From: Martin Matuska Date: Mon, 5 Dec 2016 00:05:12 +0000 (+0100) Subject: Relax sanity checks of number fields in tar header even more. X-Git-Tag: v3.3.0~101^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b9cdbec87524732d7341aaa0d439ad1a6254419;p=thirdparty%2Flibarchive.git Relax sanity checks of number fields in tar header even more. This fixes reading tar archives created by plexus-archiver (used e.g. by maven-assembly-plugin to create source and binary tar distributions) version 2.6.2 and lower. These archives may have entries with uid and gid header fields filled with spaces without any octal digits. Fixes #832 --- diff --git a/Makefile.am b/Makefile.am index 74485af96..906f0ddf1 100644 --- a/Makefile.am +++ b/Makefile.am @@ -371,6 +371,7 @@ libarchive_test_SOURCES= \ libarchive/test/test_compat_mac.c \ libarchive/test/test_compat_pax_libarchive_2x.c \ libarchive/test/test_compat_perl_archive_tar.c \ + libarchive/test/test_compat_plexus_archiver_tar.c \ libarchive/test/test_compat_solaris_tar_acl.c \ libarchive/test/test_compat_solaris_pax_sparse.c \ libarchive/test/test_compat_star_acl_posix1e.c \ @@ -627,6 +628,7 @@ libarchive_test_EXTRA_DIST=\ libarchive/test/test_compat_mac-2.tar.Z.uu \ libarchive/test/test_compat_pax_libarchive_2x.tar.Z.uu \ libarchive/test/test_compat_perl_archive_tar.tar.uu \ + libarchive/test/test_compat_plexus_archiver_tar.uu \ libarchive/test/test_compat_solaris_pax_sparse_1.pax.Z.uu \ libarchive/test/test_compat_solaris_pax_sparse_2.pax.Z.uu \ libarchive/test/test_compat_solaris_tar_acl.tar.uu \ diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c index 071d766b7..b3db34d78 100644 --- a/libarchive/archive_read_support_format_tar.c +++ b/libarchive/archive_read_support_format_tar.c @@ -324,11 +324,7 @@ validate_number_field(const char* p_field, size_t i_size) while (i < i_size && p_field[i] == ' ') { ++i; } - /* Must be at least one octal digit. */ - if (i >= i_size || p_field[i] < '0' || p_field[i] > '7') { - return 0; - } - /* Skip remaining octal digits. */ + /* Skip octal digits. */ while (i < i_size && p_field[i] >= '0' && p_field[i] <= '7') { ++i; } diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt index 5dad21910..ab9a8a46d 100644 --- a/libarchive/test/CMakeLists.txt +++ b/libarchive/test/CMakeLists.txt @@ -59,6 +59,7 @@ IF(ENABLE_TEST) test_compat_mac.c test_compat_pax_libarchive_2x.c test_compat_perl_archive_tar.c + test_compat_plexus_archiver_tar.c test_compat_solaris_pax_sparse.c test_compat_solaris_tar_acl.c test_compat_star_acl_posix1e.c diff --git a/libarchive/test/test_compat_plexus_archiver_tar.c b/libarchive/test/test_compat_plexus_archiver_tar.c new file mode 100644 index 000000000..0f8bedc2d --- /dev/null +++ b/libarchive/test/test_compat_plexus_archiver_tar.c @@ -0,0 +1,69 @@ +/*- + * Copyright (c) 2016 Martin Matuska + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include "test.h" +__FBSDID("$FreeBSD"); + +/* + * Verify our ability to read sample files created by plexus-archiver version + * 2.6.2 and lower (project switched to Apache Commons Compress with 2.6.3). + * + * These files may have tar entries with uid and gid header fields filled with + * spaces without any octal digit. + */ + +DEFINE_TEST(test_compat_plexus_archiver_tar) +{ + char name[] = "test_compat_plexus_archiver_tar.tar"; + struct archive_entry *ae; + struct archive *a; + int r; + + assert((a = archive_read_new()) != NULL); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_all(a)); + assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); + extract_reference_file(name); + assertEqualIntA(a, ARCHIVE_OK, archive_read_open_filename(a, name, + 10240)); + + /* Read first entry. */ + assertEqualIntA(a, ARCHIVE_OK, r = archive_read_next_header(a, &ae)); + if (r != ARCHIVE_OK) { + archive_read_free(a); + return; + } + assertEqualString("commons-logging-1.2/NOTICE.txt", + archive_entry_pathname(ae)); + assertEqualInt(1404583896, archive_entry_mtime(ae)); + assertEqualInt(0100664, archive_entry_mode(ae)); + assertEqualInt(0, archive_entry_uid(ae)); + assertEqualInt(0, archive_entry_gid(ae)); + + /* Verify that the format detection worked. */ + assertEqualInt(archive_filter_code(a, 0), ARCHIVE_FILTER_NONE); + assertEqualInt(archive_format(a), ARCHIVE_FORMAT_TAR_USTAR); + + assertEqualInt(ARCHIVE_OK, archive_read_close(a)); + assertEqualInt(ARCHIVE_OK, archive_read_free(a)); +} diff --git a/libarchive/test/test_compat_plexus_archiver_tar.tar.uu b/libarchive/test/test_compat_plexus_archiver_tar.tar.uu new file mode 100644 index 000000000..39d7b11d1 --- /dev/null +++ b/libarchive/test/test_compat_plexus_archiver_tar.tar.uu @@ -0,0 +1,49 @@ +begin 644 test_compat_plexus_archiver_tar.tar +M8V]M;6]N