2 issues with tar
Denys Vlasenko
vda.linux at googlemail.com
Tue Mar 1 16:18:32 UTC 2011
On Monday 28 February 2011 09:23, Alexey Soloviev wrote:
> Hello,
> Met 2 problems with tar and wander if they are new or known.
>
> Issue 1: tar doesn't restore files or directories added with relative
> name starting with "../"
> Scenario:
> busybox tar -c -f archive.tar ../tobearchived
> busybox tar -xf archive.tar
> tar: name with '..' encountered: '../tobearchived'
>
> Gnu tar removes ../ from paths of archived files and directories, while
> busybox's tar doesn't.
> Should it be fixed?
> Note that archive created by busybox tar on the 1st step can be restored
> by gnu tar but not by busybox's.
Proposed patch.
function old new delta
get_header_tar 1493 1545 +52
--
vda
diff -ad -urpN busybox.7/archival/libarchive/get_header_tar.c busybox.8/archival/libarchive/get_header_tar.c
--- busybox.7/archival/libarchive/get_header_tar.c 2011-02-06 19:52:35.000000000 +0100
+++ busybox.8/archival/libarchive/get_header_tar.c 2011-03-01 17:16:49.000000000 +0100
@@ -422,11 +422,26 @@ char FAST_FUNC get_header_tar(archive_ha
p_linkname = NULL;
}
#endif
- if (strncmp(file_header->name, "/../"+1, 3) == 0
- || strstr(file_header->name, "/../")
- ) {
- bb_error_msg_and_die("name with '..' encountered: '%s'",
- file_header->name);
+ cp = file_header->name;
+ while (1) {
+ char *cp2;
+ if (strncmp(cp, "/../"+1, 3) == 0) {
+ cp += 3;
+ continue;
+ }
+ cp2 = strstr(cp, "/../");
+ if (cp2) {
+ cp = cp2 + 4;
+ continue;
+ }
+ break;
+ }
+ if (cp != file_header->name) {
+ if (!(archive_handle->ah_flags & ARCHIVE_TAR__TRUNC_WARNED)) {
+ archive_handle->ah_flags |= ARCHIVE_TAR__TRUNC_WARNED;
+ bb_error_msg("removing leading '%.*s'", (int)(cp - file_header->name), file_header->name);
+ }
+ overlapping_strcpy(file_header->name, cp);
}
/* Strip trailing '/' in directories */
diff -ad -urpN busybox.7/include/archive.h busybox.8/include/archive.h
--- busybox.7/include/archive.h 2011-02-06 20:01:03.000000000 +0100
+++ busybox.8/include/archive.h 2011-03-01 17:13:40.000000000 +0100
@@ -118,6 +118,8 @@ typedef struct archive_handle_t {
#define ARCHIVE_DONT_RESTORE_PERM (1 << 6)
#define ARCHIVE_NUMERIC_OWNER (1 << 7)
#define ARCHIVE_O_TRUNC (1 << 8)
+/* Archiver specific. */
+#define ARCHIVE_TAR__TRUNC_WARNED (1 << 9)
/* POSIX tar Header Block, from POSIX 1003.1-1990 */
diff -ad -urpN busybox.7/testsuite/tar.tests busybox.8/testsuite/tar.tests
--- busybox.7/testsuite/tar.tests 2011-02-06 20:02:10.000000000 +0100
+++ busybox.8/testsuite/tar.tests 2011-03-01 17:16:07.000000000 +0100
@@ -168,6 +168,23 @@ Ok
" \
"" ""
+# On extract, everything up to and including last ".." component is stripped
+testing "tar strips /../ on extract" "\
+rm -rf input_* test.tar 2>/dev/null
+mkdir input_dir
+echo Ok >input_dir/file
+tar cf test.tar ./../tar.tempdir/input_dir/../input_dir 2>&1
+rm -rf input_* 2>/dev/null
+tar -vxf test.tar 2>&1
+cat input_dir/file 2>&1
+" "\
+tar: removing leading './../tar.tempdir/input_dir/../'
+input_dir/
+input_dir/file
+Ok
+" \
+"" ""
+
cd .. && rm -rf tar.tempdir || exit 1
More information about the busybox
mailing list