blob: f19a53da23cf50a2014d62e64bc3e4b51e483a50 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
|
#!/bin/sh
# Copyright 2009 by Denys Vlasenko
# Licensed under GPLv2, see file LICENSE in this source tree.
. ./testing.sh
unset LANG
unset LANGUAGE
unset LC_COLLATE
unset LC_ALL
umask 022
rm -rf tar.tempdir 2>/dev/null
mkdir tar.tempdir && cd tar.tempdir || exit 1
# testing "test name" "script" "expected result" "file input" "stdin"
testing "Empty file is not a tarball" '\
tar xvf - 2>&1; echo $?
' "\
tar: short read
1
" \
"" ""
SKIP=
optional FEATURE_SEAMLESS_GZ GUNZIP
# In NOMMU case, "invalid magic" message comes from gunzip child process.
# Otherwise, it comes from tar.
# Need to fix output up to avoid false positive.
testing "Empty file is not a tarball.tar.gz" '\
{ tar xvzf - 2>&1; echo $?; } | grep -Fv "invalid magic"
' "\
tar: short read
1
" \
"" ""
SKIP=
testing "Two zeroed blocks is a ('truncated') empty tarball" '\
dd if=/dev/zero bs=512 count=2 2>/dev/null | tar xvf - 2>&1; echo $?
' "\
0
" \
"" ""
SKIP=
testing "Twenty zeroed blocks is an empty tarball" '\
dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $?
' "\
0
" \
"" ""
SKIP=
# "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input":
# GNU tar 1.26 records as hardlinks:
# input_hard2 -> input_hard1
# input_hard1 -> input_hard1 (!!!)
# input_dir/file -> input_dir/file
# input -> input
# As of 1.24.0, we don't record last two: for them, nlink==1
# and we check for "hardlink"ness only files with nlink!=1
# We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing.
optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
testing "tar hardlinks and repeated files" '\
rm -rf input_* test.tar 2>/dev/null
>input_hard1
ln input_hard1 input_hard2
mkdir input_dir
>input_dir/file
chmod -R 644 *
chmod 755 input_dir
tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input
tar tvf test.tar | sed "s/.*[0-9] input/input/"
rm -rf input_dir
tar xf test.tar 2>&1
echo Ok: $?
ls -l . input_dir/* | grep input_ | sed "s/\\(^[^ ]*\\) .* input/\\1 input/"
' "\
input
input_dir/
input_dir/file
input_hard1
input_hard2 -> input_hard1
input_hard1 -> input_hard1
input_dir/
input_dir/file
input
Ok: 0
-rw-r--r-- input_dir/file
drwxr-xr-x input_dir
-rw-r--r-- input_hard1
-rw-r--r-- input_hard2
" \
"" ""
SKIP=
optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
testing "tar hardlinks mode" '\
rm -rf input_* test.tar 2>/dev/null
>input_hard1
chmod 741 input_hard1
ln input_hard1 input_hard2
mkdir input_dir
ln input_hard1 input_dir
ln input_hard2 input_dir
chmod 550 input_dir
# On some filesystems, input_dir/input_hard2 is returned by readdir
# BEFORE input_dir/input_hard1! Thats why we cant just "tar cf ... input_*":
tar cf test.tar input_dir/input_hard* input_hard*
tar tvf test.tar | sed "s/.*[0-9] input/input/"
chmod 770 input_dir
rm -rf input_*
tar xf test.tar 2>&1
echo Ok: $?
ls -l . input_dir/* | grep "input.*hard" | sed "s/\\(^[^ ]*\\) .* input/\\1 input/"
' "\
input_dir/input_hard1
input_dir/input_hard2 -> input_dir/input_hard1
input_hard1 -> input_dir/input_hard1
input_hard2 -> input_dir/input_hard1
Ok: 0
-rwxr----x input_dir/input_hard1
-rwxr----x input_dir/input_hard2
-rwxr----x input_hard1
-rwxr----x input_hard2
" \
"" ""
SKIP=
optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
testing "tar symlinks mode" '\
rm -rf input_* test.tar 2>/dev/null
>input_file
chmod 741 input_file
ln -s input_file input_soft
mkdir input_dir
ln input_file input_dir
ln input_soft input_dir
chmod 550 input_dir
tar cf test.tar input_dir/* input_[fs]*
tar tvf test.tar | sed "s/.*[0-9] input/input/" | sort
chmod 770 input_dir
rm -rf input_*
tar xf test.tar 2>&1
echo Ok: $?
ls -l . input_dir/* | grep "input_[fs]" | sed "s/\\(^[^ ]*\\) .* input/\\1 input/"
' "\
input_dir/input_file
input_dir/input_soft -> input_file
input_file -> input_dir/input_file
input_soft -> input_dir/input_soft
Ok: 0
-rwxr----x input_dir/input_file
lrwxrwxrwx input_file
-rwxr----x input_file
lrwxrwxrwx input_file
" \
"" ""
SKIP=
optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS
testing "tar --overwrite" "\
rm -rf input_* test.tar 2>/dev/null
ln input input_hard
tar cf test.tar input_hard
echo WRONG >input
# --overwrite opens 'input_hard' without unlinking,
# thus 'input_hard' still linked to 'input' and we write 'Ok' into it
tar xf test.tar --overwrite 2>&1 && cat input
" "\
Ok
" \
"Ok\n" ""
SKIP=
test x"$SKIP_KNOWN_BUGS" = x"" && {
# Needs to be run under non-root for meaningful test
optional FEATURE_TAR_CREATE
testing "tar writing into read-only dir" '\
rm -rf input_* test.tar 2>/dev/null
mkdir input_dir
>input_dir/input_file
chmod 550 input_dir
tar cf test.tar input_dir
tar tvf test.tar | sed "s/.*[0-9] input/input/"
chmod 770 input_dir
rm -rf input_*
tar xf test.tar 2>&1
echo Ok: $?
ls -l input_dir/* . | grep input_ | sed "s/\\(^[^ ]*\\) .* input/\\1 input/"
chmod 770 input_dir
' "\
input_dir/
input_dir/input_file
Ok: 0
-rw-r--r-- input_dir/input_file
dr-xr-x--- input_dir
" \
"" ""
SKIP=
}
# Had a bug where on extract autodetect first "switched off" -z
# and then failed to recognize .tgz extension
optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ
testing "tar extract tgz" "\
dd count=1 bs=1M if=/dev/zero of=F0 2>/dev/null
tar -czf F0.tgz F0
rm F0
tar -xzvf F0.tgz && echo Ok
rm F0 || echo BAD
" "\
F0
Ok
" \
"" ""
SKIP=
# Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)?
# (the uuencoded hello_world.txz contains one empty file named "hello_world")
optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ
testing "tar extract txz" "\
uudecode -o input && tar tf input && echo Ok
" "\
hello_world
Ok
" \
"" "\
begin-base64 644 hello_world.txz
/Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4AX/AEldADQZSe6ODIZQ3rSQ8kAJ
SnMPTX+XWGKW3Yu/Rwqg4Ik5wqgQKgVH97J8yA8IvZ4ahaCQogUNHRkXibr2
Q615wcb2G7fJU49AhWAAAAAAUA8gu9DyXfAAAWWADAAAAB5FXGCxxGf7AgAA
AAAEWVo=
====
"
SKIP=
# On extract, everything up to and including last ".." component is stripped
optional FEATURE_TAR_CREATE
testing "tar strips /../ on extract" "\
rm -rf input_* test.tar 2>/dev/null
mkdir input_dir
echo Ok >input_dir/file
tar cf test.tar ./../tar.tempdir/input_dir/../input_dir 2>&1
rm -rf input_* 2>/dev/null
tar -vxf test.tar 2>&1
cat input_dir/file 2>&1
" "\
tar: removing leading './../tar.tempdir/input_dir/../' from member names
input_dir/
input_dir/file
Ok
" \
"" ""
SKIP=
# attack.tar.bz2 has symlink pointing to a system file
# followed by a regular file with the same name
# containing "root::0:0::/root:/bin/sh":
# lrwxrwxrwx root/root passwd -> /tmp/passwd
# -rw-r--r-- root/root passwd
# naive tar implementation may end up creating the symlink
# and then writing into it.
# The correct implementation unlinks target before
# creating the second file.
# We test that /tmp/passwd remains empty:
optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
testing "tar does not extract into symlinks" "\
>>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
" "\
0
" \
"" "\
begin-base64 644 attack.tar.bz2
QlpoOTFBWSZTWRVn/bIAAKt7hMqwAEBAAP2QAhB0Y96AAACACCAAlISgpqe0
po0DIaDynqAkpDRP1ANAhiYNSPR8VchKhAz0AK59+DA6FcMKBggOARIJdVHL
DGllrjs20ATUgR1HmccBX3EhoMnpMJaNyggmxgLDMz54lBnBTJO/1L1lbMS4
l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
====
"
SKIP=
# And same with -k
optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
testing "tar -k does not extract into symlinks" "\
>>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
" "\
tar: can't open 'passwd': File exists
0
" \
"" "\
begin-base64 644 attack.tar.bz2
QlpoOTFBWSZTWRVn/bIAAKt7hMqwAEBAAP2QAhB0Y96AAACACCAAlISgpqe0
po0DIaDynqAkpDRP1ANAhiYNSPR8VchKhAz0AK59+DA6FcMKBggOARIJdVHL
DGllrjs20ATUgR1HmccBX3EhoMnpMJaNyggmxgLDMz54lBnBTJO/1L1lbMS4
l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
====
"
SKIP=
cd .. && rm -rf tar.tempdir || exit 1
exit $FAILCOUNT
|