1/*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "bsdtar_platform.h"
27__FBSDID("$FreeBSD: releng/10.3/contrib/libarchive/tar/util.c 271004 2014-09-03 08:27:05Z ae $");
28
29#ifdef HAVE_SYS_STAT_H
30#include <sys/stat.h>
31#endif
32#ifdef HAVE_SYS_TYPES_H
33#include <sys/types.h>  /* Linux doesn't define mode_t, etc. in sys/stat.h. */
34#endif
35#include <ctype.h>
36#ifdef HAVE_ERRNO_H
37#include <errno.h>
38#endif
39#ifdef HAVE_IO_H
40#include <io.h>
41#endif
42#ifdef HAVE_STDARG_H
43#include <stdarg.h>
44#endif
45#ifdef HAVE_STDINT_H
46#include <stdint.h>
47#endif
48#include <stdio.h>
49#ifdef HAVE_STDLIB_H
50#include <stdlib.h>
51#endif
52#ifdef HAVE_STRING_H
53#include <string.h>
54#endif
55#ifdef HAVE_WCTYPE_H
56#include <wctype.h>
57#else
58/* If we don't have wctype, we need to hack up some version of iswprint(). */
59#define	iswprint isprint
60#endif
61
62#include "bsdtar.h"
63#include "err.h"
64
65static size_t	bsdtar_expand_char(char *, size_t, char);
66static const char *strip_components(const char *path, int elements);
67
68#if defined(_WIN32) && !defined(__CYGWIN__)
69#define	read _read
70#endif
71
72/* TODO:  Hack up a version of mbtowc for platforms with no wide
73 * character support at all.  I think the following might suffice,
74 * but it needs careful testing.
75 * #if !HAVE_MBTOWC
76 * #define	mbtowc(wcp, p, n) ((*wcp = *p), 1)
77 * #endif
78 */
79
80/*
81 * Print a string, taking care with any non-printable characters.
82 *
83 * Note that we use a stack-allocated buffer to receive the formatted
84 * string if we can.  This is partly performance (avoiding a call to
85 * malloc()), partly out of expedience (we have to call vsnprintf()
86 * before malloc() anyway to find out how big a buffer we need; we may
87 * as well point that first call at a small local buffer in case it
88 * works), but mostly for safety (so we can use this to print messages
89 * about out-of-memory conditions).
90 */
91
92void
93safe_fprintf(FILE *f, const char *fmt, ...)
94{
95	char fmtbuff_stack[256]; /* Place to format the printf() string. */
96	char outbuff[256]; /* Buffer for outgoing characters. */
97	char *fmtbuff_heap; /* If fmtbuff_stack is too small, we use malloc */
98	char *fmtbuff;  /* Pointer to fmtbuff_stack or fmtbuff_heap. */
99	int fmtbuff_length;
100	int length, n;
101	va_list ap;
102	const char *p;
103	unsigned i;
104	wchar_t wc;
105	char try_wc;
106
107	/* Use a stack-allocated buffer if we can, for speed and safety. */
108	fmtbuff_heap = NULL;
109	fmtbuff_length = sizeof(fmtbuff_stack);
110	fmtbuff = fmtbuff_stack;
111
112	/* Try formatting into the stack buffer. */
113	va_start(ap, fmt);
114	length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap);
115	va_end(ap);
116
117	/* If the result was too large, allocate a buffer on the heap. */
118	while (length < 0 || length >= fmtbuff_length) {
119		if (length >= fmtbuff_length)
120			fmtbuff_length = length+1;
121		else if (fmtbuff_length < 8192)
122			fmtbuff_length *= 2;
123		else if (fmtbuff_length < 1000000)
124			fmtbuff_length += fmtbuff_length / 4;
125		else {
126			length = fmtbuff_length;
127			fmtbuff_heap[length-1] = '\0';
128			break;
129		}
130		free(fmtbuff_heap);
131		fmtbuff_heap = malloc(fmtbuff_length);
132
133		/* Reformat the result into the heap buffer if we can. */
134		if (fmtbuff_heap != NULL) {
135			fmtbuff = fmtbuff_heap;
136			va_start(ap, fmt);
137			length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap);
138			va_end(ap);
139		} else {
140			/* Leave fmtbuff pointing to the truncated
141			 * string in fmtbuff_stack. */
142			length = sizeof(fmtbuff_stack) - 1;
143			break;
144		}
145	}
146
147	/* Note: mbrtowc() has a cleaner API, but mbtowc() seems a bit
148	 * more portable, so we use that here instead. */
149	if (mbtowc(NULL, NULL, 1) == -1) { /* Reset the shift state. */
150		/* mbtowc() should never fail in practice, but
151		 * handle the theoretical error anyway. */
152		free(fmtbuff_heap);
153		return;
154	}
155
156	/* Write data, expanding unprintable characters. */
157	p = fmtbuff;
158	i = 0;
159	try_wc = 1;
160	while (*p != '\0') {
161
162		/* Convert to wide char, test if the wide
163		 * char is printable in the current locale. */
164		if (try_wc && (n = mbtowc(&wc, p, length)) != -1) {
165			length -= n;
166			if (iswprint(wc) && wc != L'\\') {
167				/* Printable, copy the bytes through. */
168				while (n-- > 0)
169					outbuff[i++] = *p++;
170			} else {
171				/* Not printable, format the bytes. */
172				while (n-- > 0)
173					i += (unsigned)bsdtar_expand_char(
174					    outbuff, i, *p++);
175			}
176		} else {
177			/* After any conversion failure, don't bother
178			 * trying to convert the rest. */
179			i += (unsigned)bsdtar_expand_char(outbuff, i, *p++);
180			try_wc = 0;
181		}
182
183		/* If our output buffer is full, dump it and keep going. */
184		if (i > (sizeof(outbuff) - 20)) {
185			outbuff[i] = '\0';
186			fprintf(f, "%s", outbuff);
187			i = 0;
188		}
189	}
190	outbuff[i] = '\0';
191	fprintf(f, "%s", outbuff);
192
193	/* If we allocated a heap-based formatting buffer, free it now. */
194	free(fmtbuff_heap);
195}
196
197/*
198 * Render an arbitrary sequence of bytes into printable ASCII characters.
199 */
200static size_t
201bsdtar_expand_char(char *buff, size_t offset, char c)
202{
203	size_t i = offset;
204
205	if (isprint((unsigned char)c) && c != '\\')
206		buff[i++] = c;
207	else {
208		buff[i++] = '\\';
209		switch (c) {
210		case '\a': buff[i++] = 'a'; break;
211		case '\b': buff[i++] = 'b'; break;
212		case '\f': buff[i++] = 'f'; break;
213		case '\n': buff[i++] = 'n'; break;
214#if '\r' != '\n'
215		/* On some platforms, \n and \r are the same. */
216		case '\r': buff[i++] = 'r'; break;
217#endif
218		case '\t': buff[i++] = 't'; break;
219		case '\v': buff[i++] = 'v'; break;
220		case '\\': buff[i++] = '\\'; break;
221		default:
222			sprintf(buff + i, "%03o", 0xFF & (int)c);
223			i += 3;
224		}
225	}
226
227	return (i - offset);
228}
229
230int
231yes(const char *fmt, ...)
232{
233	char buff[32];
234	char *p;
235	ssize_t l;
236
237	va_list ap;
238	va_start(ap, fmt);
239	vfprintf(stderr, fmt, ap);
240	va_end(ap);
241	fprintf(stderr, " (y/N)? ");
242	fflush(stderr);
243
244	l = read(2, buff, sizeof(buff) - 1);
245	if (l < 0) {
246	  fprintf(stderr, "Keyboard read failed\n");
247	  exit(1);
248	}
249	if (l == 0)
250		return (0);
251	buff[l] = 0;
252
253	for (p = buff; *p != '\0'; p++) {
254		if (isspace((unsigned char)*p))
255			continue;
256		switch(*p) {
257		case 'y': case 'Y':
258			return (1);
259		case 'n': case 'N':
260			return (0);
261		default:
262			return (0);
263		}
264	}
265
266	return (0);
267}
268
269/*-
270 * The logic here for -C <dir> attempts to avoid
271 * chdir() as long as possible.  For example:
272 * "-C /foo -C /bar file"          needs chdir("/bar") but not chdir("/foo")
273 * "-C /foo -C bar file"           needs chdir("/foo/bar")
274 * "-C /foo -C bar /file1"         does not need chdir()
275 * "-C /foo -C bar /file1 file2"   needs chdir("/foo/bar") before file2
276 *
277 * The only correct way to handle this is to record a "pending" chdir
278 * request and combine multiple requests intelligently until we
279 * need to process a non-absolute file.  set_chdir() adds the new dir
280 * to the pending list; do_chdir() actually executes any pending chdir.
281 *
282 * This way, programs that build tar command lines don't have to worry
283 * about -C with non-existent directories; such requests will only
284 * fail if the directory must be accessed.
285 *
286 */
287void
288set_chdir(struct bsdtar *bsdtar, const char *newdir)
289{
290#if defined(_WIN32) && !defined(__CYGWIN__)
291	if (newdir[0] == '/' || newdir[0] == '\\' ||
292	    /* Detect this type, for example, "C:\" or "C:/" */
293	    (((newdir[0] >= 'a' && newdir[0] <= 'z') ||
294	      (newdir[0] >= 'A' && newdir[0] <= 'Z')) &&
295	    newdir[1] == ':' && (newdir[2] == '/' || newdir[2] == '\\'))) {
296#else
297	if (newdir[0] == '/') {
298#endif
299		/* The -C /foo -C /bar case; dump first one. */
300		free(bsdtar->pending_chdir);
301		bsdtar->pending_chdir = NULL;
302	}
303	if (bsdtar->pending_chdir == NULL)
304		/* Easy case: no previously-saved dir. */
305		bsdtar->pending_chdir = strdup(newdir);
306	else {
307		/* The -C /foo -C bar case; concatenate */
308		char *old_pending = bsdtar->pending_chdir;
309		size_t old_len = strlen(old_pending);
310		bsdtar->pending_chdir = malloc(old_len + strlen(newdir) + 2);
311		if (old_pending[old_len - 1] == '/')
312			old_pending[old_len - 1] = '\0';
313		if (bsdtar->pending_chdir != NULL)
314			sprintf(bsdtar->pending_chdir, "%s/%s",
315			    old_pending, newdir);
316		free(old_pending);
317	}
318	if (bsdtar->pending_chdir == NULL)
319		lafe_errc(1, errno, "No memory");
320}
321
322void
323do_chdir(struct bsdtar *bsdtar)
324{
325	if (bsdtar->pending_chdir == NULL)
326		return;
327
328	if (chdir(bsdtar->pending_chdir) != 0) {
329		lafe_errc(1, 0, "could not chdir to '%s'\n",
330		    bsdtar->pending_chdir);
331	}
332	free(bsdtar->pending_chdir);
333	bsdtar->pending_chdir = NULL;
334}
335
336static const char *
337strip_components(const char *p, int elements)
338{
339	/* Skip as many elements as necessary. */
340	while (elements > 0) {
341		switch (*p++) {
342		case '/':
343#if defined(_WIN32) && !defined(__CYGWIN__)
344		case '\\': /* Support \ path sep on Windows ONLY. */
345#endif
346			elements--;
347			break;
348		case '\0':
349			/* Path is too short, skip it. */
350			return (NULL);
351		}
352	}
353
354	/* Skip any / characters.  This handles short paths that have
355	 * additional / termination.  This also handles the case where
356	 * the logic above stops in the middle of a duplicate //
357	 * sequence (which would otherwise get converted to an
358	 * absolute path). */
359	for (;;) {
360		switch (*p) {
361		case '/':
362#if defined(_WIN32) && !defined(__CYGWIN__)
363		case '\\': /* Support \ path sep on Windows ONLY. */
364#endif
365			++p;
366			break;
367		case '\0':
368			return (NULL);
369		default:
370			return (p);
371		}
372	}
373}
374
375static const char*
376strip_leading_slashes(const char *p)
377{
378
379	/* Remove leading "/../", "//", etc. */
380	while (p[0] == '/' || p[0] == '\\') {
381		if (p[1] == '.' && p[2] == '.' && (
382		    p[3] == '/' || p[3] == '\\')) {
383			p += 3; /* Remove "/..", leave "/" for next pass. */
384		} else
385			p += 1; /* Remove "/". */
386	}
387	return (p);
388}
389
390/*
391 * Handle --strip-components and any future path-rewriting options.
392 * Returns non-zero if the pathname should not be extracted.
393 *
394 * TODO: Support pax-style regex path rewrites.
395 */
396int
397edit_pathname(struct bsdtar *bsdtar, struct archive_entry *entry)
398{
399	const char *name = archive_entry_pathname(entry);
400#if defined(HAVE_REGEX_H) || defined(HAVE_PCREPOSIX_H)
401	char *subst_name;
402	int r;
403
404	r = apply_substitution(bsdtar, name, &subst_name, 0, 0);
405	if (r == -1) {
406		lafe_warnc(0, "Invalid substitution, skipping entry");
407		return 1;
408	}
409	if (r == 1) {
410		archive_entry_copy_pathname(entry, subst_name);
411		if (*subst_name == '\0') {
412			free(subst_name);
413			return -1;
414		} else
415			free(subst_name);
416		name = archive_entry_pathname(entry);
417	}
418
419	if (archive_entry_hardlink(entry)) {
420		r = apply_substitution(bsdtar, archive_entry_hardlink(entry), &subst_name, 0, 1);
421		if (r == -1) {
422			lafe_warnc(0, "Invalid substitution, skipping entry");
423			return 1;
424		}
425		if (r == 1) {
426			archive_entry_copy_hardlink(entry, subst_name);
427			free(subst_name);
428		}
429	}
430	if (archive_entry_symlink(entry) != NULL) {
431		r = apply_substitution(bsdtar, archive_entry_symlink(entry), &subst_name, 1, 0);
432		if (r == -1) {
433			lafe_warnc(0, "Invalid substitution, skipping entry");
434			return 1;
435		}
436		if (r == 1) {
437			archive_entry_copy_symlink(entry, subst_name);
438			free(subst_name);
439		}
440	}
441#endif
442
443	/* Strip leading dir names as per --strip-components option. */
444	if (bsdtar->strip_components > 0) {
445		const char *linkname = archive_entry_hardlink(entry);
446
447		name = strip_components(name, bsdtar->strip_components);
448		if (name == NULL)
449			return (1);
450
451		if (linkname != NULL) {
452			linkname = strip_components(linkname,
453			    bsdtar->strip_components);
454			if (linkname == NULL)
455				return (1);
456			archive_entry_copy_hardlink(entry, linkname);
457		}
458	}
459
460	/* By default, don't write or restore absolute pathnames. */
461	if (!bsdtar->option_absolute_paths) {
462		const char *rp, *p = name;
463		int slashonly = 1;
464
465		/* Remove leading "//./" or "//?/" or "//?/UNC/"
466		 * (absolute path prefixes used by Windows API) */
467		if ((p[0] == '/' || p[0] == '\\') &&
468		    (p[1] == '/' || p[1] == '\\') &&
469		    (p[2] == '.' || p[2] == '?') &&
470		    (p[3] == '/' || p[3] == '\\'))
471		{
472			if (p[2] == '?' &&
473			    (p[4] == 'U' || p[4] == 'u') &&
474			    (p[5] == 'N' || p[5] == 'n') &&
475			    (p[6] == 'C' || p[6] == 'c') &&
476			    (p[7] == '/' || p[7] == '\\'))
477				p += 8;
478			else
479				p += 4;
480			slashonly = 0;
481		}
482		do {
483			rp = p;
484			/* Remove leading drive letter from archives created
485			 * on Windows. */
486			if (((p[0] >= 'a' && p[0] <= 'z') ||
487			     (p[0] >= 'A' && p[0] <= 'Z')) &&
488				 p[1] == ':') {
489				p += 2;
490				slashonly = 0;
491			}
492			p = strip_leading_slashes(p);
493		} while (rp != p);
494
495		if (p != name && !bsdtar->warned_lead_slash) {
496			/* Generate a warning the first time this happens. */
497			if (slashonly)
498				lafe_warnc(0,
499				    "Removing leading '%c' from member names",
500				    name[0]);
501			else
502				lafe_warnc(0,
503				    "Removing leading drive letter from "
504				    "member names");
505			bsdtar->warned_lead_slash = 1;
506		}
507
508		/* Special case: Stripping everything yields ".". */
509		if (*p == '\0')
510			name = ".";
511		else
512			name = p;
513
514		p = archive_entry_hardlink(entry);
515		if (p != NULL) {
516			rp = strip_leading_slashes(p);
517			if (rp == '\0')
518				return (1);
519			if (rp != p) {
520				char *linkname = strdup(rp);
521
522				archive_entry_copy_hardlink(entry, linkname);
523				free(linkname);
524			}
525		}
526	} else {
527		/* Strip redundant leading '/' characters. */
528		while (name[0] == '/' && name[1] == '/')
529			name++;
530	}
531
532	/* Safely replace name in archive_entry. */
533	if (name != archive_entry_pathname(entry)) {
534		char *q = strdup(name);
535		archive_entry_copy_pathname(entry, q);
536		free(q);
537	}
538	return (0);
539}
540
541/*
542 * It would be nice to just use printf() for formatting large numbers,
543 * but the compatibility problems are quite a headache.  Hence the
544 * following simple utility function.
545 */
546const char *
547tar_i64toa(int64_t n0)
548{
549	static char buff[24];
550	uint64_t n = n0 < 0 ? -n0 : n0;
551	char *p = buff + sizeof(buff);
552
553	*--p = '\0';
554	do {
555		*--p = '0' + (int)(n % 10);
556	} while (n /= 10);
557	if (n0 < 0)
558		*--p = '-';
559	return p;
560}
561
562/*
563 * Like strcmp(), but try to be a little more aware of the fact that
564 * we're comparing two paths.  Right now, it just handles leading
565 * "./" and trailing '/' specially, so that "a/b/" == "./a/b"
566 *
567 * TODO: Make this better, so that "./a//b/./c/" == "a/b/c"
568 * TODO: After this works, push it down into libarchive.
569 * TODO: Publish the path normalization routines in libarchive so
570 * that bsdtar can normalize paths and use fast strcmp() instead
571 * of this.
572 *
573 * Note: This is currently only used within write.c, so should
574 * not handle \ path separators.
575 */
576
577int
578pathcmp(const char *a, const char *b)
579{
580	/* Skip leading './' */
581	if (a[0] == '.' && a[1] == '/' && a[2] != '\0')
582		a += 2;
583	if (b[0] == '.' && b[1] == '/' && b[2] != '\0')
584		b += 2;
585	/* Find the first difference, or return (0) if none. */
586	while (*a == *b) {
587		if (*a == '\0')
588			return (0);
589		a++;
590		b++;
591	}
592	/*
593	 * If one ends in '/' and the other one doesn't,
594	 * they're the same.
595	 */
596	if (a[0] == '/' && a[1] == '\0' && b[0] == '\0')
597		return (0);
598	if (a[0] == '\0' && b[0] == '/' && b[1] == '\0')
599		return (0);
600	/* They're really different, return the correct sign. */
601	return (*(const unsigned char *)a - *(const unsigned char *)b);
602}
603