2 issues with tar
Alexander Shishkin
virtuoso at slind.org
Tue Mar 1 20:14:01 UTC 2011
On 1 March 2011 18:18, Denys Vlasenko <vda.linux at googlemail.com> wrote:
> On Monday 28 February 2011 09:23, Alexey Soloviev wrote:
>> Hello,
>> Met 2 problems with tar and wander if they are new or known.
>>
>> Issue 1: tar doesn't restore files or directories added with relative
>> name starting with "../"
>> Scenario:
>> busybox tar -c -f archive.tar ../tobearchived
>> busybox tar -xf archive.tar
>> tar: name with '..' encountered: '../tobearchived'
>>
>> Gnu tar removes ../ from paths of archived files and directories, while
>> busybox's tar doesn't.
>> Should it be fixed?
>> Note that archive created by busybox tar on the 1st step can be restored
>> by gnu tar but not by busybox's.
>
> Proposed patch.
This doesn't address the archive creation case, in which GNU tar would strip
the /../ just as well. Otherwise it's pretty much the same as what I've come up
with earlier today. :)
>
> function old new delta
> get_header_tar 1493 1545 +52
>
> --
> vda
>
> diff -ad -urpN busybox.7/archival/libarchive/get_header_tar.c busybox.8/archival/libarchive/get_header_tar.c
> --- busybox.7/archival/libarchive/get_header_tar.c 2011-02-06 19:52:35.000000000 +0100
> +++ busybox.8/archival/libarchive/get_header_tar.c 2011-03-01 17:16:49.000000000 +0100
> @@ -422,11 +422,26 @@ char FAST_FUNC get_header_tar(archive_ha
> p_linkname = NULL;
> }
> #endif
> - if (strncmp(file_header->name, "/../"+1, 3) == 0
> - || strstr(file_header->name, "/../")
> - ) {
> - bb_error_msg_and_die("name with '..' encountered: '%s'",
> - file_header->name);
> + cp = file_header->name;
> + while (1) {
> + char *cp2;
> + if (strncmp(cp, "/../"+1, 3) == 0) {
gcc can actually figure out that "../" is a substring of "/../", from
what I see here.
> + cp += 3;
> + continue;
> + }
> + cp2 = strstr(cp, "/../");
> + if (cp2) {
> + cp = cp2 + 4;
> + continue;
> + }
> + break;
> + }
> + if (cp != file_header->name) {
> + if (!(archive_handle->ah_flags & ARCHIVE_TAR__TRUNC_WARNED)) {
> + archive_handle->ah_flags |= ARCHIVE_TAR__TRUNC_WARNED;
> + bb_error_msg("removing leading '%.*s'", (int)(cp - file_header->name), file_header->name);
> + }
> + overlapping_strcpy(file_header->name, cp);
> }
>
> /* Strip trailing '/' in directories */
> diff -ad -urpN busybox.7/include/archive.h busybox.8/include/archive.h
> --- busybox.7/include/archive.h 2011-02-06 20:01:03.000000000 +0100
> +++ busybox.8/include/archive.h 2011-03-01 17:13:40.000000000 +0100
> @@ -118,6 +118,8 @@ typedef struct archive_handle_t {
> #define ARCHIVE_DONT_RESTORE_PERM (1 << 6)
> #define ARCHIVE_NUMERIC_OWNER (1 << 7)
> #define ARCHIVE_O_TRUNC (1 << 8)
> +/* Archiver specific. */
> +#define ARCHIVE_TAR__TRUNC_WARNED (1 << 9)
>
>
> /* POSIX tar Header Block, from POSIX 1003.1-1990 */
> diff -ad -urpN busybox.7/testsuite/tar.tests busybox.8/testsuite/tar.tests
> --- busybox.7/testsuite/tar.tests 2011-02-06 20:02:10.000000000 +0100
> +++ busybox.8/testsuite/tar.tests 2011-03-01 17:16:07.000000000 +0100
> @@ -168,6 +168,23 @@ Ok
> " \
> "" ""
>
> +# On extract, everything up to and including last ".." component is stripped
> +testing "tar strips /../ on extract" "\
> +rm -rf input_* test.tar 2>/dev/null
> +mkdir input_dir
> +echo Ok >input_dir/file
> +tar cf test.tar ./../tar.tempdir/input_dir/../input_dir 2>&1
> +rm -rf input_* 2>/dev/null
> +tar -vxf test.tar 2>&1
> +cat input_dir/file 2>&1
> +" "\
> +tar: removing leading './../tar.tempdir/input_dir/../'
> +input_dir/
> +input_dir/file
> +Ok
> +" \
> +"" ""
> +
>
> cd .. && rm -rf tar.tempdir || exit 1
More information about the busybox
mailing list