From 0d5aa7b6578422d3a3a7cad315807ae5b53566b2 Mon Sep 17 00:00:00 2001

From: Ondrej Dubaj <odubaj@redhat.com>

Date: Thu, 19 Mar 2020 08:58:32 +0100

Subject: [PATCH] * src/copyout.c (to_ascii): Additional argument nul controls

 whether to add the terminating nul character. (field_width_error): Improve

 diagnostics: print the actual and the maximum allowed field value. *

 src/extern.h (to_ascii, field_width_error): New prototypes. * src/tar.c

 (to_oct): Remove. (to_oct_or_error): New function. (TO_OCT): New macro.

 (write_out_tar_header)

---

 src/copyout.c | 47 +++++++++++++++++++++-------------

 src/extern.h  | 15 +++++++++--

 src/tar.c     | 71 ++++++++++++++++++++++++---------------------------

 3 files changed, 75 insertions(+), 58 deletions(-)

diff --git a/src/copyout.c b/src/copyout.c

index 03eaf88..c0b1ffa 100644

--- a/src/copyout.c

+++ b/src/copyout.c

@@ -279,26 +279,32 @@ writeout_final_defers (int out_des)

    so it should be moved to paxutils too.

    Allowed values for logbase are: 1 (binary), 2, 3 (octal), 4 (hex) */

 int

-to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase)

+to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase, bool nul)

 {

   static char codetab[] = "0123456789ABCDEF";

-  int i = digits;

-  do

+  if (nul)

+    where[--digits] = 0;

+  while (digits > 0)

     {

-      where[--i] = codetab[(v & ((1 << logbase) - 1))];

+      where[--digits] = codetab[(v & ((1 << logbase) - 1))];

       v >>= logbase;

     }

-  while (i);

   return v != 0;

 }

-static void

-field_width_error (const char *filename, const char *fieldname)

+void

+field_width_error (const char *filename, const char *fieldname,

+		   uintmax_t value, size_t width, bool nul)

 {

-  error (1, 0, _("%s: field width not sufficient for storing %s"),

-	 filename, fieldname);

+  char valbuf[UINTMAX_STRSIZE_BOUND + 1];

+  char maxbuf[UINTMAX_STRSIZE_BOUND + 1];

+  error (0, 0, _("%s: value %s %s out of allowed range 0..%s"),

+	 filename, fieldname,

+	 STRINGIFY_BIGINT (value, valbuf),

+	 STRINGIFY_BIGINT (MAX_VAL_WITH_DIGITS (width - nul, LG_8),

+			   maxbuf));

 }

 static void

@@ -313,7 +319,7 @@ to_ascii_or_warn (char *where, uintmax_t n, size_t digits,

 		  unsigned logbase,

 		  const char *filename, const char *fieldname)

 {

-  if (to_ascii (where, n, digits, logbase))

+  if (to_ascii (where, n, digits, logbase, false))

     field_width_warning (filename, fieldname);

 }    

@@ -322,9 +328,9 @@ to_ascii_or_error (char *where, uintmax_t n, size_t digits,

 		   unsigned logbase,

 		   const char *filename, const char *fieldname)

 {

-  if (to_ascii (where, n, digits, logbase))

+  if (to_ascii (where, n, digits, logbase, false))

     {

-      field_width_error (filename, fieldname);

+      field_width_error (filename, fieldname, n, digits, false);

       return 1;

     }

   return 0;

@@ -381,7 +387,7 @@ write_out_new_ascii_header (const char *magic_string,

 			 _("name size")))

     return 1;

   p += 8;

-  to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16);

+  to_ascii (p, file_hdr->c_chksum & 0xffffffff, 8, LG_16, false);

   tape_buffered_write (ascii_header, out_des, sizeof ascii_header);

@@ -398,7 +404,7 @@ write_out_old_ascii_header (dev_t dev, dev_t rdev,

   char ascii_header[76];

   char *p = ascii_header;

-  to_ascii (p, file_hdr->c_magic, 6, LG_8);

+  to_ascii (p, file_hdr->c_magic, 6, LG_8, false);

   p += 6;

   to_ascii_or_warn (p, dev, 6, LG_8, file_hdr->c_name, _("device number"));

   p += 6;

@@ -502,7 +508,10 @@ write_out_binary_header (dev_t rdev,

   short_hdr.c_namesize = file_hdr->c_namesize & 0xFFFF;

   if (short_hdr.c_namesize != file_hdr->c_namesize)

     {

-      field_width_error (file_hdr->c_name, _("name size"));

+      char maxbuf[UINTMAX_STRSIZE_BOUND + 1];

+      error (0, 0, _("%s: value %s %s out of allowed range 0..%u"),

+	     file_hdr->c_name, _("name size"),

+	     STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFu);

       return 1;

     }

@@ -512,7 +521,10 @@ write_out_binary_header (dev_t rdev,

   if (((off_t)short_hdr.c_filesizes[0] << 16) + short_hdr.c_filesizes[1]

        != file_hdr->c_filesize)

     {

-      field_width_error (file_hdr->c_name, _("file size"));

+      char maxbuf[UINTMAX_STRSIZE_BOUND + 1];

+      error (0, 0, _("%s: value %s %s out of allowed range 0..%lu"),

+	     file_hdr->c_name, _("file size"),

+	     STRINGIFY_BIGINT (file_hdr->c_namesize, maxbuf), 0xFFFFFFFFlu);

       return 1;

     }

@@ -562,8 +574,7 @@ write_out_header (struct cpio_file_stat *file_hdr, int out_des)

 	  error (0, 0, _("%s: file name too long"), file_hdr->c_name);

 	  return 1;

 	}

-      write_out_tar_header (file_hdr, out_des); /* FIXME: No error checking */

-      return 0;

+      return write_out_tar_header (file_hdr, out_des);

     case arf_binary:

       return write_out_binary_header (makedev (file_hdr->c_rdev_maj,

diff --git a/src/extern.h b/src/extern.h

index 1c6f70b..a0b6009 100644

--- a/src/extern.h

+++ b/src/extern.h

@@ -117,6 +117,10 @@ void print_name_with_quoting (char *p);

 /* copyout.c */

 int write_out_header (struct cpio_file_stat *file_hdr, int out_des);

 void process_copy_out (void);

+int to_ascii (char *where, uintmax_t v, size_t digits, unsigned logbase,

+	      bool nul);

+void field_width_error (const char *filename, const char *fieldname,

+			uintmax_t value, size_t width, bool nul);

 /* copypass.c */

 void process_copy_pass (void);

@@ -145,7 +149,7 @@ int make_path (char *argpath, uid_t owner, gid_t group,

 	       const char *verbose_fmt_string);

 /* tar.c */

-void write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);

+int write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des);

 int null_block (long *block, int size);

 void read_in_tar_header (struct cpio_file_stat *file_hdr, int in_des);

 int otoa (char *s, unsigned long *n);

@@ -203,9 +207,16 @@ void cpio_safer_name_suffix (char *name, bool link_target,

 			     bool absolute_names, bool strip_leading_dots);

 int cpio_create_dir (struct cpio_file_stat *file_hdr, int existing_dir);

-/* FIXME: These two defines should be defined in paxutils */

+/* FIXME: The following three should be defined in paxutils */

 #define LG_8  3

 #define LG_16 4

+/* The maximum uintmax_t value that can be represented with DIGITS digits,

+   assuming that each digit is BITS_PER_DIGIT wide.  */

+#define MAX_VAL_WITH_DIGITS(digits, bits_per_digit) \

+   ((digits) * (bits_per_digit) < sizeof (uintmax_t) * CHAR_BIT \

+    ? ((uintmax_t) 1 << ((digits) * (bits_per_digit))) - 1 \

+    : (uintmax_t) -1)

+

 uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase);

diff --git a/src/tar.c b/src/tar.c

index 854878e..fe8fdcf 100644

--- a/src/tar.c

+++ b/src/tar.c

@@ -1,6 +1,5 @@

 /* tar.c - read in write tar headers for cpio

-   Copyright (C) 1992, 2001, 2004, 2006, 2007, 2010 Free Software

-   Foundation, Inc.

+   Copyright (C) 1992-2019 Free Software Foundation, Inc.

    This program is free software; you can redistribute it and/or modify

    it under the terms of the GNU General Public License as published by

@@ -81,34 +80,16 @@ stash_tar_filename (char *prefix, char *filename)

   return hold_tar_filename;

 }

-/* Convert a number into a string of octal digits.

-   Convert long VALUE into a DIGITS-digit field at WHERE,

-   including a trailing space and room for a NUL.  DIGITS==3 means

-   1 digit, a space, and room for a NUL.

-

-   We assume the trailing NUL is already there and don't fill it in.

-   This fact is used by start_header and finish_header, so don't change it!

-

-   This is be equivalent to:

-   sprintf (where, "%*lo ", digits - 2, value);

-   except that sprintf fills in the trailing NUL and we don't.  */

-

-static void

-to_oct (register long value, register int digits, register char *where)

+static int

+to_oct_or_error (uintmax_t value, size_t digits, char *where, char const *field,

+		 char const *file)

 {

-  --digits;			/* Leave the trailing NUL slot alone.  */

-

-  /* Produce the digits -- at least one.  */

-  do

+  if (to_ascii (where, value, digits, LG_8, true))

     {

-      where[--digits] = '0' + (char) (value & 7); /* One octal digit.  */

-      value >>= 3;

+      field_width_error (file, field, value, digits, true);

+      return 1;

     }

-  while (digits > 0 && value != 0);

-

-  /* Add leading zeroes, if necessary.  */

-  while (digits > 0)

-    where[--digits] = '0';

+  return 0;

 }

@@ -136,10 +117,22 @@ tar_checksum (struct tar_header *tar_hdr)

   return sum;

 }

+#define TO_OCT(file_hdr, c_fld, digits, tar_hdr, tar_field) \

+  do							    \

+    {							    \

+       if (to_oct_or_error (file_hdr -> c_fld,		    \

+			    digits,			    \

+			    tar_hdr -> tar_field,	    \

+			    #tar_field,			    \

+			    file_hdr->c_name))		    \

+	 return 1;					    \

+    }							    \

+  while (0)

+

 /* Write out header FILE_HDR, including the file name, to file

    descriptor OUT_DES.  */

-void

+int

 write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)

 {

   int name_len;

@@ -168,11 +161,11 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)

   /* Ustar standard (POSIX.1-1988) requires the mode to contain only 3 octal

      digits */

-  to_oct (file_hdr->c_mode & MODE_ALL, 8, tar_hdr->mode);

-  to_oct (file_hdr->c_uid, 8, tar_hdr->uid);

-  to_oct (file_hdr->c_gid, 8, tar_hdr->gid);

-  to_oct (file_hdr->c_filesize, 12, tar_hdr->size);

-  to_oct (file_hdr->c_mtime, 12, tar_hdr->mtime);

+  TO_OCT (file_hdr, c_mode & MODE_ALL, 8, tar_hdr, mode);

+  TO_OCT (file_hdr, c_uid, 8, tar_hdr, uid);

+  TO_OCT (file_hdr, c_gid, 8, tar_hdr, gid);

+  TO_OCT (file_hdr, c_filesize, 12, tar_hdr, size);

+  TO_OCT (file_hdr, c_mtime, 12, tar_hdr, mtime);

   switch (file_hdr->c_mode & CP_IFMT)

     {

@@ -184,7 +177,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)

 	  strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,

 		   TARLINKNAMESIZE);

 	  tar_hdr->typeflag = LNKTYPE;

-	  to_oct (0, 12, tar_hdr->size);

+	  to_ascii (tar_hdr->size, 0, 12, LG_8, true);

 	}

       else

 	tar_hdr->typeflag = REGTYPE;

@@ -210,7 +203,7 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)

 	 than TARLINKNAMESIZE.  */

       strncpy (tar_hdr->linkname, file_hdr->c_tar_linkname,

 	       TARLINKNAMESIZE);

-      to_oct (0, 12, tar_hdr->size);

+      to_ascii (tar_hdr->size, 0, 12, LG_8, true);

       break;

 #endif /* CP_IFLNK */

     }

@@ -229,13 +222,15 @@ write_out_tar_header (struct cpio_file_stat *file_hdr, int out_des)

       if (name)

 	strcpy (tar_hdr->gname, name);

-      to_oct (file_hdr->c_rdev_maj, 8, tar_hdr->devmajor);

-      to_oct (file_hdr->c_rdev_min, 8, tar_hdr->devminor);

+      TO_OCT (file_hdr, c_rdev_maj, 8, tar_hdr, devmajor);

+      TO_OCT (file_hdr, c_rdev_min, 8, tar_hdr, devminor);

     }

-  to_oct (tar_checksum (tar_hdr), 8, tar_hdr->chksum);

+  to_ascii (tar_hdr->chksum, tar_checksum (tar_hdr), 8, LG_8, true);

   tape_buffered_write ((char *) &tar_rec, out_des, TARRECORDSIZE);

+

+  return 0;

 }

 /* Return nonzero iff all the bytes in BLOCK are NUL.

-- 

2.24.1