2 * Copyright (c) 2003-2004 Tim Kientzle
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer
10 * in this position and unchanged.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 #include "bsdtar_platform.h"
28 __FBSDID("$FreeBSD: src/usr.bin/tar/read.c,v 1.23 2005/04/17 17:20:54 kientzle Exp $");
30 #include <sys/param.h>
31 #include <sys/types.h>
35 #include <archive_entry.h>
48 static void cleanup_security(struct bsdtar *);
49 static void list_item_verbose(struct bsdtar *, FILE *,
50 struct archive_entry *);
51 static void read_archive(struct bsdtar *bsdtar, char mode);
52 static int security_problem(struct bsdtar *, struct archive_entry *);
55 tar_mode_t(struct bsdtar *bsdtar)
57 read_archive(bsdtar, 't');
61 tar_mode_x(struct bsdtar *bsdtar)
63 read_archive(bsdtar, 'x');
67 * Handle 'x' and 't' modes.
70 read_archive(struct bsdtar *bsdtar, char mode)
74 struct archive_entry *entry;
75 const struct stat *st;
78 while (*bsdtar->argv) {
79 include(bsdtar, *bsdtar->argv);
83 if (bsdtar->names_from_file != NULL)
84 include_from_file(bsdtar, bsdtar->names_from_file);
86 a = archive_read_new();
87 archive_read_support_compression_all(a);
88 archive_read_support_format_all(a);
89 if (archive_read_open_file(a, bsdtar->filename,
90 bsdtar->bytes_per_block != 0 ? bsdtar->bytes_per_block :
91 DEFAULT_BYTES_PER_BLOCK))
92 bsdtar_errc(bsdtar, 1, 0, "Error opening archive: %s",
93 archive_error_string(a));
97 /* Support --fast-read option */
98 if (bsdtar->option_fast_read &&
99 unmatched_inclusions(bsdtar) == 0)
102 r = archive_read_next_header(a, &entry);
103 if (r == ARCHIVE_EOF)
105 if (r == ARCHIVE_WARN)
106 bsdtar_warnc(bsdtar, 0, "%s", archive_error_string(a));
107 if (r == ARCHIVE_FATAL) {
108 bsdtar->return_value = 1;
109 bsdtar_warnc(bsdtar, 0, "%s", archive_error_string(a));
112 if (r == ARCHIVE_RETRY) {
113 /* Retryable error: try again */
114 bsdtar_warnc(bsdtar, 0, "%s", archive_error_string(a));
115 bsdtar_warnc(bsdtar, 0, "Retrying...");
120 * Exclude entries that are too old.
122 st = archive_entry_stat(entry);
123 if (bsdtar->newer_ctime_sec > 0) {
124 if (st->st_ctime < bsdtar->newer_ctime_sec)
125 continue; /* Too old, skip it. */
126 if (st->st_ctime == bsdtar->newer_ctime_sec
127 && ARCHIVE_STAT_CTIME_NANOS(st)
128 <= bsdtar->newer_ctime_nsec)
129 continue; /* Too old, skip it. */
131 if (bsdtar->newer_mtime_sec > 0) {
132 if (st->st_mtime < bsdtar->newer_mtime_sec)
133 continue; /* Too old, skip it. */
134 if (st->st_mtime == bsdtar->newer_mtime_sec
135 && ARCHIVE_STAT_MTIME_NANOS(st)
136 <= bsdtar->newer_mtime_nsec)
137 continue; /* Too old, skip it. */
141 * Note that pattern exclusions are checked before
142 * pathname rewrites are handled. This gives more
143 * control over exclusions, since rewrites always lose
144 * information. (For example, consider a rewrite
145 * s/foo[0-9]/foo/. If we check exclusions after the
146 * rewrite, there would be no way to exclude foo1/bar
147 * while allowing foo2/bar.)
149 if (excluded(bsdtar, archive_entry_pathname(entry)))
150 continue; /* Excluded by a pattern test. */
153 * Modify the pathname as requested by the user. We
154 * do this for -t as well to give users a way to
155 * preview the effects of their rewrites. We also do
156 * this before extraction security checks (including
157 * leading '/' removal). Note that some rewrite
158 * failures prevent extraction.
160 if (edit_pathname(bsdtar, entry))
161 continue; /* Excluded by a rewrite failure. */
164 /* Perversely, gtar uses -O to mean "send to stderr"
165 * when used with -t. */
166 out = bsdtar->option_stdout ? stderr : stdout;
168 if (bsdtar->verbose < 2)
169 safe_fprintf(out, "%s",
170 archive_entry_pathname(entry));
172 list_item_verbose(bsdtar, out, entry);
174 r = archive_read_data_skip(a);
175 if (r == ARCHIVE_WARN) {
177 bsdtar_warnc(bsdtar, 0, "%s",
178 archive_error_string(a));
180 if (r == ARCHIVE_RETRY) {
182 bsdtar_warnc(bsdtar, 0, "%s",
183 archive_error_string(a));
185 if (r == ARCHIVE_FATAL) {
187 bsdtar_warnc(bsdtar, 0, "%s",
188 archive_error_string(a));
194 * Skip security problems before prompting.
195 * Otherwise, the user may be confused that a
196 * file they wanted to extract was
197 * subsequently skipped.
199 if (security_problem(bsdtar, entry))
202 if (bsdtar->option_interactive &&
203 !yes("extract '%s'", archive_entry_pathname(entry)))
207 * Format here is from SUSv2, including the
210 if (bsdtar->verbose) {
211 safe_fprintf(stderr, "x %s",
212 archive_entry_pathname(entry));
215 if (bsdtar->option_stdout) {
216 /* TODO: Catch/recover any errors here. */
217 archive_read_data_into_fd(a, 1);
218 } else if (archive_read_extract(a, entry,
219 bsdtar->extract_flags)) {
220 if (!bsdtar->verbose)
221 safe_fprintf(stderr, "%s",
222 archive_entry_pathname(entry));
223 safe_fprintf(stderr, ": %s",
224 archive_error_string(a));
225 if (!bsdtar->verbose)
226 fprintf(stderr, "\n");
228 * TODO: Decide how to handle
229 * extraction error... <sigh>
231 bsdtar->return_value = 1;
234 fprintf(stderr, "\n");
238 if (bsdtar->verbose > 2)
239 fprintf(stdout, "Archive Format: %s, Compression: %s\n",
240 archive_format_name(a), archive_compression_name(a));
242 archive_read_finish(a);
243 cleanup_security(bsdtar);
248 * Display information about the current file.
250 * The format here roughly duplicates the output of 'ls -l'.
251 * This is based on SUSv2, where 'tar tv' is documented as
252 * listing additional information in an "unspecified format,"
253 * and 'pax -l' is documented as using the same format as 'ls -l'.
256 list_item_verbose(struct bsdtar *bsdtar, FILE *out, struct archive_entry *entry)
258 const struct stat *st;
266 st = archive_entry_stat(entry);
269 * We avoid collecting the entire list in memory at once by
270 * listing things as we see them. However, that also means we can't
271 * just pre-compute the field widths. Instead, we start with guesses
272 * and just widen them as necessary. These numbers are completely
275 if (!bsdtar->u_width) {
277 bsdtar->gs_width = 13;
281 bsdtar_strmode(entry, tmp);
282 fprintf(out, "%s %d ", tmp, st->st_nlink);
284 /* Use uname if it's present, else uid. */
285 p = archive_entry_uname(entry);
286 if ((p == NULL) || (*p == '\0')) {
287 sprintf(tmp, "%d ", st->st_uid);
291 if (w > bsdtar->u_width)
293 fprintf(out, "%-*s ", (int)bsdtar->u_width, p);
295 /* Use gname if it's present, else gid. */
296 p = archive_entry_gname(entry);
297 if (p != NULL && p[0] != '\0') {
298 fprintf(out, "%s", p);
301 sprintf(tmp, "%d", st->st_gid);
303 fprintf(out, "%s", tmp);
307 * Print device number or file size, right-aligned so as to make
308 * total width of group and devnum/filesize fields be gs_width.
309 * If gs_width is too small, grow it.
311 if (S_ISCHR(st->st_mode) || S_ISBLK(st->st_mode)) {
312 sprintf(tmp, "%d,%u",
314 (unsigned)minor(st->st_rdev)); /* ls(1) also casts here. */
317 * Note the use of platform-dependent macros to format
318 * the filesize here. We need the format string and the
319 * corresponding type for the cast.
321 sprintf(tmp, BSDTAR_FILESIZE_PRINTF,
322 (BSDTAR_FILESIZE_TYPE)st->st_size);
324 if (w + strlen(tmp) >= bsdtar->gs_width)
325 bsdtar->gs_width = w+strlen(tmp)+1;
326 fprintf(out, "%*s", (int)(bsdtar->gs_width - w), tmp);
328 /* Format the time using 'ls -l' conventions. */
329 tim = (time_t)st->st_mtime;
330 if (abs(tim - now) > (365/2)*86400)
331 fmt = bsdtar->day_first ? "%e %b %Y" : "%b %e %Y";
333 fmt = bsdtar->day_first ? "%e %b %R" : "%b %e %R";
334 strftime(tmp, sizeof(tmp), fmt, localtime(&tim));
335 fprintf(out, " %s ", tmp);
336 safe_fprintf(out, "%s", archive_entry_pathname(entry));
338 /* Extra information for links. */
339 if (archive_entry_hardlink(entry)) /* Hard link */
340 safe_fprintf(out, " link to %s",
341 archive_entry_hardlink(entry));
342 else if (S_ISLNK(st->st_mode)) /* Symbolic link */
343 safe_fprintf(out, " -> %s", archive_entry_symlink(entry));
347 * Structure for storing path of last successful security check.
355 * Check for a variety of security issues. Fix what we can here,
356 * generate warnings as appropriate, return non-zero to prevent
357 * this entry from being extracted.
360 security_problem(struct bsdtar *bsdtar, struct archive_entry *entry)
363 const char *name, *pn;
367 /* -P option forces us to just accept all pathnames as-is. */
368 if (bsdtar->option_absolute_paths)
371 name = archive_entry_pathname(entry);
373 /* Reject any archive entry with '..' as a path element. */
375 while (pn != NULL && pn[0] != '\0') {
376 if (pn[0] == '.' && pn[1] == '.' &&
377 (pn[2] == '\0' || pn[2] == '/')) {
378 bsdtar_warnc(bsdtar, 0,
379 "Skipping pathname containing ..");
380 bsdtar->return_value = 1;
383 pn = strchr(pn, '/');
389 * Gaurd against symlink tricks. Reject any archive entry whose
390 * destination would be altered by a symlink.
392 /* XXX TODO: Make this faster by comparing current path to
393 * prefix of last successful check to avoid duplicate lstat()
396 if (bsdtar->security == NULL) {
397 bsdtar->security = malloc(sizeof(*bsdtar->security));
398 if (bsdtar->security == NULL)
399 bsdtar_errc(bsdtar, 1, errno, "No Memory");
400 bsdtar->security->path_size = MAXPATHLEN + 1;
401 bsdtar->security->path = malloc(bsdtar->security->path_size);
402 if (bsdtar->security->path == NULL)
403 bsdtar_errc(bsdtar, 1, errno, "No Memory");
405 if (strlen(name) >= bsdtar->security->path_size) {
406 free(bsdtar->security->path);
407 while (strlen(name) >= bsdtar->security->path_size)
408 bsdtar->security->path_size *= 2;
409 bsdtar->security->path = malloc(bsdtar->security->path_size);
410 if (bsdtar->security->path == NULL)
411 bsdtar_errc(bsdtar, 1, errno, "No Memory");
413 p = bsdtar->security->path;
414 while (pn != NULL && pn[0] != '\0') {
416 while (*pn != '\0' && *pn != '/')
419 r = lstat(bsdtar->security->path, &st);
423 } else if (S_ISLNK(st.st_mode)) {
426 * Last element is symlink; remove it
427 * so we can overwrite it with the
428 * item being extracted.
430 if (!S_ISLNK(archive_entry_mode(entry))) {
432 * Warn only if the symlink is being
433 * replaced with a non-symlink.
435 bsdtar_warnc(bsdtar, 0,
436 "Removing symlink %s",
437 bsdtar->security->path);
439 if (unlink(bsdtar->security->path))
440 bsdtar_errc(bsdtar, 1, errno,
442 /* Symlink gone. No more problem! */
444 } else if (bsdtar->option_unlink_first) {
445 /* User asked us to remove problems. */
446 if (unlink(bsdtar->security->path))
447 bsdtar_errc(bsdtar, 1, errno,
450 bsdtar_warnc(bsdtar, 0,
451 "Cannot extract %s through symlink %s",
452 name, bsdtar->security->path);
453 bsdtar->return_value = 1;
463 cleanup_security(struct bsdtar *bsdtar)
465 if (bsdtar->security != NULL) {
466 free(bsdtar->security->path);
467 free(bsdtar->security);