Age | Commit message (Collapse) | Author |
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
If rdsquashfs unpacks a directory tree that contains a symlink,
followed by something else with the exact same name, it will
follow the symlink and can be tricked into writing to an
arbitrary filesystem location controlled by the SquashFS image.
Because there might actually be a reasonable use case, where an
image is unpacked into an directory existing directory tree, with
symlinks that should be followed, this is solved as follows:
- Before unpacking, recursively sort the directory by filename.
- FAIL if (after sorting) two consequtive entries at the same
hierarchy level have the same name.
This solution is more generic and prevents the unpacker from accessing
the same thing twice in generall, thus also excluding the symlink issue.
Hardlinks are already unfolded into duplicate tree nodes by the tree
reader (with loop detection) so that should not prompt further issues.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The squashfs readdir() implementation in the Linux kernel returns
non-existing "." and ".." entries for offsets 0 and 1, and after
that reads from disk. For convenience, it was decided to store an
off-by-3 value on disk instead of doing complex primary school math
to adjust for this. This didn't show up until now, because the kernel
implementation trusts the value from the directory header more than
the actual size in the inode and happily reads 3 more than the inode
would allow it to. This only showed up with 7-zip which subtracts 3
from the size and expects the result to be exact and bails if the
directory headers suggest otherwise.
And yes, I did consider making a "Holy Hand Granade of Antioch"
reference, but consciously decided not to.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
When processing files > 4G, using "%o" truncates the result and the
tarball is not readable. This should have been discovered when
auto-patching the printf format specifiers, but a cast was added
instead and the issue was overlooked.
This commit replaces the down-cast and printf format specifiers.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The same problem with the meta data header again, 16 bit read from
a buffer: copy the buffer data into a 16 bit variable instead of
casting to something potentially unaligned.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
When accessing the 16 bit header, don't cast the buffer pointer to an
uint16_t pointer, the result might not be aligned propperly. Instead
memcpy to and from an uint16_t.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
If the hard link counter or the inode number counter overflow the
maximum representable value (for SquashFS 16 bit and 32 bit
respecitively), abort with an error message.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
If SQFS_STATIC is defined, dummy out the SQFS_API definition, so we
don't try to pull stuff from a (in this case) non-existant DLL or
try to export functions.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
On systems like Windows, the dynamic library and applications can
easily end up being linked against different runtime libraries, so
applications cannot be expected to be able to free() any malloc'd
pointer that the library returns.
This commit adds an sqfs_free function so the application can pass
pointers back to the library to call the correct free() implementation.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Currently, when the block processor aggreagtes fragments into a
fragment block, it applies the "don't compress" flag if any of the
original framgnets has it set, but the "align to device block" flag
is lost.
This commit ensures that both flags get applied to the fragment block
if set.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
1) If the block alignment flag is set, the padding bytes must be
inserted _before_ recording the start position, otherwise the
resulting image is not readable.
2) Also perform alignment if the flag is set on a fragment block.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The changes from commit 5191a25b92f903bcc2142be7ea1bfbe5ea1f5096
are backported here in a separate commit since master had some
restructuring of libcommon.a after version 1.0.2 and the commit
cannot be rebased directly.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This commit is an amalgamation of the commits on master that
implement exact matching of fragment blocks during deduplication.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Instead of comparing (compresed, disk-size, checksum) tuples to find
block matches, do an exact, byte-for-byte comparison of the data
stored on disk to avoid the possibility of a spurious colision.
Since this is the desired behaviour, make it the default, optionally
overrideable through a flag.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Keeping a list of fragments stored away in the current fragment block
and consolidating them in the thread pool takes them out of circulation.
If we have a lot of tiny fragments, this can lead to a situation where
all the limit is reached, but we cannot do anything, because we are
waiting for a block to complete, but they are all attached to the
current fragment block and the queue is empty.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
It looks like the last commit missed a couple more occurences
where '\' was treated incorrectly.
Fixes were still needed in sqfs_dir_reader_find_by_path and
sqfs_dir_reader_get_full_hierarchy.
This path is used in extras/browse.c.
|
|
All paths were canonicalized internally, which includes filtering
sequences of slashes and converting backslashes to slashes.
Furthermore, when unpacking files, filenames are sanity checked
and rejected if they contain forward OR backward slashes.
This is a problem on Unix-like systems, where files containing
backslashes are a legitimate use case (*cough* SystemD *cough*).
This patch removes the backslash conversion from the canonicalization
and modifies the sanity check to reject backslashes only on Windows.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Instead of dereferencing the NULL pointer and crashing.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
In addition to skipping non-prefixed files and stripping the prefix
off of entries we accept, the targets of links also have to be altered,
since they can be absolute paths with the root prefix attached.
This can affect symbolic links as well. Altough they are allowed to
point into nowhere, across filesystem boundaries, they may also be
absolute paths refering to existing locations in the filesystem, so
no distinction is made by default.
However, the later may be intended (e.g. only a subdirectory is packed
into SquashFS and then mounted at that location), so a command line
switch is added to disable symlink retargetting.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
If rdsquashfs describes a filesystem, is configured to use a prefix-path
and a file contains a space, the resulting input path has the prefix
printed as is and the rest of the string in quotation marks.
gensquashfs simply takes the entire rest of the line as is as its
input path and no longer finds the file.
Fix this by omitting the escapes and quotation marks for the
input path.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
- Make sure the file actually has that many records before trying
to read one and fail if not.
- Use the helper macros for size_t overflow checking instead of
assuming size_t == uint64_t.
- Impose a "reasonable" upper bound on the number of data segments
and insist that there is at least one entry.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
This commit removes the existing tar test cases that simply call the
generic test case function with several different paths with generic
test case source files that are parameneterized via the pro-processor.
For each tar archive, a separate test case is generated.
On the one hand, this reduces the test source code to practically
nothing. On the other hand, a test binary is generated for every
distinct test case, instead of one per group and we get more detailed
insights if something goes wrong.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Many of the patterns tested are very repetetive. This commit moves the
two common test cases out into helper functions and uses them for
the test cases.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Contrary to previous claims, support for the GNU tar sparse format 1.0
was missing entirely (the newest of their 3 different sparse mapping
formats). This oversight wasn't caught, because the unit test was
compiling the wrong source file and tar2sqfs had no problem processing
the test file because it is still a valid POSIX-ish tar archive (but
the sparse part was missing and the mapping embedded in the file).
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
Behave the same way as the POSIX port and do not treat
that as an error.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|
|
The function sqfs_tree_node_get_path is used in several places within
rdsquashfs to produce a path for a tree node, either when describing
the file system, or when unpacking it. Unpacking can be done on
sub-trees as well as the entire tree, in which case the root of the
sub-tree has its parent pointer removed, so the full path terminates
at the new root.
This works with directories, since they receive special case handling
anyway, but fails if the sub-tree to unpack is only a single file
because the sqfs_tree_node_get_path function assumes that we are at the
tree root and returns "/" as a path, which gets normalized to "".
This commit adds a workaround to the function to simply use the nodes
name (if available) in that case instead.
The describe case in rdsquashfs is unaffacted, since it always starts
at the root. Likewise, the sqfs2tar case should also be unaffacted,
since it already employs special case handling for the [sub] tree root
node.
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
|