/* \internal
Checks whether a tar file is valid.
A valid tar file does not contains files
that start with ./ or contain ..
This is intended to prevent malicious packages
placing binaries outside of the sandbox directory
*/
bool check_tar_valid( const QString &tarfile )
{
TAR *tarHandle = get_tar_ptr( tarfile );
bool ret=true;
QString filename;
int i;
while ( (i = th_read(tarHandle)) == 0)
{
filename = th_get_pathname( tarHandle );
if ( !filename.startsWith("./") || filename.contains( "..") )
{
ret = false;
qWarning() << "check_tar_valid:- tar contains invalid file path: "
<< filename << "\nAll paths must begin with ./ and not contain .." ;
break;
}
else if ( TH_ISBLK(tarHandle) || TH_ISCHR(tarHandle) )
{
ret = false;
qWarning() << "check_tar_valid:-tar invalid, contains device special file:"
<< filename;
break;
}
else if ( TH_ISLNK(tarHandle) )
{
ret = false;
qWarning() << "check_tar_valid:-tar invalid, contains hard link:"
<< filename;
break;
} else if (TH_ISSYM(tarHandle) )
{
QString target;
if ((tarHandle->options & TAR_GNU) && tarHandle->th_buf.gnu_longlink != NULL)
target = tarHandle->th_buf.gnu_longlink;
else
target = tarHandle->th_buf.linkname;
if ( target.startsWith("/") || target.contains( "..") )
{
ret = false;
qWarning() << "check_tar_valid:tar invalid, contains symlink whose target"
<< (target.startsWith("/")?"is an absolute path.":"references "
"a parent directory.")
<< "Link:" << filename << "Target:" << target;
break;
}
}
if( TH_ISREG(tarHandle) )
tar_skip_regfile(tarHandle);
}
tar_close( tarHandle );
return ret;
}
/* hardlink */
int
tar_extract_hardlink(TAR * t, char *realname, char *prefix)
{
char *filename;
char *linktgt = NULL;
char *lnp;
libtar_hashptr_t hp;
if (!TH_ISLNK(t))
{
errno = EINVAL;
return -1;
}
filename = (realname ? realname : th_get_pathname(t));
if (mkdirhier(dirname(filename)) == -1)
return -1;
libtar_hashptr_reset(&hp);
if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
(libtar_matchfunc_t)libtar_str_match) != 0)
{
lnp = (char *)libtar_hashptr_data(&hp);
linktgt = &lnp[strlen(lnp) + 1];
}
else
linktgt = th_get_linkname(t);
char *newtgt = strdup(linktgt);
sprintf(linktgt, "%s/%s", prefix, newtgt);
#ifdef DEBUG
printf(" ==> extracting: %s (link to %s)\n", filename, linktgt);
#endif
if (link(linktgt, filename) == -1)
{
#ifdef DEBUG
perror("link()");
#endif
printf("Failed restore of hardlink '%s' but returning as if nothing bad happened anyway\n", filename);
return 0; // Used to be -1
}
return 0;
}
/* hardlink */
int
tar_extract_hardlink(TAR * t, char *realname)
{
char *filename;
char *linktgt = NULL;
char *lnp;
libtar_hashptr_t hp;
if (!TH_ISLNK(t))
{
errno = EINVAL;
return -1;
}
filename = (realname ? realname : th_get_pathname(t));
if (mkdirhier(dirname(filename)) == -1)
return -1;
libtar_hashptr_reset(&hp);
if (libtar_hash_getkey(t->h, &hp, th_get_linkname(t),
(libtar_matchfunc_t)libtar_str_match) != 0)
{
lnp = (char *)libtar_hashptr_data(&hp);
linktgt = &lnp[strlen(lnp) + 1];
}
else
linktgt = th_get_linkname(t);
#ifdef DEBUG
printf(" ==> extracting: %s (link to %s)\n", filename, linktgt);
#endif
if (link(linktgt, filename) == -1)
{
#ifdef DEBUG
perror("link()");
#endif
return -1;
}
return 0;
}
void
th_print_long_ls(TAR *t)
{
char modestring[12];
struct passwd *pw;
struct group *gr;
uid_t uid;
gid_t gid;
char username[_POSIX_LOGIN_NAME_MAX];
char groupname[_POSIX_LOGIN_NAME_MAX];
time_t mtime;
struct tm *mtm;
#ifdef HAVE_STRFTIME
char timebuf[18];
#else
const char *months[] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
#endif
uid = th_get_uid(t);
pw = getpwuid(uid);
if (pw == NULL)
snprintf(username, sizeof(username), "%d", uid);
else
strlcpy(username, pw->pw_name, sizeof(username));
gid = th_get_gid(t);
gr = getgrgid(gid);
if (gr == NULL)
snprintf(groupname, sizeof(groupname), "%d", gid);
else
strlcpy(groupname, gr->gr_name, sizeof(groupname));
strmode(th_get_mode(t), modestring);
printf("%.10s %-8.8s %-8.8s ", modestring, username, groupname);
if (TH_ISCHR(t) || TH_ISBLK(t))
printf(" %3d, %3d ", th_get_devmajor(t), th_get_devminor(t));
else
printf("%9ld ", (long)th_get_size(t));
mtime = th_get_mtime(t);
mtm = localtime(&mtime);
#ifdef HAVE_STRFTIME
strftime(timebuf, sizeof(timebuf), "%h %e %H:%M %Y", mtm);
printf("%s", timebuf);
#else
printf("%.3s %2d %2d:%02d %4d",
months[mtm->tm_mon],
mtm->tm_mday, mtm->tm_hour, mtm->tm_min, mtm->tm_year + 1900);
#endif
printf(" %s", th_get_pathname(t));
if (TH_ISSYM(t) || TH_ISLNK(t))
{
if (TH_ISSYM(t))
printf(" -> ");
else
printf(" link to ");
if ((t->options & TAR_GNU) && t->th_buf.gnu_longlink != NULL)
printf("%s", t->th_buf.gnu_longlink);
else
printf("%.100s", t->th_buf.linkname);
}
putchar('\n');
}
static int
tar_set_file_perms(TAR *t, char *realname)
{
mode_t mode;
uid_t uid;
gid_t gid;
struct utimbuf ut;
char *filename;
filename = (realname ? realname : th_get_pathname(t));
mode = th_get_mode(t);
uid = th_get_uid(t);
gid = th_get_gid(t);
ut.modtime = ut.actime = th_get_mtime(t);
/* change owner/group */
if (geteuid() == 0)
#ifdef HAVE_LCHOWN
if (lchown(filename, uid, gid) == -1)
{
# ifdef DEBUG
fprintf(stderr, "lchown(\"%s\", %d, %d): %s\n",
filename, uid, gid, strerror(errno));
# endif
#else /* ! HAVE_LCHOWN */
if (!TH_ISSYM(t) && chown(filename, uid, gid) == -1)
{
# ifdef DEBUG
fprintf(stderr, "chown(\"%s\", %d, %d): %s\n",
filename, uid, gid, strerror(errno));
# endif
#endif /* HAVE_LCHOWN */
return -1;
}
/* change access/modification time */
if (!TH_ISSYM(t) && utime(filename, &ut) == -1)
{
#ifdef DEBUG
perror("utime()");
#endif
return -1;
}
/* change permissions */
if (!TH_ISSYM(t) && chmod(filename, mode) == -1)
{
#ifdef DEBUG
perror("chmod()");
#endif
return -1;
}
return 0;
}
/* switchboard */
int
tar_extract_file(TAR *t, char *realname)
{
int i;
char *lnp;
int pathname_len;
int realname_len;
if (t->options & TAR_NOOVERWRITE)
{
struct stat s;
if (lstat(realname, &s) == 0 || errno != ENOENT)
{
errno = EEXIST;
return -1;
}
}
if (TH_ISDIR(t))
{
i = tar_extract_dir(t, realname);
if (i == 1)
i = 0;
}
else if (TH_ISLNK(t))
i = tar_extract_hardlink(t, realname);
else if (TH_ISSYM(t))
i = tar_extract_symlink(t, realname);
else if (TH_ISCHR(t))
i = tar_extract_chardev(t, realname);
else if (TH_ISBLK(t))
i = tar_extract_blockdev(t, realname);
else if (TH_ISFIFO(t))
i = tar_extract_fifo(t, realname);
else /* if (TH_ISREG(t)) */
i = tar_extract_regfile(t, realname);
if (i != 0)
return i;
i = tar_set_file_perms(t, realname);
if (i != 0)
return i;
pathname_len = strlen(th_get_pathname(t)) + 1;
realname_len = strlen(realname) + 1;
lnp = (char *)calloc(1, pathname_len + realname_len);
if (lnp == NULL)
return -1;
strcpy(&lnp[0], th_get_pathname(t));
strcpy(&lnp[pathname_len], realname);
#ifdef DEBUG
printf("tar_extract_file(): calling libtar_hash_add(): key=\"%s\", "
"value=\"%s\"\n", th_get_pathname(t), realname);
#endif
if (libtar_hash_add(t->h, lnp) != 0)
return -1;
return 0;
}
static int
tar_set_file_perms(TAR *t, char *realname)
{
mode_t mode;
uid_t uid;
gid_t gid;
struct utimbuf ut;
char *filename;
filename = (realname ? realname : th_get_pathname(t));
mode = th_get_mode(t);
uid = th_get_uid(t);
gid = th_get_gid(t);
ut.modtime = ut.actime = th_get_mtime(t);
#ifdef DEBUG
printf(" ==> setting perms: %s (mode %04o, uid %d, gid %d)\n",
filename, mode, uid, gid);
#endif
/* change owner/group */
if (geteuid() == 0)
#ifdef HAVE_LCHOWN
if (lchown(filename, uid, gid) == -1)
{
# ifdef DEBUG
fprintf(stderr, "lchown(\"%s\", %d, %d): %s\n",
filename, uid, gid, strerror(errno));
# endif
#else /* ! HAVE_LCHOWN */
if (!TH_ISSYM(t) && chown(filename, uid, gid) == -1)
{
# ifdef DEBUG
fprintf(stderr, "chown(\"%s\", %d, %d): %s\n",
filename, uid, gid, strerror(errno));
# endif
#endif /* HAVE_LCHOWN */
return -1;
}
/* change access/modification time */
if (!TH_ISSYM(t) && utime(filename, &ut) == -1)
{
#ifdef DEBUG
perror("utime()");
#endif
return -1;
}
/* change permissions */
if (!TH_ISSYM(t) && chmod(filename, mode) == -1)
{
#ifdef DEBUG
perror("chmod()");
#endif
return -1;
}
return 0;
}
/* switchboard */
int
tar_extract_file(TAR *t, char *realname, char *prefix, const int *progress_fd)
{
int i;
char *lnp;
int pathname_len;
int realname_len;
if (t->options & TAR_NOOVERWRITE)
{
struct stat s;
if (lstat(realname, &s) == 0 || errno != ENOENT)
{
errno = EEXIST;
return -1;
}
}
if (TH_ISDIR(t))
{
printf("dir\n");
i = tar_extract_dir(t, realname);
if (i == 1)
i = 0;
}
else if (TH_ISLNK(t)) {
printf("link\n");
i = tar_extract_hardlink(t, realname, prefix);
}
else if (TH_ISSYM(t)) {
printf("sym\n");
i = tar_extract_symlink(t, realname);
}
else if (TH_ISCHR(t)) {
printf("chr\n");
i = tar_extract_chardev(t, realname);
}
else if (TH_ISBLK(t)) {
printf("blk\n");
i = tar_extract_blockdev(t, realname);
}
else if (TH_ISFIFO(t)) {
printf("fifo\n");
i = tar_extract_fifo(t, realname);
}
else /* if (TH_ISREG(t)) */ {
printf("reg\n");
i = tar_extract_regfile(t, realname, progress_fd);
}
if (i != 0) {
printf("FAILED RESTORE OF FILE i: %s\n", realname);
return i;
}
i = tar_set_file_perms(t, realname);
if (i != 0) {
printf("FAILED SETTING PERMS: %d\n", i);
return i;
}
#ifdef HAVE_SELINUX
if((t->options & TAR_STORE_SELINUX) && t->th_buf.selinux_context != NULL)
{
#ifdef DEBUG
printf(" Restoring SELinux context %s to file %s\n", t->th_buf.selinux_context, realname);
#endif
if (lsetfilecon(realname, t->th_buf.selinux_context) < 0) {
fprintf(stderr, "Failed to restore SELinux context %s!\n", strerror(errno));
}
}
#endif
/*
pathname_len = strlen(th_get_pathname(t)) + 1;
realname_len = strlen(realname) + 1;
lnp = (char *)calloc(1, pathname_len + realname_len);
if (lnp == NULL)
return -1;
strcpy(&lnp[0], th_get_pathname(t));
strcpy(&lnp[pathname_len], realname);
#ifdef DEBUG
printf("tar_extract_file(): calling libtar_hash_add(): key=\"%s\", "
"value=\"%s\"\n", th_get_pathname(t), realname);
#endif
if (libtar_hash_add(t->h, lnp) != 0)
return -1;
free(lnp);
*/
return 0;
}