From: Shawn Webb <shawn.webb@hardenedbsd.org>
Date: Sun, 13 Sep 2020 19:03:28 +0000 (-0400)
Subject: HBSD: Teach libarchive about the system extended attribute namespace
X-Git-Tag: v3.5.0~12^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4d1a6ebcfde1bf0b27c617152f6cfbab84c90762;p=thirdparty%2Flibarchive.git

HBSD: Teach libarchive about the system extended attribute namespace

In order to teach the packaging infrastructure how to support
HardenedBSD's method of exploit mitigation toggling, teach libarchive
how to handle the system filesystem extended attribute namespace.

Signed-off-by:	Shawn Webb <shawn.webb@hardenedbsd.org>
---

diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
index ed9225056..e522492fb 100644
--- a/libarchive/archive_write_disk_posix.c
+++ b/libarchive/archive_write_disk_posix.c
@@ -4423,6 +4423,8 @@ set_xattrs(struct archive_write_disk *a)
 			int e;
 			int namespace;
 
+			namespace = EXTATTR_NAMESPACE_USER;
+
 			if (strncmp(name, "user.", 5) == 0) {
 				/* "user." attributes go to user namespace */
 				name += 5;
@@ -4440,8 +4442,29 @@ set_xattrs(struct archive_write_disk *a)
 			}
 
 			if (a->fd >= 0) {
+				/*
+				 * On FreeBSD, extattr_set_fd does not
+				 * return the same as
+				 * extattr_set_file. It returns zero
+				 * on success, non-zero on failure.
+				 *
+				 * We can detect the failure by
+				 * manually setting errno prior to the
+				 * call and checking after.
+				 *
+				 * If errno remains zero, fake the
+				 * return value by setting e to size.
+				 *
+				 * This is a hack for now until I
+				 * (Shawn Webb) get FreeBSD to fix the
+				 * issue, if that's even possible.
+				 */
+				errno = 0;
 				e = extattr_set_fd(a->fd, namespace, name,
 				    value, size);
+				if (e == 0 && errno == 0) {
+					e = size;
+				}
 			} else {
 				e = extattr_set_link(
 				    archive_entry_pathname(entry), namespace,