
|
/* small dance around non-null terminated fields */
|
2015-04-21 10:05:51 -04:00
|
|
|
if (h->prefix[0])
|
|
|
|
n = snprintf(fname, sizeof(fname), "%.*s/",
|
|
|
|
(int)sizeof(h->prefix), h->prefix);
|
|
|
|
snprintf(fname + n, sizeof(fname) - n, "%.*s",
|
|
|
|
(int)sizeof(h->name), h->name);
|
2015-04-21 10:29:22 -04:00
|
|
|
|
2015-04-22 18:22:07 -04:00
|
|
|
if ((size = strtol(h->size, &p, 8)) < 0 || *p != '\0')
|
|
|
|
eprintf("strtol %s: invalid number\n", h->size);
|
|
|
|
|
2015-04-21 10:29:22 -04:00
|
|
|
if (argc) {
|
|
|
|
/* only extract the given files */
|
|
|
|
for (i = 0; i < argc; i++)
|
|
|
|
if (!strcmp(argv[i], fname))
|
|
|
|
break;
|
2015-04-22 18:22:07 -04:00
|
|
|
if (i == argc) {
|
2015-04-23 07:06:44 -04:00
|
|
|
skipblk(size);
|
2015-04-21 10:29:22 -04:00
|
|
|
continue;
|
2015-04-22 18:22:07 -04:00
|
|
|
}
|
2015-04-21 10:29:22 -04:00
|
|
|
}
|
|
|
|
|
2015-04-22 19:04:55 -04:00
|
|
|
/* ignore global pax header craziness */
|
2015-05-08 16:28:24 -04:00
|
|
|
if (h->type == 'g' || h->type == 'x') {
|
2015-04-23 07:06:44 -04:00
|
|
|
skipblk(size);
|
2015-04-22 19:04:55 -04:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
fn(fname, size, b);
|
2015-05-08 06:28:51 -04:00
|
|
|
if (vflag && mode != 't')
|
|
|
|
puts(fname);
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
2015-04-23 07:34:37 -04:00
|
|
|
|
2015-11-18 21:50:50 -05:00
|
|
|
if (mode == 'x' && !mflag) {
|
|
|
|
while ((dirtime = popdirtime())) {
|
|
|
|
times[0].tv_sec = times[1].tv_sec = dirtime->mtime;
|
|
|
|
times[0].tv_nsec = times[1].tv_nsec = 0;
|
|
|
|
if (utimensat(AT_FDCWD, dirtime->name, times, 0) < 0)
|
|
|
|
eprintf("utimensat %s:", fname);
|
|
|
|
free(dirtime->name);
|
2015-04-23 07:34:37 -04:00
|
|
|
}
|
2015-11-18 21:50:50 -05:00
|
|
|
free(dirtimes);
|
|
|
|
dirtimes = NULL;
|
2015-04-23 07:34:37 -04:00
|
|
|
}
|
2013-07-18 11:15:35 -04:00
|
|
|
}
|
2015-01-26 10:07:42 -05:00
|
|
|
|
|
|
|
static void
|
|
|
|
usage(void)
|
|
|
|
{
|
2015-12-21 12:36:28 -05:00
|
|
|
eprintf("usage: %s [-C dir] [-J | -Z | -a | -j | -z] -x [-m | -t] "
|
|
|
|
"[-f file] [file ...]\n"
|
|
|
|
" %s [-C dir] [-J | -Z | -a | -j | -z] [-h] -c path ... "
|
|
|
|
"[-f file]\n", argv0, argv0);
|
2015-01-26 10:07:42 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
int
|
|
|
|
main(int argc, char *argv[])
|
|
|
|
{
|
2015-04-18 16:04:49 -04:00
|
|
|
struct recursor r = { .fn = c, .hist = NULL, .depth = 0, .maxdepth = 0,
|
|
|
|
.follow = 'P', .flags = DIRFIRST };
|
2015-02-16 13:47:36 -05:00
|
|
|
struct stat st;
|
|
|
|
char *file = NULL, *dir = ".", mode = '\0';
|
2015-04-23 10:20:10 -04:00
|
|
|
int fd;
|
2015-01-26 10:07:42 -05:00
|
|
|
|
|
|
|
ARGBEGIN {
|
|
|
|
case 'x':
|
|
|
|
case 'c':
|
|
|
|
case 't':
|
|
|
|
mode = ARGC();
|
|
|
|
break;
|
|
|
|
case 'C':
|
|
|
|
dir = EARGF(usage());
|
|
|
|
break;
|
|
|
|
case 'f':
|
|
|
|
file = EARGF(usage());
|
|
|
|
break;
|
|
|
|
case 'm':
|
|
|
|
mflag = 1;
|
|
|
|
break;
|
2015-05-08 06:43:33 -04:00
|
|
|
case 'J':
|
|
|
|
case 'Z':
|
|
|
|
case 'a':
|
2015-01-26 10:07:42 -05:00
|
|
|
case 'j':
|
|
|
|
case 'z':
|
|
|
|
filtermode = ARGC();
|
2015-05-08 06:43:33 -04:00
|
|
|
filtertool = filtertools[filtermode];
|
2015-01-26 10:07:42 -05:00
|
|
|
break;
|
2015-02-09 14:53:24 -05:00
|
|
|
case 'h':
|
2015-03-12 19:25:32 -04:00
|
|
|
r.follow = 'L';
|
2015-02-09 14:53:24 -05:00
|
|
|
break;
|
2015-05-08 06:28:51 -04:00
|
|
|
case 'v':
|
|
|
|
vflag = 1;
|
|
|
|
break;
|
2015-01-26 10:07:42 -05:00
|
|
|
default:
|
|
|
|
usage();
|
2015-11-01 05:16:49 -05:00
|
|
|
} ARGEND
|
2015-01-26 10:07:42 -05:00
|
|
|
|
2015-04-21 09:30:11 -04:00
|
|
|
if (!mode)
|
2015-03-21 09:04:49 -04:00
|
|
|
usage();
|
2015-04-21 09:30:11 -04:00
|
|
|
if (mode == 'c')
|
2015-05-08 06:43:33 -04:00
|
|
|
if (!argc)
|
2015-04-21 09:30:11 -04:00
|
|
|
usage();
|
2015-01-26 10:07:42 -05:00
|
|
|
|
|
|
|
switch (mode) {
|
|
|
|
case 'c':
|
2015-04-23 10:20:10 -04:00
|
|
|
tarfd = 1;
|
2016-02-15 04:48:32 -05:00
|
|
|
if (file && *file != '-') {
|
2015-04-23 10:20:10 -04:00
|
|
|
tarfd = open(file, O_WRONLY | O_TRUNC | O_CREAT, 0644);
|
|
|
|
if (tarfd < 0)
|
|
|
|
eprintf("open %s:", file);
|
2015-01-26 10:07:42 -05:00
|
|
|
if (lstat(file, &st) < 0)
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
eprintf("lstat %s:", file);
|
2015-01-26 10:07:42 -05:00
|
|
|
tarinode = st.st_ino;
|
|
|
|
tardev = st.st_dev;
|
|
|
|
}
|
2015-04-23 10:20:10 -04:00
|
|
|
|
2015-05-08 06:43:33 -04:00
|
|
|
if (filtertool)
|
|
|
|
tarfd = comp(tarfd, filtertool, "-cf");
|
|
|
|
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
if (chdir(dir) < 0)
|
|
|
|
eprintf("chdir %s:", dir);
|
2015-04-21 09:30:11 -04:00
|
|
|
for (; *argv; argc--, argv++)
|
|
|
|
recurse(*argv, NULL, &r);
|
2015-01-26 10:07:42 -05:00
|
|
|
break;
|
|
|
|
case 't':
|
|
|
|
case 'x':
|
2015-04-23 10:20:10 -04:00
|
|
|
tarfd = 0;
|
2016-02-15 04:48:32 -05:00
|
|
|
if (file && *file != '-') {
|
2015-04-23 10:20:10 -04:00
|
|
|
tarfd = open(file, O_RDONLY);
|
|
|
|
if (tarfd < 0)
|
|
|
|
eprintf("open %s:", file);
|
2015-01-26 10:07:42 -05:00
|
|
|
}
|
|
|
|
|
2015-05-08 06:43:33 -04:00
|
|
|
if (filtertool) {
|
2015-04-23 10:20:10 -04:00
|
|
|
fd = tarfd;
|
2015-05-08 06:43:33 -04:00
|
|
|
tarfd = decomp(tarfd, filtertool, "-cd");
|
2015-04-23 10:20:10 -04:00
|
|
|
close(fd);
|
2015-01-26 10:07:42 -05:00
|
|
|
}
|
|
|
|
|
Audit tar(1), add DIRFIRST-flag to recurse()
I've been wanting to do this for a while now, as tar(1) used to
be one of messiest and cruftiest tools.
First off, before walking through the audit, I'll talk about
what the DIRFIRST-flag for recurse() does.
It basically calls fn() on the first-level-dir before calling
it's subentries. It's necessary here, because else the order
of the tar-files would've been wrong (it would try to create
dir/file before creating dir/).
Now, to the audit:
1) Update manpage, fix mistake that compression is also available
for compressing. It's only available for extracting.
2) Define the major, minor and makedev macros from glibc by ourselves.
No need to rely on them, as they are common sense.
decomp()
3) Simple refactorization.
putoctal()
4) Add a truncation check for snprintf().
archive()
5) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
6) Use estrlcpy() instead of snprintf() wherever possible, fix
alignment.
7) BUGFIX: Terminate the result-buffer of readlink(), check if
it even succeeded.
8) Fix sizeof()-formatting.
unarchive()
9) BUGFIX: Add checks to any checkable function, don't blindly call
them, this is harmful and there are 100 ways to exploit that.
10) BUGFIX: strtoul can happily return negative numbers. Add checks
for that and also if the full string has been processed.
11) Remove calls to perror(). We have eprintf, use it.
12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of
course.
13) Fix typo "usupported", remove fprintf-call.
print()
14) Check fread().
xt()
15) Get rid of snprintf-magic. Use estrlcat().
16) BUGFIX: check for ferror() on the tarfile.
usage()
17) Update it. The old usage() was like 1000 years old.
main()
18) Add DIRFIRST-flag to the recursor.
19) Don't print usage() when a mode is re-set. We allow this in
general.
20) Add function checks and fix error messages.
21) Add tarfilename-global for proper error-messages.
2015-03-20 20:03:35 -04:00
|
|
|
if (chdir(dir) < 0)
|
|
|
|
eprintf("chdir %s:", dir);
|
2015-05-08 06:43:33 -04:00
|
|
|
xt(argc, argv, mode);
|
2015-01-26 10:07:42 -05:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2015-03-12 19:25:32 -04:00
|
|
|
return recurse_status;
|
2015-01-26 10:07:42 -05:00
|
|
|
}
|