search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Make sure UFS disallows mknod()'s with type VDIR.
[dragonfly.git] / contrib / libarchive-2 / libarchive / archive_write_set_format_pax.c
blob89f89bc9f54b1af95a66c642e6ba42cd504e0789
1 /*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include "archive_platform.h"
27 __FBSDID("$FreeBSD: src/lib/libarchive/archive_write_set_format_pax.c,v 1.46 2008/03/15 11:04:45 kientzle Exp $");
28
29 #ifdef HAVE_ERRNO_H
30 #include <errno.h>
31 #endif
32 #ifdef HAVE_STDLIB_H
33 #include <stdlib.h>
34 #endif
35 #ifdef HAVE_STRING_H
36 #include <string.h>
37 #endif
38
39 #include "archive.h"
40 #include "archive_entry.h"
41 #include "archive_private.h"
42 #include "archive_write_private.h"
43
44 struct pax {
45 uint64_t entry_bytes_remaining;
46 uint64_t entry_padding;
47 struct archive_string pax_header;
48 };
49
50 static void add_pax_attr(struct archive_string *, const char *key,
51 const char *value);
52 static void add_pax_attr_int(struct archive_string *,
53 const char *key, int64_t value);
54 static void add_pax_attr_time(struct archive_string *,
55 const char *key, int64_t sec,
56 unsigned long nanos);
57 static void add_pax_attr_w(struct archive_string *,
58 const char *key, const wchar_t *wvalue);
59 static ssize_t archive_write_pax_data(struct archive_write *,
60 const void *, size_t);
61 static int archive_write_pax_finish(struct archive_write *);
62 static int archive_write_pax_destroy(struct archive_write *);
63 static int archive_write_pax_finish_entry(struct archive_write *);
64 static int archive_write_pax_header(struct archive_write *,
65 struct archive_entry *);
66 static char *base64_encode(const char *src, size_t len);
67 static char *build_pax_attribute_name(char *dest, const char *src);
68 static char *build_ustar_entry_name(char *dest, const char *src,
69 size_t src_length, const char *insert);
70 static char *format_int(char *dest, int64_t);
71 static int has_non_ASCII(const wchar_t *);
72 static char *url_encode(const char *in);
73 static int write_nulls(struct archive_write *, size_t);
74
75 /*
76 * Set output format to 'restricted pax' format.
77 *
78 * This is the same as normal 'pax', but tries to suppress
79 * the pax header whenever possible. This is the default for
80 * bsdtar, for instance.
81 */
82 int
83 archive_write_set_format_pax_restricted(struct archive *_a)
84 {
85 struct archive_write *a = (struct archive_write *)_a;
86 int r;
87 r = archive_write_set_format_pax(&a->archive);
88 a->archive.archive_format = ARCHIVE_FORMAT_TAR_PAX_RESTRICTED;
89 a->archive.archive_format_name = "restricted POSIX pax interchange";
90 return (r);
91 }
92
93 /*
94 * Set output format to 'pax' format.
95 */
96 int
97 archive_write_set_format_pax(struct archive *_a)
98 {
99 struct archive_write *a = (struct archive_write *)_a;
100 struct pax *pax;
101
102 if (a->format_destroy != NULL)
103 (a->format_destroy)(a);
104
105 pax = (struct pax *)malloc(sizeof(*pax));
106 if (pax == NULL) {
107 archive_set_error(&a->archive, ENOMEM, "Can't allocate pax data");
108 return (ARCHIVE_FATAL);
109 }
110 memset(pax, 0, sizeof(*pax));
111 a->format_data = pax;
112
113 a->pad_uncompressed = 1;
114 a->format_write_header = archive_write_pax_header;
115 a->format_write_data = archive_write_pax_data;
116 a->format_finish = archive_write_pax_finish;
117 a->format_destroy = archive_write_pax_destroy;
118 a->format_finish_entry = archive_write_pax_finish_entry;
119 a->archive.archive_format = ARCHIVE_FORMAT_TAR_PAX_INTERCHANGE;
120 a->archive.archive_format_name = "POSIX pax interchange";
121 return (ARCHIVE_OK);
122 }
123
124 /*
125 * Note: This code assumes that 'nanos' has the same sign as 'sec',
126 * which implies that sec=-1, nanos=200000000 represents -1.2 seconds
127 * and not -0.8 seconds. This is a pretty pedantic point, as we're
128 * unlikely to encounter many real files created before Jan 1, 1970,
129 * much less ones with timestamps recorded to sub-second resolution.
130 */
131 static void
132 add_pax_attr_time(struct archive_string *as, const char *key,
133 int64_t sec, unsigned long nanos)
134 {
135 int digit, i;
136 char *t;
137 /*
138 * Note that each byte contributes fewer than 3 base-10
139 * digits, so this will always be big enough.
140 */
141 char tmp[1 + 3*sizeof(sec) + 1 + 3*sizeof(nanos)];
142
143 tmp[sizeof(tmp) - 1] = 0;
144 t = tmp + sizeof(tmp) - 1;
145
146 /* Skip trailing zeros in the fractional part. */
147 for (digit = 0, i = 10; i > 0 && digit == 0; i--) {
148 digit = nanos % 10;
149 nanos /= 10;
150 }
151
152 /* Only format the fraction if it's non-zero. */
153 if (i > 0) {
154 while (i > 0) {
155 *--t = "0123456789"[digit];
156 digit = nanos % 10;
157 nanos /= 10;
158 i--;
159 }
160 *--t = '.';
161 }
162 t = format_int(t, sec);
163
164 add_pax_attr(as, key, t);
165 }
166
167 static char *
168 format_int(char *t, int64_t i)
169 {
170 int sign;
171
172 if (i < 0) {
173 sign = -1;
174 i = -i;
175 } else
176 sign = 1;
177
178 do {
179 *--t = "0123456789"[i % 10];
180 } while (i /= 10);
181 if (sign < 0)
182 *--t = '-';
183 return (t);
184 }
185
186 static void
187 add_pax_attr_int(struct archive_string *as, const char *key, int64_t value)
188 {
189 char tmp[1 + 3 * sizeof(value)];
190
191 tmp[sizeof(tmp) - 1] = 0;
192 add_pax_attr(as, key, format_int(tmp + sizeof(tmp) - 1, value));
193 }
194
195 static char *
196 utf8_encode(const wchar_t *wval)
197 {
198 int utf8len;
199 const wchar_t *wp;
200 unsigned long wc;
201 char *utf8_value, *p;
202
203 utf8len = 0;
204 for (wp = wval; *wp != L'\0'; ) {
205 wc = *wp++;
206 if (wc <= 0x7f)
207 utf8len++;
208 else if (wc <= 0x7ff)
209 utf8len += 2;
210 else if (wc <= 0xffff)
211 utf8len += 3;
212 else if (wc <= 0x1fffff)
213 utf8len += 4;
214 else if (wc <= 0x3ffffff)
215 utf8len += 5;
216 else if (wc <= 0x7fffffff)
217 utf8len += 6;
218 /* Ignore larger values; UTF-8 can't encode them. */
219 }
220
221 utf8_value = (char *)malloc(utf8len + 1);
222 if (utf8_value == NULL) {
223 __archive_errx(1, "Not enough memory for attributes");
224 return (NULL);
225 }
226
227 for (wp = wval, p = utf8_value; *wp != L'\0'; ) {
228 wc = *wp++;
229 if (wc <= 0x7f) {
230 *p++ = (char)wc;
231 } else if (wc <= 0x7ff) {
232 p[0] = 0xc0 | ((wc >> 6) & 0x1f);
233 p[1] = 0x80 | (wc & 0x3f);
234 p += 2;
235 } else if (wc <= 0xffff) {
236 p[0] = 0xe0 | ((wc >> 12) & 0x0f);
237 p[1] = 0x80 | ((wc >> 6) & 0x3f);
238 p[2] = 0x80 | (wc & 0x3f);
239 p += 3;
240 } else if (wc <= 0x1fffff) {
241 p[0] = 0xf0 | ((wc >> 18) & 0x07);
242 p[1] = 0x80 | ((wc >> 12) & 0x3f);
243 p[2] = 0x80 | ((wc >> 6) & 0x3f);
244 p[3] = 0x80 | (wc & 0x3f);
245 p += 4;
246 } else if (wc <= 0x3ffffff) {
247 p[0] = 0xf8 | ((wc >> 24) & 0x03);
248 p[1] = 0x80 | ((wc >> 18) & 0x3f);
249 p[2] = 0x80 | ((wc >> 12) & 0x3f);
250 p[3] = 0x80 | ((wc >> 6) & 0x3f);
251 p[4] = 0x80 | (wc & 0x3f);
252 p += 5;
253 } else if (wc <= 0x7fffffff) {
254 p[0] = 0xfc | ((wc >> 30) & 0x01);
255 p[1] = 0x80 | ((wc >> 24) & 0x3f);
256 p[1] = 0x80 | ((wc >> 18) & 0x3f);
257 p[2] = 0x80 | ((wc >> 12) & 0x3f);
258 p[3] = 0x80 | ((wc >> 6) & 0x3f);
259 p[4] = 0x80 | (wc & 0x3f);
260 p += 6;
261 }
262 /* Ignore larger values; UTF-8 can't encode them. */
263 }
264 *p = '\0';
265
266 return (utf8_value);
267 }
268
269 static void
270 add_pax_attr_w(struct archive_string *as, const char *key, const wchar_t *wval)
271 {
272 char *utf8_value = utf8_encode(wval);
273 if (utf8_value == NULL)
274 return;
275 add_pax_attr(as, key, utf8_value);
276 free(utf8_value);
277 }
278
279 /*
280 * Add a key/value attribute to the pax header. This function handles
281 * the length field and various other syntactic requirements.
282 */
283 static void
284 add_pax_attr(struct archive_string *as, const char *key, const char *value)
285 {
286 int digits, i, len, next_ten;
287 char tmp[1 + 3 * sizeof(int)]; /* < 3 base-10 digits per byte */
288
289 /*-
290 * PAX attributes have the following layout:
291 * <len> <space> <key> <=> <value> <nl>
292 */
293 len = 1 + strlen(key) + 1 + strlen(value) + 1;
294
295 /*
296 * The <len> field includes the length of the <len> field, so
297 * computing the correct length is tricky. I start by
298 * counting the number of base-10 digits in 'len' and
299 * computing the next higher power of 10.
300 */
301 next_ten = 1;
302 digits = 0;
303 i = len;
304 while (i > 0) {
305 i = i / 10;
306 digits++;
307 next_ten = next_ten * 10;
308 }
309 /*
310 * For example, if string without the length field is 99
311 * chars, then adding the 2 digit length "99" will force the
312 * total length past 100, requiring an extra digit. The next
313 * statement adjusts for this effect.
314 */
315 if (len + digits >= next_ten)
316 digits++;
317
318 /* Now, we have the right length so we can build the line. */
319 tmp[sizeof(tmp) - 1] = 0; /* Null-terminate the work area. */
320 archive_strcat(as, format_int(tmp + sizeof(tmp) - 1, len + digits));
321 archive_strappend_char(as, ' ');
322 archive_strcat(as, key);
323 archive_strappend_char(as, '=');
324 archive_strcat(as, value);
325 archive_strappend_char(as, '\n');
326 }
327
328 static void
329 archive_write_pax_header_xattrs(struct pax *pax, struct archive_entry *entry)
330 {
331 struct archive_string s;
332 int i = archive_entry_xattr_reset(entry);
333
334 while (i--) {
335 const char *name;
336 const void *value;
337 char *encoded_value;
338 char *url_encoded_name = NULL, *encoded_name = NULL;
339 wchar_t *wcs_name = NULL;
340 size_t size;
341
342 archive_entry_xattr_next(entry, &name, &value, &size);
343 /* Name is URL-encoded, then converted to wchar_t,
344 * then UTF-8 encoded. */
345 url_encoded_name = url_encode(name);
346 if (url_encoded_name != NULL) {
347 /* Convert narrow-character to wide-character. */
348 int wcs_length = strlen(url_encoded_name);
349 wcs_name = (wchar_t *)malloc((wcs_length + 1) * sizeof(wchar_t));
350 if (wcs_name == NULL)
351 __archive_errx(1, "No memory for xattr conversion");
352 mbstowcs(wcs_name, url_encoded_name, wcs_length);
353 wcs_name[wcs_length] = 0;
354 free(url_encoded_name); /* Done with this. */
355 }
356 if (wcs_name != NULL) {
357 encoded_name = utf8_encode(wcs_name);
358 free(wcs_name); /* Done with wchar_t name. */
359 }
360
361 encoded_value = base64_encode((const char *)value, size);
362
363 if (encoded_name != NULL && encoded_value != NULL) {
364 archive_string_init(&s);
365 archive_strcpy(&s, "LIBARCHIVE.xattr.");
366 archive_strcat(&s, encoded_name);
367 add_pax_attr(&(pax->pax_header), s.s, encoded_value);
368 archive_string_free(&s);
369 }
370 free(encoded_name);
371 free(encoded_value);
372 }
373 }
374
375 /*
376 * TODO: Consider adding 'comment' and 'charset' fields to
377 * archive_entry so that clients can specify them. Also, consider
378 * adding generic key/value tags so clients can add arbitrary
379 * key/value data.
380 */
381 static int
382 archive_write_pax_header(struct archive_write *a,
383 struct archive_entry *entry_original)
384 {
385 struct archive_entry *entry_main;
386 const char *p;
387 char *t;
388 const wchar_t *wp;
389 const char *suffix;
390 int need_extension, r, ret;
391 struct pax *pax;
392 const char *hdrcharset = NULL;
393 const char *hardlink;
394 const char *path = NULL, *linkpath = NULL;
395 const char *uname = NULL, *gname = NULL;
396 const wchar_t *path_w = NULL, *linkpath_w = NULL;
397 const wchar_t *uname_w = NULL, *gname_w = NULL;
398
399 char paxbuff[512];
400 char ustarbuff[512];
401 char ustar_entry_name[256];
402 char pax_entry_name[256];
403
404 ret = ARCHIVE_OK;
405 need_extension = 0;
406 pax = (struct pax *)a->format_data;
407
408 hardlink = archive_entry_hardlink(entry_original);
409
410 /* Make sure this is a type of entry that we can handle here */
411 if (hardlink == NULL) {
412 switch (archive_entry_filetype(entry_original)) {
413 case AE_IFBLK:
414 case AE_IFCHR:
415 case AE_IFIFO:
416 case AE_IFLNK:
417 case AE_IFREG:
418 break;
419 case AE_IFDIR:
420 /*
421 * Ensure a trailing '/'. Modify the original
422 * entry so the client sees the change.
423 */
424 p = archive_entry_pathname(entry_original);
425 if (p[strlen(p) - 1] != '/') {
426 t = (char *)malloc(strlen(p) + 2);
427 if (t == NULL) {
428 archive_set_error(&a->archive, ENOMEM,
429 "Can't allocate pax data");
430 return(ARCHIVE_FATAL);
431 }
432 strcpy(t, p);
433 strcat(t, "/");
434 archive_entry_copy_pathname(entry_original, t);
435 free(t);
436 }
437 break;
438 default:
439 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
440 "tar format cannot archive this (type=0%lo)",
441 (unsigned long)archive_entry_filetype(entry_original));
442 return (ARCHIVE_WARN);
443 }
444 }
445
446 /* Copy entry so we can modify it as needed. */
447 entry_main = archive_entry_clone(entry_original);
448 archive_string_empty(&(pax->pax_header)); /* Blank our work area. */
449
450 /*
451 * First, check the name fields and see if any of them
452 * require binary coding. If any of them does, then all of
453 * them do.
454 */
455 hdrcharset = NULL;
456 path = archive_entry_pathname(entry_main);
457 path_w = archive_entry_pathname_w(entry_main);
458 if (path != NULL && path_w == NULL) {
459 archive_set_error(&a->archive, EILSEQ,
460 "Can't translate pathname '%s' to UTF-8", path);
461 ret = ARCHIVE_WARN;
462 hdrcharset = "BINARY";
463 }
464 uname = archive_entry_uname(entry_main);
465 uname_w = archive_entry_uname_w(entry_main);
466 if (uname != NULL && uname_w == NULL) {
467 archive_set_error(&a->archive, EILSEQ,
468 "Can't translate uname '%s' to UTF-8", uname);
469 ret = ARCHIVE_WARN;
470 hdrcharset = "BINARY";
471 }
472 gname = archive_entry_gname(entry_main);
473 gname_w = archive_entry_gname_w(entry_main);
474 if (gname != NULL && gname_w == NULL) {
475 archive_set_error(&a->archive, EILSEQ,
476 "Can't translate gname '%s' to UTF-8", gname);
477 ret = ARCHIVE_WARN;
478 hdrcharset = "BINARY";
479 }
480 linkpath = hardlink;
481 if (linkpath != NULL) {
482 linkpath_w = archive_entry_hardlink_w(entry_main);
483 } else {
484 linkpath = archive_entry_symlink(entry_main);
485 if (linkpath != NULL)
486 linkpath_w = archive_entry_symlink_w(entry_main);
487 }
488 if (linkpath != NULL && linkpath_w == NULL) {
489 archive_set_error(&a->archive, EILSEQ,
490 "Can't translate linkpath '%s' to UTF-8", linkpath);
491 ret = ARCHIVE_WARN;
492 hdrcharset = "BINARY";
493 }
494
495 /* Store the header encoding first, to be nice to readers. */
496 if (hdrcharset != NULL)
497 add_pax_attr(&(pax->pax_header), "hdrcharset", hdrcharset);
498
499
500 /*
501 * If name is too long, or has non-ASCII characters, add
502 * 'path' to pax extended attrs. (Note that an unconvertible
503 * name must have non-ASCII characters.)
504 */
505 if (path == NULL) {
506 /* We don't have a narrow version, so we have to store
507 * the wide version. */
508 add_pax_attr_w(&(pax->pax_header), "path", path_w);
509 archive_entry_set_pathname(entry_main, "@WidePath");
510 need_extension = 1;
511 } else if (has_non_ASCII(path_w)) {
512 /* We have non-ASCII characters. */
513 if (path_w == NULL || hdrcharset != NULL) {
514 /* Can't do UTF-8, so store it raw. */
515 add_pax_attr(&(pax->pax_header), "path", path);
516 } else {
517 /* Store UTF-8 */
518 add_pax_attr_w(&(pax->pax_header),
519 "path", path_w);
520 }
521 archive_entry_set_pathname(entry_main,
522 build_ustar_entry_name(ustar_entry_name,
523 path, strlen(path), NULL));
524 need_extension = 1;
525 } else {
526 /* We have an all-ASCII path; we'd like to just store
527 * it in the ustar header if it will fit. Yes, this
528 * duplicates some of the logic in
529 * write_set_format_ustar.c
530 */
531 if (strlen(path) <= 100) {
532 /* Fits in the old 100-char tar name field. */
533 } else {
534 /* Find largest suffix that will fit. */
535 /* Note: strlen() > 100, so strlen() - 100 - 1 >= 0 */
536 suffix = strchr(path + strlen(path) - 100 - 1, '/');
537 /* Don't attempt an empty prefix. */
538 if (suffix == path)
539 suffix = strchr(suffix + 1, '/');
540 /* We can put it in the ustar header if it's
541 * all ASCII and it's either <= 100 characters
542 * or can be split at a '/' into a prefix <=
543 * 155 chars and a suffix <= 100 chars. (Note
544 * the strchr() above will return NULL exactly
545 * when the path can't be split.)
546 */
547 if (suffix == NULL /* Suffix > 100 chars. */
548 || suffix[1] == '\0' /* empty suffix */
549 || suffix - path > 155) /* Prefix > 155 chars */
550 {
551 if (path_w == NULL || hdrcharset != NULL) {
552 /* Can't do UTF-8, so store it raw. */
553 add_pax_attr(&(pax->pax_header),
554 "path", path);
555 } else {
556 /* Store UTF-8 */
557 add_pax_attr_w(&(pax->pax_header),
558 "path", path_w);
559 }
560 archive_entry_set_pathname(entry_main,
561 build_ustar_entry_name(ustar_entry_name,
562 path, strlen(path), NULL));
563 need_extension = 1;
564 }
565 }
566 }
567
568 if (linkpath != NULL) {
569 /* If link name is too long or has non-ASCII characters, add
570 * 'linkpath' to pax extended attrs. */
571 if (strlen(linkpath) > 100 || linkpath_w == NULL
572 || linkpath_w == NULL || has_non_ASCII(linkpath_w)) {
573 if (linkpath_w == NULL || hdrcharset != NULL)
574 /* If the linkpath is not convertible
575 * to wide, or we're encoding in
576 * binary anyway, store it raw. */
577 add_pax_attr(&(pax->pax_header),
578 "linkpath", linkpath);
579 else
580 /* If the link is long or has a
581 * non-ASCII character, store it as a
582 * pax extended attribute. */
583 add_pax_attr_w(&(pax->pax_header),
584 "linkpath", linkpath_w);
585 if (strlen(linkpath) > 100) {
586 if (hardlink != NULL)
587 archive_entry_set_hardlink(entry_main,
588 "././@LongHardLink");
589 else
590 archive_entry_set_symlink(entry_main,
591 "././@LongSymLink");
592 }
593 need_extension = 1;
594 }
595 }
596
597 /* If file size is too large, add 'size' to pax extended attrs. */
598 if (archive_entry_size(entry_main) >= (((int64_t)1) << 33)) {
599 add_pax_attr_int(&(pax->pax_header), "size",
600 archive_entry_size(entry_main));
601 need_extension = 1;
602 }
603
604 /* If numeric GID is too large, add 'gid' to pax extended attrs. */
605 if (archive_entry_gid(entry_main) >= (1 << 18)) {
606 add_pax_attr_int(&(pax->pax_header), "gid",
607 archive_entry_gid(entry_main));
608 need_extension = 1;
609 }
610
611 /* If group name is too large or has non-ASCII characters, add
612 * 'gname' to pax extended attrs. */
613 if (gname != NULL) {
614 if (strlen(gname) > 31
615 || gname_w == NULL
616 || has_non_ASCII(gname_w))
617 {
618 if (gname_w == NULL || hdrcharset != NULL) {
619 add_pax_attr(&(pax->pax_header),
620 "gname", gname);
621 } else {
622 add_pax_attr_w(&(pax->pax_header),
623 "gname", gname_w);
624 }
625 need_extension = 1;
626 }
627 }
628
629 /* If numeric UID is too large, add 'uid' to pax extended attrs. */
630 if (archive_entry_uid(entry_main) >= (1 << 18)) {
631 add_pax_attr_int(&(pax->pax_header), "uid",
632 archive_entry_uid(entry_main));
633 need_extension = 1;
634 }
635
636 /* Add 'uname' to pax extended attrs if necessary. */
637 if (uname != NULL) {
638 if (strlen(uname) > 31
639 || uname_w == NULL
640 || has_non_ASCII(uname_w))
641 {
642 if (uname_w == NULL || hdrcharset != NULL) {
643 add_pax_attr(&(pax->pax_header),
644 "uname", uname);
645 } else {
646 add_pax_attr_w(&(pax->pax_header),
647 "uname", uname_w);
648 }
649 need_extension = 1;
650 }
651 }
652
653 /*
654 * POSIX/SUSv3 doesn't provide a standard key for large device
655 * numbers. I use the same keys here that Joerg Schilling
656 * used for 'star.' (Which, somewhat confusingly, are called
657 * "devXXX" even though they code "rdev" values.) No doubt,
658 * other implementations use other keys. Note that there's no
659 * reason we can't write the same information into a number of
660 * different keys.
661 *
662 * Of course, this is only needed for block or char device entries.
663 */
664 if (archive_entry_filetype(entry_main) == AE_IFBLK
665 || archive_entry_filetype(entry_main) == AE_IFCHR) {
666 /*
667 * If rdevmajor is too large, add 'SCHILY.devmajor' to
668 * extended attributes.
669 */
670 dev_t rdevmajor, rdevminor;
671 rdevmajor = archive_entry_rdevmajor(entry_main);
672 rdevminor = archive_entry_rdevminor(entry_main);
673 if (rdevmajor >= (1 << 18)) {
674 add_pax_attr_int(&(pax->pax_header), "SCHILY.devmajor",
675 rdevmajor);
676 /*
677 * Non-strict formatting below means we don't
678 * have to truncate here. Not truncating improves
679 * the chance that some more modern tar archivers
680 * (such as GNU tar 1.13) can restore the full
681 * value even if they don't understand the pax
682 * extended attributes. See my rant below about
683 * file size fields for additional details.
684 */
685 /* archive_entry_set_rdevmajor(entry_main,
686 rdevmajor & ((1 << 18) - 1)); */
687 need_extension = 1;
688 }
689
690 /*
691 * If devminor is too large, add 'SCHILY.devminor' to
692 * extended attributes.
693 */
694 if (rdevminor >= (1 << 18)) {
695 add_pax_attr_int(&(pax->pax_header), "SCHILY.devminor",
696 rdevminor);
697 /* Truncation is not necessary here, either. */
698 /* archive_entry_set_rdevminor(entry_main,
699 rdevminor & ((1 << 18) - 1)); */
700 need_extension = 1;
701 }
702 }
703
704 /*
705 * Technically, the mtime field in the ustar header can
706 * support 33 bits, but many platforms use signed 32-bit time
707 * values. The cutoff of 0x7fffffff here is a compromise.
708 * Yes, this check is duplicated just below; this helps to
709 * avoid writing an mtime attribute just to handle a
710 * high-resolution timestamp in "restricted pax" mode.
711 */
712 if (!need_extension &&
713 ((archive_entry_mtime(entry_main) < 0)
714 || (archive_entry_mtime(entry_main) >= 0x7fffffff)))
715 need_extension = 1;
716
717 /* I use a star-compatible file flag attribute. */
718 p = archive_entry_fflags_text(entry_main);
719 if (!need_extension && p != NULL && *p != '\0')
720 need_extension = 1;
721
722 /* If there are non-trivial ACL entries, we need an extension. */
723 if (!need_extension && archive_entry_acl_count(entry_original,
724 ARCHIVE_ENTRY_ACL_TYPE_ACCESS) > 0)
725 need_extension = 1;
726
727 /* If there are non-trivial ACL entries, we need an extension. */
728 if (!need_extension && archive_entry_acl_count(entry_original,
729 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) > 0)
730 need_extension = 1;
731
732 /* If there are extended attributes, we need an extension */
733 if (!need_extension && archive_entry_xattr_count(entry_original) > 0)
734 need_extension = 1;
735
736 /*
737 * The following items are handled differently in "pax
738 * restricted" format. In particular, in "pax restricted"
739 * format they won't be added unless need_extension is
740 * already set (we're already generating an extended header, so
741 * may as well include these).
742 */
743 if (a->archive.archive_format != ARCHIVE_FORMAT_TAR_PAX_RESTRICTED ||
744 need_extension) {
745
746 if (archive_entry_mtime(entry_main) < 0 ||
747 archive_entry_mtime(entry_main) >= 0x7fffffff ||
748 archive_entry_mtime_nsec(entry_main) != 0)
749 add_pax_attr_time(&(pax->pax_header), "mtime",
750 archive_entry_mtime(entry_main),
751 archive_entry_mtime_nsec(entry_main));
752
753 if (archive_entry_ctime(entry_main) != 0 ||
754 archive_entry_ctime_nsec(entry_main) != 0)
755 add_pax_attr_time(&(pax->pax_header), "ctime",
756 archive_entry_ctime(entry_main),
757 archive_entry_ctime_nsec(entry_main));
758
759 if (archive_entry_atime(entry_main) != 0 ||
760 archive_entry_atime_nsec(entry_main) != 0)
761 add_pax_attr_time(&(pax->pax_header), "atime",
762 archive_entry_atime(entry_main),
763 archive_entry_atime_nsec(entry_main));
764
765 /* I use a star-compatible file flag attribute. */
766 p = archive_entry_fflags_text(entry_main);
767 if (p != NULL && *p != '\0')
768 add_pax_attr(&(pax->pax_header), "SCHILY.fflags", p);
769
770 /* I use star-compatible ACL attributes. */
771 wp = archive_entry_acl_text_w(entry_original,
772 ARCHIVE_ENTRY_ACL_TYPE_ACCESS |
773 ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID);
774 if (wp != NULL && *wp != L'\0')
775 add_pax_attr_w(&(pax->pax_header),
776 "SCHILY.acl.access", wp);
777 wp = archive_entry_acl_text_w(entry_original,
778 ARCHIVE_ENTRY_ACL_TYPE_DEFAULT |
779 ARCHIVE_ENTRY_ACL_STYLE_EXTRA_ID);
780 if (wp != NULL && *wp != L'\0')
781 add_pax_attr_w(&(pax->pax_header),
782 "SCHILY.acl.default", wp);
783
784 /* Include star-compatible metadata info. */
785 /* Note: "SCHILY.dev{major,minor}" are NOT the
786 * major/minor portions of "SCHILY.dev". */
787 add_pax_attr_int(&(pax->pax_header), "SCHILY.dev",
788 archive_entry_dev(entry_main));
789 add_pax_attr_int(&(pax->pax_header), "SCHILY.ino",
790 archive_entry_ino(entry_main));
791 add_pax_attr_int(&(pax->pax_header), "SCHILY.nlink",
792 archive_entry_nlink(entry_main));
793
794 /* Store extended attributes */
795 archive_write_pax_header_xattrs(pax, entry_original);
796 }
797
798 /* Only regular files have data. */
799 if (archive_entry_filetype(entry_main) != AE_IFREG)
800 archive_entry_set_size(entry_main, 0);
801
802 /*
803 * Pax-restricted does not store data for hardlinks, in order
804 * to improve compatibility with ustar.
805 */
806 if (a->archive.archive_format != ARCHIVE_FORMAT_TAR_PAX_INTERCHANGE &&
807 hardlink != NULL)
808 archive_entry_set_size(entry_main, 0);
809
810 /*
811 * XXX Full pax interchange format does permit a hardlink
812 * entry to have data associated with it. I'm not supporting
813 * that here because the client expects me to tell them whether
814 * or not this format expects data for hardlinks. If I
815 * don't check here, then every pax archive will end up with
816 * duplicated data for hardlinks. Someday, there may be
817 * need to select this behavior, in which case the following
818 * will need to be revisited. XXX
819 */
820 if (hardlink != NULL)
821 archive_entry_set_size(entry_main, 0);
822
823 /* Format 'ustar' header for main entry.
824 *
825 * The trouble with file size: If the reader can't understand
826 * the file size, they may not be able to locate the next
827 * entry and the rest of the archive is toast. Pax-compliant
828 * readers are supposed to ignore the file size in the main
829 * header, so the question becomes how to maximize portability
830 * for readers that don't support pax attribute extensions.
831 * For maximum compatibility, I permit numeric extensions in
832 * the main header so that the file size stored will always be
833 * correct, even if it's in a format that only some
834 * implementations understand. The technique used here is:
835 *
836 * a) If possible, follow the standard exactly. This handles
837 * files up to 8 gigabytes minus 1.
838 *
839 * b) If that fails, try octal but omit the field terminator.
840 * That handles files up to 64 gigabytes minus 1.
841 *
842 * c) Otherwise, use base-256 extensions. That handles files
843 * up to 2^63 in this implementation, with the potential to
844 * go up to 2^94. That should hold us for a while. ;-)
845 *
846 * The non-strict formatter uses similar logic for other
847 * numeric fields, though they're less critical.
848 */
849 __archive_write_format_header_ustar(a, ustarbuff, entry_main, -1, 0);
850
851 /* If we built any extended attributes, write that entry first. */
852 if (archive_strlen(&(pax->pax_header)) > 0) {
853 struct archive_entry *pax_attr_entry;
854 time_t s;
855 uid_t uid;
856 gid_t gid;
857 mode_t mode;
858 long ns;
859
860 pax_attr_entry = archive_entry_new();
861 p = archive_entry_pathname(entry_main);
862 archive_entry_set_pathname(pax_attr_entry,
863 build_pax_attribute_name(pax_entry_name, p));
864 archive_entry_set_size(pax_attr_entry,
865 archive_strlen(&(pax->pax_header)));
866 /* Copy uid/gid (but clip to ustar limits). */
867 uid = archive_entry_uid(entry_main);
868 if (uid >= 1 << 18)
869 uid = (1 << 18) - 1;
870 archive_entry_set_uid(pax_attr_entry, uid);
871 gid = archive_entry_gid(entry_main);
872 if (gid >= 1 << 18)
873 gid = (1 << 18) - 1;
874 archive_entry_set_gid(pax_attr_entry, gid);
875 /* Copy mode over (but not setuid/setgid bits) */
876 mode = archive_entry_mode(entry_main);
877 #ifdef S_ISUID
878 mode &= ~S_ISUID;
879 #endif
880 #ifdef S_ISGID
881 mode &= ~S_ISGID;
882 #endif
883 #ifdef S_ISVTX
884 mode &= ~S_ISVTX;
885 #endif
886 archive_entry_set_mode(pax_attr_entry, mode);
887
888 /* Copy uname/gname. */
889 archive_entry_set_uname(pax_attr_entry,
890 archive_entry_uname(entry_main));
891 archive_entry_set_gname(pax_attr_entry,
892 archive_entry_gname(entry_main));
893
894 /* Copy mtime, but clip to ustar limits. */
895 s = archive_entry_mtime(entry_main);
896 ns = archive_entry_mtime_nsec(entry_main);
897 if (s < 0) { s = 0; ns = 0; }
898 if (s > 0x7fffffff) { s = 0x7fffffff; ns = 0; }
899 archive_entry_set_mtime(pax_attr_entry, s, ns);
900
901 /* Ditto for atime. */
902 s = archive_entry_atime(entry_main);
903 ns = archive_entry_atime_nsec(entry_main);
904 if (s < 0) { s = 0; ns = 0; }
905 if (s > 0x7fffffff) { s = 0x7fffffff; ns = 0; }
906 archive_entry_set_atime(pax_attr_entry, s, ns);
907
908 /* Standard ustar doesn't support ctime. */
909 archive_entry_set_ctime(pax_attr_entry, 0, 0);
910
911 r = __archive_write_format_header_ustar(a, paxbuff,
912 pax_attr_entry, 'x', 1);
913
914 archive_entry_free(pax_attr_entry);
915
916 /* Note that the 'x' header shouldn't ever fail to format */
917 if (r != 0) {
918 const char *msg = "archive_write_pax_header: "
919 "'x' header failed?! This can't happen.\n";
920 write(2, msg, strlen(msg));
921 exit(1);
922 }
923 r = (a->compressor.write)(a, paxbuff, 512);
924 if (r != ARCHIVE_OK) {
925 pax->entry_bytes_remaining = 0;
926 pax->entry_padding = 0;
927 return (ARCHIVE_FATAL);
928 }
929
930 pax->entry_bytes_remaining = archive_strlen(&(pax->pax_header));
931 pax->entry_padding = 0x1ff & (-(int64_t)pax->entry_bytes_remaining);
932
933 r = (a->compressor.write)(a, pax->pax_header.s,
934 archive_strlen(&(pax->pax_header)));
935 if (r != ARCHIVE_OK) {
936 /* If a write fails, we're pretty much toast. */
937 return (ARCHIVE_FATAL);
938 }
939 /* Pad out the end of the entry. */
940 r = write_nulls(a, pax->entry_padding);
941 if (r != ARCHIVE_OK) {
942 /* If a write fails, we're pretty much toast. */
943 return (ARCHIVE_FATAL);
944 }
945 pax->entry_bytes_remaining = pax->entry_padding = 0;
946 }
947
948 /* Write the header for main entry. */
949 r = (a->compressor.write)(a, ustarbuff, 512);
950 if (r != ARCHIVE_OK)
951 return (r);
952
953 /*
954 * Inform the client of the on-disk size we're using, so
955 * they can avoid unnecessarily writing a body for something
956 * that we're just going to ignore.
957 */
958 archive_entry_set_size(entry_original, archive_entry_size(entry_main));
959 pax->entry_bytes_remaining = archive_entry_size(entry_main);
960 pax->entry_padding = 0x1ff & (-(int64_t)pax->entry_bytes_remaining);
961 archive_entry_free(entry_main);
962
963 return (ret);
964 }
965
966 /*
967 * We need a valid name for the regular 'ustar' entry. This routine
968 * tries to hack something more-or-less reasonable.
969 *
970 * The approach here tries to preserve leading dir names. We do so by
971 * working with four sections:
972 * 1) "prefix" directory names,
973 * 2) "suffix" directory names,
974 * 3) inserted dir name (optional),
975 * 4) filename.
976 *
977 * These sections must satisfy the following requirements:
978 * * Parts 1 & 2 together form an initial portion of the dir name.
979 * * Part 3 is specified by the caller. (It should not contain a leading
980 * or trailing '/'.)
981 * * Part 4 forms an initial portion of the base filename.
982 * * The filename must be <= 99 chars to fit the ustar 'name' field.
983 * * Parts 2, 3, 4 together must be <= 99 chars to fit the ustar 'name' fld.
984 * * Part 1 must be <= 155 chars to fit the ustar 'prefix' field.
985 * * If the original name ends in a '/', the new name must also end in a '/'
986 * * Trailing '/.' sequences may be stripped.
987 *
988 * Note: Recall that the ustar format does not store the '/' separating
989 * parts 1 & 2, but does store the '/' separating parts 2 & 3.
990 */
991 static char *
992 build_ustar_entry_name(char *dest, const char *src, size_t src_length,
993 const char *insert)
994 {
995 const char *prefix, *prefix_end;
996 const char *suffix, *suffix_end;
997 const char *filename, *filename_end;
998 char *p;
999 int need_slash = 0; /* Was there a trailing slash? */
1000 size_t suffix_length = 99;
1001 int insert_length;
1002
1003 /* Length of additional dir element to be added. */
1004 if (insert == NULL)
1005 insert_length = 0;
1006 else
1007 /* +2 here allows for '/' before and after the insert. */
1008 insert_length = strlen(insert) + 2;
1009
1010 /* Step 0: Quick bailout in a common case. */
1011 if (src_length < 100 && insert == NULL) {
1012 strncpy(dest, src, src_length);
1013 dest[src_length] = '\0';
1014 return (dest);
1015 }
1016
1017 /* Step 1: Locate filename and enforce the length restriction. */
1018 filename_end = src + src_length;
1019 /* Remove trailing '/' chars and '/.' pairs. */
1020 for (;;) {
1021 if (filename_end > src && filename_end[-1] == '/') {
1022 filename_end --;
1023 need_slash = 1; /* Remember to restore trailing '/'. */
1024 continue;
1025 }
1026 if (filename_end > src + 1 && filename_end[-1] == '.'
1027 && filename_end[-2] == '/') {
1028 filename_end -= 2;
1029 need_slash = 1; /* "foo/." will become "foo/" */
1030 continue;
1031 }
1032 break;
1033 }
1034 if (need_slash)
1035 suffix_length--;
1036 /* Find start of filename. */
1037 filename = filename_end - 1;
1038 while ((filename > src) && (*filename != '/'))
1039 filename --;
1040 if ((*filename == '/') && (filename < filename_end - 1))
1041 filename ++;
1042 /* Adjust filename_end so that filename + insert fits in 99 chars. */
1043 suffix_length -= insert_length;
1044 if (filename_end > filename + suffix_length)
1045 filename_end = filename + suffix_length;
1046 /* Calculate max size for "suffix" section (#3 above). */
1047 suffix_length -= filename_end - filename;
1048
1049 /* Step 2: Locate the "prefix" section of the dirname, including
1050 * trailing '/'. */
1051 prefix = src;
1052 prefix_end = prefix + 155;
1053 if (prefix_end > filename)
1054 prefix_end = filename;
1055 while (prefix_end > prefix && *prefix_end != '/')
1056 prefix_end--;
1057 if ((prefix_end < filename) && (*prefix_end == '/'))
1058 prefix_end++;
1059
1060 /* Step 3: Locate the "suffix" section of the dirname,
1061 * including trailing '/'. */
1062 suffix = prefix_end;
1063 suffix_end = suffix + suffix_length; /* Enforce limit. */
1064 if (suffix_end > filename)
1065 suffix_end = filename;
1066 if (suffix_end < suffix)
1067 suffix_end = suffix;
1068 while (suffix_end > suffix && *suffix_end != '/')
1069 suffix_end--;
1070 if ((suffix_end < filename) && (*suffix_end == '/'))
1071 suffix_end++;
1072
1073 /* Step 4: Build the new name. */
1074 /* The OpenBSD strlcpy function is safer, but less portable. */
1075 /* Rather than maintain two versions, just use the strncpy version. */
1076 p = dest;
1077 if (prefix_end > prefix) {
1078 strncpy(p, prefix, prefix_end - prefix);
1079 p += prefix_end - prefix;
1080 }
1081 if (suffix_end > suffix) {
1082 strncpy(p, suffix, suffix_end - suffix);
1083 p += suffix_end - suffix;
1084 }
1085 if (insert != NULL) {
1086 /* Note: assume insert does not have leading or trailing '/' */
1087 strcpy(p, insert);
1088 p += strlen(insert);
1089 *p++ = '/';
1090 }
1091 strncpy(p, filename, filename_end - filename);
1092 p += filename_end - filename;
1093 if (need_slash)
1094 *p++ = '/';
1095 *p++ = '\0';
1096
1097 return (dest);
1098 }
1099
1100 /*
1101 * The ustar header for the pax extended attributes must have a
1102 * reasonable name: SUSv3 requires 'dirname'/PaxHeader.'pid'/'filename'
1103 * where 'pid' is the PID of the archiving process. Unfortunately,
1104 * that makes testing a pain since the output varies for each run,
1105 * so I'm sticking with the simpler 'dirname'/PaxHeader/'filename'
1106 * for now. (Someday, I'll make this settable. Then I can use the
1107 * SUS recommendation as default and test harnesses can override it
1108 * to get predictable results.)
1109 *
1110 * Joerg Schilling has argued that this is unnecessary because, in
1111 * practice, if the pax extended attributes get extracted as regular
1112 * files, noone is going to bother reading those attributes to
1113 * manually restore them. Based on this, 'star' uses
1114 * /tmp/PaxHeader/'basename' as the ustar header name. This is a
1115 * tempting argument, in part because it's simpler than the SUSv3
1116 * recommendation, but I'm not entirely convinced. I'm also
1117 * uncomfortable with the fact that "/tmp" is a Unix-ism.
1118 *
1119 * The following routine leverages build_ustar_entry_name() above and
1120 * so is simpler than you might think. It just needs to provide the
1121 * additional path element and handle a few pathological cases).
1122 */
1123 static char *
1124 build_pax_attribute_name(char *dest, const char *src)
1125 {
1126 char buff[64];
1127 const char *p;
1128
1129 /* Handle the null filename case. */
1130 if (src == NULL || *src == '\0') {
1131 strcpy(dest, "PaxHeader/blank");
1132 return (dest);
1133 }
1134
1135 /* Prune final '/' and other unwanted final elements. */
1136 p = src + strlen(src);
1137 for (;;) {
1138 /* Ends in "/", remove the '/' */
1139 if (p > src && p[-1] == '/') {
1140 --p;
1141 continue;
1142 }
1143 /* Ends in "/.", remove the '.' */
1144 if (p > src + 1 && p[-1] == '.'
1145 && p[-2] == '/') {
1146 --p;
1147 continue;
1148 }
1149 break;
1150 }
1151
1152 /* Pathological case: After above, there was nothing left.
1153 * This includes "/." "/./." "/.//./." etc. */
1154 if (p == src) {
1155 strcpy(dest, "/PaxHeader/rootdir");
1156 return (dest);
1157 }
1158
1159 /* Convert unadorned "." into a suitable filename. */
1160 if (*src == '.' && p == src + 1) {
1161 strcpy(dest, "PaxHeader/currentdir");
1162 return (dest);
1163 }
1164
1165 /*
1166 * TODO: Push this string into the 'pax' structure to avoid
1167 * recomputing it every time. That will also open the door
1168 * to having clients override it.
1169 */
1170 #if HAVE_GETPID && 0 /* Disable this for now; see above comment. */
1171 sprintf(buff, "PaxHeader.%d", getpid());
1172 #else
1173 /* If the platform can't fetch the pid, don't include it. */
1174 strcpy(buff, "PaxHeader");
1175 #endif
1176 /* General case: build a ustar-compatible name adding "/PaxHeader/". */
1177 build_ustar_entry_name(dest, src, p - src, buff);
1178
1179 return (dest);
1180 }
1181
1182 /* Write two null blocks for the end of archive */
1183 static int
1184 archive_write_pax_finish(struct archive_write *a)
1185 {
1186 struct pax *pax;
1187 int r;
1188
1189 if (a->compressor.write == NULL)
1190 return (ARCHIVE_OK);
1191
1192 pax = (struct pax *)a->format_data;
1193 r = write_nulls(a, 512 * 2);
1194 return (r);
1195 }
1196
1197 static int
1198 archive_write_pax_destroy(struct archive_write *a)
1199 {
1200 struct pax *pax;
1201
1202 pax = (struct pax *)a->format_data;
1203 archive_string_free(&pax->pax_header);
1204 free(pax);
1205 a->format_data = NULL;
1206 return (ARCHIVE_OK);
1207 }
1208
1209 static int
1210 archive_write_pax_finish_entry(struct archive_write *a)
1211 {
1212 struct pax *pax;
1213 int ret;
1214
1215 pax = (struct pax *)a->format_data;
1216 ret = write_nulls(a, pax->entry_bytes_remaining + pax->entry_padding);
1217 pax->entry_bytes_remaining = pax->entry_padding = 0;
1218 return (ret);
1219 }
1220
1221 static int
1222 write_nulls(struct archive_write *a, size_t padding)
1223 {
1224 int ret, to_write;
1225
1226 while (padding > 0) {
1227 to_write = padding < a->null_length ? padding : a->null_length;
1228 ret = (a->compressor.write)(a, a->nulls, to_write);
1229 if (ret != ARCHIVE_OK)
1230 return (ret);
1231 padding -= to_write;
1232 }
1233 return (ARCHIVE_OK);
1234 }
1235
1236 static ssize_t
1237 archive_write_pax_data(struct archive_write *a, const void *buff, size_t s)
1238 {
1239 struct pax *pax;
1240 int ret;
1241
1242 pax = (struct pax *)a->format_data;
1243 if (s > pax->entry_bytes_remaining)
1244 s = pax->entry_bytes_remaining;
1245
1246 ret = (a->compressor.write)(a, buff, s);
1247 pax->entry_bytes_remaining -= s;
1248 if (ret == ARCHIVE_OK)
1249 return (s);
1250 else
1251 return (ret);
1252 }
1253
1254 static int
1255 has_non_ASCII(const wchar_t *wp)
1256 {
1257 if (wp == NULL)
1258 return (1);
1259 while (*wp != L'\0' && *wp < 128)
1260 wp++;
1261 return (*wp != L'\0');
1262 }
1263
1264 /*
1265 * Used by extended attribute support; encodes the name
1266 * so that there will be no '=' characters in the result.
1267 */
1268 static char *
1269 url_encode(const char *in)
1270 {
1271 const char *s;
1272 char *d;
1273 int out_len = 0;
1274 char *out;
1275
1276 for (s = in; *s != '\0'; s++) {
1277 if (*s < 33 || *s > 126 || *s == '%' || *s == '=')
1278 out_len += 3;
1279 else
1280 out_len++;
1281 }
1282
1283 out = (char *)malloc(out_len + 1);
1284 if (out == NULL)
1285 return (NULL);
1286
1287 for (s = in, d = out; *s != '\0'; s++) {
1288 /* encode any non-printable ASCII character or '%' or '=' */
1289 if (*s < 33 || *s > 126 || *s == '%' || *s == '=') {
1290 /* URL encoding is '%' followed by two hex digits */
1291 *d++ = '%';
1292 *d++ = "0123456789ABCDEF"[0x0f & (*s >> 4)];
1293 *d++ = "0123456789ABCDEF"[0x0f & *s];
1294 } else {
1295 *d++ = *s;
1296 }
1297 }
1298 *d = '\0';
1299 return (out);
1300 }
1301
1302 /*
1303 * Encode a sequence of bytes into a C string using base-64 encoding.
1304 *
1305 * Returns a null-terminated C string allocated with malloc(); caller
1306 * is responsible for freeing the result.
1307 */
1308 static char *
1309 base64_encode(const char *s, size_t len)
1310 {
1311 static const char digits[64] =
1312 { 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O',
1313 'P','Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d',
1314 'e','f','g','h','i','j','k','l','m','n','o','p','q','r','s',
1315 't','u','v','w','x','y','z','0','1','2','3','4','5','6','7',
1316 '8','9','+','/' };
1317 int v;
1318 char *d, *out;
1319
1320 /* 3 bytes becomes 4 chars, but round up and allow for trailing NUL */
1321 out = (char *)malloc((len * 4 + 2) / 3 + 1);
1322 if (out == NULL)
1323 return (NULL);
1324 d = out;
1325
1326 /* Convert each group of 3 bytes into 4 characters. */
1327 while (len >= 3) {
1328 v = (((int)s[0] << 16) & 0xff0000)
1329 | (((int)s[1] << 8) & 0xff00)
1330 | (((int)s[2]) & 0x00ff);
1331 s += 3;
1332 len -= 3;
1333 *d++ = digits[(v >> 18) & 0x3f];
1334 *d++ = digits[(v >> 12) & 0x3f];
1335 *d++ = digits[(v >> 6) & 0x3f];
1336 *d++ = digits[(v) & 0x3f];
1337 }
1338 /* Handle final group of 1 byte (2 chars) or 2 bytes (3 chars). */
1339 switch (len) {
1340 case 0: break;
1341 case 1:
1342 v = (((int)s[0] << 16) & 0xff0000);
1343 *d++ = digits[(v >> 18) & 0x3f];
1344 *d++ = digits[(v >> 12) & 0x3f];
1345 break;
1346 case 2:
1347 v = (((int)s[0] << 16) & 0xff0000)
1348 | (((int)s[1] << 8) & 0xff00);
1349 *d++ = digits[(v >> 18) & 0x3f];
1350 *d++ = digits[(v >> 12) & 0x3f];
1351 *d++ = digits[(v >> 6) & 0x3f];
1352 break;
1353 }
1354 /* Add trailing NUL character so output is a valid C string. */
1355 *d++ = '\0';
1356 return (out);
1357 }
DragonFly BSD