1 /*-
2  * Copyright (c) 2003-2007 Tim Kientzle
3  * Copyright (c) 2009 Andreas Henriksson <andreas@fatal.se>
4  * Copyright (c) 2009-2012 Michihiro NAKAJIMA
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19  * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #include "archive_platform.h"
29 
30 #ifdef HAVE_ERRNO_H
31 #include <errno.h>
32 #endif
33 /* #include <stdint.h> */ /* See archive_platform.h */
34 #include <stdio.h>
35 #ifdef HAVE_STDLIB_H
36 #include <stdlib.h>
37 #endif
38 #ifdef HAVE_STRING_H
39 #include <string.h>
40 #endif
41 #include <time.h>
42 #ifdef HAVE_ZLIB_H
43 #include <zlib.h>
44 #endif
45 
46 #include "archive.h"
47 #include "archive_endian.h"
48 #include "archive_entry.h"
49 #include "archive_entry_locale.h"
50 #include "archive_private.h"
51 #include "archive_read_private.h"
52 #include "archive_string.h"
53 
54 /*
55  * An overview of ISO 9660 format:
56  *
57  * Each disk is laid out as follows:
58  *   * 32k reserved for private use
59  *   * Volume descriptor table.  Each volume descriptor
60  *     is 2k and specifies basic format information.
61  *     The "Primary Volume Descriptor" (PVD) is defined by the
62  *     standard and should always be present; other volume
63  *     descriptors include various vendor-specific extensions.
64  *   * Files and directories.  Each file/dir is specified by
65  *     an "extent" (starting sector and length in bytes).
66  *     Dirs are just files with directory records packed one
67  *     after another.  The PVD contains a single dir entry
68  *     specifying the location of the root directory.  Everything
69  *     else follows from there.
70  *
71  * This module works by first reading the volume descriptors, then
72  * building a list of directory entries, sorted by starting
73  * sector.  At each step, I look for the earliest dir entry that
74  * hasn't yet been read, seek forward to that location and read
75  * that entry.  If it's a dir, I slurp in the new dir entries and
76  * add them to the heap; if it's a regular file, I return the
77  * corresponding archive_entry and wait for the client to request
78  * the file body.  This strategy allows us to read most compliant
79  * CDs with a single pass through the data, as required by libarchive.
80  */
81 #define	LOGICAL_BLOCK_SIZE	2048
82 #define	SYSTEM_AREA_BLOCK	16
83 
84 /* Structure of on-disk primary volume descriptor. */
85 #define PVD_type_offset 0
86 #define PVD_type_size 1
87 #define PVD_id_offset (PVD_type_offset + PVD_type_size)
88 #define PVD_id_size 5
89 #define PVD_version_offset (PVD_id_offset + PVD_id_size)
90 #define PVD_version_size 1
91 #define PVD_reserved1_offset (PVD_version_offset + PVD_version_size)
92 #define PVD_reserved1_size 1
93 #define PVD_system_id_offset (PVD_reserved1_offset + PVD_reserved1_size)
94 #define PVD_system_id_size 32
95 #define PVD_volume_id_offset (PVD_system_id_offset + PVD_system_id_size)
96 #define PVD_volume_id_size 32
97 #define PVD_reserved2_offset (PVD_volume_id_offset + PVD_volume_id_size)
98 #define PVD_reserved2_size 8
99 #define PVD_volume_space_size_offset (PVD_reserved2_offset + PVD_reserved2_size)
100 #define PVD_volume_space_size_size 8
101 #define PVD_reserved3_offset (PVD_volume_space_size_offset + PVD_volume_space_size_size)
102 #define PVD_reserved3_size 32
103 #define PVD_volume_set_size_offset (PVD_reserved3_offset + PVD_reserved3_size)
104 #define PVD_volume_set_size_size 4
105 #define PVD_volume_sequence_number_offset (PVD_volume_set_size_offset + PVD_volume_set_size_size)
106 #define PVD_volume_sequence_number_size 4
107 #define PVD_logical_block_size_offset (PVD_volume_sequence_number_offset + PVD_volume_sequence_number_size)
108 #define PVD_logical_block_size_size 4
109 #define PVD_path_table_size_offset (PVD_logical_block_size_offset + PVD_logical_block_size_size)
110 #define PVD_path_table_size_size 8
111 #define PVD_type_1_path_table_offset (PVD_path_table_size_offset + PVD_path_table_size_size)
112 #define PVD_type_1_path_table_size 4
113 #define PVD_opt_type_1_path_table_offset (PVD_type_1_path_table_offset + PVD_type_1_path_table_size)
114 #define PVD_opt_type_1_path_table_size 4
115 #define PVD_type_m_path_table_offset (PVD_opt_type_1_path_table_offset + PVD_opt_type_1_path_table_size)
116 #define PVD_type_m_path_table_size 4
117 #define PVD_opt_type_m_path_table_offset (PVD_type_m_path_table_offset + PVD_type_m_path_table_size)
118 #define PVD_opt_type_m_path_table_size 4
119 #define PVD_root_directory_record_offset (PVD_opt_type_m_path_table_offset + PVD_opt_type_m_path_table_size)
120 #define PVD_root_directory_record_size 34
121 #define PVD_volume_set_id_offset (PVD_root_directory_record_offset + PVD_root_directory_record_size)
122 #define PVD_volume_set_id_size 128
123 #define PVD_publisher_id_offset (PVD_volume_set_id_offset + PVD_volume_set_id_size)
124 #define PVD_publisher_id_size 128
125 #define PVD_preparer_id_offset (PVD_publisher_id_offset + PVD_publisher_id_size)
126 #define PVD_preparer_id_size 128
127 #define PVD_application_id_offset (PVD_preparer_id_offset + PVD_preparer_id_size)
128 #define PVD_application_id_size 128
129 #define PVD_copyright_file_id_offset (PVD_application_id_offset + PVD_application_id_size)
130 #define PVD_copyright_file_id_size 37
131 #define PVD_abstract_file_id_offset (PVD_copyright_file_id_offset + PVD_copyright_file_id_size)
132 #define PVD_abstract_file_id_size 37
133 #define PVD_bibliographic_file_id_offset (PVD_abstract_file_id_offset + PVD_abstract_file_id_size)
134 #define PVD_bibliographic_file_id_size 37
135 #define PVD_creation_date_offset (PVD_bibliographic_file_id_offset + PVD_bibliographic_file_id_size)
136 #define PVD_creation_date_size 17
137 #define PVD_modification_date_offset (PVD_creation_date_offset + PVD_creation_date_size)
138 #define PVD_modification_date_size 17
139 #define PVD_expiration_date_offset (PVD_modification_date_offset + PVD_modification_date_size)
140 #define PVD_expiration_date_size 17
141 #define PVD_effective_date_offset (PVD_expiration_date_offset + PVD_expiration_date_size)
142 #define PVD_effective_date_size 17
143 #define PVD_file_structure_version_offset (PVD_effective_date_offset + PVD_effective_date_size)
144 #define PVD_file_structure_version_size 1
145 #define PVD_reserved4_offset (PVD_file_structure_version_offset + PVD_file_structure_version_size)
146 #define PVD_reserved4_size 1
147 #define PVD_application_data_offset (PVD_reserved4_offset + PVD_reserved4_size)
148 #define PVD_application_data_size 512
149 #define PVD_reserved5_offset (PVD_application_data_offset + PVD_application_data_size)
150 #define PVD_reserved5_size (2048 - PVD_reserved5_offset)
151 
152 /* TODO: It would make future maintenance easier to just hardcode the
153  * above values.  In particular, ECMA119 states the offsets as part of
154  * the standard.  That would eliminate the need for the following check.*/
155 #if PVD_reserved5_offset != 1395
156 #error PVD offset and size definitions are wrong.
157 #endif
158 
159 
160 /* Structure of optional on-disk supplementary volume descriptor. */
161 #define SVD_type_offset 0
162 #define SVD_type_size 1
163 #define SVD_id_offset (SVD_type_offset + SVD_type_size)
164 #define SVD_id_size 5
165 #define SVD_version_offset (SVD_id_offset + SVD_id_size)
166 #define SVD_version_size 1
167 /* ... */
168 #define SVD_reserved1_offset	72
169 #define SVD_reserved1_size	8
170 #define SVD_volume_space_size_offset 80
171 #define SVD_volume_space_size_size 8
172 #define SVD_escape_sequences_offset (SVD_volume_space_size_offset + SVD_volume_space_size_size)
173 #define SVD_escape_sequences_size 32
174 /* ... */
175 #define SVD_logical_block_size_offset 128
176 #define SVD_logical_block_size_size 4
177 #define SVD_type_L_path_table_offset 140
178 #define SVD_type_M_path_table_offset 148
179 /* ... */
180 #define SVD_root_directory_record_offset 156
181 #define SVD_root_directory_record_size 34
182 #define SVD_file_structure_version_offset 881
183 #define SVD_reserved2_offset	882
184 #define SVD_reserved2_size	1
185 #define SVD_reserved3_offset	1395
186 #define SVD_reserved3_size	653
187 /* ... */
188 /* FIXME: validate correctness of last SVD entry offset. */
189 
190 /* Structure of an on-disk directory record. */
191 /* Note:  ISO9660 stores each multi-byte integer twice, once in
192  * each byte order.  The sizes here are the size of just one
193  * of the two integers.  (This is why the offset of a field isn't
194  * the same as the offset+size of the previous field.) */
195 #define DR_length_offset 0
196 #define DR_length_size 1
197 #define DR_ext_attr_length_offset 1
198 #define DR_ext_attr_length_size 1
199 #define DR_extent_offset 2
200 #define DR_extent_size 4
201 #define DR_size_offset 10
202 #define DR_size_size 4
203 #define DR_date_offset 18
204 #define DR_date_size 7
205 #define DR_flags_offset 25
206 #define DR_flags_size 1
207 #define DR_file_unit_size_offset 26
208 #define DR_file_unit_size_size 1
209 #define DR_interleave_offset 27
210 #define DR_interleave_size 1
211 #define DR_volume_sequence_number_offset 28
212 #define DR_volume_sequence_number_size 2
213 #define DR_name_len_offset 32
214 #define DR_name_len_size 1
215 #define DR_name_offset 33
216 
217 #ifdef HAVE_ZLIB_H
218 static const unsigned char zisofs_magic[8] = {
219 	0x37, 0xE4, 0x53, 0x96, 0xC9, 0xDB, 0xD6, 0x07
220 };
221 
222 struct zisofs {
223 	/* Set 1 if this file compressed by paged zlib */
224 	int		 pz;
225 	int		 pz_log2_bs; /* Log2 of block size */
226 	uint64_t	 pz_uncompressed_size;
227 
228 	int		 initialized;
229 	unsigned char	*uncompressed_buffer;
230 	size_t		 uncompressed_buffer_size;
231 
232 	uint32_t	 pz_offset;
233 	unsigned char	 header[16];
234 	size_t		 header_avail;
235 	int		 header_passed;
236 	unsigned char	*block_pointers;
237 	size_t		 block_pointers_alloc;
238 	size_t		 block_pointers_size;
239 	size_t		 block_pointers_avail;
240 	size_t		 block_off;
241 	uint32_t	 block_avail;
242 
243 	z_stream	 stream;
244 	int		 stream_valid;
245 };
246 #else
247 struct zisofs {
248 	/* Set 1 if this file compressed by paged zlib */
249 	int		 pz;
250 };
251 #endif
252 
253 struct content {
254 	uint64_t	 offset;/* Offset on disk.		*/
255 	uint64_t	 size;	/* File size in bytes.		*/
256 	struct content	*next;
257 };
258 
259 /* In-memory storage for a directory record. */
260 struct file_info {
261 	struct file_info	*use_next;
262 	struct file_info	*parent;
263 	struct file_info	*next;
264 	struct file_info	*re_next;
265 	int		 subdirs;
266 	uint64_t	 key;		/* Heap Key.			*/
267 	uint64_t	 offset;	/* Offset on disk.		*/
268 	uint64_t	 size;		/* File size in bytes.		*/
269 	uint32_t	 ce_offset;	/* Offset of CE.		*/
270 	uint32_t	 ce_size;	/* Size of CE.			*/
271 	char		 rr_moved;	/* Flag to rr_moved.		*/
272 	char		 rr_moved_has_re_only;
273 	char		 re;		/* Having RRIP "RE" extension.	*/
274 	char		 re_descendant;
275 	uint64_t	 cl_offset;	/* Having RRIP "CL" extension.	*/
276 	int		 time_is_set;	/* Bitmask indicating which times are known */
277 	time_t		 birthtime;	/* File created time.		*/
278 	time_t		 mtime;		/* File last modified time.	*/
279 	time_t		 atime;		/* File last accessed time.	*/
280 	time_t		 ctime;		/* File attribute change time.	*/
281 	uint64_t	 rdev;		/* Device number.		*/
282 	mode_t		 mode;
283 	uid_t		 uid;
284 	gid_t		 gid;
285 	int64_t		 number;
286 	int		 nlinks;
287 	struct archive_string name; /* Pathname */
288 	unsigned char	*utf16be_name;
289 	size_t		 utf16be_bytes;
290 	char		 name_continues; /* Non-zero if name continues */
291 	struct archive_string symlink;
292 	char		 symlink_continues; /* Non-zero if link continues */
293 	/* Set 1 if this file compressed by paged zlib(zisofs) */
294 	int		 pz;
295 	int		 pz_log2_bs; /* Log2 of block size */
296 	uint64_t	 pz_uncompressed_size;
297 	/* Set 1 if this file is multi extent. */
298 	int		 multi_extent;
299 	struct {
300 		struct content	*first;
301 		struct content	**last;
302 	} contents;
303 	struct {
304 		struct file_info	*first;
305 		struct file_info	**last;
306 	} rede_files;
307 };
308 
309 #define BIRTHTIME_IS_SET 1
310 #define MTIME_IS_SET 2
311 #define ATIME_IS_SET 4
312 #define CTIME_IS_SET 8
313 
314 struct heap_queue {
315 	struct file_info **files;
316 	int		 allocated;
317 	int		 used;
318 };
319 
320 struct iso9660 {
321 	int	magic;
322 #define ISO9660_MAGIC   0x96609660
323 
324 	int opt_support_joliet;
325 	int opt_support_rockridge;
326 
327 	struct archive_string pathname;
328 	char	seenRockridge;	/* Set true if RR extensions are used. */
329 	char	seenSUSP;	/* Set true if SUSP is being used. */
330 	char	seenJoliet;
331 
332 	unsigned char	suspOffset;
333 	struct file_info *rr_moved;
334 	struct read_ce_queue {
335 		struct read_ce_req {
336 			uint64_t	 offset;/* Offset of CE on disk. */
337 			struct file_info *file;
338 		}		*reqs;
339 		int		 cnt;
340 		int		 allocated;
341 	}	read_ce_req;
342 
343 	int64_t		previous_number;
344 	struct archive_string previous_pathname;
345 
346 	struct file_info		*use_files;
347 	struct heap_queue		 pending_files;
348 	struct {
349 		struct file_info	*first;
350 		struct file_info	**last;
351 	}	cache_files;
352 	struct {
353 		struct file_info	*first;
354 		struct file_info	**last;
355 	}	re_files;
356 
357 	uint64_t current_position;
358 	ssize_t	logical_block_size;
359 	uint64_t volume_size; /* Total size of volume in bytes. */
360 	int32_t  volume_block;/* Total size of volume in logical blocks. */
361 
362 	struct vd {
363 		int		location;	/* Location of Extent.	*/
364 		uint32_t	size;
365 	} primary, joliet;
366 
367 	int64_t	entry_sparse_offset;
368 	int64_t	entry_bytes_remaining;
369 	size_t  entry_bytes_unconsumed;
370 	struct zisofs	 entry_zisofs;
371 	struct content	*entry_content;
372 	struct archive_string_conv *sconv_utf16be;
373 	/*
374 	 * Buffers for a full pathname in UTF-16BE in Joliet extensions.
375 	 */
376 #define UTF16_NAME_MAX	1024
377 	unsigned char *utf16be_path;
378 	size_t		 utf16be_path_len;
379 	unsigned char *utf16be_previous_path;
380 	size_t		 utf16be_previous_path_len;
381 	/* Null buffer used in bidder to improve its performance. */
382 	unsigned char	 null[2048];
383 };
384 
385 static int	archive_read_format_iso9660_bid(struct archive_read *, int);
386 static int	archive_read_format_iso9660_options(struct archive_read *,
387 		    const char *, const char *);
388 static int	archive_read_format_iso9660_cleanup(struct archive_read *);
389 static int	archive_read_format_iso9660_read_data(struct archive_read *,
390 		    const void **, size_t *, int64_t *);
391 static int	archive_read_format_iso9660_read_data_skip(struct archive_read *);
392 static int	archive_read_format_iso9660_read_header(struct archive_read *,
393 		    struct archive_entry *);
394 static const char *build_pathname(struct archive_string *, struct file_info *, int);
395 static int	build_pathname_utf16be(unsigned char *, size_t, size_t *,
396 		    struct file_info *);
397 #if DEBUG
398 static void	dump_isodirrec(FILE *, const unsigned char *isodirrec);
399 #endif
400 static time_t	time_from_tm(struct tm *);
401 static time_t	isodate17(const unsigned char *);
402 static int	isodate17_valid(const unsigned char *);
403 static time_t	isodate7(const unsigned char *);
404 static int	isodate7_valid(const unsigned char *);
405 static int	isBootRecord(struct iso9660 *, const unsigned char *);
406 static int	isVolumePartition(struct iso9660 *, const unsigned char *);
407 static int	isVDSetTerminator(struct iso9660 *, const unsigned char *);
408 static int	isJolietSVD(struct iso9660 *, const unsigned char *);
409 static int	isSVD(struct iso9660 *, const unsigned char *);
410 static int	isEVD(struct iso9660 *, const unsigned char *);
411 static int	isPVD(struct iso9660 *, const unsigned char *);
412 static int	isRootDirectoryRecord(const unsigned char *);
413 static int	isValid723Integer(const unsigned char *);
414 static int	isValid733Integer(const unsigned char *);
415 static int	next_cache_entry(struct archive_read *, struct iso9660 *,
416 		    struct file_info **);
417 static int	next_entry_seek(struct archive_read *, struct iso9660 *,
418 		    struct file_info **);
419 static struct file_info *
420 		parse_file_info(struct archive_read *a,
421 		    struct file_info *parent, const unsigned char *isodirrec,
422 		    size_t reclen);
423 static int	parse_rockridge(struct archive_read *a,
424 		    struct file_info *file, const unsigned char *start,
425 		    const unsigned char *end);
426 static int	register_CE(struct archive_read *a, int32_t location,
427 		    struct file_info *file);
428 static int	read_CE(struct archive_read *a, struct iso9660 *iso9660);
429 static void	parse_rockridge_NM1(struct file_info *,
430 		    const unsigned char *, int);
431 static void	parse_rockridge_SL1(struct file_info *,
432 		    const unsigned char *, int);
433 static void	parse_rockridge_TF1(struct file_info *,
434 		    const unsigned char *, int);
435 static void	parse_rockridge_ZF1(struct file_info *,
436 		    const unsigned char *, int);
437 static void	register_file(struct iso9660 *, struct file_info *);
438 static void	release_files(struct iso9660 *);
439 static unsigned	toi(const void *p, int n);
440 static inline void re_add_entry(struct iso9660 *, struct file_info *);
441 static inline struct file_info * re_get_entry(struct iso9660 *);
442 static inline int rede_add_entry(struct file_info *);
443 static inline struct file_info * rede_get_entry(struct file_info *);
444 static inline void cache_add_entry(struct iso9660 *iso9660,
445 		    struct file_info *file);
446 static inline struct file_info *cache_get_entry(struct iso9660 *iso9660);
447 static int	heap_add_entry(struct archive_read *a, struct heap_queue *heap,
448 		    struct file_info *file, uint64_t key);
449 static struct file_info *heap_get_entry(struct heap_queue *heap);
450 
451 #define add_entry(arch, iso9660, file)	\
452 	heap_add_entry(arch, &((iso9660)->pending_files), file, file->offset)
453 #define next_entry(iso9660)		\
454 	heap_get_entry(&((iso9660)->pending_files))
455 
456 int
archive_read_support_format_iso9660(struct archive * _a)457 archive_read_support_format_iso9660(struct archive *_a)
458 {
459 	struct archive_read *a = (struct archive_read *)_a;
460 	struct iso9660 *iso9660;
461 	int r;
462 
463 	archive_check_magic(_a, ARCHIVE_READ_MAGIC,
464 	    ARCHIVE_STATE_NEW, "archive_read_support_format_iso9660");
465 
466 	iso9660 = calloc(1, sizeof(*iso9660));
467 	if (iso9660 == NULL) {
468 		archive_set_error(&a->archive, ENOMEM,
469 		    "Can't allocate iso9660 data");
470 		return (ARCHIVE_FATAL);
471 	}
472 	iso9660->magic = ISO9660_MAGIC;
473 	iso9660->cache_files.first = NULL;
474 	iso9660->cache_files.last = &(iso9660->cache_files.first);
475 	iso9660->re_files.first = NULL;
476 	iso9660->re_files.last = &(iso9660->re_files.first);
477 	/* Enable to support Joliet extensions by default.	*/
478 	iso9660->opt_support_joliet = 1;
479 	/* Enable to support Rock Ridge extensions by default.	*/
480 	iso9660->opt_support_rockridge = 1;
481 
482 	r = __archive_read_register_format(a,
483 	    iso9660,
484 	    "iso9660",
485 	    archive_read_format_iso9660_bid,
486 	    archive_read_format_iso9660_options,
487 	    archive_read_format_iso9660_read_header,
488 	    archive_read_format_iso9660_read_data,
489 	    archive_read_format_iso9660_read_data_skip,
490 	    NULL,
491 	    archive_read_format_iso9660_cleanup,
492 	    NULL,
493 	    NULL);
494 
495 	if (r != ARCHIVE_OK) {
496 		free(iso9660);
497 		return (r);
498 	}
499 	return (ARCHIVE_OK);
500 }
501 
502 
503 static int
archive_read_format_iso9660_bid(struct archive_read * a,int best_bid)504 archive_read_format_iso9660_bid(struct archive_read *a, int best_bid)
505 {
506 	struct iso9660 *iso9660;
507 	ssize_t bytes_read;
508 	const unsigned char *p;
509 	int seenTerminator;
510 
511 	/* If there's already a better bid than we can ever
512 	   make, don't bother testing. */
513 	if (best_bid > 48)
514 		return (-1);
515 
516 	iso9660 = (struct iso9660 *)(a->format->data);
517 
518 	/*
519 	 * Skip the first 32k (reserved area) and get the first
520 	 * 8 sectors of the volume descriptor table.  Of course,
521 	 * if the I/O layer gives us more, we'll take it.
522 	 */
523 #define RESERVED_AREA	(SYSTEM_AREA_BLOCK * LOGICAL_BLOCK_SIZE)
524 	p = __archive_read_ahead(a,
525 	    RESERVED_AREA + 8 * LOGICAL_BLOCK_SIZE,
526 	    &bytes_read);
527 	if (p == NULL)
528 	    return (-1);
529 
530 	/* Skip the reserved area. */
531 	bytes_read -= RESERVED_AREA;
532 	p += RESERVED_AREA;
533 
534 	/* Check each volume descriptor. */
535 	seenTerminator = 0;
536 	for (; bytes_read > LOGICAL_BLOCK_SIZE;
537 	    bytes_read -= LOGICAL_BLOCK_SIZE, p += LOGICAL_BLOCK_SIZE) {
538 		/* Do not handle undefined Volume Descriptor Type. */
539 		if (p[0] >= 4 && p[0] <= 254)
540 			return (0);
541 		/* Standard Identifier must be "CD001" */
542 		if (memcmp(p + 1, "CD001", 5) != 0)
543 			return (0);
544 		if (isPVD(iso9660, p))
545 			continue;
546 		if (!iso9660->joliet.location) {
547 			if (isJolietSVD(iso9660, p))
548 				continue;
549 		}
550 		if (isBootRecord(iso9660, p))
551 			continue;
552 		if (isEVD(iso9660, p))
553 			continue;
554 		if (isSVD(iso9660, p))
555 			continue;
556 		if (isVolumePartition(iso9660, p))
557 			continue;
558 		if (isVDSetTerminator(iso9660, p)) {
559 			seenTerminator = 1;
560 			break;
561 		}
562 		return (0);
563 	}
564 	/*
565 	 * ISO 9660 format must have Primary Volume Descriptor and
566 	 * Volume Descriptor Set Terminator.
567 	 */
568 	if (seenTerminator && iso9660->primary.location > 16)
569 		return (48);
570 
571 	/* We didn't find a valid PVD; return a bid of zero. */
572 	return (0);
573 }
574 
575 static int
archive_read_format_iso9660_options(struct archive_read * a,const char * key,const char * val)576 archive_read_format_iso9660_options(struct archive_read *a,
577 		const char *key, const char *val)
578 {
579 	struct iso9660 *iso9660;
580 
581 	iso9660 = (struct iso9660 *)(a->format->data);
582 
583 	if (strcmp(key, "joliet") == 0) {
584 		if (val == NULL || strcmp(val, "off") == 0 ||
585 				strcmp(val, "ignore") == 0 ||
586 				strcmp(val, "disable") == 0 ||
587 				strcmp(val, "0") == 0)
588 			iso9660->opt_support_joliet = 0;
589 		else
590 			iso9660->opt_support_joliet = 1;
591 		return (ARCHIVE_OK);
592 	}
593 	if (strcmp(key, "rockridge") == 0 ||
594 	    strcmp(key, "Rockridge") == 0) {
595 		iso9660->opt_support_rockridge = val != NULL;
596 		return (ARCHIVE_OK);
597 	}
598 
599 	/* Note: The "warn" return is just to inform the options
600 	 * supervisor that we didn't handle it.  It will generate
601 	 * a suitable error if no one used this option. */
602 	return (ARCHIVE_WARN);
603 }
604 
605 static int
isNull(struct iso9660 * iso9660,const unsigned char * h,unsigned offset,unsigned bytes)606 isNull(struct iso9660 *iso9660, const unsigned char *h, unsigned offset,
607 unsigned bytes)
608 {
609 
610 	while (bytes >= sizeof(iso9660->null)) {
611 		if (!memcmp(iso9660->null, h + offset, sizeof(iso9660->null)))
612 			return (0);
613 		offset += sizeof(iso9660->null);
614 		bytes -= sizeof(iso9660->null);
615 	}
616 	if (bytes)
617 		return memcmp(iso9660->null, h + offset, bytes) == 0;
618 	else
619 		return (1);
620 }
621 
622 static int
isBootRecord(struct iso9660 * iso9660,const unsigned char * h)623 isBootRecord(struct iso9660 *iso9660, const unsigned char *h)
624 {
625 	(void)iso9660; /* UNUSED */
626 
627 	/* Type of the Volume Descriptor Boot Record must be 0. */
628 	if (h[0] != 0)
629 		return (0);
630 
631 	/* Volume Descriptor Version must be 1. */
632 	if (h[6] != 1)
633 		return (0);
634 
635 	return (1);
636 }
637 
638 static int
isVolumePartition(struct iso9660 * iso9660,const unsigned char * h)639 isVolumePartition(struct iso9660 *iso9660, const unsigned char *h)
640 {
641 	int32_t location;
642 
643 	/* Type of the Volume Partition Descriptor must be 3. */
644 	if (h[0] != 3)
645 		return (0);
646 
647 	/* Volume Descriptor Version must be 1. */
648 	if (h[6] != 1)
649 		return (0);
650 	/* Unused Field */
651 	if (h[7] != 0)
652 		return (0);
653 
654 	location = archive_le32dec(h + 72);
655 	if (location <= SYSTEM_AREA_BLOCK ||
656 	    location >= iso9660->volume_block)
657 		return (0);
658 	if ((uint32_t)location != archive_be32dec(h + 76))
659 		return (0);
660 
661 	return (1);
662 }
663 
664 static int
isVDSetTerminator(struct iso9660 * iso9660,const unsigned char * h)665 isVDSetTerminator(struct iso9660 *iso9660, const unsigned char *h)
666 {
667 	(void)iso9660; /* UNUSED */
668 
669 	/* Type of the Volume Descriptor Set Terminator must be 255. */
670 	if (h[0] != 255)
671 		return (0);
672 
673 	/* Volume Descriptor Version must be 1. */
674 	if (h[6] != 1)
675 		return (0);
676 
677 	/* Reserved field must be 0. */
678 	if (!isNull(iso9660, h, 7, 2048-7))
679 		return (0);
680 
681 	return (1);
682 }
683 
684 static int
isJolietSVD(struct iso9660 * iso9660,const unsigned char * h)685 isJolietSVD(struct iso9660 *iso9660, const unsigned char *h)
686 {
687 	const unsigned char *p;
688 	ssize_t logical_block_size;
689 	int32_t volume_block;
690 
691 	/* Check if current sector is a kind of Supplementary Volume
692 	 * Descriptor. */
693 	if (!isSVD(iso9660, h))
694 		return (0);
695 
696 	/* FIXME: do more validations according to joliet spec. */
697 
698 	/* check if this SVD contains joliet extension! */
699 	p = h + SVD_escape_sequences_offset;
700 	/* N.B. Joliet spec says p[1] == '\\', but.... */
701 	if (p[0] == '%' && p[1] == '/') {
702 		int level = 0;
703 
704 		if (p[2] == '@')
705 			level = 1;
706 		else if (p[2] == 'C')
707 			level = 2;
708 		else if (p[2] == 'E')
709 			level = 3;
710 		else /* not joliet */
711 			return (0);
712 
713 		iso9660->seenJoliet = level;
714 
715 	} else /* not joliet */
716 		return (0);
717 
718 	logical_block_size =
719 	    archive_le16dec(h + SVD_logical_block_size_offset);
720 	volume_block = archive_le32dec(h + SVD_volume_space_size_offset);
721 
722 	iso9660->logical_block_size = logical_block_size;
723 	iso9660->volume_block = volume_block;
724 	iso9660->volume_size = logical_block_size * (uint64_t)volume_block;
725 	/* Read Root Directory Record in Volume Descriptor. */
726 	p = h + SVD_root_directory_record_offset;
727 	iso9660->joliet.location = archive_le32dec(p + DR_extent_offset);
728 	iso9660->joliet.size = archive_le32dec(p + DR_size_offset);
729 
730 	return (48);
731 }
732 
733 static int
isSVD(struct iso9660 * iso9660,const unsigned char * h)734 isSVD(struct iso9660 *iso9660, const unsigned char *h)
735 {
736 	const unsigned char *p;
737 	ssize_t logical_block_size;
738 	int32_t volume_block;
739 	int32_t location;
740 
741 	(void)iso9660; /* UNUSED */
742 
743 	/* Type 2 means it's a SVD. */
744 	if (h[SVD_type_offset] != 2)
745 		return (0);
746 
747 	/* Reserved field must be 0. */
748 	if (!isNull(iso9660, h, SVD_reserved1_offset, SVD_reserved1_size))
749 		return (0);
750 	if (!isNull(iso9660, h, SVD_reserved2_offset, SVD_reserved2_size))
751 		return (0);
752 	if (!isNull(iso9660, h, SVD_reserved3_offset, SVD_reserved3_size))
753 		return (0);
754 
755 	/* File structure version must be 1 for ISO9660/ECMA119. */
756 	if (h[SVD_file_structure_version_offset] != 1)
757 		return (0);
758 
759 	logical_block_size =
760 	    archive_le16dec(h + SVD_logical_block_size_offset);
761 	if (logical_block_size <= 0)
762 		return (0);
763 
764 	volume_block = archive_le32dec(h + SVD_volume_space_size_offset);
765 	if (volume_block <= SYSTEM_AREA_BLOCK+4)
766 		return (0);
767 
768 	/* Location of Occurrence of Type L Path Table must be
769 	 * available location,
770 	 * >= SYSTEM_AREA_BLOCK(16) + 2 and < Volume Space Size. */
771 	location = archive_le32dec(h+SVD_type_L_path_table_offset);
772 	if (location < SYSTEM_AREA_BLOCK+2 || location >= volume_block)
773 		return (0);
774 
775 	/* The Type M Path Table must be at a valid location (WinISO
776 	 * and probably other programs omit this, so we allow zero)
777 	 *
778 	 * >= SYSTEM_AREA_BLOCK(16) + 2 and < Volume Space Size. */
779 	location = archive_be32dec(h+SVD_type_M_path_table_offset);
780 	if ((location > 0 && location < SYSTEM_AREA_BLOCK+2)
781 	    || location >= volume_block)
782 		return (0);
783 
784 	/* Read Root Directory Record in Volume Descriptor. */
785 	p = h + SVD_root_directory_record_offset;
786 	if (!isRootDirectoryRecord(p)) {
787 		return (0);
788 	}
789 
790 	return (48);
791 }
792 
793 static int
isEVD(struct iso9660 * iso9660,const unsigned char * h)794 isEVD(struct iso9660 *iso9660, const unsigned char *h)
795 {
796 	const unsigned char *p;
797 	ssize_t logical_block_size;
798 	int32_t volume_block;
799 	int32_t location;
800 
801 	(void)iso9660; /* UNUSED */
802 
803 	/* Type of the Enhanced Volume Descriptor must be 2. */
804 	if (h[PVD_type_offset] != 2)
805 		return (0);
806 
807 	/* EVD version must be 2. */
808 	if (h[PVD_version_offset] != 2)
809 		return (0);
810 
811 	/* Reserved field must be 0. */
812 	if (h[PVD_reserved1_offset] != 0)
813 		return (0);
814 
815 	/* Reserved field must be 0. */
816 	if (!isNull(iso9660, h, PVD_reserved2_offset, PVD_reserved2_size))
817 		return (0);
818 
819 	/* Reserved field must be 0. */
820 	if (!isNull(iso9660, h, PVD_reserved3_offset, PVD_reserved3_size))
821 		return (0);
822 
823 	/* Logical block size must be > 0. */
824 	/* I've looked at Ecma 119 and can't find any stronger
825 	 * restriction on this field. */
826 	logical_block_size =
827 	    archive_le16dec(h + PVD_logical_block_size_offset);
828 	if (logical_block_size <= 0)
829 		return (0);
830 
831 	volume_block =
832 	    archive_le32dec(h + PVD_volume_space_size_offset);
833 	if (volume_block <= SYSTEM_AREA_BLOCK+4)
834 		return (0);
835 
836 	/* File structure version must be 2 for ISO9660:1999. */
837 	if (h[PVD_file_structure_version_offset] != 2)
838 		return (0);
839 
840 	/* Location of Occurrence of Type L Path Table must be
841 	 * available location,
842 	 * >= SYSTEM_AREA_BLOCK(16) + 2 and < Volume Space Size. */
843 	location = archive_le32dec(h+PVD_type_1_path_table_offset);
844 	if (location < SYSTEM_AREA_BLOCK+2 || location >= volume_block)
845 		return (0);
846 
847 	/* Location of Occurrence of Type M Path Table must be
848 	 * available location,
849 	 * >= SYSTEM_AREA_BLOCK(16) + 2 and < Volume Space Size. */
850 	location = archive_be32dec(h+PVD_type_m_path_table_offset);
851 	if ((location > 0 && location < SYSTEM_AREA_BLOCK+2)
852 	    || location >= volume_block)
853 		return (0);
854 
855 	/* Reserved field must be 0. */
856 	if (!isNull(iso9660, h, PVD_reserved4_offset, PVD_reserved4_size))
857 		return (0);
858 
859 	/* Reserved field must be 0. */
860 	if (!isNull(iso9660, h, PVD_reserved5_offset, PVD_reserved5_size))
861 		return (0);
862 
863 	/* Read Root Directory Record in Volume Descriptor. */
864 	p = h + PVD_root_directory_record_offset;
865 	if (!isRootDirectoryRecord(p)) {
866 		return (0);
867 	}
868 
869 	return (48);
870 }
871 
872 static int
isPVD(struct iso9660 * iso9660,const unsigned char * h)873 isPVD(struct iso9660 *iso9660, const unsigned char *h)
874 {
875 	const unsigned char *p;
876 	ssize_t logical_block_size;
877 	int32_t volume_block;
878 	int32_t location;
879 	int i;
880 
881 	/* Type of the Primary Volume Descriptor must be 1. */
882 	if (h[PVD_type_offset] != 1)
883 		return (0);
884 
885 	/* PVD version must be 1. */
886 	if (h[PVD_version_offset] != 1)
887 		return (0);
888 
889 	/* Reserved field must be 0. */
890 	if (h[PVD_reserved1_offset] != 0)
891 		return (0);
892 
893 	/* Reserved field must be 0. */
894 	if (!isNull(iso9660, h, PVD_reserved2_offset, PVD_reserved2_size))
895 		return (0);
896 
897 	/* Volume space size must be encoded according to 7.3.3 */
898 	if (!isValid733Integer(h + PVD_volume_space_size_offset)) {
899 		return (0);
900 	}
901 	volume_block = archive_le32dec(h + PVD_volume_space_size_offset);
902 	if (volume_block <= SYSTEM_AREA_BLOCK+4)
903 		return (0);
904 
905 	/* Reserved field must be 0. */
906 	if (!isNull(iso9660, h, PVD_reserved3_offset, PVD_reserved3_size))
907 		return (0);
908 
909 	/* Volume set size must be encoded according to 7.2.3 */
910 	if (!isValid723Integer(h + PVD_volume_set_size_offset)) {
911 		return (0);
912 	}
913 
914 	/* Volume sequence number must be encoded according to 7.2.3 */
915 	if (!isValid723Integer(h + PVD_volume_sequence_number_offset)) {
916 		return (0);
917 	}
918 
919 	/* Logical block size must be > 0. */
920 	/* I've looked at Ecma 119 and can't find any stronger
921 	 * restriction on this field. */
922 	if (!isValid723Integer(h + PVD_logical_block_size_offset)) {
923 		return (0);
924 	}
925 	logical_block_size =
926 	    archive_le16dec(h + PVD_logical_block_size_offset);
927 	if (logical_block_size <= 0)
928 		return (0);
929 
930 	/* Path Table size must be encoded according to 7.3.3 */
931 	if (!isValid733Integer(h + PVD_path_table_size_offset)) {
932 		return (0);
933 	}
934 
935 	/* File structure version must be 1 for ISO9660/ECMA119. */
936 	if (h[PVD_file_structure_version_offset] != 1)
937 		return (0);
938 
939 	/* Location of Occurrence of Type L Path Table must be
940 	 * available location,
941 	 * > SYSTEM_AREA_BLOCK(16) + 2 and < Volume Space Size. */
942 	location = archive_le32dec(h+PVD_type_1_path_table_offset);
943 	if (location < SYSTEM_AREA_BLOCK+2 || location >= volume_block)
944 		return (0);
945 
946 	/* The Type M Path Table must also be at a valid location
947 	 * (although ECMA 119 requires a Type M Path Table, WinISO and
948 	 * probably other programs omit it, so we permit a zero here)
949 	 *
950 	 * >= SYSTEM_AREA_BLOCK(16) + 2 and < Volume Space Size. */
951 	location = archive_be32dec(h+PVD_type_m_path_table_offset);
952 	if ((location > 0 && location < SYSTEM_AREA_BLOCK+2)
953 	    || location >= volume_block)
954 		return (0);
955 
956 	/* Reserved field must be 0. */
957 	/* But accept NetBSD/FreeBSD "makefs" images with 0x20 here. */
958 	for (i = 0; i < PVD_reserved4_size; ++i)
959 		if (h[PVD_reserved4_offset + i] != 0
960 		    && h[PVD_reserved4_offset + i] != 0x20)
961 			return (0);
962 
963 	/* Reserved field must be 0. */
964 	if (!isNull(iso9660, h, PVD_reserved5_offset, PVD_reserved5_size))
965 		return (0);
966 
967 	/* XXX TODO: Check other values for sanity; reject more
968 	 * malformed PVDs. XXX */
969 
970 	/* Read Root Directory Record in Volume Descriptor. */
971 	p = h + PVD_root_directory_record_offset;
972 	if (!isRootDirectoryRecord(p)) {
973 		return (0);
974 	}
975 
976 	if (!iso9660->primary.location) {
977 		iso9660->logical_block_size = logical_block_size;
978 		iso9660->volume_block = volume_block;
979 		iso9660->volume_size =
980 		    logical_block_size * (uint64_t)volume_block;
981 		iso9660->primary.location =
982 		    archive_le32dec(p + DR_extent_offset);
983 		iso9660->primary.size = archive_le32dec(p + DR_size_offset);
984 	}
985 
986 	return (48);
987 }
988 
989 static int
isRootDirectoryRecord(const unsigned char * p)990 isRootDirectoryRecord(const unsigned char *p) {
991 	int flags;
992 
993 	/* ECMA119/ISO9660 requires that the root directory record be _exactly_ 34 bytes.
994 	 * However, we've seen images that have root directory records up to 68 bytes. */
995 	if (p[DR_length_offset] < 34 || p[DR_length_offset] > 68) {
996 		return (0);
997 	}
998 
999 	/* The root directory location must be a 7.3.3 32-bit integer. */
1000 	if (!isValid733Integer(p + DR_extent_offset)) {
1001 		return (0);
1002 	}
1003 
1004 	/* The root directory size must be a 7.3.3 integer. */
1005 	if (!isValid733Integer(p + DR_size_offset)) {
1006 		return (0);
1007 	}
1008 
1009 	/* According to the standard, certain bits must be one or zero:
1010 	 * Bit 1: must be 1 (this is a directory)
1011 	 * Bit 2: must be 0 (not an associated file)
1012 	 * Bit 3: must be 0 (doesn't use extended attribute record)
1013 	 * Bit 7: must be 0 (final directory record for this file)
1014 	 */
1015 	flags = p[DR_flags_offset];
1016 	if ((flags & 0x8E) != 0x02) {
1017 		return (0);
1018 	}
1019 
1020 	/* Volume sequence number must be a 7.2.3 integer. */
1021 	if (!isValid723Integer(p + DR_volume_sequence_number_offset)) {
1022 		return (0);
1023 	}
1024 
1025 	/* Root directory name is a single zero byte... */
1026 	if (p[DR_name_len_offset] != 1 || p[DR_name_offset] != 0) {
1027 		return (0);
1028 	}
1029 
1030 	/* Nothing looked wrong, so let's accept it. */
1031 	return (1);
1032 }
1033 
1034 static int
read_children(struct archive_read * a,struct file_info * parent)1035 read_children(struct archive_read *a, struct file_info *parent)
1036 {
1037 	struct iso9660 *iso9660;
1038 	const unsigned char *b, *p;
1039 	struct file_info *multi;
1040 	size_t step, skip_size;
1041 
1042 	iso9660 = (struct iso9660 *)(a->format->data);
1043 	/* flush any remaining bytes from the last round to ensure
1044 	 * we're positioned */
1045 	if (iso9660->entry_bytes_unconsumed) {
1046 		__archive_read_consume(a, iso9660->entry_bytes_unconsumed);
1047 		iso9660->entry_bytes_unconsumed = 0;
1048 	}
1049 	if (iso9660->current_position > parent->offset) {
1050 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1051 		    "Ignoring out-of-order directory (%s) %jd > %jd",
1052 		    parent->name.s,
1053 		    (intmax_t)iso9660->current_position,
1054 		    (intmax_t)parent->offset);
1055 		return (ARCHIVE_WARN);
1056 	}
1057 	if (parent->offset + parent->size > iso9660->volume_size) {
1058 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1059 		    "Directory is beyond end-of-media: %s",
1060 		    parent->name.s);
1061 		return (ARCHIVE_WARN);
1062 	}
1063 	if (iso9660->current_position < parent->offset) {
1064 		int64_t skipsize;
1065 
1066 		skipsize = parent->offset - iso9660->current_position;
1067 		skipsize = __archive_read_consume(a, skipsize);
1068 		if (skipsize < 0)
1069 			return ((int)skipsize);
1070 		iso9660->current_position = parent->offset;
1071 	}
1072 
1073 	step = (size_t)(((parent->size + iso9660->logical_block_size -1) /
1074 	    iso9660->logical_block_size) * iso9660->logical_block_size);
1075 	b = __archive_read_ahead(a, step, NULL);
1076 	if (b == NULL) {
1077 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1078 		    "Failed to read full block when scanning "
1079 		    "ISO9660 directory list");
1080 		return (ARCHIVE_FATAL);
1081 	}
1082 	iso9660->current_position += step;
1083 	multi = NULL;
1084 	skip_size = step;
1085 	while (step) {
1086 		p = b;
1087 		b += iso9660->logical_block_size;
1088 		step -= iso9660->logical_block_size;
1089 		for (; *p != 0 && p + DR_name_offset < b && p + *p <= b;
1090 			p += *p) {
1091 			struct file_info *child;
1092 
1093 			/* N.B.: these special directory identifiers
1094 			 * are 8 bit "values" even on a
1095 			 * Joliet CD with UCS-2 (16bit) encoding.
1096 			 */
1097 
1098 			/* Skip '.' entry. */
1099 			if (*(p + DR_name_len_offset) == 1
1100 			    && *(p + DR_name_offset) == '\0')
1101 				continue;
1102 			/* Skip '..' entry. */
1103 			if (*(p + DR_name_len_offset) == 1
1104 			    && *(p + DR_name_offset) == '\001')
1105 				continue;
1106 			child = parse_file_info(a, parent, p, b - p);
1107 			if (child == NULL) {
1108 				__archive_read_consume(a, skip_size);
1109 				return (ARCHIVE_FATAL);
1110 			}
1111 			if (child->cl_offset == 0 &&
1112 			    (child->multi_extent || multi != NULL)) {
1113 				struct content *con;
1114 
1115 				if (multi == NULL) {
1116 					multi = child;
1117 					multi->contents.first = NULL;
1118 					multi->contents.last =
1119 					    &(multi->contents.first);
1120 				}
1121 				con = malloc(sizeof(struct content));
1122 				if (con == NULL) {
1123 					archive_set_error(
1124 					    &a->archive, ENOMEM,
1125 					    "No memory for multi extent");
1126 					__archive_read_consume(a, skip_size);
1127 					return (ARCHIVE_FATAL);
1128 				}
1129 				con->offset = child->offset;
1130 				con->size = child->size;
1131 				con->next = NULL;
1132 				*multi->contents.last = con;
1133 				multi->contents.last = &(con->next);
1134 				if (multi == child) {
1135 					if (add_entry(a, iso9660, child)
1136 					    != ARCHIVE_OK)
1137 						return (ARCHIVE_FATAL);
1138 				} else {
1139 					multi->size += child->size;
1140 					if (!child->multi_extent)
1141 						multi = NULL;
1142 				}
1143 			} else
1144 				if (add_entry(a, iso9660, child) != ARCHIVE_OK)
1145 					return (ARCHIVE_FATAL);
1146 		}
1147 	}
1148 
1149 	__archive_read_consume(a, skip_size);
1150 
1151 	/* Read data which recorded by RRIP "CE" extension. */
1152 	if (read_CE(a, iso9660) != ARCHIVE_OK)
1153 		return (ARCHIVE_FATAL);
1154 
1155 	return (ARCHIVE_OK);
1156 }
1157 
1158 static int
choose_volume(struct archive_read * a,struct iso9660 * iso9660)1159 choose_volume(struct archive_read *a, struct iso9660 *iso9660)
1160 {
1161 	struct file_info *file;
1162 	int64_t skipsize;
1163 	struct vd *vd;
1164 	const void *block;
1165 	char seenJoliet;
1166 
1167 	vd = &(iso9660->primary);
1168 	if (!iso9660->opt_support_joliet)
1169 		iso9660->seenJoliet = 0;
1170 	if (iso9660->seenJoliet &&
1171 		vd->location > iso9660->joliet.location)
1172 		/* This condition is unlikely; by way of caution. */
1173 		vd = &(iso9660->joliet);
1174 
1175 	skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location;
1176 	skipsize = __archive_read_consume(a, skipsize);
1177 	if (skipsize < 0)
1178 		return ((int)skipsize);
1179 	iso9660->current_position = skipsize;
1180 
1181 	block = __archive_read_ahead(a, vd->size, NULL);
1182 	if (block == NULL) {
1183 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1184 		    "Failed to read full block when scanning "
1185 		    "ISO9660 directory list");
1186 		return (ARCHIVE_FATAL);
1187 	}
1188 
1189 	/*
1190 	 * While reading Root Directory, flag seenJoliet must be zero to
1191 	 * avoid converting special name 0x00(Current Directory) and
1192 	 * next byte to UCS2.
1193 	 */
1194 	seenJoliet = iso9660->seenJoliet;/* Save flag. */
1195 	iso9660->seenJoliet = 0;
1196 	file = parse_file_info(a, NULL, block, vd->size);
1197 	if (file == NULL)
1198 		return (ARCHIVE_FATAL);
1199 	iso9660->seenJoliet = seenJoliet;
1200 
1201 	/*
1202 	 * If the iso image has both RockRidge and Joliet, we preferentially
1203 	 * use RockRidge Extensions rather than Joliet ones.
1204 	 */
1205 	if (vd == &(iso9660->primary) && iso9660->seenRockridge
1206 	    && iso9660->seenJoliet)
1207 		iso9660->seenJoliet = 0;
1208 
1209 	if (vd == &(iso9660->primary) && !iso9660->seenRockridge
1210 	    && iso9660->seenJoliet) {
1211 		/* Switch reading data from primary to joliet. */
1212 		vd = &(iso9660->joliet);
1213 		skipsize = LOGICAL_BLOCK_SIZE * (int64_t)vd->location;
1214 		skipsize -= iso9660->current_position;
1215 		skipsize = __archive_read_consume(a, skipsize);
1216 		if (skipsize < 0)
1217 			return ((int)skipsize);
1218 		iso9660->current_position += skipsize;
1219 
1220 		block = __archive_read_ahead(a, vd->size, NULL);
1221 		if (block == NULL) {
1222 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1223 			    "Failed to read full block when scanning "
1224 			    "ISO9660 directory list");
1225 			return (ARCHIVE_FATAL);
1226 		}
1227 		iso9660->seenJoliet = 0;
1228 		file = parse_file_info(a, NULL, block, vd->size);
1229 		if (file == NULL)
1230 			return (ARCHIVE_FATAL);
1231 		iso9660->seenJoliet = seenJoliet;
1232 	}
1233 
1234 	/* Store the root directory in the pending list. */
1235 	if (add_entry(a, iso9660, file) != ARCHIVE_OK)
1236 		return (ARCHIVE_FATAL);
1237 	if (iso9660->seenRockridge) {
1238 		a->archive.archive_format = ARCHIVE_FORMAT_ISO9660_ROCKRIDGE;
1239 		a->archive.archive_format_name =
1240 		    "ISO9660 with Rockridge extensions";
1241 	}
1242 
1243 	return (ARCHIVE_OK);
1244 }
1245 
1246 static int
archive_read_format_iso9660_read_header(struct archive_read * a,struct archive_entry * entry)1247 archive_read_format_iso9660_read_header(struct archive_read *a,
1248     struct archive_entry *entry)
1249 {
1250 	struct iso9660 *iso9660;
1251 	struct file_info *file;
1252 	int r, rd_r = ARCHIVE_OK;
1253 
1254 	iso9660 = (struct iso9660 *)(a->format->data);
1255 
1256 	if (!a->archive.archive_format) {
1257 		a->archive.archive_format = ARCHIVE_FORMAT_ISO9660;
1258 		a->archive.archive_format_name = "ISO9660";
1259 	}
1260 
1261 	if (iso9660->current_position == 0) {
1262 		r = choose_volume(a, iso9660);
1263 		if (r != ARCHIVE_OK)
1264 			return (r);
1265 	}
1266 
1267 	file = NULL;/* Eliminate a warning. */
1268 	/* Get the next entry that appears after the current offset. */
1269 	r = next_entry_seek(a, iso9660, &file);
1270 	if (r != ARCHIVE_OK)
1271 		return (r);
1272 
1273 	if (iso9660->seenJoliet) {
1274 		/*
1275 		 * Convert UTF-16BE of a filename to local locale MBS
1276 		 * and store the result into a filename field.
1277 		 */
1278 		if (iso9660->sconv_utf16be == NULL) {
1279 			iso9660->sconv_utf16be =
1280 			    archive_string_conversion_from_charset(
1281 				&(a->archive), "UTF-16BE", 1);
1282 			if (iso9660->sconv_utf16be == NULL)
1283 				/* Couldn't allocate memory */
1284 				return (ARCHIVE_FATAL);
1285 		}
1286 		if (iso9660->utf16be_path == NULL) {
1287 			iso9660->utf16be_path = malloc(UTF16_NAME_MAX);
1288 			if (iso9660->utf16be_path == NULL) {
1289 				archive_set_error(&a->archive, ENOMEM,
1290 				    "No memory");
1291 				return (ARCHIVE_FATAL);
1292 			}
1293 		}
1294 		if (iso9660->utf16be_previous_path == NULL) {
1295 			iso9660->utf16be_previous_path = calloc(1, UTF16_NAME_MAX);
1296 			if (iso9660->utf16be_previous_path == NULL) {
1297 				archive_set_error(&a->archive, ENOMEM,
1298 				    "No memory");
1299 				return (ARCHIVE_FATAL);
1300 			}
1301 		}
1302 
1303 		iso9660->utf16be_path_len = 0;
1304 		if (build_pathname_utf16be(iso9660->utf16be_path,
1305 		    UTF16_NAME_MAX, &(iso9660->utf16be_path_len), file) != 0) {
1306 			archive_set_error(&a->archive,
1307 			    ARCHIVE_ERRNO_FILE_FORMAT,
1308 			    "Pathname is too long");
1309 			return (ARCHIVE_FATAL);
1310 		}
1311 
1312 		r = archive_entry_copy_pathname_l(entry,
1313 		    (const char *)iso9660->utf16be_path,
1314 		    iso9660->utf16be_path_len,
1315 		    iso9660->sconv_utf16be);
1316 		if (r != 0) {
1317 			if (errno == ENOMEM) {
1318 				archive_set_error(&a->archive, ENOMEM,
1319 				    "No memory for Pathname");
1320 				return (ARCHIVE_FATAL);
1321 			}
1322 			archive_set_error(&a->archive,
1323 			    ARCHIVE_ERRNO_FILE_FORMAT,
1324 			    "Pathname cannot be converted "
1325 			    "from %s to current locale.",
1326 			    archive_string_conversion_charset_name(
1327 			      iso9660->sconv_utf16be));
1328 
1329 			rd_r = ARCHIVE_WARN;
1330 		}
1331 	} else {
1332 		const char *path = build_pathname(&iso9660->pathname, file, 0);
1333 		if (path == NULL) {
1334 			archive_set_error(&a->archive,
1335 			    ARCHIVE_ERRNO_FILE_FORMAT,
1336 			    "Pathname is too long");
1337 			return (ARCHIVE_FATAL);
1338 		} else {
1339 			archive_string_empty(&iso9660->pathname);
1340 			archive_entry_set_pathname(entry, path);
1341 		}
1342 	}
1343 
1344 	iso9660->entry_bytes_remaining = file->size;
1345 	/* Offset for sparse-file-aware clients. */
1346 	iso9660->entry_sparse_offset = 0;
1347 
1348 	if (file->offset + file->size > iso9660->volume_size) {
1349 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1350 		    "File is beyond end-of-media: %s",
1351 		    archive_entry_pathname(entry));
1352 		iso9660->entry_bytes_remaining = 0;
1353 		return (ARCHIVE_WARN);
1354 	}
1355 
1356 	/* Set up the entry structure with information about this entry. */
1357 	archive_entry_set_mode(entry, file->mode);
1358 	archive_entry_set_uid(entry, file->uid);
1359 	archive_entry_set_gid(entry, file->gid);
1360 	archive_entry_set_nlink(entry, file->nlinks);
1361 	if ((file->time_is_set & BIRTHTIME_IS_SET))
1362 		archive_entry_set_birthtime(entry, file->birthtime, 0);
1363 	else
1364 		archive_entry_unset_birthtime(entry);
1365 	if ((file->time_is_set & MTIME_IS_SET))
1366 		archive_entry_set_mtime(entry, file->mtime, 0);
1367 	else
1368 		archive_entry_unset_mtime(entry);
1369 	if ((file->time_is_set & CTIME_IS_SET))
1370 		archive_entry_set_ctime(entry, file->ctime, 0);
1371 	else
1372 		archive_entry_unset_ctime(entry);
1373 	if ((file->time_is_set & ATIME_IS_SET))
1374 		archive_entry_set_atime(entry, file->atime, 0);
1375 	else
1376 		archive_entry_unset_atime(entry);
1377 	/* N.B.: Rock Ridge supports 64-bit device numbers. */
1378 	archive_entry_set_rdev(entry, (dev_t)file->rdev);
1379 	archive_entry_set_size(entry, iso9660->entry_bytes_remaining);
1380 	if (file->symlink.s != NULL)
1381 		archive_entry_copy_symlink(entry, file->symlink.s);
1382 
1383 	/* Note: If the input isn't seekable, we can't rewind to
1384 	 * return the same body again, so if the next entry refers to
1385 	 * the same data, we have to return it as a hardlink to the
1386 	 * original entry. */
1387 	if (file->number != -1 &&
1388 	    file->number == iso9660->previous_number) {
1389 		if (iso9660->seenJoliet) {
1390 			r = archive_entry_copy_hardlink_l(entry,
1391 			    (const char *)iso9660->utf16be_previous_path,
1392 			    iso9660->utf16be_previous_path_len,
1393 			    iso9660->sconv_utf16be);
1394 			if (r != 0) {
1395 				if (errno == ENOMEM) {
1396 					archive_set_error(&a->archive, ENOMEM,
1397 					    "No memory for Linkname");
1398 					return (ARCHIVE_FATAL);
1399 				}
1400 				archive_set_error(&a->archive,
1401 				    ARCHIVE_ERRNO_FILE_FORMAT,
1402 				    "Linkname cannot be converted "
1403 				    "from %s to current locale.",
1404 				    archive_string_conversion_charset_name(
1405 				      iso9660->sconv_utf16be));
1406 				rd_r = ARCHIVE_WARN;
1407 			}
1408 		} else
1409 			archive_entry_set_hardlink(entry,
1410 			    iso9660->previous_pathname.s);
1411 		archive_entry_unset_size(entry);
1412 		iso9660->entry_bytes_remaining = 0;
1413 		return (rd_r);
1414 	}
1415 
1416 	if ((file->mode & AE_IFMT) != AE_IFDIR &&
1417 	    file->offset < iso9660->current_position) {
1418 		int64_t r64;
1419 
1420 		r64 = __archive_read_seek(a, file->offset, SEEK_SET);
1421 		if (r64 != (int64_t)file->offset) {
1422 			/* We can't seek backwards to extract it, so issue
1423 			 * a warning.  Note that this can only happen if
1424 			 * this entry was added to the heap after we passed
1425 			 * this offset, that is, only if the directory
1426 			 * mentioning this entry is later than the body of
1427 			 * the entry. Such layouts are very unusual; most
1428 			 * ISO9660 writers lay out and record all directory
1429 			 * information first, then store all file bodies. */
1430 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1431 			    "Ignoring out-of-order file @%jx (%s) %jd < %jd",
1432 			    (uintmax_t)file->number,
1433 			    iso9660->pathname.s,
1434 			    (intmax_t)file->offset,
1435 			    (intmax_t)iso9660->current_position);
1436 			iso9660->entry_bytes_remaining = 0;
1437 			return (ARCHIVE_WARN);
1438 		}
1439 		iso9660->current_position = (uint64_t)r64;
1440 	}
1441 
1442 	/* Initialize zisofs variables. */
1443 	iso9660->entry_zisofs.pz = file->pz;
1444 	if (file->pz) {
1445 #ifdef HAVE_ZLIB_H
1446 		struct zisofs  *zisofs;
1447 
1448 		zisofs = &iso9660->entry_zisofs;
1449 		zisofs->initialized = 0;
1450 		zisofs->pz_log2_bs = file->pz_log2_bs;
1451 		zisofs->pz_uncompressed_size = file->pz_uncompressed_size;
1452 		zisofs->pz_offset = 0;
1453 		zisofs->header_avail = 0;
1454 		zisofs->header_passed = 0;
1455 		zisofs->block_pointers_avail = 0;
1456 #endif
1457 		archive_entry_set_size(entry, file->pz_uncompressed_size);
1458 	}
1459 
1460 	iso9660->previous_number = file->number;
1461 	if (iso9660->seenJoliet) {
1462 		memcpy(iso9660->utf16be_previous_path, iso9660->utf16be_path,
1463 		    iso9660->utf16be_path_len);
1464 		iso9660->utf16be_previous_path_len = iso9660->utf16be_path_len;
1465 	} else
1466 		archive_strcpy(
1467 		    &iso9660->previous_pathname, iso9660->pathname.s);
1468 
1469 	/* Reset entry_bytes_remaining if the file is multi extent. */
1470 	iso9660->entry_content = file->contents.first;
1471 	if (iso9660->entry_content != NULL)
1472 		iso9660->entry_bytes_remaining = iso9660->entry_content->size;
1473 
1474 	if (archive_entry_filetype(entry) == AE_IFDIR) {
1475 		/* Overwrite nlinks by proper link number which is
1476 		 * calculated from number of sub directories. */
1477 		archive_entry_set_nlink(entry, 2 + file->subdirs);
1478 		/* Directory data has been read completely. */
1479 		iso9660->entry_bytes_remaining = 0;
1480 	}
1481 
1482 	if (rd_r != ARCHIVE_OK)
1483 		return (rd_r);
1484 	return (ARCHIVE_OK);
1485 }
1486 
1487 static int
archive_read_format_iso9660_read_data_skip(struct archive_read * a)1488 archive_read_format_iso9660_read_data_skip(struct archive_read *a)
1489 {
1490 	/* Because read_next_header always does an explicit skip
1491 	 * to the next entry, we don't need to do anything here. */
1492 	(void)a; /* UNUSED */
1493 	return (ARCHIVE_OK);
1494 }
1495 
1496 #ifdef HAVE_ZLIB_H
1497 
1498 static int
zisofs_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1499 zisofs_read_data(struct archive_read *a,
1500     const void **buff, size_t *size, int64_t *offset)
1501 {
1502 	struct iso9660 *iso9660;
1503 	struct zisofs  *zisofs;
1504 	const unsigned char *p;
1505 	size_t avail;
1506 	ssize_t bytes_read;
1507 	size_t uncompressed_size;
1508 	int r;
1509 
1510 	iso9660 = (struct iso9660 *)(a->format->data);
1511 	zisofs = &iso9660->entry_zisofs;
1512 
1513 	p = __archive_read_ahead(a, 1, &bytes_read);
1514 	if (bytes_read <= 0) {
1515 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1516 		    "Truncated zisofs file body");
1517 		return (ARCHIVE_FATAL);
1518 	}
1519 	if (bytes_read > iso9660->entry_bytes_remaining)
1520 		bytes_read = (ssize_t)iso9660->entry_bytes_remaining;
1521 	avail = bytes_read;
1522 	uncompressed_size = 0;
1523 
1524 	if (!zisofs->initialized) {
1525 		size_t ceil, xsize;
1526 
1527 		/* Allocate block pointers buffer. */
1528 		ceil = (size_t)((zisofs->pz_uncompressed_size +
1529 			(((int64_t)1) << zisofs->pz_log2_bs) - 1)
1530 			>> zisofs->pz_log2_bs);
1531 		xsize = (ceil + 1) * 4;
1532 		if (zisofs->block_pointers_alloc < xsize) {
1533 			size_t alloc;
1534 
1535 			if (zisofs->block_pointers != NULL)
1536 				free(zisofs->block_pointers);
1537 			alloc = ((xsize >> 10) + 1) << 10;
1538 			zisofs->block_pointers = malloc(alloc);
1539 			if (zisofs->block_pointers == NULL) {
1540 				archive_set_error(&a->archive, ENOMEM,
1541 				    "No memory for zisofs decompression");
1542 				return (ARCHIVE_FATAL);
1543 			}
1544 			zisofs->block_pointers_alloc = alloc;
1545 		}
1546 		zisofs->block_pointers_size = xsize;
1547 
1548 		/* Allocate uncompressed data buffer. */
1549 		xsize = (size_t)1UL << zisofs->pz_log2_bs;
1550 		if (zisofs->uncompressed_buffer_size < xsize) {
1551 			if (zisofs->uncompressed_buffer != NULL)
1552 				free(zisofs->uncompressed_buffer);
1553 			zisofs->uncompressed_buffer = malloc(xsize);
1554 			if (zisofs->uncompressed_buffer == NULL) {
1555 				archive_set_error(&a->archive, ENOMEM,
1556 				    "No memory for zisofs decompression");
1557 				return (ARCHIVE_FATAL);
1558 			}
1559 		}
1560 		zisofs->uncompressed_buffer_size = xsize;
1561 
1562 		/*
1563 		 * Read the file header, and check the magic code of zisofs.
1564 		 */
1565 		if (zisofs->header_avail < sizeof(zisofs->header)) {
1566 			xsize = sizeof(zisofs->header) - zisofs->header_avail;
1567 			if (avail < xsize)
1568 				xsize = avail;
1569 			memcpy(zisofs->header + zisofs->header_avail, p, xsize);
1570 			zisofs->header_avail += xsize;
1571 			avail -= xsize;
1572 			p += xsize;
1573 		}
1574 		if (!zisofs->header_passed &&
1575 		    zisofs->header_avail == sizeof(zisofs->header)) {
1576 			int err = 0;
1577 
1578 			if (memcmp(zisofs->header, zisofs_magic,
1579 			    sizeof(zisofs_magic)) != 0)
1580 				err = 1;
1581 			if (archive_le32dec(zisofs->header + 8)
1582 			    != zisofs->pz_uncompressed_size)
1583 				err = 1;
1584 			if (zisofs->header[12] != 4)
1585 				err = 1;
1586 			if (zisofs->header[13] != zisofs->pz_log2_bs)
1587 				err = 1;
1588 			if (err) {
1589 				archive_set_error(&a->archive,
1590 				    ARCHIVE_ERRNO_FILE_FORMAT,
1591 				    "Illegal zisofs file body");
1592 				return (ARCHIVE_FATAL);
1593 			}
1594 			zisofs->header_passed = 1;
1595 		}
1596 		/*
1597 		 * Read block pointers.
1598 		 */
1599 		if (zisofs->header_passed &&
1600 		    zisofs->block_pointers_avail < zisofs->block_pointers_size) {
1601 			xsize = zisofs->block_pointers_size
1602 			    - zisofs->block_pointers_avail;
1603 			if (avail < xsize)
1604 				xsize = avail;
1605 			memcpy(zisofs->block_pointers
1606 			    + zisofs->block_pointers_avail, p, xsize);
1607 			zisofs->block_pointers_avail += xsize;
1608 			avail -= xsize;
1609 			p += xsize;
1610 		    	if (zisofs->block_pointers_avail
1611 			    == zisofs->block_pointers_size) {
1612 				/* We've got all block pointers and initialize
1613 				 * related variables.	*/
1614 				zisofs->block_off = 0;
1615 				zisofs->block_avail = 0;
1616 				/* Complete a initialization */
1617 				zisofs->initialized = 1;
1618 			}
1619 		}
1620 
1621 		if (!zisofs->initialized)
1622 			goto next_data; /* We need more data. */
1623 	}
1624 
1625 	/*
1626 	 * Get block offsets from block pointers.
1627 	 */
1628 	if (zisofs->block_avail == 0) {
1629 		uint32_t bst, bed;
1630 
1631 		if (zisofs->block_off + 4 >= zisofs->block_pointers_size) {
1632 			/* There isn't a pair of offsets. */
1633 			archive_set_error(&a->archive,
1634 			    ARCHIVE_ERRNO_FILE_FORMAT,
1635 			    "Illegal zisofs block pointers");
1636 			return (ARCHIVE_FATAL);
1637 		}
1638 		bst = archive_le32dec(
1639 		    zisofs->block_pointers + zisofs->block_off);
1640 		if (bst != zisofs->pz_offset + (bytes_read - avail)) {
1641 			/* TODO: Should we seek offset of current file
1642 			 * by bst ? */
1643 			archive_set_error(&a->archive,
1644 			    ARCHIVE_ERRNO_FILE_FORMAT,
1645 			    "Illegal zisofs block pointers(cannot seek)");
1646 			return (ARCHIVE_FATAL);
1647 		}
1648 		bed = archive_le32dec(
1649 		    zisofs->block_pointers + zisofs->block_off + 4);
1650 		if (bed < bst) {
1651 			archive_set_error(&a->archive,
1652 			    ARCHIVE_ERRNO_FILE_FORMAT,
1653 			    "Illegal zisofs block pointers");
1654 			return (ARCHIVE_FATAL);
1655 		}
1656 		zisofs->block_avail = bed - bst;
1657 		zisofs->block_off += 4;
1658 
1659 		/* Initialize compression library for new block. */
1660 		if (zisofs->stream_valid)
1661 			r = inflateReset(&zisofs->stream);
1662 		else
1663 			r = inflateInit(&zisofs->stream);
1664 		if (r != Z_OK) {
1665 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1666 			    "Can't initialize zisofs decompression.");
1667 			return (ARCHIVE_FATAL);
1668 		}
1669 		zisofs->stream_valid = 1;
1670 		zisofs->stream.total_in = 0;
1671 		zisofs->stream.total_out = 0;
1672 	}
1673 
1674 	/*
1675 	 * Make uncompressed data.
1676 	 */
1677 	if (zisofs->block_avail == 0) {
1678 		memset(zisofs->uncompressed_buffer, 0,
1679 		    zisofs->uncompressed_buffer_size);
1680 		uncompressed_size = zisofs->uncompressed_buffer_size;
1681 	} else {
1682 		zisofs->stream.next_in = (Bytef *)(uintptr_t)(const void *)p;
1683 		if (avail > zisofs->block_avail)
1684 			zisofs->stream.avail_in = zisofs->block_avail;
1685 		else
1686 			zisofs->stream.avail_in = (uInt)avail;
1687 		zisofs->stream.next_out = zisofs->uncompressed_buffer;
1688 		zisofs->stream.avail_out =
1689 		    (uInt)zisofs->uncompressed_buffer_size;
1690 
1691 		r = inflate(&zisofs->stream, 0);
1692 		switch (r) {
1693 		case Z_OK: /* Decompressor made some progress.*/
1694 		case Z_STREAM_END: /* Found end of stream. */
1695 			break;
1696 		default:
1697 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1698 			    "zisofs decompression failed (%d)", r);
1699 			return (ARCHIVE_FATAL);
1700 		}
1701 		uncompressed_size =
1702 		    zisofs->uncompressed_buffer_size - zisofs->stream.avail_out;
1703 		avail -= zisofs->stream.next_in - p;
1704 		zisofs->block_avail -= (uint32_t)(zisofs->stream.next_in - p);
1705 	}
1706 next_data:
1707 	bytes_read -= avail;
1708 	*buff = zisofs->uncompressed_buffer;
1709 	*size = uncompressed_size;
1710 	*offset = iso9660->entry_sparse_offset;
1711 	iso9660->entry_sparse_offset += uncompressed_size;
1712 	iso9660->entry_bytes_remaining -= bytes_read;
1713 	iso9660->current_position += bytes_read;
1714 	zisofs->pz_offset += (uint32_t)bytes_read;
1715 	iso9660->entry_bytes_unconsumed += bytes_read;
1716 
1717 	return (ARCHIVE_OK);
1718 }
1719 
1720 #else /* HAVE_ZLIB_H */
1721 
1722 static int
zisofs_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1723 zisofs_read_data(struct archive_read *a,
1724     const void **buff, size_t *size, int64_t *offset)
1725 {
1726 
1727 	(void)buff;/* UNUSED */
1728 	(void)size;/* UNUSED */
1729 	(void)offset;/* UNUSED */
1730 	archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1731 	    "zisofs is not supported on this platform.");
1732 	return (ARCHIVE_FAILED);
1733 }
1734 
1735 #endif /* HAVE_ZLIB_H */
1736 
1737 static int
archive_read_format_iso9660_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1738 archive_read_format_iso9660_read_data(struct archive_read *a,
1739     const void **buff, size_t *size, int64_t *offset)
1740 {
1741 	ssize_t bytes_read;
1742 	struct iso9660 *iso9660;
1743 
1744 	iso9660 = (struct iso9660 *)(a->format->data);
1745 
1746 	if (iso9660->entry_bytes_unconsumed) {
1747 		__archive_read_consume(a, iso9660->entry_bytes_unconsumed);
1748 		iso9660->entry_bytes_unconsumed = 0;
1749 	}
1750 
1751 	if (iso9660->entry_bytes_remaining <= 0) {
1752 		if (iso9660->entry_content != NULL)
1753 			iso9660->entry_content = iso9660->entry_content->next;
1754 		if (iso9660->entry_content == NULL) {
1755 			*buff = NULL;
1756 			*size = 0;
1757 			*offset = iso9660->entry_sparse_offset;
1758 			return (ARCHIVE_EOF);
1759 		}
1760 		/* Seek forward to the start of the entry. */
1761 		if (iso9660->current_position < iso9660->entry_content->offset) {
1762 			int64_t step;
1763 
1764 			step = iso9660->entry_content->offset -
1765 			    iso9660->current_position;
1766 			step = __archive_read_consume(a, step);
1767 			if (step < 0)
1768 				return ((int)step);
1769 			iso9660->current_position =
1770 			    iso9660->entry_content->offset;
1771 		}
1772 		if (iso9660->entry_content->offset < iso9660->current_position) {
1773 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1774 			    "Ignoring out-of-order file (%s) %jd < %jd",
1775 			    iso9660->pathname.s,
1776 			    (intmax_t)iso9660->entry_content->offset,
1777 			    (intmax_t)iso9660->current_position);
1778 			*buff = NULL;
1779 			*size = 0;
1780 			*offset = iso9660->entry_sparse_offset;
1781 			return (ARCHIVE_WARN);
1782 		}
1783 		iso9660->entry_bytes_remaining = iso9660->entry_content->size;
1784 	}
1785 	if (iso9660->entry_zisofs.pz)
1786 		return (zisofs_read_data(a, buff, size, offset));
1787 
1788 	*buff = __archive_read_ahead(a, 1, &bytes_read);
1789 	if (bytes_read == 0)
1790 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1791 		    "Truncated input file");
1792 	if (*buff == NULL)
1793 		return (ARCHIVE_FATAL);
1794 	if (bytes_read > iso9660->entry_bytes_remaining)
1795 		bytes_read = (ssize_t)iso9660->entry_bytes_remaining;
1796 	*size = bytes_read;
1797 	*offset = iso9660->entry_sparse_offset;
1798 	iso9660->entry_sparse_offset += bytes_read;
1799 	iso9660->entry_bytes_remaining -= bytes_read;
1800 	iso9660->entry_bytes_unconsumed = bytes_read;
1801 	iso9660->current_position += bytes_read;
1802 	return (ARCHIVE_OK);
1803 }
1804 
1805 static int
archive_read_format_iso9660_cleanup(struct archive_read * a)1806 archive_read_format_iso9660_cleanup(struct archive_read *a)
1807 {
1808 	struct iso9660 *iso9660;
1809 	int r = ARCHIVE_OK;
1810 
1811 	iso9660 = (struct iso9660 *)(a->format->data);
1812 	release_files(iso9660);
1813 	free(iso9660->read_ce_req.reqs);
1814 	archive_string_free(&iso9660->pathname);
1815 	archive_string_free(&iso9660->previous_pathname);
1816 	free(iso9660->pending_files.files);
1817 #ifdef HAVE_ZLIB_H
1818 	free(iso9660->entry_zisofs.uncompressed_buffer);
1819 	free(iso9660->entry_zisofs.block_pointers);
1820 	if (iso9660->entry_zisofs.stream_valid) {
1821 		if (inflateEnd(&iso9660->entry_zisofs.stream) != Z_OK) {
1822 			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1823 			    "Failed to clean up zlib decompressor");
1824 			r = ARCHIVE_FATAL;
1825 		}
1826 	}
1827 #endif
1828 	free(iso9660->utf16be_path);
1829 	free(iso9660->utf16be_previous_path);
1830 	free(iso9660);
1831 	(a->format->data) = NULL;
1832 	return (r);
1833 }
1834 
1835 /*
1836  * This routine parses a single ISO directory record, makes sense
1837  * of any extensions, and stores the result in memory.
1838  */
1839 static struct file_info *
parse_file_info(struct archive_read * a,struct file_info * parent,const unsigned char * isodirrec,size_t reclen)1840 parse_file_info(struct archive_read *a, struct file_info *parent,
1841     const unsigned char *isodirrec, size_t reclen)
1842 {
1843 	struct iso9660 *iso9660;
1844 	struct file_info *file, *filep;
1845 	size_t name_len;
1846 	const unsigned char *rr_start, *rr_end;
1847 	const unsigned char *p;
1848 	size_t dr_len = 0;
1849 	uint64_t fsize, offset;
1850 	int32_t location;
1851 	int flags;
1852 
1853 	iso9660 = (struct iso9660 *)(a->format->data);
1854 
1855 	if (reclen != 0)
1856 		dr_len = (size_t)isodirrec[DR_length_offset];
1857 	/*
1858 	 * Sanity check that reclen is not zero and dr_len is greater than
1859 	 * reclen but at least 34
1860 	 */
1861 	if (reclen == 0 || reclen < dr_len || dr_len < 34) {
1862 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1863 			"Invalid length of directory record");
1864 		return (NULL);
1865 	}
1866 	name_len = (size_t)isodirrec[DR_name_len_offset];
1867 	location = archive_le32dec(isodirrec + DR_extent_offset);
1868 	fsize = toi(isodirrec + DR_size_offset, DR_size_size);
1869 	/* Sanity check that name_len doesn't exceed dr_len. */
1870 	if (dr_len - 33 < name_len || name_len == 0) {
1871 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1872 		    "Invalid length of file identifier");
1873 		return (NULL);
1874 	}
1875 	/* Sanity check that location doesn't exceed volume block.
1876 	 * Don't check lower limit of location; it's possibility
1877 	 * the location has negative value when file type is symbolic
1878 	 * link or file size is zero. As far as I know latest mkisofs
1879 	 * do that.
1880 	 */
1881 	if (location > 0 &&
1882 	    (location + ((fsize + iso9660->logical_block_size -1)
1883 	       / iso9660->logical_block_size))
1884 			> (uint32_t)iso9660->volume_block) {
1885 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1886 		    "Invalid location of extent of file");
1887 		return (NULL);
1888 	}
1889 	/* Sanity check that location doesn't have a negative value
1890 	 * when the file is not empty. it's too large. */
1891 	if (fsize != 0 && location < 0) {
1892 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1893 		    "Invalid location of extent of file");
1894 		return (NULL);
1895 	}
1896 
1897 	/* Sanity check that this entry does not create a cycle. */
1898 	offset = iso9660->logical_block_size * (uint64_t)location;
1899 	for (filep = parent; filep != NULL; filep = filep->parent) {
1900 		if (filep->offset == offset) {
1901 			archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1902 			    "Directory structure contains loop");
1903 			return (NULL);
1904 		}
1905 	}
1906 
1907 	/* Create a new file entry and copy data from the ISO dir record. */
1908 	file = calloc(1, sizeof(*file));
1909 	if (file == NULL) {
1910 		archive_set_error(&a->archive, ENOMEM,
1911 		    "No memory for file entry");
1912 		return (NULL);
1913 	}
1914 	file->parent = parent;
1915 	file->offset = offset;
1916 	file->size = fsize;
1917 	if (isodate7_valid(isodirrec + DR_date_offset)) {
1918 		file->time_is_set |= MTIME_IS_SET | ATIME_IS_SET | CTIME_IS_SET;
1919 		file->mtime = isodate7(isodirrec + DR_date_offset);
1920 		file->ctime = file->atime = file->mtime;
1921 	}
1922 	file->rede_files.first = NULL;
1923 	file->rede_files.last = &(file->rede_files.first);
1924 
1925 	p = isodirrec + DR_name_offset;
1926 	/* Rockridge extensions (if any) follow name.  Compute this
1927 	 * before fidgeting the name_len below. */
1928 	rr_start = p + name_len + (name_len & 1 ? 0 : 1);
1929 	rr_end = isodirrec + dr_len;
1930 
1931 	if (iso9660->seenJoliet) {
1932 		/* Joliet names are max 64 chars (128 bytes) according to spec,
1933 		 * but genisoimage/mkisofs allows recording longer Joliet
1934 		 * names which are 103 UCS2 characters(206 bytes) by their
1935 		 * option '-joliet-long'.
1936 		 */
1937 		if (name_len > 206)
1938 			name_len = 206;
1939 		name_len &= ~1;
1940 
1941 		/* trim trailing first version and dot from filename.
1942 		 *
1943 		 * Remember we were in UTF-16BE land!
1944 		 * SEPARATOR 1 (.) and SEPARATOR 2 (;) are both
1945 		 * 16 bits big endian characters on Joliet.
1946 		 *
1947 		 * TODO: sanitize filename?
1948 		 *       Joliet allows any UCS-2 char except:
1949 		 *       *, /, :, ;, ? and \.
1950 		 */
1951 		/* Chop off trailing ';1' from files. */
1952 		if (name_len > 4 && p[name_len-4] == 0 && p[name_len-3] == ';'
1953 		    && p[name_len-2] == 0 && p[name_len-1] == '1')
1954 			name_len -= 4;
1955 #if 0 /* XXX: this somehow manages to strip of single-character file extensions, like '.c'. */
1956 		/* Chop off trailing '.' from filenames. */
1957 		if (name_len > 2 && p[name_len-2] == 0 && p[name_len-1] == '.')
1958 			name_len -= 2;
1959 #endif
1960 		if ((file->utf16be_name = malloc(name_len)) == NULL) {
1961 			archive_set_error(&a->archive, ENOMEM,
1962 			    "No memory for file name");
1963 			goto fail;
1964 		}
1965 		memcpy(file->utf16be_name, p, name_len);
1966 		file->utf16be_bytes = name_len;
1967 	} else {
1968 		/* Chop off trailing ';1' from files. */
1969 		if (name_len > 2 && p[name_len - 2] == ';' &&
1970 				p[name_len - 1] == '1')
1971 			name_len -= 2;
1972 		/* Chop off trailing '.' from filenames. */
1973 		if (name_len > 1 && p[name_len - 1] == '.')
1974 			--name_len;
1975 
1976 		archive_strncpy(&file->name, (const char *)p, name_len);
1977 	}
1978 
1979 	flags = isodirrec[DR_flags_offset];
1980 	if (flags & 0x02)
1981 		file->mode = AE_IFDIR | 0700;
1982 	else
1983 		file->mode = AE_IFREG | 0400;
1984 	if (flags & 0x80)
1985 		file->multi_extent = 1;
1986 	else
1987 		file->multi_extent = 0;
1988 	/*
1989 	 * Use a location for the file number, which is treated as an inode
1990 	 * number to find out hardlink target. If Rockridge extensions is
1991 	 * being used, the file number will be overwritten by FILE SERIAL
1992 	 * NUMBER of RRIP "PX" extension.
1993 	 * Note: Old mkisofs did not record that FILE SERIAL NUMBER
1994 	 * in ISO images.
1995 	 * Note2: xorriso set 0 to the location of a symlink file.
1996 	 */
1997 	if (file->size == 0 && location >= 0) {
1998 		/* If file->size is zero, its location points wrong place,
1999 		 * and so we should not use it for the file number.
2000 		 * When the location has negative value, it can be used
2001 		 * for the file number.
2002 		 */
2003 		file->number = -1;
2004 		/* Do not appear before any directory entries. */
2005 		file->offset = -1;
2006 	} else
2007 		file->number = (int64_t)(uint32_t)location;
2008 
2009 	/* Rockridge extensions overwrite information from above. */
2010 	if (iso9660->opt_support_rockridge) {
2011 		if (parent == NULL && rr_end - rr_start >= 7) {
2012 			p = rr_start;
2013 			if (memcmp(p, "SP\x07\x01\xbe\xef", 6) == 0) {
2014 				/*
2015 				 * SP extension stores the suspOffset
2016 				 * (Number of bytes to skip between
2017 				 * filename and SUSP records.)
2018 				 * It is mandatory by the SUSP standard
2019 				 * (IEEE 1281).
2020 				 *
2021 				 * It allows SUSP to coexist with
2022 				 * non-SUSP uses of the System
2023 				 * Use Area by placing non-SUSP data
2024 				 * before SUSP data.
2025 				 *
2026 				 * SP extension must be in the root
2027 				 * directory entry, disable all SUSP
2028 				 * processing if not found.
2029 				 */
2030 				iso9660->suspOffset = p[6];
2031 				iso9660->seenSUSP = 1;
2032 				rr_start += 7;
2033 			}
2034 		}
2035 		if (iso9660->seenSUSP) {
2036 			int r;
2037 
2038 			file->name_continues = 0;
2039 			file->symlink_continues = 0;
2040 			rr_start += iso9660->suspOffset;
2041 			r = parse_rockridge(a, file, rr_start, rr_end);
2042 			if (r != ARCHIVE_OK)
2043 				goto fail;
2044 			/*
2045 			 * A file size of symbolic link files in ISO images
2046 			 * made by makefs is not zero and its location is
2047 			 * the same as those of next regular file. That is
2048 			 * the same as hard like file and it causes unexpected
2049 			 * error.
2050 			 */
2051 			if (file->size > 0 &&
2052 			    (file->mode & AE_IFMT) == AE_IFLNK) {
2053 				file->size = 0;
2054 				file->number = -1;
2055 				file->offset = -1;
2056 			}
2057 		} else
2058 			/* If there isn't SUSP, disable parsing
2059 			 * rock ridge extensions. */
2060 			iso9660->opt_support_rockridge = 0;
2061 	}
2062 
2063 	file->nlinks = 1;/* Reset nlink. we'll calculate it later. */
2064 	/* Tell file's parent how many children that parent has. */
2065 	if (parent != NULL && (flags & 0x02))
2066 		parent->subdirs++;
2067 
2068 	if (iso9660->seenRockridge) {
2069 		if (parent != NULL && parent->parent == NULL &&
2070 		    (flags & 0x02) && iso9660->rr_moved == NULL &&
2071 		    file->name.s &&
2072 		    (strcmp(file->name.s, "rr_moved") == 0 ||
2073 		     strcmp(file->name.s, ".rr_moved") == 0)) {
2074 			iso9660->rr_moved = file;
2075 			file->rr_moved = 1;
2076 			file->rr_moved_has_re_only = 1;
2077 			file->re = 0;
2078 			parent->subdirs--;
2079 		} else if (file->re) {
2080 			/*
2081 			 * Sanity check: file's parent is rr_moved.
2082 			 */
2083 			if (parent == NULL || parent->rr_moved == 0) {
2084 				archive_set_error(&a->archive,
2085 				    ARCHIVE_ERRNO_MISC,
2086 				    "Invalid Rockridge RE");
2087 				goto fail;
2088 			}
2089 			/*
2090 			 * Sanity check: file does not have "CL" extension.
2091 			 */
2092 			if (file->cl_offset) {
2093 				archive_set_error(&a->archive,
2094 				    ARCHIVE_ERRNO_MISC,
2095 				    "Invalid Rockridge RE and CL");
2096 				goto fail;
2097 			}
2098 			/*
2099 			 * Sanity check: The file type must be a directory.
2100 			 */
2101 			if ((flags & 0x02) == 0) {
2102 				archive_set_error(&a->archive,
2103 				    ARCHIVE_ERRNO_MISC,
2104 				    "Invalid Rockridge RE");
2105 				goto fail;
2106 			}
2107 		} else if (parent != NULL && parent->rr_moved)
2108 			file->rr_moved_has_re_only = 0;
2109 		else if (parent != NULL && (flags & 0x02) &&
2110 		    (parent->re || parent->re_descendant))
2111 			file->re_descendant = 1;
2112 		if (file->cl_offset) {
2113 			struct file_info *r;
2114 
2115 			if (parent == NULL || parent->parent == NULL) {
2116 				archive_set_error(&a->archive,
2117 				    ARCHIVE_ERRNO_MISC,
2118 				    "Invalid Rockridge CL");
2119 				goto fail;
2120 			}
2121 			/*
2122 			 * Sanity check: The file type must be a regular file.
2123 			 */
2124 			if ((flags & 0x02) != 0) {
2125 				archive_set_error(&a->archive,
2126 				    ARCHIVE_ERRNO_MISC,
2127 				    "Invalid Rockridge CL");
2128 				goto fail;
2129 			}
2130 			parent->subdirs++;
2131 			/* Overwrite an offset and a number of this "CL" entry
2132 			 * to appear before other dirs. "+1" to those is to
2133 			 * make sure to appear after "RE" entry which this
2134 			 * "CL" entry should be connected with. */
2135 			file->offset = file->number = file->cl_offset + 1;
2136 
2137 			/*
2138 			 * Sanity check: cl_offset does not point at its
2139 			 * the parents or itself.
2140 			 */
2141 			for (r = parent; r; r = r->parent) {
2142 				if (r->offset == file->cl_offset) {
2143 					archive_set_error(&a->archive,
2144 					    ARCHIVE_ERRNO_MISC,
2145 					    "Invalid Rockridge CL");
2146 					goto fail;
2147 				}
2148 			}
2149 			if (file->cl_offset == file->offset ||
2150 			    parent->rr_moved) {
2151 				archive_set_error(&a->archive,
2152 				    ARCHIVE_ERRNO_MISC,
2153 				    "Invalid Rockridge CL");
2154 				goto fail;
2155 			}
2156 		}
2157 	}
2158 
2159 #if DEBUG
2160 	/* DEBUGGING: Warn about attributes I don't yet fully support. */
2161 	if ((flags & ~0x02) != 0) {
2162 		fprintf(stderr, "\n ** Unrecognized flag: ");
2163 		dump_isodirrec(stderr, isodirrec);
2164 		fprintf(stderr, "\n");
2165 	} else if (toi(isodirrec + DR_volume_sequence_number_offset, 2) != 1) {
2166 		fprintf(stderr, "\n ** Unrecognized sequence number: ");
2167 		dump_isodirrec(stderr, isodirrec);
2168 		fprintf(stderr, "\n");
2169 	} else if (*(isodirrec + DR_file_unit_size_offset) != 0) {
2170 		fprintf(stderr, "\n ** Unexpected file unit size: ");
2171 		dump_isodirrec(stderr, isodirrec);
2172 		fprintf(stderr, "\n");
2173 	} else if (*(isodirrec + DR_interleave_offset) != 0) {
2174 		fprintf(stderr, "\n ** Unexpected interleave: ");
2175 		dump_isodirrec(stderr, isodirrec);
2176 		fprintf(stderr, "\n");
2177 	} else if (*(isodirrec + DR_ext_attr_length_offset) != 0) {
2178 		fprintf(stderr, "\n ** Unexpected extended attribute length: ");
2179 		dump_isodirrec(stderr, isodirrec);
2180 		fprintf(stderr, "\n");
2181 	}
2182 #endif
2183 	register_file(iso9660, file);
2184 	return (file);
2185 fail:
2186 	archive_string_free(&file->name);
2187 	free(file);
2188 	return (NULL);
2189 }
2190 
2191 static int
parse_rockridge(struct archive_read * a,struct file_info * file,const unsigned char * p,const unsigned char * end)2192 parse_rockridge(struct archive_read *a, struct file_info *file,
2193     const unsigned char *p, const unsigned char *end)
2194 {
2195 	struct iso9660 *iso9660;
2196 	int entry_seen = 0;
2197 
2198 	iso9660 = (struct iso9660 *)(a->format->data);
2199 
2200 	while (p + 4 <= end  /* Enough space for another entry. */
2201 	    && p[0] >= 'A' && p[0] <= 'Z' /* Sanity-check 1st char of name. */
2202 	    && p[1] >= 'A' && p[1] <= 'Z' /* Sanity-check 2nd char of name. */
2203 	    && p[2] >= 4 /* Sanity-check length. */
2204 	    && p + p[2] <= end) { /* Sanity-check length. */
2205 		const unsigned char *data = p + 4;
2206 		int data_length = p[2] - 4;
2207 		int version = p[3];
2208 
2209 		switch(p[0]) {
2210 		case 'C':
2211 			if (p[1] == 'E') {
2212 				if (version == 1 && data_length == 24) {
2213 					/*
2214 					 * CE extension comprises:
2215 					 *   8 byte sector containing extension
2216 					 *   8 byte offset w/in above sector
2217 					 *   8 byte length of continuation
2218 					 */
2219 					int32_t location =
2220 					    archive_le32dec(data);
2221 					file->ce_offset =
2222 					    archive_le32dec(data+8);
2223 					file->ce_size =
2224 					    archive_le32dec(data+16);
2225 					if (register_CE(a, location, file)
2226 					    != ARCHIVE_OK)
2227 						return (ARCHIVE_FATAL);
2228 				}
2229 			}
2230 			else if (p[1] == 'L') {
2231 				if (version == 1 && data_length == 8) {
2232 					file->cl_offset = (uint64_t)
2233 					    iso9660->logical_block_size *
2234 					    (uint64_t)archive_le32dec(data);
2235 					iso9660->seenRockridge = 1;
2236 				}
2237 			}
2238 			break;
2239 		case 'N':
2240 			if (p[1] == 'M') {
2241 				if (version == 1) {
2242 					parse_rockridge_NM1(file,
2243 					    data, data_length);
2244 					iso9660->seenRockridge = 1;
2245 				}
2246 			}
2247 			break;
2248 		case 'P':
2249 			/*
2250 			 * PD extension is padding;
2251 			 * contents are always ignored.
2252 			 *
2253 			 * PL extension won't appear;
2254 			 * contents are always ignored.
2255 			 */
2256 			if (p[1] == 'N') {
2257 				if (version == 1 && data_length == 16) {
2258 					file->rdev = toi(data,4);
2259 					file->rdev <<= 32;
2260 					file->rdev |= toi(data + 8, 4);
2261 					iso9660->seenRockridge = 1;
2262 				}
2263 			}
2264 			else if (p[1] == 'X') {
2265 				/*
2266 				 * PX extension comprises:
2267 				 *   8 bytes for mode,
2268 				 *   8 bytes for nlinks,
2269 				 *   8 bytes for uid,
2270 				 *   8 bytes for gid,
2271 				 *   8 bytes for inode.
2272 				 */
2273 				if (version == 1) {
2274 					if (data_length >= 8)
2275 						file->mode
2276 						    = (__LA_MODE_T)toi(data, 4);
2277 					if (data_length >= 16)
2278 						file->nlinks
2279 						    = toi(data + 8, 4);
2280 					if (data_length >= 24)
2281 						file->uid
2282 						    = toi(data + 16, 4);
2283 					if (data_length >= 32)
2284 						file->gid
2285 						    = toi(data + 24, 4);
2286 					if (data_length >= 40)
2287 						file->number
2288 						    = toi(data + 32, 4);
2289 					iso9660->seenRockridge = 1;
2290 				}
2291 			}
2292 			break;
2293 		case 'R':
2294 			if (p[1] == 'E' && version == 1) {
2295 				file->re = 1;
2296 				iso9660->seenRockridge = 1;
2297 			}
2298 			else if (p[1] == 'R' && version == 1) {
2299 				/*
2300 				 * RR extension comprises:
2301 				 *    one byte flag value
2302 				 * This extension is obsolete,
2303 				 * so contents are always ignored.
2304 				 */
2305 			}
2306 			break;
2307 		case 'S':
2308 			if (p[1] == 'L') {
2309 				if (version == 1) {
2310 					parse_rockridge_SL1(file,
2311 					    data, data_length);
2312 					iso9660->seenRockridge = 1;
2313 				}
2314 			}
2315 			else if (p[1] == 'T'
2316 			    && data_length == 0 && version == 1) {
2317 				/*
2318 				 * ST extension marks end of this
2319 				 * block of SUSP entries.
2320 				 *
2321 				 * It allows SUSP to coexist with
2322 				 * non-SUSP uses of the System
2323 				 * Use Area by placing non-SUSP data
2324 				 * after SUSP data.
2325 				 */
2326 				iso9660->seenSUSP = 0;
2327 				iso9660->seenRockridge = 0;
2328 				return (ARCHIVE_OK);
2329 			}
2330 			break;
2331 		case 'T':
2332 			if (p[1] == 'F') {
2333 				if (version == 1) {
2334 					parse_rockridge_TF1(file,
2335 					    data, data_length);
2336 					iso9660->seenRockridge = 1;
2337 				}
2338 			}
2339 			break;
2340 		case 'Z':
2341 			if (p[1] == 'F') {
2342 				if (version == 1)
2343 					parse_rockridge_ZF1(file,
2344 					    data, data_length);
2345 			}
2346 			break;
2347 		default:
2348 			break;
2349 		}
2350 
2351 		p += p[2];
2352 		entry_seen = 1;
2353 	}
2354 
2355 	if (entry_seen)
2356 		return (ARCHIVE_OK);
2357 	else {
2358 		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2359 				  "Tried to parse Rockridge extensions, but none found");
2360 		return (ARCHIVE_WARN);
2361 	}
2362 }
2363 
2364 static int
register_CE(struct archive_read * a,int32_t location,struct file_info * file)2365 register_CE(struct archive_read *a, int32_t location,
2366     struct file_info *file)
2367 {
2368 	struct iso9660 *iso9660;
2369 	struct read_ce_queue *heap;
2370 	struct read_ce_req *p;
2371 	uint64_t offset, parent_offset;
2372 	int hole, parent;
2373 
2374 	iso9660 = (struct iso9660 *)(a->format->data);
2375 	offset = ((uint64_t)location) * (uint64_t)iso9660->logical_block_size;
2376 	if (((file->mode & AE_IFMT) == AE_IFREG &&
2377 	    offset >= file->offset) ||
2378 	    offset < iso9660->current_position ||
2379 	    (((uint64_t)file->ce_offset) + file->ce_size)
2380 	      > (uint64_t)iso9660->logical_block_size ||
2381 	    offset + file->ce_offset + file->ce_size
2382 		  > iso9660->volume_size) {
2383 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2384 		    "Invalid parameter in SUSP \"CE\" extension");
2385 		return (ARCHIVE_FATAL);
2386 	}
2387 
2388 	/* Expand our CE list as necessary. */
2389 	heap = &(iso9660->read_ce_req);
2390 	if (heap->cnt >= heap->allocated) {
2391 		int new_size;
2392 
2393 		if (heap->allocated < 16)
2394 			new_size = 16;
2395 		else
2396 			new_size = heap->allocated * 2;
2397 		/* Overflow might keep us from growing the list. */
2398 		if (new_size <= heap->allocated) {
2399 			archive_set_error(&a->archive, ENOMEM, "Out of memory");
2400 			return (ARCHIVE_FATAL);
2401 		}
2402 		p = calloc(new_size, sizeof(p[0]));
2403 		if (p == NULL) {
2404 			archive_set_error(&a->archive, ENOMEM, "Out of memory");
2405 			return (ARCHIVE_FATAL);
2406 		}
2407 		if (heap->reqs != NULL) {
2408 			memcpy(p, heap->reqs, heap->cnt * sizeof(*p));
2409 			free(heap->reqs);
2410 		}
2411 		heap->reqs = p;
2412 		heap->allocated = new_size;
2413 	}
2414 
2415 	/*
2416 	 * Start with hole at end, walk it up tree to find insertion point.
2417 	 */
2418 	hole = heap->cnt++;
2419 	while (hole > 0) {
2420 		parent = (hole - 1)/2;
2421 		parent_offset = heap->reqs[parent].offset;
2422 		if (offset >= parent_offset) {
2423 			heap->reqs[hole].offset = offset;
2424 			heap->reqs[hole].file = file;
2425 			return (ARCHIVE_OK);
2426 		}
2427 		/* Move parent into hole <==> move hole up tree. */
2428 		heap->reqs[hole] = heap->reqs[parent];
2429 		hole = parent;
2430 	}
2431 	heap->reqs[0].offset = offset;
2432 	heap->reqs[0].file = file;
2433 	return (ARCHIVE_OK);
2434 }
2435 
2436 static void
next_CE(struct read_ce_queue * heap)2437 next_CE(struct read_ce_queue *heap)
2438 {
2439 	uint64_t a_offset, b_offset, c_offset;
2440 	int a, b, c;
2441 	struct read_ce_req tmp;
2442 
2443 	if (heap->cnt < 1)
2444 		return;
2445 
2446 	/*
2447 	 * Move the last item in the heap to the root of the tree
2448 	 */
2449 	heap->reqs[0] = heap->reqs[--(heap->cnt)];
2450 
2451 	/*
2452 	 * Rebalance the heap.
2453 	 */
2454 	a = 0; /* Starting element and its offset */
2455 	a_offset = heap->reqs[a].offset;
2456 	for (;;) {
2457 		b = a + a + 1; /* First child */
2458 		if (b >= heap->cnt)
2459 			return;
2460 		b_offset = heap->reqs[b].offset;
2461 		c = b + 1; /* Use second child if it is smaller. */
2462 		if (c < heap->cnt) {
2463 			c_offset = heap->reqs[c].offset;
2464 			if (c_offset < b_offset) {
2465 				b = c;
2466 				b_offset = c_offset;
2467 			}
2468 		}
2469 		if (a_offset <= b_offset)
2470 			return;
2471 		tmp = heap->reqs[a];
2472 		heap->reqs[a] = heap->reqs[b];
2473 		heap->reqs[b] = tmp;
2474 		a = b;
2475 	}
2476 }
2477 
2478 
2479 static int
read_CE(struct archive_read * a,struct iso9660 * iso9660)2480 read_CE(struct archive_read *a, struct iso9660 *iso9660)
2481 {
2482 	struct read_ce_queue *heap;
2483 	const unsigned char *b, *p, *end;
2484 	struct file_info *file;
2485 	size_t step;
2486 	int r;
2487 
2488 	/* Read data which RRIP "CE" extension points. */
2489 	heap = &(iso9660->read_ce_req);
2490 	step = iso9660->logical_block_size;
2491 	while (heap->cnt &&
2492 	    heap->reqs[0].offset == iso9660->current_position) {
2493 		b = __archive_read_ahead(a, step, NULL);
2494 		if (b == NULL) {
2495 			archive_set_error(&a->archive,
2496 			    ARCHIVE_ERRNO_MISC,
2497 			    "Failed to read full block when scanning "
2498 			    "ISO9660 directory list");
2499 			return (ARCHIVE_FATAL);
2500 		}
2501 		do {
2502 			file = heap->reqs[0].file;
2503 			if (file->ce_offset + file->ce_size > step) {
2504 				archive_set_error(&a->archive,
2505 				    ARCHIVE_ERRNO_FILE_FORMAT,
2506 				    "Malformed CE information");
2507 				return (ARCHIVE_FATAL);
2508 			}
2509 			p = b + file->ce_offset;
2510 			end = p + file->ce_size;
2511 			next_CE(heap);
2512 			r = parse_rockridge(a, file, p, end);
2513 			if (r != ARCHIVE_OK)
2514 				return (ARCHIVE_FATAL);
2515 		} while (heap->cnt &&
2516 		    heap->reqs[0].offset == iso9660->current_position);
2517 		/* NOTE: Do not move this consume's code to front of
2518 		 * do-while loop. Registration of nested CE extension
2519 		 * might cause error because of current position. */
2520 		__archive_read_consume(a, step);
2521 		iso9660->current_position += step;
2522 	}
2523 	return (ARCHIVE_OK);
2524 }
2525 
2526 static void
parse_rockridge_NM1(struct file_info * file,const unsigned char * data,int data_length)2527 parse_rockridge_NM1(struct file_info *file,
2528 		    const unsigned char *data, int data_length)
2529 {
2530 	if (!file->name_continues)
2531 		archive_string_empty(&file->name);
2532 	file->name_continues = 0;
2533 	if (data_length < 1)
2534 		return;
2535 	/*
2536 	 * NM version 1 extension comprises:
2537 	 *   1 byte flag, value is one of:
2538 	 *     = 0: remainder is name
2539 	 *     = 1: remainder is name, next NM entry continues name
2540 	 *     = 2: "."
2541 	 *     = 4: ".."
2542 	 *     = 32: Implementation specific
2543 	 *     All other values are reserved.
2544 	 */
2545 	switch(data[0]) {
2546 	case 0:
2547 		if (data_length < 2)
2548 			return;
2549 		archive_strncat(&file->name,
2550 		    (const char *)data + 1, data_length - 1);
2551 		break;
2552 	case 1:
2553 		if (data_length < 2)
2554 			return;
2555 		archive_strncat(&file->name,
2556 		    (const char *)data + 1, data_length - 1);
2557 		file->name_continues = 1;
2558 		break;
2559 	case 2:
2560 		archive_strcat(&file->name, ".");
2561 		break;
2562 	case 4:
2563 		archive_strcat(&file->name, "..");
2564 		break;
2565 	default:
2566 		return;
2567 	}
2568 
2569 }
2570 
2571 static void
parse_rockridge_TF1(struct file_info * file,const unsigned char * data,int data_length)2572 parse_rockridge_TF1(struct file_info *file, const unsigned char *data,
2573     int data_length)
2574 {
2575 	char flag;
2576 	/*
2577 	 * TF extension comprises:
2578 	 *   one byte flag
2579 	 *   create time (optional)
2580 	 *   modify time (optional)
2581 	 *   access time (optional)
2582 	 *   attribute time (optional)
2583 	 *  Time format and presence of fields
2584 	 *  is controlled by flag bits.
2585 	 */
2586 	if (data_length < 1)
2587 		return;
2588 	flag = data[0];
2589 	++data;
2590 	--data_length;
2591 	if (flag & 0x80) {
2592 		/* Use 17-byte time format. */
2593 		if ((flag & 1) && data_length >= 17) {
2594 			/* Create time. */
2595 			if (isodate17_valid(data)) {
2596 				file->time_is_set |= BIRTHTIME_IS_SET;
2597 				file->birthtime = isodate17(data);
2598 			}
2599 			data += 17;
2600 			data_length -= 17;
2601 		}
2602 		if ((flag & 2) && data_length >= 17) {
2603 			/* Modify time. */
2604 			if (isodate17_valid(data)) {
2605 				file->time_is_set |= MTIME_IS_SET;
2606 				file->mtime = isodate17(data);
2607 			}
2608 			data += 17;
2609 			data_length -= 17;
2610 		}
2611 		if ((flag & 4) && data_length >= 17) {
2612 			/* Access time. */
2613 			if (isodate17_valid(data)) {
2614 				file->time_is_set |= ATIME_IS_SET;
2615 				file->atime = isodate17(data);
2616 			}
2617 			data += 17;
2618 			data_length -= 17;
2619 		}
2620 		if ((flag & 8) && data_length >= 17) {
2621 			/* Attribute change time. */
2622 			if (isodate17_valid(data)) {
2623 				file->time_is_set |= CTIME_IS_SET;
2624 				file->ctime = isodate17(data);
2625 			}
2626 		}
2627 	} else {
2628 		/* Use 7-byte time format. */
2629 		if ((flag & 1) && data_length >= 7) {
2630 			/* Create time. */
2631 			if (isodate7_valid(data)) {
2632 				file->time_is_set |= BIRTHTIME_IS_SET;
2633 				file->birthtime = isodate7(data);
2634 			}
2635 			data += 7;
2636 			data_length -= 7;
2637 		}
2638 		if ((flag & 2) && data_length >= 7) {
2639 			/* Modify time. */
2640 			if (isodate7_valid(data)) {
2641 				file->time_is_set |= MTIME_IS_SET;
2642 				file->mtime = isodate7(data);
2643 			}
2644 			data += 7;
2645 			data_length -= 7;
2646 		}
2647 		if ((flag & 4) && data_length >= 7) {
2648 			/* Access time. */
2649 			if (isodate7_valid(data)) {
2650 				file->time_is_set |= ATIME_IS_SET;
2651 				file->atime = isodate7(data);
2652 			}
2653 			data += 7;
2654 			data_length -= 7;
2655 		}
2656 		if ((flag & 8) && data_length >= 7) {
2657 			/* Attribute change time. */
2658 			if (isodate7_valid(data)) {
2659 				file->time_is_set |= CTIME_IS_SET;
2660 				file->ctime = isodate7(data);
2661 			}
2662 		}
2663 	}
2664 }
2665 
2666 static void
parse_rockridge_SL1(struct file_info * file,const unsigned char * data,int data_length)2667 parse_rockridge_SL1(struct file_info *file, const unsigned char *data,
2668     int data_length)
2669 {
2670 	const char *separator = "";
2671 
2672 	if (!file->symlink_continues || file->symlink.length < 1)
2673 		archive_string_empty(&file->symlink);
2674 	file->symlink_continues = 0;
2675 
2676 	/*
2677 	 * Defined flag values:
2678 	 *  0: This is the last SL record for this symbolic link
2679 	 *  1: this symbolic link field continues in next SL entry
2680 	 *  All other values are reserved.
2681 	 */
2682 	if (data_length < 1)
2683 		return;
2684 	switch(*data) {
2685 	case 0:
2686 		break;
2687 	case 1:
2688 		file->symlink_continues = 1;
2689 		break;
2690 	default:
2691 		return;
2692 	}
2693 	++data;  /* Skip flag byte. */
2694 	--data_length;
2695 
2696 	/*
2697 	 * SL extension body stores "components".
2698 	 * Basically, this is a complicated way of storing
2699 	 * a POSIX path.  It also interferes with using
2700 	 * symlinks for storing non-path data. <sigh>
2701 	 *
2702 	 * Each component is 2 bytes (flag and length)
2703 	 * possibly followed by name data.
2704 	 */
2705 	while (data_length >= 2) {
2706 		unsigned char flag = *data++;
2707 		unsigned char nlen = *data++;
2708 		data_length -= 2;
2709 
2710 		archive_strcat(&file->symlink, separator);
2711 		separator = "/";
2712 
2713 		switch(flag) {
2714 		case 0: /* Usual case, this is text. */
2715 			if (data_length < nlen)
2716 				return;
2717 			archive_strncat(&file->symlink,
2718 			    (const char *)data, nlen);
2719 			break;
2720 		case 0x01: /* Text continues in next component. */
2721 			if (data_length < nlen)
2722 				return;
2723 			archive_strncat(&file->symlink,
2724 			    (const char *)data, nlen);
2725 			separator = "";
2726 			break;
2727 		case 0x02: /* Current dir. */
2728 			archive_strcat(&file->symlink, ".");
2729 			break;
2730 		case 0x04: /* Parent dir. */
2731 			archive_strcat(&file->symlink, "..");
2732 			break;
2733 		case 0x08: /* Root of filesystem. */
2734 			archive_strcat(&file->symlink, "/");
2735 			separator = "";
2736 			break;
2737 		case 0x10: /* Undefined (historically "volume root" */
2738 			archive_string_empty(&file->symlink);
2739 			archive_strcat(&file->symlink, "ROOT");
2740 			break;
2741 		case 0x20: /* Undefined (historically "hostname") */
2742 			archive_strcat(&file->symlink, "hostname");
2743 			break;
2744 		default:
2745 			/* TODO: issue a warning ? */
2746 			return;
2747 		}
2748 		data += nlen;
2749 		data_length -= nlen;
2750 	}
2751 }
2752 
2753 static void
parse_rockridge_ZF1(struct file_info * file,const unsigned char * data,int data_length)2754 parse_rockridge_ZF1(struct file_info *file, const unsigned char *data,
2755     int data_length)
2756 {
2757 
2758 	if (data[0] == 0x70 && data[1] == 0x7a && data_length == 12) {
2759 		/* paged zlib */
2760 		file->pz = 1;
2761 		file->pz_log2_bs = data[3];
2762 		file->pz_uncompressed_size = archive_le32dec(&data[4]);
2763 	}
2764 }
2765 
2766 static void
register_file(struct iso9660 * iso9660,struct file_info * file)2767 register_file(struct iso9660 *iso9660, struct file_info *file)
2768 {
2769 
2770 	file->use_next = iso9660->use_files;
2771 	iso9660->use_files = file;
2772 }
2773 
2774 static void
release_files(struct iso9660 * iso9660)2775 release_files(struct iso9660 *iso9660)
2776 {
2777 	struct content *con, *connext;
2778 	struct file_info *file;
2779 
2780 	file = iso9660->use_files;
2781 	while (file != NULL) {
2782 		struct file_info *next = file->use_next;
2783 
2784 		archive_string_free(&file->name);
2785 		archive_string_free(&file->symlink);
2786 		free(file->utf16be_name);
2787 		con = file->contents.first;
2788 		while (con != NULL) {
2789 			connext = con->next;
2790 			free(con);
2791 			con = connext;
2792 		}
2793 		free(file);
2794 		file = next;
2795 	}
2796 }
2797 
2798 static int
next_entry_seek(struct archive_read * a,struct iso9660 * iso9660,struct file_info ** pfile)2799 next_entry_seek(struct archive_read *a, struct iso9660 *iso9660,
2800     struct file_info **pfile)
2801 {
2802 	struct file_info *file;
2803 	int r;
2804 
2805 	r = next_cache_entry(a, iso9660, pfile);
2806 	if (r != ARCHIVE_OK)
2807 		return (r);
2808 	file = *pfile;
2809 
2810 	/* Don't waste time seeking for zero-length bodies. */
2811 	if (file->size == 0)
2812 		file->offset = iso9660->current_position;
2813 
2814 	/* flush any remaining bytes from the last round to ensure
2815 	 * we're positioned */
2816 	if (iso9660->entry_bytes_unconsumed) {
2817 		__archive_read_consume(a, iso9660->entry_bytes_unconsumed);
2818 		iso9660->entry_bytes_unconsumed = 0;
2819 	}
2820 
2821 	/* Seek forward to the start of the entry. */
2822 	if (iso9660->current_position < file->offset) {
2823 		int64_t step;
2824 
2825 		step = file->offset - iso9660->current_position;
2826 		step = __archive_read_consume(a, step);
2827 		if (step < 0)
2828 			return ((int)step);
2829 		iso9660->current_position = file->offset;
2830 	}
2831 
2832 	/* We found body of file; handle it now. */
2833 	return (ARCHIVE_OK);
2834 }
2835 
2836 static int
next_cache_entry(struct archive_read * a,struct iso9660 * iso9660,struct file_info ** pfile)2837 next_cache_entry(struct archive_read *a, struct iso9660 *iso9660,
2838     struct file_info **pfile)
2839 {
2840 	struct file_info *file;
2841 	struct {
2842 		struct file_info	*first;
2843 		struct file_info	**last;
2844 	}	empty_files;
2845 	int64_t number;
2846 	int count;
2847 
2848 	file = cache_get_entry(iso9660);
2849 	if (file != NULL) {
2850 		*pfile = file;
2851 		return (ARCHIVE_OK);
2852 	}
2853 
2854 	for (;;) {
2855 		struct file_info *re, *d;
2856 
2857 		*pfile = file = next_entry(iso9660);
2858 		if (file == NULL) {
2859 			/*
2860 			 * If directory entries all which are descendant of
2861 			 * rr_moved are still remaining, expose their.
2862 			 */
2863 			if (iso9660->re_files.first != NULL &&
2864 			    iso9660->rr_moved != NULL &&
2865 			    iso9660->rr_moved->rr_moved_has_re_only)
2866 				/* Expose "rr_moved" entry. */
2867 				cache_add_entry(iso9660, iso9660->rr_moved);
2868 			while ((re = re_get_entry(iso9660)) != NULL) {
2869 				/* Expose its descendant dirs. */
2870 				while ((d = rede_get_entry(re)) != NULL)
2871 					cache_add_entry(iso9660, d);
2872 			}
2873 			if (iso9660->cache_files.first != NULL)
2874 				return (next_cache_entry(a, iso9660, pfile));
2875 			return (ARCHIVE_EOF);
2876 		}
2877 
2878 		if (file->cl_offset) {
2879 			struct file_info *first_re = NULL;
2880 			int nexted_re = 0;
2881 
2882 			/*
2883 			 * Find "RE" dir for the current file, which
2884 			 * has "CL" flag.
2885 			 */
2886 			while ((re = re_get_entry(iso9660))
2887 			    != first_re) {
2888 				if (first_re == NULL)
2889 					first_re = re;
2890 				if (re->offset == file->cl_offset) {
2891 					re->parent->subdirs--;
2892 					re->parent = file->parent;
2893 					re->re = 0;
2894 					if (re->parent->re_descendant) {
2895 						nexted_re = 1;
2896 						re->re_descendant = 1;
2897 						if (rede_add_entry(re) < 0)
2898 							goto fatal_rr;
2899 						/* Move a list of descendants
2900 						 * to a new ancestor. */
2901 						while ((d = rede_get_entry(
2902 						    re)) != NULL)
2903 							if (rede_add_entry(d)
2904 							    < 0)
2905 								goto fatal_rr;
2906 						break;
2907 					}
2908 					/* Replace the current file
2909 					 * with "RE" dir */
2910 					*pfile = file = re;
2911 					/* Expose its descendant */
2912 					while ((d = rede_get_entry(
2913 					    file)) != NULL)
2914 						cache_add_entry(
2915 						    iso9660, d);
2916 					break;
2917 				} else
2918 					re_add_entry(iso9660, re);
2919 			}
2920 			if (nexted_re) {
2921 				/*
2922 				 * Do not expose this at this time
2923 				 * because we have not gotten its full-path
2924 				 * name yet.
2925 				 */
2926 				continue;
2927 			}
2928 		} else if ((file->mode & AE_IFMT) == AE_IFDIR) {
2929 			int r;
2930 
2931 			/* Read file entries in this dir. */
2932 			r = read_children(a, file);
2933 			if (r != ARCHIVE_OK)
2934 				return (r);
2935 
2936 			/*
2937 			 * Handle a special dir of Rockridge extensions,
2938 			 * "rr_moved".
2939 			 */
2940 			if (file->rr_moved) {
2941 				/*
2942 				 * If this has only the subdirectories which
2943 				 * have "RE" flags, do not expose at this time.
2944 				 */
2945 				if (file->rr_moved_has_re_only)
2946 					continue;
2947 				/* Otherwise expose "rr_moved" entry. */
2948 			} else if (file->re) {
2949 				/*
2950 				 * Do not expose this at this time
2951 				 * because we have not gotten its full-path
2952 				 * name yet.
2953 				 */
2954 				re_add_entry(iso9660, file);
2955 				continue;
2956 			} else if (file->re_descendant) {
2957 				/*
2958 				 * If the top level "RE" entry of this entry
2959 				 * is not exposed, we, accordingly, should not
2960 				 * expose this entry at this time because
2961 				 * we cannot make its proper full-path name.
2962 				 */
2963 				if (rede_add_entry(file) == 0)
2964 					continue;
2965 				/* Otherwise we can expose this entry because
2966 				 * it seems its top level "RE" has already been
2967 				 * exposed. */
2968 			}
2969 		}
2970 		break;
2971 	}
2972 
2973 	if ((file->mode & AE_IFMT) != AE_IFREG || file->number == -1)
2974 		return (ARCHIVE_OK);
2975 
2976 	count = 0;
2977 	number = file->number;
2978 	iso9660->cache_files.first = NULL;
2979 	iso9660->cache_files.last = &(iso9660->cache_files.first);
2980 	empty_files.first = NULL;
2981 	empty_files.last = &empty_files.first;
2982 	/* Collect files which has the same file serial number.
2983 	 * Peek pending_files so that file which number is different
2984 	 * is not put back. */
2985 	while (iso9660->pending_files.used > 0 &&
2986 	    (iso9660->pending_files.files[0]->number == -1 ||
2987 	     iso9660->pending_files.files[0]->number == number)) {
2988 		if (file->number == -1) {
2989 			/* This file has the same offset
2990 			 * but it's wrong offset which empty files
2991 			 * and symlink files have.
2992 			 * NOTE: This wrong offset was recorded by
2993 			 * old mkisofs utility. If ISO images is
2994 			 * created by latest mkisofs, this does not
2995 			 * happen.
2996 			 */
2997 			file->next = NULL;
2998 			*empty_files.last = file;
2999 			empty_files.last = &(file->next);
3000 		} else {
3001 			count++;
3002 			cache_add_entry(iso9660, file);
3003 		}
3004 		file = next_entry(iso9660);
3005 	}
3006 
3007 	if (count == 0) {
3008 		*pfile = file;
3009 		return ((file == NULL)?ARCHIVE_EOF:ARCHIVE_OK);
3010 	}
3011 	if (file->number == -1) {
3012 		file->next = NULL;
3013 		*empty_files.last = file;
3014 		empty_files.last = &(file->next);
3015 	} else {
3016 		count++;
3017 		cache_add_entry(iso9660, file);
3018 	}
3019 
3020 	if (count > 1) {
3021 		/* The count is the same as number of hardlink,
3022 		 * so much so that each nlinks of files in cache_file
3023 		 * is overwritten by value of the count.
3024 		 */
3025 		for (file = iso9660->cache_files.first;
3026 		    file != NULL; file = file->next)
3027 			file->nlinks = count;
3028 	}
3029 	/* If there are empty files, that files are added
3030 	 * to the tail of the cache_files. */
3031 	if (empty_files.first != NULL) {
3032 		*iso9660->cache_files.last = empty_files.first;
3033 		iso9660->cache_files.last = empty_files.last;
3034 	}
3035 	*pfile = cache_get_entry(iso9660);
3036 	return ((*pfile == NULL)?ARCHIVE_EOF:ARCHIVE_OK);
3037 
3038 fatal_rr:
3039 	archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
3040 	    "Failed to connect 'CL' pointer to 'RE' rr_moved pointer of "
3041 	    "Rockridge extensions: current position = %jd, CL offset = %jd",
3042 	    (intmax_t)iso9660->current_position, (intmax_t)file->cl_offset);
3043 	return (ARCHIVE_FATAL);
3044 }
3045 
3046 static inline void
re_add_entry(struct iso9660 * iso9660,struct file_info * file)3047 re_add_entry(struct iso9660 *iso9660, struct file_info *file)
3048 {
3049 	file->re_next = NULL;
3050 	*iso9660->re_files.last = file;
3051 	iso9660->re_files.last = &(file->re_next);
3052 }
3053 
3054 static inline struct file_info *
re_get_entry(struct iso9660 * iso9660)3055 re_get_entry(struct iso9660 *iso9660)
3056 {
3057 	struct file_info *file;
3058 
3059 	if ((file = iso9660->re_files.first) != NULL) {
3060 		iso9660->re_files.first = file->re_next;
3061 		if (iso9660->re_files.first == NULL)
3062 			iso9660->re_files.last =
3063 			    &(iso9660->re_files.first);
3064 	}
3065 	return (file);
3066 }
3067 
3068 static inline int
rede_add_entry(struct file_info * file)3069 rede_add_entry(struct file_info *file)
3070 {
3071 	struct file_info *re;
3072 
3073 	/*
3074 	 * Find "RE" entry.
3075 	 */
3076 	re = file->parent;
3077 	while (re != NULL && !re->re)
3078 		re = re->parent;
3079 	if (re == NULL)
3080 		return (-1);
3081 
3082 	file->re_next = NULL;
3083 	*re->rede_files.last = file;
3084 	re->rede_files.last = &(file->re_next);
3085 	return (0);
3086 }
3087 
3088 static inline struct file_info *
rede_get_entry(struct file_info * re)3089 rede_get_entry(struct file_info *re)
3090 {
3091 	struct file_info *file;
3092 
3093 	if ((file = re->rede_files.first) != NULL) {
3094 		re->rede_files.first = file->re_next;
3095 		if (re->rede_files.first == NULL)
3096 			re->rede_files.last =
3097 			    &(re->rede_files.first);
3098 	}
3099 	return (file);
3100 }
3101 
3102 static inline void
cache_add_entry(struct iso9660 * iso9660,struct file_info * file)3103 cache_add_entry(struct iso9660 *iso9660, struct file_info *file)
3104 {
3105 	file->next = NULL;
3106 	*iso9660->cache_files.last = file;
3107 	iso9660->cache_files.last = &(file->next);
3108 }
3109 
3110 static inline struct file_info *
cache_get_entry(struct iso9660 * iso9660)3111 cache_get_entry(struct iso9660 *iso9660)
3112 {
3113 	struct file_info *file;
3114 
3115 	if ((file = iso9660->cache_files.first) != NULL) {
3116 		iso9660->cache_files.first = file->next;
3117 		if (iso9660->cache_files.first == NULL)
3118 			iso9660->cache_files.last =
3119 			    &(iso9660->cache_files.first);
3120 	}
3121 	return (file);
3122 }
3123 
3124 static int
heap_add_entry(struct archive_read * a,struct heap_queue * heap,struct file_info * file,uint64_t key)3125 heap_add_entry(struct archive_read *a, struct heap_queue *heap,
3126     struct file_info *file, uint64_t key)
3127 {
3128 	uint64_t file_key, parent_key;
3129 	int hole, parent;
3130 
3131 	/* Reserve 16 bits for possible key collisions (needed for linked items) */
3132 	/* For ISO files with more than 65535 entries, reordering will still occur */
3133 	key <<= 16;
3134 	key += heap->used & 0xFFFF;
3135 
3136 	/* Expand our pending files list as necessary. */
3137 	if (heap->used >= heap->allocated) {
3138 		struct file_info **new_pending_files;
3139 		int new_size = heap->allocated * 2;
3140 
3141 		if (heap->allocated < 1024)
3142 			new_size = 1024;
3143 		/* Overflow might keep us from growing the list. */
3144 		if (new_size <= heap->allocated) {
3145 			archive_set_error(&a->archive,
3146 			    ENOMEM, "Out of memory");
3147 			return (ARCHIVE_FATAL);
3148 		}
3149 		new_pending_files = (struct file_info **)
3150 		    calloc(new_size, sizeof(new_pending_files[0]));
3151 		if (new_pending_files == NULL) {
3152 			archive_set_error(&a->archive,
3153 			    ENOMEM, "Out of memory");
3154 			return (ARCHIVE_FATAL);
3155 		}
3156 		if (heap->allocated)
3157 			memcpy(new_pending_files, heap->files,
3158 			    heap->allocated * sizeof(new_pending_files[0]));
3159 		free(heap->files);
3160 		heap->files = new_pending_files;
3161 		heap->allocated = new_size;
3162 	}
3163 
3164 	file_key = file->key = key;
3165 
3166 	/*
3167 	 * Start with hole at end, walk it up tree to find insertion point.
3168 	 */
3169 	hole = heap->used++;
3170 	while (hole > 0) {
3171 		parent = (hole - 1)/2;
3172 		parent_key = heap->files[parent]->key;
3173 		if (file_key >= parent_key) {
3174 			heap->files[hole] = file;
3175 			return (ARCHIVE_OK);
3176 		}
3177 		/* Move parent into hole <==> move hole up tree. */
3178 		heap->files[hole] = heap->files[parent];
3179 		hole = parent;
3180 	}
3181 	heap->files[0] = file;
3182 
3183 	return (ARCHIVE_OK);
3184 }
3185 
3186 static struct file_info *
heap_get_entry(struct heap_queue * heap)3187 heap_get_entry(struct heap_queue *heap)
3188 {
3189 	uint64_t a_key, b_key, c_key;
3190 	int a, b, c;
3191 	struct file_info *r, *tmp;
3192 
3193 	if (heap->used < 1)
3194 		return (NULL);
3195 
3196 	/*
3197 	 * The first file in the list is the earliest; we'll return this.
3198 	 */
3199 	r = heap->files[0];
3200 
3201 	/*
3202 	 * Move the last item in the heap to the root of the tree
3203 	 */
3204 	heap->files[0] = heap->files[--(heap->used)];
3205 
3206 	/*
3207 	 * Rebalance the heap.
3208 	 */
3209 	a = 0; /* Starting element and its heap key */
3210 	a_key = heap->files[a]->key;
3211 	for (;;) {
3212 		b = a + a + 1; /* First child */
3213 		if (b >= heap->used)
3214 			return (r);
3215 		b_key = heap->files[b]->key;
3216 		c = b + 1; /* Use second child if it is smaller. */
3217 		if (c < heap->used) {
3218 			c_key = heap->files[c]->key;
3219 			if (c_key < b_key) {
3220 				b = c;
3221 				b_key = c_key;
3222 			}
3223 		}
3224 		if (a_key <= b_key)
3225 			return (r);
3226 		tmp = heap->files[a];
3227 		heap->files[a] = heap->files[b];
3228 		heap->files[b] = tmp;
3229 		a = b;
3230 	}
3231 }
3232 
3233 static unsigned int
toi(const void * p,int n)3234 toi(const void *p, int n)
3235 {
3236 	const unsigned char *v = (const unsigned char *)p;
3237 	if (n > 1)
3238 		return v[0] + 256 * toi(v + 1, n - 1);
3239 	if (n == 1)
3240 		return v[0];
3241 	return (0);
3242 }
3243 
3244 /*
3245  * ECMA119/ISO9660 stores multi-byte integers in one of
3246  * three different formats:
3247  *  * Little-endian (specified in section 7.2.1 and 7.3.1)
3248  *  * Big-endian (specified in section 7.2.2 and 7.3.2)
3249  *  * Both (specified in section 7.2.3 and 7.3.3)
3250  *
3251  * For values that follow section 7.2.3 (16-bit) or 7.3.3 (32-bit), we
3252  * can check that the little-endian and big-endian forms agree with
3253  * each other.  This helps us avoid trying to decode files that are
3254  * not really ISO images.
3255  */
3256 static int
isValid723Integer(const unsigned char * p)3257 isValid723Integer(const unsigned char *p) {
3258 	return (p[0] == p[3] && p[1] == p[2]);
3259 }
3260 
3261 static int
isValid733Integer(const unsigned char * p)3262 isValid733Integer(const unsigned char *p)
3263 {
3264 	return (p[0] == p[7]
3265 		&& p[1] == p[6]
3266 		&& p[2] == p[5]
3267 		&& p[3] == p[4]);
3268 }
3269 
3270 static int
isodate7_valid(const unsigned char * v)3271 isodate7_valid(const unsigned char *v)
3272 {
3273 	int year = v[0];
3274 	int month = v[1];
3275 	int day = v[2];
3276 	int hour = v[3];
3277 	int minute = v[4];
3278 	int second = v[5];
3279 	int gmt_off = (signed char)v[6];
3280 
3281 	/* ECMA-119 9.1.5 "If all seven values are zero, it shall mean
3282 	 * that the date is unspecified" */
3283 	if (year == 0
3284 	    && month == 0
3285 	    && day == 0
3286 	    && hour == 0
3287 	    && minute == 0
3288 	    && second == 0
3289 	    && gmt_off == 0)
3290 		return 0;
3291 	/*
3292 	 * Sanity-test each individual field
3293 	 */
3294 	/* Year can have any value */
3295 	/* Month must be 1-12 */
3296 	if (month < 1 || month > 12)
3297 		return 0;
3298 	/* Day must be 1-31 */
3299 	if (day < 1 || day > 31)
3300 		return 0;
3301 	/* Hour must be 0-23 */
3302 	if (hour > 23)
3303 		return 0;
3304 	/* Minute must be 0-59 */
3305 	if (minute > 59)
3306 		return 0;
3307 	/* second must be 0-59 according to ECMA-119 9.1.5 */
3308 	/* BUT: we should probably allow for the time being in UTC, which
3309 	   allows up to 61 seconds in a minute in certain cases */
3310 	if (second > 61)
3311 		return 0;
3312 	/* Offset from GMT must be -48 to +52 */
3313 	if (gmt_off < -48 || gmt_off > +52)
3314 		return 0;
3315 
3316 	/* All tests pass, this is OK */
3317 	return 1;
3318 }
3319 
3320 static time_t
isodate7(const unsigned char * v)3321 isodate7(const unsigned char *v)
3322 {
3323 	struct tm tm;
3324 	int offset;
3325 	time_t t;
3326 
3327 	memset(&tm, 0, sizeof(tm));
3328 	tm.tm_year = v[0];
3329 	tm.tm_mon = v[1] - 1;
3330 	tm.tm_mday = v[2];
3331 	tm.tm_hour = v[3];
3332 	tm.tm_min = v[4];
3333 	tm.tm_sec = v[5];
3334 	/* v[6] is the signed timezone offset, in 1/4-hour increments. */
3335 	offset = ((const signed char *)v)[6];
3336 	if (offset > -48 && offset < 52) {
3337 		tm.tm_hour -= offset / 4;
3338 		tm.tm_min -= (offset % 4) * 15;
3339 	}
3340 	t = time_from_tm(&tm);
3341 	if (t == (time_t)-1)
3342 		return ((time_t)0);
3343 	return (t);
3344 }
3345 
3346 static int
isodate17_valid(const unsigned char * v)3347 isodate17_valid(const unsigned char *v)
3348 {
3349 	/* First 16 bytes are all ASCII digits */
3350 	for (int i = 0; i < 16; i++) {
3351 		if (v[i] < '0' || v[i] > '9')
3352 			return 0;
3353 	}
3354 
3355 	int year = (v[0] - '0') * 1000 + (v[1] - '0') * 100
3356 		+ (v[2] - '0') * 10 + (v[3] - '0');
3357 	int month = (v[4] - '0') * 10 + (v[5] - '0');
3358 	int day = (v[6] - '0') * 10 + (v[7] - '0');
3359 	int hour = (v[8] - '0') * 10 + (v[9] - '0');
3360 	int minute = (v[10] - '0') * 10 + (v[11] - '0');
3361 	int second = (v[12] - '0') * 10 + (v[13] - '0');
3362 	int hundredths = (v[14] - '0') * 10 + (v[15] - '0');
3363 	int gmt_off = (signed char)v[16];
3364 
3365 	if (year == 0 && month == 0 && day == 0
3366 	    && hour == 0 && minute == 0 && second == 0
3367 	    && hundredths == 0 && gmt_off == 0)
3368 		return 0;
3369 	/*
3370 	 * Sanity-test each individual field
3371 	 */
3372 
3373 	/* Year must be 1900-2300 */
3374 	/* (Not specified in ECMA-119, but these seem
3375 	   like reasonable limits. */
3376 	if (year < 1900 || year > 2300)
3377 		return 0;
3378 	/* Month must be 1-12 */
3379 	if (month < 1 || month > 12)
3380 		return 0;
3381 	/* Day must be 1-31 */
3382 	if (day < 1 || day > 31)
3383 		return 0;
3384 	/* Hour must be 0-23 */
3385 	if (hour > 23)
3386 		return 0;
3387 	/* Minute must be 0-59 */
3388 	if (minute > 59)
3389 		return 0;
3390 	/* second must be 0-59 according to ECMA-119 9.1.5 */
3391 	/* BUT: we should probably allow for the time being in UTC, which
3392 	   allows up to 61 seconds in a minute in certain cases */
3393 	if (second > 61)
3394 		return 0;
3395 	/* Hundredths must be 0-99 */
3396 	if (hundredths > 99)
3397 		return 0;
3398 	/* Offset from GMT must be -48 to +52 */
3399 	if (gmt_off < -48 || gmt_off > +52)
3400 		return 0;
3401 
3402 	/* All tests pass, this is OK */
3403 	return 1;
3404 
3405 }
3406 
3407 static time_t
isodate17(const unsigned char * v)3408 isodate17(const unsigned char *v)
3409 {
3410 	struct tm tm;
3411 	int offset;
3412 	time_t t;
3413 
3414 	memset(&tm, 0, sizeof(tm));
3415 	tm.tm_year = (v[0] - '0') * 1000 + (v[1] - '0') * 100
3416 	    + (v[2] - '0') * 10 + (v[3] - '0')
3417 	    - 1900;
3418 	tm.tm_mon = (v[4] - '0') * 10 + (v[5] - '0') - 1;
3419 	tm.tm_mday = (v[6] - '0') * 10 + (v[7] - '0');
3420 	tm.tm_hour = (v[8] - '0') * 10 + (v[9] - '0');
3421 	tm.tm_min = (v[10] - '0') * 10 + (v[11] - '0');
3422 	tm.tm_sec = (v[12] - '0') * 10 + (v[13] - '0');
3423 	/* v[16] is the signed timezone offset, in 1/4-hour increments. */
3424 	offset = ((const signed char *)v)[16];
3425 	if (offset > -48 && offset < 52) {
3426 		tm.tm_hour -= offset / 4;
3427 		tm.tm_min -= (offset % 4) * 15;
3428 	}
3429 	t = time_from_tm(&tm);
3430 	if (t == (time_t)-1)
3431 		return ((time_t)0);
3432 	return (t);
3433 }
3434 
3435 static time_t
time_from_tm(struct tm * t)3436 time_from_tm(struct tm *t)
3437 {
3438 #if HAVE__MKGMTIME
3439         return _mkgmtime(t);
3440 #elif HAVE_TIMEGM
3441         /* Use platform timegm() if available. */
3442         return (timegm(t));
3443 #else
3444         /* Else use direct calculation using POSIX assumptions. */
3445         /* First, fix up tm_yday based on the year/month/day. */
3446         if (mktime(t) == (time_t)-1)
3447                 return ((time_t)-1);
3448         /* Then we can compute timegm() from first principles. */
3449         return (t->tm_sec
3450             + t->tm_min * 60
3451             + t->tm_hour * 3600
3452             + t->tm_yday * 86400
3453             + (t->tm_year - 70) * 31536000
3454             + ((t->tm_year - 69) / 4) * 86400
3455             - ((t->tm_year - 1) / 100) * 86400
3456             + ((t->tm_year + 299) / 400) * 86400);
3457 #endif
3458 }
3459 
3460 static const char *
build_pathname(struct archive_string * as,struct file_info * file,int depth)3461 build_pathname(struct archive_string *as, struct file_info *file, int depth)
3462 {
3463 	// Plain ISO9660 only allows 8 dir levels; if we get
3464 	// to 1000, then something is very, very wrong.
3465 	if (depth > 1000) {
3466 		return NULL;
3467 	}
3468 	if (file->parent != NULL && archive_strlen(&file->parent->name) > 0) {
3469 		if (build_pathname(as, file->parent, depth + 1) == NULL) {
3470 			return NULL;
3471 		}
3472 		archive_strcat(as, "/");
3473 	}
3474 	if (archive_strlen(&file->name) == 0)
3475 		archive_strcat(as, ".");
3476 	else
3477 		archive_string_concat(as, &file->name);
3478 	return (as->s);
3479 }
3480 
3481 static int
build_pathname_utf16be(unsigned char * p,size_t max,size_t * len,struct file_info * file)3482 build_pathname_utf16be(unsigned char *p, size_t max, size_t *len,
3483     struct file_info *file)
3484 {
3485 	if (file->parent != NULL && file->parent->utf16be_bytes > 0) {
3486 		if (build_pathname_utf16be(p, max, len, file->parent) != 0)
3487 			return (-1);
3488 		p[*len] = 0;
3489 		p[*len + 1] = '/';
3490 		*len += 2;
3491 	}
3492 	if (file->utf16be_bytes == 0) {
3493 		if (*len + 2 > max)
3494 			return (-1);/* Path is too long! */
3495 		p[*len] = 0;
3496 		p[*len + 1] = '.';
3497 		*len += 2;
3498 	} else {
3499 		if (*len + file->utf16be_bytes > max)
3500 			return (-1);/* Path is too long! */
3501 		memcpy(p + *len, file->utf16be_name, file->utf16be_bytes);
3502 		*len += file->utf16be_bytes;
3503 	}
3504 	return (0);
3505 }
3506 
3507 #if DEBUG
3508 static void
dump_isodirrec(FILE * out,const unsigned char * isodirrec)3509 dump_isodirrec(FILE *out, const unsigned char *isodirrec)
3510 {
3511 	fprintf(out, " l %d,",
3512 	    toi(isodirrec + DR_length_offset, DR_length_size));
3513 	fprintf(out, " a %d,",
3514 	    toi(isodirrec + DR_ext_attr_length_offset, DR_ext_attr_length_size));
3515 	fprintf(out, " ext 0x%x,",
3516 	    toi(isodirrec + DR_extent_offset, DR_extent_size));
3517 	fprintf(out, " s %d,",
3518 	    toi(isodirrec + DR_size_offset, DR_extent_size));
3519 	fprintf(out, " f 0x%x,",
3520 	    toi(isodirrec + DR_flags_offset, DR_flags_size));
3521 	fprintf(out, " u %d,",
3522 	    toi(isodirrec + DR_file_unit_size_offset, DR_file_unit_size_size));
3523 	fprintf(out, " ilv %d,",
3524 	    toi(isodirrec + DR_interleave_offset, DR_interleave_size));
3525 	fprintf(out, " seq %d,",
3526 	    toi(isodirrec + DR_volume_sequence_number_offset,
3527 		DR_volume_sequence_number_size));
3528 	fprintf(out, " nl %d:",
3529 	    toi(isodirrec + DR_name_len_offset, DR_name_len_size));
3530 	fprintf(out, " `%.*s'",
3531 	    toi(isodirrec + DR_name_len_offset, DR_name_len_size),
3532 		isodirrec + DR_name_offset);
3533 }
3534 #endif
3535