1 /* vi: set sw=4 ts=4: */
2 /* Licensed under GPLv2 or later, see file LICENSE in this source tree.
5 * In privileged mode if uname and gname map to a uid and gid then use the
6 * mapped value instead of the uid/gid values in tar header
9 * GNU tar and star man pages,
10 * Opengroup's ustar interchange format,
11 * http://www.opengroup.org/onlinepubs/007904975/utilities/pax.html
15 #include "bb_archive.h"
17 typedef uint32_t aliased_uint32_t FIX_ALIASING;
18 typedef off_t aliased_off_t FIX_ALIASING;
20 /* NB: _DESTROYS_ str[len] character! */
21 static unsigned long long getOctal(char *str, int len)
25 /* NB: leading spaces are allowed. Using strtoull to handle that.
26 * The downside is that we accept e.g. "-123" too :(
29 v = strtoull(str, &end, 8);
30 /* std: "Each numeric field is terminated by one or more
31 * <space> or NUL characters". We must support ' '! */
32 if (*end != '\0' && *end != ' ') {
33 int8_t first = str[0];
35 bb_error_msg_and_die("corrupted octal value in tar header");
37 * GNU tar uses "base-256 encoding" for very large numbers.
38 * Encoding is binary, with highest bit always set as a marker
39 * and sign in next-highest bit:
41 * bf ff .. ff - largest positive number
42 * ff ff .. ff - minus 1
43 * c0 00 .. 00 - smallest negative number
45 * Example of tar file with 8914993153 (0x213600001) byte file.
46 * Field starts at offset 7c:
47 * 00070 30 30 30 00 30 30 30 30 30 30 30 00 80 00 00 00 |000.0000000.....|
48 * 00080 00 00 00 02 13 60 00 01 31 31 31 32 30 33 33 36 |.....`..11120336|
50 * NB: tarballs with NEGATIVE unix times encoded that way were seen!
52 /* Sign-extend 7bit 'first' to 64bit 'v' (that is, using 6th bit as sign): */
54 first >>= 1; /* now 7th bit = 6th bit */
55 v = first; /* sign-extend 8 bits to 64 */
57 v = (v << 8) + (uint8_t) *++str;
61 #define GET_OCTAL(a) getOctal((a), sizeof(a))
63 #define TAR_EXTD (ENABLE_FEATURE_TAR_GNU_EXTENSIONS || ENABLE_FEATURE_TAR_SELINUX)
65 #define process_pax_hdr(archive_handle, sz, global) \
66 process_pax_hdr(archive_handle, sz)
68 /* "global" is 0 or 1 */
69 static void process_pax_hdr(archive_handle_t *archive_handle, unsigned sz, int global)
72 unsigned blk_sz = (sz + 511) & (~511);
73 seek_by_read(archive_handle->src_fd, blk_sz);
75 unsigned blk_sz = (sz + 511) & (~511);
78 p = buf = xmalloc(blk_sz + 1);
79 xread(archive_handle->src_fd, buf, blk_sz);
80 archive_handle->offset += blk_sz;
82 /* prevent bb_strtou from running off the buffer */
89 /* Every record has this format: "LEN NAME=VALUE\n" */
90 len = bb_strtou(p, &end, 10);
91 /* expect errno to be EINVAL, because the character
92 * following the digits should be a space
97 /** (int)sz < 0 - not good enough for huge malicious VALUE of 2^32-1 */
98 (int)(sz|len) < 0 /* this works */
103 bb_error_msg("malformed extended header, skipped");
104 // More verbose version:
105 //bb_error_msg("malformed extended header at %"OFF_FMT"d, skipped",
106 // archive_handle->offset - (sz + len));
109 /* overwrite the terminating newline with NUL
110 * (we do not bother to check that it *was* a newline)
115 # if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
116 if (!global && is_prefixed_with(value, "path=")) {
117 value += sizeof("path=") - 1;
118 free(archive_handle->tar__longname);
119 archive_handle->tar__longname = xstrdup(value);
124 # if ENABLE_FEATURE_TAR_SELINUX
125 /* Scan for SELinux contexts, via "RHT.security.selinux" keyword.
126 * This is what Red Hat's patched version of tar uses.
128 # define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
129 if (is_prefixed_with(value, SELINUX_CONTEXT_KEYWORD"=")) {
130 value += sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1;
131 free(archive_handle->tar__sctx[global]);
132 archive_handle->tar__sctx[global] = xstrdup(value);
142 char FAST_FUNC get_header_tar(archive_handle_t *archive_handle)
144 file_header_t *file_header = archive_handle->file_header;
145 struct tar_header_t tar;
148 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
153 /* Our "private data" */
154 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
155 # define p_longname (archive_handle->tar__longname)
156 # define p_linkname (archive_handle->tar__linkname)
158 # define p_longname 0
159 # define p_linkname 0
162 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS || ENABLE_FEATURE_TAR_SELINUX
166 data_align(archive_handle, 512);
170 #if ENABLE_DESKTOP || ENABLE_FEATURE_TAR_AUTODETECT
171 /* to prevent misdetection of bz2 sig */
172 *(aliased_uint32_t*)&tar = 0;
173 i = full_read(archive_handle->src_fd, &tar, 512);
174 /* If GNU tar sees EOF in above read, it says:
175 * "tar: A lone zero block at N", where N = kilobyte
176 * where EOF was met (not EOF block, actual EOF!),
177 * and exits with EXIT_SUCCESS.
178 * We will mimic exit(EXIT_SUCCESS), although we will not mimic
179 * the message and we don't check whether we indeed
180 * saw zero block directly before this. */
182 bb_error_msg("short read");
183 /* this merely signals end of archive, not exit(1): */
187 IF_FEATURE_TAR_AUTODETECT(goto autodetect;)
188 bb_error_msg_and_die("short read");
193 xread(archive_handle->src_fd, &tar, i);
195 archive_handle->offset += i;
197 /* If there is no filename its an empty header */
198 if (tar.name[0] == 0 && tar.prefix[0] == 0) {
199 if (archive_handle->tar__end) {
200 /* Second consecutive empty header - end of archive.
201 * Read until the end to empty the pipe from gz or bz2
203 while (full_read(archive_handle->src_fd, &tar, 512) == 512)
205 return EXIT_FAILURE; /* "end of archive" */
207 archive_handle->tar__end = 1;
208 return EXIT_SUCCESS; /* "decoded one header" */
210 archive_handle->tar__end = 0;
212 /* Check header has valid magic, "ustar" is for the proper tar,
213 * five NULs are for the old tar format */
214 if (!is_prefixed_with(tar.magic, "ustar")
215 && (!ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
216 || memcmp(tar.magic, "\0\0\0\0", 5) != 0)
218 #if ENABLE_FEATURE_TAR_AUTODETECT
220 /* Two different causes for lseek() != 0:
221 * unseekable fd (would like to support that too, but...),
222 * or not first block (false positive, it's not .gz/.bz2!) */
223 if (lseek(archive_handle->src_fd, -i, SEEK_CUR) != 0)
225 if (setup_unzip_on_fd(archive_handle->src_fd, /*fail_if_not_compressed:*/ 0) != 0)
227 bb_error_msg_and_die("invalid tar magic");
228 archive_handle->offset = 0;
229 goto again_after_align;
231 bb_error_msg_and_die("invalid tar magic");
234 /* Do checksum on headers.
235 * POSIX says that checksum is done on unsigned bytes, but
236 * Sun and HP-UX gets it wrong... more details in
238 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
239 sum_s = ' ' * sizeof(tar.chksum);
241 sum_u = ' ' * sizeof(tar.chksum);
242 for (i = 0; i < 148; i++) {
243 sum_u += ((unsigned char*)&tar)[i];
244 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
245 sum_s += ((signed char*)&tar)[i];
248 for (i = 156; i < 512; i++) {
249 sum_u += ((unsigned char*)&tar)[i];
250 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
251 sum_s += ((signed char*)&tar)[i];
254 /* This field does not need special treatment (getOctal) */
256 char *endp; /* gcc likes temp var for &endp */
257 sum = strtoul(tar.chksum, &endp, 8);
258 if ((*endp != '\0' && *endp != ' ')
259 || (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum))
261 bb_error_msg_and_die("invalid tar header checksum");
264 /* don't use xstrtoul, tar.chksum may have leading spaces */
265 sum = strtoul(tar.chksum, NULL, 8);
266 if (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum)) {
267 bb_error_msg_and_die("invalid tar header checksum");
270 /* 0 is reserved for high perf file, treat as normal file */
271 if (!tar.typeflag) tar.typeflag = '0';
272 parse_names = (tar.typeflag >= '0' && tar.typeflag <= '7');
274 /* getOctal trashes subsequent field, therefore we call it
275 * on fields in reverse order */
276 if (tar.devmajor[0]) {
277 char t = tar.prefix[0];
278 /* we trash prefix[0] here, but we DO need it later! */
279 unsigned minor = GET_OCTAL(tar.devminor);
280 unsigned major = GET_OCTAL(tar.devmajor);
281 file_header->device = makedev(major, minor);
284 file_header->link_target = NULL;
285 if (!p_linkname && parse_names && tar.linkname[0]) {
286 file_header->link_target = xstrndup(tar.linkname, sizeof(tar.linkname));
287 /* FIXME: what if we have non-link object with link_target? */
288 /* Will link_target be free()ed? */
290 #if ENABLE_FEATURE_TAR_UNAME_GNAME
291 file_header->tar__uname = tar.uname[0] ? xstrndup(tar.uname, sizeof(tar.uname)) : NULL;
292 file_header->tar__gname = tar.gname[0] ? xstrndup(tar.gname, sizeof(tar.gname)) : NULL;
294 file_header->mtime = GET_OCTAL(tar.mtime);
295 file_header->size = GET_OCTAL(tar.size);
296 file_header->gid = GET_OCTAL(tar.gid);
297 file_header->uid = GET_OCTAL(tar.uid);
298 /* Set bits 0-11 of the files mode */
299 file_header->mode = 07777 & GET_OCTAL(tar.mode);
301 file_header->name = NULL;
302 if (!p_longname && parse_names) {
303 /* we trash mode[0] here, it's ok */
304 //tar.name[sizeof(tar.name)] = '\0'; - gcc 4.3.0 would complain
308 //tar.prefix[sizeof(tar.prefix)] = '\0'; - gcc 4.3.0 would complain
309 tar.padding[0] = '\0';
310 file_header->name = concat_path_file(tar.prefix, tar.name);
312 file_header->name = xstrdup(tar.name);
315 /* Set bits 12-15 of the files mode */
316 /* (typeflag was not trashed because chksum does not use getOctal) */
317 switch (tar.typeflag) {
318 case '1': /* hardlink */
319 /* we mark hardlinks as regular files with zero size and a link name */
320 file_header->mode |= S_IFREG;
321 /* on size of link fields from star(4)
322 * ... For tar archives written by pre POSIX.1-1988
323 * implementations, the size field usually contains the size of
324 * the file and needs to be ignored as no data may follow this
325 * header type. For POSIX.1- 1988 compliant archives, the size
326 * field needs to be 0. For POSIX.1-2001 compliant archives,
327 * the size field may be non zero, indicating that file data is
328 * included in the archive.
329 * i.e; always assume this is zero for safety.
335 #if ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
336 if (last_char_is(file_header->name, '/')) {
340 file_header->mode |= S_IFREG;
343 file_header->mode |= S_IFLNK;
344 /* have seen tarballs with size field containing
345 * the size of the link target's name */
347 file_header->size = 0;
350 file_header->mode |= S_IFCHR;
351 goto size0; /* paranoia */
353 file_header->mode |= S_IFBLK;
356 IF_FEATURE_TAR_OLDGNU_COMPATIBILITY(set_dir:)
357 file_header->mode |= S_IFDIR;
360 file_header->mode |= S_IFIFO;
362 case 'g': /* pax global header */
363 case 'x': { /* pax extended header */
364 if ((uoff_t)file_header->size > 0xfffff) /* paranoia */
366 process_pax_hdr(archive_handle, file_header->size, (tar.typeflag == 'g'));
367 goto again_after_align;
368 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
369 /* See http://www.gnu.org/software/tar/manual/html_node/Extensions.html */
371 /* free: paranoia: tar with several consecutive longnames */
373 /* For paranoia reasons we allocate extra NUL char */
374 p_longname = xzalloc(file_header->size + 1);
375 /* We read ASCIZ string, including NUL */
376 xread(archive_handle->src_fd, p_longname, file_header->size);
377 archive_handle->offset += file_header->size;
378 /* return get_header_tar(archive_handle); */
379 /* gcc 4.1.1 didn't optimize it into jump */
380 /* so we will do it ourself, this also saves stack */
384 p_linkname = xzalloc(file_header->size + 1);
385 xread(archive_handle->src_fd, p_linkname, file_header->size);
386 archive_handle->offset += file_header->size;
387 /* return get_header_tar(archive_handle); */
390 * case 'S': // Sparse file
391 * Was seen in the wild. Not supported (yet?).
392 * See https://www.gnu.org/software/tar/manual/html_section/tar_92.html
393 * for the format. (An "Old GNU Format" was seen, not PAX formats).
395 // case 'D': /* GNU dump dir */
396 // case 'M': /* Continuation of multi volume archive */
397 // case 'N': /* Old GNU for names > 100 characters */
398 // case 'V': /* Volume header */
404 bb_error_msg("warning: skipping header '%c'", tar.typeflag);
405 sz = (file_header->size + 511) & ~(off_t)511;
406 archive_handle->offset += sz;
407 sz >>= 9; /* sz /= 512 but w/o contortions for signed div */
409 xread(archive_handle->src_fd, &tar, 512);
410 /* return get_header_tar(archive_handle); */
411 goto again_after_align;
414 bb_error_msg_and_die("unknown typeflag: 0x%x", tar.typeflag);
417 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
419 file_header->name = p_longname;
423 file_header->link_target = p_linkname;
428 /* Everything up to and including last ".." component is stripped */
429 overlapping_strcpy(file_header->name, strip_unsafe_prefix(file_header->name));
430 //TODO: do the same for file_header->link_target?
432 /* Strip trailing '/' in directories */
433 /* Must be done after mode is set as '/' is used to check if it's a directory */
434 cp = last_char_is(file_header->name, '/');
436 if (archive_handle->filter(archive_handle) == EXIT_SUCCESS) {
437 archive_handle->action_header(/*archive_handle->*/ file_header);
438 /* Note that we kill the '/' only after action_header() */
439 /* (like GNU tar 1.15.1: verbose mode outputs "dir/dir/") */
442 archive_handle->action_data(archive_handle);
443 if (archive_handle->accept || archive_handle->reject
444 || (archive_handle->ah_flags & ARCHIVE_REMEMBER_NAMES)
446 llist_add_to(&archive_handle->passed, file_header->name);
447 } else /* Caller isn't interested in list of unpacked files */
448 free(file_header->name);
450 data_skip(archive_handle);
451 free(file_header->name);
453 archive_handle->offset += file_header->size;
455 free(file_header->link_target);
456 /* Do not free(file_header->name)!
457 * It might be inserted in archive_handle->passed - see above */
458 #if ENABLE_FEATURE_TAR_UNAME_GNAME
459 free(file_header->tar__uname);
460 free(file_header->tar__gname);
462 return EXIT_SUCCESS; /* "decoded one header" */
projects / oweals / busybox.git / blob