1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
|
#include <ustar.h>
#include <limits.h>
#include <packed.h>
#include <stdio.h>
#include <string.h>
/* Header for ustar-format tar archive. See the documentation of
the "pax" utility in [SUSv3] for the the "ustar" format
specification. */
struct ustar_header
{
char name[100]; /* File name. Null-terminated if room. */
char mode[8]; /* Permissions as octal string. */
char uid[8]; /* User ID as octal string. */
char gid[8]; /* Group ID as octal string. */
char size[12]; /* File size in bytes as octal string. */
char mtime[12]; /* Modification time in seconds
from Jan 1, 1970, as octal string. */
char chksum[8]; /* Sum of octets in header as octal string. */
char typeflag; /* An enum ustar_type value. */
char linkname[100]; /* Name of link target.
Null-terminated if room. */
char magic[6]; /* "ustar\0" */
char version[2]; /* "00" */
char uname[32]; /* User name, always null-terminated. */
char gname[32]; /* Group name, always null-terminated. */
char devmajor[8]; /* Device major number as octal string. */
char devminor[8]; /* Device minor number as octal string. */
char prefix[155]; /* Prefix to file name.
Null-terminated if room. */
char padding[12]; /* Pad to 512 bytes. */
}
PACKED;
/* Returns the checksum for the given ustar format HEADER. */
static unsigned int
calculate_chksum (const struct ustar_header *h)
{
const uint8_t *header = (const uint8_t *) h;
unsigned int chksum;
size_t i;
chksum = 0;
for (i = 0; i < USTAR_HEADER_SIZE; i++)
{
/* The ustar checksum is calculated as if the chksum field
were all spaces. */
const size_t chksum_start = offsetof (struct ustar_header, chksum);
const size_t chksum_end = chksum_start + sizeof h->chksum;
bool in_chksum_field = i >= chksum_start && i < chksum_end;
chksum += in_chksum_field ? ' ' : header[i];
}
return chksum;
}
/* Drop possibly dangerous prefixes from FILE_NAME and return the
stripped name. An archive with file names that start with "/"
or "../" could cause a naive tar extractor to write to
arbitrary parts of the file system, not just the destination
directory. We don't want to create such archives or be such a
naive extractor.
The return value can be a suffix of FILE_NAME or a string
literal. */
static const char *
strip_antisocial_prefixes (const char *file_name)
{
while (*file_name == '/'
|| !memcmp (file_name, "./", 2)
|| !memcmp (file_name, "../", 3))
file_name = strchr (file_name, '/') + 1;
return *file_name == '\0' || !strcmp (file_name, "..") ? "." : file_name;
}
/* Composes HEADER as a USTAR_HEADER_SIZE (512)-byte archive
header in ustar format for a SIZE-byte file named FILE_NAME of
the given TYPE. The caller is responsible for writing the
header to a file or device.
If successful, returns true. On failure (due to an
excessively long file name), returns false. */
bool
ustar_make_header (const char *file_name, enum ustar_type type,
int size, char header[USTAR_HEADER_SIZE])
{
struct ustar_header *h = (struct ustar_header *) header;
ASSERT (sizeof (struct ustar_header) == USTAR_HEADER_SIZE);
ASSERT (type == USTAR_REGULAR || type == USTAR_DIRECTORY);
/* Check file name. */
file_name = strip_antisocial_prefixes (file_name);
if (strlen (file_name) > 99)
{
printf ("%s: file name too long\n", file_name);
return false;
}
/* Fill in header except for final checksum. */
memset (h, 0, sizeof *h);
strlcpy (h->name, file_name, sizeof h->name);
snprintf (h->mode, sizeof h->mode, "%07o",
type == USTAR_REGULAR ? 0644 : 0755);
strlcpy (h->uid, "0000000", sizeof h->uid);
strlcpy (h->gid, "0000000", sizeof h->gid);
snprintf (h->size, sizeof h->size, "%011o", size);
snprintf (h->mtime, sizeof h->size, "%011o", 1136102400);
h->typeflag = type;
strlcpy (h->magic, "ustar", sizeof h->magic);
h->version[0] = h->version[1] = '0';
strlcpy (h->gname, "root", sizeof h->gname);
strlcpy (h->uname, "root", sizeof h->uname);
/* Compute and fill in final checksum. */
snprintf (h->chksum, sizeof h->chksum, "%07o", calculate_chksum (h));
return true;
}
/* Parses a SIZE-byte octal field in S in the format used by
ustar format. If successful, stores the field's value in
*VALUE and returns true; on failure, returns false.
ustar octal fields consist of a sequence of octal digits
terminated by a space or a null byte. The ustar specification
seems ambiguous as to whether these fields must be padded on
the left with '0's, so we accept any field that fits in the
available space, regardless of whether it fills the space. */
static bool
parse_octal_field (const char *s, size_t size, unsigned long int *value)
{
size_t ofs;
*value = 0;
for (ofs = 0; ofs < size; ofs++)
{
char c = s[ofs];
if (c >= '0' && c <= '7')
{
if (*value > ULONG_MAX / 8)
{
/* Overflow. */
return false;
}
*value = c - '0' + *value * 8;
}
else if (c == ' ' || c == '\0')
{
/* End of field, but disallow completely empty
fields. */
return ofs > 0;
}
else
{
/* Bad character. */
return false;
}
}
/* Field did not end in space or null byte. */
return false;
}
/* Returns true if the CNT bytes starting at BLOCK are all zero,
false otherwise. */
static bool
is_all_zeros (const char *block, size_t cnt)
{
while (cnt-- > 0)
if (*block++ != 0)
return false;
return true;
}
/* Parses HEADER as a ustar-format archive header for a regular
file or directory. If successful, stores the archived file's
name in *FILE_NAME (as a pointer into HEADER or a string
literal), its type in *TYPE, and its size in bytes in *SIZE,
and returns a null pointer. On failure, returns a
human-readable error message. */
const char *
ustar_parse_header (const char header[USTAR_HEADER_SIZE],
const char **file_name, enum ustar_type *type, int *size)
{
const struct ustar_header *h = (const struct ustar_header *) header;
unsigned long int chksum, size_ul;
ASSERT (sizeof (struct ustar_header) == USTAR_HEADER_SIZE);
/* Detect end of archive. */
if (is_all_zeros (header, USTAR_HEADER_SIZE))
{
*file_name = NULL;
*type = USTAR_EOF;
*size = 0;
return NULL;
}
/* Validate ustar header. */
if (memcmp (h->magic, "ustar", 6))
return "not a ustar archive";
else if (h->version[0] != '0' || h->version[1] != '0')
return "invalid ustar version";
else if (!parse_octal_field (h->chksum, sizeof h->chksum, &chksum))
return "corrupt chksum field";
else if (chksum != calculate_chksum (h))
return "checksum mismatch";
else if (h->name[sizeof h->name - 1] != '\0' || h->prefix[0] != '\0')
return "file name too long";
else if (h->typeflag != USTAR_REGULAR && h->typeflag != USTAR_DIRECTORY)
return "unimplemented file type";
if (h->typeflag == USTAR_REGULAR)
{
if (!parse_octal_field (h->size, sizeof h->size, &size_ul))
return "corrupt file size field";
else if (size_ul > INT_MAX)
return "file too large";
}
else
size_ul = 0;
/* Success. */
*file_name = strip_antisocial_prefixes (h->name);
*type = h->typeflag;
*size = size_ul;
return NULL;
}
|
