[hackers] [sbase] Fix tar(1) handling of <space> terminated fields || sin

From: <git_AT_suckless.org>
Date: Mon, 20 Apr 2015 17:36:10 +0200 (CEST)

commit 3ef6d4e4c97c937e82b873399d76900ebb498389
Author: sin <sin_AT_2f30.org>
Date: Mon Apr 20 16:29:21 2015 +0100

    Fix tar(1) handling of <space> terminated fields
    
    Numeric fields can be <space> terminated. Ensure those are
    patched with NULs so we can perform string operations.
    
    There is more work to be done in this area, namely some fields like
    name, linkname and prefix are not always null-terminated.

diff --git a/tar.c b/tar.c
index 72fd3b2..afe7854 100644
--- a/tar.c
+++ b/tar.c
_AT_@ -280,6 +280,33 @@ c(const char *path, struct stat *st, void *data, struct recursor *r)
 }
 
 static void
+sanitize(struct header *h)
+{
+ size_t i, j;
+ struct {
+ char *f;
+ size_t l;
+ } fields[] = {
+ { h->mode, sizeof(h->mode) },
+ { h->uid, sizeof(h->uid) },
+ { h->gid, sizeof(h->gid) },
+ { h->size, sizeof(h->size) },
+ { h->mtime, sizeof(h->mtime) },
+ { h->chksum, sizeof(h->chksum) },
+ { h->major, sizeof(h->major) },
+ { h->minor, sizeof(h->minor) }
+ };
+
+ /* Numeric fields can be terminated with spaces instead of
+ * NULs as per the ustar specification. Patch all of them to
+ * use NULs so we can perform string operations on them. */
+ for (i = 0; i < LEN(fields); i++)
+ for (j = 0; j < fields[i].l; j++)
+ if (fields[i].f[j] == ' ')
+ fields[i].f[j] = '\0';
+}
+
+static void
 xt(int (*fn)(char *, ssize_t, char[BLKSIZ]))
 {
         struct header *h;
_AT_@ -289,6 +316,7 @@ xt(int (*fn)(char *, ssize_t, char[BLKSIZ]))
         h = (void *)b;
 
         while (fread(b, BLKSIZ, 1, tarfile) == 1 && *(h->name)) {
+ sanitize(h);
                 fname[0] = '\0';
                 if (*(h->prefix)) {
                         estrlcat(fname, h->prefix, sizeof(fname));
Received on Mon Apr 20 2015 - 17:36:10 CEST