cpio: internalize archive_xread_all_eof. add a few paranoia checks

for corrupted cpio files. modprobe-small: remove stray include route: small code shrink function old new delta get_header_cpio 958 980 +22 archive_xread_all_eof 33 - -33 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 1/0 up/down: 22/-33) Total: -11 bytes
2024-08-22 02:29:00 +00:00 · 2008-07-12 09:20:44 +00:00 · 2008-07-12 09:20:44 +00:00 · a46dd89e94
commit a46dd89e94
parent 39acf45335
9 changed files with 45 additions and 64 deletions
--- a/archival/libunarchive/Kbuild
+++ b/archival/libunarchive/Kbuild
@ -18,8 +18,6 @@ lib-y:= \
 	header_skip.o \
 	header_list.o \
 	header_verbose_list.o \
 \
 	archive_xread_all_eof.o \
 \
 	seek_by_read.o \
 	seek_by_jump.o \
--- a/archival/libunarchive/archive_xread_all_eof.c
+++ b/archival/libunarchive/archive_xread_all_eof.c
@ -1,20 +0,0 @@
 /* vi: set sw=4 ts=4: */
 /*
 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
 */
 #include "libbb.h"
 #include "unarchive.h"
 ssize_t FAST_FUNC archive_xread_all_eof(archive_handle_t *archive_handle,
 			unsigned char *buf, size_t count)
 {
 	ssize_t size;
 	size = full_read(archive_handle->src_fd, buf, count);
 	if (size != 0 && size != (ssize_t)count) {
 		bb_error_msg_and_die("short read: %u of %u",
 				(unsigned)size, (unsigned)count);
 	}
 	return size;
 }
--- a/archival/libunarchive/get_header_cpio.c
+++ b/archival/libunarchive/get_header_cpio.c
@ -21,26 +21,28 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
 {
 	file_header_t *file_header = archive_handle->file_header;
 	char cpio_header[110];
 	char dummy[16];
 	int namesize;
 	int major, minor, nlink, mode, inode;
 	unsigned size, uid, gid, mtime;
-#define saved_hardlinks         (*(hardlinks_t **)(&archive_handle->ah_priv[0]))
+#define hardlinks_to_create (*(hardlinks_t **)(&archive_handle->ah_priv[0]))
-#define saved_hardlinks_created (*(hardlinks_t **)(&archive_handle->ah_priv[1]))
+#define created_hardlinks   (*(hardlinks_t **)(&archive_handle->ah_priv[1]))
 //	if (!archive_handle->ah_priv_inited) {
 //		archive_handle->ah_priv_inited = 1;
-//		saved_hardlinks = NULL;
+//		hardlinks_to_create = NULL;
-//		saved_hardlinks_created = NULL;
+//		created_hardlinks = NULL;
 //	}
 	/* There can be padding before archive header */
 	data_align(archive_handle, 4);
-//TODO: this function is used only here, make it static?
+	size = full_read(archive_handle->src_fd, cpio_header, 110);
-	if (archive_xread_all_eof(archive_handle, (unsigned char*)cpio_header, 110) == 0) {
+	if (size == 0) {
 		goto create_hardlinks;
 	}
 	if (size != 110) {
 		bb_error_msg_and_die("short read");
 	}
 	archive_handle->offset += 110;
 	if (strncmp(&cpio_header[0], "07070", 5) != 0
@ -49,20 +51,21 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
 		bb_error_msg_and_die("unsupported cpio format, use newc or crc");
 	}
-	sscanf(cpio_header + 6,
+	if (sscanf(cpio_header + 6,
 			"%8x" "%8x" "%8x" "%8x"
-			"%8x" "%8x" "%8x" /*maj,min:*/ "%16c"
+			"%8x" "%8x" "%8x" /*maj,min:*/ "%*16c"
-			/*rmaj,rmin:*/"%8x" "%8x" "%8x" /*chksum:*/ "%8c",
+			/*rmaj,rmin:*/"%8x" "%8x" "%8x" /*chksum: "%*8c"*/,
 			&inode, &mode, &uid, &gid,
-			&nlink, &mtime, &size, dummy,
+			&nlink, &mtime, &size,
-			&major, &minor, &namesize, dummy);
+			&major, &minor, &namesize) != 10)
 		bb_error_msg_and_die("damaged cpio file");
 	file_header->mode = mode;
 	file_header->uid = uid;
 	file_header->gid = gid;
 	file_header->mtime = mtime;
 	file_header->size = size;
-	namesize &= 0x1fff; /* paranoia: names can't be that long */
+	namesize &= 0x1fff; /* paranoia: limit names to 8k chars */
 	file_header->name = xzalloc(namesize + 1);
 	/* Read in filename */
 	xread(archive_handle->src_fd, file_header->name, namesize);
@ -77,17 +80,17 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
 		goto create_hardlinks;
 	}
 	file_header->link_target = NULL;
 	if (S_ISLNK(file_header->mode)) {
 		file_header->size &= 0x1fff; /* paranoia: limit names to 8k chars */
 		file_header->link_target = xzalloc(file_header->size + 1);
 		xread(archive_handle->src_fd, file_header->link_target, file_header->size);
 		archive_handle->offset += file_header->size;
 		file_header->size = 0; /* Stop possible seeks in future */
 	} else {
 		file_header->link_target = NULL;
 	}
 // TODO: data_extract_all can't deal with hardlinks to non-files...
-// (should be !S_ISDIR instead of S_ISREG here)
+// when fixed, change S_ISREG to !S_ISDIR here
 	if (nlink > 1 && S_ISREG(file_header->mode)) {
 		hardlinks_t *new = xmalloc(sizeof(*new) + namesize);
@ -99,13 +102,13 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
 		strcpy(new->name, file_header->name);
 		/* Put file on a linked list for later */
 		if (size == 0) {
-			new->next = saved_hardlinks;
+			new->next = hardlinks_to_create;
-			saved_hardlinks = new;
+			hardlinks_to_create = new;
 			return EXIT_SUCCESS; /* Skip this one */
 			/* TODO: this breaks cpio -t (it does not show hardlinks) */
 		}
-		new->next = saved_hardlinks_created;
+		new->next = created_hardlinks;
-		saved_hardlinks_created = new;
+		created_hardlinks = new;
 	}
 	file_header->device = makedev(major, minor);
@ -129,18 +132,23 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
 	free(file_header->link_target);
 	free(file_header->name);
-	while (saved_hardlinks) {
+	while (hardlinks_to_create) {
 		hardlinks_t *cur;
-		hardlinks_t *make_me = saved_hardlinks;
+		hardlinks_t *make_me = hardlinks_to_create;
-		saved_hardlinks = make_me->next;
+
 		hardlinks_to_create = make_me->next;
 		memset(file_header, 0, sizeof(*file_header));
 		file_header->mtime = make_me->mtime;
 		file_header->name = make_me->name;
 		file_header->mode = make_me->mode;
 		file_header->uid = make_me->uid;
 		file_header->gid = make_me->gid;
 		/*file_header->size = 0;*/
 		/*file_header->link_target = NULL;*/
 		/* Try to find a file we are hardlinked to */
-		cur = saved_hardlinks_created;
+		cur = created_hardlinks;
 		while (cur) {
 			/* TODO: must match maj/min too! */
 			if (cur->inode == make_me->inode) {
@ -155,20 +163,17 @@ char FAST_FUNC get_header_cpio(archive_handle_t *archive_handle)
 		}
 		/* Oops... no file with such inode was created... do it now
 		 * (happens when hardlinked files are empty (zero length)) */
 		file_header->mtime = make_me->mtime;
 		file_header->uid   = make_me->uid  ;
 		file_header->gid   = make_me->gid  ;
 		if (archive_handle->filter(archive_handle) == EXIT_SUCCESS)
 			archive_handle->action_data(archive_handle);
 		/* Move to the list of created hardlinked files */
-		make_me->next = saved_hardlinks_created;
+		make_me->next = created_hardlinks;
-		saved_hardlinks_created = make_me;
+		created_hardlinks = make_me;
 next_link: ;
 	}
-	while (saved_hardlinks_created) {
+	while (created_hardlinks) {
-		hardlinks_t *p = saved_hardlinks_created;
+		hardlinks_t *p = created_hardlinks;
-		saved_hardlinks_created = p->next;
+		created_hardlinks = p->next;
 		free(p);
 	}
--- a/archival/libunarchive/get_header_tar.c
+++ b/archival/libunarchive/get_header_tar.c
@ -364,7 +364,7 @@ char FAST_FUNC get_header_tar(archive_handle_t *archive_handle)
 	archive_handle->offset += file_header->size;
 	free(file_header->link_target);
-	/* Do not free(file_header->name)! */
+	/* Do not free(file_header->name)! (why?) */
 #if ENABLE_FEATURE_TAR_UNAME_GNAME
 	free(file_header->uname);
 	free(file_header->gname);
--- a/e2fsprogs/old_e2fsprogs/blkid/devname.c
+++ b/e2fsprogs/old_e2fsprogs/blkid/devname.c
@ -237,7 +237,7 @@ evms_probe_all(blkid_cache cache)
 	if (!procpt)
 		return 0;
 	while (fgets(line, sizeof(line), procpt)) {
-		if (sscanf (line, " %d %d %d %*s %*s %[^\n ]",
+		if (sscanf(line, " %d %d %d %*s %*s %[^\n ]",
 			    &ma, &mi, &sz, device) != 4)
 			continue;
--- a/include/unarchive.h
+++ b/include/unarchive.h
@ -105,8 +105,6 @@ extern char get_header_tar_gz(archive_handle_t *archive_handle) FAST_FUNC;
 extern void seek_by_jump(const archive_handle_t *archive_handle, unsigned amount) FAST_FUNC;
 extern void seek_by_read(const archive_handle_t *archive_handle, unsigned amount) FAST_FUNC;
 extern ssize_t archive_xread_all_eof(archive_handle_t *archive_handle, unsigned char *buf, size_t count) FAST_FUNC;
 extern void data_align(archive_handle_t *archive_handle, unsigned boundary) FAST_FUNC;
 extern const llist_t *find_list_entry(const llist_t *list, const char *filename) FAST_FUNC;
 extern const llist_t *find_list_entry2(const llist_t *list, const char *filename) FAST_FUNC;
--- a/modutils/modprobe-small.c
+++ b/modutils/modprobe-small.c
@ -9,7 +9,6 @@
 */
 #include "libbb.h"
 #include "unarchive.h"
 #include <sys/utsname.h> /* uname() */
 #include <fnmatch.h>
--- a/networking/route.c
+++ b/networking/route.c
@ -561,8 +561,8 @@ static void INET6_displayroutes(void)
 	while (1) {
 		int r;
 		r = fscanf(fp, "%32s%x%*s%x%32s%x%x%x%x%s\n",
-				   addr6x+14, &prefix_len, &slen, addr6x+40+7,
+				addr6x+14, &prefix_len, &slen, addr6x+40+7,
-				   &metric, &use, &refcnt, &iflags, iface);
+				&metric, &use, &refcnt, &iflags, iface);
 		if (r != 9) {
 			if ((r < 0) && feof(fp)) { /* EOF with no (nonspace) chars read. */
 				break;
--- a/procps/fuser.c
+++ b/procps/fuser.c
@ -100,7 +100,6 @@ static inode_list *scan_proc_net(const char *proto,
 				unsigned port, inode_list *ilist)
 {
 	char path[20], line[MAX_LINE + 1];
 	char addr[128];
 	ino_t tmp_inode;
 	dev_t tmp_dev;
 	long long uint64_inode;
@ -115,13 +114,15 @@ static inode_list *scan_proc_net(const char *proto,
 		return ilist;
 	while (fgets(line, MAX_LINE, f)) {
 		char addr[64];
 		if (sscanf(line, "%*d: %64[0-9A-Fa-f]:%x %*x:%*x %*x %*x:%*x "
 				"%*x:%*x %*x %*d %*d %llu",
 				addr, &tmp_port, &uint64_inode) == 3
 		) {
-			if (strlen(addr) == 8 && (option_mask32 & OPT_IP6))
+			int len = strlen(addr);
 			if (len == 8 && (option_mask32 & OPT_IP6))
 				continue;
-			if (strlen(addr) > 8 && (option_mask32 & OPT_IP4))
+			if (len > 8 && (option_mask32 & OPT_IP4))
 				continue;
 			if (tmp_port == port) {
 				tmp_inode = uint64_inode;