From aa1fc90ae5bf6e8f197414ce345361ae4f9e38c9 Mon Sep 17 00:00:00 2001 From: Tim Kientzle Date: Sat, 26 Jul 2025 11:10:24 -0700 Subject: [PATCH] Guard against invalid type arguments Some experiments showed strange things happen if you provide an invalid type value when appending a new ACL entry. Guard against that, and while we're here be a little more paranoid elsewhere against bad types in case there is another way to get them in. --- libarchive/archive_acl.c | 23 +++++++++++++++++++++++ libarchive/test/test_acl_nfs4.c | 7 +++++++ libarchive/test/test_acl_posix1e.c | 5 +++++ 3 files changed, 35 insertions(+) diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c index bbb085afe..a9334316f 100644 --- a/libarchive/archive_acl.c +++ b/libarchive/archive_acl.c @@ -270,6 +270,19 @@ acl_new_entry(struct archive_acl *acl, { struct archive_acl_entry *ap, *aq; + /* Reject an invalid type */ + switch (type) { + case ARCHIVE_ENTRY_ACL_TYPE_ACCESS: + case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT: + case ARCHIVE_ENTRY_ACL_TYPE_ALLOW: + case ARCHIVE_ENTRY_ACL_TYPE_DENY: + case ARCHIVE_ENTRY_ACL_TYPE_AUDIT: + case ARCHIVE_ENTRY_ACL_TYPE_ALARM: + break; + default: + return (NULL); + } + /* Type argument must be a valid NFS4 or POSIX.1e type. * The type must agree with anything already set and * the permset must be compatible. */ @@ -822,6 +835,9 @@ append_entry_w(wchar_t **wp, const wchar_t *prefix, int type, wname = NULL; id = -1; break; + default: + **wp = '\0'; + break; } *wp += wcslen(*wp); *(*wp)++ = L':'; @@ -878,6 +894,7 @@ append_entry_w(wchar_t **wp, const wchar_t *prefix, int type, wcscpy(*wp, L"alarm"); break; default: + *(*wp) = L'\0'; break; } *wp += wcslen(*wp); @@ -1057,6 +1074,9 @@ append_entry(char **p, const char *prefix, int type, name = NULL; id = -1; break; + default: + **p = '\0'; + break; } *p += strlen(*p); *(*p)++ = ':'; @@ -1112,6 +1132,9 @@ append_entry(char **p, const char *prefix, int type, case ARCHIVE_ENTRY_ACL_TYPE_ALARM: strcpy(*p, "alarm"); break; + default: + *(*p) = '\0'; + break; } *p += strlen(*p); } diff --git a/libarchive/test/test_acl_nfs4.c b/libarchive/test/test_acl_nfs4.c index 98d39689d..050c0a063 100644 --- a/libarchive/test/test_acl_nfs4.c +++ b/libarchive/test/test_acl_nfs4.c @@ -145,6 +145,13 @@ static struct archive_test_acl_t acls_bad[] = { ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, { ARCHIVE_ENTRY_ACL_TYPE_ALLOW, ARCHIVE_ENTRY_ACL_WRITE, ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, + + /* Multiple types */ + { ARCHIVE_ENTRY_ACL_TYPE_ALLOW | ARCHIVE_ENTRY_ACL_TYPE_AUDIT, + ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, + { ARCHIVE_ENTRY_ACL_TYPE_NFS4, ARCHIVE_ENTRY_ACL_EXECUTE, + ARCHIVE_ENTRY_ACL_EVERYONE, -1, "" }, }; DEFINE_TEST(test_acl_nfs4) diff --git a/libarchive/test/test_acl_posix1e.c b/libarchive/test/test_acl_posix1e.c index 025ef6afd..f9b6ffeb6 100644 --- a/libarchive/test/test_acl_posix1e.c +++ b/libarchive/test/test_acl_posix1e.c @@ -94,6 +94,11 @@ static struct archive_test_acl_t acls_nfs4[] = { { ARCHIVE_ENTRY_ACL_TYPE_ACCESS, ARCHIVE_ENTRY_ACL_READ | ARCHIVE_ENTRY_ACL_ENTRY_FILE_INHERIT, ARCHIVE_ENTRY_ACL_USER_OBJ, -1, "" }, + + /* Invalid type codes */ + { ARCHIVE_ENTRY_ACL_TYPE_ACCESS | ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, + ARCHIVE_ENTRY_ACL_READ, + ARCHIVE_ENTRY_ACL_GROUP_OBJ, -1, "" }, }; DEFINE_TEST(test_acl_posix1e) -- 2.47.2