Guard against invalid type arguments

Some experiments showed strange things happen if you
provide an invalid type value when appending a new ACL entry.
Guard against that, and while we're here be a little more
paranoid elsewhere against bad types in case there is another
way to get them in.

diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c
index bbb085afe7afa8615f5a0a0ff1482537d7167938..a9334316f59396c10c15c13e6d01cc361cac2e78 100644 (file)
--- a/libarchive/archive_acl.c
+++ b/libarchive/archive_acl.c
@@ -270,6 +270,19 @@ acl_new_entry(struct archive_acl *acl,
 {
        struct archive_acl_entry *ap, *aq;
 
+       /* Reject an invalid type */
+       switch (type) {
+       case ARCHIVE_ENTRY_ACL_TYPE_ACCESS:
+       case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
+       case ARCHIVE_ENTRY_ACL_TYPE_ALLOW:
+       case ARCHIVE_ENTRY_ACL_TYPE_DENY:
+       case ARCHIVE_ENTRY_ACL_TYPE_AUDIT:
+       case ARCHIVE_ENTRY_ACL_TYPE_ALARM:
+               break;
+       default:
+               return (NULL);
+       }
+
        /* Type argument must be a valid NFS4 or POSIX.1e type.
         * The type must agree with anything already set and
         * the permset must be compatible. */
@@ -822,6 +835,9 @@ append_entry_w(wchar_t **wp, const wchar_t *prefix, int type,
                wname = NULL;
                id = -1;
                break;
+       default:
+               **wp = '\0';
+               break;
        }
        *wp += wcslen(*wp);
        *(*wp)++ = L':';
@@ -878,6 +894,7 @@ append_entry_w(wchar_t **wp, const wchar_t *prefix, int type,
                        wcscpy(*wp, L"alarm");
                        break;
                default:
+                       *(*wp) = L'\0';
                        break;
                }
                *wp += wcslen(*wp);
@@ -1057,6 +1074,9 @@ append_entry(char **p, const char *prefix, int type,
                name = NULL;
                id = -1;
                break;
+       default:
+               **p = '\0';
+               break;
        }
        *p += strlen(*p);
        *(*p)++ = ':';
@@ -1112,6 +1132,9 @@ append_entry(char **p, const char *prefix, int type,
                case ARCHIVE_ENTRY_ACL_TYPE_ALARM:
                        strcpy(*p, "alarm");
                        break;
+               default:
+                       *(*p) = '\0';
+                       break;
                }
                *p += strlen(*p);
        }

diff --git a/libarchive/test/test_acl_nfs4.c b/libarchive/test/test_acl_nfs4.c
index 98d39689df693795126e776a0678856f9b02279a..050c0a063654231cc26ed3b107e637ee81095921 100644 (file)
--- a/libarchive/test/test_acl_nfs4.c
+++ b/libarchive/test/test_acl_nfs4.c
@@ -145,6 +145,13 @@ static struct archive_test_acl_t acls_bad[] = {
          ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" },
        { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE,
          ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" },
+
+       /* Multiple types */
+       { ARCHIVE_ENTRY_ACL_TYPE_ALLOW | ARCHIVE_ENTRY_ACL_TYPE_AUDIT,
+         ARCHIVE_ENTRY_ACL_EXECUTE,
+         ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" },
+       { ARCHIVE_ENTRY_ACL_TYPE_NFS4, ARCHIVE_ENTRY_ACL_EXECUTE,
+         ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" },
 };
 
 DEFINE_TEST(test_acl_nfs4)

diff --git a/libarchive/test/test_acl_posix1e.c b/libarchive/test/test_acl_posix1e.c
index 025ef6afd102d67569d8f1d18372f4172c987d4a..f9b6ffeb6ab7e94ecc9dd19f2e1c610555229f30 100644 (file)
--- a/libarchive/test/test_acl_posix1e.c
+++ b/libarchive/test/test_acl_posix1e.c
@@ -94,6 +94,11 @@ static struct archive_test_acl_t acls_nfs4[] = {
        { ARCHIVE_ENTRY_ACL_TYPE_ACCESS,
          ARCHIVE_ENTRY_ACL_READ | ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT,
          ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" },
+
+       /* Invalid type codes */
+       { ARCHIVE_ENTRY_ACL_TYPE_ACCESS | ARCHIVE_ENTRY_ACL_TYPE_DEFAULT,
+         ARCHIVE_ENTRY_ACL_READ,
+         ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" },
 };
 
 DEFINE_TEST(test_acl_posix1e)