1 /*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * Copyright (c) 2011 Andres Mejia
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include "archive_platform.h"
28
29 #ifdef HAVE_ERRNO_H
30 #include <errno.h>
31 #endif
32 #include <time.h>
33 #include <limits.h>
34 #ifdef HAVE_ZLIB_H
35 #include <zlib.h> /* crc32 */
36 #endif
37
38 #include "archive.h"
39 #ifndef HAVE_ZLIB_H
40 #include "archive_crc32.h"
41 #endif
42 #include "archive_endian.h"
43 #include "archive_entry.h"
44 #include "archive_entry_locale.h"
45 #include "archive_ppmd7_private.h"
46 #include "archive_private.h"
47 #include "archive_read_private.h"
48
49 /* RAR signature, also known as the mark header */
50 #define RAR_SIGNATURE "\x52\x61\x72\x21\x1A\x07\x00"
51
52 /* Header types */
53 #define MARK_HEAD 0x72
54 #define MAIN_HEAD 0x73
55 #define FILE_HEAD 0x74
56 #define COMM_HEAD 0x75
57 #define AV_HEAD 0x76
58 #define SUB_HEAD 0x77
59 #define PROTECT_HEAD 0x78
60 #define SIGN_HEAD 0x79
61 #define NEWSUB_HEAD 0x7a
62 #define ENDARC_HEAD 0x7b
63
64 /* Main Header Flags */
65 #define MHD_VOLUME 0x0001
66 #define MHD_COMMENT 0x0002
67 #define MHD_LOCK 0x0004
68 #define MHD_SOLID 0x0008
69 #define MHD_NEWNUMBERING 0x0010
70 #define MHD_AV 0x0020
71 #define MHD_PROTECT 0x0040
72 #define MHD_PASSWORD 0x0080
73 #define MHD_FIRSTVOLUME 0x0100
74 #define MHD_ENCRYPTVER 0x0200
75
76 /* Flags common to all headers */
77 #define HD_MARKDELETION 0x4000
78 #define HD_ADD_SIZE_PRESENT 0x8000
79
80 /* File Header Flags */
81 #define FHD_SPLIT_BEFORE 0x0001
82 #define FHD_SPLIT_AFTER 0x0002
83 #define FHD_PASSWORD 0x0004
84 #define FHD_COMMENT 0x0008
85 #define FHD_SOLID 0x0010
86 #define FHD_LARGE 0x0100
87 #define FHD_UNICODE 0x0200
88 #define FHD_SALT 0x0400
89 #define FHD_VERSION 0x0800
90 #define FHD_EXTTIME 0x1000
91 #define FHD_EXTFLAGS 0x2000
92
93 /* File dictionary sizes */
94 #define DICTIONARY_SIZE_64 0x00
95 #define DICTIONARY_SIZE_128 0x20
96 #define DICTIONARY_SIZE_256 0x40
97 #define DICTIONARY_SIZE_512 0x60
98 #define DICTIONARY_SIZE_1024 0x80
99 #define DICTIONARY_SIZE_2048 0xA0
100 #define DICTIONARY_SIZE_4096 0xC0
101 #define FILE_IS_DIRECTORY 0xE0
102 #define DICTIONARY_MASK FILE_IS_DIRECTORY
103
104 /* OS Flags */
105 #define OS_MSDOS 0
106 #define OS_OS2 1
107 #define OS_WIN32 2
108 #define OS_UNIX 3
109 #define OS_MAC_OS 4
110 #define OS_BEOS 5
111
112 /* Compression Methods */
113 #define COMPRESS_METHOD_STORE 0x30
114 /* LZSS */
115 #define COMPRESS_METHOD_FASTEST 0x31
116 #define COMPRESS_METHOD_FAST 0x32
117 #define COMPRESS_METHOD_NORMAL 0x33
118 /* PPMd Variant H */
119 #define COMPRESS_METHOD_GOOD 0x34
120 #define COMPRESS_METHOD_BEST 0x35
121
122 #define CRC_POLYNOMIAL 0xEDB88320
123
124 #define NS_UNIT 10000000
125
126 #define DICTIONARY_MAX_SIZE 0x400000
127
128 #define MAINCODE_SIZE 299
129 #define OFFSETCODE_SIZE 60
130 #define LOWOFFSETCODE_SIZE 17
131 #define LENGTHCODE_SIZE 28
132 #define HUFFMAN_TABLE_SIZE \
133 MAINCODE_SIZE + OFFSETCODE_SIZE + LOWOFFSETCODE_SIZE + LENGTHCODE_SIZE
134
135 #define MAX_SYMBOL_LENGTH 0xF
136 #define MAX_SYMBOLS 20
137
138 /* Virtual Machine Properties */
139 #define VM_MEMORY_SIZE 0x40000
140 #define VM_MEMORY_MASK (VM_MEMORY_SIZE - 1)
141 #define PROGRAM_WORK_SIZE 0x3C000
142 #define PROGRAM_GLOBAL_SIZE 0x2000
143 #define PROGRAM_SYSTEM_GLOBAL_ADDRESS PROGRAM_WORK_SIZE
144 #define PROGRAM_SYSTEM_GLOBAL_SIZE 0x40
145 #define PROGRAM_USER_GLOBAL_ADDRESS (PROGRAM_SYSTEM_GLOBAL_ADDRESS + PROGRAM_SYSTEM_GLOBAL_SIZE)
146 #define PROGRAM_USER_GLOBAL_SIZE (PROGRAM_GLOBAL_SIZE - PROGRAM_SYSTEM_GLOBAL_SIZE)
147
148 /*
149 * Considering L1,L2 cache miss and a calling of write system-call,
150 * the best size of the output buffer(uncompressed buffer) is 128K.
151 * If the structure of extracting process is changed, this value
152 * might be researched again.
153 */
154 #define UNP_BUFFER_SIZE (128 * 1024)
155
156 /* Define this here for non-Windows platforms */
157 #if !((defined(__WIN32__) || defined(_WIN32) || defined(__WIN32)) && !defined(__CYGWIN__))
158 #define FILE_ATTRIBUTE_DIRECTORY 0x10
159 #endif
160
161 #undef minimum
162 #define minimum(a, b) ((a)<(b)?(a):(b))
163
164 /* Stack overflow check */
165 #define MAX_COMPRESS_DEPTH 1024
166
167 /* Fields common to all headers */
168 struct rar_header
169 {
170 char crc[2];
171 char type;
172 char flags[2];
173 char size[2];
174 };
175
176 /* Fields common to all file headers */
177 struct rar_file_header
178 {
179 char pack_size[4];
180 char unp_size[4];
181 char host_os;
182 char file_crc[4];
183 char file_time[4];
184 char unp_ver;
185 char method;
186 char name_size[2];
187 char file_attr[4];
188 };
189
190 struct huffman_tree_node
191 {
192 int branches[2];
193 };
194
195 struct huffman_table_entry
196 {
197 unsigned int length;
198 int value;
199 };
200
201 struct huffman_code
202 {
203 struct huffman_tree_node *tree;
204 int numentries;
205 int numallocatedentries;
206 int minlength;
207 int maxlength;
208 int tablesize;
209 struct huffman_table_entry *table;
210 };
211
212 struct lzss
213 {
214 unsigned char *window;
215 int mask;
216 int64_t position;
217 };
218
219 struct data_block_offsets
220 {
221 int64_t header_size;
222 int64_t start_offset;
223 int64_t end_offset;
224 };
225
226 struct rar_program_code
227 {
228 uint8_t *staticdata;
229 uint32_t staticdatalen;
230 uint8_t *globalbackup;
231 uint32_t globalbackuplen;
232 uint64_t fingerprint;
233 uint32_t usagecount;
234 uint32_t oldfilterlength;
235 struct rar_program_code *next;
236 };
237
238 struct rar_filter
239 {
240 struct rar_program_code *prog;
241 uint32_t initialregisters[8];
242 uint8_t *globaldata;
243 uint32_t globaldatalen;
244 size_t blockstartpos;
245 uint32_t blocklength;
246 uint32_t filteredblockaddress;
247 uint32_t filteredblocklength;
248 struct rar_filter *next;
249 };
250
251 struct memory_bit_reader
252 {
253 const uint8_t *bytes;
254 size_t length;
255 size_t offset;
256 uint64_t bits;
257 int available;
258 int at_eof;
259 };
260
261 struct rar_virtual_machine
262 {
263 uint32_t registers[8];
264 uint8_t memory[VM_MEMORY_SIZE + sizeof(uint32_t)];
265 };
266
267 struct rar_filters
268 {
269 struct rar_virtual_machine *vm;
270 struct rar_program_code *progs;
271 struct rar_filter *stack;
272 int64_t filterstart;
273 uint32_t lastfilternum;
274 int64_t lastend;
275 uint8_t *bytes;
276 size_t bytes_ready;
277 };
278
279 struct audio_state
280 {
281 int8_t weight[5];
282 int16_t delta[4];
283 int8_t lastdelta;
284 int error[11];
285 int count;
286 uint8_t lastbyte;
287 };
288
289 struct rar
290 {
291 /* Entries from main RAR header */
292 unsigned main_flags;
293 unsigned long file_crc;
294 char reserved1[2];
295 char reserved2[4];
296 char encryptver;
297
298 /* File header entries */
299 char compression_method;
300 unsigned file_flags;
301 int64_t packed_size;
302 int64_t unp_size;
303 time_t mtime;
304 long mnsec;
305 mode_t mode;
306 char *filename;
307 char *filename_save;
308 size_t filename_save_size;
309 size_t filename_allocated;
310
311 /* File header optional entries */
312 char salt[8];
313 time_t atime;
314 long ansec;
315 time_t ctime;
316 long cnsec;
317 time_t arctime;
318 long arcnsec;
319
320 /* Fields to help with tracking decompression of files. */
321 int64_t bytes_unconsumed;
322 int64_t bytes_remaining;
323 int64_t bytes_uncopied;
324 int64_t offset;
325 int64_t offset_outgoing;
326 int64_t offset_seek;
327 char valid;
328 unsigned int unp_offset;
329 unsigned int unp_buffer_size;
330 unsigned char *unp_buffer;
331 unsigned int dictionary_size;
332 char start_new_block;
333 char entry_eof;
334 unsigned long crc_calculated;
335 int found_first_header;
336 char has_endarc_header;
337 struct data_block_offsets *dbo;
338 unsigned int cursor;
339 unsigned int nodes;
340 char filename_must_match;
341
342 /* LZSS members */
343 struct huffman_code maincode;
344 struct huffman_code offsetcode;
345 struct huffman_code lowoffsetcode;
346 struct huffman_code lengthcode;
347 unsigned char lengthtable[HUFFMAN_TABLE_SIZE];
348 struct lzss lzss;
349 unsigned int lastlength;
350 unsigned int lastoffset;
351 unsigned int oldoffset[4];
352 unsigned int lastlowoffset;
353 unsigned int numlowoffsetrepeats;
354 char start_new_table;
355
356 /* Filters */
357 struct rar_filters filters;
358
359 /* PPMd Variant H members */
360 char ppmd_valid;
361 char ppmd_eod;
362 char is_ppmd_block;
363 int ppmd_escape;
364 CPpmd7 ppmd7_context;
365 CPpmd7z_RangeDec range_dec;
366 IByteIn bytein;
367
368 /*
369 * String conversion object.
370 */
371 int init_default_conversion;
372 struct archive_string_conv *sconv_default;
373 struct archive_string_conv *opt_sconv;
374 struct archive_string_conv *sconv_utf8;
375 struct archive_string_conv *sconv_utf16be;
376
377 /*
378 * Bit stream reader.
379 */
380 struct rar_br {
381 #define CACHE_TYPE uint64_t
382 #define CACHE_BITS (8 * sizeof(CACHE_TYPE))
383 /* Cache buffer. */
384 CACHE_TYPE cache_buffer;
385 /* Indicates how many bits avail in cache_buffer. */
386 int cache_avail;
387 ssize_t avail_in;
388 const unsigned char *next_in;
389 } br;
390
391 /*
392 * Custom field to denote that this archive contains encrypted entries
393 */
394 int has_encrypted_entries;
395 };
396
397 static int archive_read_support_format_rar_capabilities(struct archive_read *);
398 static int archive_read_format_rar_has_encrypted_entries(struct archive_read *);
399 static int archive_read_format_rar_bid(struct archive_read *, int);
400 static int archive_read_format_rar_options(struct archive_read *,
401 const char *, const char *);
402 static int archive_read_format_rar_read_header(struct archive_read *,
403 struct archive_entry *);
404 static int archive_read_format_rar_read_data(struct archive_read *,
405 const void **, size_t *, int64_t *);
406 static int archive_read_format_rar_read_data_skip(struct archive_read *a);
407 static int64_t archive_read_format_rar_seek_data(struct archive_read *, int64_t,
408 int);
409 static int archive_read_format_rar_cleanup(struct archive_read *);
410
411 /* Support functions */
412 static int read_header(struct archive_read *, struct archive_entry *, char);
413 static time_t get_time(int);
414 static int read_exttime(const char *, struct rar *, const char *);
415 static int read_symlink_stored(struct archive_read *, struct archive_entry *,
416 struct archive_string_conv *);
417 static int read_data_stored(struct archive_read *, const void **, size_t *,
418 int64_t *);
419 static int read_data_compressed(struct archive_read *, const void **, size_t *,
420 int64_t *, size_t);
421 static int rar_br_preparation(struct archive_read *, struct rar_br *);
422 static int parse_codes(struct archive_read *);
423 static void free_codes(struct archive_read *);
424 static int read_next_symbol(struct archive_read *, struct huffman_code *);
425 static int create_code(struct archive_read *, struct huffman_code *,
426 unsigned char *, int, char);
427 static int add_value(struct archive_read *, struct huffman_code *, int, int,
428 int);
429 static int new_node(struct huffman_code *);
430 static int make_table(struct archive_read *, struct huffman_code *);
431 static int make_table_recurse(struct archive_read *, struct huffman_code *, int,
432 struct huffman_table_entry *, int, int);
433 static int expand(struct archive_read *, int64_t *);
434 static int copy_from_lzss_window_to_unp(struct archive_read *, const void **,
435 int64_t, size_t);
436 static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *);
437 static int parse_filter(struct archive_read *, const uint8_t *, uint16_t,
438 uint8_t);
439 static int run_filters(struct archive_read *);
440 static void clear_filters(struct rar_filters *);
441 static struct rar_filter *create_filter(struct rar_program_code *,
442 const uint8_t *, uint32_t,
443 uint32_t[8], size_t, uint32_t);
444 static void delete_filter(struct rar_filter *filter);
445 static struct rar_program_code *compile_program(const uint8_t *, size_t);
446 static void delete_program_code(struct rar_program_code *prog);
447 static uint32_t membr_next_rarvm_number(struct memory_bit_reader *br);
448 static inline uint32_t membr_bits(struct memory_bit_reader *br, int bits);
449 static int membr_fill(struct memory_bit_reader *br, int bits);
450 static int read_filter(struct archive_read *, int64_t *);
451 static int rar_decode_byte(struct archive_read*, uint8_t *);
452 static int execute_filter(struct archive_read*, struct rar_filter *,
453 struct rar_virtual_machine *, size_t);
454 static int copy_from_lzss_window(struct archive_read *, void *, int64_t, int);
455 static inline void vm_write_32(struct rar_virtual_machine*, size_t, uint32_t);
456 static inline uint32_t vm_read_32(struct rar_virtual_machine*, size_t);
457
458 /*
459 * Bit stream reader.
460 */
461 /* Check that the cache buffer has enough bits. */
462 #define rar_br_has(br, n) ((br)->cache_avail >= n)
463 /* Get compressed data by bit. */
464 #define rar_br_bits(br, n) \
465 (((uint32_t)((br)->cache_buffer >> \
466 ((br)->cache_avail - (n)))) & cache_masks[n])
467 #define rar_br_bits_forced(br, n) \
468 (((uint32_t)((br)->cache_buffer << \
469 ((n) - (br)->cache_avail))) & cache_masks[n])
470 /* Read ahead to make sure the cache buffer has enough compressed data we
471 * will use.
472 * True : completed, there is enough data in the cache buffer.
473 * False : there is no data in the stream. */
474 #define rar_br_read_ahead(a, br, n) \
475 ((rar_br_has(br, (n)) || rar_br_fillup(a, br)) || rar_br_has(br, (n)))
476 /* Notify how many bits we consumed. */
477 #define rar_br_consume(br, n) ((br)->cache_avail -= (n))
478 #define rar_br_consume_unalined_bits(br) ((br)->cache_avail &= ~7)
479
480 static const uint32_t cache_masks[] = {
481 0x00000000, 0x00000001, 0x00000003, 0x00000007,
482 0x0000000F, 0x0000001F, 0x0000003F, 0x0000007F,
483 0x000000FF, 0x000001FF, 0x000003FF, 0x000007FF,
484 0x00000FFF, 0x00001FFF, 0x00003FFF, 0x00007FFF,
485 0x0000FFFF, 0x0001FFFF, 0x0003FFFF, 0x0007FFFF,
486 0x000FFFFF, 0x001FFFFF, 0x003FFFFF, 0x007FFFFF,
487 0x00FFFFFF, 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF,
488 0x0FFFFFFF, 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF,
489 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
490 };
491
492 /*
493 * Shift away used bits in the cache data and fill it up with following bits.
494 * Call this when cache buffer does not have enough bits you need.
495 *
496 * Returns 1 if the cache buffer is full.
497 * Returns 0 if the cache buffer is not full; input buffer is empty.
498 */
499 static int
rar_br_fillup(struct archive_read * a,struct rar_br * br)500 rar_br_fillup(struct archive_read *a, struct rar_br *br)
501 {
502 struct rar *rar = (struct rar *)(a->format->data);
503 int n = CACHE_BITS - br->cache_avail;
504
505 for (;;) {
506 switch (n >> 3) {
507 case 8:
508 if (br->avail_in >= 8) {
509 br->cache_buffer =
510 ((uint64_t)br->next_in[0]) << 56 |
511 ((uint64_t)br->next_in[1]) << 48 |
512 ((uint64_t)br->next_in[2]) << 40 |
513 ((uint64_t)br->next_in[3]) << 32 |
514 ((uint32_t)br->next_in[4]) << 24 |
515 ((uint32_t)br->next_in[5]) << 16 |
516 ((uint32_t)br->next_in[6]) << 8 |
517 (uint32_t)br->next_in[7];
518 br->next_in += 8;
519 br->avail_in -= 8;
520 br->cache_avail += 8 * 8;
521 rar->bytes_unconsumed += 8;
522 rar->bytes_remaining -= 8;
523 return (1);
524 }
525 break;
526 case 7:
527 if (br->avail_in >= 7) {
528 br->cache_buffer =
529 (br->cache_buffer << 56) |
530 ((uint64_t)br->next_in[0]) << 48 |
531 ((uint64_t)br->next_in[1]) << 40 |
532 ((uint64_t)br->next_in[2]) << 32 |
533 ((uint32_t)br->next_in[3]) << 24 |
534 ((uint32_t)br->next_in[4]) << 16 |
535 ((uint32_t)br->next_in[5]) << 8 |
536 (uint32_t)br->next_in[6];
537 br->next_in += 7;
538 br->avail_in -= 7;
539 br->cache_avail += 7 * 8;
540 rar->bytes_unconsumed += 7;
541 rar->bytes_remaining -= 7;
542 return (1);
543 }
544 break;
545 case 6:
546 if (br->avail_in >= 6) {
547 br->cache_buffer =
548 (br->cache_buffer << 48) |
549 ((uint64_t)br->next_in[0]) << 40 |
550 ((uint64_t)br->next_in[1]) << 32 |
551 ((uint32_t)br->next_in[2]) << 24 |
552 ((uint32_t)br->next_in[3]) << 16 |
553 ((uint32_t)br->next_in[4]) << 8 |
554 (uint32_t)br->next_in[5];
555 br->next_in += 6;
556 br->avail_in -= 6;
557 br->cache_avail += 6 * 8;
558 rar->bytes_unconsumed += 6;
559 rar->bytes_remaining -= 6;
560 return (1);
561 }
562 break;
563 case 0:
564 /* We have enough compressed data in
565 * the cache buffer.*/
566 return (1);
567 default:
568 break;
569 }
570 if (br->avail_in <= 0) {
571
572 if (rar->bytes_unconsumed > 0) {
573 /* Consume as much as the decompressor
574 * actually used. */
575 __archive_read_consume(a, rar->bytes_unconsumed);
576 rar->bytes_unconsumed = 0;
577 }
578 br->next_in = rar_read_ahead(a, 1, &(br->avail_in));
579 if (br->next_in == NULL)
580 return (0);
581 if (br->avail_in == 0)
582 return (0);
583 }
584 br->cache_buffer =
585 (br->cache_buffer << 8) | *br->next_in++;
586 br->avail_in--;
587 br->cache_avail += 8;
588 n -= 8;
589 rar->bytes_unconsumed++;
590 rar->bytes_remaining--;
591 }
592 }
593
594 static int
rar_br_preparation(struct archive_read * a,struct rar_br * br)595 rar_br_preparation(struct archive_read *a, struct rar_br *br)
596 {
597 struct rar *rar = (struct rar *)(a->format->data);
598
599 if (rar->bytes_remaining > 0) {
600 br->next_in = rar_read_ahead(a, 1, &(br->avail_in));
601 if (br->next_in == NULL) {
602 archive_set_error(&a->archive,
603 ARCHIVE_ERRNO_FILE_FORMAT,
604 "Truncated RAR file data");
605 return (ARCHIVE_FATAL);
606 }
607 if (br->cache_avail == 0)
608 (void)rar_br_fillup(a, br);
609 }
610 return (ARCHIVE_OK);
611 }
612
613 /* Find last bit set */
614 static inline int
rar_fls(unsigned int word)615 rar_fls(unsigned int word)
616 {
617 word |= (word >> 1);
618 word |= (word >> 2);
619 word |= (word >> 4);
620 word |= (word >> 8);
621 word |= (word >> 16);
622 return word - (word >> 1);
623 }
624
625 /* LZSS functions */
626 static inline int64_t
lzss_position(struct lzss * lzss)627 lzss_position(struct lzss *lzss)
628 {
629 return lzss->position;
630 }
631
632 static inline int
lzss_mask(struct lzss * lzss)633 lzss_mask(struct lzss *lzss)
634 {
635 return lzss->mask;
636 }
637
638 static inline int
lzss_size(struct lzss * lzss)639 lzss_size(struct lzss *lzss)
640 {
641 return lzss->mask + 1;
642 }
643
644 static inline int
lzss_offset_for_position(struct lzss * lzss,int64_t pos)645 lzss_offset_for_position(struct lzss *lzss, int64_t pos)
646 {
647 return (int)(pos & lzss->mask);
648 }
649
650 static inline unsigned char *
lzss_pointer_for_position(struct lzss * lzss,int64_t pos)651 lzss_pointer_for_position(struct lzss *lzss, int64_t pos)
652 {
653 return &lzss->window[lzss_offset_for_position(lzss, pos)];
654 }
655
656 static inline int
lzss_current_offset(struct lzss * lzss)657 lzss_current_offset(struct lzss *lzss)
658 {
659 return lzss_offset_for_position(lzss, lzss->position);
660 }
661
662 static inline uint8_t *
lzss_current_pointer(struct lzss * lzss)663 lzss_current_pointer(struct lzss *lzss)
664 {
665 return lzss_pointer_for_position(lzss, lzss->position);
666 }
667
668 static inline void
lzss_emit_literal(struct rar * rar,uint8_t literal)669 lzss_emit_literal(struct rar *rar, uint8_t literal)
670 {
671 *lzss_current_pointer(&rar->lzss) = literal;
672 rar->lzss.position++;
673 }
674
675 static inline void
lzss_emit_match(struct rar * rar,int offset,int length)676 lzss_emit_match(struct rar *rar, int offset, int length)
677 {
678 int dstoffs = lzss_current_offset(&rar->lzss);
679 int srcoffs = (dstoffs - offset) & lzss_mask(&rar->lzss);
680 int l, li, remaining;
681 unsigned char *d, *s;
682
683 remaining = length;
684 while (remaining > 0) {
685 l = remaining;
686 if (dstoffs > srcoffs) {
687 if (l > lzss_size(&rar->lzss) - dstoffs)
688 l = lzss_size(&rar->lzss) - dstoffs;
689 } else {
690 if (l > lzss_size(&rar->lzss) - srcoffs)
691 l = lzss_size(&rar->lzss) - srcoffs;
692 }
693 d = &(rar->lzss.window[dstoffs]);
694 s = &(rar->lzss.window[srcoffs]);
695 if ((dstoffs + l < srcoffs) || (srcoffs + l < dstoffs))
696 memcpy(d, s, l);
697 else {
698 for (li = 0; li < l; li++)
699 d[li] = s[li];
700 }
701 remaining -= l;
702 dstoffs = (dstoffs + l) & lzss_mask(&(rar->lzss));
703 srcoffs = (srcoffs + l) & lzss_mask(&(rar->lzss));
704 }
705 rar->lzss.position += length;
706 }
707
708 static Byte
ppmd_read(void * p)709 ppmd_read(void *p)
710 {
711 struct archive_read *a = ((IByteIn*)p)->a;
712 struct rar *rar = (struct rar *)(a->format->data);
713 struct rar_br *br = &(rar->br);
714 Byte b;
715 if (!rar_br_read_ahead(a, br, 8))
716 {
717 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
718 "Truncated RAR file data");
719 rar->valid = 0;
720 return 0;
721 }
722 b = rar_br_bits(br, 8);
723 rar_br_consume(br, 8);
724 return b;
725 }
726
727 int
archive_read_support_format_rar(struct archive * _a)728 archive_read_support_format_rar(struct archive *_a)
729 {
730 struct archive_read *a = (struct archive_read *)_a;
731 struct rar *rar;
732 int r;
733
734 archive_check_magic(_a, ARCHIVE_READ_MAGIC, ARCHIVE_STATE_NEW,
735 "archive_read_support_format_rar");
736
737 rar = calloc(1, sizeof(*rar));
738 if (rar == NULL)
739 {
740 archive_set_error(&a->archive, ENOMEM, "Can't allocate rar data");
741 return (ARCHIVE_FATAL);
742 }
743
744 /*
745 * Until enough data has been read, we cannot tell about
746 * any encrypted entries yet.
747 */
748 rar->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
749
750 r = __archive_read_register_format(a,
751 rar,
752 "rar",
753 archive_read_format_rar_bid,
754 archive_read_format_rar_options,
755 archive_read_format_rar_read_header,
756 archive_read_format_rar_read_data,
757 archive_read_format_rar_read_data_skip,
758 archive_read_format_rar_seek_data,
759 archive_read_format_rar_cleanup,
760 archive_read_support_format_rar_capabilities,
761 archive_read_format_rar_has_encrypted_entries);
762
763 if (r != ARCHIVE_OK)
764 free(rar);
765 return (r);
766 }
767
768 static int
archive_read_support_format_rar_capabilities(struct archive_read * a)769 archive_read_support_format_rar_capabilities(struct archive_read * a)
770 {
771 (void)a; /* UNUSED */
772 return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA
773 | ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA);
774 }
775
776 static int
archive_read_format_rar_has_encrypted_entries(struct archive_read * _a)777 archive_read_format_rar_has_encrypted_entries(struct archive_read *_a)
778 {
779 if (_a && _a->format) {
780 struct rar * rar = (struct rar *)_a->format->data;
781 if (rar) {
782 return rar->has_encrypted_entries;
783 }
784 }
785 return ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
786 }
787
788
789 static int
archive_read_format_rar_bid(struct archive_read * a,int best_bid)790 archive_read_format_rar_bid(struct archive_read *a, int best_bid)
791 {
792 const char *p;
793
794 /* If there's already a bid > 30, we'll never win. */
795 if (best_bid > 30)
796 return (-1);
797
798 if ((p = __archive_read_ahead(a, 7, NULL)) == NULL)
799 return (-1);
800
801 if (memcmp(p, RAR_SIGNATURE, 7) == 0)
802 return (30);
803
804 if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) {
805 /* This is a PE file */
806 ssize_t offset = 0x10000;
807 ssize_t window = 4096;
808 ssize_t bytes_avail;
809 while (offset + window <= (1024 * 128)) {
810 const char *buff = __archive_read_ahead(a, offset + window, &bytes_avail);
811 if (buff == NULL) {
812 /* Remaining bytes are less than window. */
813 window >>= 1;
814 if (window < 0x40)
815 return (0);
816 continue;
817 }
818 p = buff + offset;
819 while (p + 7 < buff + bytes_avail) {
820 if (memcmp(p, RAR_SIGNATURE, 7) == 0)
821 return (30);
822 p += 0x10;
823 }
824 offset = p - buff;
825 }
826 }
827 return (0);
828 }
829
830 static int
skip_sfx(struct archive_read * a)831 skip_sfx(struct archive_read *a)
832 {
833 const void *h;
834 const char *p, *q;
835 size_t skip, total;
836 ssize_t bytes, window;
837
838 total = 0;
839 window = 4096;
840 while (total + window <= (1024 * 128)) {
841 h = __archive_read_ahead(a, window, &bytes);
842 if (h == NULL) {
843 /* Remaining bytes are less than window. */
844 window >>= 1;
845 if (window < 0x40)
846 goto fatal;
847 continue;
848 }
849 if (bytes < 0x40)
850 goto fatal;
851 p = h;
852 q = p + bytes;
853
854 /*
855 * Scan ahead until we find something that looks
856 * like the RAR header.
857 */
858 while (p + 7 < q) {
859 if (memcmp(p, RAR_SIGNATURE, 7) == 0) {
860 skip = p - (const char *)h;
861 __archive_read_consume(a, skip);
862 return (ARCHIVE_OK);
863 }
864 p += 0x10;
865 }
866 skip = p - (const char *)h;
867 __archive_read_consume(a, skip);
868 total += skip;
869 }
870 fatal:
871 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
872 "Couldn't find out RAR header");
873 return (ARCHIVE_FATAL);
874 }
875
876 static int
archive_read_format_rar_options(struct archive_read * a,const char * key,const char * val)877 archive_read_format_rar_options(struct archive_read *a,
878 const char *key, const char *val)
879 {
880 struct rar *rar;
881 int ret = ARCHIVE_FAILED;
882
883 rar = (struct rar *)(a->format->data);
884 if (strcmp(key, "hdrcharset") == 0) {
885 if (val == NULL || val[0] == 0)
886 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
887 "rar: hdrcharset option needs a character-set name");
888 else {
889 rar->opt_sconv =
890 archive_string_conversion_from_charset(
891 &a->archive, val, 0);
892 if (rar->opt_sconv != NULL)
893 ret = ARCHIVE_OK;
894 else
895 ret = ARCHIVE_FATAL;
896 }
897 return (ret);
898 }
899
900 /* Note: The "warn" return is just to inform the options
901 * supervisor that we didn't handle it. It will generate
902 * a suitable error if no one used this option. */
903 return (ARCHIVE_WARN);
904 }
905
906 static int
archive_read_format_rar_read_header(struct archive_read * a,struct archive_entry * entry)907 archive_read_format_rar_read_header(struct archive_read *a,
908 struct archive_entry *entry)
909 {
910 const void *h;
911 const char *p;
912 struct rar *rar;
913 size_t skip;
914 char head_type;
915 int ret;
916 unsigned flags;
917 unsigned long crc32_expected;
918
919 a->archive.archive_format = ARCHIVE_FORMAT_RAR;
920 if (a->archive.archive_format_name == NULL)
921 a->archive.archive_format_name = "RAR";
922
923 rar = (struct rar *)(a->format->data);
924
925 /*
926 * It should be sufficient to call archive_read_next_header() for
927 * a reader to determine if an entry is encrypted or not. If the
928 * encryption of an entry is only detectable when calling
929 * archive_read_data(), so be it. We'll do the same check there
930 * as well.
931 */
932 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
933 rar->has_encrypted_entries = 0;
934 }
935
936 /* RAR files can be generated without EOF headers, so return ARCHIVE_EOF if
937 * this fails.
938 */
939 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
940 return (ARCHIVE_EOF);
941
942 p = h;
943 if (rar->found_first_header == 0 &&
944 ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0)) {
945 /* This is an executable ? Must be self-extracting... */
946 ret = skip_sfx(a);
947 if (ret < ARCHIVE_WARN)
948 return (ret);
949 }
950 rar->found_first_header = 1;
951
952 while (1)
953 {
954 unsigned long crc32_val;
955
956 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
957 return (ARCHIVE_FATAL);
958 p = h;
959
960 head_type = p[2];
961 switch(head_type)
962 {
963 case MARK_HEAD:
964 if (memcmp(p, RAR_SIGNATURE, 7) != 0) {
965 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
966 "Invalid marker header");
967 return (ARCHIVE_FATAL);
968 }
969 __archive_read_consume(a, 7);
970 break;
971
972 case MAIN_HEAD:
973 rar->main_flags = archive_le16dec(p + 3);
974 skip = archive_le16dec(p + 5);
975 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)) {
976 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
977 "Invalid header size");
978 return (ARCHIVE_FATAL);
979 }
980 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL)
981 return (ARCHIVE_FATAL);
982 p = h;
983 memcpy(rar->reserved1, p + 7, sizeof(rar->reserved1));
984 memcpy(rar->reserved2, p + 7 + sizeof(rar->reserved1),
985 sizeof(rar->reserved2));
986 if (rar->main_flags & MHD_ENCRYPTVER) {
987 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)+1) {
988 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
989 "Invalid header size");
990 return (ARCHIVE_FATAL);
991 }
992 rar->encryptver = *(p + 7 + sizeof(rar->reserved1) +
993 sizeof(rar->reserved2));
994 }
995
996 /* Main header is password encrypted, so we cannot read any
997 file names or any other info about files from the header. */
998 if (rar->main_flags & MHD_PASSWORD)
999 {
1000 archive_entry_set_is_metadata_encrypted(entry, 1);
1001 archive_entry_set_is_data_encrypted(entry, 1);
1002 rar->has_encrypted_entries = 1;
1003 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1004 "RAR encryption support unavailable.");
1005 return (ARCHIVE_FATAL);
1006 }
1007
1008 crc32_val = crc32(0, (const unsigned char *)p + 2, (unsigned)skip - 2);
1009 if ((crc32_val & 0xffff) != archive_le16dec(p)) {
1010 #ifndef DONT_FAIL_ON_CRC_ERROR
1011 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1012 "Header CRC error");
1013 return (ARCHIVE_FATAL);
1014 #endif
1015 }
1016 __archive_read_consume(a, skip);
1017 break;
1018
1019 case FILE_HEAD:
1020 return read_header(a, entry, head_type);
1021
1022 case COMM_HEAD:
1023 case AV_HEAD:
1024 case SUB_HEAD:
1025 case PROTECT_HEAD:
1026 case SIGN_HEAD:
1027 case ENDARC_HEAD:
1028 flags = archive_le16dec(p + 3);
1029 skip = archive_le16dec(p + 5);
1030 if (skip < 7) {
1031 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1032 "Invalid header size too small");
1033 return (ARCHIVE_FATAL);
1034 }
1035 if (flags & HD_ADD_SIZE_PRESENT)
1036 {
1037 if (skip < 7 + 4) {
1038 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1039 "Invalid header size too small");
1040 return (ARCHIVE_FATAL);
1041 }
1042 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL)
1043 return (ARCHIVE_FATAL);
1044 p = h;
1045 skip += archive_le32dec(p + 7);
1046 }
1047
1048 /* Skip over the 2-byte CRC at the beginning of the header. */
1049 crc32_expected = archive_le16dec(p);
1050 __archive_read_consume(a, 2);
1051 skip -= 2;
1052
1053 /* Skim the entire header and compute the CRC. */
1054 crc32_val = 0;
1055 while (skip > 0) {
1056 size_t to_read = skip;
1057 if (to_read > 32 * 1024)
1058 to_read = 32 * 1024;
1059 if ((h = __archive_read_ahead(a, to_read, NULL)) == NULL) {
1060 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1061 "Bad RAR file");
1062 return (ARCHIVE_FATAL);
1063 }
1064 p = h;
1065 crc32_val = crc32(crc32_val, (const unsigned char *)p, (unsigned int)to_read);
1066 __archive_read_consume(a, to_read);
1067 skip -= to_read;
1068 }
1069 if ((crc32_val & 0xffff) != crc32_expected) {
1070 #ifndef DONT_FAIL_ON_CRC_ERROR
1071 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1072 "Header CRC error");
1073 return (ARCHIVE_FATAL);
1074 #endif
1075 }
1076 if (head_type == ENDARC_HEAD)
1077 return (ARCHIVE_EOF);
1078 break;
1079
1080 case NEWSUB_HEAD:
1081 if ((ret = read_header(a, entry, head_type)) < ARCHIVE_WARN)
1082 return ret;
1083 break;
1084
1085 default:
1086 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1087 "Bad RAR file");
1088 return (ARCHIVE_FATAL);
1089 }
1090 }
1091 }
1092
1093 static int
archive_read_format_rar_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1094 archive_read_format_rar_read_data(struct archive_read *a, const void **buff,
1095 size_t *size, int64_t *offset)
1096 {
1097 struct rar *rar = (struct rar *)(a->format->data);
1098 int ret;
1099
1100 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
1101 rar->has_encrypted_entries = 0;
1102 }
1103
1104 if (rar->bytes_unconsumed > 0) {
1105 /* Consume as much as the decompressor actually used. */
1106 __archive_read_consume(a, rar->bytes_unconsumed);
1107 rar->bytes_unconsumed = 0;
1108 }
1109
1110 *buff = NULL;
1111 if (rar->entry_eof || rar->offset_seek >= rar->unp_size) {
1112 *size = 0;
1113 *offset = rar->offset;
1114 if (*offset < rar->unp_size)
1115 *offset = rar->unp_size;
1116 return (ARCHIVE_EOF);
1117 }
1118
1119 switch (rar->compression_method)
1120 {
1121 case COMPRESS_METHOD_STORE:
1122 ret = read_data_stored(a, buff, size, offset);
1123 break;
1124
1125 case COMPRESS_METHOD_FASTEST:
1126 case COMPRESS_METHOD_FAST:
1127 case COMPRESS_METHOD_NORMAL:
1128 case COMPRESS_METHOD_GOOD:
1129 case COMPRESS_METHOD_BEST:
1130 ret = read_data_compressed(a, buff, size, offset, 0);
1131 if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) {
1132 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1133 rar->start_new_table = 1;
1134 rar->ppmd_valid = 0;
1135 }
1136 break;
1137
1138 default:
1139 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1140 "Unsupported compression method for RAR file.");
1141 ret = ARCHIVE_FATAL;
1142 break;
1143 }
1144 return (ret);
1145 }
1146
1147 static int
archive_read_format_rar_read_data_skip(struct archive_read * a)1148 archive_read_format_rar_read_data_skip(struct archive_read *a)
1149 {
1150 struct rar *rar;
1151 int64_t bytes_skipped;
1152 int ret;
1153
1154 rar = (struct rar *)(a->format->data);
1155
1156 if (rar->bytes_unconsumed > 0) {
1157 /* Consume as much as the decompressor actually used. */
1158 __archive_read_consume(a, rar->bytes_unconsumed);
1159 rar->bytes_unconsumed = 0;
1160 }
1161
1162 if (rar->bytes_remaining > 0) {
1163 bytes_skipped = __archive_read_consume(a, rar->bytes_remaining);
1164 if (bytes_skipped < 0)
1165 return (ARCHIVE_FATAL);
1166 }
1167
1168 /* Compressed data to skip must be read from each header in a multivolume
1169 * archive.
1170 */
1171 if (rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER)
1172 {
1173 ret = archive_read_format_rar_read_header(a, a->entry);
1174 if (ret == (ARCHIVE_EOF))
1175 ret = archive_read_format_rar_read_header(a, a->entry);
1176 if (ret != (ARCHIVE_OK))
1177 return ret;
1178 return archive_read_format_rar_read_data_skip(a);
1179 }
1180
1181 return (ARCHIVE_OK);
1182 }
1183
1184 static int64_t
archive_read_format_rar_seek_data(struct archive_read * a,int64_t offset,int whence)1185 archive_read_format_rar_seek_data(struct archive_read *a, int64_t offset,
1186 int whence)
1187 {
1188 int64_t client_offset, ret;
1189 unsigned int i;
1190 struct rar *rar = (struct rar *)(a->format->data);
1191
1192 if (rar->compression_method == COMPRESS_METHOD_STORE)
1193 {
1194 /* Modify the offset for use with SEEK_SET */
1195 switch (whence)
1196 {
1197 case SEEK_CUR:
1198 client_offset = rar->offset_seek;
1199 break;
1200 case SEEK_END:
1201 client_offset = rar->unp_size;
1202 break;
1203 case SEEK_SET:
1204 default:
1205 client_offset = 0;
1206 }
1207 client_offset += offset;
1208 if (client_offset < 0)
1209 {
1210 /* Can't seek past beginning of data block */
1211 return -1;
1212 }
1213 else if (client_offset > rar->unp_size)
1214 {
1215 /*
1216 * Set the returned offset but only seek to the end of
1217 * the data block.
1218 */
1219 rar->offset_seek = client_offset;
1220 client_offset = rar->unp_size;
1221 }
1222
1223 client_offset += rar->dbo[0].start_offset;
1224 i = 0;
1225 while (i < rar->cursor)
1226 {
1227 i++;
1228 client_offset += rar->dbo[i].start_offset - rar->dbo[i-1].end_offset;
1229 }
1230 if (rar->main_flags & MHD_VOLUME)
1231 {
1232 /* Find the appropriate offset among the multivolume archive */
1233 while (1)
1234 {
1235 if (client_offset < rar->dbo[rar->cursor].start_offset &&
1236 rar->file_flags & FHD_SPLIT_BEFORE)
1237 {
1238 /* Search backwards for the correct data block */
1239 if (rar->cursor == 0)
1240 {
1241 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1242 "Attempt to seek past beginning of RAR data block");
1243 return (ARCHIVE_FAILED);
1244 }
1245 rar->cursor--;
1246 client_offset -= rar->dbo[rar->cursor+1].start_offset -
1247 rar->dbo[rar->cursor].end_offset;
1248 if (client_offset < rar->dbo[rar->cursor].start_offset)
1249 continue;
1250 ret = __archive_read_seek(a, rar->dbo[rar->cursor].start_offset -
1251 rar->dbo[rar->cursor].header_size, SEEK_SET);
1252 if (ret < (ARCHIVE_OK))
1253 return ret;
1254 ret = archive_read_format_rar_read_header(a, a->entry);
1255 if (ret != (ARCHIVE_OK))
1256 {
1257 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1258 "Error during seek of RAR file");
1259 return (ARCHIVE_FAILED);
1260 }
1261 rar->cursor--;
1262 break;
1263 }
1264 else if (client_offset > rar->dbo[rar->cursor].end_offset &&
1265 rar->file_flags & FHD_SPLIT_AFTER)
1266 {
1267 /* Search forward for the correct data block */
1268 rar->cursor++;
1269 if (rar->cursor < rar->nodes &&
1270 client_offset > rar->dbo[rar->cursor].end_offset)
1271 {
1272 client_offset += rar->dbo[rar->cursor].start_offset -
1273 rar->dbo[rar->cursor-1].end_offset;
1274 continue;
1275 }
1276 rar->cursor--;
1277 ret = __archive_read_seek(a, rar->dbo[rar->cursor].end_offset,
1278 SEEK_SET);
1279 if (ret < (ARCHIVE_OK))
1280 return ret;
1281 ret = archive_read_format_rar_read_header(a, a->entry);
1282 if (ret == (ARCHIVE_EOF))
1283 {
1284 rar->has_endarc_header = 1;
1285 ret = archive_read_format_rar_read_header(a, a->entry);
1286 }
1287 if (ret != (ARCHIVE_OK))
1288 {
1289 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1290 "Error during seek of RAR file");
1291 return (ARCHIVE_FAILED);
1292 }
1293 client_offset += rar->dbo[rar->cursor].start_offset -
1294 rar->dbo[rar->cursor-1].end_offset;
1295 continue;
1296 }
1297 break;
1298 }
1299 }
1300
1301 ret = __archive_read_seek(a, client_offset, SEEK_SET);
1302 if (ret < (ARCHIVE_OK))
1303 return ret;
1304 rar->bytes_remaining = rar->dbo[rar->cursor].end_offset - ret;
1305 i = rar->cursor;
1306 while (i > 0)
1307 {
1308 i--;
1309 ret -= rar->dbo[i+1].start_offset - rar->dbo[i].end_offset;
1310 }
1311 ret -= rar->dbo[0].start_offset;
1312
1313 /* Always restart reading the file after a seek */
1314 __archive_reset_read_data(&a->archive);
1315
1316 rar->bytes_unconsumed = 0;
1317 rar->offset = 0;
1318
1319 /*
1320 * If a seek past the end of file was requested, return the requested
1321 * offset.
1322 */
1323 if (ret == rar->unp_size && rar->offset_seek > rar->unp_size)
1324 return rar->offset_seek;
1325
1326 /* Return the new offset */
1327 rar->offset_seek = ret;
1328 return rar->offset_seek;
1329 }
1330 else
1331 {
1332 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1333 "Seeking of compressed RAR files is unsupported");
1334 }
1335 return (ARCHIVE_FAILED);
1336 }
1337
1338 static int
archive_read_format_rar_cleanup(struct archive_read * a)1339 archive_read_format_rar_cleanup(struct archive_read *a)
1340 {
1341 struct rar *rar;
1342
1343 rar = (struct rar *)(a->format->data);
1344 free_codes(a);
1345 clear_filters(&rar->filters);
1346 free(rar->filename);
1347 free(rar->filename_save);
1348 free(rar->dbo);
1349 free(rar->unp_buffer);
1350 free(rar->lzss.window);
1351 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1352 free(rar);
1353 (a->format->data) = NULL;
1354 return (ARCHIVE_OK);
1355 }
1356
1357 static int
read_header(struct archive_read * a,struct archive_entry * entry,char head_type)1358 read_header(struct archive_read *a, struct archive_entry *entry,
1359 char head_type)
1360 {
1361 const void *h;
1362 const char *p, *endp;
1363 struct rar *rar;
1364 struct rar_header rar_header;
1365 struct rar_file_header file_header;
1366 int64_t header_size;
1367 unsigned filename_size, end;
1368 char *filename;
1369 char *strp;
1370 char packed_size[8];
1371 char unp_size[8];
1372 int ttime;
1373 struct archive_string_conv *sconv, *fn_sconv;
1374 uint32_t crc32_computed, crc32_read;
1375 int ret = (ARCHIVE_OK), ret2;
1376 char *newptr;
1377 size_t newsize;
1378
1379 rar = (struct rar *)(a->format->data);
1380
1381 /* Setup a string conversion object for non-rar-unicode filenames. */
1382 sconv = rar->opt_sconv;
1383 if (sconv == NULL) {
1384 if (!rar->init_default_conversion) {
1385 rar->sconv_default =
1386 archive_string_default_conversion_for_read(
1387 &(a->archive));
1388 rar->init_default_conversion = 1;
1389 }
1390 sconv = rar->sconv_default;
1391 }
1392
1393
1394 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
1395 return (ARCHIVE_FATAL);
1396 p = h;
1397 memcpy(&rar_header, p, sizeof(rar_header));
1398 rar->file_flags = archive_le16dec(rar_header.flags);
1399 header_size = archive_le16dec(rar_header.size);
1400 if (header_size < (int64_t)sizeof(file_header) + 7) {
1401 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1402 "Invalid header size");
1403 return (ARCHIVE_FATAL);
1404 }
1405 crc32_computed = crc32(0, (const unsigned char *)p + 2, 7 - 2);
1406 __archive_read_consume(a, 7);
1407
1408 if (!(rar->file_flags & FHD_SOLID))
1409 {
1410 rar->compression_method = 0;
1411 rar->packed_size = 0;
1412 rar->unp_size = 0;
1413 rar->mtime = 0;
1414 rar->ctime = 0;
1415 rar->atime = 0;
1416 rar->arctime = 0;
1417 rar->mode = 0;
1418 memset(&rar->salt, 0, sizeof(rar->salt));
1419 rar->atime = 0;
1420 rar->ansec = 0;
1421 rar->ctime = 0;
1422 rar->cnsec = 0;
1423 rar->mtime = 0;
1424 rar->mnsec = 0;
1425 rar->arctime = 0;
1426 rar->arcnsec = 0;
1427 }
1428 else
1429 {
1430 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1431 "RAR solid archive support unavailable.");
1432 return (ARCHIVE_FATAL);
1433 }
1434
1435 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL)
1436 return (ARCHIVE_FATAL);
1437
1438 /* File Header CRC check. */
1439 crc32_computed = crc32(crc32_computed, h, (unsigned)(header_size - 7));
1440 crc32_read = archive_le16dec(rar_header.crc);
1441 if ((crc32_computed & 0xffff) != crc32_read) {
1442 #ifndef DONT_FAIL_ON_CRC_ERROR
1443 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1444 "Header CRC error");
1445 return (ARCHIVE_FATAL);
1446 #endif
1447 }
1448 /* If no CRC error, Go on parsing File Header. */
1449 p = h;
1450 endp = p + header_size - 7;
1451 memcpy(&file_header, p, sizeof(file_header));
1452 p += sizeof(file_header);
1453
1454 rar->compression_method = file_header.method;
1455
1456 ttime = archive_le32dec(file_header.file_time);
1457 rar->mtime = get_time(ttime);
1458
1459 rar->file_crc = archive_le32dec(file_header.file_crc);
1460
1461 if (rar->file_flags & FHD_PASSWORD)
1462 {
1463 archive_entry_set_is_data_encrypted(entry, 1);
1464 rar->has_encrypted_entries = 1;
1465 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1466 "RAR encryption support unavailable.");
1467 /* Since it is only the data part itself that is encrypted we can at least
1468 extract information about the currently processed entry and don't need
1469 to return ARCHIVE_FATAL here. */
1470 /*return (ARCHIVE_FATAL);*/
1471 }
1472
1473 if (rar->file_flags & FHD_LARGE)
1474 {
1475 if (p + 8 > endp) {
1476 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1477 "Invalid header size");
1478 return (ARCHIVE_FATAL);
1479 }
1480 memcpy(packed_size, file_header.pack_size, 4);
1481 memcpy(packed_size + 4, p, 4); /* High pack size */
1482 p += 4;
1483 memcpy(unp_size, file_header.unp_size, 4);
1484 memcpy(unp_size + 4, p, 4); /* High unpack size */
1485 p += 4;
1486 rar->packed_size = archive_le64dec(&packed_size);
1487 rar->unp_size = archive_le64dec(&unp_size);
1488 }
1489 else
1490 {
1491 rar->packed_size = archive_le32dec(file_header.pack_size);
1492 rar->unp_size = archive_le32dec(file_header.unp_size);
1493 }
1494
1495 if (rar->packed_size < 0 || rar->unp_size < 0)
1496 {
1497 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1498 "Invalid sizes specified.");
1499 return (ARCHIVE_FATAL);
1500 }
1501
1502 rar->bytes_remaining = rar->packed_size;
1503
1504 /* TODO: RARv3 subblocks contain comments. For now the complete block is
1505 * consumed at the end.
1506 */
1507 if (head_type == NEWSUB_HEAD) {
1508 size_t distance = p - (const char *)h;
1509 header_size += rar->packed_size;
1510 /* Make sure we have the extended data. */
1511 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL)
1512 return (ARCHIVE_FATAL);
1513 p = h;
1514 endp = p + header_size - 7;
1515 p += distance;
1516 }
1517
1518 filename_size = archive_le16dec(file_header.name_size);
1519 if (p + filename_size > endp) {
1520 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1521 "Invalid filename size");
1522 return (ARCHIVE_FATAL);
1523 }
1524 if (rar->filename_allocated < filename_size * 2 + 2) {
1525 newsize = filename_size * 2 + 2;
1526 newptr = realloc(rar->filename, newsize);
1527 if (newptr == NULL) {
1528 archive_set_error(&a->archive, ENOMEM,
1529 "Couldn't allocate memory.");
1530 return (ARCHIVE_FATAL);
1531 }
1532 rar->filename = newptr;
1533 rar->filename_allocated = newsize;
1534 }
1535 filename = rar->filename;
1536 memcpy(filename, p, filename_size);
1537 filename[filename_size] = '\0';
1538 if (rar->file_flags & FHD_UNICODE)
1539 {
1540 if (filename_size != strlen(filename))
1541 {
1542 unsigned char highbyte, flagbits, flagbyte;
1543 unsigned fn_end, offset;
1544
1545 end = filename_size;
1546 fn_end = filename_size * 2;
1547 filename_size = 0;
1548 offset = (unsigned)strlen(filename) + 1;
1549 highbyte = offset >= end ? 0 : *(p + offset++);
1550 flagbits = 0;
1551 flagbyte = 0;
1552 while (offset < end && filename_size < fn_end)
1553 {
1554 if (!flagbits)
1555 {
1556 flagbyte = *(p + offset++);
1557 flagbits = 8;
1558 }
1559
1560 flagbits -= 2;
1561 switch((flagbyte >> flagbits) & 3)
1562 {
1563 case 0:
1564 if (offset >= end)
1565 continue;
1566 filename[filename_size++] = '\0';
1567 filename[filename_size++] = *(p + offset++);
1568 break;
1569 case 1:
1570 if (offset >= end)
1571 continue;
1572 filename[filename_size++] = highbyte;
1573 filename[filename_size++] = *(p + offset++);
1574 break;
1575 case 2:
1576 if (offset >= end - 1) {
1577 offset = end;
1578 continue;
1579 }
1580 filename[filename_size++] = *(p + offset + 1);
1581 filename[filename_size++] = *(p + offset);
1582 offset += 2;
1583 break;
1584 case 3:
1585 {
1586 char extra, high;
1587 uint8_t length;
1588
1589 if (offset >= end)
1590 continue;
1591
1592 length = *(p + offset++);
1593 if (length & 0x80) {
1594 if (offset >= end)
1595 continue;
1596 extra = *(p + offset++);
1597 high = (char)highbyte;
1598 } else
1599 extra = high = 0;
1600 length = (length & 0x7f) + 2;
1601 while (length && filename_size < fn_end) {
1602 unsigned cp = filename_size >> 1;
1603 filename[filename_size++] = high;
1604 filename[filename_size++] = p[cp] + extra;
1605 length--;
1606 }
1607 }
1608 break;
1609 }
1610 }
1611 if (filename_size > fn_end) {
1612 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1613 "Invalid filename");
1614 return (ARCHIVE_FATAL);
1615 }
1616 filename[filename_size++] = '\0';
1617 /*
1618 * Do not increment filename_size here as the computations below
1619 * add the space for the terminating NUL explicitly.
1620 */
1621 filename[filename_size] = '\0';
1622
1623 /* Decoded unicode form is UTF-16BE, so we have to update a string
1624 * conversion object for it. */
1625 if (rar->sconv_utf16be == NULL) {
1626 rar->sconv_utf16be = archive_string_conversion_from_charset(
1627 &a->archive, "UTF-16BE", 1);
1628 if (rar->sconv_utf16be == NULL)
1629 return (ARCHIVE_FATAL);
1630 }
1631 fn_sconv = rar->sconv_utf16be;
1632
1633 strp = filename;
1634 while (memcmp(strp, "\x00\x00", 2))
1635 {
1636 if (!memcmp(strp, "\x00\\", 2))
1637 *(strp + 1) = '/';
1638 strp += 2;
1639 }
1640 p += offset;
1641 } else {
1642 /*
1643 * If FHD_UNICODE is set but no unicode data, this file name form
1644 * is UTF-8, so we have to update a string conversion object for
1645 * it accordingly.
1646 */
1647 if (rar->sconv_utf8 == NULL) {
1648 rar->sconv_utf8 = archive_string_conversion_from_charset(
1649 &a->archive, "UTF-8", 1);
1650 if (rar->sconv_utf8 == NULL)
1651 return (ARCHIVE_FATAL);
1652 }
1653 fn_sconv = rar->sconv_utf8;
1654 while ((strp = strchr(filename, '\\')) != NULL)
1655 *strp = '/';
1656 p += filename_size;
1657 }
1658 }
1659 else
1660 {
1661 fn_sconv = sconv;
1662 while ((strp = strchr(filename, '\\')) != NULL)
1663 *strp = '/';
1664 p += filename_size;
1665 }
1666
1667 /* Split file in multivolume RAR. No more need to process header. */
1668 if (rar->filename_save &&
1669 filename_size == rar->filename_save_size &&
1670 !memcmp(rar->filename, rar->filename_save, filename_size + 1))
1671 {
1672 __archive_read_consume(a, header_size - 7);
1673 rar->cursor++;
1674 if (rar->cursor >= rar->nodes)
1675 {
1676 struct data_block_offsets *newdbo;
1677
1678 newsize = sizeof(*rar->dbo) * (rar->nodes + 1);
1679 if ((newdbo = realloc(rar->dbo, newsize)) == NULL)
1680 {
1681 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
1682 return (ARCHIVE_FATAL);
1683 }
1684 rar->dbo = newdbo;
1685 rar->nodes++;
1686 rar->dbo[rar->cursor].header_size = header_size;
1687 rar->dbo[rar->cursor].start_offset = -1;
1688 rar->dbo[rar->cursor].end_offset = -1;
1689 }
1690 if (rar->dbo[rar->cursor].start_offset < 0)
1691 {
1692 rar->dbo[rar->cursor].start_offset = a->filter->position;
1693 rar->dbo[rar->cursor].end_offset = rar->dbo[rar->cursor].start_offset +
1694 rar->packed_size;
1695 }
1696 return ret;
1697 }
1698 else if (rar->filename_must_match)
1699 {
1700 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1701 "Mismatch of file parts split across multi-volume archive");
1702 return (ARCHIVE_FATAL);
1703 }
1704
1705 newsize = filename_size + 1;
1706 if ((newptr = realloc(rar->filename_save, newsize)) == NULL)
1707 {
1708 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
1709 return (ARCHIVE_FATAL);
1710 }
1711 rar->filename_save = newptr;
1712 memcpy(rar->filename_save, rar->filename, newsize);
1713 rar->filename_save_size = filename_size;
1714
1715 /* Set info for seeking */
1716 free(rar->dbo);
1717 if ((rar->dbo = calloc(1, sizeof(*rar->dbo))) == NULL)
1718 {
1719 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
1720 return (ARCHIVE_FATAL);
1721 }
1722 rar->dbo[0].header_size = header_size;
1723 rar->dbo[0].start_offset = -1;
1724 rar->dbo[0].end_offset = -1;
1725 rar->cursor = 0;
1726 rar->nodes = 1;
1727
1728 if (rar->file_flags & FHD_SALT)
1729 {
1730 if (p + 8 > endp) {
1731 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1732 "Invalid header size");
1733 return (ARCHIVE_FATAL);
1734 }
1735 memcpy(rar->salt, p, 8);
1736 p += 8;
1737 }
1738
1739 if (rar->file_flags & FHD_EXTTIME) {
1740 if (read_exttime(p, rar, endp) < 0) {
1741 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1742 "Invalid header size");
1743 return (ARCHIVE_FATAL);
1744 }
1745 }
1746
1747 __archive_read_consume(a, header_size - 7);
1748 rar->dbo[0].start_offset = a->filter->position;
1749 rar->dbo[0].end_offset = rar->dbo[0].start_offset + rar->packed_size;
1750
1751 switch(file_header.host_os)
1752 {
1753 case OS_MSDOS:
1754 case OS_OS2:
1755 case OS_WIN32:
1756 rar->mode = archive_le32dec(file_header.file_attr);
1757 if (rar->mode & FILE_ATTRIBUTE_DIRECTORY)
1758 rar->mode = AE_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH;
1759 else
1760 rar->mode = AE_IFREG;
1761 rar->mode |= S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1762 break;
1763
1764 case OS_UNIX:
1765 case OS_MAC_OS:
1766 case OS_BEOS:
1767 rar->mode = archive_le32dec(file_header.file_attr);
1768 break;
1769
1770 default:
1771 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1772 "Unknown file attributes from RAR file's host OS");
1773 return (ARCHIVE_FATAL);
1774 }
1775
1776 rar->bytes_uncopied = rar->bytes_unconsumed = 0;
1777 rar->lzss.position = rar->offset = 0;
1778 rar->offset_seek = 0;
1779 rar->dictionary_size = 0;
1780 rar->offset_outgoing = 0;
1781 rar->br.cache_avail = 0;
1782 rar->br.avail_in = 0;
1783 rar->crc_calculated = 0;
1784 rar->entry_eof = 0;
1785 rar->valid = 1;
1786 rar->is_ppmd_block = 0;
1787 rar->start_new_table = 1;
1788 free(rar->unp_buffer);
1789 rar->unp_buffer = NULL;
1790 rar->unp_offset = 0;
1791 rar->unp_buffer_size = UNP_BUFFER_SIZE;
1792 memset(rar->lengthtable, 0, sizeof(rar->lengthtable));
1793 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1794 rar->ppmd_valid = rar->ppmd_eod = 0;
1795 rar->filters.filterstart = INT64_MAX;
1796
1797 /* Don't set any archive entries for non-file header types */
1798 if (head_type == NEWSUB_HEAD)
1799 return ret;
1800
1801 archive_entry_set_mtime(entry, rar->mtime, rar->mnsec);
1802 archive_entry_set_ctime(entry, rar->ctime, rar->cnsec);
1803 archive_entry_set_atime(entry, rar->atime, rar->ansec);
1804 archive_entry_set_size(entry, rar->unp_size);
1805 archive_entry_set_mode(entry, rar->mode);
1806
1807 if (archive_entry_copy_pathname_l(entry, filename, filename_size, fn_sconv))
1808 {
1809 if (errno == ENOMEM)
1810 {
1811 archive_set_error(&a->archive, ENOMEM,
1812 "Can't allocate memory for Pathname");
1813 return (ARCHIVE_FATAL);
1814 }
1815 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1816 "Pathname cannot be converted from %s to current locale.",
1817 archive_string_conversion_charset_name(fn_sconv));
1818 ret = (ARCHIVE_WARN);
1819 }
1820
1821 if (((rar->mode) & AE_IFMT) == AE_IFLNK)
1822 {
1823 /* Make sure a symbolic-link file does not have its body. */
1824 rar->bytes_remaining = 0;
1825 archive_entry_set_size(entry, 0);
1826
1827 /* Read a symbolic-link name. */
1828 if ((ret2 = read_symlink_stored(a, entry, sconv)) < (ARCHIVE_WARN))
1829 return ret2;
1830 if (ret > ret2)
1831 ret = ret2;
1832 }
1833
1834 if (rar->bytes_remaining == 0)
1835 rar->entry_eof = 1;
1836
1837 return ret;
1838 }
1839
1840 static time_t
get_time(int ttime)1841 get_time(int ttime)
1842 {
1843 struct tm tm;
1844 tm.tm_sec = 2 * (ttime & 0x1f);
1845 tm.tm_min = (ttime >> 5) & 0x3f;
1846 tm.tm_hour = (ttime >> 11) & 0x1f;
1847 tm.tm_mday = (ttime >> 16) & 0x1f;
1848 tm.tm_mon = ((ttime >> 21) & 0x0f) - 1;
1849 tm.tm_year = ((ttime >> 25) & 0x7f) + 80;
1850 tm.tm_isdst = -1;
1851 return mktime(&tm);
1852 }
1853
1854 static int
read_exttime(const char * p,struct rar * rar,const char * endp)1855 read_exttime(const char *p, struct rar *rar, const char *endp)
1856 {
1857 unsigned rmode, flags, rem, j, count;
1858 int ttime, i;
1859 struct tm *tm;
1860 time_t t;
1861 long nsec;
1862 #if defined(HAVE_LOCALTIME_R) || defined(HAVE_LOCALTIME_S)
1863 struct tm tmbuf;
1864 #endif
1865
1866 if (p + 2 > endp)
1867 return (-1);
1868 flags = archive_le16dec(p);
1869 p += 2;
1870
1871 for (i = 3; i >= 0; i--)
1872 {
1873 t = 0;
1874 if (i == 3)
1875 t = rar->mtime;
1876 rmode = flags >> i * 4;
1877 if (rmode & 8)
1878 {
1879 if (!t)
1880 {
1881 if (p + 4 > endp)
1882 return (-1);
1883 ttime = archive_le32dec(p);
1884 t = get_time(ttime);
1885 p += 4;
1886 }
1887 rem = 0;
1888 count = rmode & 3;
1889 if (p + count > endp)
1890 return (-1);
1891 for (j = 0; j < count; j++)
1892 {
1893 rem = (((unsigned)(unsigned char)*p) << 16) | (rem >> 8);
1894 p++;
1895 }
1896 #if defined(HAVE_LOCALTIME_S)
1897 tm = localtime_s(&tmbuf, &t) ? NULL : &tmbuf;
1898 #elif defined(HAVE_LOCALTIME_R)
1899 tm = localtime_r(&t, &tmbuf);
1900 #else
1901 tm = localtime(&t);
1902 #endif
1903 nsec = tm->tm_sec + rem / NS_UNIT;
1904 if (rmode & 4)
1905 {
1906 tm->tm_sec++;
1907 t = mktime(tm);
1908 }
1909 if (i == 3)
1910 {
1911 rar->mtime = t;
1912 rar->mnsec = nsec;
1913 }
1914 else if (i == 2)
1915 {
1916 rar->ctime = t;
1917 rar->cnsec = nsec;
1918 }
1919 else if (i == 1)
1920 {
1921 rar->atime = t;
1922 rar->ansec = nsec;
1923 }
1924 else
1925 {
1926 rar->arctime = t;
1927 rar->arcnsec = nsec;
1928 }
1929 }
1930 }
1931 return (0);
1932 }
1933
1934 static int
read_symlink_stored(struct archive_read * a,struct archive_entry * entry,struct archive_string_conv * sconv)1935 read_symlink_stored(struct archive_read *a, struct archive_entry *entry,
1936 struct archive_string_conv *sconv)
1937 {
1938 const void *h;
1939 const char *p;
1940 struct rar *rar;
1941 int ret = (ARCHIVE_OK);
1942
1943 rar = (struct rar *)(a->format->data);
1944 if ((h = rar_read_ahead(a, (size_t)rar->packed_size, NULL)) == NULL)
1945 return (ARCHIVE_FATAL);
1946 p = h;
1947
1948 if (archive_entry_copy_symlink_l(entry,
1949 p, (size_t)rar->packed_size, sconv))
1950 {
1951 if (errno == ENOMEM)
1952 {
1953 archive_set_error(&a->archive, ENOMEM,
1954 "Can't allocate memory for link");
1955 return (ARCHIVE_FATAL);
1956 }
1957 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1958 "link cannot be converted from %s to current locale.",
1959 archive_string_conversion_charset_name(sconv));
1960 ret = (ARCHIVE_WARN);
1961 }
1962 __archive_read_consume(a, rar->packed_size);
1963 return ret;
1964 }
1965
1966 static int
read_data_stored(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1967 read_data_stored(struct archive_read *a, const void **buff, size_t *size,
1968 int64_t *offset)
1969 {
1970 struct rar *rar;
1971 ssize_t bytes_avail;
1972
1973 rar = (struct rar *)(a->format->data);
1974 if (rar->bytes_remaining == 0 &&
1975 !(rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER))
1976 {
1977 *buff = NULL;
1978 *size = 0;
1979 *offset = rar->offset;
1980 if (rar->file_crc != rar->crc_calculated) {
1981 #ifndef DONT_FAIL_ON_CRC_ERROR
1982 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1983 "File CRC error");
1984 return (ARCHIVE_FATAL);
1985 #endif
1986 }
1987 rar->entry_eof = 1;
1988 return (ARCHIVE_EOF);
1989 }
1990
1991 *buff = rar_read_ahead(a, 1, &bytes_avail);
1992 if (bytes_avail <= 0)
1993 {
1994 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1995 "Truncated RAR file data");
1996 return (ARCHIVE_FATAL);
1997 }
1998
1999 *size = bytes_avail;
2000 *offset = rar->offset;
2001 rar->offset += bytes_avail;
2002 rar->offset_seek += bytes_avail;
2003 rar->bytes_remaining -= bytes_avail;
2004 rar->bytes_unconsumed = bytes_avail;
2005 /* Calculate File CRC. */
2006 rar->crc_calculated = crc32(rar->crc_calculated, *buff,
2007 (unsigned)bytes_avail);
2008 return (ARCHIVE_OK);
2009 }
2010
2011 static int
read_data_compressed(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset,size_t looper)2012 read_data_compressed(struct archive_read *a, const void **buff, size_t *size,
2013 int64_t *offset, size_t looper)
2014 {
2015 if (looper++ > MAX_COMPRESS_DEPTH)
2016 return (ARCHIVE_FATAL);
2017
2018 struct rar *rar;
2019 int64_t start, end;
2020 size_t bs;
2021 int ret = (ARCHIVE_OK), sym, code, lzss_offset, length, i;
2022
2023 rar = (struct rar *)(a->format->data);
2024
2025 do {
2026 if (!rar->valid)
2027 return (ARCHIVE_FATAL);
2028
2029 if (rar->filters.bytes_ready > 0)
2030 {
2031 /* Flush unp_buffer first */
2032 if (rar->unp_offset > 0)
2033 {
2034 *buff = rar->unp_buffer;
2035 *size = rar->unp_offset;
2036 rar->unp_offset = 0;
2037 *offset = rar->offset_outgoing;
2038 rar->offset_outgoing += *size;
2039 }
2040 else
2041 {
2042 *buff = rar->filters.bytes;
2043 *size = rar->filters.bytes_ready;
2044
2045 rar->offset += *size;
2046 *offset = rar->offset_outgoing;
2047 rar->offset_outgoing += *size;
2048
2049 rar->filters.bytes_ready -= *size;
2050 rar->filters.bytes += *size;
2051 }
2052 goto ending_block;
2053 }
2054
2055 if (rar->ppmd_eod ||
2056 (rar->dictionary_size && rar->offset >= rar->unp_size))
2057 {
2058 if (rar->unp_offset > 0) {
2059 /*
2060 * We have unprocessed extracted data. write it out.
2061 */
2062 *buff = rar->unp_buffer;
2063 *size = rar->unp_offset;
2064 *offset = rar->offset_outgoing;
2065 rar->offset_outgoing += *size;
2066 /* Calculate File CRC. */
2067 rar->crc_calculated = crc32(rar->crc_calculated, *buff,
2068 (unsigned)*size);
2069 rar->unp_offset = 0;
2070 return (ARCHIVE_OK);
2071 }
2072 *buff = NULL;
2073 *size = 0;
2074 *offset = rar->offset;
2075 if (rar->file_crc != rar->crc_calculated) {
2076 #ifndef DONT_FAIL_ON_CRC_ERROR
2077 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2078 "File CRC error");
2079 return (ARCHIVE_FATAL);
2080 #endif
2081 }
2082 rar->entry_eof = 1;
2083 return (ARCHIVE_EOF);
2084 }
2085
2086 if (!rar->is_ppmd_block && rar->dictionary_size && rar->bytes_uncopied > 0)
2087 {
2088 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset))
2089 bs = rar->unp_buffer_size - rar->unp_offset;
2090 else
2091 bs = (size_t)rar->bytes_uncopied;
2092 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, bs);
2093 if (ret != ARCHIVE_OK)
2094 return (ret);
2095 rar->offset += bs;
2096 rar->bytes_uncopied -= bs;
2097 if (*buff != NULL) {
2098 rar->unp_offset = 0;
2099 *size = rar->unp_buffer_size;
2100 *offset = rar->offset_outgoing;
2101 rar->offset_outgoing += *size;
2102 /* Calculate File CRC. */
2103 rar->crc_calculated = crc32(rar->crc_calculated, *buff,
2104 (unsigned)*size);
2105 return (ret);
2106 }
2107 continue;
2108 }
2109
2110 if (rar->filters.lastend == rar->filters.filterstart)
2111 {
2112 if (!run_filters(a))
2113 return (ARCHIVE_FATAL);
2114 continue;
2115 }
2116
2117 if (!rar->br.next_in &&
2118 (ret = rar_br_preparation(a, &(rar->br))) < ARCHIVE_WARN)
2119 return (ret);
2120 if (rar->start_new_table && ((ret = parse_codes(a)) < (ARCHIVE_WARN)))
2121 return (ret);
2122
2123 if (rar->is_ppmd_block)
2124 {
2125 if ((sym = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2126 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2127 {
2128 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2129 "Invalid symbol");
2130 return (ARCHIVE_FATAL);
2131 }
2132 if(sym != rar->ppmd_escape)
2133 {
2134 lzss_emit_literal(rar, sym);
2135 rar->bytes_uncopied++;
2136 }
2137 else
2138 {
2139 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2140 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2141 {
2142 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2143 "Invalid symbol");
2144 return (ARCHIVE_FATAL);
2145 }
2146
2147 switch(code)
2148 {
2149 case 0:
2150 rar->start_new_table = 1;
2151 return read_data_compressed(a, buff, size, offset, looper);
2152
2153 case 2:
2154 rar->ppmd_eod = 1;/* End Of ppmd Data. */
2155 continue;
2156
2157 case 3:
2158 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2159 "Parsing filters is unsupported.");
2160 return (ARCHIVE_FAILED);
2161
2162 case 4:
2163 lzss_offset = 0;
2164 for (i = 2; i >= 0; i--)
2165 {
2166 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2167 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2168 {
2169 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2170 "Invalid symbol");
2171 return (ARCHIVE_FATAL);
2172 }
2173 lzss_offset |= code << (i * 8);
2174 }
2175 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2176 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2177 {
2178 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2179 "Invalid symbol");
2180 return (ARCHIVE_FATAL);
2181 }
2182 lzss_emit_match(rar, lzss_offset + 2, length + 32);
2183 rar->bytes_uncopied += length + 32;
2184 break;
2185
2186 case 5:
2187 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2188 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2189 {
2190 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2191 "Invalid symbol");
2192 return (ARCHIVE_FATAL);
2193 }
2194 lzss_emit_match(rar, 1, length + 4);
2195 rar->bytes_uncopied += length + 4;
2196 break;
2197
2198 default:
2199 lzss_emit_literal(rar, sym);
2200 rar->bytes_uncopied++;
2201 }
2202 }
2203 }
2204 else
2205 {
2206 start = rar->offset;
2207 end = start + rar->dictionary_size;
2208
2209 /* We don't want to overflow the window and overwrite data that we write
2210 * at 'start'. Therefore, reduce the end length by the maximum match size,
2211 * which is 260 bytes. You can compute this maximum by looking at the
2212 * definition of 'expand', in particular when 'symbol >= 271'. */
2213 /* NOTE: It's possible for 'dictionary_size' to be less than this 260
2214 * value, however that will only be the case when 'unp_size' is small,
2215 * which should only happen when the entry size is small and there's no
2216 * risk of overflowing the buffer */
2217 if (rar->dictionary_size > 260) {
2218 end -= 260;
2219 }
2220
2221 if (rar->filters.filterstart < end) {
2222 end = rar->filters.filterstart;
2223 }
2224
2225 ret = expand(a, &end);
2226 if (ret != ARCHIVE_OK)
2227 return (ret);
2228
2229 rar->bytes_uncopied = end - start;
2230 rar->filters.lastend = end;
2231 if (rar->filters.lastend != rar->filters.filterstart && rar->bytes_uncopied == 0) {
2232 /* Broken RAR files cause this case.
2233 * NOTE: If this case were possible on a normal RAR file
2234 * we would find out where it was actually bad and
2235 * what we would do to solve it. */
2236 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2237 "Internal error extracting RAR file");
2238 return (ARCHIVE_FATAL);
2239 }
2240 }
2241 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset))
2242 bs = rar->unp_buffer_size - rar->unp_offset;
2243 else
2244 bs = (size_t)rar->bytes_uncopied;
2245 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, bs);
2246 if (ret != ARCHIVE_OK)
2247 return (ret);
2248 rar->offset += bs;
2249 rar->bytes_uncopied -= bs;
2250 /*
2251 * If *buff is NULL, it means unp_buffer is not full.
2252 * So we have to continue extracting a RAR file.
2253 */
2254 } while (*buff == NULL);
2255
2256 rar->unp_offset = 0;
2257 *size = rar->unp_buffer_size;
2258 *offset = rar->offset_outgoing;
2259 rar->offset_outgoing += *size;
2260 ending_block:
2261 /* Calculate File CRC. */
2262 rar->crc_calculated = crc32(rar->crc_calculated, *buff, (unsigned)*size);
2263 return ret;
2264 }
2265
2266 static int
parse_codes(struct archive_read * a)2267 parse_codes(struct archive_read *a)
2268 {
2269 int i, j, val, n, r;
2270 unsigned char bitlengths[MAX_SYMBOLS], zerocount, ppmd_flags;
2271 unsigned int maxorder;
2272 struct huffman_code precode;
2273 struct rar *rar = (struct rar *)(a->format->data);
2274 struct rar_br *br = &(rar->br);
2275
2276 free_codes(a);
2277
2278 /* Skip to the next byte */
2279 rar_br_consume_unalined_bits(br);
2280
2281 /* PPMd block flag */
2282 if (!rar_br_read_ahead(a, br, 1))
2283 goto truncated_data;
2284 if ((rar->is_ppmd_block = rar_br_bits(br, 1)) != 0)
2285 {
2286 rar_br_consume(br, 1);
2287 if (!rar_br_read_ahead(a, br, 7))
2288 goto truncated_data;
2289 ppmd_flags = rar_br_bits(br, 7);
2290 rar_br_consume(br, 7);
2291
2292 /* Memory is allocated in MB */
2293 if (ppmd_flags & 0x20)
2294 {
2295 if (!rar_br_read_ahead(a, br, 8))
2296 goto truncated_data;
2297 rar->dictionary_size = (rar_br_bits(br, 8) + 1) << 20;
2298 rar_br_consume(br, 8);
2299 }
2300
2301 if (ppmd_flags & 0x40)
2302 {
2303 if (!rar_br_read_ahead(a, br, 8))
2304 goto truncated_data;
2305 rar->ppmd_escape = rar->ppmd7_context.InitEsc = rar_br_bits(br, 8);
2306 rar_br_consume(br, 8);
2307 }
2308 else
2309 rar->ppmd_escape = 2;
2310
2311 if (ppmd_flags & 0x20)
2312 {
2313 maxorder = (ppmd_flags & 0x1F) + 1;
2314 if(maxorder > 16)
2315 maxorder = 16 + (maxorder - 16) * 3;
2316
2317 if (maxorder == 1)
2318 {
2319 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2320 "Truncated RAR file data");
2321 return (ARCHIVE_FATAL);
2322 }
2323
2324 /* Make sure ppmd7_contest is freed before Ppmd7_Construct
2325 * because reading a broken file cause this abnormal sequence. */
2326 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
2327
2328 rar->bytein.a = a;
2329 rar->bytein.Read = &ppmd_read;
2330 __archive_ppmd7_functions.PpmdRAR_RangeDec_CreateVTable(&rar->range_dec);
2331 rar->range_dec.Stream = &rar->bytein;
2332 __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context);
2333
2334 if (rar->dictionary_size == 0) {
2335 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2336 "Invalid zero dictionary size");
2337 return (ARCHIVE_FATAL);
2338 }
2339
2340 if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context,
2341 rar->dictionary_size))
2342 {
2343 archive_set_error(&a->archive, ENOMEM,
2344 "Out of memory");
2345 return (ARCHIVE_FATAL);
2346 }
2347 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec))
2348 {
2349 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2350 "Unable to initialize PPMd range decoder");
2351 return (ARCHIVE_FATAL);
2352 }
2353 __archive_ppmd7_functions.Ppmd7_Init(&rar->ppmd7_context, maxorder);
2354 rar->ppmd_valid = 1;
2355 }
2356 else
2357 {
2358 if (!rar->ppmd_valid) {
2359 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2360 "Invalid PPMd sequence");
2361 return (ARCHIVE_FATAL);
2362 }
2363 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec))
2364 {
2365 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2366 "Unable to initialize PPMd range decoder");
2367 return (ARCHIVE_FATAL);
2368 }
2369 }
2370 }
2371 else
2372 {
2373 rar_br_consume(br, 1);
2374
2375 /* Keep existing table flag */
2376 if (!rar_br_read_ahead(a, br, 1))
2377 goto truncated_data;
2378 if (!rar_br_bits(br, 1))
2379 memset(rar->lengthtable, 0, sizeof(rar->lengthtable));
2380 rar_br_consume(br, 1);
2381
2382 memset(&bitlengths, 0, sizeof(bitlengths));
2383 for (i = 0; i < MAX_SYMBOLS;)
2384 {
2385 if (!rar_br_read_ahead(a, br, 4))
2386 goto truncated_data;
2387 bitlengths[i++] = rar_br_bits(br, 4);
2388 rar_br_consume(br, 4);
2389 if (bitlengths[i-1] == 0xF)
2390 {
2391 if (!rar_br_read_ahead(a, br, 4))
2392 goto truncated_data;
2393 zerocount = rar_br_bits(br, 4);
2394 rar_br_consume(br, 4);
2395 if (zerocount)
2396 {
2397 i--;
2398 for (j = 0; j < zerocount + 2 && i < MAX_SYMBOLS; j++)
2399 bitlengths[i++] = 0;
2400 }
2401 }
2402 }
2403
2404 memset(&precode, 0, sizeof(precode));
2405 r = create_code(a, &precode, bitlengths, MAX_SYMBOLS, MAX_SYMBOL_LENGTH);
2406 if (r != ARCHIVE_OK) {
2407 free(precode.tree);
2408 free(precode.table);
2409 return (r);
2410 }
2411
2412 for (i = 0; i < HUFFMAN_TABLE_SIZE;)
2413 {
2414 if ((val = read_next_symbol(a, &precode)) < 0) {
2415 free(precode.tree);
2416 free(precode.table);
2417 return (ARCHIVE_FATAL);
2418 }
2419 if (val < 16)
2420 {
2421 rar->lengthtable[i] = (rar->lengthtable[i] + val) & 0xF;
2422 i++;
2423 }
2424 else if (val < 18)
2425 {
2426 if (i == 0)
2427 {
2428 free(precode.tree);
2429 free(precode.table);
2430 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2431 "Internal error extracting RAR file.");
2432 return (ARCHIVE_FATAL);
2433 }
2434
2435 if(val == 16) {
2436 if (!rar_br_read_ahead(a, br, 3)) {
2437 free(precode.tree);
2438 free(precode.table);
2439 goto truncated_data;
2440 }
2441 n = rar_br_bits(br, 3) + 3;
2442 rar_br_consume(br, 3);
2443 } else {
2444 if (!rar_br_read_ahead(a, br, 7)) {
2445 free(precode.tree);
2446 free(precode.table);
2447 goto truncated_data;
2448 }
2449 n = rar_br_bits(br, 7) + 11;
2450 rar_br_consume(br, 7);
2451 }
2452
2453 for (j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++)
2454 {
2455 rar->lengthtable[i] = rar->lengthtable[i-1];
2456 i++;
2457 }
2458 }
2459 else
2460 {
2461 if(val == 18) {
2462 if (!rar_br_read_ahead(a, br, 3)) {
2463 free(precode.tree);
2464 free(precode.table);
2465 goto truncated_data;
2466 }
2467 n = rar_br_bits(br, 3) + 3;
2468 rar_br_consume(br, 3);
2469 } else {
2470 if (!rar_br_read_ahead(a, br, 7)) {
2471 free(precode.tree);
2472 free(precode.table);
2473 goto truncated_data;
2474 }
2475 n = rar_br_bits(br, 7) + 11;
2476 rar_br_consume(br, 7);
2477 }
2478
2479 for(j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++)
2480 rar->lengthtable[i++] = 0;
2481 }
2482 }
2483 free(precode.tree);
2484 free(precode.table);
2485
2486 r = create_code(a, &rar->maincode, &rar->lengthtable[0], MAINCODE_SIZE,
2487 MAX_SYMBOL_LENGTH);
2488 if (r != ARCHIVE_OK)
2489 return (r);
2490 r = create_code(a, &rar->offsetcode, &rar->lengthtable[MAINCODE_SIZE],
2491 OFFSETCODE_SIZE, MAX_SYMBOL_LENGTH);
2492 if (r != ARCHIVE_OK)
2493 return (r);
2494 r = create_code(a, &rar->lowoffsetcode,
2495 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE],
2496 LOWOFFSETCODE_SIZE, MAX_SYMBOL_LENGTH);
2497 if (r != ARCHIVE_OK)
2498 return (r);
2499 r = create_code(a, &rar->lengthcode,
2500 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE +
2501 LOWOFFSETCODE_SIZE], LENGTHCODE_SIZE, MAX_SYMBOL_LENGTH);
2502 if (r != ARCHIVE_OK)
2503 return (r);
2504 }
2505
2506 if (!rar->dictionary_size || !rar->lzss.window)
2507 {
2508 /* Seems as though dictionary sizes are not used. Even so, minimize
2509 * memory usage as much as possible.
2510 */
2511 void *new_window;
2512 unsigned int new_size;
2513
2514 if (rar->unp_size >= DICTIONARY_MAX_SIZE)
2515 new_size = DICTIONARY_MAX_SIZE;
2516 else
2517 new_size = rar_fls((unsigned int)rar->unp_size) << 1;
2518 if (new_size == 0) {
2519 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2520 "Zero window size is invalid.");
2521 return (ARCHIVE_FATAL);
2522 }
2523 new_window = realloc(rar->lzss.window, new_size);
2524 if (new_window == NULL) {
2525 archive_set_error(&a->archive, ENOMEM,
2526 "Unable to allocate memory for uncompressed data.");
2527 return (ARCHIVE_FATAL);
2528 }
2529 rar->lzss.window = (unsigned char *)new_window;
2530 rar->dictionary_size = new_size;
2531 memset(rar->lzss.window, 0, rar->dictionary_size);
2532 rar->lzss.mask = rar->dictionary_size - 1;
2533 }
2534
2535 rar->start_new_table = 0;
2536 return (ARCHIVE_OK);
2537 truncated_data:
2538 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2539 "Truncated RAR file data");
2540 rar->valid = 0;
2541 return (ARCHIVE_FATAL);
2542 }
2543
2544 static void
free_codes(struct archive_read * a)2545 free_codes(struct archive_read *a)
2546 {
2547 struct rar *rar = (struct rar *)(a->format->data);
2548 free(rar->maincode.tree);
2549 free(rar->offsetcode.tree);
2550 free(rar->lowoffsetcode.tree);
2551 free(rar->lengthcode.tree);
2552 free(rar->maincode.table);
2553 free(rar->offsetcode.table);
2554 free(rar->lowoffsetcode.table);
2555 free(rar->lengthcode.table);
2556 memset(&rar->maincode, 0, sizeof(rar->maincode));
2557 memset(&rar->offsetcode, 0, sizeof(rar->offsetcode));
2558 memset(&rar->lowoffsetcode, 0, sizeof(rar->lowoffsetcode));
2559 memset(&rar->lengthcode, 0, sizeof(rar->lengthcode));
2560 }
2561
2562
2563 static int
read_next_symbol(struct archive_read * a,struct huffman_code * code)2564 read_next_symbol(struct archive_read *a, struct huffman_code *code)
2565 {
2566 unsigned char bit;
2567 unsigned int bits;
2568 int length, value, node;
2569 struct rar *rar;
2570 struct rar_br *br;
2571
2572 if (!code->table)
2573 {
2574 if (make_table(a, code) != (ARCHIVE_OK))
2575 return -1;
2576 }
2577
2578 rar = (struct rar *)(a->format->data);
2579 br = &(rar->br);
2580
2581 /* Look ahead (peek) at bits */
2582 if (!rar_br_read_ahead(a, br, code->tablesize)) {
2583 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2584 "Truncated RAR file data");
2585 rar->valid = 0;
2586 return -1;
2587 }
2588 bits = rar_br_bits(br, code->tablesize);
2589
2590 length = code->table[bits].length;
2591 value = code->table[bits].value;
2592
2593 if (length < 0)
2594 {
2595 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2596 "Invalid prefix code in bitstream");
2597 return -1;
2598 }
2599
2600 if (length <= code->tablesize)
2601 {
2602 /* Skip length bits */
2603 rar_br_consume(br, length);
2604 return value;
2605 }
2606
2607 /* Skip tablesize bits */
2608 rar_br_consume(br, code->tablesize);
2609
2610 node = value;
2611 while (code->tree[node].branches[0] != code->tree[node].branches[1])
2612 {
2613 if (!rar_br_read_ahead(a, br, 1)) {
2614 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2615 "Truncated RAR file data");
2616 rar->valid = 0;
2617 return -1;
2618 }
2619 bit = rar_br_bits(br, 1);
2620 rar_br_consume(br, 1);
2621
2622 if (code->tree[node].branches[bit] < 0)
2623 {
2624 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2625 "Invalid prefix code in bitstream");
2626 return -1;
2627 }
2628 node = code->tree[node].branches[bit];
2629 }
2630
2631 return code->tree[node].branches[0];
2632 }
2633
2634 static int
create_code(struct archive_read * a,struct huffman_code * code,unsigned char * lengths,int numsymbols,char maxlength)2635 create_code(struct archive_read *a, struct huffman_code *code,
2636 unsigned char *lengths, int numsymbols, char maxlength)
2637 {
2638 int i, j, codebits = 0, symbolsleft = numsymbols;
2639
2640 code->numentries = 0;
2641 code->numallocatedentries = 0;
2642 if (new_node(code) < 0) {
2643 archive_set_error(&a->archive, ENOMEM,
2644 "Unable to allocate memory for node data.");
2645 return (ARCHIVE_FATAL);
2646 }
2647 code->numentries = 1;
2648 code->minlength = INT_MAX;
2649 code->maxlength = INT_MIN;
2650 codebits = 0;
2651 for(i = 1; i <= maxlength; i++)
2652 {
2653 for(j = 0; j < numsymbols; j++)
2654 {
2655 if (lengths[j] != i) continue;
2656 if (add_value(a, code, j, codebits, i) != ARCHIVE_OK)
2657 return (ARCHIVE_FATAL);
2658 codebits++;
2659 if (--symbolsleft <= 0)
2660 break;
2661 }
2662 if (symbolsleft <= 0)
2663 break;
2664 codebits <<= 1;
2665 }
2666 return (ARCHIVE_OK);
2667 }
2668
2669 static int
add_value(struct archive_read * a,struct huffman_code * code,int value,int codebits,int length)2670 add_value(struct archive_read *a, struct huffman_code *code, int value,
2671 int codebits, int length)
2672 {
2673 int lastnode, bitpos, bit;
2674 /* int repeatpos, repeatnode, nextnode; */
2675
2676 free(code->table);
2677 code->table = NULL;
2678
2679 if(length > code->maxlength)
2680 code->maxlength = length;
2681 if(length < code->minlength)
2682 code->minlength = length;
2683
2684 /*
2685 * Dead code, repeatpos was is -1
2686 *
2687 repeatpos = -1;
2688 if (repeatpos == 0 || (repeatpos >= 0
2689 && (((codebits >> (repeatpos - 1)) & 3) == 0
2690 || ((codebits >> (repeatpos - 1)) & 3) == 3)))
2691 {
2692 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2693 "Invalid repeat position");
2694 return (ARCHIVE_FATAL);
2695 }
2696 */
2697
2698 lastnode = 0;
2699 for (bitpos = length - 1; bitpos >= 0; bitpos--)
2700 {
2701 bit = (codebits >> bitpos) & 1;
2702
2703 /* Leaf node check */
2704 if (code->tree[lastnode].branches[0] ==
2705 code->tree[lastnode].branches[1])
2706 {
2707 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2708 "Prefix found");
2709 return (ARCHIVE_FATAL);
2710 }
2711
2712 /*
2713 * Dead code, repeatpos was -1, bitpos >=0
2714 *
2715 if (bitpos == repeatpos)
2716 {
2717 * Open branch check *
2718 if (!(code->tree[lastnode].branches[bit] < 0))
2719 {
2720 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2721 "Invalid repeating code");
2722 return (ARCHIVE_FATAL);
2723 }
2724
2725 if ((repeatnode = new_node(code)) < 0) {
2726 archive_set_error(&a->archive, ENOMEM,
2727 "Unable to allocate memory for node data.");
2728 return (ARCHIVE_FATAL);
2729 }
2730 if ((nextnode = new_node(code)) < 0) {
2731 archive_set_error(&a->archive, ENOMEM,
2732 "Unable to allocate memory for node data.");
2733 return (ARCHIVE_FATAL);
2734 }
2735
2736 * Set branches *
2737 code->tree[lastnode].branches[bit] = repeatnode;
2738 code->tree[repeatnode].branches[bit] = repeatnode;
2739 code->tree[repeatnode].branches[bit^1] = nextnode;
2740 lastnode = nextnode;
2741
2742 bitpos++; * terminating bit already handled, skip it *
2743 }
2744 else
2745 {
2746 */
2747 /* Open branch check */
2748 if (code->tree[lastnode].branches[bit] < 0)
2749 {
2750 if (new_node(code) < 0) {
2751 archive_set_error(&a->archive, ENOMEM,
2752 "Unable to allocate memory for node data.");
2753 return (ARCHIVE_FATAL);
2754 }
2755 code->tree[lastnode].branches[bit] = code->numentries++;
2756 }
2757
2758 /* set to branch */
2759 lastnode = code->tree[lastnode].branches[bit];
2760 /* } */
2761 }
2762
2763 if (!(code->tree[lastnode].branches[0] == -1
2764 && code->tree[lastnode].branches[1] == -2))
2765 {
2766 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2767 "Prefix found");
2768 return (ARCHIVE_FATAL);
2769 }
2770
2771 /* Set leaf value */
2772 code->tree[lastnode].branches[0] = value;
2773 code->tree[lastnode].branches[1] = value;
2774
2775 return (ARCHIVE_OK);
2776 }
2777
2778 static int
new_node(struct huffman_code * code)2779 new_node(struct huffman_code *code)
2780 {
2781 void *new_tree;
2782 if (code->numallocatedentries == code->numentries) {
2783 int new_num_entries = 256;
2784 if (code->numentries > 0) {
2785 new_num_entries = code->numentries * 2;
2786 }
2787 new_tree = realloc(code->tree, new_num_entries * sizeof(*code->tree));
2788 if (new_tree == NULL)
2789 return (-1);
2790 code->tree = (struct huffman_tree_node *)new_tree;
2791 code->numallocatedentries = new_num_entries;
2792 }
2793 code->tree[code->numentries].branches[0] = -1;
2794 code->tree[code->numentries].branches[1] = -2;
2795 return 1;
2796 }
2797
2798 static int
make_table(struct archive_read * a,struct huffman_code * code)2799 make_table(struct archive_read *a, struct huffman_code *code)
2800 {
2801 if (code->maxlength < code->minlength || code->maxlength > 10)
2802 code->tablesize = 10;
2803 else
2804 code->tablesize = code->maxlength;
2805
2806 code->table = calloc(1U << code->tablesize, sizeof(*code->table));
2807
2808 return make_table_recurse(a, code, 0, code->table, 0, code->tablesize);
2809 }
2810
2811 static int
make_table_recurse(struct archive_read * a,struct huffman_code * code,int node,struct huffman_table_entry * table,int depth,int maxdepth)2812 make_table_recurse(struct archive_read *a, struct huffman_code *code, int node,
2813 struct huffman_table_entry *table, int depth,
2814 int maxdepth)
2815 {
2816 int currtablesize, i, ret = (ARCHIVE_OK);
2817
2818 if (!code->tree)
2819 {
2820 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2821 "Huffman tree was not created.");
2822 return (ARCHIVE_FATAL);
2823 }
2824 if (node < 0 || node >= code->numentries)
2825 {
2826 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2827 "Invalid location to Huffman tree specified.");
2828 return (ARCHIVE_FATAL);
2829 }
2830
2831 currtablesize = 1 << (maxdepth - depth);
2832
2833 if (code->tree[node].branches[0] ==
2834 code->tree[node].branches[1])
2835 {
2836 for(i = 0; i < currtablesize; i++)
2837 {
2838 table[i].length = depth;
2839 table[i].value = code->tree[node].branches[0];
2840 }
2841 }
2842 /*
2843 * Dead code, node >= 0
2844 *
2845 else if (node < 0)
2846 {
2847 for(i = 0; i < currtablesize; i++)
2848 table[i].length = -1;
2849 }
2850 */
2851 else
2852 {
2853 if(depth == maxdepth)
2854 {
2855 table[0].length = maxdepth + 1;
2856 table[0].value = node;
2857 }
2858 else
2859 {
2860 ret |= make_table_recurse(a, code, code->tree[node].branches[0], table,
2861 depth + 1, maxdepth);
2862 ret |= make_table_recurse(a, code, code->tree[node].branches[1],
2863 table + currtablesize / 2, depth + 1, maxdepth);
2864 }
2865 }
2866 return ret;
2867 }
2868
2869 static int
expand(struct archive_read * a,int64_t * end)2870 expand(struct archive_read *a, int64_t *end)
2871 {
2872 static const unsigned char lengthbases[] =
2873 { 0, 1, 2, 3, 4, 5, 6,
2874 7, 8, 10, 12, 14, 16, 20,
2875 24, 28, 32, 40, 48, 56, 64,
2876 80, 96, 112, 128, 160, 192, 224 };
2877 static const unsigned char lengthbits[] =
2878 { 0, 0, 0, 0, 0, 0, 0,
2879 0, 1, 1, 1, 1, 2, 2,
2880 2, 2, 3, 3, 3, 3, 4,
2881 4, 4, 4, 5, 5, 5, 5 };
2882 static const int lengthb_min = minimum(
2883 (int)(sizeof(lengthbases)/sizeof(lengthbases[0])),
2884 (int)(sizeof(lengthbits)/sizeof(lengthbits[0]))
2885 );
2886 static const unsigned int offsetbases[] =
2887 { 0, 1, 2, 3, 4, 6,
2888 8, 12, 16, 24, 32, 48,
2889 64, 96, 128, 192, 256, 384,
2890 512, 768, 1024, 1536, 2048, 3072,
2891 4096, 6144, 8192, 12288, 16384, 24576,
2892 32768, 49152, 65536, 98304, 131072, 196608,
2893 262144, 327680, 393216, 458752, 524288, 589824,
2894 655360, 720896, 786432, 851968, 917504, 983040,
2895 1048576, 1310720, 1572864, 1835008, 2097152, 2359296,
2896 2621440, 2883584, 3145728, 3407872, 3670016, 3932160 };
2897 static const unsigned char offsetbits[] =
2898 { 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4,
2899 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10,
2900 11, 11, 12, 12, 13, 13, 14, 14, 15, 15, 16, 16,
2901 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
2902 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18 };
2903 static const int offsetb_min = minimum(
2904 (int)(sizeof(offsetbases)/sizeof(offsetbases[0])),
2905 (int)(sizeof(offsetbits)/sizeof(offsetbits[0]))
2906 );
2907 static const unsigned char shortbases[] =
2908 { 0, 4, 8, 16, 32, 64, 128, 192 };
2909 static const unsigned char shortbits[] =
2910 { 2, 2, 3, 4, 5, 6, 6, 6 };
2911
2912 int symbol, offs, len, offsindex, lensymbol, i, offssymbol, lowoffsetsymbol;
2913 unsigned char newfile;
2914 struct rar *rar = (struct rar *)(a->format->data);
2915 struct rar_br *br = &(rar->br);
2916
2917 if (rar->filters.filterstart < *end)
2918 *end = rar->filters.filterstart;
2919
2920 while (1)
2921 {
2922 if(lzss_position(&rar->lzss) >= *end) {
2923 return (ARCHIVE_OK);
2924 }
2925
2926 if(rar->is_ppmd_block) {
2927 *end = lzss_position(&rar->lzss);
2928 return (ARCHIVE_OK);
2929 }
2930
2931 if ((symbol = read_next_symbol(a, &rar->maincode)) < 0)
2932 return (ARCHIVE_FATAL);
2933
2934 if (symbol < 256)
2935 {
2936 lzss_emit_literal(rar, symbol);
2937 continue;
2938 }
2939 else if (symbol == 256)
2940 {
2941 if (!rar_br_read_ahead(a, br, 1))
2942 goto truncated_data;
2943 newfile = !rar_br_bits(br, 1);
2944 rar_br_consume(br, 1);
2945
2946 if(newfile)
2947 {
2948 rar->start_new_block = 1;
2949 if (!rar_br_read_ahead(a, br, 1))
2950 goto truncated_data;
2951 rar->start_new_table = rar_br_bits(br, 1);
2952 rar_br_consume(br, 1);
2953 *end = lzss_position(&rar->lzss);
2954 return (ARCHIVE_OK);
2955 }
2956 else
2957 {
2958 if (parse_codes(a) != ARCHIVE_OK)
2959 return (ARCHIVE_FATAL);
2960 continue;
2961 }
2962 }
2963 else if(symbol==257)
2964 {
2965 if (!read_filter(a, end))
2966 return (ARCHIVE_FATAL);
2967 continue;
2968 }
2969 else if(symbol==258)
2970 {
2971 if(rar->lastlength == 0)
2972 continue;
2973
2974 offs = rar->lastoffset;
2975 len = rar->lastlength;
2976 }
2977 else if (symbol <= 262)
2978 {
2979 offsindex = symbol - 259;
2980 offs = rar->oldoffset[offsindex];
2981
2982 if ((lensymbol = read_next_symbol(a, &rar->lengthcode)) < 0)
2983 goto bad_data;
2984 if (lensymbol >= lengthb_min)
2985 goto bad_data;
2986 len = lengthbases[lensymbol] + 2;
2987 if (lengthbits[lensymbol] > 0) {
2988 if (!rar_br_read_ahead(a, br, lengthbits[lensymbol]))
2989 goto truncated_data;
2990 len += rar_br_bits(br, lengthbits[lensymbol]);
2991 rar_br_consume(br, lengthbits[lensymbol]);
2992 }
2993
2994 for (i = offsindex; i > 0; i--)
2995 rar->oldoffset[i] = rar->oldoffset[i-1];
2996 rar->oldoffset[0] = offs;
2997 }
2998 else if(symbol<=270)
2999 {
3000 offs = shortbases[symbol-263] + 1;
3001 if(shortbits[symbol-263] > 0) {
3002 if (!rar_br_read_ahead(a, br, shortbits[symbol-263]))
3003 goto truncated_data;
3004 offs += rar_br_bits(br, shortbits[symbol-263]);
3005 rar_br_consume(br, shortbits[symbol-263]);
3006 }
3007
3008 len = 2;
3009
3010 for(i = 3; i > 0; i--)
3011 rar->oldoffset[i] = rar->oldoffset[i-1];
3012 rar->oldoffset[0] = offs;
3013 }
3014 else
3015 {
3016 if (symbol-271 >= lengthb_min)
3017 goto bad_data;
3018 len = lengthbases[symbol-271]+3;
3019 if(lengthbits[symbol-271] > 0) {
3020 if (!rar_br_read_ahead(a, br, lengthbits[symbol-271]))
3021 goto truncated_data;
3022 len += rar_br_bits(br, lengthbits[symbol-271]);
3023 rar_br_consume(br, lengthbits[symbol-271]);
3024 }
3025
3026 if ((offssymbol = read_next_symbol(a, &rar->offsetcode)) < 0)
3027 goto bad_data;
3028 if (offssymbol >= offsetb_min)
3029 goto bad_data;
3030 offs = offsetbases[offssymbol]+1;
3031 if(offsetbits[offssymbol] > 0)
3032 {
3033 if(offssymbol > 9)
3034 {
3035 if(offsetbits[offssymbol] > 4) {
3036 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol] - 4))
3037 goto truncated_data;
3038 offs += rar_br_bits(br, offsetbits[offssymbol] - 4) << 4;
3039 rar_br_consume(br, offsetbits[offssymbol] - 4);
3040 }
3041
3042 if(rar->numlowoffsetrepeats > 0)
3043 {
3044 rar->numlowoffsetrepeats--;
3045 offs += rar->lastlowoffset;
3046 }
3047 else
3048 {
3049 if ((lowoffsetsymbol =
3050 read_next_symbol(a, &rar->lowoffsetcode)) < 0)
3051 return (ARCHIVE_FATAL);
3052 if(lowoffsetsymbol == 16)
3053 {
3054 rar->numlowoffsetrepeats = 15;
3055 offs += rar->lastlowoffset;
3056 }
3057 else
3058 {
3059 offs += lowoffsetsymbol;
3060 rar->lastlowoffset = lowoffsetsymbol;
3061 }
3062 }
3063 }
3064 else {
3065 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol]))
3066 goto truncated_data;
3067 offs += rar_br_bits(br, offsetbits[offssymbol]);
3068 rar_br_consume(br, offsetbits[offssymbol]);
3069 }
3070 }
3071
3072 if (offs >= 0x40000)
3073 len++;
3074 if (offs >= 0x2000)
3075 len++;
3076
3077 for(i = 3; i > 0; i--)
3078 rar->oldoffset[i] = rar->oldoffset[i-1];
3079 rar->oldoffset[0] = offs;
3080 }
3081
3082 rar->lastoffset = offs;
3083 rar->lastlength = len;
3084
3085 lzss_emit_match(rar, rar->lastoffset, rar->lastlength);
3086 }
3087 truncated_data:
3088 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3089 "Truncated RAR file data");
3090 rar->valid = 0;
3091 return (ARCHIVE_FATAL);
3092 bad_data:
3093 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3094 "Bad RAR file data");
3095 return (ARCHIVE_FATAL);
3096 }
3097
3098 static int
copy_from_lzss_window(struct archive_read * a,void * buffer,int64_t startpos,int length)3099 copy_from_lzss_window(struct archive_read *a, void *buffer,
3100 int64_t startpos, int length)
3101 {
3102 int windowoffs, firstpart;
3103 struct rar *rar = (struct rar *)(a->format->data);
3104
3105 windowoffs = lzss_offset_for_position(&rar->lzss, startpos);
3106 firstpart = lzss_size(&rar->lzss) - windowoffs;
3107 if (firstpart < 0) {
3108 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3109 "Bad RAR file data");
3110 return (ARCHIVE_FATAL);
3111 }
3112 if (firstpart < length) {
3113 memcpy(buffer, &rar->lzss.window[windowoffs], firstpart);
3114 memcpy(buffer, &rar->lzss.window[0], length - firstpart);
3115 } else {
3116 memcpy(buffer, &rar->lzss.window[windowoffs], length);
3117 }
3118 return (ARCHIVE_OK);
3119 }
3120
3121 static int
copy_from_lzss_window_to_unp(struct archive_read * a,const void ** buffer,int64_t startpos,size_t length)3122 copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer,
3123 int64_t startpos, size_t length)
3124 {
3125 int windowoffs, firstpart;
3126 struct rar *rar = (struct rar *)(a->format->data);
3127
3128 if (length > rar->unp_buffer_size)
3129 {
3130 goto fatal;
3131 }
3132
3133 if (!rar->unp_buffer)
3134 {
3135 if ((rar->unp_buffer = malloc(rar->unp_buffer_size)) == NULL)
3136 {
3137 archive_set_error(&a->archive, ENOMEM,
3138 "Unable to allocate memory for uncompressed data.");
3139 return (ARCHIVE_FATAL);
3140 }
3141 }
3142
3143 windowoffs = lzss_offset_for_position(&rar->lzss, startpos);
3144 if(windowoffs + length <= (size_t)lzss_size(&rar->lzss)) {
3145 memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs],
3146 length);
3147 } else if (length <= (size_t)lzss_size(&rar->lzss)) {
3148 firstpart = lzss_size(&rar->lzss) - windowoffs;
3149 if (firstpart < 0) {
3150 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3151 "Bad RAR file data");
3152 return (ARCHIVE_FATAL);
3153 }
3154 if ((size_t)firstpart < length) {
3155 memcpy(&rar->unp_buffer[rar->unp_offset],
3156 &rar->lzss.window[windowoffs], firstpart);
3157 memcpy(&rar->unp_buffer[rar->unp_offset + firstpart],
3158 &rar->lzss.window[0], length - firstpart);
3159 } else {
3160 memcpy(&rar->unp_buffer[rar->unp_offset],
3161 &rar->lzss.window[windowoffs], length);
3162 }
3163 } else {
3164 goto fatal;
3165 }
3166 rar->unp_offset += (unsigned int) length;
3167 if (rar->unp_offset >= rar->unp_buffer_size)
3168 *buffer = rar->unp_buffer;
3169 else
3170 *buffer = NULL;
3171 return (ARCHIVE_OK);
3172
3173 fatal:
3174 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3175 "Bad RAR file data");
3176 return (ARCHIVE_FATAL);
3177 }
3178
3179 static const void *
rar_read_ahead(struct archive_read * a,size_t min,ssize_t * avail)3180 rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
3181 {
3182 struct rar *rar = (struct rar *)(a->format->data);
3183 const void *h = __archive_read_ahead(a, min, avail);
3184 int ret;
3185 if (avail)
3186 {
3187 if (a->archive.read_data_is_posix_read && *avail > (ssize_t)a->archive.read_data_requested)
3188 *avail = a->archive.read_data_requested;
3189 if (*avail > rar->bytes_remaining)
3190 *avail = (ssize_t)rar->bytes_remaining;
3191 if (*avail < 0)
3192 return NULL;
3193 else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
3194 rar->file_flags & FHD_SPLIT_AFTER)
3195 {
3196 rar->filename_must_match = 1;
3197 ret = archive_read_format_rar_read_header(a, a->entry);
3198 if (ret == (ARCHIVE_EOF))
3199 {
3200 rar->has_endarc_header = 1;
3201 ret = archive_read_format_rar_read_header(a, a->entry);
3202 }
3203 rar->filename_must_match = 0;
3204 if (ret != (ARCHIVE_OK))
3205 return NULL;
3206 return rar_read_ahead(a, min, avail);
3207 }
3208 }
3209 return h;
3210 }
3211
3212 static int
parse_filter(struct archive_read * a,const uint8_t * bytes,uint16_t length,uint8_t flags)3213 parse_filter(struct archive_read *a, const uint8_t *bytes, uint16_t length, uint8_t flags)
3214 {
3215 struct rar *rar = (struct rar *)(a->format->data);
3216 struct rar_filters *filters = &rar->filters;
3217
3218 struct memory_bit_reader br = { 0 };
3219 struct rar_program_code *prog;
3220 struct rar_filter *filter, **nextfilter;
3221
3222 uint32_t numprogs, num, blocklength, globaldatalen;
3223 uint8_t *globaldata;
3224 size_t blockstartpos;
3225 uint32_t registers[8] = { 0 };
3226 uint32_t i;
3227
3228 br.bytes = bytes;
3229 br.length = length;
3230
3231 numprogs = 0;
3232 for (prog = filters->progs; prog; prog = prog->next)
3233 numprogs++;
3234
3235 if ((flags & 0x80))
3236 {
3237 num = membr_next_rarvm_number(&br);
3238 if (num == 0)
3239 {
3240 delete_filter(filters->stack);
3241 filters->stack = NULL;
3242 delete_program_code(filters->progs);
3243 filters->progs = NULL;
3244 }
3245 else
3246 num--;
3247 if (num > numprogs) {
3248 return 0;
3249 }
3250 filters->lastfilternum = num;
3251 }
3252 else
3253 num = filters->lastfilternum;
3254
3255 prog = filters->progs;
3256 for (i = 0; i < num; i++)
3257 prog = prog->next;
3258 if (prog)
3259 prog->usagecount++;
3260
3261 blockstartpos = membr_next_rarvm_number(&br) + (size_t)lzss_position(&rar->lzss);
3262 if ((flags & 0x40))
3263 blockstartpos += 258;
3264 if ((flags & 0x20))
3265 blocklength = membr_next_rarvm_number(&br);
3266 else
3267 blocklength = prog ? prog->oldfilterlength : 0;
3268
3269 registers[3] = PROGRAM_SYSTEM_GLOBAL_ADDRESS;
3270 registers[4] = blocklength;
3271 registers[5] = prog ? prog->usagecount : 0;
3272 registers[7] = VM_MEMORY_SIZE;
3273
3274 if ((flags & 0x10))
3275 {
3276 uint8_t mask = (uint8_t)membr_bits(&br, 7);
3277 for (i = 0; i < 7; i++)
3278 if ((mask & (1 << i)))
3279 registers[i] = membr_next_rarvm_number(&br);
3280 }
3281
3282 if (!prog)
3283 {
3284 uint32_t len = membr_next_rarvm_number(&br);
3285 uint8_t *bytecode;
3286 struct rar_program_code **next;
3287
3288 if (len == 0 || len > 0x10000)
3289 return 0;
3290 bytecode = malloc(len);
3291 if (!bytecode)
3292 return 0;
3293 for (i = 0; i < len; i++)
3294 bytecode[i] = (uint8_t)membr_bits(&br, 8);
3295 prog = compile_program(bytecode, len);
3296 if (!prog) {
3297 free(bytecode);
3298 return 0;
3299 }
3300 free(bytecode);
3301 next = &filters->progs;
3302 while (*next)
3303 next = &(*next)->next;
3304 *next = prog;
3305 }
3306 prog->oldfilterlength = blocklength;
3307
3308 globaldata = NULL;
3309 globaldatalen = 0;
3310 if ((flags & 0x08))
3311 {
3312 globaldatalen = membr_next_rarvm_number(&br);
3313 if (globaldatalen > PROGRAM_USER_GLOBAL_SIZE)
3314 return 0;
3315 globaldata = malloc(globaldatalen + PROGRAM_SYSTEM_GLOBAL_SIZE);
3316 if (!globaldata)
3317 return 0;
3318 for (i = 0; i < globaldatalen; i++)
3319 globaldata[i + PROGRAM_SYSTEM_GLOBAL_SIZE] = (uint8_t)membr_bits(&br, 8);
3320 }
3321
3322 if (br.at_eof)
3323 {
3324 free(globaldata);
3325 return 0;
3326 }
3327
3328 filter = create_filter(prog, globaldata, globaldatalen, registers, blockstartpos, blocklength);
3329 free(globaldata);
3330 if (!filter)
3331 return 0;
3332
3333 for (i = 0; i < 7; i++)
3334 archive_le32enc(&filter->globaldata[i * 4], registers[i]);
3335 archive_le32enc(&filter->globaldata[0x1C], blocklength);
3336 archive_le32enc(&filter->globaldata[0x20], 0);
3337 archive_le32enc(&filter->globaldata[0x2C], prog->usagecount);
3338
3339 nextfilter = &filters->stack;
3340 while (*nextfilter)
3341 nextfilter = &(*nextfilter)->next;
3342 *nextfilter = filter;
3343
3344 if (!filters->stack->next)
3345 filters->filterstart = blockstartpos;
3346
3347 return 1;
3348 }
3349
3350 static struct rar_filter *
create_filter(struct rar_program_code * prog,const uint8_t * globaldata,uint32_t globaldatalen,uint32_t registers[8],size_t startpos,uint32_t length)3351 create_filter(struct rar_program_code *prog, const uint8_t *globaldata, uint32_t globaldatalen, uint32_t registers[8], size_t startpos, uint32_t length)
3352 {
3353 struct rar_filter *filter;
3354
3355 filter = calloc(1, sizeof(*filter));
3356 if (!filter)
3357 return NULL;
3358 filter->prog = prog;
3359 filter->globaldatalen = globaldatalen > PROGRAM_SYSTEM_GLOBAL_SIZE ? globaldatalen : PROGRAM_SYSTEM_GLOBAL_SIZE;
3360 filter->globaldata = calloc(1, filter->globaldatalen);
3361 if (!filter->globaldata)
3362 {
3363 free(filter);
3364 return NULL;
3365 }
3366 if (globaldata)
3367 memcpy(filter->globaldata, globaldata, globaldatalen);
3368 if (registers)
3369 memcpy(filter->initialregisters, registers, sizeof(filter->initialregisters));
3370 filter->blockstartpos = startpos;
3371 filter->blocklength = length;
3372
3373 return filter;
3374 }
3375
3376 static int
run_filters(struct archive_read * a)3377 run_filters(struct archive_read *a)
3378 {
3379 struct rar *rar = (struct rar *)(a->format->data);
3380 struct rar_filters *filters = &rar->filters;
3381 struct rar_filter *filter = filters->stack;
3382 struct rar_filter *f;
3383 size_t start, end;
3384 int64_t tend;
3385 uint32_t lastfilteraddress;
3386 uint32_t lastfilterlength;
3387 int ret;
3388
3389 if (filters == NULL || filter == NULL)
3390 return (0);
3391
3392 start = (size_t)filters->filterstart;
3393 end = start + filter->blocklength;
3394
3395 filters->filterstart = INT64_MAX;
3396 tend = (int64_t)end;
3397 ret = expand(a, &tend);
3398 if (ret != ARCHIVE_OK)
3399 return 0;
3400
3401 /* Check if filter stack was modified in expand() */
3402 ret = ARCHIVE_FATAL;
3403 f = filters->stack;
3404 while (f)
3405 {
3406 if (f == filter)
3407 {
3408 ret = ARCHIVE_OK;
3409 break;
3410 }
3411 f = f->next;
3412 }
3413 if (ret != ARCHIVE_OK)
3414 return 0;
3415
3416 if (tend < 0)
3417 return 0;
3418 end = (size_t)tend;
3419 if (end != start + filter->blocklength)
3420 return 0;
3421
3422 if (!filters->vm)
3423 {
3424 filters->vm = calloc(1, sizeof(*filters->vm));
3425 if (!filters->vm)
3426 return 0;
3427 }
3428
3429 if (filter->blocklength > VM_MEMORY_SIZE)
3430 {
3431 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
3432 return 0;
3433 }
3434
3435 ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
3436 if (ret != ARCHIVE_OK)
3437 return 0;
3438 if (!execute_filter(a, filter, filters->vm, (size_t)rar->offset))
3439 return 0;
3440
3441 lastfilteraddress = filter->filteredblockaddress;
3442 lastfilterlength = filter->filteredblocklength;
3443 filters->stack = filter->next;
3444 filter->next = NULL;
3445 delete_filter(filter);
3446
3447 while ((filter = filters->stack) != NULL && (int64_t)filter->blockstartpos == filters->filterstart && filter->blocklength == lastfilterlength)
3448 {
3449 memmove(&filters->vm->memory[0], &filters->vm->memory[lastfilteraddress], lastfilterlength);
3450 if (!execute_filter(a, filter, filters->vm, (size_t)rar->offset))
3451 return 0;
3452
3453 lastfilteraddress = filter->filteredblockaddress;
3454 lastfilterlength = filter->filteredblocklength;
3455 filters->stack = filter->next;
3456 filter->next = NULL;
3457 delete_filter(filter);
3458 }
3459
3460 if (filters->stack)
3461 {
3462 if (filters->stack->blockstartpos < end)
3463 return 0;
3464 filters->filterstart = filters->stack->blockstartpos;
3465 }
3466
3467 filters->lastend = end;
3468 filters->bytes = &filters->vm->memory[lastfilteraddress];
3469 filters->bytes_ready = lastfilterlength;
3470
3471 return 1;
3472 }
3473
3474 static struct rar_program_code *
compile_program(const uint8_t * bytes,size_t length)3475 compile_program(const uint8_t *bytes, size_t length)
3476 {
3477 struct memory_bit_reader br = { 0 };
3478 struct rar_program_code *prog;
3479 // uint32_t instrcount = 0;
3480 uint8_t xor;
3481 size_t i;
3482
3483 xor = 0;
3484 for (i = 1; i < length; i++)
3485 xor ^= bytes[i];
3486 if (!length || xor != bytes[0])
3487 return NULL;
3488
3489 br.bytes = bytes;
3490 br.length = length;
3491 br.offset = 1;
3492
3493 prog = calloc(1, sizeof(*prog));
3494 if (!prog)
3495 return NULL;
3496 prog->fingerprint = crc32(0, bytes, (unsigned int)length) | ((uint64_t)length << 32);
3497
3498 if (membr_bits(&br, 1))
3499 {
3500 prog->staticdatalen = membr_next_rarvm_number(&br) + 1;
3501 prog->staticdata = malloc(prog->staticdatalen);
3502 if (!prog->staticdata)
3503 {
3504 delete_program_code(prog);
3505 return NULL;
3506 }
3507 for (i = 0; i < prog->staticdatalen; i++)
3508 prog->staticdata[i] = (uint8_t)membr_bits(&br, 8);
3509 }
3510
3511 return prog;
3512 }
3513
3514 static void
delete_filter(struct rar_filter * filter)3515 delete_filter(struct rar_filter *filter)
3516 {
3517 while (filter)
3518 {
3519 struct rar_filter *next = filter->next;
3520 free(filter->globaldata);
3521 free(filter);
3522 filter = next;
3523 }
3524 }
3525
3526 static void
clear_filters(struct rar_filters * filters)3527 clear_filters(struct rar_filters *filters)
3528 {
3529 delete_filter(filters->stack);
3530 delete_program_code(filters->progs);
3531 free(filters->vm);
3532 }
3533
3534 static void
delete_program_code(struct rar_program_code * prog)3535 delete_program_code(struct rar_program_code *prog)
3536 {
3537 while (prog)
3538 {
3539 struct rar_program_code *next = prog->next;
3540 free(prog->staticdata);
3541 free(prog->globalbackup);
3542 free(prog);
3543 prog = next;
3544 }
3545 }
3546
3547 static uint32_t
membr_next_rarvm_number(struct memory_bit_reader * br)3548 membr_next_rarvm_number(struct memory_bit_reader *br)
3549 {
3550 uint32_t val;
3551 switch (membr_bits(br, 2))
3552 {
3553 case 0:
3554 return membr_bits(br, 4);
3555 case 1:
3556 val = membr_bits(br, 8);
3557 if (val >= 16)
3558 return val;
3559 return 0xFFFFFF00 | (val << 4) | membr_bits(br, 4);
3560 case 2:
3561 return membr_bits(br, 16);
3562 default:
3563 return membr_bits(br, 32);
3564 }
3565 }
3566
3567 static inline uint32_t
membr_bits(struct memory_bit_reader * br,int bits)3568 membr_bits(struct memory_bit_reader *br, int bits)
3569 {
3570 if (bits > br->available && (br->at_eof || !membr_fill(br, bits)))
3571 return 0;
3572 return (uint32_t)((br->bits >> (br->available -= bits)) & (((uint64_t)1 << bits) - 1));
3573 }
3574
3575 static int
membr_fill(struct memory_bit_reader * br,int bits)3576 membr_fill(struct memory_bit_reader *br, int bits)
3577 {
3578 while (br->available < bits && br->offset < br->length)
3579 {
3580 br->bits = (br->bits << 8) | br->bytes[br->offset++];
3581 br->available += 8;
3582 }
3583 if (bits > br->available)
3584 {
3585 br->at_eof = 1;
3586 return 0;
3587 }
3588 return 1;
3589 }
3590
3591 static int
read_filter(struct archive_read * a,int64_t * end)3592 read_filter(struct archive_read *a, int64_t *end)
3593 {
3594 struct rar *rar = (struct rar *)(a->format->data);
3595 uint8_t flags, val, *code;
3596 uint16_t length, i;
3597
3598 if (!rar_decode_byte(a, &flags))
3599 return 0;
3600 length = (flags & 0x07) + 1;
3601 if (length == 7)
3602 {
3603 if (!rar_decode_byte(a, &val))
3604 return 0;
3605 length = val + 7;
3606 }
3607 else if (length == 8)
3608 {
3609 if (!rar_decode_byte(a, &val))
3610 return 0;
3611 length = val << 8;
3612 if (!rar_decode_byte(a, &val))
3613 return 0;
3614 length |= val;
3615 }
3616
3617 code = malloc(length);
3618 if (!code)
3619 return 0;
3620 for (i = 0; i < length; i++)
3621 {
3622 if (!rar_decode_byte(a, &code[i]))
3623 {
3624 free(code);
3625 return 0;
3626 }
3627 }
3628 if (!parse_filter(a, code, length, flags))
3629 {
3630 free(code);
3631 return 0;
3632 }
3633 free(code);
3634
3635 if (rar->filters.filterstart < *end)
3636 *end = rar->filters.filterstart;
3637
3638 return 1;
3639 }
3640
3641 static int
execute_filter_delta(struct rar_filter * filter,struct rar_virtual_machine * vm)3642 execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm)
3643 {
3644 uint32_t length = filter->initialregisters[4];
3645 uint32_t numchannels = filter->initialregisters[0];
3646 uint8_t *src, *dst;
3647 uint32_t i, idx;
3648
3649 if (length > PROGRAM_WORK_SIZE / 2)
3650 return 0;
3651
3652 src = &vm->memory[0];
3653 dst = &vm->memory[length];
3654 for (i = 0; i < numchannels; i++)
3655 {
3656 uint8_t lastbyte = 0;
3657 for (idx = i; idx < length; idx += numchannels)
3658 {
3659 /*
3660 * The src block should not overlap with the dst block.
3661 * If so it would be better to consider this archive is broken.
3662 */
3663 if (src >= dst)
3664 return 0;
3665 lastbyte = dst[idx] = lastbyte - *src++;
3666 }
3667 }
3668
3669 filter->filteredblockaddress = length;
3670 filter->filteredblocklength = length;
3671
3672 return 1;
3673 }
3674
3675 static int
execute_filter_e8(struct rar_filter * filter,struct rar_virtual_machine * vm,size_t pos,int e9also)3676 execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos, int e9also)
3677 {
3678 uint32_t length = filter->initialregisters[4];
3679 uint32_t filesize = 0x1000000;
3680 uint32_t i;
3681
3682 if (length > PROGRAM_WORK_SIZE || length <= 4)
3683 return 0;
3684
3685 for (i = 0; i <= length - 5; i++)
3686 {
3687 if (vm->memory[i] == 0xE8 || (e9also && vm->memory[i] == 0xE9))
3688 {
3689 uint32_t currpos = (uint32_t)pos + i + 1;
3690 int32_t address = (int32_t)vm_read_32(vm, i + 1);
3691 if (address < 0 && currpos >= (~(uint32_t)address + 1))
3692 vm_write_32(vm, i + 1, address + filesize);
3693 else if (address >= 0 && (uint32_t)address < filesize)
3694 vm_write_32(vm, i + 1, address - currpos);
3695 i += 4;
3696 }
3697 }
3698
3699 filter->filteredblockaddress = 0;
3700 filter->filteredblocklength = length;
3701
3702 return 1;
3703 }
3704
3705 static int
execute_filter_rgb(struct rar_filter * filter,struct rar_virtual_machine * vm)3706 execute_filter_rgb(struct rar_filter *filter, struct rar_virtual_machine *vm)
3707 {
3708 uint32_t stride = filter->initialregisters[0];
3709 uint32_t byteoffset = filter->initialregisters[1];
3710 uint32_t blocklength = filter->initialregisters[4];
3711 uint8_t *src, *dst;
3712 uint32_t i, j;
3713
3714 if (blocklength > PROGRAM_WORK_SIZE / 2 || stride > blocklength || blocklength < 3 || byteoffset > 2)
3715 return 0;
3716
3717 src = &vm->memory[0];
3718 dst = &vm->memory[blocklength];
3719 for (i = 0; i < 3; i++) {
3720 uint8_t byte = 0;
3721 uint8_t *prev = dst + i - stride;
3722 for (j = i; j < blocklength; j += 3)
3723 {
3724 /*
3725 * The src block should not overlap with the dst block.
3726 * If so it would be better to consider this archive is broken.
3727 */
3728 if (src >= dst)
3729 return 0;
3730
3731 if (prev >= dst)
3732 {
3733 uint32_t delta1 = abs(prev[3] - prev[0]);
3734 uint32_t delta2 = abs(byte - prev[0]);
3735 uint32_t delta3 = abs(prev[3] - prev[0] + byte - prev[0]);
3736 if (delta1 > delta2 || delta1 > delta3)
3737 byte = delta2 <= delta3 ? prev[3] : prev[0];
3738 }
3739 byte -= *src++;
3740 dst[j] = byte;
3741 prev += 3;
3742 }
3743 }
3744 for (i = byteoffset; i < blocklength - 2; i += 3)
3745 {
3746 dst[i] += dst[i + 1];
3747 dst[i + 2] += dst[i + 1];
3748 }
3749
3750 filter->filteredblockaddress = blocklength;
3751 filter->filteredblocklength = blocklength;
3752
3753 return 1;
3754 }
3755
3756 static int
execute_filter_audio(struct rar_filter * filter,struct rar_virtual_machine * vm)3757 execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm)
3758 {
3759 uint32_t length = filter->initialregisters[4];
3760 uint32_t numchannels = filter->initialregisters[0];
3761 uint8_t *src, *dst;
3762 uint32_t i, j;
3763
3764 if (length > PROGRAM_WORK_SIZE / 2)
3765 return 0;
3766
3767 src = &vm->memory[0];
3768 dst = &vm->memory[length];
3769 for (i = 0; i < numchannels; i++)
3770 {
3771 struct audio_state state;
3772 memset(&state, 0, sizeof(state));
3773 for (j = i; j < length; j += numchannels)
3774 {
3775 /*
3776 * The src block should not overlap with the dst block.
3777 * If so it would be better to consider this archive is broken.
3778 */
3779 if (src >= dst)
3780 return 0;
3781
3782 int8_t delta = (int8_t)*src++;
3783 uint8_t predbyte, byte;
3784 int prederror;
3785 state.delta[2] = state.delta[1];
3786 state.delta[1] = state.lastdelta - state.delta[0];
3787 state.delta[0] = state.lastdelta;
3788 predbyte = ((8 * state.lastbyte + state.weight[0] * state.delta[0] + state.weight[1] * state.delta[1] + state.weight[2] * state.delta[2]) >> 3) & 0xFF;
3789 byte = (predbyte - delta) & 0xFF;
3790 prederror = delta << 3;
3791 state.error[0] += abs(prederror);
3792 state.error[1] += abs(prederror - state.delta[0]); state.error[2] += abs(prederror + state.delta[0]);
3793 state.error[3] += abs(prederror - state.delta[1]); state.error[4] += abs(prederror + state.delta[1]);
3794 state.error[5] += abs(prederror - state.delta[2]); state.error[6] += abs(prederror + state.delta[2]);
3795 state.lastdelta = (int8_t)(byte - state.lastbyte);
3796 dst[j] = state.lastbyte = byte;
3797 if (!(state.count++ & 0x1F))
3798 {
3799 uint8_t k, idx = 0;
3800 for (k = 1; k < 7; k++)
3801 {
3802 if (state.error[k] < state.error[idx])
3803 idx = k;
3804 }
3805 memset(state.error, 0, sizeof(state.error));
3806 switch (idx)
3807 {
3808 case 1: if (state.weight[0] >= -16) state.weight[0]--; break;
3809 case 2: if (state.weight[0] < 16) state.weight[0]++; break;
3810 case 3: if (state.weight[1] >= -16) state.weight[1]--; break;
3811 case 4: if (state.weight[1] < 16) state.weight[1]++; break;
3812 case 5: if (state.weight[2] >= -16) state.weight[2]--; break;
3813 case 6: if (state.weight[2] < 16) state.weight[2]++; break;
3814 }
3815 }
3816 }
3817 }
3818
3819 filter->filteredblockaddress = length;
3820 filter->filteredblocklength = length;
3821
3822 return 1;
3823 }
3824
3825
3826 static int
execute_filter(struct archive_read * a,struct rar_filter * filter,struct rar_virtual_machine * vm,size_t pos)3827 execute_filter(struct archive_read *a, struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos)
3828 {
3829 if (filter->prog->fingerprint == 0x1D0E06077D)
3830 return execute_filter_delta(filter, vm);
3831 if (filter->prog->fingerprint == 0x35AD576887)
3832 return execute_filter_e8(filter, vm, pos, 0);
3833 if (filter->prog->fingerprint == 0x393CD7E57E)
3834 return execute_filter_e8(filter, vm, pos, 1);
3835 if (filter->prog->fingerprint == 0x951C2C5DC8)
3836 return execute_filter_rgb(filter, vm);
3837 if (filter->prog->fingerprint == 0xD8BC85E701)
3838 return execute_filter_audio(filter, vm);
3839
3840 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "No support for RAR VM program filter");
3841 return 0;
3842 }
3843
3844 static int
rar_decode_byte(struct archive_read * a,uint8_t * byte)3845 rar_decode_byte(struct archive_read *a, uint8_t *byte)
3846 {
3847 struct rar *rar = (struct rar *)(a->format->data);
3848 struct rar_br *br = &(rar->br);
3849 if (!rar_br_read_ahead(a, br, 8))
3850 return 0;
3851 *byte = (uint8_t)rar_br_bits(br, 8);
3852 rar_br_consume(br, 8);
3853 return 1;
3854 }
3855
3856 static inline void
vm_write_32(struct rar_virtual_machine * vm,size_t offset,uint32_t u32)3857 vm_write_32(struct rar_virtual_machine* vm, size_t offset, uint32_t u32)
3858 {
3859 archive_le32enc(vm->memory + offset, u32);
3860 }
3861
3862 static inline uint32_t
vm_read_32(struct rar_virtual_machine * vm,size_t offset)3863 vm_read_32(struct rar_virtual_machine* vm, size_t offset)
3864 {
3865 return archive_le32dec(vm->memory + offset);
3866 }
3867