1 /* vi: set sw=4 ts=4: */
2 /* Licensed under GPLv2 or later, see file LICENSE in this source tree.
5 * In privileged mode if uname and gname map to a uid and gid then use the
6 * mapped value instead of the uid/gid values in tar header
9 * GNU tar and star man pages,
10 * Opengroup's ustar interchange format,
11 * http://www.opengroup.org/onlinepubs/007904975/utilities/pax.html
17 typedef uint32_t aliased_uint32_t FIX_ALIASING;
18 typedef off_t aliased_off_t FIX_ALIASING;
21 const char* FAST_FUNC strip_unsafe_prefix(const char *str)
30 if (strncmp(cp, "/../"+1, 3) == 0) {
34 cp2 = strstr(cp, "/../");
40 static smallint warned = 0;
43 bb_error_msg("removing leading '%.*s' from member names",
44 (int)(cp - str), str);
50 /* NB: _DESTROYS_ str[len] character! */
51 static unsigned long long getOctal(char *str, int len)
55 /* NB: leading spaces are allowed. Using strtoull to handle that.
56 * The downside is that we accept e.g. "-123" too :(
59 v = strtoull(str, &end, 8);
60 /* std: "Each numeric field is terminated by one or more
61 * <space> or NUL characters". We must support ' '! */
62 if (*end != '\0' && *end != ' ') {
63 int8_t first = str[0];
65 bb_error_msg_and_die("corrupted octal value in tar header");
67 * GNU tar uses "base-256 encoding" for very large numbers.
68 * Encoding is binary, with highest bit always set as a marker
69 * and sign in next-highest bit:
71 * bf ff .. ff - largest positive number
72 * ff ff .. ff - minus 1
73 * c0 00 .. 00 - smallest negative number
75 * Example of tar file with 8914993153 (0x213600001) byte file.
76 * Field starts at offset 7c:
77 * 00070 30 30 30 00 30 30 30 30 30 30 30 00 80 00 00 00 |000.0000000.....|
78 * 00080 00 00 00 02 13 60 00 01 31 31 31 32 30 33 33 36 |.....`..11120336|
80 * NB: tarballs with NEGATIVE unix times encoded that way were seen!
83 /* Sign-extend using 6th bit: */
84 v <<= sizeof(unsigned long long)*8 - 7;
85 v = (long long)v >> (sizeof(unsigned long long)*8 - 7);
87 v = (v << 8) + (unsigned char) *str++;
91 #define GET_OCTAL(a) getOctal((a), sizeof(a))
93 #if ENABLE_FEATURE_TAR_SELINUX
94 /* Scan a PAX header for SELinux contexts, via "RHT.security.selinux" keyword.
95 * This is what Red Hat's patched version of tar uses.
97 # define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
98 static char *get_selinux_sctx_from_pax_hdr(archive_handle_t *archive_handle, unsigned sz)
103 p = buf = xmalloc(sz + 1);
104 /* prevent bb_strtou from running off the buffer */
106 xread(archive_handle->src_fd, buf, sz);
107 archive_handle->offset += sz;
114 /* Every record has this format: "LEN NAME=VALUE\n" */
115 len = bb_strtou(p, &end, 10);
116 /* expect errno to be EINVAL, because the character
117 * following the digits should be a space
126 bb_error_msg("malformed extended header, skipped");
127 // More verbose version:
128 //bb_error_msg("malformed extended header at %"OFF_FMT"d, skipped",
129 // archive_handle->offset - (sz + len));
132 /* overwrite the terminating newline with NUL
133 * (we do not bother to check that it *was* a newline)
136 /* Is it selinux security context? */
138 if (strncmp(value, SELINUX_CONTEXT_KEYWORD"=", sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1) == 0) {
139 value += sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1;
140 result = xstrdup(value);
150 char FAST_FUNC get_header_tar(archive_handle_t *archive_handle)
152 file_header_t *file_header = archive_handle->file_header;
153 struct tar_header_t tar;
156 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
161 /* Our "private data" */
162 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
163 # define p_longname (archive_handle->tar__longname)
164 # define p_linkname (archive_handle->tar__linkname)
166 # define p_longname 0
167 # define p_linkname 0
170 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS || ENABLE_FEATURE_TAR_SELINUX
174 data_align(archive_handle, 512);
178 #if ENABLE_DESKTOP || ENABLE_FEATURE_TAR_AUTODETECT
179 /* to prevent misdetection of bz2 sig */
180 *(aliased_uint32_t*)&tar = 0;
181 i = full_read(archive_handle->src_fd, &tar, 512);
182 /* If GNU tar sees EOF in above read, it says:
183 * "tar: A lone zero block at N", where N = kilobyte
184 * where EOF was met (not EOF block, actual EOF!),
185 * and exits with EXIT_SUCCESS.
186 * We will mimic exit(EXIT_SUCCESS), although we will not mimic
187 * the message and we don't check whether we indeed
188 * saw zero block directly before this. */
190 xfunc_error_retval = 0;
192 bb_error_msg_and_die("short read");
195 IF_FEATURE_TAR_AUTODETECT(goto autodetect;)
201 xread(archive_handle->src_fd, &tar, i);
203 archive_handle->offset += i;
205 /* If there is no filename its an empty header */
206 if (tar.name[0] == 0 && tar.prefix[0] == 0) {
207 if (archive_handle->tar__end) {
208 /* Second consecutive empty header - end of archive.
209 * Read until the end to empty the pipe from gz or bz2
211 while (full_read(archive_handle->src_fd, &tar, 512) == 512)
215 archive_handle->tar__end = 1;
218 archive_handle->tar__end = 0;
220 /* Check header has valid magic, "ustar" is for the proper tar,
221 * five NULs are for the old tar format */
222 if (strncmp(tar.magic, "ustar", 5) != 0
223 && (!ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
224 || memcmp(tar.magic, "\0\0\0\0", 5) != 0)
226 #if ENABLE_FEATURE_TAR_AUTODETECT
227 char FAST_FUNC (*get_header_ptr)(archive_handle_t *);
231 magic2 = *(bb__aliased_uint16_t*)tar.name;
232 /* tar gz/bz autodetect: check for gz/bz2 magic.
233 * If we see the magic, and it is the very first block,
234 * we can switch to get_header_tar_gz/bz2/lzma().
235 * Needs seekable fd. I wish recv(MSG_PEEK) works
237 # if ENABLE_FEATURE_SEAMLESS_GZ
238 if (magic2 == GZIP_MAGIC) {
239 get_header_ptr = get_header_tar_gz;
242 # if ENABLE_FEATURE_SEAMLESS_BZ2
243 if (magic2 == BZIP2_MAGIC
244 && tar.name[2] == 'h' && isdigit(tar.name[3])
246 get_header_ptr = get_header_tar_bz2;
249 # if ENABLE_FEATURE_SEAMLESS_XZ
250 //TODO: if (magic2 == XZ_MAGIC1)...
254 /* Two different causes for lseek() != 0:
255 * unseekable fd (would like to support that too, but...),
256 * or not first block (false positive, it's not .gz/.bz2!) */
257 if (lseek(archive_handle->src_fd, -i, SEEK_CUR) != 0)
259 while (get_header_ptr(archive_handle) == EXIT_SUCCESS)
263 #endif /* FEATURE_TAR_AUTODETECT */
264 bb_error_msg_and_die("invalid tar magic");
267 /* Do checksum on headers.
268 * POSIX says that checksum is done on unsigned bytes, but
269 * Sun and HP-UX gets it wrong... more details in
271 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
272 sum_s = ' ' * sizeof(tar.chksum);
274 sum_u = ' ' * sizeof(tar.chksum);
275 for (i = 0; i < 148; i++) {
276 sum_u += ((unsigned char*)&tar)[i];
277 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
278 sum_s += ((signed char*)&tar)[i];
281 for (i = 156; i < 512; i++) {
282 sum_u += ((unsigned char*)&tar)[i];
283 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
284 sum_s += ((signed char*)&tar)[i];
287 /* This field does not need special treatment (getOctal) */
289 char *endp; /* gcc likes temp var for &endp */
290 sum = strtoul(tar.chksum, &endp, 8);
291 if ((*endp != '\0' && *endp != ' ')
292 || (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum))
294 bb_error_msg_and_die("invalid tar header checksum");
297 /* don't use xstrtoul, tar.chksum may have leading spaces */
298 sum = strtoul(tar.chksum, NULL, 8);
299 if (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum)) {
300 bb_error_msg_and_die("invalid tar header checksum");
303 /* 0 is reserved for high perf file, treat as normal file */
304 if (!tar.typeflag) tar.typeflag = '0';
305 parse_names = (tar.typeflag >= '0' && tar.typeflag <= '7');
307 /* getOctal trashes subsequent field, therefore we call it
308 * on fields in reverse order */
309 if (tar.devmajor[0]) {
310 char t = tar.prefix[0];
311 /* we trash prefix[0] here, but we DO need it later! */
312 unsigned minor = GET_OCTAL(tar.devminor);
313 unsigned major = GET_OCTAL(tar.devmajor);
314 file_header->device = makedev(major, minor);
317 file_header->link_target = NULL;
318 if (!p_linkname && parse_names && tar.linkname[0]) {
319 file_header->link_target = xstrndup(tar.linkname, sizeof(tar.linkname));
320 /* FIXME: what if we have non-link object with link_target? */
321 /* Will link_target be free()ed? */
323 #if ENABLE_FEATURE_TAR_UNAME_GNAME
324 file_header->tar__uname = tar.uname[0] ? xstrndup(tar.uname, sizeof(tar.uname)) : NULL;
325 file_header->tar__gname = tar.gname[0] ? xstrndup(tar.gname, sizeof(tar.gname)) : NULL;
327 file_header->mtime = GET_OCTAL(tar.mtime);
328 file_header->size = GET_OCTAL(tar.size);
329 file_header->gid = GET_OCTAL(tar.gid);
330 file_header->uid = GET_OCTAL(tar.uid);
331 /* Set bits 0-11 of the files mode */
332 file_header->mode = 07777 & GET_OCTAL(tar.mode);
334 file_header->name = NULL;
335 if (!p_longname && parse_names) {
336 /* we trash mode[0] here, it's ok */
337 //tar.name[sizeof(tar.name)] = '\0'; - gcc 4.3.0 would complain
341 //tar.prefix[sizeof(tar.prefix)] = '\0'; - gcc 4.3.0 would complain
342 tar.padding[0] = '\0';
343 file_header->name = concat_path_file(tar.prefix, tar.name);
345 file_header->name = xstrdup(tar.name);
348 /* Set bits 12-15 of the files mode */
349 /* (typeflag was not trashed because chksum does not use getOctal) */
350 switch (tar.typeflag) {
351 case '1': /* hardlink */
352 /* we mark hardlinks as regular files with zero size and a link name */
353 file_header->mode |= S_IFREG;
354 /* on size of link fields from star(4)
355 * ... For tar archives written by pre POSIX.1-1988
356 * implementations, the size field usually contains the size of
357 * the file and needs to be ignored as no data may follow this
358 * header type. For POSIX.1- 1988 compliant archives, the size
359 * field needs to be 0. For POSIX.1-2001 compliant archives,
360 * the size field may be non zero, indicating that file data is
361 * included in the archive.
362 * i.e; always assume this is zero for safety.
368 #if ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
369 if (last_char_is(file_header->name, '/')) {
373 file_header->mode |= S_IFREG;
376 file_header->mode |= S_IFLNK;
377 /* have seen tarballs with size field containing
378 * the size of the link target's name */
380 file_header->size = 0;
383 file_header->mode |= S_IFCHR;
384 goto size0; /* paranoia */
386 file_header->mode |= S_IFBLK;
389 IF_FEATURE_TAR_OLDGNU_COMPATIBILITY(set_dir:)
390 file_header->mode |= S_IFDIR;
393 file_header->mode |= S_IFIFO;
395 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
397 /* free: paranoia: tar with several consecutive longnames */
399 /* For paranoia reasons we allocate extra NUL char */
400 p_longname = xzalloc(file_header->size + 1);
401 /* We read ASCIZ string, including NUL */
402 xread(archive_handle->src_fd, p_longname, file_header->size);
403 archive_handle->offset += file_header->size;
404 /* return get_header_tar(archive_handle); */
405 /* gcc 4.1.1 didn't optimize it into jump */
406 /* so we will do it ourself, this also saves stack */
410 p_linkname = xzalloc(file_header->size + 1);
411 xread(archive_handle->src_fd, p_linkname, file_header->size);
412 archive_handle->offset += file_header->size;
413 /* return get_header_tar(archive_handle); */
415 case 'D': /* GNU dump dir */
416 case 'M': /* Continuation of multi volume archive */
417 case 'N': /* Old GNU for names > 100 characters */
418 case 'S': /* Sparse file */
419 case 'V': /* Volume header */
421 #if !ENABLE_FEATURE_TAR_SELINUX
422 case 'g': /* pax global header */
423 case 'x': /* pax extended header */
429 bb_error_msg("warning: skipping header '%c'", tar.typeflag);
430 sz = (file_header->size + 511) & ~(off_t)511;
431 archive_handle->offset += sz;
432 sz >>= 9; /* sz /= 512 but w/o contortions for signed div */
434 xread(archive_handle->src_fd, &tar, 512);
435 /* return get_header_tar(archive_handle); */
436 goto again_after_align;
438 #if ENABLE_FEATURE_TAR_SELINUX
439 case 'g': /* pax global header */
440 case 'x': { /* pax extended header */
442 if ((uoff_t)file_header->size > 0xfffff) /* paranoia */
444 pp = (tar.typeflag == 'g') ? &archive_handle->tar__global_sctx : &archive_handle->tar__next_file_sctx;
446 *pp = get_selinux_sctx_from_pax_hdr(archive_handle, file_header->size);
451 bb_error_msg_and_die("unknown typeflag: 0x%x", tar.typeflag);
454 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
456 file_header->name = p_longname;
460 file_header->link_target = p_linkname;
465 /* Everything up to and including last ".." component is stripped */
466 overlapping_strcpy(file_header->name, strip_unsafe_prefix(file_header->name));
468 /* Strip trailing '/' in directories */
469 /* Must be done after mode is set as '/' is used to check if it's a directory */
470 cp = last_char_is(file_header->name, '/');
472 if (archive_handle->filter(archive_handle) == EXIT_SUCCESS) {
473 archive_handle->action_header(/*archive_handle->*/ file_header);
474 /* Note that we kill the '/' only after action_header() */
475 /* (like GNU tar 1.15.1: verbose mode outputs "dir/dir/") */
478 archive_handle->action_data(archive_handle);
479 if (archive_handle->accept || archive_handle->reject)
480 llist_add_to(&archive_handle->passed, file_header->name);
481 else /* Caller isn't interested in list of unpacked files */
482 free(file_header->name);
484 data_skip(archive_handle);
485 free(file_header->name);
487 archive_handle->offset += file_header->size;
489 free(file_header->link_target);
490 /* Do not free(file_header->name)!
491 * It might be inserted in archive_handle->passed - see above */
492 #if ENABLE_FEATURE_TAR_UNAME_GNAME
493 free(file_header->tar__uname);
494 free(file_header->tar__gname);