From: "Mike Frysinger" <vapier@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/pax-utils:master commit in: /
Date: Thu, 25 Jan 2024 04:44:17 +0000 (UTC) [thread overview]
Message-ID: <1706157220.5b5556d12b96dd2d420e0d66456f1935668b3984.vapier@gentoo> (raw)
commit: 5b5556d12b96dd2d420e0d66456f1935668b3984
Author: Mike Frysinger <vapier <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 25 04:33:40 2024 +0000
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org>
CommitDate: Thu Jan 25 04:33:40 2024 +0000
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=5b5556d1
ar: handle invalid ascii numbers better
The atoi helper handles signed 32-bit integers, and expects the input
strings to be NUL terminated. Some of the fields are larger than what
signed 32-bit can handle, and none of them are NUL terminated. The
code currently works because it stops processing once it reaches text
that is not numeric, and the content that follows each field is always
non-numeric (e.g. a space).
Add a helper function that leverages strtoll as all of the fields can
fit into a signed 64-bit number. If the number is invalid, flag it as
such, and normalize it to 0 so the rest of the code can continue on.
Bug: https://bugs.gentoo.org/890577
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org>
paxinc.c | 53 +++++++++++++++++++++++++++++++++++++++++++++--------
1 file changed, 45 insertions(+), 8 deletions(-)
diff --git a/paxinc.c b/paxinc.c
index ff4ab85..5369697 100644
--- a/paxinc.c
+++ b/paxinc.c
@@ -50,6 +50,42 @@ archive_handle *ar_open(const char *filename, bool verbose)
return ret;
}
+static uint64_t ar_read_ascii_number(const char *numstr, size_t ndigits, int base)
+{
+ /* Largest field ar headers have is 16 bytes. */
+ char buf[17];
+ char *endp;
+ long long ret;
+
+ memcpy(buf, numstr, ndigits);
+ buf[ndigits] = '\0';
+
+ ret = strtoll(buf, &endp, base);
+ /* Numbers are padded with whitespace. */
+ if (*endp != '\0' && *endp != ' ') {
+ warn("ar: invalid number: %s", buf);
+ ret = 0;
+ }
+
+ /*
+ * Unsigned 64-bit numbers use up to 20 digits, and signed 64-bit numbers use
+ * up to 19 digits, but ndigits is always less than that. So we'd never handle
+ * a number that requires all 64-bits. If it's negative, it's because the input
+ * was negative e.g. "-1", and none of these fields should ever be negative.
+ */
+ if (ret < 0) {
+ warn("ar: invalid number: %s", buf);
+ ret = 0;
+ }
+
+ return ret;
+}
+#define read_octal_number(s, n) ar_read_ascii_number(s, n, 8)
+#define read_decimal_number(s, n) ar_read_ascii_number(s, n, 10)
+/* For char[] arrays rather than dynamic pointers. */
+#define read_octal_number_fixed(s) read_octal_number(s, sizeof(s))
+#define read_decimal_number_fixed(s) read_decimal_number(s, sizeof(s))
+
archive_member *ar_next(archive_handle *ar)
{
char *s;
@@ -84,12 +120,13 @@ close_and_ret:
goto close_and_ret;
}
+ /* System V extended filename section. */
if (ret.buf.formatted.name[0] == '/' && ret.buf.formatted.name[1] == '/') {
if (ar->extfn != NULL) {
warn("%s: Duplicate GNU extended filename section", ar->filename);
goto close_and_ret;
}
- len = atoi(ret.buf.formatted.size);
+ len = read_decimal_number_fixed(ret.buf.formatted.size);
ar->extfn = xmalloc(sizeof(char) * (len + 1));
if (read(ar->fd, ar->extfn, len) != len)
goto close_and_ret;
@@ -104,7 +141,7 @@ close_and_ret:
s = ret.buf.formatted.name;
if (s[0] == '#' && s[1] == '1' && s[2] == '/') {
/* BSD extended filename, always in use on Darwin */
- len = atoi(s + 3);
+ len = read_decimal_number(s + 3, sizeof(ret.buf.formatted.name) - 3);
if (len <= (ssize_t)sizeof(ret.buf.formatted.name)) {
if (read(ar->fd, ret.buf.formatted.name, len) != len)
goto close_and_ret;
@@ -120,18 +157,18 @@ close_and_ret:
warn("%s: GNU extended filename without special data section", ar->filename);
goto close_and_ret;
}
- s = ar->extfn + atoi(s + 1);
+ s = ar->extfn + read_decimal_number(s + 1, sizeof(ret.buf.formatted.name) - 1);
}
snprintf(ret.name, sizeof(ret.name), "%s:%s", ar->filename, s);
ret.name[sizeof(ret.name) - 1] = '\0';
if ((s=strchr(ret.name+strlen(ar->filename), '/')) != NULL)
*s = '\0';
- ret.date = atoi(ret.buf.formatted.date);
- ret.uid = atoi(ret.buf.formatted.uid);
- ret.gid = atoi(ret.buf.formatted.gid);
- ret.mode = strtol(ret.buf.formatted.mode, NULL, 8);
- ret.size = atoi(ret.buf.formatted.size);
+ ret.date = read_decimal_number_fixed(ret.buf.formatted.date);
+ ret.uid = read_decimal_number_fixed(ret.buf.formatted.uid);
+ ret.gid = read_decimal_number_fixed(ret.buf.formatted.gid);
+ ret.mode = read_octal_number_fixed(ret.buf.formatted.mode);
+ ret.size = read_decimal_number_fixed(ret.buf.formatted.size);
ar->skip = ret.size - len;
return &ret;
next reply other threads:[~2024-01-25 4:44 UTC|newest]
Thread overview: 253+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-25 4:44 Mike Frysinger [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-09-22 4:33 [gentoo-commits] proj/pax-utils:master commit in: / Sam James
2024-09-22 4:30 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:06 Sam James
2024-08-09 10:02 Sam James
2024-07-22 21:07 Mike Gilbert
2024-07-22 20:08 Mike Gilbert
2024-01-25 6:52 Mike Frysinger
2024-01-25 5:57 Mike Frysinger
2024-01-25 5:57 Mike Frysinger
2024-01-25 5:36 Mike Frysinger
2024-01-25 5:21 Mike Frysinger
2024-01-25 5:06 Mike Frysinger
2024-01-25 5:06 Mike Frysinger
2024-01-25 2:53 Mike Frysinger
2024-01-25 2:53 Mike Frysinger
2024-01-25 2:53 Mike Frysinger
2024-01-25 2:14 Mike Frysinger
2024-01-24 22:53 Mike Frysinger
2024-01-24 22:15 Mike Frysinger
2024-01-24 15:44 Mike Frysinger
2024-01-16 5:13 Mike Frysinger
2024-01-16 5:13 Mike Frysinger
2024-01-10 8:05 Mike Frysinger
2024-01-10 8:02 Mike Frysinger
2024-01-10 8:02 Mike Frysinger
2024-01-10 7:58 Mike Frysinger
2024-01-02 18:03 Mike Frysinger
2024-01-02 18:03 Mike Frysinger
2024-01-02 18:03 Mike Frysinger
2024-01-02 18:03 Mike Frysinger
2024-01-02 16:28 Mike Frysinger
2024-01-01 15:43 Mike Frysinger
2024-01-01 15:43 Mike Frysinger
2023-12-22 5:31 Mike Frysinger
2023-12-22 5:31 Mike Frysinger
2023-12-22 5:31 Mike Frysinger
2023-12-22 2:31 Mike Frysinger
2023-12-22 2:31 Mike Frysinger
2023-12-22 2:31 Mike Frysinger
2023-12-14 21:28 Mike Frysinger
2023-12-14 21:28 Mike Frysinger
2023-12-14 19:57 Mike Frysinger
2023-11-23 13:31 Sam James
2023-02-13 5:26 Sam James
2023-02-13 5:26 Sam James
2023-01-29 5:56 Sam James
2023-01-29 5:56 Sam James
2023-01-29 5:56 Sam James
2023-01-29 3:41 Sam James
2023-01-29 3:36 Sam James
2023-01-29 3:36 Sam James
2023-01-26 21:46 Sam James
2023-01-06 7:15 Sam James
2022-09-28 7:42 Mike Frysinger
2022-09-28 7:42 Mike Frysinger
2022-09-28 7:42 Mike Frysinger
2022-09-28 7:42 Mike Frysinger
2022-09-28 7:42 Mike Frysinger
2022-09-28 7:42 Mike Frysinger
2022-09-28 7:42 Mike Frysinger
2022-09-21 8:28 Mike Frysinger
2022-09-21 8:26 Mike Frysinger
2022-09-21 8:20 Mike Frysinger
2022-07-31 4:56 Sam James
2022-07-12 6:33 Sam James
2022-07-12 6:33 Sam James
2022-04-25 1:20 WANG Xuerui
2022-03-24 15:42 Sam James
2022-03-09 8:01 Mike Frysinger
2022-02-07 7:18 Fabian Groffen
2022-01-23 2:47 Mike Frysinger
2021-12-24 1:45 Sam James
2021-12-17 5:19 Mike Frysinger
2021-10-17 5:15 Mike Frysinger
2021-10-05 1:05 Mike Frysinger
2021-10-04 22:05 Mike Frysinger
2021-09-20 4:51 Sam James
2021-07-22 21:31 Sergei Trofimovich
2021-07-22 21:16 Sergei Trofimovich
2021-07-02 22:04 Sergei Trofimovich
2021-06-10 7:07 Sergei Trofimovich
2021-06-10 7:02 Sergei Trofimovich
2021-04-19 4:58 Mike Frysinger
2021-04-18 18:29 Mike Frysinger
2021-04-17 5:39 Mike Frysinger
2021-04-17 5:39 Mike Frysinger
2021-04-17 0:38 Mike Frysinger
2021-04-16 19:26 Mike Frysinger
2021-04-16 19:26 Mike Frysinger
2021-04-16 19:26 Mike Frysinger
2021-04-16 19:03 Mike Frysinger
2021-04-16 19:03 Mike Frysinger
2021-04-16 15:08 Mike Frysinger
2021-04-16 15:08 Mike Frysinger
2021-04-16 15:08 Mike Frysinger
2021-04-16 3:41 Mike Frysinger
2021-04-16 3:39 Mike Frysinger
2021-04-16 3:39 Mike Frysinger
2021-04-16 1:56 Mike Frysinger
2021-04-16 1:56 Mike Frysinger
2021-04-16 0:48 Mike Frysinger
2021-04-16 0:48 Mike Frysinger
2021-02-26 11:51 Sergei Trofimovich
2021-02-04 18:51 Sergei Trofimovich
2021-02-03 20:41 Sergei Trofimovich
2021-02-03 20:17 Sergei Trofimovich
2021-02-03 19:46 Sergei Trofimovich
2021-01-01 14:08 Fabian Groffen
2021-01-01 14:08 Fabian Groffen
2020-12-20 19:53 Sergei Trofimovich
2020-10-05 17:46 Sergei Trofimovich
2020-08-14 22:17 Sergei Trofimovich
2020-04-13 10:41 Sergei Trofimovich
2020-04-06 18:00 Sergei Trofimovich
2020-03-26 19:27 Mike Frysinger
2020-03-26 17:09 Mike Frysinger
2020-03-26 17:09 Mike Frysinger
2020-03-19 0:00 Sergei Trofimovich
2020-03-18 23:39 Sergei Trofimovich
2020-02-16 10:57 Sergei Trofimovich
2020-02-16 10:50 Sergei Trofimovich
2020-02-16 10:48 Sergei Trofimovich
2020-02-16 10:17 Sergei Trofimovich
2019-01-14 22:53 Sergei Trofimovich
2018-11-19 22:20 Sergei Trofimovich
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 14:09 Mike Frysinger
2018-06-07 4:44 Mike Frysinger
2018-06-07 4:44 Mike Frysinger
2018-06-07 4:44 Mike Frysinger
2018-02-24 10:16 Sergei Trofimovich
2017-09-18 9:27 Fabian Groffen
2017-09-18 9:27 Fabian Groffen
2017-09-18 7:06 Fabian Groffen
2017-03-14 7:19 Mike Frysinger
2017-02-16 21:24 Mike Frysinger
2017-02-16 21:24 Mike Frysinger
2017-02-16 21:24 Mike Frysinger
2017-02-11 7:06 Mike Frysinger
2017-02-01 23:08 Mike Frysinger
2017-02-01 23:08 Mike Frysinger
2017-02-01 23:08 Mike Frysinger
2017-01-24 20:39 Mike Frysinger
2017-01-24 20:39 Mike Frysinger
2017-01-24 6:50 Mike Frysinger
2017-01-24 6:50 Mike Frysinger
2017-01-24 6:50 Mike Frysinger
2017-01-24 6:50 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2017-01-22 17:59 Mike Frysinger
2016-11-27 3:43 Mike Frysinger
2016-11-15 4:02 Mike Frysinger
2016-11-15 4:02 Mike Frysinger
2016-11-14 14:57 Mike Frysinger
2016-11-12 7:15 Mike Frysinger
2016-11-12 7:15 Mike Frysinger
2016-11-12 7:15 Mike Frysinger
2016-11-12 7:15 Mike Frysinger
2016-11-12 7:15 Mike Frysinger
2016-11-12 7:15 Mike Frysinger
2016-11-08 20:47 Mike Gilbert
2016-06-20 17:46 Mike Frysinger
2016-06-20 4:03 Mike Frysinger
2016-06-20 4:03 Mike Frysinger
2016-06-20 3:22 Mike Frysinger
2016-06-20 3:22 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-06-20 3:08 Mike Frysinger
2016-05-31 22:27 Mike Frysinger
2016-03-03 21:15 Mike Frysinger
2016-02-10 19:41 Mike Frysinger
2016-02-10 18:54 Mike Frysinger
2016-01-28 22:42 Mike Frysinger
2016-01-03 22:23 Mike Frysinger
2016-01-03 22:23 Mike Frysinger
2016-01-03 22:01 Mike Frysinger
2016-01-02 15:26 Mike Frysinger
2016-01-02 3:52 Mike Frysinger
2015-12-19 19:41 Mike Frysinger
2015-12-17 3:24 Mike Frysinger
2015-12-17 3:24 Mike Frysinger
2015-12-17 3:24 Mike Frysinger
2015-12-17 3:24 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-12-12 22:45 Mike Frysinger
2015-11-26 8:43 Mike Frysinger
2015-10-26 4:35 Mike Frysinger
2015-10-08 20:31 Mike Frysinger
2015-09-19 6:27 Mike Frysinger
2015-09-19 6:27 Mike Frysinger
2015-09-12 4:17 Mike Frysinger
2015-08-28 0:33 Mike Frysinger
2015-08-26 6:29 Mike Frysinger
2015-08-24 21:22 Mike Frysinger
2015-08-24 21:22 Mike Frysinger
2015-08-24 21:22 Mike Frysinger
2015-08-20 14:39 Mike Frysinger
2015-08-20 14:39 Mike Frysinger
2015-08-20 14:39 Mike Frysinger
2015-08-20 14:33 Mike Frysinger
2015-08-20 14:33 Mike Frysinger
2015-08-20 13:32 Mike Frysinger
2015-08-18 15:56 Mike Frysinger
2015-08-18 15:35 Mike Frysinger
2015-08-18 15:35 Mike Frysinger
2015-08-18 14:39 Mike Frysinger
2015-08-18 14:38 Mike Frysinger
2015-07-13 9:14 Mike Frysinger
2015-07-13 9:14 Mike Frysinger
2015-07-13 9:14 Mike Frysinger
2015-05-24 3:22 Mike Frysinger
2015-03-29 20:07 Mike Frysinger
2015-03-29 20:07 Mike Frysinger
2015-03-29 20:07 Mike Frysinger
2015-03-10 5:31 Mike Frysinger
2015-03-10 5:31 Mike Frysinger
2015-03-10 4:19 Mike Frysinger
2015-03-10 3:36 Mike Frysinger
2015-03-06 11:52 Mike Frysinger
2015-03-04 22:35 Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1706157220.5b5556d12b96dd2d420e0d66456f1935668b3984.vapier@gentoo \
--to=vapier@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox