Commit Graph

21 Commits

Author SHA1 Message Date
Natanael Copa
6ef57910ab abuild-tar: improve invalid opt handling
make sure we always print usage help text if we have an invalid option.

fixes https://gitlab.alpinelinux.org/alpine/abuild/-/issues/10101
2023-04-17 13:01:05 +02:00
Samanta Navarro
f8208aded0 abuild-tar: do not read past corrupt tar header
The abuild-tar binary can read past the end of an invalid tar header if
the contained link name does not end with a terminating NUL character.
In this case it reads past the end of hdr.linkname and maybe even past
the end of the header if no further NUL bytes are contained.

The strnlen function is used in apk-tools for such cases as well, so I
recommend to use it here too.

How to reproduce (compile abuild-tar with -fsanitize=address):

cat > poc.tar.b64 << EOF
b3dvAAAAAAAAAAADAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAwMDAwMDAAMDAwMDAw
MAAwMDAwMDAwADAwMDAwMDAwMDAwADAwMDAwMDAwMDAwADAwMDAwMAAAMm93b29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29v
b29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb29vb28=
EOF
base64 -d < poc.tar.b64 | abuild-tar --hash
2022-11-30 13:16:19 +00:00
Natanael Copa
8a16229d3e abuild-tar: fix --help and add test for usage 2022-11-30 12:00:09 +01:00
Samanta Navarro
f2ab775123 abuild: avoid calculations with void pointers
Arithmetic operations with void pointers are an extension by some
compilers and not part of the C standard, which does not specify the
size of void.

CFLAGS with -pedantic reveals this during compile time. I have adjusted
the usage of ?: so CFLAGS can contain -pedantic now.
2021-10-11 18:34:27 +00:00
Natanael Copa
272c1e4780 abuild-tar: load engines on openssl < 3 2021-09-21 11:29:13 +02:00
Ariadne Conill
a590096e30 abuild-tar: remove openssl engine registration, deprecated in OpenSSL 3 2021-09-20 10:02:26 -06:00
Natanael Copa
a40c5de0ca abuild-tar: fix varioius compiler warnings
fix return value for usage text

fix digest to be unsigned char buffer
2020-07-06 10:59:56 +00:00
Kuichi Fujiwara
6069975f21 Fix integer signedness mismatch on x86_64
Root cause of a malloc() failure when processing large files (>2GB) in an archive.
2020-07-06 10:06:57 +00:00
Natanael Copa
5a273edf4d abuild-tar: improve portability
splice is a linux thing.
2016-05-20 10:19:08 +02:00
Timo Teräs
002894dfa7 abuild-tar: add missing includes 2015-10-06 14:01:47 +03:00
Andrew Wilcox
34ff603758 abuild-tar: Initialise memory before use 2015-10-06 14:00:55 +03:00
Timo Teräs
248e9bb408 abuild-tar: write checksum to extended header 2015-04-08 10:52:34 +03:00
Dubiousjim
3417b45a1b abuild-sudo, abuild-tar: cosmetic changes 2013-07-08 14:47:39 +00:00
Natanael Copa
1ccf8652da Revert "abuild-tar: embed checksum for symlinks"
Tar could not handle the headers.

This reverts parts of commit 8b1a53011b.
Keep the usage fixes.
2009-08-17 12:07:00 +00:00
Timo Teras
8b1a53011b abuild-tar: embed checksum for symlinks
and relocate the place of the symlink in tar header, as symlink
use the linkname field. now it's split to devmajor, devminor and
padding fields.
2009-08-11 19:56:11 +03:00
Natanael Copa
3dc07fb7e4 abuild-tar: fix total counter for splice 2009-07-21 09:36:15 +00:00
Timo Teras
43f32cdeef abuild-tar: fix splice arguments 2009-07-21 12:32:25 +03:00
Timo Teras
ed2733c65b abuild-tar: fix help message 2009-07-21 12:30:34 +03:00
Natanael Copa
b6e9ee2474 abuild-tar: fix for full_read(), full_write() 2009-07-20 17:41:04 +00:00
Timo Teras
bd9be35c92 abuild-tar: rename cutting option to --cut, full_{read,write,splice} 2009-07-20 12:59:31 +03:00
Timo Teras
f22114748d abuild-tar: new utility to mangle tar files
- ability to embed an checksum inside the tar header for regular
  files (to avoid checksumming at apk installation time)
- way to remove the end-of-archive marker to create concenatable
  .tar.gz:s for signed apks
2009-07-16 12:03:26 +03:00