aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-08-14Add a test case for the path traversal bugDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-08-12Fix symlink path traversal in rdsqaushfsDavid Oberhollenzer
If rdsquashfs unpacks a directory tree that contains a symlink, followed by something else with the exact same name, it will follow the symlink and can be tricked into writing to an arbitrary filesystem location controlled by the SquashFS image. Because there might actually be a reasonable use case, where an image is unpacked into an directory existing directory tree, with symlinks that should be followed, this is solved as follows: - Before unpacking, recursively sort the directory by filename. - FAIL if (after sorting) two consequtive entries at the same hierarchy level have the same name. This solution is more generic and prevents the unpacker from accessing the same thing twice in generall, thus also excluding the symlink issue. Hardlinks are already unfolded into duplicate tree nodes by the tree reader (with loop detection) so that should not prompt further issues. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-08-12Add an explicit license boiler plate to all the example programsDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-08-12Add a simple example to show how to extract a single text fileLuca Boccassi
Licensed under 0BSD: https://opensource.org/licenses/0BSD Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
2021-08-12Replace format.txt with an asciidoc versionZachary Dremann
2021-08-12Strip space from first column of format.txtZachary Dremann
This is to allow git to recognize that format.txt "moves" to format.adoc in the next commit (with -M20, at least), which should allow easier comparison for what has changed (and more importantly, what hasn't) in converting to asciidoc. For instance, doing the diff with the following options: ``` -M20 --ignore-all-space --word-diff ```
2021-08-12Documentation: fix back reference to data block sectonDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-07-21Fix libsquashfs directory writer size accountingDavid Oberhollenzer
The squashfs readdir() implementation in the Linux kernel returns non-existing "." and ".." entries for offsets 0 and 1, and after that reads from disk. For convenience, it was decided to store an off-by-3 value on disk instead of doing complex primary school math to adjust for this. This didn't show up until now, because the kernel implementation trusts the value from the directory header more than the actual size in the inode and happily reads 3 more than the inode would allow it to. This only showed up with 7-zip which subtracts 3 from the size and expects the result to be exact and bails if the directory headers suggest otherwise. And yes, I did consider making a "Holy Hand Granade of Antioch" reference, but consciously decided not to. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-07-21Add a separate architecture/structure writeupDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-07-09ABI test: add sizes/layouts of structures likely to be expandedDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-07-09Bump package scriptsDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-07-09tar2sqfs: Fix integer truncation issue when appending data to a tarballDavid Oberhollenzer
The data is processed 2G at a time to avoid this exact issue, but the check was skipped on 64 bit systems, since the function *used to* use size_t instead of sqfs_u32. This commit removes the second check. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-07-09Fix printf format specifiers used for generating tarballsDavid Oberhollenzer
When processing files > 4G, using "%o" truncates the result and the tarball is not readable. This should have been discovered when auto-patching the printf format specifiers, but a cast was added instead and the issue was overlooked. This commit replaces the down-cast and printf format specifiers. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25Release version 1.1.2v1.1.2David Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25Update CHANGELOG.mdDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25Add a somewhat more extensive tar2sqfs test scriptDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25libfstream: sanity check the buffer size in the gzip stream compressorDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25Fix format string type/signedness mismatch issuesDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25Add default cases for every switch blockDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25Remove casual un-const casting in various placesDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25libutil: cleanup alignment trickery in mempoolDavid Oberhollenzer
- Store the return value of the page allocation directly into the pool variable instead of an intermediate unsigned char pointer. - Make the blob[] array the same type as the bitmap, this saves us manual alignment trickery. - Cleanup the pointer arithmetic, let the compiler do the sizeof() multiplication. - Use uintptr_t for the manual alignment of the data pointer, so we don't run into signdness problems there. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25libsquashfs: get rid of potentially unaligned access and VLAsDavid Oberhollenzer
The same problem with the meta data header again, 16 bit read from a buffer: copy the buffer data into a 16 bit variable instead of casting to something potentially unaligned. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25libcommon: remove potentially un-aligned access in LZO compressorDavid Oberhollenzer
When accessing the 16 bit header, don't cast the buffer pointer to an uint16_t pointer, the result might not be aligned propperly. Instead memcpy to and from an uint16_t. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25libfstree: guard against possible overflow in readlink()David Oberhollenzer
*in theory*, say on a 32 bit system, we could have a 32 bit size_t and a 64 bit off_t. If the filesystem permitted this, we *could* then have a symlink with a target > 4G. Or the target is exacetely 4G, but adding a null-terminator could exceed addressable memory. This commit adds a check to guard against such an overflow and throw an error, instead of silently wrapping around. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25libfstree: guard against link count and inode number overflowDavid Oberhollenzer
If the hard link counter or the inode number counter overflow the maximum representable value (for SquashFS 16 bit and 32 bit respecitively), abort with an error message. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25libfstream: guard against potential integer overflowsDavid Oberhollenzer
The differen compressor libraries use differnt integer types to tally the buffer sizes. The libfstream library uses size_t, which may be bigger than the actualy types, potentially causing an overflow if trying to compress to much at once. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25libfstream: Add printf format specifier attributeDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25Turn on more compiler warningsDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-24Travis-ci: move FreeBSD pkg addons to FreeBSD target sectionDavid Oberhollenzer
Apparentyl it bricks *some* of the GNU/Linux builds, plus MacOS X that get stuck at a password prompt. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-24Switch travis-ci.org links in README.md to travis-ci.comDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-24Try to add a FreeBSD target to the travis-ci config fileDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-23Fix: add missing zlib to fstream if using the builtin oneDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-23Sign the windows release zip packagesDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-23Add a script to auto-generate release bundlesDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-23Update CHANGELOG.mdDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-20Replace tabs with spaces in format.txtZachary Dremann
2021-06-07Some documentation clarifications and typo fixesDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-07libsquashfs: fix: also preserve alignment flag in block processorDavid Oberhollenzer
Currently, when the block processor aggreagtes fragments into a fragment block, it applies the "don't compress" flag if any of the original framgnets has it set, but the "align to device block" flag is lost. This commit ensures that both flags get applied to the fragment block if set. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-07libsquashfs: fix block alignment if requestedDavid Oberhollenzer
1) If the block alignment flag is set, the padding bytes must be inserted _before_ recording the start position, otherwise the resulting image is not readable. 2) Also perform alignment if the flag is set on a fragment block. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-04Add a test case for concatenated zstd streamsDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-04Add test case for Bzip2 stream concatenation, fix XZ test caseDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-04Fix: allow concatenated Bzip2 streamsDavid Oberhollenzer
This is a followup to dd4e6ead142e58568aec89d76b0b2e867ee983f2. Basically the same problem occours with Bzip2, but it so far it wasn't possible to find a sampel that reproduces it. Unlike libxz, the libbz2 API does not support concatenated streams by itself and will choke when trying to decompress after the stream end, so this commit adds a workaround to simply initialize the decompressor on-the-fly and tear it down again when and end-of-stream is returned. The end-of-file condition is only set when there actually is no more data to read. Otherwise, the decompressor will be re-initialized in the next round. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-05-17Run the zstd stream test unconditionallyDavid Oberhollenzer
Let it run (and fail) even if we don't have zstd support at all, so that the conditional is set propperly. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-05-17Add Automake conditional for zstd stream compression supportDavid Oberhollenzer
In addition to the preprocessor define, use an Automake conditional for optional compilation of the zstd stream tests. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-05-16Use *_MAX to remove need for configure-time type size checksMichael Forney
2021-05-09Add a test case for XZ stream concatenationDavid Oberhollenzer
A modified version of the libfstream XZ stream uncompress test case is added that deliberately chops the compressed data up into two independend XZ streams to test the behaviour where the decompressor has to read across stream boundaries, like those resulting from parallel compression. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-05-09Add a basic de-compressor stream testDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-05-07Patch level release of version 1.1.1v1.1.1David Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-05-06Fix: allow concatenated xz streamsDavid Oberhollenzer
Some xz compressed tarballs (e.g. from kernel.org) are not made up of a single xz stream, but rather contain several, independendly compressed streams. In that case, the xz decompressor hits an LZMA_STREAM_END early on and reports EOF. If you are lucky, the tar reader bails (premature end-of-file). If you are unlucky, it happens exactely between two records and is interpeted as regular end-of-file. As this seems to be a normal use case for xz, it has a flag to just read across the seams and only report end-of-stream if the action is set to finish. This commit adds the flag to the initialization propperly sets the lzma_action depending on whether the underlying stream hit EOF or not. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-04-09Fix: libsquashfs: allow static linking on WindowsDavid Oberhollenzer
If SQFS_STATIC is defined, dummy out the SQFS_API definition, so we don't try to pull stuff from a (in this case) non-existant DLL or try to export functions. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>