From be54882039632c791493d3657042f7ea9d6f4a20 Mon Sep 17 00:00:00 2001 From: Ondrej Dubaj Date: Tue, 21 Sep 2021 11:42:02 +0200 Subject: [PATCH] * src/dstring.c (ds_init): Take a single argument. (ds_free): New function. (ds_resize): Take a single argument. Use x2nrealloc to expand the storage. (ds_reset,ds_append,ds_concat,ds_endswith): New function. (ds_fgetstr): Rewrite. In particular, this fixes integer overflow. (ds_resize): Take additional argument: number of bytes to leave available after ds_idx. All uses changed. * src/dstring.h (dynamic_string): Keep both the allocated length (ds_size) and index of the next free byte in the string (ds_idx). (ds_init,ds_resize): Change signature. (ds_len): New macro. (ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. * src/copyin.c: Use new ds_ functions. (read_name_from_file): Handle len == 0. (read_name_from_file): Print error message and skip file if its name is not nul-terminated. (long_format): Cast rdev numbers to unsigned long * src/copyout.c: Likewise. * src/copypass.c: Likewise. * src/util.c: Likewise. (tape_empty_output_buffer): Fix condition. * src/idcache.c (getuser,getgroup): Use umaxtostr instead of sprintf. * src/userspec.c (parse_user_spec): Likewise. --- configure.ac | 4 +- src/copyin.c | 228 ++++++++++++++++++------------------------------- src/copyout.c | 77 +++++++++-------- src/copypass.c | 34 ++++---- src/cpiohdr.h | 9 +- src/dstring.c | 89 +++++++++++++------ src/dstring.h | 30 +++---- src/extern.h | 22 +++-- src/idcache.c | 11 ++- src/makepath.c | 2 +- src/userspec.c | 9 +- src/util.c | 53 +++++++++--- 12 files changed, 294 insertions(+), 274 deletions(-) diff --git a/configure.ac b/configure.ac index c68bd44..49eaacd 100644 --- a/configure.ac +++ b/configure.ac @@ -21,8 +21,8 @@ AC_INIT([GNU cpio], [2.12], [bug-cpio@gnu.org],, AC_CONFIG_SRCDIR(src/cpio.h) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_HEADERS([config.h]) -AC_PREREQ([2.63]) -AM_INIT_AUTOMAKE([1.11.1 gnits tar-ustar dist-bzip2 std-options silent-rules]) +AC_PREREQ([2.64]) +AM_INIT_AUTOMAKE([1.15 gnits tar-ustar dist-bzip2 std-options silent-rules]) # Enable silent rules by default: AM_SILENT_RULES([yes]) diff --git a/src/copyin.c b/src/copyin.c index 267ed4b..2f9da73 100644 --- a/src/copyin.c +++ b/src/copyin.c @@ -56,10 +56,10 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, static dynamic_string new_name; /* New file name for rename option. */ static int initialized_new_name = false; if (!initialized_new_name) - { - ds_init (&new_name, 128); - initialized_new_name = true; - } + { + ds_init (&new_name); + initialized_new_name = true; + } if (rename_flag) { @@ -76,28 +76,7 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out, return -1; } else - /* Debian hack: file_hrd.c_name is sometimes set to - point to static memory by code in tar.c. This - causes a segfault. This has been fixed and an - additional check to ensure that the file name - is not too long has been added. (Reported by - Horst Knobloch.) This bug has been reported to - "bug-gnu-utils@prep.ai.mit.edu". (99/1/6) -BEM */ - { - if (archive_format != arf_tar && archive_format != arf_ustar) - { - free (file_hdr->c_name); - file_hdr->c_name = xstrdup (new_name.ds_string); - } - else - { - if (is_tar_filename_too_long (new_name.ds_string)) - error (0, 0, _("%s: file name too long"), - new_name.ds_string); - else - strcpy (file_hdr->c_name, new_name.ds_string); - } - } + cpio_set_c_name (file_hdr, new_name.ds_string); return 0; } @@ -173,10 +152,8 @@ list_file (struct cpio_file_stat* file_hdr, int in_file_des) } else { - /* Debian hack: Modified to print a list of filenames - terminiated by a null character when the -t and -0 - flags are used. This has been submitted as a - suggestion to "bug-gnu-utils@prep.ai.mit.edu". -BEM */ + /* Print out the name as it is. The name_end delimiter is normally + '\n', but can be reset to '\0' by the -0 option. */ printf ("%s%c", file_hdr->c_name, name_end); } @@ -201,7 +178,7 @@ list_file (struct cpio_file_stat* file_hdr, int in_file_des) static int try_existing_file (struct cpio_file_stat* file_hdr, int in_file_des, - int *existing_dir) + bool *existing_dir) { struct stat file_stat; @@ -344,8 +321,7 @@ create_defered_links_to_skipped (struct cpio_file_stat *file_hdr, d_prev->next = d->next; else deferments = d->next; - free (file_hdr->c_name); - file_hdr->c_name = xstrdup(d->header.c_name); + cpio_set_c_name (file_hdr, d->header.c_name); free_deferment (d); copyin_regular_file(file_hdr, in_file_des); return 0; @@ -697,7 +673,7 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des) static void copyin_file (struct cpio_file_stat *file_hdr, int in_file_des) { - int existing_dir; + bool existing_dir = false; if (!to_stdout_option && try_existing_file (file_hdr, in_file_des, &existing_dir) < 0) @@ -748,7 +724,7 @@ static time_t current_time; this file is a symbolic link to. */ void -long_format (struct cpio_file_stat *file_hdr, char *link_name) +long_format (struct cpio_file_stat *file_hdr, char const *link_name) { char mbuf[11]; char tbuf[40]; @@ -780,92 +756,42 @@ long_format (struct cpio_file_stat *file_hdr, char *link_name) if ((file_hdr->c_mode & CP_IFMT) == CP_IFCHR || (file_hdr->c_mode & CP_IFMT) == CP_IFBLK) - printf ("%3lu, %3lu ", file_hdr->c_rdev_maj, - file_hdr->c_rdev_min); + printf ("%3lu, %3lu ", + (unsigned long) file_hdr->c_rdev_maj, + (unsigned long) file_hdr->c_rdev_min); else printf ("%8"PRIuMAX" ", (uintmax_t) file_hdr->c_filesize); printf ("%s ", tbuf + 4); - print_name_with_quoting (file_hdr->c_name); + printf ("%s", quotearg (file_hdr->c_name)); if (link_name) { printf (" -> "); - print_name_with_quoting (link_name); + printf ("%s", quotearg (link_name)); } putc ('\n', stdout); } -void -print_name_with_quoting (register char *p) -{ - register unsigned char c; - - while ( (c = *p++) ) - { - switch (c) - { - case '\\': - printf ("\\\\"); - break; - - case '\n': - printf ("\\n"); - break; - - case '\b': - printf ("\\b"); - break; - - case '\r': - printf ("\\r"); - break; - - case '\t': - printf ("\\t"); - break; - - case '\f': - printf ("\\f"); - break; - - case ' ': - printf ("\\ "); - break; - - case '"': - printf ("\\\""); - break; - - default: - if (c > 040 && c < 0177) - putchar (c); - else - printf ("\\%03o", (unsigned int) c); - } - } -} - /* Read a pattern file (for the -E option). Put a list of `num_patterns' elements in `save_patterns'. Any patterns that were already in `save_patterns' (from the command line) are preserved. */ static void -read_pattern_file () +read_pattern_file (void) { - int max_new_patterns; - char **new_save_patterns; - int new_num_patterns; + char **new_save_patterns = NULL; + size_t max_new_patterns; + size_t new_num_patterns; int i; - dynamic_string pattern_name; + dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER; FILE *pattern_fp; if (num_patterns < 0) num_patterns = 0; - max_new_patterns = 1 + num_patterns; - new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *)); new_num_patterns = num_patterns; - ds_init (&pattern_name, 128); + max_new_patterns = num_patterns; + new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0])); pattern_fp = fopen (pattern_file_name, "r"); if (pattern_fp == NULL) @@ -874,16 +800,16 @@ read_pattern_file () { while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL) { - if (new_num_patterns >= max_new_patterns) - { - max_new_patterns += 1; - new_save_patterns = (char **) - xrealloc ((char *) new_save_patterns, - max_new_patterns * sizeof (char *)); - } + if (new_num_patterns == max_new_patterns) + new_save_patterns = x2nrealloc (new_save_patterns, + &max_new_patterns, + sizeof (new_save_patterns[0])); new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string); ++new_num_patterns; } + + ds_free (&pattern_name); + if (ferror (pattern_fp) || fclose (pattern_fp) == EOF) close_error (pattern_file_name); } @@ -1066,6 +992,27 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des) } } +static void +read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len) +{ + if (len == 0) + { + error (0, 0, _("malformed header: file name of zero length")); + } + else + { + cpio_realloc_c_name (file_hdr, len); + tape_buffered_read (file_hdr->c_name, fd, len); + if (file_hdr->c_name[len-1] != 0) + { + error (0, 0, _("malformed header: file name is not nul-terminated")); + /* Skip this file */ + len = 0; + } + } + file_hdr->c_namesize = len; +} + /* Fill in FILE_HDR by reading an old-format ASCII format cpio header from file descriptor IN_DES, except for the magic number, which is already filled in. */ @@ -1092,14 +1039,9 @@ read_in_old_ascii (struct cpio_file_stat *file_hdr, int in_des) file_hdr->c_rdev_min = minor (dev); file_hdr->c_mtime = FROM_OCTAL (ascii_header.c_mtime); - file_hdr->c_namesize = FROM_OCTAL (ascii_header.c_namesize); file_hdr->c_filesize = FROM_OCTAL (ascii_header.c_filesize); - /* Read file name from input. */ - if (file_hdr->c_name != NULL) - free (file_hdr->c_name); - file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize + 1); - tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); + read_name_from_file (file_hdr, in_des, FROM_OCTAL (ascii_header.c_namesize)); /* HP/UX cpio creates archives that look just like ordinary archives, but for devices it sets major = 0, minor = 1, and puts the @@ -1154,14 +1096,9 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des) file_hdr->c_dev_min = FROM_HEX (ascii_header.c_dev_min); file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj); file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min); - file_hdr->c_namesize = FROM_HEX (ascii_header.c_namesize); file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum); - /* Read file name from input. */ - if (file_hdr->c_name != NULL) - free (file_hdr->c_name); - file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize); - tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); + read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize)); /* In SVR4 ASCII format, the amount of space allocated for the header is rounded up to the next long-word, so we might need to drop @@ -1209,16 +1146,10 @@ read_in_binary (struct cpio_file_stat *file_hdr, file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev); file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16 | short_hdr->c_mtimes[1]; - - file_hdr->c_namesize = short_hdr->c_namesize; file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16 | short_hdr->c_filesizes[1]; - /* Read file name from input. */ - if (file_hdr->c_name != NULL) - free (file_hdr->c_name); - file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize); - tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize); + read_name_from_file (file_hdr, in_des, short_hdr->c_namesize); /* In binary mode, the amount of space allocated in the header for the filename is `c_namesize' rounded up to the next short-word, @@ -1278,14 +1209,14 @@ swab_array (char *ptr, int count) in the file system. */ void -process_copy_in () +process_copy_in (void) { - char done = false; /* True if trailer reached. */ FILE *tty_in = NULL; /* Interactive file for rename option. */ FILE *tty_out = NULL; /* Interactive file for rename option. */ FILE *rename_in = NULL; /* Batch file for rename option. */ struct stat file_stat; /* Output file stat record. */ - struct cpio_file_stat file_hdr; /* Output header information. */ + struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; + /* Output header information. */ int in_file_des; /* Input file descriptor. */ char skip_file; /* Flag for use with patterns. */ int i; /* Loop index variable. */ @@ -1298,8 +1229,7 @@ process_copy_in () { read_pattern_file (); } - file_hdr.c_name = NULL; - + file_hdr.c_namesize = 0; if (rename_batch_file) { rename_in = fopen (rename_batch_file, "r"); @@ -1352,7 +1282,7 @@ process_copy_in () change_dir (); /* While there is more input in the collection, process the input. */ - while (!done) + while (1) { swapping_halfwords = swapping_bytes = false; @@ -1380,30 +1310,32 @@ process_copy_in () } #endif - /* Is this the header for the TRAILER file? */ - if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0) + if (file_hdr.c_namesize == 0) + skip_file = true; + else { - done = true; - break; - } + /* Is this the header for the TRAILER file? */ + if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0) + break; - cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag, - false); + cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag, + false); - /* Does the file name match one of the given patterns? */ - if (num_patterns <= 0) - skip_file = false; - else - { - skip_file = copy_matching_files; - for (i = 0; i < num_patterns - && skip_file == copy_matching_files; i++) + /* Does the file name match one of the given patterns? */ + if (num_patterns <= 0) + skip_file = false; + else { - if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0) - skip_file = !copy_matching_files; + skip_file = copy_matching_files; + for (i = 0; i < num_patterns + && skip_file == copy_matching_files; i++) + { + if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0) + skip_file = !copy_matching_files; + } } } - + if (skip_file) { /* If we're skipping a file with links, there might be other @@ -1494,6 +1426,8 @@ process_copy_in () fputc ('\n', stderr); apply_delayed_set_stat (); + + cpio_file_stat_free (&file_hdr); if (append_flag) return; diff --git a/src/copyout.c b/src/copyout.c index 56416ba..a576f27 100644 --- a/src/copyout.c +++ b/src/copyout.c @@ -269,26 +269,32 @@ writeout_final_defers (int out_des) so it should be moved to paxutils too. Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */ int -to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase) +to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul) { static char codetab[] = "0123456789ABCDEF"; - int i = digits; - do + if (nul) + where[--digits] = 0; + while (digits > 0) { - where[--i] = codetab[(v & ((1 << logbase) - 1))]; + where[--digits] = codetab[(v & ((1 << logbase) - 1))]; v >>= logbase; } - while (i); return v != 0; } -static void -field_width_error (const char *filename, const char *fieldname) +void +field_width_error (const char *filename, const char *fieldname, + uintmax_t value, size_t width, bool nul) { - error (1, 0, _("%s: field width not sufficient for storing %s"), - filename, fieldname); + char valbuf[UINTMAX_STRSIZE_BOUND + 1]; + char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; + error (1, 0, _("%s: value %s %s out of allowed range 0..%s"), + filename, fieldname, + STRINGIFY_BIGINT (value, valbuf), + STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8), + maxbuf)); } static void @@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits, unsigned logbase, const char *filename, const char *fieldname) { - if (to_ascii (where, n, digits, logbase)) + if (to_ascii (where, n, digits, logbase, false)) field_width_warning (filename, fieldname); } @@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits, unsigned logbase, const char *filename, const char *fieldname) { - if (to_ascii (where, n, digits, logbase)) + if (to_ascii (where, n, digits, logbase, false)) { - field_width_error (filename, fieldname); + field_width_error (filename, fieldname, n, digits, false); return 1; } return 0; @@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *magic_string, _("name size"))) return 1; p += 8; - to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16); + to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false); tape_buffered_write (ascii_header, out_des, sizeof ascii_header); @@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev, char ascii_header[76]; char *p = ascii_header; - to_ascii (p, file_hdr->c_magic, 6, LG_8); + to_ascii (p, file_hdr->c_magic, 6, LG_8, false); p += 6; to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number")); p += 6; @@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev, short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF; if (short_hdr.c_namesize != file_hdr->c_namesize) { - field_width_error (file_hdr->c_name, _("name size")); + char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; + error (1, 0, _("%s: value %s %s out of allowed range 0..%u"), + file_hdr->c_name, _("name size"), + STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu); return 1; } @@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev, if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1] != file_hdr->c_filesize) { - field_width_error (file_hdr->c_name, _("file size")); + char maxbuf[UINTMAX_STRSIZE_BOUND + 1]; + error (1, 0, _("%s: value %s %s out of allowed range 0..%lu"), + file_hdr->c_name, _("file size"), + STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu); return 1; } @@ -582,17 +594,18 @@ assign_string (char **pvar, char *value) The format of the header depends on the compatibility (-c) flag. */ void -process_copy_out () +process_copy_out (void) { - dynamic_string input_name; /* Name of file read from stdin. */ + dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; + /* Name of file read from stdin. */ struct stat file_stat; /* Stat record for file. */ - struct cpio_file_stat file_hdr; /* Output header information. */ + struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER; + /* Output header information. */ int in_file_des; /* Source file descriptor. */ int out_file_des; /* Output file descriptor. */ char *orig_file_name = NULL; /* Initialize the copy out. */ - ds_init (&input_name, 128); file_hdr.c_magic = 070707; /* Check whether the output file might be a tape. */ @@ -644,14 +657,9 @@ process_copy_out () { if (file_hdr.c_mode & CP_IFDIR) { - int len = strlen (input_name.ds_string); /* Make sure the name ends with a slash */ - if (input_name.ds_string[len-1] != '/') - { - ds_resize (&input_name, len + 2); - input_name.ds_string[len] = '/'; - input_name.ds_string[len+1] = 0; - } + if (!ds_endswith (&input_name, '/')) + ds_append (&input_name, '/'); } } @@ -659,8 +667,7 @@ process_copy_out () cpio_safer_name_suffix (input_name.ds_string, false, !no_abs_paths_flag, true); #ifndef HPUX_CDF - file_hdr.c_name = input_name.ds_string; - file_hdr.c_namesize = strlen (input_name.ds_string) + 1; + cpio_set_c_name (&file_hdr, input_name.ds_string); #else if ( (archive_format != arf_tar) && (archive_format != arf_ustar) ) { @@ -669,16 +676,15 @@ process_copy_out () properly recreate the directory as hidden (in case the files of a directory go into the archive before the directory itself (e.g from "find ... -depth ... | cpio")). */ - file_hdr.c_name = add_cdf_double_slashes (input_name.ds_string); - file_hdr.c_namesize = strlen (file_hdr.c_name) + 1; + cpio_set_c_name (&file_hdr, + add_cdf_double_slashes (input_name.ds_string)); } else { /* We don't mark CDF's in tar files. We assume the "hidden" directory will always go into the archive before any of its files. */ - file_hdr.c_name = input_name.ds_string; - file_hdr.c_namesize = strlen (input_name.ds_string) + 1; + cpio_set_c_name (&file_hdr, input_name.ds_string); } #endif @@ -865,8 +871,7 @@ process_copy_out () file_hdr.c_chksum = 0; file_hdr.c_filesize = 0; - file_hdr.c_namesize = 11; - file_hdr.c_name = CPIO_TRAILER_NAME; + cpio_set_c_name (&file_hdr, CPIO_TRAILER_NAME); if (archive_format != arf_tar && archive_format != arf_ustar) write_out_header (&file_hdr, out_file_des); else @@ -884,6 +889,8 @@ process_copy_out () ngettext ("%lu block\n", "%lu blocks\n", (unsigned long) blocks), (unsigned long) blocks); } + cpio_file_stat_free (&file_hdr); + ds_free (&input_name); } diff --git a/src/tar.c b/src/tar.c index 1b1156e..0a34845 100644 --- a/src/tar.c +++ b/src/tar.c @@ -282,7 +282,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) if (null_block ((long *) &tar_rec, TARRECORDSIZE)) #endif { - file_hdr->c_name = CPIO_TRAILER_NAME; + cpio_set_c_name (file_hdr, CPIO_TRAILER_NAME); return; } #if 0 @@ -316,9 +316,11 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) } if (archive_format != arf_ustar) - file_hdr->c_name = stash_tar_filename (NULL, tar_hdr->name); + cpio_set_c_name (file_hdr, stash_tar_filename (NULL, tar_hdr->name)); else - file_hdr->c_name = stash_tar_filename (tar_hdr->prefix, tar_hdr->name); + cpio_set_c_name (file_hdr, stash_tar_filename (tar_hdr->prefix, + tar_hdr->name)); + file_hdr->c_nlink = 1; file_hdr->c_mode = FROM_OCTAL (tar_hdr->mode); file_hdr->c_mode = file_hdr->c_mode & 07777; @@ -398,7 +400,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des) case AREGTYPE: /* Old tar format; if the last char in filename is '/' then it is a directory, otherwise it's a regular file. */ - if (file_hdr->c_name[strlen (file_hdr->c_name) - 1] == '/') + if (file_hdr->c_name[file_hdr->c_namesize - 1] == '/') file_hdr->c_mode |= CP_IFDIR; else file_hdr->c_mode |= CP_IFREG; diff --git a/src/copypass.c b/src/copypass.c index b4e7169..8378a9b 100644 --- a/src/copypass.c +++ b/src/copypass.c @@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st) If `link_flag', link instead of copying. */ void -process_copy_pass () +process_copy_pass (void) { - dynamic_string input_name; /* Name of file from stdin. */ - dynamic_string output_name; /* Name of new file. */ + dynamic_string input_name = DYNAMIC_STRING_INITIALIZER; + /* Name of file from stdin. */ + dynamic_string output_name = DYNAMIC_STRING_INITIALIZER; + /* Name of new file. */ size_t dirname_len; /* Length of `directory_name'. */ int res; /* Result of functions. */ char *slash; /* For moving past slashes in input name. */ @@ -69,25 +71,19 @@ process_copy_pass () created files */ /* Initialize the copy pass. */ - ds_init (&input_name, 128); dirname_len = strlen (directory_name); if (change_directory_option && !ISSLASH (directory_name[0])) { char *pwd = xgetcwd (); - dirname_len += strlen (pwd) + 1; - ds_init (&output_name, dirname_len + 2); - strcpy (output_name.ds_string, pwd); - strcat (output_name.ds_string, "/"); - strcat (output_name.ds_string, directory_name); + ds_concat (&output_name, pwd); + ds_append (&output_name, '/'); } - else - { - ds_init (&output_name, dirname_len + 2); - strcpy (output_name.ds_string, directory_name); - } - output_name.ds_string[dirname_len] = '/'; + + ds_concat (&output_name, directory_name); + ds_append (&output_name, '/'); + dirname_len = ds_len (&output_name); output_is_seekable = true; change_dir (); @@ -127,8 +123,8 @@ process_copy_pass () keep track of which directories in a path are "hidden". */ slash = add_cdf_double_slashes (slash); #endif - ds_resize (&output_name, dirname_len + strlen (slash) + 2); - strcpy (output_name.ds_string + dirname_len + 1, slash); + ds_reset (&output_name, dirname_len); + ds_concat (&output_name, slash); existing_dir = false; if (lstat (output_name.ds_string, &out_file_stat) == 0) @@ -346,6 +342,8 @@ process_copy_pass () (unsigned long) blocks), (unsigned long) blocks); } + ds_free (&input_name); + ds_free (&output_name); } /* Try and create a hard link from FILE_NAME to another file @@ -385,7 +383,7 @@ link_to_maj_min_ino (char *file_name, int st_dev_maj, int st_dev_min, is created, -1 otherwise. */ int -link_to_name (char *link_name, char *link_target) +link_to_name (char const *link_name, char const *link_target) { int res = link (link_target, link_name); if (res < 0 && create_dir_flag) diff --git a/src/cpiohdr.h b/src/cpiohdr.h index b29e6fb..aa4a8c4 100644 --- a/src/cpiohdr.h +++ b/src/cpiohdr.h @@ -126,8 +126,15 @@ struct cpio_file_stat /* Internal representation of a CPIO header */ size_t c_namesize; uint32_t c_chksum; char *c_name; - char *c_tar_linkname; + size_t c_name_buflen; + char const *c_tar_linkname; }; +#define CPIO_FILE_STAT_INITIALIZER \ + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0, NULL } +void cpio_file_stat_init (struct cpio_file_stat *file_hdr); +void cpio_file_stat_free (struct cpio_file_stat *file_hdr); +void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name); +void cpio_realloc_c_name (struct cpio_file_stat *file_hdr, size_t len); #endif /* cpiohdr.h */ diff --git a/src/dstring.c b/src/dstring.c index 2e6b97b..b70d72e 100644 --- a/src/dstring.c +++ b/src/dstring.c @@ -22,37 +22,52 @@ #endif #include +#include #if defined(HAVE_STRING_H) || defined(STDC_HEADERS) #include #else #include #endif #include "dstring.h" - -char *xmalloc (unsigned n); -char *xrealloc (char *p, unsigned n); +#include /* Initialiaze dynamic string STRING with space for SIZE characters. */ void -ds_init (dynamic_string *string, int size) +ds_init (dynamic_string *string) +{ + memset (string, 0, sizeof *string); +} + +/* Free the dynamic string storage. */ + +void +ds_free (dynamic_string *string) { - string->ds_length = size; - string->ds_string = (char *) xmalloc (size); + free (string->ds_string); } -/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */ +/* Expand dynamic string STRING, if necessary. */ void -ds_resize (dynamic_string *string, int size) +ds_resize (dynamic_string *string, size_t len) { - if (size > string->ds_length) + while (len + string->ds_idx >= string->ds_size) { - string->ds_length = size; - string->ds_string = (char *) xrealloc ((char *) string->ds_string, size); + string->ds_string = x2nrealloc (string->ds_string, &string->ds_size, + 1); } } +/* Reset the index of the dynamic string S to LEN. */ + +void +ds_reset (dynamic_string *s, size_t len) +{ + ds_resize (s, len); + s->ds_idx = len; +} + /* Dynamic string S gets a string terminated by the EOS character (which is removed) from file F. S will increase in size during the function if the string from F is longer than @@ -63,34 +78,49 @@ ds_resize (dynamic_string *string, int size) char * ds_fgetstr (FILE *f, dynamic_string *s, char eos) { - int insize; /* Amount needed for line. */ - int strsize; /* Amount allocated for S. */ int next_ch; /* Initialize. */ - insize = 0; - strsize = s->ds_length; + s->ds_idx = 0; /* Read the input string. */ - next_ch = getc (f); - while (next_ch != eos && next_ch != EOF) + while ((next_ch = getc (f)) != eos && next_ch != EOF) { - if (insize >= strsize - 1) - { - ds_resize (s, strsize * 2 + 2); - strsize = s->ds_length; - } - s->ds_string[insize++] = next_ch; - next_ch = getc (f); + ds_resize (s, 0); + s->ds_string[s->ds_idx++] = next_ch; } - s->ds_string[insize++] = '\0'; + ds_resize (s, 0); + s->ds_string[s->ds_idx] = '\0'; - if (insize == 1 && next_ch == EOF) + if (s->ds_idx == 0 && next_ch == EOF) return NULL; else return s->ds_string; } +void +ds_append (dynamic_string *s, int c) +{ + ds_resize (s, 0); + s->ds_string[s->ds_idx] = c; + if (c) + { + s->ds_idx++; + ds_resize (s, 0); + s->ds_string[s->ds_idx] = 0; + } +} + +void +ds_concat (dynamic_string *s, char const *str) +{ + size_t len = strlen (str); + ds_resize (s, len); + memcpy (s->ds_string + s->ds_idx, str, len); + s->ds_idx += len; + s->ds_string[s->ds_idx] = 0; +} + char * ds_fgets (FILE *f, dynamic_string *s) { @@ -102,3 +132,10 @@ ds_fgetname (FILE *f, dynamic_string *s) { return ds_fgetstr (f, s, '\0'); } + +/* Return true if the dynamic string S ends with character C. */ +int +ds_endswith (dynamic_string *s, int c) +{ + return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c); +} diff --git a/src/dstring.h b/src/dstring.h index 5b49def..a2b6183 100644 --- a/src/dstring.h +++ b/src/dstring.h @@ -17,10 +17,6 @@ Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -#ifndef NULL -#define NULL 0 -#endif - /* A dynamic string consists of record that records the size of an allocated string and the pointer to that string. The actual string is a normal zero byte terminated string that can be used with the @@ -30,22 +26,24 @@ typedef struct { - int ds_length; /* Actual amount of storage allocated. */ - char *ds_string; /* String. */ + size_t ds_size; /* Actual amount of storage allocated. */ + size_t ds_idx; /* Index of the next free byte in the string. */ + char *ds_string; /* String storage. */ } dynamic_string; +#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL } -/* Macros that look similar to the original string functions. - WARNING: These macros work only on pointers to dynamic string records. - If used with a real record, an "&" must be used to get the pointer. */ -#define ds_strlen(s) strlen ((s)->ds_string) -#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string) -#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n) -#define ds_index(s, c) index ((s)->ds_string, c) -#define ds_rindex(s, c) rindex ((s)->ds_string, c) +void ds_init (dynamic_string *string); +void ds_free (dynamic_string *string); +void ds_reset (dynamic_string *s, size_t len); -void ds_init (dynamic_string *string, int size); -void ds_resize (dynamic_string *string, int size); +/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */ char *ds_fgetname (FILE *f, dynamic_string *s); char *ds_fgets (FILE *f, dynamic_string *s); char *ds_fgetstr (FILE *f, dynamic_string *s, char eos); +void ds_append (dynamic_string *s, int c); +void ds_concat (dynamic_string *s, char const *str); + +#define ds_len(s) ((s)->ds_idx) + +int ds_endswith (dynamic_string *s, int c); diff --git a/src/extern.h b/src/extern.h index 47b477a..6330e04 100644 --- a/src/extern.h +++ b/src/extern.h @@ -111,18 +111,21 @@ void read_in_binary (struct cpio_file_stat *file_hdr, struct old_cpio_header *short_hdr, int in_des); void swab_array (char *arg, int count); void process_copy_in (void); -void long_format (struct cpio_file_stat *file_hdr, char *link_name); -void print_name_with_quoting (char *p); +void long_format (struct cpio_file_stat *file_hdr, char const *link_name); /* copyout.c */ int write_out_header (struct cpio_file_stat *file_hdr, int out_des); void process_copy_out (void); +int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, + bool nul); +void field_width_error (const char *filename, const char *fieldname, + uintmax_t value, size_t width, bool nul); /* copypass.c */ void process_copy_pass (void); int link_to_maj_min_ino (char *file_name, int st_dev_maj, int st_dev_min, ino_t st_ino); -int link_to_name (char *link_name, char *link_target); +int link_to_name (char const *link_name, char const *link_target); /* dirname.c */ char *dirname (char *path); @@ -141,7 +144,7 @@ void process_args (int argc, char *argv[]); void initialize_buffers (void); /* makepath.c */ -int make_path (char *argpath, uid_t owner, gid_t group, +int make_path (char const *argpath, uid_t owner, gid_t group, const char *verbose_fmt_string); /* tar.c */ @@ -169,7 +172,7 @@ void copy_files_disk_to_tape (int in_des, int out_des, off_t num_bytes, char *fi void copy_files_disk_to_disk (int in_des, int out_des, off_t num_bytes, char *filename); void warn_if_file_changed (char *file_name, off_t old_file_size, time_t old_file_mtime); -void create_all_directories (char *name); +void create_all_directories (char const *name); void prepare_append (int out_file_des); char *find_inode_file (ino_t node_num, unsigned long major_num, unsigned long minor_num); @@ -204,10 +207,17 @@ void cpio_safer_name_suffix (char *name, bool link_target, int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir); void change_dir (void); -/* FIXME: These two defines should be defined in paxutils */ +/* FIXME: The following three should be defined in paxutils */ #define LG_8 3 #define LG_16 4 +/* The maximum uintmax_t value that can be represented with DIGITS digits, + assuming that each digit is BITS_PER_DIGIT wide. */ +#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \ + ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \ + ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \ + : (uintmax_t) -1) + uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase); #define FROM_OCTAL(f) from_ascii (f, sizeof f, LG_8) diff --git a/src/idcache.c b/src/idcache.c index c89e7f1..e82414e 100644 --- a/src/idcache.c +++ b/src/idcache.c @@ -34,6 +34,7 @@ #endif #include +#include struct userid { @@ -59,7 +60,6 @@ getuser (uid_t uid) { register struct userid *tail; struct passwd *pwent; - char usernum_string[20]; for (tail = user_alist; tail; tail = tail->next) if (tail->id.u == uid) @@ -70,8 +70,8 @@ getuser (uid_t uid) tail->id.u = uid; if (pwent == 0) { - sprintf (usernum_string, "%u", (unsigned) uid); - tail->name = xstrdup (usernum_string); + char nbuf[UINTMAX_STRSIZE_BOUND]; + tail->name = xstrdup (umaxtostr (uid, nbuf)); } else tail->name = xstrdup (pwent->pw_name); @@ -134,7 +134,6 @@ getgroup (gid_t gid) { register struct userid *tail; struct group *grent; - char groupnum_string[20]; for (tail = group_alist; tail; tail = tail->next) if (tail->id.g == gid) @@ -145,8 +144,8 @@ getgroup (gid_t gid) tail->id.g = gid; if (grent == 0) { - sprintf (groupnum_string, "%u", (unsigned int) gid); - tail->name = xstrdup (groupnum_string); + char nbuf[UINTMAX_STRSIZE_BOUND]; + tail->name = xstrdup (umaxtostr (gid, nbuf)); } else tail->name = xstrdup (grent->gr_name); diff --git a/src/makepath.c b/src/makepath.c index 18d5b69..bad2537 100644 --- a/src/makepath.c +++ b/src/makepath.c @@ -49,7 +49,7 @@ ownership and permissions when done, otherwise 1. */ int -make_path (char *argpath, +make_path (char const *argpath, uid_t owner, gid_t group, const char *verbose_fmt_string) diff --git a/src/userspec.c b/src/userspec.c index 14d608c..7b8bf2f 100644 --- a/src/userspec.c +++ b/src/userspec.c @@ -24,6 +24,7 @@ #include #include #include +#include #ifndef HAVE_ENDPWENT # define endpwent() @@ -141,12 +142,8 @@ parse_user_spec (const char *spec_arg, uid_t *uid, gid_t *gid, grp = getgrgid (pwd->pw_gid); if (grp == NULL) { - /* This is enough room to hold the unsigned decimal - representation of any 32-bit quantity and the trailing - zero byte. */ - char uint_buf[21]; - sprintf (uint_buf, "%u", (unsigned) (pwd->pw_gid)); - V_STRDUP (groupname, uint_buf); + char nbuf[UINTMAX_STRSIZE_BOUND]; + V_STRDUP (groupname, umaxtostr (pwd->pw_gid, nbuf)); } else { diff --git a/src/util.c b/src/util.c index 11f9c30..097304f 100644 --- a/src/util.c +++ b/src/util.c @@ -79,8 +79,7 @@ tape_empty_output_buffer (int out_des) if (output_is_special && (bytes_written >= 0 - || (bytes_written < 0 - && (errno == ENOSPC || errno == EIO || errno == ENXIO)))) + || (errno == ENOSPC || errno == EIO || errno == ENXIO))) { get_next_reel (out_des); if (bytes_written > 0) @@ -596,7 +595,7 @@ warn_if_file_changed (char *file_name, off_t old_file_size, Do not destroy any nondirectories while creating directories. */ void -create_all_directories (char *name) +create_all_directories (char const *name) { char *dir; int mode; @@ -718,7 +717,6 @@ find_inode_val (ino_t node_num, unsigned long major_num, unsigned long minor_num) { struct inode_val sample; - struct inode_val *ival; if (!hash_table) return NULL; @@ -768,7 +766,7 @@ add_inode (ino_t node_num, char *file_name, unsigned long major_num, return e; } -static ino_t +static void get_inode_and_dev (struct cpio_file_stat *hdr, struct stat *st) { if (renumber_inodes_option) @@ -859,11 +857,9 @@ get_next_reel (int tape_des) FILE *tty_out; /* File for interacting with user. */ int old_tape_des; char *next_archive_name; - dynamic_string new_name; + dynamic_string new_name = DYNAMIC_STRING_INITIALIZER; char *str_res; - ds_init (&new_name, 128); - /* Open files for interactive communication. */ tty_in = fopen (TTY_NAME, "r"); if (tty_in == NULL) @@ -938,7 +934,7 @@ get_next_reel (int tape_des) error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"), old_tape_des, tape_des); - free (new_name.ds_string); + ds_free (&new_name); fclose (tty_in); fclose (tty_out); } @@ -1412,8 +1408,28 @@ set_file_times (int fd, utime_error (name); } +/* Reallocate file_hdr->c_name to accomodate len bytes (including final \0) */ +void +cpio_realloc_c_name (struct cpio_file_stat *file_hdr, size_t len) +{ + while (file_hdr->c_name_buflen < len) + file_hdr->c_name = x2realloc (file_hdr->c_name, &file_hdr->c_name_buflen); +} + +void +cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name) +{ + size_t len = strlen (name) + 1; + + cpio_realloc_c_name (file_hdr, len); + file_hdr->c_namesize = len; + memmove (file_hdr->c_name, name, len); +} + /* Do we have to ignore absolute paths, and if so, does the filename - have an absolute path? */ + have an absolute path? Before calling this function make sure that the + allocated NAME buffer has capacity at least 2 bytes. */ + void cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, bool strip_leading_dots) @@ -1428,6 +1444,10 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names, ++p; } if (p != name) + /* The 'p' string is shortened version of 'name' with one exception; when + the 'name' points to an empty string (buffer where name[0] == '\0') the + 'p' then points to static string ".". So caller needs to ensure there + are at least two bytes available in 'name' buffer so memmove succeeds. */ memmove (name, p, (size_t)(strlen (p) + 1)); } @@ -1689,4 +1709,17 @@ arf_stores_inode_p (enum archive_format arf) } return 1; } + +void +cpio_file_stat_init (struct cpio_file_stat *file_hdr) +{ + memset (file_hdr, 0, sizeof (*file_hdr)); +} + +void +cpio_file_stat_free (struct cpio_file_stat *file_hdr) +{ + free (file_hdr->c_name); + cpio_file_stat_init (file_hdr); +} -- 2.31.1