2 * Copyright (c) 2003-2004 Tim Kientzle
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer
10 * in this position and unchanged.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include "bsdtar_platform.h"
28 __FBSDID("$FreeBSD: src/usr.bin/tar/read.c,v 1.26 2006/07/30 18:34:40 kientzle Exp $");
31 #include <sys/mkdev.h>
33 #include <sys/param.h>
35 #include <sys/types.h>
49 static void cleanup_security(struct bsdtar
*);
50 static void list_item_verbose(struct bsdtar
*, FILE *,
51 struct archive_entry
*);
52 static void read_archive(struct bsdtar
*bsdtar
, char mode
);
53 static int security_problem(struct bsdtar
*, struct archive_entry
*);
56 tar_mode_t(struct bsdtar
*bsdtar
)
58 read_archive(bsdtar
, 't');
62 tar_mode_x(struct bsdtar
*bsdtar
)
64 read_archive(bsdtar
, 'x');
68 * Handle 'x' and 't' modes.
71 read_archive(struct bsdtar
*bsdtar
, char mode
)
75 struct archive_entry
*entry
;
76 const struct stat
*st
;
79 while (*bsdtar
->argv
) {
80 include(bsdtar
, *bsdtar
->argv
);
84 if (bsdtar
->names_from_file
!= NULL
)
85 include_from_file(bsdtar
, bsdtar
->names_from_file
);
87 a
= archive_read_new();
88 archive_read_support_compression_all(a
);
89 archive_read_support_format_all(a
);
90 if (archive_read_open_file(a
, bsdtar
->filename
,
91 bsdtar
->bytes_per_block
!= 0 ? bsdtar
->bytes_per_block
:
92 DEFAULT_BYTES_PER_BLOCK
))
93 bsdtar_errc(bsdtar
, 1, 0, "Error opening archive: %s",
94 archive_error_string(a
));
98 /* Support --fast-read option */
99 if (bsdtar
->option_fast_read
&&
100 unmatched_inclusions(bsdtar
) == 0)
103 r
= archive_read_next_header(a
, &entry
);
104 if (r
== ARCHIVE_EOF
)
106 if (r
== ARCHIVE_WARN
)
107 bsdtar_warnc(bsdtar
, 0, "%s", archive_error_string(a
));
108 if (r
== ARCHIVE_FATAL
) {
109 bsdtar
->return_value
= 1;
110 bsdtar_warnc(bsdtar
, 0, "%s", archive_error_string(a
));
113 if (r
== ARCHIVE_RETRY
) {
114 /* Retryable error: try again */
115 bsdtar_warnc(bsdtar
, 0, "%s", archive_error_string(a
));
116 bsdtar_warnc(bsdtar
, 0, "Retrying...");
121 * Exclude entries that are too old.
123 st
= archive_entry_stat(entry
);
124 if (bsdtar
->newer_ctime_sec
> 0) {
125 if (st
->st_ctime
< bsdtar
->newer_ctime_sec
)
126 continue; /* Too old, skip it. */
127 if (st
->st_ctime
== bsdtar
->newer_ctime_sec
128 && ARCHIVE_STAT_CTIME_NANOS(st
)
129 <= bsdtar
->newer_ctime_nsec
)
130 continue; /* Too old, skip it. */
132 if (bsdtar
->newer_mtime_sec
> 0) {
133 if (st
->st_mtime
< bsdtar
->newer_mtime_sec
)
134 continue; /* Too old, skip it. */
135 if (st
->st_mtime
== bsdtar
->newer_mtime_sec
136 && ARCHIVE_STAT_MTIME_NANOS(st
)
137 <= bsdtar
->newer_mtime_nsec
)
138 continue; /* Too old, skip it. */
142 * Note that pattern exclusions are checked before
143 * pathname rewrites are handled. This gives more
144 * control over exclusions, since rewrites always lose
145 * information. (For example, consider a rewrite
146 * s/foo[0-9]/foo/. If we check exclusions after the
147 * rewrite, there would be no way to exclude foo1/bar
148 * while allowing foo2/bar.)
150 if (excluded(bsdtar
, archive_entry_pathname(entry
)))
151 continue; /* Excluded by a pattern test. */
154 * Modify the pathname as requested by the user. We
155 * do this for -t as well to give users a way to
156 * preview the effects of their rewrites. We also do
157 * this before extraction security checks (including
158 * leading '/' removal). Note that some rewrite
159 * failures prevent extraction.
161 if (edit_pathname(bsdtar
, entry
))
162 continue; /* Excluded by a rewrite failure. */
165 /* Perversely, gtar uses -O to mean "send to stderr"
166 * when used with -t. */
167 out
= bsdtar
->option_stdout
? stderr
: stdout
;
169 if (bsdtar
->verbose
< 2)
170 safe_fprintf(out
, "%s",
171 archive_entry_pathname(entry
));
173 list_item_verbose(bsdtar
, out
, entry
);
175 r
= archive_read_data_skip(a
);
176 if (r
== ARCHIVE_WARN
) {
178 bsdtar_warnc(bsdtar
, 0, "%s",
179 archive_error_string(a
));
181 if (r
== ARCHIVE_RETRY
) {
183 bsdtar_warnc(bsdtar
, 0, "%s",
184 archive_error_string(a
));
186 if (r
== ARCHIVE_FATAL
) {
188 bsdtar_warnc(bsdtar
, 0, "%s",
189 archive_error_string(a
));
195 * Skip security problems before prompting.
196 * Otherwise, the user may be confused that a
197 * file they wanted to extract was
198 * subsequently skipped.
200 if (security_problem(bsdtar
, entry
))
203 if (bsdtar
->option_interactive
&&
204 !yes("extract '%s'", archive_entry_pathname(entry
)))
208 * Format here is from SUSv2, including the
211 if (bsdtar
->verbose
) {
212 safe_fprintf(stderr
, "x %s",
213 archive_entry_pathname(entry
));
216 if (bsdtar
->option_stdout
) {
217 /* TODO: Catch/recover any errors here. */
218 archive_read_data_into_fd(a
, 1);
219 } else if (archive_read_extract(a
, entry
,
220 bsdtar
->extract_flags
)) {
221 if (!bsdtar
->verbose
)
222 safe_fprintf(stderr
, "%s",
223 archive_entry_pathname(entry
));
224 safe_fprintf(stderr
, ": %s",
225 archive_error_string(a
));
226 if (!bsdtar
->verbose
)
227 fprintf(stderr
, "\n");
229 * TODO: Decide how to handle
230 * extraction error... <sigh>
232 bsdtar
->return_value
= 1;
235 fprintf(stderr
, "\n");
239 if (bsdtar
->verbose
> 2)
240 fprintf(stdout
, "Archive Format: %s, Compression: %s\n",
241 archive_format_name(a
), archive_compression_name(a
));
243 archive_read_finish(a
);
244 cleanup_security(bsdtar
);
249 * Display information about the current file.
251 * The format here roughly duplicates the output of 'ls -l'.
252 * This is based on SUSv2, where 'tar tv' is documented as
253 * listing additional information in an "unspecified format,"
254 * and 'pax -l' is documented as using the same format as 'ls -l'.
257 list_item_verbose(struct bsdtar
*bsdtar
, FILE *out
, struct archive_entry
*entry
)
259 const struct stat
*st
;
267 st
= archive_entry_stat(entry
);
270 * We avoid collecting the entire list in memory at once by
271 * listing things as we see them. However, that also means we can't
272 * just pre-compute the field widths. Instead, we start with guesses
273 * and just widen them as necessary. These numbers are completely
276 if (!bsdtar
->u_width
) {
278 bsdtar
->gs_width
= 13;
282 bsdtar_strmode(entry
, tmp
);
283 fprintf(out
, "%s %d ", tmp
, (int)(st
->st_nlink
));
285 /* Use uname if it's present, else uid. */
286 p
= archive_entry_uname(entry
);
287 if ((p
== NULL
) || (*p
== '\0')) {
288 sprintf(tmp
, "%d ", st
->st_uid
);
292 if (w
> bsdtar
->u_width
)
294 fprintf(out
, "%-*s ", (int)bsdtar
->u_width
, p
);
296 /* Use gname if it's present, else gid. */
297 p
= archive_entry_gname(entry
);
298 if (p
!= NULL
&& p
[0] != '\0') {
299 fprintf(out
, "%s", p
);
302 sprintf(tmp
, "%d", st
->st_gid
);
304 fprintf(out
, "%s", tmp
);
308 * Print device number or file size, right-aligned so as to make
309 * total width of group and devnum/filesize fields be gs_width.
310 * If gs_width is too small, grow it.
312 if (S_ISCHR(st
->st_mode
) || S_ISBLK(st
->st_mode
)) {
313 sprintf(tmp
, "%d,%u",
315 (unsigned)minor(st
->st_rdev
)); /* ls(1) also casts here. */
318 * Note the use of platform-dependent macros to format
319 * the filesize here. We need the format string and the
320 * corresponding type for the cast.
322 sprintf(tmp
, BSDTAR_FILESIZE_PRINTF
,
323 (BSDTAR_FILESIZE_TYPE
)st
->st_size
);
325 if (w
+ strlen(tmp
) >= bsdtar
->gs_width
)
326 bsdtar
->gs_width
= w
+strlen(tmp
)+1;
327 fprintf(out
, "%*s", (int)(bsdtar
->gs_width
- w
), tmp
);
329 /* Format the time using 'ls -l' conventions. */
330 tim
= (time_t)st
->st_mtime
;
331 if (abs(tim
- now
) > (365/2)*86400)
332 fmt
= bsdtar
->day_first
? "%e %b %Y" : "%b %e %Y";
334 fmt
= bsdtar
->day_first
? "%e %b %R" : "%b %e %R";
335 strftime(tmp
, sizeof(tmp
), fmt
, localtime(&tim
));
336 fprintf(out
, " %s ", tmp
);
337 safe_fprintf(out
, "%s", archive_entry_pathname(entry
));
339 /* Extra information for links. */
340 if (archive_entry_hardlink(entry
)) /* Hard link */
341 safe_fprintf(out
, " link to %s",
342 archive_entry_hardlink(entry
));
343 else if (S_ISLNK(st
->st_mode
)) /* Symbolic link */
344 safe_fprintf(out
, " -> %s", archive_entry_symlink(entry
));
348 * Structure for storing path of last successful security check.
356 * Check for a variety of security issues. Fix what we can here,
357 * generate warnings as appropriate, return non-zero to prevent
358 * this entry from being extracted.
361 security_problem(struct bsdtar
*bsdtar
, struct archive_entry
*entry
)
364 const char *name
, *pn
;
368 /* -P option forces us to just accept all pathnames as-is. */
369 if (bsdtar
->option_absolute_paths
)
372 name
= archive_entry_pathname(entry
);
374 /* Reject any archive entry with '..' as a path element. */
376 while (pn
!= NULL
&& pn
[0] != '\0') {
377 if (pn
[0] == '.' && pn
[1] == '.' &&
378 (pn
[2] == '\0' || pn
[2] == '/')) {
379 bsdtar_warnc(bsdtar
, 0,
380 "Skipping pathname containing ..");
381 bsdtar
->return_value
= 1;
384 pn
= strchr(pn
, '/');
390 * Gaurd against symlink tricks. Reject any archive entry whose
391 * destination would be altered by a symlink.
393 /* XXX TODO: Make this faster by comparing current path to
394 * prefix of last successful check to avoid duplicate lstat()
397 if (bsdtar
->security
== NULL
) {
398 bsdtar
->security
= malloc(sizeof(*bsdtar
->security
));
399 if (bsdtar
->security
== NULL
)
400 bsdtar_errc(bsdtar
, 1, errno
, "No Memory");
401 bsdtar
->security
->path_size
= MAXPATHLEN
+ 1;
402 bsdtar
->security
->path
= malloc(bsdtar
->security
->path_size
);
403 if (bsdtar
->security
->path
== NULL
)
404 bsdtar_errc(bsdtar
, 1, errno
, "No Memory");
406 if (strlen(name
) >= bsdtar
->security
->path_size
) {
407 free(bsdtar
->security
->path
);
408 while (strlen(name
) >= bsdtar
->security
->path_size
)
409 bsdtar
->security
->path_size
*= 2;
410 bsdtar
->security
->path
= malloc(bsdtar
->security
->path_size
);
411 if (bsdtar
->security
->path
== NULL
)
412 bsdtar_errc(bsdtar
, 1, errno
, "No Memory");
414 p
= bsdtar
->security
->path
;
415 while (pn
!= NULL
&& pn
[0] != '\0') {
417 while (*pn
!= '\0' && *pn
!= '/')
420 r
= lstat(bsdtar
->security
->path
, &st
);
424 } else if (S_ISLNK(st
.st_mode
)) {
427 * Last element is symlink; remove it
428 * so we can overwrite it with the
429 * item being extracted.
431 if (!S_ISLNK(archive_entry_mode(entry
))) {
433 * Warn only if the symlink is being
434 * replaced with a non-symlink.
436 bsdtar_warnc(bsdtar
, 0,
437 "Removing symlink %s",
438 bsdtar
->security
->path
);
440 if (unlink(bsdtar
->security
->path
))
441 bsdtar_errc(bsdtar
, 1, errno
,
443 /* Symlink gone. No more problem! */
445 } else if (bsdtar
->option_unlink_first
) {
446 /* User asked us to remove problems. */
447 if (unlink(bsdtar
->security
->path
))
448 bsdtar_errc(bsdtar
, 1, errno
,
451 bsdtar_warnc(bsdtar
, 0,
452 "Cannot extract %s through symlink %s",
453 name
, bsdtar
->security
->path
);
454 bsdtar
->return_value
= 1;
464 cleanup_security(struct bsdtar
*bsdtar
)
466 if (bsdtar
->security
!= NULL
) {
467 free(bsdtar
->security
->path
);
468 free(bsdtar
->security
);