get_header_tar.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479
  1. /* vi: set sw=4 ts=4: */
  2. /* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
  3. *
  4. * FIXME:
  5. * In privileged mode if uname and gname map to a uid and gid then use the
  6. * mapped value instead of the uid/gid values in tar header
  7. *
  8. * References:
  9. * GNU tar and star man pages,
  10. * Opengroup's ustar interchange format,
  11. * http://www.opengroup.org/onlinepubs/007904975/utilities/pax.html
  12. */
  13. #include "libbb.h"
  14. #include "unarchive.h"
  15. typedef uint32_t aliased_uint32_t FIX_ALIASING;
  16. typedef off_t aliased_off_t FIX_ALIASING;
  17. /* NB: _DESTROYS_ str[len] character! */
  18. static unsigned long long getOctal(char *str, int len)
  19. {
  20. unsigned long long v;
  21. char *end;
  22. /* NB: leading spaces are allowed. Using strtoull to handle that.
  23. * The downside is that we accept e.g. "-123" too :(
  24. */
  25. str[len] = '\0';
  26. v = strtoull(str, &end, 8);
  27. /* std: "Each numeric field is terminated by one or more
  28. * <space> or NUL characters". We must support ' '! */
  29. if (*end != '\0' && *end != ' ') {
  30. int8_t first = str[0];
  31. if (!(first & 0x80))
  32. bb_error_msg_and_die("corrupted octal value in tar header");
  33. /*
  34. * GNU tar uses "base-256 encoding" for very large numbers.
  35. * Encoding is binary, with highest bit always set as a marker
  36. * and sign in next-highest bit:
  37. * 80 00 .. 00 - zero
  38. * bf ff .. ff - largest positive number
  39. * ff ff .. ff - minus 1
  40. * c0 00 .. 00 - smallest negative number
  41. *
  42. * Example of tar file with 8914993153 (0x213600001) byte file.
  43. * Field starts at offset 7c:
  44. * 00070 30 30 30 00 30 30 30 30 30 30 30 00 80 00 00 00 |000.0000000.....|
  45. * 00080 00 00 00 02 13 60 00 01 31 31 31 32 30 33 33 36 |.....`..11120336|
  46. *
  47. * NB: tarballs with NEGATIVE unix times encoded that way were seen!
  48. */
  49. v = first;
  50. /* Sign-extend using 6th bit: */
  51. v <<= sizeof(unsigned long long)*8 - 7;
  52. v = (long long)v >> (sizeof(unsigned long long)*8 - 7);
  53. while (--len != 0)
  54. v = (v << 8) + (unsigned char) *str++;
  55. }
  56. return v;
  57. }
  58. #define GET_OCTAL(a) getOctal((a), sizeof(a))
  59. #if ENABLE_FEATURE_TAR_SELINUX
  60. /* Scan a PAX header for SELinux contexts, via "RHT.security.selinux" keyword.
  61. * This is what Red Hat's patched version of tar uses.
  62. */
  63. # define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
  64. static char *get_selinux_sctx_from_pax_hdr(archive_handle_t *archive_handle, unsigned sz)
  65. {
  66. char *buf, *p;
  67. char *result;
  68. p = buf = xmalloc(sz + 1);
  69. /* prevent bb_strtou from running off the buffer */
  70. buf[sz] = '\0';
  71. xread(archive_handle->src_fd, buf, sz);
  72. archive_handle->offset += sz;
  73. result = NULL;
  74. while (sz != 0) {
  75. char *end, *value;
  76. unsigned len;
  77. /* Every record has this format: "LEN NAME=VALUE\n" */
  78. len = bb_strtou(p, &end, 10);
  79. /* expect errno to be EINVAL, because the character
  80. * following the digits should be a space
  81. */
  82. p += len;
  83. sz -= len;
  84. if ((int)sz < 0
  85. || len == 0
  86. || errno != EINVAL
  87. || *end != ' '
  88. ) {
  89. bb_error_msg("malformed extended header, skipped");
  90. // More verbose version:
  91. //bb_error_msg("malformed extended header at %"OFF_FMT"d, skipped",
  92. // archive_handle->offset - (sz + len));
  93. break;
  94. }
  95. /* overwrite the terminating newline with NUL
  96. * (we do not bother to check that it *was* a newline)
  97. */
  98. p[-1] = '\0';
  99. /* Is it selinux security context? */
  100. value = end + 1;
  101. if (strncmp(value, SELINUX_CONTEXT_KEYWORD"=", sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1) == 0) {
  102. value += sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1;
  103. result = xstrdup(value);
  104. break;
  105. }
  106. }
  107. free(buf);
  108. return result;
  109. }
  110. #endif
  111. void BUG_tar_header_size(void);
  112. char FAST_FUNC get_header_tar(archive_handle_t *archive_handle)
  113. {
  114. file_header_t *file_header = archive_handle->file_header;
  115. struct {
  116. /* ustar header, Posix 1003.1 */
  117. char name[100]; /* 0-99 */
  118. char mode[8]; /* 100-107 */
  119. char uid[8]; /* 108-115 */
  120. char gid[8]; /* 116-123 */
  121. char size[12]; /* 124-135 */
  122. char mtime[12]; /* 136-147 */
  123. char chksum[8]; /* 148-155 */
  124. char typeflag; /* 156-156 */
  125. char linkname[100]; /* 157-256 */
  126. /* POSIX: "ustar" NUL "00" */
  127. /* GNU tar: "ustar " NUL */
  128. /* Normally it's defined as magic[6] followed by
  129. * version[2], but we put them together to simplify code
  130. */
  131. char magic[8]; /* 257-264 */
  132. char uname[32]; /* 265-296 */
  133. char gname[32]; /* 297-328 */
  134. char devmajor[8]; /* 329-336 */
  135. char devminor[8]; /* 337-344 */
  136. char prefix[155]; /* 345-499 */
  137. char padding[12]; /* 500-512 */
  138. } tar;
  139. char *cp;
  140. int i, sum_u, sum;
  141. #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
  142. int sum_s;
  143. #endif
  144. int parse_names;
  145. /* Our "private data" */
  146. #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
  147. # define p_longname (archive_handle->tar__longname)
  148. # define p_linkname (archive_handle->tar__linkname)
  149. #else
  150. # define p_longname 0
  151. # define p_linkname 0
  152. #endif
  153. if (sizeof(tar) != 512)
  154. BUG_tar_header_size();
  155. #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS || ENABLE_FEATURE_TAR_SELINUX
  156. again:
  157. #endif
  158. /* Align header */
  159. data_align(archive_handle, 512);
  160. again_after_align:
  161. #if ENABLE_DESKTOP || ENABLE_FEATURE_TAR_AUTODETECT
  162. /* to prevent misdetection of bz2 sig */
  163. *(aliased_uint32_t*)&tar = 0;
  164. i = full_read(archive_handle->src_fd, &tar, 512);
  165. /* If GNU tar sees EOF in above read, it says:
  166. * "tar: A lone zero block at N", where N = kilobyte
  167. * where EOF was met (not EOF block, actual EOF!),
  168. * and exits with EXIT_SUCCESS.
  169. * We will mimic exit(EXIT_SUCCESS), although we will not mimic
  170. * the message and we don't check whether we indeed
  171. * saw zero block directly before this. */
  172. if (i == 0) {
  173. xfunc_error_retval = 0;
  174. short_read:
  175. bb_error_msg_and_die("short read");
  176. }
  177. if (i != 512) {
  178. IF_FEATURE_TAR_AUTODETECT(goto autodetect;)
  179. goto short_read;
  180. }
  181. #else
  182. i = 512;
  183. xread(archive_handle->src_fd, &tar, i);
  184. #endif
  185. archive_handle->offset += i;
  186. /* If there is no filename its an empty header */
  187. if (tar.name[0] == 0 && tar.prefix[0] == 0) {
  188. if (archive_handle->tar__end) {
  189. /* Second consecutive empty header - end of archive.
  190. * Read until the end to empty the pipe from gz or bz2
  191. */
  192. while (full_read(archive_handle->src_fd, &tar, 512) == 512)
  193. continue;
  194. return EXIT_FAILURE;
  195. }
  196. archive_handle->tar__end = 1;
  197. return EXIT_SUCCESS;
  198. }
  199. archive_handle->tar__end = 0;
  200. /* Check header has valid magic, "ustar" is for the proper tar,
  201. * five NULs are for the old tar format */
  202. if (strncmp(tar.magic, "ustar", 5) != 0
  203. && (!ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
  204. || memcmp(tar.magic, "\0\0\0\0", 5) != 0)
  205. ) {
  206. #if ENABLE_FEATURE_TAR_AUTODETECT
  207. char FAST_FUNC (*get_header_ptr)(archive_handle_t *);
  208. autodetect:
  209. /* tar gz/bz autodetect: check for gz/bz2 magic.
  210. * If we see the magic, and it is the very first block,
  211. * we can switch to get_header_tar_gz/bz2/lzma().
  212. * Needs seekable fd. I wish recv(MSG_PEEK) works
  213. * on any fd... */
  214. #if ENABLE_FEATURE_SEAMLESS_GZ
  215. if (tar.name[0] == 0x1f && tar.name[1] == (char)0x8b) { /* gzip */
  216. get_header_ptr = get_header_tar_gz;
  217. } else
  218. #endif
  219. #if ENABLE_FEATURE_SEAMLESS_BZ2
  220. if (tar.name[0] == 'B' && tar.name[1] == 'Z'
  221. && tar.name[2] == 'h' && isdigit(tar.name[3])
  222. ) { /* bzip2 */
  223. get_header_ptr = get_header_tar_bz2;
  224. } else
  225. #endif
  226. goto err;
  227. /* Two different causes for lseek() != 0:
  228. * unseekable fd (would like to support that too, but...),
  229. * or not first block (false positive, it's not .gz/.bz2!) */
  230. if (lseek(archive_handle->src_fd, -i, SEEK_CUR) != 0)
  231. goto err;
  232. while (get_header_ptr(archive_handle) == EXIT_SUCCESS)
  233. continue;
  234. return EXIT_FAILURE;
  235. err:
  236. #endif /* FEATURE_TAR_AUTODETECT */
  237. bb_error_msg_and_die("invalid tar magic");
  238. }
  239. /* Do checksum on headers.
  240. * POSIX says that checksum is done on unsigned bytes, but
  241. * Sun and HP-UX gets it wrong... more details in
  242. * GNU tar source. */
  243. #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
  244. sum_s = ' ' * sizeof(tar.chksum);
  245. #endif
  246. sum_u = ' ' * sizeof(tar.chksum);
  247. for (i = 0; i < 148; i++) {
  248. sum_u += ((unsigned char*)&tar)[i];
  249. #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
  250. sum_s += ((signed char*)&tar)[i];
  251. #endif
  252. }
  253. for (i = 156; i < 512; i++) {
  254. sum_u += ((unsigned char*)&tar)[i];
  255. #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
  256. sum_s += ((signed char*)&tar)[i];
  257. #endif
  258. }
  259. /* This field does not need special treatment (getOctal) */
  260. {
  261. char *endp; /* gcc likes temp var for &endp */
  262. sum = strtoul(tar.chksum, &endp, 8);
  263. if ((*endp != '\0' && *endp != ' ')
  264. || (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum))
  265. ) {
  266. bb_error_msg_and_die("invalid tar header checksum");
  267. }
  268. }
  269. /* don't use xstrtoul, tar.chksum may have leading spaces */
  270. sum = strtoul(tar.chksum, NULL, 8);
  271. if (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum)) {
  272. bb_error_msg_and_die("invalid tar header checksum");
  273. }
  274. /* 0 is reserved for high perf file, treat as normal file */
  275. if (!tar.typeflag) tar.typeflag = '0';
  276. parse_names = (tar.typeflag >= '0' && tar.typeflag <= '7');
  277. /* getOctal trashes subsequent field, therefore we call it
  278. * on fields in reverse order */
  279. if (tar.devmajor[0]) {
  280. char t = tar.prefix[0];
  281. /* we trash prefix[0] here, but we DO need it later! */
  282. unsigned minor = GET_OCTAL(tar.devminor);
  283. unsigned major = GET_OCTAL(tar.devmajor);
  284. file_header->device = makedev(major, minor);
  285. tar.prefix[0] = t;
  286. }
  287. file_header->link_target = NULL;
  288. if (!p_linkname && parse_names && tar.linkname[0]) {
  289. file_header->link_target = xstrndup(tar.linkname, sizeof(tar.linkname));
  290. /* FIXME: what if we have non-link object with link_target? */
  291. /* Will link_target be free()ed? */
  292. }
  293. #if ENABLE_FEATURE_TAR_UNAME_GNAME
  294. file_header->tar__uname = tar.uname[0] ? xstrndup(tar.uname, sizeof(tar.uname)) : NULL;
  295. file_header->tar__gname = tar.gname[0] ? xstrndup(tar.gname, sizeof(tar.gname)) : NULL;
  296. #endif
  297. file_header->mtime = GET_OCTAL(tar.mtime);
  298. file_header->size = GET_OCTAL(tar.size);
  299. file_header->gid = GET_OCTAL(tar.gid);
  300. file_header->uid = GET_OCTAL(tar.uid);
  301. /* Set bits 0-11 of the files mode */
  302. file_header->mode = 07777 & GET_OCTAL(tar.mode);
  303. file_header->name = NULL;
  304. if (!p_longname && parse_names) {
  305. /* we trash mode[0] here, it's ok */
  306. //tar.name[sizeof(tar.name)] = '\0'; - gcc 4.3.0 would complain
  307. tar.mode[0] = '\0';
  308. if (tar.prefix[0]) {
  309. /* and padding[0] */
  310. //tar.prefix[sizeof(tar.prefix)] = '\0'; - gcc 4.3.0 would complain
  311. tar.padding[0] = '\0';
  312. file_header->name = concat_path_file(tar.prefix, tar.name);
  313. } else
  314. file_header->name = xstrdup(tar.name);
  315. }
  316. /* Set bits 12-15 of the files mode */
  317. /* (typeflag was not trashed because chksum does not use getOctal) */
  318. switch (tar.typeflag) {
  319. /* busybox identifies hard links as being regular files with 0 size and a link name */
  320. case '1':
  321. file_header->mode |= S_IFREG;
  322. break;
  323. case '7':
  324. /* case 0: */
  325. case '0':
  326. #if ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
  327. if (last_char_is(file_header->name, '/')) {
  328. goto set_dir;
  329. }
  330. #endif
  331. file_header->mode |= S_IFREG;
  332. break;
  333. case '2':
  334. file_header->mode |= S_IFLNK;
  335. /* have seen tarballs with size field containing
  336. * the size of the link target's name */
  337. size0:
  338. file_header->size = 0;
  339. break;
  340. case '3':
  341. file_header->mode |= S_IFCHR;
  342. goto size0; /* paranoia */
  343. case '4':
  344. file_header->mode |= S_IFBLK;
  345. goto size0;
  346. case '5':
  347. IF_FEATURE_TAR_OLDGNU_COMPATIBILITY(set_dir:)
  348. file_header->mode |= S_IFDIR;
  349. goto size0;
  350. case '6':
  351. file_header->mode |= S_IFIFO;
  352. goto size0;
  353. #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
  354. case 'L':
  355. /* free: paranoia: tar with several consecutive longnames */
  356. free(p_longname);
  357. /* For paranoia reasons we allocate extra NUL char */
  358. p_longname = xzalloc(file_header->size + 1);
  359. /* We read ASCIZ string, including NUL */
  360. xread(archive_handle->src_fd, p_longname, file_header->size);
  361. archive_handle->offset += file_header->size;
  362. /* return get_header_tar(archive_handle); */
  363. /* gcc 4.1.1 didn't optimize it into jump */
  364. /* so we will do it ourself, this also saves stack */
  365. goto again;
  366. case 'K':
  367. free(p_linkname);
  368. p_linkname = xzalloc(file_header->size + 1);
  369. xread(archive_handle->src_fd, p_linkname, file_header->size);
  370. archive_handle->offset += file_header->size;
  371. /* return get_header_tar(archive_handle); */
  372. goto again;
  373. case 'D': /* GNU dump dir */
  374. case 'M': /* Continuation of multi volume archive */
  375. case 'N': /* Old GNU for names > 100 characters */
  376. case 'S': /* Sparse file */
  377. case 'V': /* Volume header */
  378. #endif
  379. #if !ENABLE_FEATURE_TAR_SELINUX
  380. case 'g': /* pax global header */
  381. case 'x': /* pax extended header */
  382. #else
  383. skip_ext_hdr:
  384. #endif
  385. {
  386. off_t sz;
  387. bb_error_msg("warning: skipping header '%c'", tar.typeflag);
  388. sz = (file_header->size + 511) & ~(off_t)511;
  389. archive_handle->offset += sz;
  390. sz >>= 9; /* sz /= 512 but w/o contortions for signed div */
  391. while (sz--)
  392. xread(archive_handle->src_fd, &tar, 512);
  393. /* return get_header_tar(archive_handle); */
  394. goto again_after_align;
  395. }
  396. #if ENABLE_FEATURE_TAR_SELINUX
  397. case 'g': /* pax global header */
  398. case 'x': { /* pax extended header */
  399. char **pp;
  400. if ((uoff_t)file_header->size > 0xfffff) /* paranoia */
  401. goto skip_ext_hdr;
  402. pp = (tar.typeflag == 'g') ? &archive_handle->tar__global_sctx : &archive_handle->tar__next_file_sctx;
  403. free(*pp);
  404. *pp = get_selinux_sctx_from_pax_hdr(archive_handle, file_header->size);
  405. goto again;
  406. }
  407. #endif
  408. default:
  409. bb_error_msg_and_die("unknown typeflag: 0x%x", tar.typeflag);
  410. }
  411. #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
  412. if (p_longname) {
  413. file_header->name = p_longname;
  414. p_longname = NULL;
  415. }
  416. if (p_linkname) {
  417. file_header->link_target = p_linkname;
  418. p_linkname = NULL;
  419. }
  420. #endif
  421. if (strncmp(file_header->name, "/../"+1, 3) == 0
  422. || strstr(file_header->name, "/../")
  423. ) {
  424. bb_error_msg_and_die("name with '..' encountered: '%s'",
  425. file_header->name);
  426. }
  427. /* Strip trailing '/' in directories */
  428. /* Must be done after mode is set as '/' is used to check if it's a directory */
  429. cp = last_char_is(file_header->name, '/');
  430. if (archive_handle->filter(archive_handle) == EXIT_SUCCESS) {
  431. archive_handle->action_header(/*archive_handle->*/ file_header);
  432. /* Note that we kill the '/' only after action_header() */
  433. /* (like GNU tar 1.15.1: verbose mode outputs "dir/dir/") */
  434. if (cp)
  435. *cp = '\0';
  436. //archive_handle->ah_flags |= ARCHIVE_EXTRACT_QUIET; // why??
  437. archive_handle->action_data(archive_handle);
  438. llist_add_to(&(archive_handle->passed), file_header->name);
  439. } else {
  440. data_skip(archive_handle);
  441. free(file_header->name);
  442. }
  443. archive_handle->offset += file_header->size;
  444. free(file_header->link_target);
  445. /* Do not free(file_header->name)! (why?) */
  446. #if ENABLE_FEATURE_TAR_UNAME_GNAME
  447. free(file_header->tar__uname);
  448. free(file_header->tar__gname);
  449. #endif
  450. return EXIT_SUCCESS;
  451. }