Pavel Raiskup [Tue, 25 Oct 2016 12:30:31 +0000 (14:30 +0200)]
distribute README.md
This issue happened because 'foreign' automake option is enabled,
and the file README was renamed as README.md (not included
automatically by automake).
Martin Matuska [Fri, 14 Oct 2016 12:31:23 +0000 (14:31 +0200)]
Add build/ci_build.sh for automatic building on Travis CI, Jenkins, etc.
Add autotools build to .travis.yml
Downgrade minimal supported autoconf version to 2.68 (Travis CI)
Graham Percival [Wed, 28 Sep 2016 18:02:34 +0000 (11:02 -0700)]
Initialize subst rule->result pointer to NULL
This is not directly useful in libarchive at the present time, but
it might be in the future. If a project which uses this code adds
an atexit(3) handler to clean up memory, and somebody runs:
bsdtar somestring -t
then "omestring" will be interpreted as an (invalid) substitution
rule and call lafe_errc(). However, if the atexit() handler then
calls cleanup_substition(), it will try to free(rule->result)
which was not initialized.
Graham Percival [Mon, 26 Sep 2016 19:50:29 +0000 (12:50 -0700)]
Add chmod() after make_{dir,file} in test suites
This is the same change that 38b3f516df865e2dffd0a1bbc9feb923ab2efc38
made to
libarchive/test/main.c
, but now applied to:
cat/test/main.c
cpio/test/main.c
tar/test/main.c
Graham Percival [Fri, 23 Sep 2016 17:56:21 +0000 (10:56 -0700)]
Issue 774, 782: chmod() after creating a file or dir
If the user's system has a default umask, then
mkdir(pathname, mode);
will report "success" even if the created dir does not match the specified
mode. Presumably that is desired in the general case, but when it comes to
testing libarchive this can generate false errors in `make check`.
chmod() is not affected by umask, so we call that after creating the file
or directory.
The sample file that demonstrated this had multiple 'EmptyStream'
attributes. The first one ended up being used to calculate
certain statistics, then was overwritten by the second which
was incompatible with those statistics.
The fix here is to reject any header with multiple EmptyStream
attributes. While here, also reject headers with multiple
EmptyFile, AntiFile, Name, or Attributes markers.
Tim Kientzle [Mon, 19 Sep 2016 00:27:47 +0000 (17:27 -0700)]
Issue 747 (and others?): Avoid OOB read when parsing multiple long lines
The mtree bidder needs to look several lines ahead
in the input. It does this by extending the read-ahead
and parsing subsequent lines from the same growing buffer.
A bookkeeping error when extending the read-ahead would
sometimes lead it to significantly over-count the
size of the line being read.
Tim Kientzle [Sun, 4 Sep 2016 23:08:26 +0000 (16:08 -0700)]
Test for PR#777: verify ACL reading during directory walks
This verifies the issue mentioned in Pull Request #777:
When using archive_read_disk to read a directory tree,
libarchive would attempt to read ACLs with the wrong
directory.
Tim Kientzle [Mon, 22 Aug 2016 00:11:45 +0000 (17:11 -0700)]
Issue #744 (part of Issue #743): Enforce sandbox with very long pathnames
Because check_symlinks is handled separately from the deep-directory
support, very long pathnames cause problems. Previously, the code
ignored most failures to lstat() a path component. In particular,
this led to check_symlinks always passing for very long paths, which
in turn provides a way to evade the symlink checks in the sandboxing
code.
We now fail on unrecognized lstat() failures, which plugs this
hole at the cost of disabling deep directory support when the
user requests sandboxing.
TODO: This probably cannot be completely fixed without
entirely reimplementing the deep directory support to
integrate the symlink checks. I want to reimplement the
deep directory hanlding someday anyway; openat() and
related system calls now provide a much cleaner way to
handle deep directories than the chdir approach used by this
code.
Tim Kientzle [Mon, 22 Aug 2016 00:01:54 +0000 (17:01 -0700)]
Issue #748: Zip decompression failure with highly-compressed data
Previously, we stopped driving the decompressor as soon as
we hit end of input, but in some cases, the decompressor
has internal state that can continue generating output
even when there is no more input. So we now feed zero-length
blocks into the decompressor until the decompressor tells us
it is finished.
Tim Kientzle [Sun, 21 Aug 2016 17:51:43 +0000 (10:51 -0700)]
Issue #767: Buffer overflow printing a filename
The safe_fprintf function attempts to ensure clean output for an
arbitrary sequence of bytes by doing a trial conversion of the
multibyte characters to wide characters -- if the resulting wide
character is printable then we pass through the corresponding bytes
unaltered, otherwise, we convert them to C-style ASCII escapes.
The stack trace in Issue #767 suggest that the 20-byte buffer
was getting overflowed trying to format a non-printable multibyte
character. This should only happen if there is a valid multibyte
character of more than 5 bytes that was unprintable. (Each byte
would get expanded to a four-charcter octal-style escape of the form
"\123" resulting in >20 characters for the >5 byte multibyte character.)
I've not been able to reproduce this, but have expanded the conversion
buffer to 128 bytes on the belief that no multibyte character set
has a single character of more than 32 bytes.
Tim Kientzle [Sun, 21 Aug 2016 16:25:00 +0000 (09:25 -0700)]
Issue #770: Be more careful about extra_length
Hanno Böck pointed out that the loop here computes
extra_length - 4 without first checking for possible underflow.
In addition to fixing this, I also added a bunch of error
checks so Zip parsing will fail if any Zip extra field
is malformed. Among other things, this uncovered an
old bug that would skip a trailing extra field with
zero-sized data.
Note that we still simply ignore well-formed
extra fields that we don't understand.
projects / thirdparty / libarchive.git / log
