cpio/cpio-2.13-CVE-2021-38185.patch

1267 lines
40 KiB
Diff
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

From be54882039632c791493d3657042f7ea9d6f4a20 Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Tue, 21 Sep 2021 11:42:02 +0200
Subject: [PATCH] * src/dstring.c (ds_init): Take a single argument.
(ds_free): New function. (ds_resize): Take a single argument. Use
x2nrealloc to expand the storage.
(ds_reset,ds_append,ds_concat,ds_endswith): New function. (ds_fgetstr):
Rewrite. In particular, this fixes integer overflow. (ds_resize): Take
additional argument: number of bytes to leave available after ds_idx. All
uses changed. * src/dstring.h (dynamic_string): Keep both the allocated
length (ds_size) and index of the next free byte in the string (ds_idx).
(ds_init,ds_resize): Change signature. (ds_len): New macro.
(ds_free,ds_reset,ds_append,ds_concat,ds_endswith): New protos. *
src/copyin.c: Use new ds_ functions. (read_name_from_file): Handle len == 0.
(read_name_from_file): Print error message and skip file if its name is not
nul-terminated. (long_format): Cast rdev numbers to unsigned long *
src/copyout.c: Likewise. * src/copypass.c: Likewise. * src/util.c: Likewise.
(tape_empty_output_buffer): Fix condition. * src/idcache.c
(getuser,getgroup): Use umaxtostr instead of sprintf. * src/userspec.c
(parse_user_spec): Likewise.
---
configure.ac | 4 +-
src/copyin.c | 228 ++++++++++++++++++-------------------------------
src/copyout.c | 77 +++++++++--------
src/copypass.c | 34 ++++----
src/cpiohdr.h | 9 +-
src/dstring.c | 89 +++++++++++++------
src/dstring.h | 30 +++----
src/extern.h | 22 +++--
src/idcache.c | 11 ++-
src/makepath.c | 2 +-
src/userspec.c | 9 +-
src/util.c | 53 +++++++++---
12 files changed, 294 insertions(+), 274 deletions(-)
diff --git a/configure.ac b/configure.ac
index c68bd44..49eaacd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -21,8 +21,8 @@ AC_INIT([GNU cpio], [2.12], [bug-cpio@gnu.org],,
AC_CONFIG_SRCDIR(src/cpio.h)
AC_CONFIG_AUX_DIR([build-aux])
AC_CONFIG_HEADERS([config.h])
-AC_PREREQ([2.63])
-AM_INIT_AUTOMAKE([1.11.1 gnits tar-ustar dist-bzip2 std-options silent-rules])
+AC_PREREQ([2.64])
+AM_INIT_AUTOMAKE([1.15 gnits tar-ustar dist-bzip2 std-options silent-rules])
# Enable silent rules by default:
AM_SILENT_RULES([yes])
diff --git a/src/copyin.c b/src/copyin.c
index 267ed4b..2f9da73 100644
--- a/src/copyin.c
+++ b/src/copyin.c
@@ -56,10 +56,10 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,
static dynamic_string new_name; /* New file name for rename option. */
static int initialized_new_name = false;
if (!initialized_new_name)
- {
- ds_init (&new_name, 128);
- initialized_new_name = true;
- }
+ {
+ ds_init (&new_name);
+ initialized_new_name = true;
+ }
if (rename_flag)
{
@@ -76,28 +76,7 @@ query_rename(struct cpio_file_stat* file_hdr, FILE *tty_in, FILE *tty_out,
return -1;
}
else
- /* Debian hack: file_hrd.c_name is sometimes set to
- point to static memory by code in tar.c. This
- causes a segfault. This has been fixed and an
- additional check to ensure that the file name
- is not too long has been added. (Reported by
- Horst Knobloch.) This bug has been reported to
- "bug-gnu-utils@prep.ai.mit.edu". (99/1/6) -BEM */
- {
- if (archive_format != arf_tar && archive_format != arf_ustar)
- {
- free (file_hdr->c_name);
- file_hdr->c_name = xstrdup (new_name.ds_string);
- }
- else
- {
- if (is_tar_filename_too_long (new_name.ds_string))
- error (0, 0, _("%s: file name too long"),
- new_name.ds_string);
- else
- strcpy (file_hdr->c_name, new_name.ds_string);
- }
- }
+ cpio_set_c_name (file_hdr, new_name.ds_string);
return 0;
}
@@ -173,10 +152,8 @@ list_file (struct cpio_file_stat* file_hdr, int in_file_des)
}
else
{
- /* Debian hack: Modified to print a list of filenames
- terminiated by a null character when the -t and -0
- flags are used. This has been submitted as a
- suggestion to "bug-gnu-utils@prep.ai.mit.edu". -BEM */
+ /* Print out the name as it is. The name_end delimiter is normally
+ '\n', but can be reset to '\0' by the -0 option. */
printf ("%s%c", file_hdr->c_name, name_end);
}
@@ -201,7 +178,7 @@ list_file (struct cpio_file_stat* file_hdr, int in_file_des)
static int
try_existing_file (struct cpio_file_stat* file_hdr, int in_file_des,
- int *existing_dir)
+ bool *existing_dir)
{
struct stat file_stat;
@@ -344,8 +321,7 @@ create_defered_links_to_skipped (struct cpio_file_stat *file_hdr,
d_prev->next = d->next;
else
deferments = d->next;
- free (file_hdr->c_name);
- file_hdr->c_name = xstrdup(d->header.c_name);
+ cpio_set_c_name (file_hdr, d->header.c_name);
free_deferment (d);
copyin_regular_file(file_hdr, in_file_des);
return 0;
@@ -697,7 +673,7 @@ copyin_link (struct cpio_file_stat *file_hdr, int in_file_des)
static void
copyin_file (struct cpio_file_stat *file_hdr, int in_file_des)
{
- int existing_dir;
+ bool existing_dir = false;
if (!to_stdout_option
&& try_existing_file (file_hdr, in_file_des, &existing_dir) < 0)
@@ -748,7 +724,7 @@ static time_t current_time;
this file is a symbolic link to. */
void
-long_format (struct cpio_file_stat *file_hdr, char *link_name)
+long_format (struct cpio_file_stat *file_hdr, char const *link_name)
{
char mbuf[11];
char tbuf[40];
@@ -780,92 +756,42 @@ long_format (struct cpio_file_stat *file_hdr, char *link_name)
if ((file_hdr->c_mode & CP_IFMT) == CP_IFCHR
|| (file_hdr->c_mode & CP_IFMT) == CP_IFBLK)
- printf ("%3lu, %3lu ", file_hdr->c_rdev_maj,
- file_hdr->c_rdev_min);
+ printf ("%3lu, %3lu ",
+ (unsigned long) file_hdr->c_rdev_maj,
+ (unsigned long) file_hdr->c_rdev_min);
else
printf ("%8"PRIuMAX" ", (uintmax_t) file_hdr->c_filesize);
printf ("%s ", tbuf + 4);
- print_name_with_quoting (file_hdr->c_name);
+ printf ("%s", quotearg (file_hdr->c_name));
if (link_name)
{
printf (" -> ");
- print_name_with_quoting (link_name);
+ printf ("%s", quotearg (link_name));
}
putc ('\n', stdout);
}
-void
-print_name_with_quoting (register char *p)
-{
- register unsigned char c;
-
- while ( (c = *p++) )
- {
- switch (c)
- {
- case '\\':
- printf ("\\\\");
- break;
-
- case '\n':
- printf ("\\n");
- break;
-
- case '\b':
- printf ("\\b");
- break;
-
- case '\r':
- printf ("\\r");
- break;
-
- case '\t':
- printf ("\\t");
- break;
-
- case '\f':
- printf ("\\f");
- break;
-
- case ' ':
- printf ("\\ ");
- break;
-
- case '"':
- printf ("\\\"");
- break;
-
- default:
- if (c > 040 && c < 0177)
- putchar (c);
- else
- printf ("\\%03o", (unsigned int) c);
- }
- }
-}
-
/* Read a pattern file (for the -E option). Put a list of
`num_patterns' elements in `save_patterns'. Any patterns that were
already in `save_patterns' (from the command line) are preserved. */
static void
-read_pattern_file ()
+read_pattern_file (void)
{
- int max_new_patterns;
- char **new_save_patterns;
- int new_num_patterns;
+ char **new_save_patterns = NULL;
+ size_t max_new_patterns;
+ size_t new_num_patterns;
int i;
- dynamic_string pattern_name;
+ dynamic_string pattern_name = DYNAMIC_STRING_INITIALIZER;
FILE *pattern_fp;
if (num_patterns < 0)
num_patterns = 0;
- max_new_patterns = 1 + num_patterns;
- new_save_patterns = (char **) xmalloc (max_new_patterns * sizeof (char *));
new_num_patterns = num_patterns;
- ds_init (&pattern_name, 128);
+ max_new_patterns = num_patterns;
+ new_save_patterns = xcalloc (max_new_patterns, sizeof (new_save_patterns[0]));
pattern_fp = fopen (pattern_file_name, "r");
if (pattern_fp == NULL)
@@ -874,16 +800,16 @@ read_pattern_file ()
{
while (ds_fgetstr (pattern_fp, &pattern_name, '\n') != NULL)
{
- if (new_num_patterns >= max_new_patterns)
- {
- max_new_patterns += 1;
- new_save_patterns = (char **)
- xrealloc ((char *) new_save_patterns,
- max_new_patterns * sizeof (char *));
- }
+ if (new_num_patterns == max_new_patterns)
+ new_save_patterns = x2nrealloc (new_save_patterns,
+ &max_new_patterns,
+ sizeof (new_save_patterns[0]));
new_save_patterns[new_num_patterns] = xstrdup (pattern_name.ds_string);
++new_num_patterns;
}
+
+ ds_free (&pattern_name);
+
if (ferror (pattern_fp) || fclose (pattern_fp) == EOF)
close_error (pattern_file_name);
}
@@ -1066,6 +992,27 @@ read_in_header (struct cpio_file_stat *file_hdr, int in_des)
}
}
+static void
+read_name_from_file (struct cpio_file_stat *file_hdr, int fd, uintmax_t len)
+{
+ if (len == 0)
+ {
+ error (0, 0, _("malformed header: file name of zero length"));
+ }
+ else
+ {
+ cpio_realloc_c_name (file_hdr, len);
+ tape_buffered_read (file_hdr->c_name, fd, len);
+ if (file_hdr->c_name[len-1] != 0)
+ {
+ error (0, 0, _("malformed header: file name is not nul-terminated"));
+ /* Skip this file */
+ len = 0;
+ }
+ }
+ file_hdr->c_namesize = len;
+}
+
/* Fill in FILE_HDR by reading an old-format ASCII format cpio header from
file descriptor IN_DES, except for the magic number, which is
already filled in. */
@@ -1092,14 +1039,9 @@ read_in_old_ascii (struct cpio_file_stat *file_hdr, int in_des)
file_hdr->c_rdev_min = minor (dev);
file_hdr->c_mtime = FROM_OCTAL (ascii_header.c_mtime);
- file_hdr->c_namesize = FROM_OCTAL (ascii_header.c_namesize);
file_hdr->c_filesize = FROM_OCTAL (ascii_header.c_filesize);
- /* Read file name from input. */
- if (file_hdr->c_name != NULL)
- free (file_hdr->c_name);
- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize + 1);
- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
+ read_name_from_file (file_hdr, in_des, FROM_OCTAL (ascii_header.c_namesize));
/* HP/UX cpio creates archives that look just like ordinary archives,
but for devices it sets major = 0, minor = 1, and puts the
@@ -1154,14 +1096,9 @@ read_in_new_ascii (struct cpio_file_stat *file_hdr, int in_des)
file_hdr->c_dev_min = FROM_HEX (ascii_header.c_dev_min);
file_hdr->c_rdev_maj = FROM_HEX (ascii_header.c_rdev_maj);
file_hdr->c_rdev_min = FROM_HEX (ascii_header.c_rdev_min);
- file_hdr->c_namesize = FROM_HEX (ascii_header.c_namesize);
file_hdr->c_chksum = FROM_HEX (ascii_header.c_chksum);
- /* Read file name from input. */
- if (file_hdr->c_name != NULL)
- free (file_hdr->c_name);
- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);
- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
+ read_name_from_file (file_hdr, in_des, FROM_HEX (ascii_header.c_namesize));
/* In SVR4 ASCII format, the amount of space allocated for the header
is rounded up to the next long-word, so we might need to drop
@@ -1209,16 +1146,10 @@ read_in_binary (struct cpio_file_stat *file_hdr,
file_hdr->c_rdev_min = minor ((unsigned short)short_hdr->c_rdev);
file_hdr->c_mtime = (unsigned long) short_hdr->c_mtimes[0] << 16
| short_hdr->c_mtimes[1];
-
- file_hdr->c_namesize = short_hdr->c_namesize;
file_hdr->c_filesize = (unsigned long) short_hdr->c_filesizes[0] << 16
| short_hdr->c_filesizes[1];
- /* Read file name from input. */
- if (file_hdr->c_name != NULL)
- free (file_hdr->c_name);
- file_hdr->c_name = (char *) xmalloc (file_hdr->c_namesize);
- tape_buffered_read (file_hdr->c_name, in_des, (long) file_hdr->c_namesize);
+ read_name_from_file (file_hdr, in_des, short_hdr->c_namesize);
/* In binary mode, the amount of space allocated in the header for
the filename is `c_namesize' rounded up to the next short-word,
@@ -1278,14 +1209,14 @@ swab_array (char *ptr, int count)
in the file system. */
void
-process_copy_in ()
+process_copy_in (void)
{
- char done = false; /* True if trailer reached. */
FILE *tty_in = NULL; /* Interactive file for rename option. */
FILE *tty_out = NULL; /* Interactive file for rename option. */
FILE *rename_in = NULL; /* Batch file for rename option. */
struct stat file_stat; /* Output file stat record. */
- struct cpio_file_stat file_hdr; /* Output header information. */
+ struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER;
+ /* Output header information. */
int in_file_des; /* Input file descriptor. */
char skip_file; /* Flag for use with patterns. */
int i; /* Loop index variable. */
@@ -1298,8 +1229,7 @@ process_copy_in ()
{
read_pattern_file ();
}
- file_hdr.c_name = NULL;
-
+ file_hdr.c_namesize = 0;
if (rename_batch_file)
{
rename_in = fopen (rename_batch_file, "r");
@@ -1352,7 +1282,7 @@ process_copy_in ()
change_dir ();
/* While there is more input in the collection, process the input. */
- while (!done)
+ while (1)
{
swapping_halfwords = swapping_bytes = false;
@@ -1380,30 +1310,32 @@ process_copy_in ()
}
#endif
- /* Is this the header for the TRAILER file? */
- if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)
+ if (file_hdr.c_namesize == 0)
+ skip_file = true;
+ else
{
- done = true;
- break;
- }
+ /* Is this the header for the TRAILER file? */
+ if (strcmp (CPIO_TRAILER_NAME, file_hdr.c_name) == 0)
+ break;
- cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
- false);
+ cpio_safer_name_suffix (file_hdr.c_name, false, !no_abs_paths_flag,
+ false);
- /* Does the file name match one of the given patterns? */
- if (num_patterns <= 0)
- skip_file = false;
- else
- {
- skip_file = copy_matching_files;
- for (i = 0; i < num_patterns
- && skip_file == copy_matching_files; i++)
+ /* Does the file name match one of the given patterns? */
+ if (num_patterns <= 0)
+ skip_file = false;
+ else
{
- if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0)
- skip_file = !copy_matching_files;
+ skip_file = copy_matching_files;
+ for (i = 0; i < num_patterns
+ && skip_file == copy_matching_files; i++)
+ {
+ if (fnmatch (save_patterns[i], file_hdr.c_name, 0) == 0)
+ skip_file = !copy_matching_files;
+ }
}
}
-
+
if (skip_file)
{
/* If we're skipping a file with links, there might be other
@@ -1494,6 +1426,8 @@ process_copy_in ()
fputc ('\n', stderr);
apply_delayed_set_stat ();
+
+ cpio_file_stat_free (&file_hdr);
if (append_flag)
return;
diff --git a/src/copyout.c b/src/copyout.c
index 56416ba..a576f27 100644
--- a/src/copyout.c
+++ b/src/copyout.c
@@ -269,26 +269,32 @@ writeout_final_defers (int out_des)
so it should be moved to paxutils too.
Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */
int
-to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)
+to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul)
{
static char codetab[] = "0123456789ABCDEF";
- int i = digits;
- do
+ if (nul)
+ where[--digits] = 0;
+ while (digits > 0)
{
- where[--i] = codetab[(v & ((1 << logbase) - 1))];
+ where[--digits] = codetab[(v & ((1 << logbase) - 1))];
v >>= logbase;
}
- while (i);
return v != 0;
}
-static void
-field_width_error (const char *filename, const char *fieldname)
+void
+field_width_error (const char *filename, const char *fieldname,
+ uintmax_t value, size_t width, bool nul)
{
- error (1, 0, _("%s: field width not sufficient for storing %s"),
- filename, fieldname);
+ char valbuf[UINTMAX_STRSIZE_BOUND + 1];
+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
+ error (1, 0, _("%s: value %s %s out of allowed range 0..%s"),
+ filename, fieldname,
+ STRINGIFY_BIGINT (value, valbuf),
+ STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),
+ maxbuf));
}
static void
@@ -303,7 +309,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits,
unsigned logbase,
const char *filename, const char *fieldname)
{
- if (to_ascii (where, n, digits, logbase))
+ if (to_ascii (where, n, digits, logbase, false))
field_width_warning (filename, fieldname);
}
@@ -312,9 +318,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits,
unsigned logbase,
const char *filename, const char *fieldname)
{
- if (to_ascii (where, n, digits, logbase))
+ if (to_ascii (where, n, digits, logbase, false))
{
- field_width_error (filename, fieldname);
+ field_width_error (filename, fieldname, n, digits, false);
return 1;
}
return 0;
@@ -371,7 +377,7 @@ write_out_new_ascii_header (const char *magic_string,
_("name size")))
return 1;
p += 8;
- to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16);
+ to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false);
tape_buffered_write (ascii_header, out_des, sizeof ascii_header);
@@ -388,7 +394,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev,
char ascii_header[76];
char *p = ascii_header;
- to_ascii (p, file_hdr->c_magic, 6, LG_8);
+ to_ascii (p, file_hdr->c_magic, 6, LG_8, false);
p += 6;
to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number"));
p += 6;
@@ -492,7 +498,10 @@ write_out_binary_header (dev_t rdev,
short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF;
if (short_hdr.c_namesize != file_hdr->c_namesize)
{
- field_width_error (file_hdr->c_name, _("name size"));
+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
+ error (1, 0, _("%s: value %s %s out of allowed range 0..%u"),
+ file_hdr->c_name, _("name size"),
+ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu);
return 1;
}
@@ -502,7 +511,10 @@ write_out_binary_header (dev_t rdev,
if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1]
!= file_hdr->c_filesize)
{
- field_width_error (file_hdr->c_name, _("file size"));
+ char maxbuf[UINTMAX_STRSIZE_BOUND + 1];
+ error (1, 0, _("%s: value %s %s out of allowed range 0..%lu"),
+ file_hdr->c_name, _("file size"),
+ STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu);
return 1;
}
@@ -582,17 +594,18 @@ assign_string (char **pvar, char *value)
The format of the header depends on the compatibility (-c) flag. */
void
-process_copy_out ()
+process_copy_out (void)
{
- dynamic_string input_name; /* Name of file read from stdin. */
+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;
+ /* Name of file read from stdin. */
struct stat file_stat; /* Stat record for file. */
- struct cpio_file_stat file_hdr; /* Output header information. */
+ struct cpio_file_stat file_hdr = CPIO_FILE_STAT_INITIALIZER;
+ /* Output header information. */
int in_file_des; /* Source file descriptor. */
int out_file_des; /* Output file descriptor. */
char *orig_file_name = NULL;
/* Initialize the copy out. */
- ds_init (&input_name, 128);
file_hdr.c_magic = 070707;
/* Check whether the output file might be a tape. */
@@ -644,14 +657,9 @@ process_copy_out ()
{
if (file_hdr.c_mode & CP_IFDIR)
{
- int len = strlen (input_name.ds_string);
/* Make sure the name ends with a slash */
- if (input_name.ds_string[len-1] != '/')
- {
- ds_resize (&input_name, len + 2);
- input_name.ds_string[len] = '/';
- input_name.ds_string[len+1] = 0;
- }
+ if (!ds_endswith (&input_name, '/'))
+ ds_append (&input_name, '/');
}
}
@@ -659,8 +667,7 @@ process_copy_out ()
cpio_safer_name_suffix (input_name.ds_string, false,
!no_abs_paths_flag, true);
#ifndef HPUX_CDF
- file_hdr.c_name = input_name.ds_string;
- file_hdr.c_namesize = strlen (input_name.ds_string) + 1;
+ cpio_set_c_name (&file_hdr, input_name.ds_string);
#else
if ( (archive_format != arf_tar) && (archive_format != arf_ustar) )
{
@@ -669,16 +676,15 @@ process_copy_out ()
properly recreate the directory as hidden (in case the
files of a directory go into the archive before the
directory itself (e.g from "find ... -depth ... | cpio")). */
- file_hdr.c_name = add_cdf_double_slashes (input_name.ds_string);
- file_hdr.c_namesize = strlen (file_hdr.c_name) + 1;
+ cpio_set_c_name (&file_hdr,
+ add_cdf_double_slashes (input_name.ds_string));
}
else
{
/* We don't mark CDF's in tar files. We assume the "hidden"
directory will always go into the archive before any of
its files. */
- file_hdr.c_name = input_name.ds_string;
- file_hdr.c_namesize = strlen (input_name.ds_string) + 1;
+ cpio_set_c_name (&file_hdr, input_name.ds_string);
}
#endif
@@ -865,8 +871,7 @@ process_copy_out ()
file_hdr.c_chksum = 0;
file_hdr.c_filesize = 0;
- file_hdr.c_namesize = 11;
- file_hdr.c_name = CPIO_TRAILER_NAME;
+ cpio_set_c_name (&file_hdr, CPIO_TRAILER_NAME);
if (archive_format != arf_tar && archive_format != arf_ustar)
write_out_header (&file_hdr, out_file_des);
else
@@ -884,6 +889,8 @@ process_copy_out ()
ngettext ("%lu block\n", "%lu blocks\n",
(unsigned long) blocks), (unsigned long) blocks);
}
+ cpio_file_stat_free (&file_hdr);
+ ds_free (&input_name);
}
diff --git a/src/tar.c b/src/tar.c
index 1b1156e..0a34845 100644
--- a/src/tar.c
+++ b/src/tar.c
@@ -282,7 +282,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
if (null_block ((long *) &tar_rec, TARRECORDSIZE))
#endif
{
- file_hdr->c_name = CPIO_TRAILER_NAME;
+ cpio_set_c_name (file_hdr, CPIO_TRAILER_NAME);
return;
}
#if 0
@@ -316,9 +316,11 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
}
if (archive_format != arf_ustar)
- file_hdr->c_name = stash_tar_filename (NULL, tar_hdr->name);
+ cpio_set_c_name (file_hdr, stash_tar_filename (NULL, tar_hdr->name));
else
- file_hdr->c_name = stash_tar_filename (tar_hdr->prefix, tar_hdr->name);
+ cpio_set_c_name (file_hdr, stash_tar_filename (tar_hdr->prefix,
+ tar_hdr->name));
+
file_hdr->c_nlink = 1;
file_hdr->c_mode = FROM_OCTAL (tar_hdr->mode);
file_hdr->c_mode = file_hdr->c_mode & 07777;
@@ -398,7 +400,7 @@ read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des)
case AREGTYPE:
/* Old tar format; if the last char in filename is '/' then it is
a directory, otherwise it's a regular file. */
- if (file_hdr->c_name[strlen (file_hdr->c_name) - 1] == '/')
+ if (file_hdr->c_name[file_hdr->c_namesize - 1] == '/')
file_hdr->c_mode |= CP_IFDIR;
else
file_hdr->c_mode |= CP_IFREG;
diff --git a/src/copypass.c b/src/copypass.c
index b4e7169..8378a9b 100644
--- a/src/copypass.c
+++ b/src/copypass.c
@@ -48,10 +48,12 @@ set_copypass_perms (int fd, const char *name, struct stat *st)
If `link_flag', link instead of copying. */
void
-process_copy_pass ()
+process_copy_pass (void)
{
- dynamic_string input_name; /* Name of file from stdin. */
- dynamic_string output_name; /* Name of new file. */
+ dynamic_string input_name = DYNAMIC_STRING_INITIALIZER;
+ /* Name of file from stdin. */
+ dynamic_string output_name = DYNAMIC_STRING_INITIALIZER;
+ /* Name of new file. */
size_t dirname_len; /* Length of `directory_name'. */
int res; /* Result of functions. */
char *slash; /* For moving past slashes in input name. */
@@ -69,25 +71,19 @@ process_copy_pass ()
created files */
/* Initialize the copy pass. */
- ds_init (&input_name, 128);
dirname_len = strlen (directory_name);
if (change_directory_option && !ISSLASH (directory_name[0]))
{
char *pwd = xgetcwd ();
- dirname_len += strlen (pwd) + 1;
- ds_init (&output_name, dirname_len + 2);
- strcpy (output_name.ds_string, pwd);
- strcat (output_name.ds_string, "/");
- strcat (output_name.ds_string, directory_name);
+ ds_concat (&output_name, pwd);
+ ds_append (&output_name, '/');
}
- else
- {
- ds_init (&output_name, dirname_len + 2);
- strcpy (output_name.ds_string, directory_name);
- }
- output_name.ds_string[dirname_len] = '/';
+
+ ds_concat (&output_name, directory_name);
+ ds_append (&output_name, '/');
+ dirname_len = ds_len (&output_name);
output_is_seekable = true;
change_dir ();
@@ -127,8 +123,8 @@ process_copy_pass ()
keep track of which directories in a path are "hidden". */
slash = add_cdf_double_slashes (slash);
#endif
- ds_resize (&output_name, dirname_len + strlen (slash) + 2);
- strcpy (output_name.ds_string + dirname_len + 1, slash);
+ ds_reset (&output_name, dirname_len);
+ ds_concat (&output_name, slash);
existing_dir = false;
if (lstat (output_name.ds_string, &out_file_stat) == 0)
@@ -346,6 +342,8 @@ process_copy_pass ()
(unsigned long) blocks),
(unsigned long) blocks);
}
+ ds_free (&input_name);
+ ds_free (&output_name);
}
/* Try and create a hard link from FILE_NAME to another file
@@ -385,7 +383,7 @@ link_to_maj_min_ino (char *file_name, int st_dev_maj, int st_dev_min,
is created, -1 otherwise. */
int
-link_to_name (char *link_name, char *link_target)
+link_to_name (char const *link_name, char const *link_target)
{
int res = link (link_target, link_name);
if (res < 0 && create_dir_flag)
diff --git a/src/cpiohdr.h b/src/cpiohdr.h
index b29e6fb..aa4a8c4 100644
--- a/src/cpiohdr.h
+++ b/src/cpiohdr.h
@@ -126,8 +126,15 @@ struct cpio_file_stat /* Internal representation of a CPIO header */
size_t c_namesize;
uint32_t c_chksum;
char *c_name;
- char *c_tar_linkname;
+ size_t c_name_buflen;
+ char const *c_tar_linkname;
};
+#define CPIO_FILE_STAT_INITIALIZER \
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0, NULL }
+void cpio_file_stat_init (struct cpio_file_stat *file_hdr);
+void cpio_file_stat_free (struct cpio_file_stat *file_hdr);
+void cpio_set_c_name(struct cpio_file_stat *file_hdr, char *name);
+void cpio_realloc_c_name (struct cpio_file_stat *file_hdr, size_t len);
#endif /* cpiohdr.h */
diff --git a/src/dstring.c b/src/dstring.c
index 2e6b97b..b70d72e 100644
--- a/src/dstring.c
+++ b/src/dstring.c
@@ -22,37 +22,52 @@
#endif
#include <stdio.h>
+#include <stdlib.h>
#if defined(HAVE_STRING_H) || defined(STDC_HEADERS)
#include <string.h>
#else
#include <strings.h>
#endif
#include "dstring.h"
-
-char *xmalloc (unsigned n);
-char *xrealloc (char *p, unsigned n);
+#include <xalloc.h>
/* Initialiaze dynamic string STRING with space for SIZE characters. */
void
-ds_init (dynamic_string *string, int size)
+ds_init (dynamic_string *string)
+{
+ memset (string, 0, sizeof *string);
+}
+
+/* Free the dynamic string storage. */
+
+void
+ds_free (dynamic_string *string)
{
- string->ds_length = size;
- string->ds_string = (char *) xmalloc (size);
+ free (string->ds_string);
}
-/* Expand dynamic string STRING, if necessary, to hold SIZE characters. */
+/* Expand dynamic string STRING, if necessary. */
void
-ds_resize (dynamic_string *string, int size)
+ds_resize (dynamic_string *string, size_t len)
{
- if (size > string->ds_length)
+ while (len + string->ds_idx >= string->ds_size)
{
- string->ds_length = size;
- string->ds_string = (char *) xrealloc ((char *) string->ds_string, size);
+ string->ds_string = x2nrealloc (string->ds_string, &string->ds_size,
+ 1);
}
}
+/* Reset the index of the dynamic string S to LEN. */
+
+void
+ds_reset (dynamic_string *s, size_t len)
+{
+ ds_resize (s, len);
+ s->ds_idx = len;
+}
+
/* Dynamic string S gets a string terminated by the EOS character
(which is removed) from file F. S will increase
in size during the function if the string from F is longer than
@@ -63,34 +78,49 @@ ds_resize (dynamic_string *string, int size)
char *
ds_fgetstr (FILE *f, dynamic_string *s, char eos)
{
- int insize; /* Amount needed for line. */
- int strsize; /* Amount allocated for S. */
int next_ch;
/* Initialize. */
- insize = 0;
- strsize = s->ds_length;
+ s->ds_idx = 0;
/* Read the input string. */
- next_ch = getc (f);
- while (next_ch != eos && next_ch != EOF)
+ while ((next_ch = getc (f)) != eos && next_ch != EOF)
{
- if (insize >= strsize - 1)
- {
- ds_resize (s, strsize * 2 + 2);
- strsize = s->ds_length;
- }
- s->ds_string[insize++] = next_ch;
- next_ch = getc (f);
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx++] = next_ch;
}
- s->ds_string[insize++] = '\0';
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = '\0';
- if (insize == 1 && next_ch == EOF)
+ if (s->ds_idx == 0 && next_ch == EOF)
return NULL;
else
return s->ds_string;
}
+void
+ds_append (dynamic_string *s, int c)
+{
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = c;
+ if (c)
+ {
+ s->ds_idx++;
+ ds_resize (s, 0);
+ s->ds_string[s->ds_idx] = 0;
+ }
+}
+
+void
+ds_concat (dynamic_string *s, char const *str)
+{
+ size_t len = strlen (str);
+ ds_resize (s, len);
+ memcpy (s->ds_string + s->ds_idx, str, len);
+ s->ds_idx += len;
+ s->ds_string[s->ds_idx] = 0;
+}
+
char *
ds_fgets (FILE *f, dynamic_string *s)
{
@@ -102,3 +132,10 @@ ds_fgetname (FILE *f, dynamic_string *s)
{
return ds_fgetstr (f, s, '\0');
}
+
+/* Return true if the dynamic string S ends with character C. */
+int
+ds_endswith (dynamic_string *s, int c)
+{
+ return (s->ds_idx > 0 && s->ds_string[s->ds_idx - 1] == c);
+}
diff --git a/src/dstring.h b/src/dstring.h
index 5b49def..a2b6183 100644
--- a/src/dstring.h
+++ b/src/dstring.h
@@ -17,10 +17,6 @@
Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301 USA. */
-#ifndef NULL
-#define NULL 0
-#endif
-
/* A dynamic string consists of record that records the size of an
allocated string and the pointer to that string. The actual string
is a normal zero byte terminated string that can be used with the
@@ -30,22 +26,24 @@
typedef struct
{
- int ds_length; /* Actual amount of storage allocated. */
- char *ds_string; /* String. */
+ size_t ds_size; /* Actual amount of storage allocated. */
+ size_t ds_idx; /* Index of the next free byte in the string. */
+ char *ds_string; /* String storage. */
} dynamic_string;
+#define DYNAMIC_STRING_INITIALIZER { 0, 0, NULL }
-/* Macros that look similar to the original string functions.
- WARNING: These macros work only on pointers to dynamic string records.
- If used with a real record, an "&" must be used to get the pointer. */
-#define ds_strlen(s) strlen ((s)->ds_string)
-#define ds_strcmp(s1, s2) strcmp ((s1)->ds_string, (s2)->ds_string)
-#define ds_strncmp(s1, s2, n) strncmp ((s1)->ds_string, (s2)->ds_string, n)
-#define ds_index(s, c) index ((s)->ds_string, c)
-#define ds_rindex(s, c) rindex ((s)->ds_string, c)
+void ds_init (dynamic_string *string);
+void ds_free (dynamic_string *string);
+void ds_reset (dynamic_string *s, size_t len);
-void ds_init (dynamic_string *string, int size);
-void ds_resize (dynamic_string *string, int size);
+/* All functions below guarantee that s->ds_string[s->ds_idx] == '\0' */
char *ds_fgetname (FILE *f, dynamic_string *s);
char *ds_fgets (FILE *f, dynamic_string *s);
char *ds_fgetstr (FILE *f, dynamic_string *s, char eos);
+void ds_append (dynamic_string *s, int c);
+void ds_concat (dynamic_string *s, char const *str);
+
+#define ds_len(s) ((s)->ds_idx)
+
+int ds_endswith (dynamic_string *s, int c);
diff --git a/src/extern.h b/src/extern.h
index 47b477a..6330e04 100644
--- a/src/extern.h
+++ b/src/extern.h
@@ -111,18 +111,21 @@ void read_in_binary (struct cpio_file_stat *file_hdr,
struct old_cpio_header *short_hdr, int in_des);
void swab_array (char *arg, int count);
void process_copy_in (void);
-void long_format (struct cpio_file_stat *file_hdr, char *link_name);
-void print_name_with_quoting (char *p);
+void long_format (struct cpio_file_stat *file_hdr, char const *link_name);
/* copyout.c */
int write_out_header (struct cpio_file_stat *file_hdr, int out_des);
void process_copy_out (void);
+int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase,
+ bool nul);
+void field_width_error (const char *filename, const char *fieldname,
+ uintmax_t value, size_t width, bool nul);
/* copypass.c */
void process_copy_pass (void);
int link_to_maj_min_ino (char *file_name, int st_dev_maj,
int st_dev_min, ino_t st_ino);
-int link_to_name (char *link_name, char *link_target);
+int link_to_name (char const *link_name, char const *link_target);
/* dirname.c */
char *dirname (char *path);
@@ -141,7 +144,7 @@ void process_args (int argc, char *argv[]);
void initialize_buffers (void);
/* makepath.c */
-int make_path (char *argpath, uid_t owner, gid_t group,
+int make_path (char const *argpath, uid_t owner, gid_t group,
const char *verbose_fmt_string);
/* tar.c */
@@ -169,7 +172,7 @@ void copy_files_disk_to_tape (int in_des, int out_des, off_t num_bytes, char *fi
void copy_files_disk_to_disk (int in_des, int out_des, off_t num_bytes, char *filename);
void warn_if_file_changed (char *file_name, off_t old_file_size,
time_t old_file_mtime);
-void create_all_directories (char *name);
+void create_all_directories (char const *name);
void prepare_append (int out_file_des);
char *find_inode_file (ino_t node_num,
unsigned long major_num, unsigned long minor_num);
@@ -204,10 +207,17 @@ void cpio_safer_name_suffix (char *name, bool link_target,
int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir);
void change_dir (void);
-/* FIXME: These two defines should be defined in paxutils */
+/* FIXME: The following three should be defined in paxutils */
#define LG_8 3
#define LG_16 4
+/* The maximum uintmax_t value that can be represented with DIGITS digits,
+ assuming that each digit is BITS_PER_DIGIT wide. */
+#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \
+ ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \
+ ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \
+ : (uintmax_t) -1)
+
uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase);
#define FROM_OCTAL(f) from_ascii (f, sizeof f, LG_8)
diff --git a/src/idcache.c b/src/idcache.c
index c89e7f1..e82414e 100644
--- a/src/idcache.c
+++ b/src/idcache.c
@@ -34,6 +34,7 @@
#endif
#include <unistd.h>
+#include <inttostr.h>
struct userid
{
@@ -59,7 +60,6 @@ getuser (uid_t uid)
{
register struct userid *tail;
struct passwd *pwent;
- char usernum_string[20];
for (tail = user_alist; tail; tail = tail->next)
if (tail->id.u == uid)
@@ -70,8 +70,8 @@ getuser (uid_t uid)
tail->id.u = uid;
if (pwent == 0)
{
- sprintf (usernum_string, "%u", (unsigned) uid);
- tail->name = xstrdup (usernum_string);
+ char nbuf[UINTMAX_STRSIZE_BOUND];
+ tail->name = xstrdup (umaxtostr (uid, nbuf));
}
else
tail->name = xstrdup (pwent->pw_name);
@@ -134,7 +134,6 @@ getgroup (gid_t gid)
{
register struct userid *tail;
struct group *grent;
- char groupnum_string[20];
for (tail = group_alist; tail; tail = tail->next)
if (tail->id.g == gid)
@@ -145,8 +144,8 @@ getgroup (gid_t gid)
tail->id.g = gid;
if (grent == 0)
{
- sprintf (groupnum_string, "%u", (unsigned int) gid);
- tail->name = xstrdup (groupnum_string);
+ char nbuf[UINTMAX_STRSIZE_BOUND];
+ tail->name = xstrdup (umaxtostr (gid, nbuf));
}
else
tail->name = xstrdup (grent->gr_name);
diff --git a/src/makepath.c b/src/makepath.c
index 18d5b69..bad2537 100644
--- a/src/makepath.c
+++ b/src/makepath.c
@@ -49,7 +49,7 @@
ownership and permissions when done, otherwise 1. */
int
-make_path (char *argpath,
+make_path (char const *argpath,
uid_t owner,
gid_t group,
const char *verbose_fmt_string)
diff --git a/src/userspec.c b/src/userspec.c
index 14d608c..7b8bf2f 100644
--- a/src/userspec.c
+++ b/src/userspec.c
@@ -24,6 +24,7 @@
#include <stdio.h>
#include <ctype.h>
#include <sys/types.h>
+#include <inttostr.h>
#ifndef HAVE_ENDPWENT
# define endpwent()
@@ -141,12 +142,8 @@ parse_user_spec (const char *spec_arg, uid_t *uid, gid_t *gid,
grp = getgrgid (pwd->pw_gid);
if (grp == NULL)
{
- /* This is enough room to hold the unsigned decimal
- representation of any 32-bit quantity and the trailing
- zero byte. */
- char uint_buf[21];
- sprintf (uint_buf, "%u", (unsigned) (pwd->pw_gid));
- V_STRDUP (groupname, uint_buf);
+ char nbuf[UINTMAX_STRSIZE_BOUND];
+ V_STRDUP (groupname, umaxtostr (pwd->pw_gid, nbuf));
}
else
{
diff --git a/src/util.c b/src/util.c
index 11f9c30..097304f 100644
--- a/src/util.c
+++ b/src/util.c
@@ -79,8 +79,7 @@ tape_empty_output_buffer (int out_des)
if (output_is_special
&& (bytes_written >= 0
- || (bytes_written < 0
- && (errno == ENOSPC || errno == EIO || errno == ENXIO))))
+ || (errno == ENOSPC || errno == EIO || errno == ENXIO)))
{
get_next_reel (out_des);
if (bytes_written > 0)
@@ -596,7 +595,7 @@ warn_if_file_changed (char *file_name, off_t old_file_size,
Do not destroy any nondirectories while creating directories. */
void
-create_all_directories (char *name)
+create_all_directories (char const *name)
{
char *dir;
int mode;
@@ -718,7 +717,6 @@ find_inode_val (ino_t node_num, unsigned long major_num,
unsigned long minor_num)
{
struct inode_val sample;
- struct inode_val *ival;
if (!hash_table)
return NULL;
@@ -768,7 +766,7 @@ add_inode (ino_t node_num, char *file_name, unsigned long major_num,
return e;
}
-static ino_t
+static void
get_inode_and_dev (struct cpio_file_stat *hdr, struct stat *st)
{
if (renumber_inodes_option)
@@ -859,11 +857,9 @@ get_next_reel (int tape_des)
FILE *tty_out; /* File for interacting with user. */
int old_tape_des;
char *next_archive_name;
- dynamic_string new_name;
+ dynamic_string new_name = DYNAMIC_STRING_INITIALIZER;
char *str_res;
- ds_init (&new_name, 128);
-
/* Open files for interactive communication. */
tty_in = fopen (TTY_NAME, "r");
if (tty_in == NULL)
@@ -938,7 +934,7 @@ get_next_reel (int tape_des)
error (PAXEXIT_FAILURE, 0, _("internal error: tape descriptor changed from %d to %d"),
old_tape_des, tape_des);
- free (new_name.ds_string);
+ ds_free (&new_name);
fclose (tty_in);
fclose (tty_out);
}
@@ -1412,8 +1408,28 @@ set_file_times (int fd,
utime_error (name);
}
+/* Reallocate file_hdr->c_name to accomodate len bytes (including final \0) */
+void
+cpio_realloc_c_name (struct cpio_file_stat *file_hdr, size_t len)
+{
+ while (file_hdr->c_name_buflen < len)
+ file_hdr->c_name = x2realloc (file_hdr->c_name, &file_hdr->c_name_buflen);
+}
+
+void
+cpio_set_c_name (struct cpio_file_stat *file_hdr, char *name)
+{
+ size_t len = strlen (name) + 1;
+
+ cpio_realloc_c_name (file_hdr, len);
+ file_hdr->c_namesize = len;
+ memmove (file_hdr->c_name, name, len);
+}
+
/* Do we have to ignore absolute paths, and if so, does the filename
- have an absolute path? */
+ have an absolute path? Before calling this function make sure that the
+ allocated NAME buffer has capacity at least 2 bytes. */
+
void
cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
bool strip_leading_dots)
@@ -1428,6 +1444,10 @@ cpio_safer_name_suffix (char *name, bool link_target, bool absolute_names,
++p;
}
if (p != name)
+ /* The 'p' string is shortened version of 'name' with one exception; when
+ the 'name' points to an empty string (buffer where name[0] == '\0') the
+ 'p' then points to static string ".". So caller needs to ensure there
+ are at least two bytes available in 'name' buffer so memmove succeeds. */
memmove (name, p, (size_t)(strlen (p) + 1));
}
@@ -1689,4 +1709,17 @@ arf_stores_inode_p (enum archive_format arf)
}
return 1;
}
+
+void
+cpio_file_stat_init (struct cpio_file_stat *file_hdr)
+{
+ memset (file_hdr, 0, sizeof (*file_hdr));
+}
+
+void
+cpio_file_stat_free (struct cpio_file_stat *file_hdr)
+{
+ free (file_hdr->c_name);
+ cpio_file_stat_init (file_hdr);
+}
--
2.31.1