1 /*- 2 * Copyright (c) 2003-2007 Tim Kientzle 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 #include "bsdtar_platform.h" 27 __FBSDID("$FreeBSD$"); 28 29 #ifdef HAVE_SYS_STAT_H 30 #include <sys/stat.h> 31 #endif 32 #ifdef HAVE_SYS_TYPES_H 33 #include <sys/types.h> /* Linux doesn't define mode_t, etc. in sys/stat.h. */ 34 #endif 35 #include <ctype.h> 36 #ifdef HAVE_ERRNO_H 37 #include <errno.h> 38 #endif 39 #ifdef HAVE_IO_H 40 #include <io.h> 41 #endif 42 #ifdef HAVE_STDARG_H 43 #include <stdarg.h> 44 #endif 45 #ifdef HAVE_STDINT_H 46 #include <stdint.h> 47 #endif 48 #include <stdio.h> 49 #ifdef HAVE_STDLIB_H 50 #include <stdlib.h> 51 #endif 52 #ifdef HAVE_STRING_H 53 #include <string.h> 54 #endif 55 #ifdef HAVE_WCTYPE_H 56 #include <wctype.h> 57 #else 58 /* If we don't have wctype, we need to hack up some version of iswprint(). */ 59 #define iswprint isprint 60 #endif 61 62 #include "bsdtar.h" 63 #include "err.h" 64 65 static size_t bsdtar_expand_char(char *, size_t, char); 66 static const char *strip_components(const char *path, int elements); 67 68 #if defined(_WIN32) && !defined(__CYGWIN__) 69 #define read _read 70 #endif 71 72 /* TODO: Hack up a version of mbtowc for platforms with no wide 73 * character support at all. I think the following might suffice, 74 * but it needs careful testing. 75 * #if !HAVE_MBTOWC 76 * #define mbtowc(wcp, p, n) ((*wcp = *p), 1) 77 * #endif 78 */ 79 80 /* 81 * Print a string, taking care with any non-printable characters. 82 * 83 * Note that we use a stack-allocated buffer to receive the formatted 84 * string if we can. This is partly performance (avoiding a call to 85 * malloc()), partly out of expedience (we have to call vsnprintf() 86 * before malloc() anyway to find out how big a buffer we need; we may 87 * as well point that first call at a small local buffer in case it 88 * works), but mostly for safety (so we can use this to print messages 89 * about out-of-memory conditions). 90 */ 91 92 void 93 safe_fprintf(FILE *f, const char *fmt, ...) 94 { 95 char fmtbuff_stack[256]; /* Place to format the printf() string. */ 96 char outbuff[256]; /* Buffer for outgoing characters. */ 97 char *fmtbuff_heap; /* If fmtbuff_stack is too small, we use malloc */ 98 char *fmtbuff; /* Pointer to fmtbuff_stack or fmtbuff_heap. */ 99 int fmtbuff_length; 100 int length, n; 101 va_list ap; 102 const char *p; 103 unsigned i; 104 wchar_t wc; 105 char try_wc; 106 107 /* Use a stack-allocated buffer if we can, for speed and safety. */ 108 fmtbuff_heap = NULL; 109 fmtbuff_length = sizeof(fmtbuff_stack); 110 fmtbuff = fmtbuff_stack; 111 112 /* Try formatting into the stack buffer. */ 113 va_start(ap, fmt); 114 length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap); 115 va_end(ap); 116 117 /* If the result was too large, allocate a buffer on the heap. */ 118 while (length < 0 || length >= fmtbuff_length) { 119 if (length >= fmtbuff_length) 120 fmtbuff_length = length+1; 121 else if (fmtbuff_length < 8192) 122 fmtbuff_length *= 2; 123 else if (fmtbuff_length < 1000000) 124 fmtbuff_length += fmtbuff_length / 4; 125 else { 126 length = fmtbuff_length; 127 fmtbuff_heap[length-1] = '\0'; 128 break; 129 } 130 free(fmtbuff_heap); 131 fmtbuff_heap = malloc(fmtbuff_length); 132 133 /* Reformat the result into the heap buffer if we can. */ 134 if (fmtbuff_heap != NULL) { 135 fmtbuff = fmtbuff_heap; 136 va_start(ap, fmt); 137 length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap); 138 va_end(ap); 139 } else { 140 /* Leave fmtbuff pointing to the truncated 141 * string in fmtbuff_stack. */ 142 length = sizeof(fmtbuff_stack) - 1; 143 break; 144 } 145 } 146 147 /* Note: mbrtowc() has a cleaner API, but mbtowc() seems a bit 148 * more portable, so we use that here instead. */ 149 if (mbtowc(NULL, NULL, 1) == -1) { /* Reset the shift state. */ 150 /* mbtowc() should never fail in practice, but 151 * handle the theoretical error anyway. */ 152 free(fmtbuff_heap); 153 return; 154 } 155 156 /* Write data, expanding unprintable characters. */ 157 p = fmtbuff; 158 i = 0; 159 try_wc = 1; 160 while (*p != '\0') { 161 162 /* Convert to wide char, test if the wide 163 * char is printable in the current locale. */ 164 if (try_wc && (n = mbtowc(&wc, p, length)) != -1) { 165 length -= n; 166 if (iswprint(wc) && wc != L'\\') { 167 /* Printable, copy the bytes through. */ 168 while (n-- > 0) 169 outbuff[i++] = *p++; 170 } else { 171 /* Not printable, format the bytes. */ 172 while (n-- > 0) 173 i += (unsigned)bsdtar_expand_char( 174 outbuff, i, *p++); 175 } 176 } else { 177 /* After any conversion failure, don't bother 178 * trying to convert the rest. */ 179 i += (unsigned)bsdtar_expand_char(outbuff, i, *p++); 180 try_wc = 0; 181 } 182 183 /* If our output buffer is full, dump it and keep going. */ 184 if (i > (sizeof(outbuff) - 20)) { 185 outbuff[i] = '\0'; 186 fprintf(f, "%s", outbuff); 187 i = 0; 188 } 189 } 190 outbuff[i] = '\0'; 191 fprintf(f, "%s", outbuff); 192 193 /* If we allocated a heap-based formatting buffer, free it now. */ 194 free(fmtbuff_heap); 195 } 196 197 /* 198 * Render an arbitrary sequence of bytes into printable ASCII characters. 199 */ 200 static size_t 201 bsdtar_expand_char(char *buff, size_t offset, char c) 202 { 203 size_t i = offset; 204 205 if (isprint((unsigned char)c) && c != '\\') 206 buff[i++] = c; 207 else { 208 buff[i++] = '\\'; 209 switch (c) { 210 case '\a': buff[i++] = 'a'; break; 211 case '\b': buff[i++] = 'b'; break; 212 case '\f': buff[i++] = 'f'; break; 213 case '\n': buff[i++] = 'n'; break; 214 #if '\r' != '\n' 215 /* On some platforms, \n and \r are the same. */ 216 case '\r': buff[i++] = 'r'; break; 217 #endif 218 case '\t': buff[i++] = 't'; break; 219 case '\v': buff[i++] = 'v'; break; 220 case '\\': buff[i++] = '\\'; break; 221 default: 222 sprintf(buff + i, "%03o", 0xFF & (int)c); 223 i += 3; 224 } 225 } 226 227 return (i - offset); 228 } 229 230 int 231 yes(const char *fmt, ...) 232 { 233 char buff[32]; 234 char *p; 235 ssize_t l; 236 237 va_list ap; 238 va_start(ap, fmt); 239 vfprintf(stderr, fmt, ap); 240 va_end(ap); 241 fprintf(stderr, " (y/N)? "); 242 fflush(stderr); 243 244 l = read(2, buff, sizeof(buff) - 1); 245 if (l < 0) { 246 fprintf(stderr, "Keyboard read failed\n"); 247 exit(1); 248 } 249 if (l == 0) 250 return (0); 251 buff[l] = 0; 252 253 for (p = buff; *p != '\0'; p++) { 254 if (isspace((unsigned char)*p)) 255 continue; 256 switch(*p) { 257 case 'y': case 'Y': 258 return (1); 259 case 'n': case 'N': 260 return (0); 261 default: 262 return (0); 263 } 264 } 265 266 return (0); 267 } 268 269 /*- 270 * The logic here for -C <dir> attempts to avoid 271 * chdir() as long as possible. For example: 272 * "-C /foo -C /bar file" needs chdir("/bar") but not chdir("/foo") 273 * "-C /foo -C bar file" needs chdir("/foo/bar") 274 * "-C /foo -C bar /file1" does not need chdir() 275 * "-C /foo -C bar /file1 file2" needs chdir("/foo/bar") before file2 276 * 277 * The only correct way to handle this is to record a "pending" chdir 278 * request and combine multiple requests intelligently until we 279 * need to process a non-absolute file. set_chdir() adds the new dir 280 * to the pending list; do_chdir() actually executes any pending chdir. 281 * 282 * This way, programs that build tar command lines don't have to worry 283 * about -C with non-existent directories; such requests will only 284 * fail if the directory must be accessed. 285 * 286 */ 287 void 288 set_chdir(struct bsdtar *bsdtar, const char *newdir) 289 { 290 #if defined(_WIN32) && !defined(__CYGWIN__) 291 if (newdir[0] == '/' || newdir[0] == '\\' || 292 /* Detect this type, for example, "C:\" or "C:/" */ 293 (((newdir[0] >= 'a' && newdir[0] <= 'z') || 294 (newdir[0] >= 'A' && newdir[0] <= 'Z')) && 295 newdir[1] == ':' && (newdir[2] == '/' || newdir[2] == '\\'))) { 296 #else 297 if (newdir[0] == '/') { 298 #endif 299 /* The -C /foo -C /bar case; dump first one. */ 300 free(bsdtar->pending_chdir); 301 bsdtar->pending_chdir = NULL; 302 } 303 if (bsdtar->pending_chdir == NULL) 304 /* Easy case: no previously-saved dir. */ 305 bsdtar->pending_chdir = strdup(newdir); 306 else { 307 /* The -C /foo -C bar case; concatenate */ 308 char *old_pending = bsdtar->pending_chdir; 309 size_t old_len = strlen(old_pending); 310 bsdtar->pending_chdir = malloc(old_len + strlen(newdir) + 2); 311 if (old_pending[old_len - 1] == '/') 312 old_pending[old_len - 1] = '\0'; 313 if (bsdtar->pending_chdir != NULL) 314 sprintf(bsdtar->pending_chdir, "%s/%s", 315 old_pending, newdir); 316 free(old_pending); 317 } 318 if (bsdtar->pending_chdir == NULL) 319 lafe_errc(1, errno, "No memory"); 320 } 321 322 void 323 do_chdir(struct bsdtar *bsdtar) 324 { 325 if (bsdtar->pending_chdir == NULL) 326 return; 327 328 if (chdir(bsdtar->pending_chdir) != 0) { 329 lafe_errc(1, 0, "could not chdir to '%s'\n", 330 bsdtar->pending_chdir); 331 } 332 free(bsdtar->pending_chdir); 333 bsdtar->pending_chdir = NULL; 334 } 335 336 static const char * 337 strip_components(const char *p, int elements) 338 { 339 /* Skip as many elements as necessary. */ 340 while (elements > 0) { 341 switch (*p++) { 342 case '/': 343 #if defined(_WIN32) && !defined(__CYGWIN__) 344 case '\\': /* Support \ path sep on Windows ONLY. */ 345 #endif 346 elements--; 347 break; 348 case '\0': 349 /* Path is too short, skip it. */ 350 return (NULL); 351 } 352 } 353 354 /* Skip any / characters. This handles short paths that have 355 * additional / termination. This also handles the case where 356 * the logic above stops in the middle of a duplicate // 357 * sequence (which would otherwise get converted to an 358 * absolute path). */ 359 for (;;) { 360 switch (*p) { 361 case '/': 362 #if defined(_WIN32) && !defined(__CYGWIN__) 363 case '\\': /* Support \ path sep on Windows ONLY. */ 364 #endif 365 ++p; 366 break; 367 case '\0': 368 return (NULL); 369 default: 370 return (p); 371 } 372 } 373 } 374 375 static const char* 376 strip_leading_slashes(const char *p) 377 { 378 379 /* Remove leading "/../", "//", etc. */ 380 while (p[0] == '/' || p[0] == '\\') { 381 if (p[1] == '.' && p[2] == '.' && ( 382 p[3] == '/' || p[3] == '\\')) { 383 p += 3; /* Remove "/..", leave "/" for next pass. */ 384 } else 385 p += 1; /* Remove "/". */ 386 } 387 return (p); 388 } 389 390 /* 391 * Handle --strip-components and any future path-rewriting options. 392 * Returns non-zero if the pathname should not be extracted. 393 * 394 * TODO: Support pax-style regex path rewrites. 395 */ 396 int 397 edit_pathname(struct bsdtar *bsdtar, struct archive_entry *entry) 398 { 399 const char *name = archive_entry_pathname(entry); 400 #if defined(HAVE_REGEX_H) || defined(HAVE_PCREPOSIX_H) 401 char *subst_name; 402 int r; 403 404 r = apply_substitution(bsdtar, name, &subst_name, 0, 0); 405 if (r == -1) { 406 lafe_warnc(0, "Invalid substitution, skipping entry"); 407 return 1; 408 } 409 if (r == 1) { 410 archive_entry_copy_pathname(entry, subst_name); 411 if (*subst_name == '\0') { 412 free(subst_name); 413 return -1; 414 } else 415 free(subst_name); 416 name = archive_entry_pathname(entry); 417 } 418 419 if (archive_entry_hardlink(entry)) { 420 r = apply_substitution(bsdtar, archive_entry_hardlink(entry), &subst_name, 0, 1); 421 if (r == -1) { 422 lafe_warnc(0, "Invalid substitution, skipping entry"); 423 return 1; 424 } 425 if (r == 1) { 426 archive_entry_copy_hardlink(entry, subst_name); 427 free(subst_name); 428 } 429 } 430 if (archive_entry_symlink(entry) != NULL) { 431 r = apply_substitution(bsdtar, archive_entry_symlink(entry), &subst_name, 1, 0); 432 if (r == -1) { 433 lafe_warnc(0, "Invalid substitution, skipping entry"); 434 return 1; 435 } 436 if (r == 1) { 437 archive_entry_copy_symlink(entry, subst_name); 438 free(subst_name); 439 } 440 } 441 #endif 442 443 /* Strip leading dir names as per --strip-components option. */ 444 if (bsdtar->strip_components > 0) { 445 const char *linkname = archive_entry_hardlink(entry); 446 447 name = strip_components(name, bsdtar->strip_components); 448 if (name == NULL) 449 return (1); 450 451 if (linkname != NULL) { 452 linkname = strip_components(linkname, 453 bsdtar->strip_components); 454 if (linkname == NULL) 455 return (1); 456 archive_entry_copy_hardlink(entry, linkname); 457 } 458 } 459 460 /* By default, don't write or restore absolute pathnames. */ 461 if (!bsdtar->option_absolute_paths) { 462 const char *rp, *p = name; 463 int slashonly = 1; 464 465 /* Remove leading "//./" or "//?/" or "//?/UNC/" 466 * (absolute path prefixes used by Windows API) */ 467 if ((p[0] == '/' || p[0] == '\\') && 468 (p[1] == '/' || p[1] == '\\') && 469 (p[2] == '.' || p[2] == '?') && 470 (p[3] == '/' || p[3] == '\\')) 471 { 472 if (p[2] == '?' && 473 (p[4] == 'U' || p[4] == 'u') && 474 (p[5] == 'N' || p[5] == 'n') && 475 (p[6] == 'C' || p[6] == 'c') && 476 (p[7] == '/' || p[7] == '\\')) 477 p += 8; 478 else 479 p += 4; 480 slashonly = 0; 481 } 482 do { 483 rp = p; 484 /* Remove leading drive letter from archives created 485 * on Windows. */ 486 if (((p[0] >= 'a' && p[0] <= 'z') || 487 (p[0] >= 'A' && p[0] <= 'Z')) && 488 p[1] == ':') { 489 p += 2; 490 slashonly = 0; 491 } 492 p = strip_leading_slashes(p); 493 } while (rp != p); 494 495 if (p != name && !bsdtar->warned_lead_slash) { 496 /* Generate a warning the first time this happens. */ 497 if (slashonly) 498 lafe_warnc(0, 499 "Removing leading '%c' from member names", 500 name[0]); 501 else 502 lafe_warnc(0, 503 "Removing leading drive letter from " 504 "member names"); 505 bsdtar->warned_lead_slash = 1; 506 } 507 508 /* Special case: Stripping everything yields ".". */ 509 if (*p == '\0') 510 name = "."; 511 else 512 name = p; 513 514 p = archive_entry_hardlink(entry); 515 if (p != NULL) { 516 rp = strip_leading_slashes(p); 517 if (rp == '\0') 518 return (1); 519 if (rp != p) { 520 char *linkname = strdup(rp); 521 522 archive_entry_copy_hardlink(entry, linkname); 523 free(linkname); 524 } 525 } 526 } else { 527 /* Strip redundant leading '/' characters. */ 528 while (name[0] == '/' && name[1] == '/') 529 name++; 530 } 531 532 /* Safely replace name in archive_entry. */ 533 if (name != archive_entry_pathname(entry)) { 534 char *q = strdup(name); 535 archive_entry_copy_pathname(entry, q); 536 free(q); 537 } 538 return (0); 539 } 540 541 /* 542 * It would be nice to just use printf() for formatting large numbers, 543 * but the compatibility problems are quite a headache. Hence the 544 * following simple utility function. 545 */ 546 const char * 547 tar_i64toa(int64_t n0) 548 { 549 static char buff[24]; 550 uint64_t n = n0 < 0 ? -n0 : n0; 551 char *p = buff + sizeof(buff); 552 553 *--p = '\0'; 554 do { 555 *--p = '0' + (int)(n % 10); 556 } while (n /= 10); 557 if (n0 < 0) 558 *--p = '-'; 559 return p; 560 } 561 562 /* 563 * Like strcmp(), but try to be a little more aware of the fact that 564 * we're comparing two paths. Right now, it just handles leading 565 * "./" and trailing '/' specially, so that "a/b/" == "./a/b" 566 * 567 * TODO: Make this better, so that "./a//b/./c/" == "a/b/c" 568 * TODO: After this works, push it down into libarchive. 569 * TODO: Publish the path normalization routines in libarchive so 570 * that bsdtar can normalize paths and use fast strcmp() instead 571 * of this. 572 * 573 * Note: This is currently only used within write.c, so should 574 * not handle \ path separators. 575 */ 576 577 int 578 pathcmp(const char *a, const char *b) 579 { 580 /* Skip leading './' */ 581 if (a[0] == '.' && a[1] == '/' && a[2] != '\0') 582 a += 2; 583 if (b[0] == '.' && b[1] == '/' && b[2] != '\0') 584 b += 2; 585 /* Find the first difference, or return (0) if none. */ 586 while (*a == *b) { 587 if (*a == '\0') 588 return (0); 589 a++; 590 b++; 591 } 592 /* 593 * If one ends in '/' and the other one doesn't, 594 * they're the same. 595 */ 596 if (a[0] == '/' && a[1] == '\0' && b[0] == '\0') 597 return (0); 598 if (a[0] == '\0' && b[0] == '/' && b[1] == '\0') 599 return (0); 600 /* They're really different, return the correct sign. */ 601 return (*(const unsigned char *)a - *(const unsigned char *)b); 602 } 603