From 376ce1e775a97a01f1c454497fbe34d326043328 Mon Sep 17 00:00:00 2001
From: Denis Vlasenko <vda.linux@googlemail.com>
Date: Fri, 24 Nov 2006 14:51:01 +0000
Subject: tar: * unpack: handle tar header fields which are not NUL terminated
 * pack: handle 4+GB files correctly * pack: refuse to store 101+ softlinks
 (was truncating link   target name) * pack: mask mode with 07777

---
 archival/libunarchive/get_header_tar.c | 167 ++++++++++++++++++---------------
 1 file changed, 93 insertions(+), 74 deletions(-)

(limited to 'archival/libunarchive')

diff --git a/archival/libunarchive/get_header_tar.c b/archival/libunarchive/get_header_tar.c
index f78377e28..b5cae9f12 100644
--- a/archival/libunarchive/get_header_tar.c
+++ b/archival/libunarchive/get_header_tar.c
@@ -19,49 +19,69 @@ static char *longname = NULL;
 static char *linkname = NULL;
 #endif
 
+/* NB: _DESTROYS_ str[len] character! */
+static unsigned long long getOctal(char *str, int len)
+{
+	unsigned long long v;
+	/* Actually, tar header allows leading spaces also.
+	 * Oh well, we will be liberal and skip this...
+	 * The only downside probably is that we allow "-123" too :)
+	if (*str < '0' || *str > '7')
+		bb_error_msg_and_die("corrupted octal value in tar header");
+	*/
+	str[len] = '\0';
+	v = strtoull(str, &str, 8);
+	if (*str)
+		bb_error_msg_and_die("corrupted octal value in tar header");
+	return v;
+}
+
+void BUG_tar_header_size(void);
 char get_header_tar(archive_handle_t *archive_handle)
 {
+	static int end = 0;
+
 	file_header_t *file_header = archive_handle->file_header;
-	union {
+	struct {
 		/* ustar header, Posix 1003.1 */
-		unsigned char raw[512];
-		struct {
-			char name[100];	/*   0-99 */
-			char mode[8];	/* 100-107 */
-			char uid[8];	/* 108-115 */
-			char gid[8];	/* 116-123 */
-			char size[12];	/* 124-135 */
-			char mtime[12];	/* 136-147 */
-			char chksum[8];	/* 148-155 */
-			char typeflag;	/* 156-156 */
-			char linkname[100];	/* 157-256 */
-			char magic[6];	/* 257-262 */
-			char version[2];	/* 263-264 */
-			char uname[32];	/* 265-296 */
-			char gname[32];	/* 297-328 */
-			char devmajor[8];	/* 329-336 */
-			char devminor[8];	/* 337-344 */
-			char prefix[155];	/* 345-499 */
-			char padding[12];	/* 500-512 */
-		} formatted;
+		char name[100];     /*   0-99 */
+		char mode[8];       /* 100-107 */
+		char uid[8];        /* 108-115 */
+		char gid[8];        /* 116-123 */
+		char size[12];      /* 124-135 */
+		char mtime[12];     /* 136-147 */
+		char chksum[8];     /* 148-155 */
+		char typeflag;      /* 156-156 */
+		char linkname[100]; /* 157-256 */
+		char magic[6];      /* 257-262 */
+		char version[2];    /* 263-264 */
+		char uname[32];     /* 265-296 */
+		char gname[32];     /* 297-328 */
+		char devmajor[8];   /* 329-336 */
+		char devminor[8];   /* 337-344 */
+		char prefix[155];   /* 345-499 */
+		char padding[12];   /* 500-512 */
 	} tar;
-	long sum = 0;
-	long i;
-	static int end = 0;
+	char *cp;
+	int sum, i;
+
+	if (sizeof(tar) != 512)
+		BUG_tar_header_size();
 
 	/* Align header */
 	data_align(archive_handle, 512);
 
-	xread(archive_handle->src_fd, tar.raw, 512);
+	xread(archive_handle->src_fd, &tar, 512);
 	archive_handle->offset += 512;
 
 	/* If there is no filename its an empty header */
-	if (tar.formatted.name[0] == 0) {
+	if (tar.name[0] == 0) {
 		if (end) {
 			/* This is the second consecutive empty header! End of archive!
 			 * Read until the end to empty the pipe from gz or bz2
 			 */
-			while (full_read(archive_handle->src_fd, tar.raw, 512) == 512);
+			while (full_read(archive_handle->src_fd, &tar, 512) == 512)
+				/* repeat */;
 			return EXIT_FAILURE;
 		}
 		end = 1;
@@ -72,21 +92,22 @@ char get_header_tar(archive_handle_t *archive_handle)
 	/* Check header has valid magic, "ustar" is for the proper tar
 	 * 0's are for the old tar format
 	 */
-	if (strncmp(tar.formatted.magic, "ustar", 5) != 0) {
+	if (strncmp(tar.magic, "ustar", 5) != 0) {
 #ifdef CONFIG_FEATURE_TAR_OLDGNU_COMPATIBILITY
-		if (memcmp(tar.formatted.magic, "\0\0\0\0", 5) != 0)
+		if (memcmp(tar.magic, "\0\0\0\0", 5) != 0)
 #endif
 			bb_error_msg_and_die("invalid tar magic");
 	}
 	/* Do checksum on headers */
+	sum = ' ' * sizeof(tar.chksum);
 	for (i = 0; i < 148 ; i++) {
-		sum += tar.raw[i];
+		sum += ((char*)&tar)[i];
 	}
-	sum += ' ' * 8;
 	for (i = 156; i < 512 ; i++) {
-		sum += tar.raw[i];
+		sum += ((char*)&tar)[i];
 	}
-	if (sum != xstrtoul(tar.formatted.chksum, 8)) {
+	/* This field does not need special treatment (getOctal) */
+	if (sum != xstrtoul(tar.chksum, 8)) {
 		bb_error_msg_and_die("invalid tar header checksum");
 	}
 
@@ -101,30 +122,34 @@ char get_header_tar(archive_handle_t *archive_handle)
 	} else
 #endif
 	{
-		file_header->name = xstrndup(tar.formatted.name, 100);
-		if (tar.formatted.prefix[0]) {
+		file_header->name = xstrndup(tar.name, sizeof(tar.name));
+		if (tar.prefix[0]) {
 			char *temp = file_header->name;
-			file_header->name = concat_path_file(tar.formatted.prefix, temp);
+			file_header->name = concat_path_file(tar.prefix, temp);
 			free(temp);
 		}
 	}
 
-	file_header->uid = xstrtoul(tar.formatted.uid, 8);
-	file_header->gid = xstrtoul(tar.formatted.gid, 8);
-	file_header->size = XSTRTOUOFF(tar.formatted.size, 8);
-	file_header->mtime = xstrtoul(tar.formatted.mtime, 8);
-	file_header->link_name = tar.formatted.linkname[0] ?
-	                         xstrdup(tar.formatted.linkname) : NULL;
-	if (tar.formatted.devmajor[0]) {
-		file_header->device = makedev(xstrtoul(tar.formatted.devmajor, 8),
-	                                      xstrtoul(tar.formatted.devminor, 8));
+	/* getOctal trashes subsequent field, therefore we call it
+	 * on fields in reverse order */
+#define GET_OCTAL(a) getOctal((a), sizeof(a))
+	if (tar.devmajor[0]) {
+		unsigned minor = GET_OCTAL(tar.devminor);
+		unsigned major = GET_OCTAL(tar.devmajor);
+		file_header->device = makedev(major, minor);
 	}
-
+	file_header->mtime = GET_OCTAL(tar.mtime);
+	file_header->size = GET_OCTAL(tar.size);
+	file_header->gid = GET_OCTAL(tar.gid);
+	file_header->uid = GET_OCTAL(tar.uid);
+	file_header->link_name = !tar.linkname[0] ? NULL :
+			xstrndup(tar.linkname, sizeof(tar.linkname));
 	/* Set bits 0-11 of the files mode */
-	file_header->mode = 07777 & xstrtoul(tar.formatted.mode, 8);
+	file_header->mode = 07777 & GET_OCTAL(tar.mode);
+#undef GET_OCTAL
 
 	/* Set bits 12-15 of the files mode */
-	switch (tar.formatted.typeflag) {
+	switch (tar.typeflag) {
 	/* busybox identifies hard links as being regular files with 0 size and a link name */
 	case '1':
 		file_header->mode |= S_IFREG;
@@ -138,7 +163,7 @@ char get_header_tar(archive_handle_t *archive_handle)
 			file_header->mode |= S_IFDIR;
 		} else
 #endif
-			file_header->mode |= S_IFREG;
+		file_header->mode |= S_IFREG;
 		break;
 	case '2':
 		file_header->mode |= S_IFLNK;
@@ -156,42 +181,36 @@ char get_header_tar(archive_handle_t *archive_handle)
 		file_header->mode |= S_IFIFO;
 		break;
 #ifdef CONFIG_FEATURE_TAR_GNU_EXTENSIONS
-	case 'L': {
-			longname = xzalloc(file_header->size + 1);
-			xread(archive_handle->src_fd, longname, file_header->size);
-			archive_handle->offset += file_header->size;
-
-			return get_header_tar(archive_handle);
-		}
-	case 'K': {
-			linkname = xzalloc(file_header->size + 1);
-			xread(archive_handle->src_fd, linkname, file_header->size);
-			archive_handle->offset += file_header->size;
-
-			file_header->name = linkname;
-			return get_header_tar(archive_handle);
-		}
+	case 'L':
+		longname = xzalloc(file_header->size + 1);
+		xread(archive_handle->src_fd, longname, file_header->size);
+		archive_handle->offset += file_header->size;
+		return get_header_tar(archive_handle);
+	case 'K':
+		linkname = xzalloc(file_header->size + 1);
+		xread(archive_handle->src_fd, linkname, file_header->size);
+		archive_handle->offset += file_header->size;
+		file_header->name = linkname;
+		return get_header_tar(archive_handle);
 	case 'D':	/* GNU dump dir */
-	case 'M':	/* Continuation of multi volume archive*/
+	case 'M':	/* Continuation of multi volume archive */
 	case 'N':	/* Old GNU for names > 100 characters */
 	case 'S':	/* Sparse file */
 	case 'V':	/* Volume header */
 #endif
 	case 'g':	/* pax global header */
 	case 'x':	/* pax extended header */
-		bb_error_msg("ignoring extension type %c", tar.formatted.typeflag);
+		bb_error_msg("ignoring extension type %c", tar.typeflag);
 		break;
 	default:
-		bb_error_msg("unknown typeflag: 0x%x", tar.formatted.typeflag);
-	}
-	{	/* Strip trailing '/' in directories */
-		/* Must be done after mode is set as '/' is used to check if its a directory */
-		char *tmp = last_char_is(file_header->name, '/');
-		if (tmp) {
-			*tmp = '\0';
-		}
+		bb_error_msg("unknown typeflag: 0x%x", tar.typeflag);
 	}
 
+	/* Strip trailing '/' in directories */
+	/* Must be done after mode is set as '/' is used to check if its a directory */
+	cp = last_char_is(file_header->name, '/');
+	if (cp) *cp = '\0';
+
 	if (archive_handle->filter(archive_handle) == EXIT_SUCCESS) {
 		archive_handle->action_header(archive_handle->file_header);
 		archive_handle->flags |= ARCHIVE_EXTRACT_QUIET;
-- 
cgit v1.2.3