2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2009, 2010 Joerg Sonnenberger <joerg@NetBSD.org>
5 * Copyright (c) 2007-2008 Dag-Erling Smørgrav
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer
13 * in this position and unchanged.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * This file would be much shorter if we didn't care about command-line
33 * compatibility with Info-ZIP's UnZip, which requires us to duplicate
34 * parts of libarchive in order to gain more detailed control of its
35 * behaviour for the purpose of implementing the -n, -o, -L and -a
39 #include <sys/queue.h>
53 #include <archive_entry.h>
54 #include <readpassphrase.h>
56 /* command-line options */
57 static int a_opt; /* convert EOL */
58 static int C_opt; /* match case-insensitively */
59 static int c_opt; /* extract to stdout */
60 static const char *d_arg; /* directory */
61 static int f_opt; /* update existing files only */
62 static int j_opt; /* junk directories */
63 static int L_opt; /* lowercase names */
64 static int n_opt; /* never overwrite */
65 static int o_opt; /* always overwrite */
66 static int p_opt; /* extract to stdout, quiet */
67 static char *P_arg; /* passphrase */
68 static int q_opt; /* quiet */
69 static int t_opt; /* test */
70 static int u_opt; /* update */
71 static int v_opt; /* verbose/list */
72 static const char *y_str = ""; /* 4 digit year */
73 static int Z1_opt; /* zipinfo mode list files only */
76 static int unzip_debug;
79 static int zipinfo_mode;
84 /* convenience macro */
85 /* XXX should differentiate between ARCHIVE_{WARN,FAIL,RETRY} */
89 if (acret != ARCHIVE_OK) \
90 errorx("%s", archive_error_string(a)); \
94 * Indicates that last info() did not end with EOL. This helps error() et
95 * al. avoid printing an error message on the same line as an incomplete
96 * informational message.
100 /* for an interactive passphrase input */
101 static char *passphrase_buf;
103 /* fatal error message + errno */
105 error(const char *fmt, ...)
110 fprintf(stdout, "\n");
112 fprintf(stderr, "unzip: ");
114 vfprintf(stderr, fmt, ap);
116 fprintf(stderr, ": %s\n", strerror(errno));
120 /* fatal error message, no errno */
122 errorx(const char *fmt, ...)
127 fprintf(stdout, "\n");
129 fprintf(stderr, "unzip: ");
131 vfprintf(stderr, fmt, ap);
133 fprintf(stderr, "\n");
137 /* non-fatal error message + errno */
139 warning(const char *fmt, ...)
144 fprintf(stdout, "\n");
146 fprintf(stderr, "unzip: ");
148 vfprintf(stderr, fmt, ap);
150 fprintf(stderr, ": %s\n", strerror(errno));
153 /* non-fatal error message, no errno */
155 warningx(const char *fmt, ...)
160 fprintf(stdout, "\n");
162 fprintf(stderr, "unzip: ");
164 vfprintf(stderr, fmt, ap);
166 fprintf(stderr, "\n");
169 /* informational message (if not -q) */
171 info(const char *fmt, ...)
175 if (q_opt && !unzip_debug)
178 vfprintf(stdout, fmt, ap);
185 noeol = fmt[strlen(fmt) - 1] != '\n';
188 /* debug message (if unzip_debug) */
190 debug(const char *fmt, ...)
197 vfprintf(stderr, fmt, ap);
204 noeol = fmt[strlen(fmt) - 1] != '\n';
207 /* duplicate a path name, possibly converting to lower case */
209 pathdup(const char *path)
214 if (path == NULL || path[0] == '\0')
218 while (len && path[len - 1] == '/')
220 if ((str = malloc(len + 1)) == NULL) {
225 for (i = 0; i < len; ++i)
226 str[i] = tolower((unsigned char)path[i]);
228 memcpy(str, path, len);
235 /* concatenate two path names */
237 pathcat(const char *prefix, const char *path)
242 prelen = prefix ? strlen(prefix) + 1 : 0;
243 len = strlen(path) + 1;
244 if ((str = malloc(prelen + len)) == NULL) {
249 memcpy(str, prefix, prelen); /* includes zero */
250 str[prelen - 1] = '/'; /* splat zero */
252 memcpy(str + prelen, path, len); /* includes zero */
258 * Pattern lists for include / exclude processing
261 STAILQ_ENTRY(pattern) link;
265 STAILQ_HEAD(pattern_list, pattern);
266 static struct pattern_list include = STAILQ_HEAD_INITIALIZER(include);
267 static struct pattern_list exclude = STAILQ_HEAD_INITIALIZER(exclude);
270 * Add an entry to a pattern list
273 add_pattern(struct pattern_list *list, const char *pattern)
275 struct pattern *entry;
278 debug("adding pattern '%s'\n", pattern);
279 len = strlen(pattern);
280 if ((entry = malloc(sizeof *entry + len + 1)) == NULL) {
284 memcpy(entry->pattern, pattern, len + 1);
285 STAILQ_INSERT_TAIL(list, entry, link);
289 * Match a string against a list of patterns
292 match_pattern(struct pattern_list *list, const char *str)
294 struct pattern *entry;
296 STAILQ_FOREACH(entry, list, link) {
297 if (fnmatch(entry->pattern, str, C_opt ? FNM_CASEFOLD : 0) == 0)
304 * Verify that a given pathname is in the include list and not in the
308 accept_pathname(const char *pathname)
311 if (!STAILQ_EMPTY(&include) && !match_pattern(&include, pathname))
313 if (!STAILQ_EMPTY(&exclude) && match_pattern(&exclude, pathname))
319 * Create the specified directory with the specified mode, taking certain
320 * precautions on they way.
323 make_dir(const char *path, int mode)
327 if (lstat(path, &sb) == 0) {
328 if (S_ISDIR(sb.st_mode))
331 * Normally, we should either ask the user about removing
332 * the non-directory of the same name as a directory we
333 * wish to create, or respect the -n or -o command-line
334 * options. However, this may lead to a later failure or
335 * even compromise (if this non-directory happens to be a
336 * symlink to somewhere unsafe), so we don't.
340 * Don't check unlink() result; failure will cause mkdir()
341 * to fail later, which we will catch.
345 if (mkdir(path, mode) != 0 && errno != EEXIST)
346 error("mkdir('%s')", path);
350 * Ensure that all directories leading up to (but not including) the
351 * specified path exist.
353 * XXX inefficient + modifies the file in-place
356 make_parent(char *path)
361 sep = strrchr(path, '/');
362 if (sep == NULL || sep == path)
365 if (lstat(path, &sb) == 0) {
366 if (S_ISDIR(sb.st_mode)) {
377 for (sep = path; (sep = strchr(sep, '/')) != NULL; sep++) {
378 /* root in case of absolute d_arg */
382 make_dir(path, 0755);
389 * Extract a directory.
392 extract_dir(struct archive *a, struct archive_entry *e, const char *path)
397 * Dropbox likes to create '/' directory entries, just ignore
403 mode = archive_entry_mode(e) & 0777;
408 * Some zipfiles contain directories with weird permissions such
409 * as 0644 or 0444. This can cause strange issues such as being
410 * unable to extract files into the directory we just created, or
411 * the user being unable to remove the directory later without
412 * first manually changing its permissions. Therefore, we whack
413 * the permissions into shape, assuming that the user wants full
414 * access and that anyone who gets read access also gets execute
423 info(" creating: %s/\n", path);
424 make_dir(path, mode);
425 ac(archive_read_data_skip(a));
428 static unsigned char buffer[8192];
429 static char spinner[] = { '|', '/', '-', '\\' };
432 handle_existing_file(char **path)
440 "replace %s? [y]es, [n]o, [A]ll, [N]one, [r]ename: ",
442 if (fgets(buf, sizeof(buf), stdin) == NULL) {
444 printf("NULL\n(EOF or read error, "
445 "treating as \"[N]one\"...)\n");
464 printf("New name: ");
469 len = getline(path, &alen, stdin);
470 if ((*path)[len - 1] == '\n')
471 (*path)[len - 1] = '\0';
480 * Detect binary files by a combination of character white list and
481 * black list. NUL bytes and other control codes without use in text files
482 * result directly in switching the file to binary mode. Otherwise, at least
483 * one white-listed byte has to be found.
485 * Black-listed: 0..6, 14..25, 28..31
486 * 0xf3ffc07f = 11110011111111111100000001111111b
487 * White-listed: 9..10, 13, >= 32
488 * 0x00002600 = 00000000000000000010011000000000b
490 * See the proginfo/txtvsbin.txt in the zip sources for a detailed discussion.
492 #define BYTE_IS_BINARY(x) ((x) < 32 && (0xf3ffc07fU & (1U << (x))))
493 #define BYTE_IS_TEXT(x) ((x) >= 32 || (0x00002600U & (1U << (x))))
496 check_binary(const unsigned char *buf, size_t len)
499 for (rv = 1; len--; ++buf) {
500 if (BYTE_IS_BINARY(*buf))
502 if (BYTE_IS_TEXT(*buf))
510 * Extract to a file descriptor
513 extract2fd(struct archive *a, char *pathname, int fd)
517 unsigned char *p, *q, *end;
523 /* loop over file contents and write to fd */
524 for (int n = 0; ; n++) {
525 if (fd != STDOUT_FILENO)
526 if (tty && (n % 4) == 0)
527 info(" %c\b\b", spinner[(n / 4) % sizeof spinner]);
529 len = archive_read_data(a, buffer, sizeof buffer);
534 /* left over CR from previous buffer */
536 if (len == 0 || buffer[0] != '\n')
537 if (write(fd, "\r", 1) != 1)
538 error("write('%s')", pathname);
548 * Detect whether this is a text file. The correct way to
549 * do this is to check the least significant bit of the
550 * "internal file attributes" field of the corresponding
551 * file header in the central directory, but libarchive
552 * does not provide access to this field, so we have to
553 * guess by looking for non-ASCII characters in the
554 * buffer. Hopefully we won't guess wrong. If we do
555 * guess wrong, we print a warning message later.
557 if (a_opt && n == 0) {
558 if (check_binary(buffer, len))
563 if (!a_opt || !text) {
564 if (write(fd, buffer, len) != len)
565 error("write('%s')", pathname);
569 /* hard case: convert \r\n to \n (sigh...) */
570 for (p = buffer; p < end; p = q + 1) {
571 for (q = p; q < end; q++) {
572 if (!warn && BYTE_IS_BINARY(*q)) {
573 warningx("%s may be corrupted due"
574 " to weak text file detection"
575 " heuristic", pathname);
587 if (write(fd, p, q - p) != q - p)
588 error("write('%s')", pathname);
596 * Extract a regular file.
599 extract_file(struct archive *a, struct archive_entry *e, char **path)
602 struct timespec mtime;
604 struct timespec ts[2];
606 const char *linkname;
608 mode = archive_entry_mode(e) & 0777;
611 mtime.tv_sec = archive_entry_mtime(e);
612 mtime.tv_nsec = archive_entry_mtime_nsec(e);
614 /* look for existing file of same name */
616 if (lstat(*path, &sb) == 0) {
617 if (u_opt || f_opt) {
618 /* check if up-to-date */
619 if (S_ISREG(sb.st_mode) &&
620 (sb.st_mtim.tv_sec > mtime.tv_sec ||
621 (sb.st_mtim.tv_sec == mtime.tv_sec &&
622 sb.st_mtim.tv_nsec >= mtime.tv_nsec)))
629 /* do not overwrite */
632 check = handle_existing_file(path);
636 return; /* do not overwrite */
644 ts[0].tv_nsec = UTIME_NOW;
647 /* process symlinks */
648 linkname = archive_entry_symlink(e);
649 if (linkname != NULL) {
650 if (symlink(linkname, *path) != 0)
651 error("symlink('%s')", *path);
652 info(" extracting: %s -> %s\n", *path, linkname);
653 if (lchmod(*path, mode) != 0)
654 warning("Cannot set mode for '%s'", *path);
655 /* set access and modification time */
656 if (utimensat(AT_FDCWD, *path, ts, AT_SYMLINK_NOFOLLOW) != 0)
657 warning("utimensat('%s')", *path);
661 if ((fd = open(*path, O_RDWR|O_CREAT|O_TRUNC, mode)) < 0)
662 error("open('%s')", *path);
664 info(" extracting: %s", *path);
666 text = extract2fd(a, *path, fd);
674 /* set access and modification time */
675 if (futimens(fd, ts) != 0)
676 error("futimens('%s')", *path);
678 error("close('%s')", *path);
682 * Extract a zipfile entry: first perform some sanity checks to ensure
683 * that it is either a directory or a regular file and that the path is
684 * not absolute and does not try to break out of the current directory;
685 * then call either extract_dir() or extract_file() as appropriate.
687 * This is complicated a bit by the various ways in which we need to
688 * manipulate the path name. Case conversion (if requested by the -L
689 * option) happens first, but the include / exclude patterns are applied
690 * to the full converted path name, before the directory part of the path
691 * is removed in accordance with the -j option. Sanity checks are
692 * intentionally done earlier than they need to be, so the user will get a
693 * warning about insecure paths even for files or directories which
694 * wouldn't be extracted anyway.
697 extract(struct archive *a, struct archive_entry *e)
699 char *pathname, *realpathname;
703 if ((pathname = pathdup(archive_entry_pathname(e))) == NULL) {
704 warningx("skipping empty or unreadable filename entry");
705 ac(archive_read_data_skip(a));
708 filetype = archive_entry_filetype(e);
711 if (pathname[0] == '/' ||
712 strncmp(pathname, "../", 3) == 0 ||
713 strstr(pathname, "/../") != NULL) {
714 warningx("skipping insecure entry '%s'", pathname);
715 ac(archive_read_data_skip(a));
720 /* I don't think this can happen in a zipfile.. */
721 if (!S_ISDIR(filetype) && !S_ISREG(filetype) && !S_ISLNK(filetype)) {
722 warningx("skipping non-regular entry '%s'", pathname);
723 ac(archive_read_data_skip(a));
728 /* skip directories in -j case */
729 if (S_ISDIR(filetype) && j_opt) {
730 ac(archive_read_data_skip(a));
735 /* apply include / exclude patterns */
736 if (!accept_pathname(pathname)) {
737 ac(archive_read_data_skip(a));
742 /* apply -j and -d */
744 for (p = q = pathname; *p; ++p)
747 realpathname = pathcat(d_arg, q);
749 realpathname = pathcat(d_arg, pathname);
752 /* ensure that parent directory exists */
753 make_parent(realpathname);
755 if (S_ISDIR(filetype))
756 extract_dir(a, e, realpathname);
758 extract_file(a, e, &realpathname);
765 extract_stdout(struct archive *a, struct archive_entry *e)
770 if ((pathname = pathdup(archive_entry_pathname(e))) == NULL) {
771 warningx("skipping empty or unreadable filename entry");
772 ac(archive_read_data_skip(a));
775 filetype = archive_entry_filetype(e);
777 /* I don't think this can happen in a zipfile.. */
778 if (!S_ISDIR(filetype) && !S_ISREG(filetype) && !S_ISLNK(filetype)) {
779 warningx("skipping non-regular entry '%s'", pathname);
780 ac(archive_read_data_skip(a));
785 /* skip directories in -j case */
786 if (S_ISDIR(filetype)) {
787 ac(archive_read_data_skip(a));
792 /* apply include / exclude patterns */
793 if (!accept_pathname(pathname)) {
794 ac(archive_read_data_skip(a));
800 info("x %s\n", pathname);
802 (void)extract2fd(a, pathname, STDOUT_FILENO);
808 * Print the name of an entry to stdout.
811 list(struct archive *a, struct archive_entry *e)
817 mtime = archive_entry_mtime(e);
818 tm = localtime(&mtime);
820 strftime(buf, sizeof(buf), "%m-%d-%G %R", tm);
822 strftime(buf, sizeof(buf), "%m-%d-%g %R", tm);
826 printf(" %8ju %s %s\n",
827 (uintmax_t)archive_entry_size(e),
828 buf, archive_entry_pathname(e));
829 } else if (v_opt == 2) {
830 printf("%8ju Stored %7ju 0%% %s %08x %s\n",
831 (uintmax_t)archive_entry_size(e),
832 (uintmax_t)archive_entry_size(e),
835 archive_entry_pathname(e));
839 printf("%s\n",archive_entry_pathname(e));
841 ac(archive_read_data_skip(a));
845 * Extract to memory to check CRC
848 test(struct archive *a, struct archive_entry *e)
854 if (S_ISDIR(archive_entry_filetype(e)))
857 info(" testing: %s\t", archive_entry_pathname(e));
858 while ((len = archive_read_data(a, buffer, sizeof buffer)) > 0)
861 info(" %s\n", archive_error_string(a));
867 /* shouldn't be necessary, but it doesn't hurt */
868 ac(archive_read_data_skip(a));
874 * Callback function for reading passphrase.
875 * Originally from cpio.c and passphrase.c, libarchive.
877 #define PPBUFF_SIZE 1024
879 passphrase_callback(struct archive *a, void *_client_data)
883 (void)a; /* UNUSED */
884 (void)_client_data; /* UNUSED */
886 if (passphrase_buf == NULL) {
887 passphrase_buf = malloc(PPBUFF_SIZE);
888 if (passphrase_buf == NULL) {
894 p = readpassphrase("\nEnter password: ", passphrase_buf,
895 PPBUFF_SIZE, RPP_ECHO_OFF);
897 if (p == NULL && errno != EINTR)
898 error("Error reading password");
904 * Main loop: open the zipfile, iterate over its contents and decide what
905 * to do with each entry.
908 unzip(const char *fn)
911 struct archive_entry *e;
913 uintmax_t total_size, file_count, error_count;
915 if ((a = archive_read_new()) == NULL)
916 error("archive_read_new failed");
918 ac(archive_read_support_format_zip(a));
921 archive_read_add_passphrase(a, P_arg);
923 archive_read_set_passphrase_callback(a, NULL,
924 &passphrase_callback);
926 ac(archive_read_open_filename(a, fn, 8192));
929 if (!p_opt && !q_opt)
930 printf("Archive: %s\n", fn);
932 printf(" Length %sDate Time Name\n", y_str);
933 printf(" -------- %s---- ---- ----\n", y_str);
934 } else if (v_opt == 2) {
935 printf(" Length Method Size Ratio %sDate Time CRC-32 Name\n", y_str);
936 printf("-------- ------ ------- ----- %s---- ---- ------ ----\n", y_str);
944 ret = archive_read_next_header(a, &e);
945 if (ret == ARCHIVE_EOF)
950 error_count += test(a, e);
953 else if (p_opt || c_opt)
954 extract_stdout(a, e);
962 total_size += archive_entry_size(e);
968 printf(" -------- %s-------\n", y_str);
969 printf(" %8ju %s%ju file%s\n",
970 total_size, y_str, file_count, file_count != 1 ? "s" : "");
971 } else if (v_opt == 2) {
972 printf("-------- ------- --- %s-------\n", y_str);
973 printf("%8ju %7ju 0%% %s%ju file%s\n",
974 total_size, total_size, y_str, file_count,
975 file_count != 1 ? "s" : "");
979 ac(archive_read_free(a));
981 if (passphrase_buf != NULL) {
982 memset_s(passphrase_buf, PPBUFF_SIZE, 0, PPBUFF_SIZE);
983 free(passphrase_buf);
987 if (error_count > 0) {
988 errorx("%ju checksum error(s) found.", error_count);
991 printf("No errors detected in compressed data of %s.\n",
1002 "Usage: unzip [-aCcfjLlnopqtuvyZ1] [-d dir] [-x pattern] [-P password] zipfile\n"
1008 getopts(int argc, char *argv[])
1012 optreset = optind = 1;
1013 while ((opt = getopt(argc, argv, "aCcd:fjLlnopP:qtuvx:yZ1")) != -1)
1069 add_pattern(&exclude, optarg);
1085 main(int argc, char *argv[])
1087 const char *zipfile;
1090 if (isatty(STDOUT_FILENO))
1093 if (getenv("UNZIP_DEBUG") != NULL)
1095 for (int i = 0; i < argc; ++i)
1096 debug("%s%c", argv[i], (i < argc - 1) ? ' ' : '\n');
1099 * Info-ZIP's unzip(1) expects certain options to come before the
1100 * zipfile name, and others to come after - though it does not
1101 * enforce this. For simplicity, we accept *all* options both
1102 * before and after the zipfile name.
1104 nopts = getopts(argc, argv);
1107 * When more of the zipinfo mode options are implemented, this
1108 * will need to change.
1110 if (zipinfo_mode && !Z1_opt) {
1111 printf("Zipinfo mode needs additional options\n");
1117 zipfile = argv[nopts++];
1119 if (strcmp(zipfile, "-") == 0)
1120 zipfile = NULL; /* STDIN */
1122 while (nopts < argc && *argv[nopts] != '-')
1123 add_pattern(&include, argv[nopts++]);
1125 nopts--; /* fake argv[0] */
1126 nopts += getopts(argc - nopts, argv + nopts);
1128 if (n_opt + o_opt + u_opt > 1)
1129 errorx("-n, -o and -u are contradictory");