sbase/tar.c

435 lines
9.8 KiB
C
Raw Normal View History

2013-07-18 15:15:35 +00:00
/* See LICENSE file for copyright and license details. */
#include <sys/stat.h>
#include <sys/time.h>
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
#include <errno.h>
#include <grp.h>
#include <libgen.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
2013-07-18 15:15:35 +00:00
#include <string.h>
#include <unistd.h>
#include "fs.h"
2013-07-18 15:15:35 +00:00
#include "util.h"
2015-02-16 18:47:36 +00:00
struct header {
2013-07-18 15:15:35 +00:00
char name[100];
char mode[8];
char uid[8];
char gid[8];
char size[12];
char mtime[12];
char chksum[8];
char type;
char link[100];
char magic[6];
char version[2];
2013-07-18 15:15:35 +00:00
char uname[32];
char gname[32];
char major[8];
char minor[8];
char prefix[155];
2013-07-18 15:15:35 +00:00
};
2015-02-16 18:47:36 +00:00
#define BLKSIZ 512
2013-07-18 15:15:35 +00:00
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
#undef major
#define major(dev) ((int)(((unsigned int)(dev) >> 8) & 0xff))
#undef minor
#define minor(dev) ((int)((dev) & 0xff))
#undef makedev
#define makedev(major, minor) (((major) << 8) | (minor))
2013-07-18 15:15:35 +00:00
enum Type {
REG = '0', AREG = '\0', HARDLINK = '1', SYMLINK = '2', CHARDEV = '3',
2013-07-19 16:05:28 +00:00
BLOCKDEV = '4', DIRECTORY = '5', FIFO = '6'
2013-07-18 15:15:35 +00:00
};
static FILE *tarfile;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
static char *tarfilename;
static ino_t tarinode;
static dev_t tardev;
2013-07-18 15:15:35 +00:00
2015-02-16 18:47:36 +00:00
static int mflag;
static char filtermode = '\0';
2013-07-18 15:15:35 +00:00
static FILE *
decomp(FILE *fp)
2013-07-18 15:15:35 +00:00
{
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
int fds[2];
char *tool;
if (pipe(fds) < 0)
eprintf("pipe:");
switch (fork()) {
case -1:
eprintf("fork:");
case 0:
dup2(fileno(fp), 0);
dup2(fds[1], 1);
close(fds[0]);
close(fds[1]);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
tool = (filtermode == 'j') ? "bzip2" : "gzip";
execlp(tool, tool, "-cd", NULL);
weprintf("execlp %s:", tool);
_exit(1);
2013-07-18 15:15:35 +00:00
}
close(fds[1]);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
return fdopen(fds[0], "r");
2013-07-18 15:15:35 +00:00
}
static void
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
putoctal(char *dst, unsigned num, int size)
2013-07-18 15:15:35 +00:00
{
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (snprintf(dst, size, "%.*o", size - 1, num) >= size)
eprintf("snprintf: input number too large\n");
2013-07-18 15:15:35 +00:00
}
static int
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
archive(const char *path)
2013-07-18 15:15:35 +00:00
{
2015-03-03 10:26:59 +00:00
FILE *f = NULL;
2015-02-16 18:47:36 +00:00
struct group *gr;
struct header *h;
struct passwd *pw;
struct stat st;
2015-03-03 10:26:59 +00:00
size_t chksum, x;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
ssize_t l, r;
2015-02-16 18:47:36 +00:00
unsigned char b[BLKSIZ];
2013-07-18 15:15:35 +00:00
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (lstat(path, &st) < 0) {
weprintf("lstat %s:", path);
return 0;
} else if (st.st_ino == tarinode && st.st_dev == tardev) {
weprintf("ignoring %s\n", path);
return 0;
}
errno = 0;
if (!(pw = getpwuid(st.st_uid)) && errno) {
weprintf("getpwuid:");
return 0;
}
errno = 0;
if (!(gr = getgrgid(st.st_gid)) && errno) {
weprintf("getgrgid:");
return 0;
}
2013-07-18 15:15:35 +00:00
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
h = (void *)b;
2015-02-16 18:47:36 +00:00
memset(b, 0, sizeof(b));
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
estrlcpy(h->name, path, sizeof(h->name));
putoctal(h->mode, (unsigned)st.st_mode & 0777, sizeof(h->mode));
putoctal(h->uid, (unsigned)st.st_uid, sizeof(h->uid));
putoctal(h->gid, (unsigned)st.st_gid, sizeof(h->gid));
putoctal(h->size, 0, sizeof(h->size));
putoctal(h->mtime, (unsigned)st.st_mtime, sizeof(h->mtime));
memcpy( h->magic, "ustar", sizeof(h->magic));
memcpy( h->version, "00", sizeof(h->version));
estrlcpy(h->uname, pw ? pw->pw_name : "", sizeof(h->uname));
estrlcpy(h->gname, gr ? gr->gr_name : "", sizeof(h->gname));
if (S_ISREG(st.st_mode)) {
2013-07-18 15:15:35 +00:00
h->type = REG;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
putoctal(h->size, (unsigned)st.st_size, sizeof(h->size));
2013-07-18 15:15:35 +00:00
f = fopen(path, "r");
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
} else if (S_ISDIR(st.st_mode)) {
2013-07-18 15:15:35 +00:00
h->type = DIRECTORY;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
} else if (S_ISLNK(st.st_mode)) {
2013-07-18 15:15:35 +00:00
h->type = SYMLINK;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if ((r = readlink(path, h->link, sizeof(h->link) - 1)) < 0)
eprintf("readlink %s:", path);
h->link[r] = '\0';
} else if (S_ISCHR(st.st_mode) || S_ISBLK(st.st_mode)) {
h->type = S_ISCHR(st.st_mode) ? CHARDEV : BLOCKDEV;
putoctal(h->major, (unsigned)major(st.st_dev), sizeof(h->major));
putoctal(h->minor, (unsigned)minor(st.st_dev), sizeof(h->minor));
} else if (S_ISFIFO(st.st_mode)) {
2013-07-18 15:15:35 +00:00
h->type = FIFO;
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
memset(h->chksum, ' ', sizeof(h->chksum));
for (x = 0, chksum = 0; x < sizeof(*h); x++)
2013-07-18 15:15:35 +00:00
chksum += b[x];
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
putoctal(h->chksum, chksum, sizeof(h->chksum));
2013-07-18 15:15:35 +00:00
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (fwrite(b, BLKSIZ, 1, tarfile) != 1)
eprintf("fwrite:");
if (f) {
while ((l = fread(b, 1, BLKSIZ, f)) > 0) {
if (l < BLKSIZ)
memset(b + l, 0, BLKSIZ - l);
if (fwrite(b, BLKSIZ, 1, tarfile) != 1)
eprintf("fwrite:");
}
Add *fshut() functions to properly flush file streams This has been a known issue for a long time. Example: printf "word" > /dev/full wouldn't report there's not enough space on the device. This is due to the fact that every libc has internal buffers for stdout which store fragments of written data until they reach a certain size or on some callback to flush them all at once to the kernel. You can force the libc to flush them with fflush(). In case flushing fails, you can check the return value of fflush() and report an error. However, previously, sbase didn't have such checks and without fflush(), the libc silently flushes the buffers on exit without checking the errors. No offense, but there's no way for the libc to report errors in the exit- condition. GNU coreutils solve this by having onexit-callbacks to handle the flushing and report issues, but they have obvious deficiencies. After long discussions on IRC, we came to the conclusion that checking the return value of every io-function would be a bit too much, and having a general-purpose fclose-wrapper would be the best way to go. It turned out that fclose() alone is not enough to detect errors. The right way to do it is to fflush() + check ferror on the fp and then to a fclose(). This is what fshut does and that's how it's done before each return. The return value is obviously affected, reporting an error in case a flush or close failed, but also when reading failed for some reason, the error- state is caught. the !!( ... + ...) construction is used to call all functions inside the brackets and not "terminating" on the first. We want errors to be reported, but there's no reason to stop flushing buffers when one other file buffer has issues. Obviously, functionales come before the flush and ret-logic comes after to prevent early exits as well without reporting warnings if there are any. One more advantage of fshut() is that it is even able to report errors on obscure NFS-setups which the other coreutils are unable to detect, because they only check the return-value of fflush() and fclose(), not ferror() as well.
2015-04-04 19:25:17 +00:00
efshut(f, path);
2013-07-18 15:15:35 +00:00
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
2013-07-19 16:05:28 +00:00
return 0;
2013-07-18 15:15:35 +00:00
}
static int
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
unarchive(char *fname, ssize_t l, char b[BLKSIZ])
2013-07-18 15:15:35 +00:00
{
FILE *f = NULL;
struct timeval times[2];
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
struct header *h = (void *)b;
long mode, major, minor, type, mtime, uid, gid;
char lname[101], *tmp, *p;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (!mflag && ((mtime = strtol(h->mtime, &p, 8)) < 0 || *p != '\0'))
eprintf("strtol %s: invalid number\n", h->mtime);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (unlink(fname) < 0 && errno != ENOENT && errno != EISDIR)
eprintf("unlink %s:", fname);
2013-07-18 15:15:35 +00:00
2015-04-20 16:32:15 +00:00
tmp = estrdup(fname);
mkdirp(dirname(tmp));
free(tmp);
switch (h->type) {
2013-07-18 15:15:35 +00:00
case REG:
case AREG:
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->mode);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (!(f = fopen(fname, "w")))
eprintf("fopen %s:", fname);
if (chmod(fname, mode) < 0)
eprintf("chmod %s:", fname);
2013-07-18 15:15:35 +00:00
break;
case HARDLINK:
case SYMLINK:
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
estrlcpy(lname, h->link, sizeof(lname));
if (((h->type == HARDLINK) ? link : symlink)(lname, fname) < 0)
eprintf("%s %s -> %s:",
(h->type == HARDLINK) ? "link" : "symlink",
fname, lname);
2013-07-18 15:15:35 +00:00
break;
case DIRECTORY:
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->mode);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (mkdir(fname, (mode_t)mode) < 0 && errno != EEXIST)
eprintf("mkdir %s:", fname);
2013-07-18 15:15:35 +00:00
break;
case CHARDEV:
case BLOCKDEV:
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->mode);
if ((major = strtol(h->major, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->major);
if ((minor = strtol(h->minor, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->minor);
2013-07-18 15:15:35 +00:00
type = (h->type == CHARDEV) ? S_IFCHR : S_IFBLK;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (mknod(fname, type | mode, makedev(major, minor)) < 0)
eprintf("mknod %s:", fname);
2013-07-18 15:15:35 +00:00
break;
case FIFO:
if ((mode = strtol(h->mode, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->mode);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (mknod(fname, S_IFIFO | mode, 0) < 0)
eprintf("mknod %s:", fname);
2013-07-18 15:15:35 +00:00
break;
default:
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
eprintf("unsupported tar-filetype %c\n", h->type);
2013-07-18 15:15:35 +00:00
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if ((uid = strtol(h->uid, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->uid);
if ((gid = strtol(h->gid, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->gid);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (!getuid() && chown(fname, uid, gid))
eprintf("chown %s:", fname);
2013-07-18 15:15:35 +00:00
2015-02-16 18:47:36 +00:00
for (; l > 0; l -= BLKSIZ) {
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (fread(b, BLKSIZ, 1, tarfile) != 1)
eprintf("fread %s:", tarfilename);
if (f && fwrite(b, MIN(l, BLKSIZ), 1, f) != 1)
eprintf("fwrite %s:", fname);
2013-07-18 15:15:35 +00:00
}
Add *fshut() functions to properly flush file streams This has been a known issue for a long time. Example: printf "word" > /dev/full wouldn't report there's not enough space on the device. This is due to the fact that every libc has internal buffers for stdout which store fragments of written data until they reach a certain size or on some callback to flush them all at once to the kernel. You can force the libc to flush them with fflush(). In case flushing fails, you can check the return value of fflush() and report an error. However, previously, sbase didn't have such checks and without fflush(), the libc silently flushes the buffers on exit without checking the errors. No offense, but there's no way for the libc to report errors in the exit- condition. GNU coreutils solve this by having onexit-callbacks to handle the flushing and report issues, but they have obvious deficiencies. After long discussions on IRC, we came to the conclusion that checking the return value of every io-function would be a bit too much, and having a general-purpose fclose-wrapper would be the best way to go. It turned out that fclose() alone is not enough to detect errors. The right way to do it is to fflush() + check ferror on the fp and then to a fclose(). This is what fshut does and that's how it's done before each return. The return value is obviously affected, reporting an error in case a flush or close failed, but also when reading failed for some reason, the error- state is caught. the !!( ... + ...) construction is used to call all functions inside the brackets and not "terminating" on the first. We want errors to be reported, but there's no reason to stop flushing buffers when one other file buffer has issues. Obviously, functionales come before the flush and ret-logic comes after to prevent early exits as well without reporting warnings if there are any. One more advantage of fshut() is that it is even able to report errors on obscure NFS-setups which the other coreutils are unable to detect, because they only check the return-value of fflush() and fclose(), not ferror() as well.
2015-04-04 19:25:17 +00:00
if (f)
fshut(f, fname);
if (!mflag) {
times[0].tv_sec = times[1].tv_sec = mtime;
times[0].tv_usec = times[1].tv_usec = 0;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (utimes(fname, times) < 0)
eprintf("utimes %s:", fname);
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
2013-07-18 15:15:35 +00:00
return 0;
}
static int
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
print(char *fname, ssize_t l, char b[BLKSIZ])
2013-07-18 15:15:35 +00:00
{
puts(fname);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
2015-02-16 18:47:36 +00:00
for (; l > 0; l -= BLKSIZ)
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (fread(b, BLKSIZ, 1, tarfile) != 1)
eprintf("fread %s:", tarfilename);
2013-07-18 15:15:35 +00:00
return 0;
}
static void
Refactor recurse() again Okay, why yet another recurse()-refactor? The last one added the recursor-struct, which simplified things on the user-end, but there was still one thing that bugged me a lot: Previously, all fn()'s were forced to (l)stat the paths themselves. This does not work well when you try to keep up with H-, L- and P- flags at the same time, as each utility-function would have to set the right function-pointer for (l)stat every single time. This is not desirable. Furthermore, recurse should be easy to use and not involve trouble finding the right (l)stat-function to do it right. So, what we needed was a stat-argument for each fn(), so it is directly accessible. This was impossible to do though when the fn()'s are still directly called by the programs to "start" the recurse. Thus, the fundamental change is to make recurse() the function to go, while designing the fn()'s in a way they can "live" with st being NULL (we don't want a null-pointer-deref). What you can see in this commit is the result of this work. Why all this trouble instead of using nftw? The special thing about recurse() is that you tell the function when to recurse() in your fn(). You don't need special flags to tell nftw() to skip the subtree, just to give an example. The only single downside to this is that now, you are not allowed to unconditionally call recurse() from your fn(). It has to be a directory. However, that is a cost I think is easily weighed up by the advantages. Another thing is the history: I added a procedure at the end of the outmost recurse to free the history. This way we don't leak memory. A simple optimization on the side: - if (h->dev == st.st_dev && h->ino == st.st_ino) + if (h->ino == st.st_ino && h->dev == st.st_dev) First compare the likely difference in inode-numbers instead of checking the unlikely condition that the device-numbers are different.
2015-03-18 23:53:42 +00:00
c(const char *path, struct stat *st, void *data, struct recursor *r)
2013-07-18 15:15:35 +00:00
{
archive(path);
Refactor recurse() again Okay, why yet another recurse()-refactor? The last one added the recursor-struct, which simplified things on the user-end, but there was still one thing that bugged me a lot: Previously, all fn()'s were forced to (l)stat the paths themselves. This does not work well when you try to keep up with H-, L- and P- flags at the same time, as each utility-function would have to set the right function-pointer for (l)stat every single time. This is not desirable. Furthermore, recurse should be easy to use and not involve trouble finding the right (l)stat-function to do it right. So, what we needed was a stat-argument for each fn(), so it is directly accessible. This was impossible to do though when the fn()'s are still directly called by the programs to "start" the recurse. Thus, the fundamental change is to make recurse() the function to go, while designing the fn()'s in a way they can "live" with st being NULL (we don't want a null-pointer-deref). What you can see in this commit is the result of this work. Why all this trouble instead of using nftw? The special thing about recurse() is that you tell the function when to recurse() in your fn(). You don't need special flags to tell nftw() to skip the subtree, just to give an example. The only single downside to this is that now, you are not allowed to unconditionally call recurse() from your fn(). It has to be a directory. However, that is a cost I think is easily weighed up by the advantages. Another thing is the history: I added a procedure at the end of the outmost recurse to free the history. This way we don't leak memory. A simple optimization on the side: - if (h->dev == st.st_dev && h->ino == st.st_ino) + if (h->ino == st.st_ino && h->dev == st.st_dev) First compare the likely difference in inode-numbers instead of checking the unlikely condition that the device-numbers are different.
2015-03-18 23:53:42 +00:00
if (st && S_ISDIR(st->st_mode))
recurse(path, NULL, r);
2013-07-18 15:15:35 +00:00
}
static void
sanitize(struct header *h)
{
size_t i, j;
struct {
char *f;
size_t l;
} fields[] = {
{ h->mode, sizeof(h->mode) },
{ h->uid, sizeof(h->uid) },
{ h->gid, sizeof(h->gid) },
{ h->size, sizeof(h->size) },
{ h->mtime, sizeof(h->mtime) },
{ h->chksum, sizeof(h->chksum) },
{ h->major, sizeof(h->major) },
{ h->minor, sizeof(h->minor) }
};
/* Numeric fields can be terminated with spaces instead of
* NULs as per the ustar specification. Patch all of them to
* use NULs so we can perform string operations on them. */
for (i = 0; i < LEN(fields); i++)
for (j = 0; j < fields[i].l; j++)
if (fields[i].f[j] == ' ')
fields[i].f[j] = '\0';
}
static void
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
xt(int (*fn)(char *, ssize_t, char[BLKSIZ]))
2013-07-18 15:15:35 +00:00
{
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
struct header *h;
long size;
char b[BLKSIZ], fname[256 + 1], *p;
h = (void *)b;
while (fread(b, BLKSIZ, 1, tarfile) == 1 && *(h->name)) {
sanitize(h);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
fname[0] = '\0';
if (*(h->prefix)) {
estrlcat(fname, h->prefix, sizeof(fname));
estrlcat(fname, "/", sizeof(fname));
}
estrlcat(fname, h->name, sizeof(fname));
if ((size = strtol(h->size, &p, 8)) < 0 || *p != '\0')
eprintf("strtol %s: invalid number\n", h->size);
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
fn(fname, size, b);
2013-07-18 15:15:35 +00:00
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (ferror(tarfile))
eprintf("fread %s:", tarfilename);
2013-07-18 15:15:35 +00:00
}
static void
usage(void)
{
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
eprintf("usage: %s [-C dir] [-j | -z] -x [-m | -t] [-f file]\n"
" %s [-C dir] [-h] -c dir [-f file]\n", argv0, argv0);
}
int
main(int argc, char *argv[])
{
FILE *fp;
struct recursor r = { .fn = c, .hist = NULL, .depth = 0, .maxdepth = 0,
.follow = 'P', .flags = DIRFIRST };
2015-02-16 18:47:36 +00:00
struct stat st;
char *file = NULL, *dir = ".", mode = '\0';
ARGBEGIN {
case 'x':
case 'c':
case 't':
mode = ARGC();
break;
case 'C':
dir = EARGF(usage());
break;
case 'f':
file = EARGF(usage());
break;
case 'm':
mflag = 1;
break;
case 'j':
case 'z':
filtermode = ARGC();
break;
case 'h':
r.follow = 'L';
break;
default:
usage();
} ARGEND;
if (!mode || argc != (mode == 'c'))
usage();
if (mode == 'c' && filtermode)
usage();
switch (mode) {
case 'c':
if (file) {
if (!(fp = fopen(file, "w")))
eprintf("fopen %s:", file);
if (lstat(file, &st) < 0)
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
eprintf("lstat %s:", file);
tarinode = st.st_ino;
tardev = st.st_dev;
tarfile = fp;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
tarfilename = file;
} else {
tarfile = stdout;
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
tarfilename = "<stdout>";
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (chdir(dir) < 0)
eprintf("chdir %s:", dir);
Refactor recurse() again Okay, why yet another recurse()-refactor? The last one added the recursor-struct, which simplified things on the user-end, but there was still one thing that bugged me a lot: Previously, all fn()'s were forced to (l)stat the paths themselves. This does not work well when you try to keep up with H-, L- and P- flags at the same time, as each utility-function would have to set the right function-pointer for (l)stat every single time. This is not desirable. Furthermore, recurse should be easy to use and not involve trouble finding the right (l)stat-function to do it right. So, what we needed was a stat-argument for each fn(), so it is directly accessible. This was impossible to do though when the fn()'s are still directly called by the programs to "start" the recurse. Thus, the fundamental change is to make recurse() the function to go, while designing the fn()'s in a way they can "live" with st being NULL (we don't want a null-pointer-deref). What you can see in this commit is the result of this work. Why all this trouble instead of using nftw? The special thing about recurse() is that you tell the function when to recurse() in your fn(). You don't need special flags to tell nftw() to skip the subtree, just to give an example. The only single downside to this is that now, you are not allowed to unconditionally call recurse() from your fn(). It has to be a directory. However, that is a cost I think is easily weighed up by the advantages. Another thing is the history: I added a procedure at the end of the outmost recurse to free the history. This way we don't leak memory. A simple optimization on the side: - if (h->dev == st.st_dev && h->ino == st.st_ino) + if (h->ino == st.st_ino && h->dev == st.st_dev) First compare the likely difference in inode-numbers instead of checking the unlikely condition that the device-numbers are different.
2015-03-18 23:53:42 +00:00
recurse(argv[0], NULL, &r);
break;
case 't':
case 'x':
if (file) {
if (!(fp = fopen(file, "r")))
eprintf("fopen %s:", file);
} else {
fp = stdin;
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
tarfilename = file;
switch (filtermode) {
case 'j':
case 'z':
tarfile = decomp(fp);
break;
default:
tarfile = fp;
break;
}
Audit tar(1), add DIRFIRST-flag to recurse() I've been wanting to do this for a while now, as tar(1) used to be one of messiest and cruftiest tools. First off, before walking through the audit, I'll talk about what the DIRFIRST-flag for recurse() does. It basically calls fn() on the first-level-dir before calling it's subentries. It's necessary here, because else the order of the tar-files would've been wrong (it would try to create dir/file before creating dir/). Now, to the audit: 1) Update manpage, fix mistake that compression is also available for compressing. It's only available for extracting. 2) Define the major, minor and makedev macros from glibc by ourselves. No need to rely on them, as they are common sense. decomp() 3) Simple refactorization. putoctal() 4) Add a truncation check for snprintf(). archive() 5) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 6) Use estrlcpy() instead of snprintf() wherever possible, fix alignment. 7) BUGFIX: Terminate the result-buffer of readlink(), check if it even succeeded. 8) Fix sizeof()-formatting. unarchive() 9) BUGFIX: Add checks to any checkable function, don't blindly call them, this is harmful and there are 100 ways to exploit that. 10) BUGFIX: strtoul can happily return negative numbers. Add checks for that and also if the full string has been processed. 11) Remove calls to perror(). We have eprintf, use it. 12) BUGFIX: "minor = strtoul(h->mode, 0, 8);". We need h->minor of course. 13) Fix typo "usupported", remove fprintf-call. print() 14) Check fread(). xt() 15) Get rid of snprintf-magic. Use estrlcat(). 16) BUGFIX: check for ferror() on the tarfile. usage() 17) Update it. The old usage() was like 1000 years old. main() 18) Add DIRFIRST-flag to the recursor. 19) Don't print usage() when a mode is re-set. We allow this in general. 20) Add function checks and fix error messages. 21) Add tarfilename-global for proper error-messages.
2015-03-21 00:03:35 +00:00
if (chdir(dir) < 0)
eprintf("chdir %s:", dir);
xt((mode == 'x') ? unarchive : print);
break;
}
return recurse_status;
}