/* ** Copyright 1998-2003 University of Illinois Board of Trustees ** Copyright 1998-2003 Mark D. Roth ** All rights reserved. ** ** block.c - libtar code to handle tar archive header blocks ** ** Mark D. Roth ** Campus Information Technologies and Educational Services ** University of Illinois at Urbana-Champaign */ #include #include #ifdef STDC_HEADERS # include # include #endif #define BIT_ISSET(bitmask, bit) ((bitmask) & (bit)) // Used to identify selinux_context in extended ('x') // metadata. From RedHat implementation. #define SELINUX_TAG "RHT.security.selinux=" #define SELINUX_TAG_LEN 21 // Used to identify e4crypt_policy in extended ('x') #define E4CRYPT_TAG "TWRP.security.e4crypt=" #define E4CRYPT_TAG_LEN 22 // Used to identify Posix capabilities in extended ('x') #define CAPABILITIES_TAG "SCHILY.xattr.security.capability=" #define CAPABILITIES_TAG_LEN 33 /* read a header block */ /* FIXME: the return value of this function should match the return value of tar_block_read(), which is a macro which references a prototype that returns a ssize_t. So far, this is safe, since tar_block_read() only ever reads 512 (T_BLOCKSIZE) bytes at a time, so any difference in size of ssize_t and int is of negligible risk. BUT, if T_BLOCKSIZE ever changes, or ever becomes a variable parameter controllable by the user, all the code that calls it, including this function and all code that calls it, should be fixed for security reasons. Thanks to Chris Palmer for the critique. */ int th_read_internal(TAR *t) { int i; int num_zero_blocks = 0; #ifdef DEBUG printf("==> th_read_internal(TAR=\"%s\")\n", t->pathname); #endif while ((i = tar_block_read(t, &(t->th_buf))) == T_BLOCKSIZE) { /* two all-zero blocks mark EOF */ if (t->th_buf.name[0] == '\0') { num_zero_blocks++; if (!BIT_ISSET(t->options, TAR_IGNORE_EOT) && num_zero_blocks >= 2) return 0; /* EOF */ else continue; } /* verify magic and version */ if (BIT_ISSET(t->options, TAR_CHECK_MAGIC) && strncmp(t->th_buf.magic, TMAGIC, TMAGLEN - 1) != 0) { #ifdef DEBUG puts("!!! unknown magic value in tar header"); #endif return -2; } if (BIT_ISSET(t->options, TAR_CHECK_VERSION) && strncmp(t->th_buf.version, TVERSION, TVERSLEN) != 0) { #ifdef DEBUG puts("!!! unknown version value in tar header"); #endif return -2; } /* check chksum */ if (!BIT_ISSET(t->options, TAR_IGNORE_CRC) && !th_crc_ok(t)) { #ifdef DEBUG puts("!!! tar header checksum error"); #endif return -2; } break; } #ifdef DEBUG printf("<== th_read_internal(): returning %d\n", i); #endif return i; } /* wrapper function for th_read_internal() to handle GNU extensions */ int th_read(TAR *t) { int i; size_t sz, j, blocks; char *ptr; #ifdef DEBUG printf("==> th_read(t=0x%lx)\n", t); #endif if (t->th_buf.gnu_longname != NULL) free(t->th_buf.gnu_longname); if (t->th_buf.gnu_longlink != NULL) free(t->th_buf.gnu_longlink); #ifdef HAVE_SELINUX if (t->th_buf.selinux_context != NULL) free(t->th_buf.selinux_context); #endif #ifdef HAVE_EXT4_CRYPT if (t->th_buf.e4crypt_policy != NULL) { free(t->th_buf.e4crypt_policy); } #endif if (t->th_buf.has_cap_data) { memset(&t->th_buf.cap_data, 0, sizeof(struct vfs_cap_data)); t->th_buf.has_cap_data = 0; } memset(&(t->th_buf), 0, sizeof(struct tar_header)); i = th_read_internal(t); if (i == 0) return 1; else if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } /* check for GNU long link extention */ if (TH_ISLONGLINK(t)) { sz = th_get_size(t); blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0); if (blocks > ((size_t)-1 / T_BLOCKSIZE)) { errno = E2BIG; return -1; } #ifdef DEBUG printf(" th_read(): GNU long linkname detected " "(%ld bytes, %d blocks)\n", sz, blocks); #endif t->th_buf.gnu_longlink = (char *)malloc(blocks * T_BLOCKSIZE); if (t->th_buf.gnu_longlink == NULL) return -1; for (j = 0, ptr = t->th_buf.gnu_longlink; j < blocks; j++, ptr += T_BLOCKSIZE) { #ifdef DEBUG printf(" th_read(): reading long linkname " "(%d blocks left, ptr == %ld)\n", blocks-j, ptr); #endif i = tar_block_read(t, ptr); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } #ifdef DEBUG printf(" th_read(): read block == \"%s\"\n", ptr); #endif } #ifdef DEBUG printf(" th_read(): t->th_buf.gnu_longlink == \"%s\"\n", t->th_buf.gnu_longlink); #endif i = th_read_internal(t); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } } /* check for GNU long name extention */ if (TH_ISLONGNAME(t)) { sz = th_get_size(t); blocks = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0); if (blocks > ((size_t)-1 / T_BLOCKSIZE)) { errno = E2BIG; return -1; } #ifdef DEBUG printf(" th_read(): GNU long filename detected " "(%ld bytes, %d blocks)\n", sz, blocks); #endif t->th_buf.gnu_longname = (char *)malloc(blocks * T_BLOCKSIZE); if (t->th_buf.gnu_longname == NULL) return -1; for (j = 0, ptr = t->th_buf.gnu_longname; j < blocks; j++, ptr += T_BLOCKSIZE) { #ifdef DEBUG printf(" th_read(): reading long filename " "(%d blocks left, ptr == %ld)\n", blocks-j, ptr); #endif i = tar_block_read(t, ptr); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } #ifdef DEBUG printf(" th_read(): read block == \"%s\"\n", ptr); #endif } #ifdef DEBUG printf(" th_read(): t->th_buf.gnu_longname == \"%s\"\n", t->th_buf.gnu_longname); #endif i = th_read_internal(t); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } } // Extended headers (selinux contexts, posix file capabilities, ext4 encryption policies) while(TH_ISEXTHEADER(t) || TH_ISPOLHEADER(t)) { sz = th_get_size(t); if(sz >= T_BLOCKSIZE) // Not supported { #ifdef DEBUG printf(" th_read(): Extended header is too long!\n"); #endif } else { char buf[T_BLOCKSIZE]; i = tar_block_read(t, buf); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } // To be sure buf[T_BLOCKSIZE-1] = 0; int len = strlen(buf); // posix capabilities char *start = strstr(buf, CAPABILITIES_TAG); if(start && start+CAPABILITIES_TAG_LEN < buf+len) { start += CAPABILITIES_TAG_LEN; memcpy(&t->th_buf.cap_data, start, sizeof(struct vfs_cap_data)); t->th_buf.has_cap_data = 1; #ifdef DEBUG printf(" th_read(): Posix capabilities detected\n"); #endif } // end posix capabilities #ifdef HAVE_SELINUX // selinux contexts start = strstr(buf, SELINUX_TAG); if(start && start+SELINUX_TAG_LEN < buf+len) { start += SELINUX_TAG_LEN; char *end = strchr(start, '\n'); if(end) { t->th_buf.selinux_context = strndup(start, end-start); #ifdef DEBUG printf(" th_read(): SELinux context xattr detected: %s\n", t->th_buf.selinux_context); #endif } } #endif // HAVE_SELINUX #ifdef HAVE_EXT4_CRYPT start = strstr(buf, E4CRYPT_TAG); if(start && start+E4CRYPT_TAG_LEN < buf+len) { start += E4CRYPT_TAG_LEN; char *end = strchr(start, '\n'); if(end) { t->th_buf.e4crypt_policy = strndup(start, end-start); #ifdef DEBUG printf(" th_read(): E4Crypt policy detected: %s\n", t->th_buf.e4crypt_policy); #endif } } #endif // HAVE_EXT4_CRYPT } i = th_read_internal(t); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } } return 0; } /* write an extended block */ static int th_write_extended(TAR *t, char* buf, uint64_t sz) { char type2; uint64_t sz2; int i; /* save old size and type */ type2 = t->th_buf.typeflag; sz2 = th_get_size(t); /* write out initial header block with fake size and type */ t->th_buf.typeflag = TH_EXT_TYPE; if(sz >= T_BLOCKSIZE) // impossible { errno = EINVAL; return -1; } th_set_size(t, sz); th_finish(t); i = tar_block_write(t, &(t->th_buf)); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } i = tar_block_write(t, buf); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } /* reset type and size to original values */ t->th_buf.typeflag = type2; th_set_size(t, sz2); memset(buf, 0, T_BLOCKSIZE); return 0; } /* write a header block */ int th_write(TAR *t) { int i, j; char type2; uint64_t sz, sz2, total_sz = 0; char *ptr; char buf[T_BLOCKSIZE]; #ifdef DEBUG printf("==> th_write(TAR=\"%s\")\n", t->pathname); th_print(t); #endif if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL) { #ifdef DEBUG printf("th_write(): using gnu_longlink (\"%s\")\n", t->th_buf.gnu_longlink); #endif /* save old size and type */ type2 = t->th_buf.typeflag; sz2 = th_get_size(t); /* write out initial header block with fake size and type */ t->th_buf.typeflag = GNU_LONGLINK_TYPE; sz = strlen(t->th_buf.gnu_longlink); th_set_size(t, sz); th_finish(t); i = tar_block_write(t, &(t->th_buf)); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } /* write out extra blocks containing long name */ for (j = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0), ptr = t->th_buf.gnu_longlink; j > 1; j--, ptr += T_BLOCKSIZE) { i = tar_block_write(t, ptr); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } } memset(buf, 0, T_BLOCKSIZE); strncpy(buf, ptr, T_BLOCKSIZE); i = tar_block_write(t, &buf); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } /* reset type and size to original values */ t->th_buf.typeflag = type2; th_set_size(t, sz2); } if ((t->options & TAR_GNU) && t->th_buf.gnu_longname != NULL) { #ifdef DEBUG printf("th_write(): using gnu_longname (\"%s\")\n", t->th_buf.gnu_longname); #endif /* save old size and type */ type2 = t->th_buf.typeflag; sz2 = th_get_size(t); /* write out initial header block with fake size and type */ t->th_buf.typeflag = GNU_LONGNAME_TYPE; sz = strlen(t->th_buf.gnu_longname); th_set_size(t, sz); th_finish(t); i = tar_block_write(t, &(t->th_buf)); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } /* write out extra blocks containing long name */ for (j = (sz / T_BLOCKSIZE) + (sz % T_BLOCKSIZE ? 1 : 0), ptr = t->th_buf.gnu_longname; j > 1; j--, ptr += T_BLOCKSIZE) { i = tar_block_write(t, ptr); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } } memset(buf, 0, T_BLOCKSIZE); strncpy(buf, ptr, T_BLOCKSIZE); i = tar_block_write(t, &buf); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } /* reset type and size to original values */ t->th_buf.typeflag = type2; th_set_size(t, sz2); } memset(buf, 0, T_BLOCKSIZE); ptr = buf; #ifdef HAVE_SELINUX if((t->options & TAR_STORE_SELINUX) && t->th_buf.selinux_context != NULL) { #ifdef DEBUG printf("th_write(): using selinux_context (\"%s\")\n", t->th_buf.selinux_context); #endif /* setup size - EXT header has format "*size of this whole tag as ascii numbers* *space* *content* *newline* */ // size newline sz = SELINUX_TAG_LEN + strlen(t->th_buf.selinux_context) + 3 + 1; if(sz >= 100) // another ascci digit for size ++sz; total_sz += sz; snprintf(ptr, T_BLOCKSIZE, "%d "SELINUX_TAG"%s\n", (int)sz, t->th_buf.selinux_context); ptr += sz; } #endif #ifdef HAVE_EXT4_CRYPT if((t->options & TAR_STORE_EXT4_POL) && t->th_buf.e4crypt_policy != NULL) { #ifdef DEBUG printf("th_write(): using e4crypt_policy %s\n", t->th_buf.e4crypt_policy); #endif /* setup size - EXT header has format "*size of this whole tag as ascii numbers* *space* *content* *newline* */ // size newline sz = E4CRYPT_TAG_LEN + EXT4_KEY_DESCRIPTOR_HEX + 3 + 1; if(sz >= 100) // another ascci digit for size ++sz; if (total_sz + sz >= T_BLOCKSIZE) { if (th_write_extended(t, &buf, total_sz)) return -1; ptr = buf; total_sz = sz; } else total_sz += sz; snprintf(ptr, T_BLOCKSIZE, "%d "E4CRYPT_TAG"%s", (int)sz, t->th_buf.e4crypt_policy); char *nlptr = ptr + sz - 1; *nlptr = '\n'; ptr += sz; } #endif if((t->options & TAR_STORE_POSIX_CAP) && t->th_buf.has_cap_data) { #ifdef DEBUG printf("th_write(): has a posix capability\n"); #endif sz = CAPABILITIES_TAG_LEN + sizeof(struct vfs_cap_data) + 3 + 1; if(sz >= 100) // another ascci digit for size ++sz; if (total_sz + sz >= T_BLOCKSIZE) { if (th_write_extended(t, &buf, total_sz)) return -1; ptr = buf; total_sz = sz; } else total_sz += sz; snprintf(ptr, T_BLOCKSIZE, "%d "CAPABILITIES_TAG, (int)sz); memcpy(ptr + CAPABILITIES_TAG_LEN + 3, &t->th_buf.cap_data, sizeof(struct vfs_cap_data)); char *nlptr = ptr + sz - 1; *nlptr = '\n'; ptr += sz; } if (total_sz > 0 && th_write_extended(t, &buf, total_sz)) // write any outstanding tar extended header return -1; th_finish(t); #ifdef DEBUG /* print tar header */ th_print(t); #endif i = tar_block_write(t, &(t->th_buf)); if (i != T_BLOCKSIZE) { if (i != -1) errno = EINVAL; return -1; } #ifdef DEBUG puts("th_write(): returning 0"); #endif return 0; }