xref: /freebsd/contrib/libarchive/tar/util.c (revision 7e00348e7605b9906601438008341ffc37c00e2c)
1 /*-
2  * Copyright (c) 2003-2007 Tim Kientzle
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17  * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #include "bsdtar_platform.h"
27 __FBSDID("$FreeBSD$");
28 
29 #ifdef HAVE_SYS_STAT_H
30 #include <sys/stat.h>
31 #endif
32 #ifdef HAVE_SYS_TYPES_H
33 #include <sys/types.h>  /* Linux doesn't define mode_t, etc. in sys/stat.h. */
34 #endif
35 #include <ctype.h>
36 #ifdef HAVE_ERRNO_H
37 #include <errno.h>
38 #endif
39 #ifdef HAVE_IO_H
40 #include <io.h>
41 #endif
42 #ifdef HAVE_STDARG_H
43 #include <stdarg.h>
44 #endif
45 #ifdef HAVE_STDINT_H
46 #include <stdint.h>
47 #endif
48 #include <stdio.h>
49 #ifdef HAVE_STDLIB_H
50 #include <stdlib.h>
51 #endif
52 #ifdef HAVE_STRING_H
53 #include <string.h>
54 #endif
55 #ifdef HAVE_WCTYPE_H
56 #include <wctype.h>
57 #else
58 /* If we don't have wctype, we need to hack up some version of iswprint(). */
59 #define	iswprint isprint
60 #endif
61 
62 #include "bsdtar.h"
63 #include "err.h"
64 
65 static size_t	bsdtar_expand_char(char *, size_t, char);
66 static const char *strip_components(const char *path, int elements);
67 
68 #if defined(_WIN32) && !defined(__CYGWIN__)
69 #define	read _read
70 #endif
71 
72 /* TODO:  Hack up a version of mbtowc for platforms with no wide
73  * character support at all.  I think the following might suffice,
74  * but it needs careful testing.
75  * #if !HAVE_MBTOWC
76  * #define	mbtowc(wcp, p, n) ((*wcp = *p), 1)
77  * #endif
78  */
79 
80 /*
81  * Print a string, taking care with any non-printable characters.
82  *
83  * Note that we use a stack-allocated buffer to receive the formatted
84  * string if we can.  This is partly performance (avoiding a call to
85  * malloc()), partly out of expedience (we have to call vsnprintf()
86  * before malloc() anyway to find out how big a buffer we need; we may
87  * as well point that first call at a small local buffer in case it
88  * works), but mostly for safety (so we can use this to print messages
89  * about out-of-memory conditions).
90  */
91 
92 void
93 safe_fprintf(FILE *f, const char *fmt, ...)
94 {
95 	char fmtbuff_stack[256]; /* Place to format the printf() string. */
96 	char outbuff[256]; /* Buffer for outgoing characters. */
97 	char *fmtbuff_heap; /* If fmtbuff_stack is too small, we use malloc */
98 	char *fmtbuff;  /* Pointer to fmtbuff_stack or fmtbuff_heap. */
99 	int fmtbuff_length;
100 	int length, n;
101 	va_list ap;
102 	const char *p;
103 	unsigned i;
104 	wchar_t wc;
105 	char try_wc;
106 
107 	/* Use a stack-allocated buffer if we can, for speed and safety. */
108 	fmtbuff_heap = NULL;
109 	fmtbuff_length = sizeof(fmtbuff_stack);
110 	fmtbuff = fmtbuff_stack;
111 
112 	/* Try formatting into the stack buffer. */
113 	va_start(ap, fmt);
114 	length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap);
115 	va_end(ap);
116 
117 	/* If the result was too large, allocate a buffer on the heap. */
118 	while (length < 0 || length >= fmtbuff_length) {
119 		if (length >= fmtbuff_length)
120 			fmtbuff_length = length+1;
121 		else if (fmtbuff_length < 8192)
122 			fmtbuff_length *= 2;
123 		else if (fmtbuff_length < 1000000)
124 			fmtbuff_length += fmtbuff_length / 4;
125 		else {
126 			length = fmtbuff_length;
127 			fmtbuff_heap[length-1] = '\0';
128 			break;
129 		}
130 		free(fmtbuff_heap);
131 		fmtbuff_heap = malloc(fmtbuff_length);
132 
133 		/* Reformat the result into the heap buffer if we can. */
134 		if (fmtbuff_heap != NULL) {
135 			fmtbuff = fmtbuff_heap;
136 			va_start(ap, fmt);
137 			length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap);
138 			va_end(ap);
139 		} else {
140 			/* Leave fmtbuff pointing to the truncated
141 			 * string in fmtbuff_stack. */
142 			length = sizeof(fmtbuff_stack) - 1;
143 			break;
144 		}
145 	}
146 
147 	/* Note: mbrtowc() has a cleaner API, but mbtowc() seems a bit
148 	 * more portable, so we use that here instead. */
149 	if (mbtowc(NULL, NULL, 1) == -1) { /* Reset the shift state. */
150 		/* mbtowc() should never fail in practice, but
151 		 * handle the theoretical error anyway. */
152 		free(fmtbuff_heap);
153 		return;
154 	}
155 
156 	/* Write data, expanding unprintable characters. */
157 	p = fmtbuff;
158 	i = 0;
159 	try_wc = 1;
160 	while (*p != '\0') {
161 
162 		/* Convert to wide char, test if the wide
163 		 * char is printable in the current locale. */
164 		if (try_wc && (n = mbtowc(&wc, p, length)) != -1) {
165 			length -= n;
166 			if (iswprint(wc) && wc != L'\\') {
167 				/* Printable, copy the bytes through. */
168 				while (n-- > 0)
169 					outbuff[i++] = *p++;
170 			} else {
171 				/* Not printable, format the bytes. */
172 				while (n-- > 0)
173 					i += (unsigned)bsdtar_expand_char(
174 					    outbuff, i, *p++);
175 			}
176 		} else {
177 			/* After any conversion failure, don't bother
178 			 * trying to convert the rest. */
179 			i += (unsigned)bsdtar_expand_char(outbuff, i, *p++);
180 			try_wc = 0;
181 		}
182 
183 		/* If our output buffer is full, dump it and keep going. */
184 		if (i > (sizeof(outbuff) - 20)) {
185 			outbuff[i] = '\0';
186 			fprintf(f, "%s", outbuff);
187 			i = 0;
188 		}
189 	}
190 	outbuff[i] = '\0';
191 	fprintf(f, "%s", outbuff);
192 
193 	/* If we allocated a heap-based formatting buffer, free it now. */
194 	free(fmtbuff_heap);
195 }
196 
197 /*
198  * Render an arbitrary sequence of bytes into printable ASCII characters.
199  */
200 static size_t
201 bsdtar_expand_char(char *buff, size_t offset, char c)
202 {
203 	size_t i = offset;
204 
205 	if (isprint((unsigned char)c) && c != '\\')
206 		buff[i++] = c;
207 	else {
208 		buff[i++] = '\\';
209 		switch (c) {
210 		case '\a': buff[i++] = 'a'; break;
211 		case '\b': buff[i++] = 'b'; break;
212 		case '\f': buff[i++] = 'f'; break;
213 		case '\n': buff[i++] = 'n'; break;
214 #if '\r' != '\n'
215 		/* On some platforms, \n and \r are the same. */
216 		case '\r': buff[i++] = 'r'; break;
217 #endif
218 		case '\t': buff[i++] = 't'; break;
219 		case '\v': buff[i++] = 'v'; break;
220 		case '\\': buff[i++] = '\\'; break;
221 		default:
222 			sprintf(buff + i, "%03o", 0xFF & (int)c);
223 			i += 3;
224 		}
225 	}
226 
227 	return (i - offset);
228 }
229 
230 int
231 yes(const char *fmt, ...)
232 {
233 	char buff[32];
234 	char *p;
235 	ssize_t l;
236 
237 	va_list ap;
238 	va_start(ap, fmt);
239 	vfprintf(stderr, fmt, ap);
240 	va_end(ap);
241 	fprintf(stderr, " (y/N)? ");
242 	fflush(stderr);
243 
244 	l = read(2, buff, sizeof(buff) - 1);
245 	if (l < 0) {
246 	  fprintf(stderr, "Keyboard read failed\n");
247 	  exit(1);
248 	}
249 	if (l == 0)
250 		return (0);
251 	buff[l] = 0;
252 
253 	for (p = buff; *p != '\0'; p++) {
254 		if (isspace((unsigned char)*p))
255 			continue;
256 		switch(*p) {
257 		case 'y': case 'Y':
258 			return (1);
259 		case 'n': case 'N':
260 			return (0);
261 		default:
262 			return (0);
263 		}
264 	}
265 
266 	return (0);
267 }
268 
269 /*-
270  * The logic here for -C <dir> attempts to avoid
271  * chdir() as long as possible.  For example:
272  * "-C /foo -C /bar file"          needs chdir("/bar") but not chdir("/foo")
273  * "-C /foo -C bar file"           needs chdir("/foo/bar")
274  * "-C /foo -C bar /file1"         does not need chdir()
275  * "-C /foo -C bar /file1 file2"   needs chdir("/foo/bar") before file2
276  *
277  * The only correct way to handle this is to record a "pending" chdir
278  * request and combine multiple requests intelligently until we
279  * need to process a non-absolute file.  set_chdir() adds the new dir
280  * to the pending list; do_chdir() actually executes any pending chdir.
281  *
282  * This way, programs that build tar command lines don't have to worry
283  * about -C with non-existent directories; such requests will only
284  * fail if the directory must be accessed.
285  *
286  */
287 void
288 set_chdir(struct bsdtar *bsdtar, const char *newdir)
289 {
290 #if defined(_WIN32) && !defined(__CYGWIN__)
291 	if (newdir[0] == '/' || newdir[0] == '\\' ||
292 	    /* Detect this type, for example, "C:\" or "C:/" */
293 	    (((newdir[0] >= 'a' && newdir[0] <= 'z') ||
294 	      (newdir[0] >= 'A' && newdir[0] <= 'Z')) &&
295 	    newdir[1] == ':' && (newdir[2] == '/' || newdir[2] == '\\'))) {
296 #else
297 	if (newdir[0] == '/') {
298 #endif
299 		/* The -C /foo -C /bar case; dump first one. */
300 		free(bsdtar->pending_chdir);
301 		bsdtar->pending_chdir = NULL;
302 	}
303 	if (bsdtar->pending_chdir == NULL)
304 		/* Easy case: no previously-saved dir. */
305 		bsdtar->pending_chdir = strdup(newdir);
306 	else {
307 		/* The -C /foo -C bar case; concatenate */
308 		char *old_pending = bsdtar->pending_chdir;
309 		size_t old_len = strlen(old_pending);
310 		bsdtar->pending_chdir = malloc(old_len + strlen(newdir) + 2);
311 		if (old_pending[old_len - 1] == '/')
312 			old_pending[old_len - 1] = '\0';
313 		if (bsdtar->pending_chdir != NULL)
314 			sprintf(bsdtar->pending_chdir, "%s/%s",
315 			    old_pending, newdir);
316 		free(old_pending);
317 	}
318 	if (bsdtar->pending_chdir == NULL)
319 		lafe_errc(1, errno, "No memory");
320 }
321 
322 void
323 do_chdir(struct bsdtar *bsdtar)
324 {
325 	if (bsdtar->pending_chdir == NULL)
326 		return;
327 
328 	if (chdir(bsdtar->pending_chdir) != 0) {
329 		lafe_errc(1, 0, "could not chdir to '%s'\n",
330 		    bsdtar->pending_chdir);
331 	}
332 	free(bsdtar->pending_chdir);
333 	bsdtar->pending_chdir = NULL;
334 }
335 
336 static const char *
337 strip_components(const char *p, int elements)
338 {
339 	/* Skip as many elements as necessary. */
340 	while (elements > 0) {
341 		switch (*p++) {
342 		case '/':
343 #if defined(_WIN32) && !defined(__CYGWIN__)
344 		case '\\': /* Support \ path sep on Windows ONLY. */
345 #endif
346 			elements--;
347 			break;
348 		case '\0':
349 			/* Path is too short, skip it. */
350 			return (NULL);
351 		}
352 	}
353 
354 	/* Skip any / characters.  This handles short paths that have
355 	 * additional / termination.  This also handles the case where
356 	 * the logic above stops in the middle of a duplicate //
357 	 * sequence (which would otherwise get converted to an
358 	 * absolute path). */
359 	for (;;) {
360 		switch (*p) {
361 		case '/':
362 #if defined(_WIN32) && !defined(__CYGWIN__)
363 		case '\\': /* Support \ path sep on Windows ONLY. */
364 #endif
365 			++p;
366 			break;
367 		case '\0':
368 			return (NULL);
369 		default:
370 			return (p);
371 		}
372 	}
373 }
374 
375 static const char*
376 strip_leading_slashes(const char *p)
377 {
378 
379 	/* Remove leading "/../", "//", etc. */
380 	while (p[0] == '/' || p[0] == '\\') {
381 		if (p[1] == '.' && p[2] == '.' && (
382 		    p[3] == '/' || p[3] == '\\')) {
383 			p += 3; /* Remove "/..", leave "/" for next pass. */
384 		} else
385 			p += 1; /* Remove "/". */
386 	}
387 	return (p);
388 }
389 
390 /*
391  * Handle --strip-components and any future path-rewriting options.
392  * Returns non-zero if the pathname should not be extracted.
393  *
394  * TODO: Support pax-style regex path rewrites.
395  */
396 int
397 edit_pathname(struct bsdtar *bsdtar, struct archive_entry *entry)
398 {
399 	const char *name = archive_entry_pathname(entry);
400 #if defined(HAVE_REGEX_H) || defined(HAVE_PCREPOSIX_H)
401 	char *subst_name;
402 	int r;
403 
404 	r = apply_substitution(bsdtar, name, &subst_name, 0, 0);
405 	if (r == -1) {
406 		lafe_warnc(0, "Invalid substitution, skipping entry");
407 		return 1;
408 	}
409 	if (r == 1) {
410 		archive_entry_copy_pathname(entry, subst_name);
411 		if (*subst_name == '\0') {
412 			free(subst_name);
413 			return -1;
414 		} else
415 			free(subst_name);
416 		name = archive_entry_pathname(entry);
417 	}
418 
419 	if (archive_entry_hardlink(entry)) {
420 		r = apply_substitution(bsdtar, archive_entry_hardlink(entry), &subst_name, 0, 1);
421 		if (r == -1) {
422 			lafe_warnc(0, "Invalid substitution, skipping entry");
423 			return 1;
424 		}
425 		if (r == 1) {
426 			archive_entry_copy_hardlink(entry, subst_name);
427 			free(subst_name);
428 		}
429 	}
430 	if (archive_entry_symlink(entry) != NULL) {
431 		r = apply_substitution(bsdtar, archive_entry_symlink(entry), &subst_name, 1, 0);
432 		if (r == -1) {
433 			lafe_warnc(0, "Invalid substitution, skipping entry");
434 			return 1;
435 		}
436 		if (r == 1) {
437 			archive_entry_copy_symlink(entry, subst_name);
438 			free(subst_name);
439 		}
440 	}
441 #endif
442 
443 	/* Strip leading dir names as per --strip-components option. */
444 	if (bsdtar->strip_components > 0) {
445 		const char *linkname = archive_entry_hardlink(entry);
446 
447 		name = strip_components(name, bsdtar->strip_components);
448 		if (name == NULL)
449 			return (1);
450 
451 		if (linkname != NULL) {
452 			linkname = strip_components(linkname,
453 			    bsdtar->strip_components);
454 			if (linkname == NULL)
455 				return (1);
456 			archive_entry_copy_hardlink(entry, linkname);
457 		}
458 	}
459 
460 	/* By default, don't write or restore absolute pathnames. */
461 	if (!bsdtar->option_absolute_paths) {
462 		const char *rp, *p = name;
463 		int slashonly = 1;
464 
465 		/* Remove leading "//./" or "//?/" or "//?/UNC/"
466 		 * (absolute path prefixes used by Windows API) */
467 		if ((p[0] == '/' || p[0] == '\\') &&
468 		    (p[1] == '/' || p[1] == '\\') &&
469 		    (p[2] == '.' || p[2] == '?') &&
470 		    (p[3] == '/' || p[3] == '\\'))
471 		{
472 			if (p[2] == '?' &&
473 			    (p[4] == 'U' || p[4] == 'u') &&
474 			    (p[5] == 'N' || p[5] == 'n') &&
475 			    (p[6] == 'C' || p[6] == 'c') &&
476 			    (p[7] == '/' || p[7] == '\\'))
477 				p += 8;
478 			else
479 				p += 4;
480 			slashonly = 0;
481 		}
482 		do {
483 			rp = p;
484 			/* Remove leading drive letter from archives created
485 			 * on Windows. */
486 			if (((p[0] >= 'a' && p[0] <= 'z') ||
487 			     (p[0] >= 'A' && p[0] <= 'Z')) &&
488 				 p[1] == ':') {
489 				p += 2;
490 				slashonly = 0;
491 			}
492 			p = strip_leading_slashes(p);
493 		} while (rp != p);
494 
495 		if (p != name && !bsdtar->warned_lead_slash) {
496 			/* Generate a warning the first time this happens. */
497 			if (slashonly)
498 				lafe_warnc(0,
499 				    "Removing leading '%c' from member names",
500 				    name[0]);
501 			else
502 				lafe_warnc(0,
503 				    "Removing leading drive letter from "
504 				    "member names");
505 			bsdtar->warned_lead_slash = 1;
506 		}
507 
508 		/* Special case: Stripping everything yields ".". */
509 		if (*p == '\0')
510 			name = ".";
511 		else
512 			name = p;
513 
514 		p = archive_entry_hardlink(entry);
515 		if (p != NULL) {
516 			rp = strip_leading_slashes(p);
517 			if (rp == '\0')
518 				return (1);
519 			if (rp != p) {
520 				char *linkname = strdup(rp);
521 
522 				archive_entry_copy_hardlink(entry, linkname);
523 				free(linkname);
524 			}
525 		}
526 	} else {
527 		/* Strip redundant leading '/' characters. */
528 		while (name[0] == '/' && name[1] == '/')
529 			name++;
530 	}
531 
532 	/* Safely replace name in archive_entry. */
533 	if (name != archive_entry_pathname(entry)) {
534 		char *q = strdup(name);
535 		archive_entry_copy_pathname(entry, q);
536 		free(q);
537 	}
538 	return (0);
539 }
540 
541 /*
542  * It would be nice to just use printf() for formatting large numbers,
543  * but the compatibility problems are quite a headache.  Hence the
544  * following simple utility function.
545  */
546 const char *
547 tar_i64toa(int64_t n0)
548 {
549 	static char buff[24];
550 	uint64_t n = n0 < 0 ? -n0 : n0;
551 	char *p = buff + sizeof(buff);
552 
553 	*--p = '\0';
554 	do {
555 		*--p = '0' + (int)(n % 10);
556 	} while (n /= 10);
557 	if (n0 < 0)
558 		*--p = '-';
559 	return p;
560 }
561 
562 /*
563  * Like strcmp(), but try to be a little more aware of the fact that
564  * we're comparing two paths.  Right now, it just handles leading
565  * "./" and trailing '/' specially, so that "a/b/" == "./a/b"
566  *
567  * TODO: Make this better, so that "./a//b/./c/" == "a/b/c"
568  * TODO: After this works, push it down into libarchive.
569  * TODO: Publish the path normalization routines in libarchive so
570  * that bsdtar can normalize paths and use fast strcmp() instead
571  * of this.
572  *
573  * Note: This is currently only used within write.c, so should
574  * not handle \ path separators.
575  */
576 
577 int
578 pathcmp(const char *a, const char *b)
579 {
580 	/* Skip leading './' */
581 	if (a[0] == '.' && a[1] == '/' && a[2] != '\0')
582 		a += 2;
583 	if (b[0] == '.' && b[1] == '/' && b[2] != '\0')
584 		b += 2;
585 	/* Find the first difference, or return (0) if none. */
586 	while (*a == *b) {
587 		if (*a == '\0')
588 			return (0);
589 		a++;
590 		b++;
591 	}
592 	/*
593 	 * If one ends in '/' and the other one doesn't,
594 	 * they're the same.
595 	 */
596 	if (a[0] == '/' && a[1] == '\0' && b[0] == '\0')
597 		return (0);
598 	if (a[0] == '\0' && b[0] == '/' && b[1] == '\0')
599 		return (0);
600 	/* They're really different, return the correct sign. */
601 	return (*(const unsigned char *)a - *(const unsigned char *)b);
602 }
603