GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: bin/pax/tar.c Lines: 253 453 55.8 %
Date: 2017-11-13 Branches: 132 326 40.5 %

Line Branch Exec Source
1
/*	$OpenBSD: tar.c,v 1.66 2017/09/16 07:42:34 otto Exp $	*/
2
/*	$NetBSD: tar.c,v 1.5 1995/03/21 09:07:49 cgd Exp $	*/
3
4
/*-
5
 * Copyright (c) 1992 Keith Muller.
6
 * Copyright (c) 1992, 1993
7
 *	The Regents of the University of California.  All rights reserved.
8
 *
9
 * This code is derived from software contributed to Berkeley by
10
 * Keith Muller of the University of California, San Diego.
11
 *
12
 * Redistribution and use in source and binary forms, with or without
13
 * modification, are permitted provided that the following conditions
14
 * are met:
15
 * 1. Redistributions of source code must retain the above copyright
16
 *    notice, this list of conditions and the following disclaimer.
17
 * 2. Redistributions in binary form must reproduce the above copyright
18
 *    notice, this list of conditions and the following disclaimer in the
19
 *    documentation and/or other materials provided with the distribution.
20
 * 3. Neither the name of the University nor the names of its contributors
21
 *    may be used to endorse or promote products derived from this software
22
 *    without specific prior written permission.
23
 *
24
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
25
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
26
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
27
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
28
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
29
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
30
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
32
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
33
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34
 * SUCH DAMAGE.
35
 */
36
37
#include <sys/types.h>
38
#include <sys/stat.h>
39
#include <ctype.h>
40
#include <errno.h>
41
#include <grp.h>
42
#include <limits.h>
43
#include <pwd.h>
44
#include <stdio.h>
45
#include <stdlib.h>
46
#include <string.h>
47
#include <unistd.h>
48
49
#include "pax.h"
50
#include "extern.h"
51
#include "tar.h"
52
53
/*
54
 * Routines for reading, writing and header identify of various versions of tar
55
 */
56
57
static size_t expandname(char *, size_t, char **, const char *, size_t);
58
static u_long tar_chksm(char *, int);
59
static char *name_split(char *, int);
60
static int ul_oct(u_long, char *, int, int);
61
static int ull_oct(unsigned long long, char *, int, int);
62
#ifndef SMALL
63
static int rd_xheader(ARCHD *arcn, int, off_t);
64
#endif
65
66
static uid_t uid_nobody;
67
static uid_t uid_warn;
68
static gid_t gid_nobody;
69
static gid_t gid_warn;
70
71
/*
72
 * Routines common to all versions of tar
73
 */
74
75
int tar_nodir;				/* do not write dirs under old tar */
76
char *gnu_name_string;			/* GNU ././@LongLink hackery name */
77
char *gnu_link_string;			/* GNU ././@LongLink hackery link */
78
79
/*
80
 * tar_endwr()
81
 *	add the tar trailer of two null blocks
82
 * Return:
83
 *	0 if ok, -1 otherwise (what wr_skip returns)
84
 */
85
86
int
87
tar_endwr(void)
88
{
89
68
	return wr_skip(NULLCNT * BLKMULT);
90
}
91
92
/*
93
 * tar_endrd()
94
 *	no cleanup needed here, just return size of trailer (for append)
95
 * Return:
96
 *	size of trailer (2 * BLKMULT)
97
 */
98
99
off_t
100
tar_endrd(void)
101
{
102
156
	return NULLCNT * BLKMULT;
103
}
104
105
/*
106
 * tar_trail()
107
 *	Called to determine if a header block is a valid trailer. We are passed
108
 *	the block, the in_sync flag (which tells us we are in resync mode;
109
 *	looking for a valid header), and cnt (which starts at zero) which is
110
 *	used to count the number of empty blocks we have seen so far.
111
 * Return:
112
 *	0 if a valid trailer, -1 if not a valid trailer, or 1 if the block
113
 *	could never contain a header.
114
 */
115
116
int
117
tar_trail(ARCHD *ignore, char *buf, int in_resync, int *cnt)
118
{
119
	int i;
120
121
	/*
122
	 * look for all zero, trailer is two consecutive blocks of zero
123
	 */
124
147888
	for (i = 0; i < BLKMULT; ++i) {
125
73728
		if (buf[i] != '\0')
126
			break;
127
	}
128
129
	/*
130
	 * if not all zero it is not a trailer, but MIGHT be a header.
131
	 */
132
144
	if (i != BLKMULT)
133
		return(-1);
134
135
	/*
136
	 * When given a zero block, we must be careful!
137
	 * If we are not in resync mode, check for the trailer. Have to watch
138
	 * out that we do not mis-identify file data as the trailer, so we do
139
	 * NOT try to id a trailer during resync mode. During resync mode we
140
	 * might as well throw this block out since a valid header can NEVER be
141
	 * a block of all 0 (we must have a valid file name).
142
	 */
143

288
	if (!in_resync && (++*cnt >= NULLCNT))
144
72
		return(0);
145
72
	return(1);
146
144
}
147
148
/*
149
 * ul_oct()
150
 *	convert an unsigned long to an octal string. many oddball field
151
 *	termination characters are used by the various versions of tar in the
152
 *	different fields. term selects which kind to use. str is '0' padded
153
 *	at the front to len. we are unable to use only one format as many old
154
 *	tar readers are very cranky about this.
155
 * Return:
156
 *	0 if the number fit into the string, -1 otherwise
157
 */
158
159
static int
160
ul_oct(u_long val, char *str, int len, int term)
161
{
162
	char *pt;
163
164
	/*
165
	 * term selects the appropriate character(s) for the end of the string
166
	 */
167
960
	pt = str + len - 1;
168

480
	switch (term) {
169
	case 3:
170
330
		*pt-- = '\0';
171
330
		break;
172
	case 2:
173
		*pt-- = ' ';
174
		*pt-- = '\0';
175
		break;
176
	case 1:
177
24
		*pt-- = ' ';
178
24
		break;
179
	case 0:
180
	default:
181
126
		*pt-- = '\0';
182
126
		*pt-- = ' ';
183
126
		break;
184
	}
185
186
	/*
187
	 * convert and blank pad if there is space
188
	 */
189
3164
	while (pt >= str) {
190
1582
		*pt-- = '0' + (char)(val & 0x7);
191
1582
		val >>= 3;
192
1582
		if (val == 0)
193
			break;
194
	}
195
196
4488
	while (pt >= str)
197
1764
		*pt-- = '0';
198
480
	if (val != 0)
199
		return(-1);
200
480
	return(0);
201
480
}
202
203
/*
204
 * ull_oct()
205
 *	Convert an unsigned long long to an octal string.  One of many oddball
206
 *	field termination characters are used by the various versions of tar
207
 *	in the different fields.  term selects which kind to use.  str is
208
 *	'0' padded at the front to len.  We are unable to use only one format
209
 *	as many old tar readers are very cranky about this.
210
 * Return:
211
 *	0 if the number fit into the string, -1 otherwise
212
 */
213
214
static int
215
ull_oct(unsigned long long val, char *str, int len, int term)
216
{
217
	char *pt;
218
219
	/*
220
	 * term selects the appropriate character(s) for the end of the string
221
	 */
222
396
	pt = str + len - 1;
223

198
	switch (term) {
224
	case 3:
225
138
		*pt-- = '\0';
226
138
		break;
227
	case 2:
228
		*pt-- = ' ';
229
		*pt-- = '\0';
230
		break;
231
	case 1:
232
60
		*pt-- = ' ';
233
60
		break;
234
	case 0:
235
	default:
236
		*pt-- = '\0';
237
		*pt-- = ' ';
238
		break;
239
	}
240
241
	/*
242
	 * convert and blank pad if there is space
243
	 */
244
2862
	while (pt >= str) {
245
1431
		*pt-- = '0' + (char)(val & 0x7);
246
1431
		val >>= 3;
247
1431
		if (val == 0)
248
			break;
249
	}
250
251
1890
	while (pt >= str)
252
747
		*pt-- = '0';
253
198
	if (val != 0)
254
		return(-1);
255
198
	return(0);
256
198
}
257
258
/*
259
 * tar_chksm()
260
 *	calculate the checksum for a tar block counting the checksum field as
261
 *	all blanks (BLNKSUM is that value pre-calculated, the sum of 8 blanks).
262
 *	NOTE: we use len to short circuit summing 0's on write since we ALWAYS
263
 *	pad headers with 0.
264
 * Return:
265
 *	unsigned long checksum
266
 */
267
268
static u_long
269
tar_chksm(char *blk, int len)
270
{
271
	char *stop;
272
	char *pt;
273
	u_long chksm = BLNKSUM;	/* initial value is checksum field sum */
274
275
	/*
276
	 * add the part of the block before the checksum field
277
	 */
278
	pt = blk;
279
1102
	stop = blk + CHK_OFFSET;
280
164198
	while (pt < stop)
281
81548
		chksm += (u_long)(*pt++ & 0xff);
282
	/*
283
	 * move past the checksum field and keep going, spec counts the
284
	 * checksum field as the sum of 8 blanks (which is pre-computed as
285
	 * BLNKSUM).
286
	 * ASSUMED: len is greater than CHK_OFFSET. (len is where our 0 padding
287
	 * starts, no point in summing zero's)
288
	 */
289
551
	pt += CHK_LEN;
290
551
	stop = blk + len;
291
370290
	while (pt < stop)
292
184594
		chksm += (u_long)(*pt++ & 0xff);
293
551
	return(chksm);
294
}
295
296
/*
297
 * Routines for old BSD style tar (also made portable to sysV tar)
298
 */
299
300
/*
301
 * tar_id()
302
 *	determine if a block given to us is a valid tar header (and not a USTAR
303
 *	header). We have to be on the lookout for those pesky blocks of	all
304
 *	zero's.
305
 * Return:
306
 *	0 if a tar header, -1 otherwise
307
 */
308
309
int
310
tar_id(char *blk, int size)
311
{
312
	HD_TAR *hd;
313
	HD_USTAR *uhd;
314
315
240
	if (size < BLKMULT)
316
		return(-1);
317
120
	hd = (HD_TAR *)blk;
318
120
	uhd = (HD_USTAR *)blk;
319
320
	/*
321
	 * check for block of zero's first, a simple and fast test, then make
322
	 * sure this is not a ustar header by looking for the ustar magic
323
	 * cookie. We should use TMAGLEN, but some USTAR archive programs are
324
	 * wrong and create archives missing the \0. Last we check the
325
	 * checksum. If this is ok we have to assume it is a valid header.
326
	 */
327
120
	if (hd->name[0] == '\0')
328
24
		return(-1);
329
96
	if (strncmp(uhd->magic, TMAGIC, TMAGLEN - 1) == 0)
330
		return(-1);
331
96
	if (asc_ul(hd->chksum,sizeof(hd->chksum),OCT) != tar_chksm(blk,BLKMULT))
332
		return(-1);
333
96
	force_one_volume = 1;
334
96
	return(0);
335
120
}
336
337
/*
338
 * tar_opt()
339
 *	handle tar format specific -o options
340
 * Return:
341
 *	0 if ok -1 otherwise
342
 */
343
344
int
345
tar_opt(void)
346
{
347
	OPLIST *opt;
348
349
282
	while ((opt = opt_next()) != NULL) {
350
		if (strcmp(opt->name, TAR_OPTION) ||
351
		    strcmp(opt->value, TAR_NODIR)) {
352
			paxwarn(1, "Unknown tar format -o option/value pair %s=%s",
353
			    opt->name, opt->value);
354
			paxwarn(1,"%s=%s is the only supported tar format option",
355
			    TAR_OPTION, TAR_NODIR);
356
			return(-1);
357
		}
358
359
		/*
360
		 * we only support one option, and only when writing
361
		 */
362
		if ((act != APPND) && (act != ARCHIVE)) {
363
			paxwarn(1, "%s=%s is only supported when writing.",
364
			    opt->name, opt->value);
365
			return(-1);
366
		}
367
		tar_nodir = 1;
368
	}
369
94
	return(0);
370
94
}
371
372
373
/*
374
 * tar_rd()
375
 *	extract the values out of block already determined to be a tar header.
376
 *	store the values in the ARCHD parameter.
377
 * Return:
378
 *	0
379
 */
380
381
int
382
tar_rd(ARCHD *arcn, char *buf)
383
{
384
	HD_TAR *hd;
385
	unsigned long long val;
386
	char *pt;
387
388
	/*
389
	 * we only get proper sized buffers passed to us
390
	 */
391
216
	if (tar_id(buf, BLKMULT) < 0)
392
24
		return(-1);
393
84
	memset(arcn, 0, sizeof(*arcn));
394
84
	arcn->org_name = arcn->name;
395
84
	arcn->sb.st_nlink = 1;
396
397
	/*
398
	 * copy out the name and values in the stat buffer
399
	 */
400
84
	hd = (HD_TAR *)buf;
401

168
	if (hd->linkflag != LONGLINKTYPE && hd->linkflag != LONGNAMETYPE) {
402
84
		arcn->nlen = expandname(arcn->name, sizeof(arcn->name),
403
84
		    &gnu_name_string, hd->name, sizeof(hd->name));
404
168
		arcn->ln_nlen = expandname(arcn->ln_name, sizeof(arcn->ln_name),
405
84
		    &gnu_link_string, hd->linkname, sizeof(hd->linkname));
406
84
	}
407
84
	arcn->sb.st_mode = (mode_t)(asc_ul(hd->mode,sizeof(hd->mode),OCT) &
408
	    0xfff);
409
84
	arcn->sb.st_uid = (uid_t)asc_ul(hd->uid, sizeof(hd->uid), OCT);
410
84
	arcn->sb.st_gid = (gid_t)asc_ul(hd->gid, sizeof(hd->gid), OCT);
411
84
	arcn->sb.st_size = (off_t)asc_ull(hd->size, sizeof(hd->size), OCT);
412
84
	val = asc_ull(hd->mtime, sizeof(hd->mtime), OCT);
413
84
	if (val > MAX_TIME_T)
414
		arcn->sb.st_mtime = INT_MAX;                    /* XXX 2038 */
415
	else
416
		arcn->sb.st_mtime = val;
417
84
	arcn->sb.st_ctime = arcn->sb.st_atime = arcn->sb.st_mtime;
418
419
	/*
420
	 * have to look at the last character, it may be a '/' and that is used
421
	 * to encode this as a directory
422
	 */
423
84
	pt = &(arcn->name[arcn->nlen - 1]);
424
84
	arcn->pad = 0;
425
84
	arcn->skip = 0;
426

84
	switch (hd->linkflag) {
427
	case SYMTYPE:
428
		/*
429
		 * symbolic link, need to get the link name and set the type in
430
		 * the st_mode so -v printing will look correct.
431
		 */
432
		arcn->type = PAX_SLK;
433
		arcn->sb.st_mode |= S_IFLNK;
434
		break;
435
	case LNKTYPE:
436
		/*
437
		 * hard link, need to get the link name, set the type in the
438
		 * st_mode and st_nlink so -v printing will look better.
439
		 */
440
24
		arcn->type = PAX_HLK;
441
24
		arcn->sb.st_nlink = 2;
442
443
		/*
444
		 * no idea of what type this thing really points at, but
445
		 * we set something for printing only.
446
		 */
447
24
		arcn->sb.st_mode |= S_IFREG;
448
24
		break;
449
	case LONGLINKTYPE:
450
	case LONGNAMETYPE:
451
		/*
452
		 * GNU long link/file; we tag these here and let the
453
		 * pax internals deal with it -- too ugly otherwise.
454
		 */
455
		arcn->type =
456
		    hd->linkflag == LONGLINKTYPE ? PAX_GLL : PAX_GLF;
457
		arcn->pad = TAR_PAD(arcn->sb.st_size);
458
		arcn->skip = arcn->sb.st_size;
459
		break;
460
	case DIRTYPE:
461
		/*
462
		 * It is a directory, set the mode for -v printing
463
		 */
464
12
		arcn->type = PAX_DIR;
465
12
		arcn->sb.st_mode |= S_IFDIR;
466
12
		arcn->sb.st_nlink = 2;
467
12
		break;
468
	case AREGTYPE:
469
	case REGTYPE:
470
	default:
471
		/*
472
		 * If we have a trailing / this is a directory and NOT a file.
473
		 */
474
48
		arcn->ln_name[0] = '\0';
475
48
		arcn->ln_nlen = 0;
476
48
		if (*pt == '/') {
477
			/*
478
			 * it is a directory, set the mode for -v printing
479
			 */
480
12
			arcn->type = PAX_DIR;
481
12
			arcn->sb.st_mode |= S_IFDIR;
482
12
			arcn->sb.st_nlink = 2;
483
12
		} else {
484
			/*
485
			 * have a file that will be followed by data. Set the
486
			 * skip value to the size field and calculate the size
487
			 * of the padding.
488
			 */
489
36
			arcn->type = PAX_REG;
490
36
			arcn->sb.st_mode |= S_IFREG;
491
36
			arcn->pad = TAR_PAD(arcn->sb.st_size);
492
36
			arcn->skip = arcn->sb.st_size;
493
		}
494
		break;
495
	}
496
497
	/*
498
	 * strip off any trailing slash.
499
	 */
500
84
	if (*pt == '/') {
501
24
		*pt = '\0';
502
24
		--arcn->nlen;
503
24
	}
504
84
	return(0);
505
108
}
506
507
/*
508
 * tar_wr()
509
 *	write a tar header for the file specified in the ARCHD to the archive.
510
 *	Have to check for file types that cannot be stored and file names that
511
 *	are too long. Be careful of the term (last arg) to ul_oct, each field
512
 *	of tar has it own spec for the termination character(s).
513
 *	ASSUMED: space after header in header block is zero filled
514
 * Return:
515
 *	0 if file has data to be written after the header, 1 if file has NO
516
 *	data to write after the header, -1 if archive write failed
517
 */
518
519
int
520
tar_wr(ARCHD *arcn)
521
{
522
	HD_TAR *hd;
523
	int len;
524
108
	char hdblk[sizeof(HD_TAR)];
525
526
	/*
527
	 * check for those file system types which tar cannot store
528
	 */
529


66
	switch (arcn->type) {
530
	case PAX_DIR:
531
		/*
532
		 * user asked that dirs not be written to the archive
533
		 */
534
12
		if (tar_nodir)
535
			return(1);
536
		break;
537
	case PAX_CHR:
538
		paxwarn(1, "Tar cannot archive a character device %s",
539
		    arcn->org_name);
540
		return(1);
541
	case PAX_BLK:
542
		paxwarn(1, "Tar cannot archive a block device %s", arcn->org_name);
543
		return(1);
544
	case PAX_SCK:
545
		paxwarn(1, "Tar cannot archive a socket %s", arcn->org_name);
546
		return(1);
547
	case PAX_FIF:
548
		paxwarn(1, "Tar cannot archive a fifo %s", arcn->org_name);
549
		return(1);
550
	case PAX_SLK:
551
	case PAX_HLK:
552
	case PAX_HRG:
553
12
		if ((size_t)arcn->ln_nlen > sizeof(hd->linkname)) {
554
			paxwarn(1, "Link name too long for tar %s",
555
			    arcn->ln_name);
556
			return(1);
557
		}
558
		break;
559
	case PAX_REG:
560
	case PAX_CTG:
561
	default:
562
		break;
563
	}
564
565
	/*
566
	 * check file name len, remember extra char for dirs (the / at the end)
567
	 */
568
42
	len = arcn->nlen;
569
42
	if (arcn->type == PAX_DIR)
570
12
		++len;
571
42
	if ((size_t)len > sizeof(hd->name)) {
572
		paxwarn(1, "File name too long for tar %s", arcn->name);
573
		return(1);
574
	}
575
576
	/*
577
	 * Copy the data out of the ARCHD into the tar header based on the type
578
	 * of the file. Remember, many tar readers want all fields to be
579
	 * padded with zero so we zero the header first.  We then set the
580
	 * linkflag field (type), the linkname, the size, and set the padding
581
	 * (if any) to be added after the file data (0 for all other types,
582
	 * as they only have a header).
583
	 */
584
42
	memset(hdblk, 0, sizeof(hdblk));
585
42
	hd = (HD_TAR *)hdblk;
586
42
	fieldcpy(hd->name, sizeof(hd->name), arcn->name, sizeof(arcn->name));
587
42
	arcn->pad = 0;
588
589
42
	if (arcn->type == PAX_DIR) {
590
		/*
591
		 * directories are the same as files, except have a filename
592
		 * that ends with a /, we add the slash here. No data follows
593
		 * dirs, so no pad.
594
		 */
595
12
		hd->linkflag = AREGTYPE;
596
12
		hd->name[len-1] = '/';
597
12
		if (ul_oct(0, hd->size, sizeof(hd->size), 1))
598
			goto out;
599
30
	} else if (arcn->type == PAX_SLK) {
600
		/*
601
		 * no data follows this file, so no pad
602
		 */
603
		hd->linkflag = SYMTYPE;
604
		fieldcpy(hd->linkname, sizeof(hd->linkname), arcn->ln_name,
605
		    sizeof(arcn->ln_name));
606
		if (ul_oct(0, hd->size, sizeof(hd->size), 1))
607
			goto out;
608

60
	} else if (PAX_IS_HARDLINK(arcn->type)) {
609
		/*
610
		 * no data follows this file, so no pad
611
		 */
612
12
		hd->linkflag = LNKTYPE;
613
12
		fieldcpy(hd->linkname, sizeof(hd->linkname), arcn->ln_name,
614
		    sizeof(arcn->ln_name));
615
12
		if (ul_oct(0, hd->size, sizeof(hd->size), 1))
616
			goto out;
617
	} else {
618
		/*
619
		 * data follows this file, so set the pad
620
		 */
621
18
		hd->linkflag = AREGTYPE;
622
18
		if (ull_oct(arcn->sb.st_size, hd->size, sizeof(hd->size), 1)) {
623
			paxwarn(1, "File is too large for tar %s",
624
			    arcn->org_name);
625
			return(1);
626
		}
627
18
		arcn->pad = TAR_PAD(arcn->sb.st_size);
628
	}
629
630
	/*
631
	 * copy those fields that are independent of the type
632
	 */
633

84
	if (ul_oct(arcn->sb.st_mode, hd->mode, sizeof(hd->mode), 0) ||
634
126
	    ull_oct(arcn->sb.st_mtime < 0 ? 0 : arcn->sb.st_mtime, hd->mtime,
635
42
		sizeof(hd->mtime), 1) ||
636
42
	    ul_oct(arcn->sb.st_uid, hd->uid, sizeof(hd->uid), 0) ||
637
42
	    ul_oct(arcn->sb.st_gid, hd->gid, sizeof(hd->gid), 0))
638
		goto out;
639
640
	/*
641
	 * calculate and add the checksum, then write the header. A return of
642
	 * 0 tells the caller to now write the file data, 1 says no data needs
643
	 * to be written
644
	 */
645
42
	if (ul_oct(tar_chksm(hdblk, sizeof(HD_TAR)), hd->chksum,
646
	    sizeof(hd->chksum), 3))
647
		goto out;
648
42
	if (wr_rdbuf(hdblk, sizeof(HD_TAR)) < 0)
649
		return(-1);
650
42
	if (wr_skip(BLKMULT - sizeof(HD_TAR)) < 0)
651
		return(-1);
652

66
	if (PAX_IS_REG(arcn->type))
653
18
		return(0);
654
24
	return(1);
655
656
    out:
657
	/*
658
	 * header field is out of range
659
	 */
660
	paxwarn(1, "Tar header field is too small for %s", arcn->org_name);
661
	return(1);
662
42
}
663
664
/*
665
 * Routines for POSIX ustar
666
 */
667
668
/*
669
 * ustar_strd()
670
 *	initialization for ustar read
671
 * Return:
672
 *	0 if ok, -1 otherwise
673
 */
674
675
int
676
ustar_strd(void)
677
{
678

198
	if ((usrtb_start() < 0) || (grptb_start() < 0))
679
		return(-1);
680
66
	return(0);
681
66
}
682
683
/*
684
 * ustar_id()
685
 *	determine if a block given to us is a valid ustar header. We have to
686
 *	be on the lookout for those pesky blocks of all zero's
687
 * Return:
688
 *	0 if a ustar header, -1 otherwise
689
 */
690
691
int
692
ustar_id(char *blk, int size)
693
{
694
	HD_USTAR *hd;
695
696
948
	if (size < BLKMULT)
697
		return(-1);
698
474
	hd = (HD_USTAR *)blk;
699
700
	/*
701
	 * check for block of zero's first, a simple and fast test then check
702
	 * ustar magic cookie. We should use TMAGLEN, but some USTAR archive
703
	 * programs are fouled up and create archives missing the \0. Last we
704
	 * check the checksum. If ok we have to assume it is a valid header.
705
	 */
706

756
	if (hd->prefix[0] == '\0' && hd->name[0] == '\0')
707
120
		return(-1);
708
354
	if (strncmp(hd->magic, TMAGIC, TMAGLEN - 1) != 0)
709
12
		return(-1);
710
342
	if (asc_ul(hd->chksum,sizeof(hd->chksum),OCT) != tar_chksm(blk,BLKMULT))
711
		return(-1);
712
342
	return(0);
713
474
}
714
715
/*
716
 * ustar_rd()
717
 *	extract the values out of block already determined to be a ustar header.
718
 *	store the values in the ARCHD parameter.
719
 * Return:
720
 *	0
721
 */
722
723
int
724
ustar_rd(ARCHD *arcn, char *buf)
725
{
726
792
	HD_USTAR *hd = (HD_USTAR *)buf;
727
	char *dest;
728
	int cnt = 0;
729
	dev_t devmajor;
730
	dev_t devminor;
731
	unsigned long long val;
732
733
	/*
734
	 * we only get proper sized buffers
735
	 */
736
672
	if (ustar_id(buf, BLKMULT) < 0)
737
120
		return(-1);
738
739
#ifndef SMALL
740
reset:
741
#endif
742
276
	memset(arcn, 0, sizeof(*arcn));
743
276
	arcn->org_name = arcn->name;
744
276
	arcn->sb.st_nlink = 1;
745
746
#ifndef SMALL
747
	/* Process Extended headers. */
748

552
	if (hd->typeflag == XHDRTYPE || hd->typeflag == GHDRTYPE) {
749
		if (rd_xheader(arcn, hd->typeflag == GHDRTYPE,
750
		    (off_t)asc_ul(hd->size, sizeof(hd->size), OCT)) < 0)
751
			return (-1);
752
753
		/* Update and check the ustar header. */
754
		if (rd_wrbuf(buf, BLKMULT) != BLKMULT)
755
			return (-1);
756
		if (ustar_id(buf, BLKMULT) < 0)
757
			return(-1);
758
759
		/* if the next block is another extension, reset the values */
760
		if (hd->typeflag == XHDRTYPE || hd->typeflag == GHDRTYPE)
761
			goto reset;
762
	}
763
#endif
764
765
276
	if (!arcn->nlen) {
766
		/*
767
		 * See if the filename is split into two parts. if, so join
768
		 * the parts.  We copy the prefix first and add a / between
769
		 * the prefix and name.
770
		 */
771
		dest = arcn->name;
772
276
		if (*(hd->prefix) != '\0') {
773
180
			cnt = fieldcpy(dest, sizeof(arcn->name) - 1,
774
			    hd->prefix, sizeof(hd->prefix));
775
180
			dest += cnt;
776
180
			*dest++ = '/';
777
180
			cnt++;
778
180
		} else
779
			cnt = 0;
780
781

552
		if (hd->typeflag != LONGLINKTYPE &&
782
276
		    hd->typeflag != LONGNAMETYPE) {
783
552
			arcn->nlen = cnt + expandname(dest,
784
276
			    sizeof(arcn->name) - cnt, &gnu_name_string,
785
276
			    hd->name, sizeof(hd->name));
786
276
		}
787
	}
788
789

552
	if (!arcn->ln_nlen &&
790
552
	    hd->typeflag != LONGLINKTYPE && hd->typeflag != LONGNAMETYPE) {
791
552
		arcn->ln_nlen = expandname(arcn->ln_name, sizeof(arcn->ln_name),
792
276
		    &gnu_link_string, hd->linkname, sizeof(hd->linkname));
793
276
	}
794
795
	/*
796
	 * follow the spec to the letter. we should only have mode bits, strip
797
	 * off all other crud we may be passed.
798
	 */
799
276
	arcn->sb.st_mode = (mode_t)(asc_ul(hd->mode, sizeof(hd->mode), OCT) &
800
	    0xfff);
801
276
	arcn->sb.st_size = (off_t)asc_ull(hd->size, sizeof(hd->size), OCT);
802
276
	val = asc_ull(hd->mtime, sizeof(hd->mtime), OCT);
803
276
	if (val > MAX_TIME_T)
804
		arcn->sb.st_mtime = INT_MAX;                    /* XXX 2038 */
805
	else
806
		arcn->sb.st_mtime = val;
807
276
	arcn->sb.st_ctime = arcn->sb.st_atime = arcn->sb.st_mtime;
808
809
	/*
810
	 * If we can find the ascii names for gname and uname in the password
811
	 * and group files we will use the uid's and gid they bind. Otherwise
812
	 * we use the uid and gid values stored in the header. (This is what
813
	 * the posix spec wants).
814
	 */
815
276
	hd->gname[sizeof(hd->gname) - 1] = '\0';
816

552
	if (Nflag || gid_name(hd->gname, &(arcn->sb.st_gid)) < 0)
817
216
		arcn->sb.st_gid = (gid_t)asc_ul(hd->gid, sizeof(hd->gid), OCT);
818
276
	hd->uname[sizeof(hd->uname) - 1] = '\0';
819

552
	if (Nflag || uid_name(hd->uname, &(arcn->sb.st_uid)) < 0)
820
216
		arcn->sb.st_uid = (uid_t)asc_ul(hd->uid, sizeof(hd->uid), OCT);
821
822
	/*
823
	 * set the defaults, these may be changed depending on the file type
824
	 */
825
276
	arcn->pad = 0;
826
276
	arcn->skip = 0;
827
276
	arcn->sb.st_rdev = (dev_t)0;
828
829
	/*
830
	 * set the mode and PAX type according to the typeflag in the header
831
	 */
832


276
	switch (hd->typeflag) {
833
	case FIFOTYPE:
834
		arcn->type = PAX_FIF;
835
		arcn->sb.st_mode |= S_IFIFO;
836
		break;
837
	case DIRTYPE:
838
60
		arcn->type = PAX_DIR;
839
60
		arcn->sb.st_mode |= S_IFDIR;
840
60
		arcn->sb.st_nlink = 2;
841
842
		/*
843
		 * Some programs that create ustar archives append a '/'
844
		 * to the pathname for directories. This clearly violates
845
		 * ustar specs, but we will silently strip it off anyway.
846
		 */
847
60
		if (arcn->name[arcn->nlen - 1] == '/')
848
48
			arcn->name[--arcn->nlen] = '\0';
849
		break;
850
	case BLKTYPE:
851
	case CHRTYPE:
852
		/*
853
		 * this type requires the rdev field to be set.
854
		 */
855
		if (hd->typeflag == BLKTYPE) {
856
			arcn->type = PAX_BLK;
857
			arcn->sb.st_mode |= S_IFBLK;
858
		} else {
859
			arcn->type = PAX_CHR;
860
			arcn->sb.st_mode |= S_IFCHR;
861
		}
862
		devmajor = (dev_t)asc_ul(hd->devmajor,sizeof(hd->devmajor),OCT);
863
		devminor = (dev_t)asc_ul(hd->devminor,sizeof(hd->devminor),OCT);
864
		arcn->sb.st_rdev = TODEV(devmajor, devminor);
865
		break;
866
	case SYMTYPE:
867
	case LNKTYPE:
868
		if (hd->typeflag == SYMTYPE) {
869
			arcn->type = PAX_SLK;
870
			arcn->sb.st_mode |= S_IFLNK;
871
		} else {
872
			arcn->type = PAX_HLK;
873
			/*
874
			 * so printing looks better
875
			 */
876
			arcn->sb.st_mode |= S_IFREG;
877
			arcn->sb.st_nlink = 2;
878
		}
879
		break;
880
	case LONGLINKTYPE:
881
	case LONGNAMETYPE:
882
		/*
883
		 * GNU long link/file; we tag these here and let the
884
		 * pax internals deal with it -- too ugly otherwise.
885
		 */
886
		arcn->type =
887
		    hd->typeflag == LONGLINKTYPE ? PAX_GLL : PAX_GLF;
888
		arcn->pad = TAR_PAD(arcn->sb.st_size);
889
		arcn->skip = arcn->sb.st_size;
890
		break;
891
	case CONTTYPE:
892
	case AREGTYPE:
893
	case REGTYPE:
894
	default:
895
		/*
896
		 * these types have file data that follows. Set the skip and
897
		 * pad fields.
898
		 */
899
216
		arcn->type = PAX_REG;
900
216
		arcn->pad = TAR_PAD(arcn->sb.st_size);
901
216
		arcn->skip = arcn->sb.st_size;
902
216
		arcn->sb.st_mode |= S_IFREG;
903
216
		break;
904
	}
905
276
	return(0);
906
396
}
907
908
/*
909
 * ustar_wr()
910
 *	write a ustar header for the file specified in the ARCHD to the archive
911
 *	Have to check for file types that cannot be stored and file names that
912
 *	are too long. Be careful of the term (last arg) to ul_oct, we only use
913
 *	'\0' for the termination character (this is different than picky tar)
914
 *	ASSUMED: space after header in header block is zero filled
915
 * Return:
916
 *	0 if file has data to be written after the header, 1 if file has NO
917
 *	data to write after the header, -1 if archive write failed
918
 */
919
920
int
921
ustar_wr(ARCHD *arcn)
922
{
923
	HD_USTAR *hd;
924
	char *pt, *name;
925
142
	char hdblk[sizeof(HD_USTAR)];
926
927
	/*
928
	 * check for those file system types ustar cannot store
929
	 */
930
71
	if (arcn->type == PAX_SCK) {
931
		paxwarn(1, "Ustar cannot archive a socket %s", arcn->org_name);
932
		return(1);
933
	}
934
935
	/*
936
	 * user asked that dirs not be written to the archive
937
	 */
938
71
	if (arcn->type == PAX_DIR && tar_nodir)
939
		return (1);
940
941
	/*
942
	 * check the length of the linkname
943
	 */
944


213
	if (PAX_IS_LINK(arcn->type) &&
945
	    ((size_t)arcn->ln_nlen > sizeof(hd->linkname))) {
946
		paxwarn(1, "Link name too long for ustar %s", arcn->ln_name);
947
		return(1);
948
	}
949
950
	/*
951
	 * split the path name into prefix and name fields (if needed). if
952
	 * pt != arcn->name, the name has to be split
953
	 */
954
71
	if ((pt = name_split(arcn->name, arcn->nlen)) == NULL) {
955
		paxwarn(1, "File name too long for ustar %s", arcn->name);
956
		return(1);
957
	}
958
959
	/*
960
	 * zero out the header so we don't have to worry about zero fill below
961
	 */
962
71
	memset(hdblk, 0, sizeof(hdblk));
963
71
	hd = (HD_USTAR *)hdblk;
964
71
	arcn->pad = 0;
965
966
	/*
967
	 * split the name, or zero out the prefix
968
	 */
969
71
	if (pt != arcn->name) {
970
		/*
971
		 * name was split, pt points at the / where the split is to
972
		 * occur, we remove the / and copy the first part to the prefix
973
		 */
974
		*pt = '\0';
975
		fieldcpy(hd->prefix, sizeof(hd->prefix), arcn->name,
976
		    sizeof(arcn->name));
977
		*pt++ = '/';
978
	}
979
980
	/*
981
	 * copy the name part. this may be the whole path or the part after
982
	 * the prefix
983
	 */
984
142
	fieldcpy(hd->name, sizeof(hd->name), pt,
985
71
	    sizeof(arcn->name) - (pt - arcn->name));
986
987
	/*
988
	 * set the fields in the header that are type dependent
989
	 */
990


71
	switch (arcn->type) {
991
	case PAX_DIR:
992
4
		hd->typeflag = DIRTYPE;
993
4
		if (ul_oct(0, hd->size, sizeof(hd->size), 3))
994
			goto out;
995
		break;
996
	case PAX_CHR:
997
	case PAX_BLK:
998
		if (arcn->type == PAX_CHR)
999
			hd->typeflag = CHRTYPE;
1000
		else
1001
			hd->typeflag = BLKTYPE;
1002
		if (ul_oct(MAJOR(arcn->sb.st_rdev), hd->devmajor,
1003
		   sizeof(hd->devmajor), 3) ||
1004
		   ul_oct(MINOR(arcn->sb.st_rdev), hd->devminor,
1005
		   sizeof(hd->devminor), 3) ||
1006
		   ul_oct(0, hd->size, sizeof(hd->size), 3))
1007
			goto out;
1008
		break;
1009
	case PAX_FIF:
1010
		hd->typeflag = FIFOTYPE;
1011
		if (ul_oct(0, hd->size, sizeof(hd->size), 3))
1012
			goto out;
1013
		break;
1014
	case PAX_SLK:
1015
	case PAX_HLK:
1016
	case PAX_HRG:
1017
		if (arcn->type == PAX_SLK)
1018
			hd->typeflag = SYMTYPE;
1019
		else
1020
			hd->typeflag = LNKTYPE;
1021
		fieldcpy(hd->linkname, sizeof(hd->linkname), arcn->ln_name,
1022
		    sizeof(arcn->ln_name));
1023
		if (ul_oct(0, hd->size, sizeof(hd->size), 3))
1024
			goto out;
1025
		break;
1026
	case PAX_REG:
1027
	case PAX_CTG:
1028
	default:
1029
		/*
1030
		 * file data with this type, set the padding
1031
		 */
1032
67
		if (arcn->type == PAX_CTG)
1033
			hd->typeflag = CONTTYPE;
1034
		else
1035
			hd->typeflag = REGTYPE;
1036
67
		arcn->pad = TAR_PAD(arcn->sb.st_size);
1037
67
		if (ull_oct(arcn->sb.st_size, hd->size, sizeof(hd->size), 3)) {
1038
			paxwarn(1, "File is too long for ustar %s",
1039
			    arcn->org_name);
1040
			return(1);
1041
		}
1042
		break;
1043
	}
1044
1045
71
	strncpy(hd->magic, TMAGIC, TMAGLEN);
1046
71
	strncpy(hd->version, TVERSION, TVERSLEN);
1047
1048
	/*
1049
	 * set the remaining fields. Some versions want all 16 bits of mode
1050
	 * we better humor them (they really do not meet spec though)....
1051
	 */
1052
71
	if (ul_oct(arcn->sb.st_uid, hd->uid, sizeof(hd->uid), 3)) {
1053
		if (uid_nobody == 0) {
1054
			if (uid_name("nobody", &uid_nobody) == -1)
1055
				goto out;
1056
		}
1057
		if (uid_warn != arcn->sb.st_uid) {
1058
			uid_warn = arcn->sb.st_uid;
1059
			paxwarn(1,
1060
			    "Ustar header field is too small for uid %lu, "
1061
			    "using nobody", (u_long)arcn->sb.st_uid);
1062
		}
1063
		if (ul_oct(uid_nobody, hd->uid, sizeof(hd->uid), 3))
1064
			goto out;
1065
	}
1066
71
	if (ul_oct(arcn->sb.st_gid, hd->gid, sizeof(hd->gid), 3)) {
1067
		if (gid_nobody == 0) {
1068
			if (gid_name("nobody", &gid_nobody) == -1)
1069
				goto out;
1070
		}
1071
		if (gid_warn != arcn->sb.st_gid) {
1072
			gid_warn = arcn->sb.st_gid;
1073
			paxwarn(1,
1074
			    "Ustar header field is too small for gid %lu, "
1075
			    "using nobody", (u_long)arcn->sb.st_gid);
1076
		}
1077
		if (ul_oct(gid_nobody, hd->gid, sizeof(hd->gid), 3))
1078
			goto out;
1079
	}
1080

284
	if (ull_oct(arcn->sb.st_mtime < 0 ? 0 : arcn->sb.st_mtime, hd->mtime,
1081
71
		sizeof(hd->mtime), 3) ||
1082
71
	    ul_oct(arcn->sb.st_mode, hd->mode, sizeof(hd->mode), 3))
1083
		goto out;
1084
71
	if (!Nflag) {
1085
71
		if ((name = user_from_uid(arcn->sb.st_uid, 1)) != NULL)
1086
71
			strncpy(hd->uname, name, sizeof(hd->uname));
1087
71
		if ((name = group_from_gid(arcn->sb.st_gid, 1)) != NULL)
1088
71
			strncpy(hd->gname, name, sizeof(hd->gname));
1089
	}
1090
1091
	/*
1092
	 * calculate and store the checksum write the header to the archive
1093
	 * return 0 tells the caller to now write the file data, 1 says no data
1094
	 * needs to be written
1095
	 */
1096
71
	if (ul_oct(tar_chksm(hdblk, sizeof(HD_USTAR)), hd->chksum,
1097
	   sizeof(hd->chksum), 3))
1098
		goto out;
1099
71
	if (wr_rdbuf(hdblk, sizeof(HD_USTAR)) < 0)
1100
		return(-1);
1101
71
	if (wr_skip(BLKMULT - sizeof(HD_USTAR)) < 0)
1102
		return(-1);
1103

75
	if (PAX_IS_REG(arcn->type))
1104
67
		return(0);
1105
4
	return(1);
1106
1107
    out:
1108
	/*
1109
	 * header field is out of range
1110
	 */
1111
	paxwarn(1, "Ustar header field is too small for %s", arcn->org_name);
1112
	return(1);
1113
71
}
1114
1115
/*
1116
 * name_split()
1117
 *	see if the name has to be split for storage in a ustar header. We try
1118
 *	to fit the entire name in the name field without splitting if we can.
1119
 *	The split point is always at a /
1120
 * Return
1121
 *	character pointer to split point (always the / that is to be removed
1122
 *	if the split is not needed, the points is set to the start of the file
1123
 *	name (it would violate the spec to split there). A NULL is returned if
1124
 *	the file name is too long
1125
 */
1126
1127
static char *
1128
name_split(char *name, int len)
1129
{
1130
	char *start;
1131
1132
	/*
1133
	 * check to see if the file name is small enough to fit in the name
1134
	 * field. if so just return a pointer to the name.
1135
	 * The strings can fill the complete name and prefix fields
1136
	 * without a NUL terminator.
1137
	 */
1138
142
	if (len <= TNMSZ)
1139
71
		return(name);
1140
	if (len > (TPFSZ + TNMSZ + 1))
1141
		return(NULL);
1142
1143
	/*
1144
	 * we start looking at the biggest sized piece that fits in the name
1145
	 * field. We walk forward looking for a slash to split at. The idea is
1146
	 * to find the biggest piece to fit in the name field (or the smallest
1147
	 * prefix we can find) (the -1 is correct the biggest piece would
1148
	 * include the slash between the two parts that gets thrown away)
1149
	 */
1150
	start = name + len - TNMSZ - 1;
1151
1152
	/*
1153
	 * the prefix may not be empty, so skip the first character when
1154
	 * trying to split a path of exactly TNMSZ+1 characters.
1155
	 * NOTE: This means the ustar format can't store /str if
1156
	 * str contains no slashes and the length of str == TNMSZ
1157
	 */
1158
	if (start == name)
1159
		++start;
1160
1161
	while ((*start != '\0') && (*start != '/'))
1162
		++start;
1163
1164
	/*
1165
	 * if we hit the end of the string, this name cannot be split, so we
1166
	 * cannot store this file.
1167
	 */
1168
	if (*start == '\0')
1169
		return(NULL);
1170
1171
	/*
1172
	 * the split point isn't valid if it results in a prefix
1173
	 * longer than TPFSZ
1174
	 */
1175
	if ((start - name) > TPFSZ)
1176
		return(NULL);
1177
1178
	/*
1179
	 * ok have a split point, return it to the caller
1180
	 */
1181
	return(start);
1182
71
}
1183
1184
static size_t
1185
expandname(char *buf, size_t len, char **gnu_name, const char *name,
1186
    size_t limit)
1187
{
1188
	size_t nlen;
1189
1190
1440
	if (*gnu_name) {
1191
		/* *gnu_name is NUL terminated */
1192
		if ((nlen = strlcpy(buf, *gnu_name, len)) >= len)
1193
			nlen = len - 1;
1194
		free(*gnu_name);
1195
		*gnu_name = NULL;
1196
	} else
1197
720
		nlen = fieldcpy(buf, len, name, limit);
1198
720
	return(nlen);
1199
}
1200
1201
#ifndef SMALL
1202
1203
/* shortest possible extended record: "5 a=\n" */
1204
#define MINXHDRSZ	5
1205
1206
/* longest record we'll accept */
1207
#define MAXXHDRSZ	BLKMULT
1208
1209
static int
1210
rd_xheader(ARCHD *arcn, int global, off_t size)
1211
{
1212
	char buf[MAXXHDRSZ];
1213
	long len;
1214
	char *delim, *keyword;
1215
	char *nextp, *p, *end;
1216
	int pad, ret = 0;
1217
1218
	/* before we alter size, make note of how much we have to skip */
1219
	pad = TAR_PAD((unsigned)size);
1220
1221
	p = end = buf;
1222
	while (size > 0 || p < end) {
1223
		if (size > 0) {
1224
			int rdlen;
1225
1226
			/* shift stuff down */
1227
			if (p > buf) {
1228
				memmove(buf, p, end - p);
1229
				end -= p - buf;
1230
				p = buf;
1231
			}
1232
1233
			/* fill starting at end */
1234
			rdlen = MINIMUM(size, (buf + sizeof buf) - end);
1235
			if (rd_wrbuf(end, rdlen) != rdlen) {
1236
				ret = -1;
1237
				break;
1238
			}
1239
			size -= rdlen;
1240
			end += rdlen;
1241
		}
1242
1243
		/* [p, end) is good */
1244
		if (memchr(p, ' ', end - p) == NULL ||
1245
		    !isdigit((unsigned char)*p)) {
1246
			paxwarn(1, "Invalid extended header record");
1247
			ret = -1;
1248
			break;
1249
		}
1250
		errno = 0;
1251
		len = strtol(p, &delim, 10);
1252
		if (*delim != ' ' || (errno == ERANGE && len == LONG_MAX) ||
1253
		    len < MINXHDRSZ) {
1254
			paxwarn(1, "Invalid extended header record length");
1255
			ret = -1;
1256
			break;
1257
		}
1258
		if (len > end - p) {
1259
			paxwarn(1, "Extended header record length %lu is "
1260
			    "out of range", len);
1261
			/* if we can just toss this record, do so */
1262
			len -= end - p;
1263
			if (len <= size && rd_skip(len) == 0) {
1264
				size -= len;
1265
				p = end = buf;
1266
				continue;
1267
			}
1268
			ret = -1;
1269
			break;
1270
		}
1271
		nextp = p + len;
1272
		keyword = p = delim + 1;
1273
		p = memchr(p, '=', len);
1274
		if (!p || nextp[-1] != '\n') {
1275
			paxwarn(1, "Malformed extended header record");
1276
			ret = -1;
1277
			break;
1278
		}
1279
		*p++ = nextp[-1] = '\0';
1280
		if (!global) {
1281
			if (!strcmp(keyword, "path")) {
1282
				arcn->nlen = strlcpy(arcn->name, p,
1283
				    sizeof(arcn->name));
1284
			} else if (!strcmp(keyword, "linkpath")) {
1285
				arcn->ln_nlen = strlcpy(arcn->ln_name, p,
1286
				    sizeof(arcn->ln_name));
1287
			}
1288
		}
1289
		p = nextp;
1290
	}
1291
1292
	if (rd_skip(size + pad) < 0)
1293
		return (-1);
1294
	return (ret);
1295
}
1296
#endif