[hackers] [sbase] tar: Add routine to test if the tar archive is "legit" || sin

From: <git_AT_suckless.org>
Date: Thu, 23 Apr 2015 17:34:17 +0200 (CEST)

commit ac694e6c4ac094f5f6f374f36ef6b72ea20bfaad
Author: sin <sin_AT_2f30.org>
Date: Thu Apr 23 16:31:02 2015 +0100

    tar: Add routine to test if the tar archive is "legit"

diff --git a/tar.c b/tar.c
index d410b0f..3abc067 100644
--- a/tar.c
+++ b/tar.c
_AT_@ -353,6 +353,35 @@ sanitize(struct header *h)
 }
 
 static void
+chktar(struct header *h)
+{
+ char tmp[8], *err;
+ char *p = (char *)h;
+ long s1, s2, i;
+
+ if (h->prefix[0] == '\0' && h->name[0] == '\0')
+ goto bad;
+ if (strncmp("ustar", h->magic, 5))
+ goto bad;
+ memcpy(tmp, h->chksum, sizeof(tmp));
+ for (i = 0; i < sizeof(tmp); i++)
+ if (tmp[i] == ' ')
+ tmp[i] = '\0';
+ s1 = strtol(tmp, &err, 8);
+ if (s1 < 0 || *err != '\0')
+ goto bad;
+ memset(h->chksum, ' ', sizeof(h->chksum));
+ for (i = 0, s2 = 0; i < sizeof(*h); i++)
+ s2 += p[i];
+ if (s1 != s2)
+ goto bad;
+ memcpy(h->chksum, tmp, sizeof(h->chksum));
+ return;
+bad:
+ eprintf("malformed tar archive\n");
+}
+
+static void
 xt(int argc, char *argv[], int (*fn)(char *, ssize_t, char[BLKSIZ]))
 {
         char b[BLKSIZ], fname[256 + 1], *p;
_AT_@ -363,6 +392,7 @@ xt(int argc, char *argv[], int (*fn)(char *, ssize_t, char[BLKSIZ]))
         int i, n;
 
         while (eread(tarfd, b, BLKSIZ) > 0 && h->name[0]) {
+ chktar(h);
                 sanitize(h), n = 0;
 
                 /* small dance around non-null terminated fields */
Received on Thu Apr 23 2015 - 17:34:17 CEST