summaryrefslogtreecommitdiff
path: root/bin
AgeCommit message (Collapse)Author
2021-08-14Fix symlink path traversal in rdsqaushfsDavid Oberhollenzer
If rdsquashfs unpacks a directory tree that contains a symlink, followed by something else with the exact same name, it will follow the symlink and can be tricked into writing to an arbitrary filesystem location controlled by the SquashFS image. Because there might actually be a reasonable use case, where an image is unpacked into an directory existing directory tree, with symlinks that should be followed, this is solved as follows: - Before unpacking, recursively sort the directory by filename. - FAIL if (after sorting) two consequtive entries at the same hierarchy level have the same name. This solution is more generic and prevents the unpacker from accessing the same thing twice in generall, thus also excluding the symlink issue. Hardlinks are already unfolded into duplicate tree nodes by the tree reader (with loop detection) so that should not prompt further issues. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25Fix format string type/signedness mismatch issuesDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-25Add default cases for every switch blockDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2021-06-07Fix: libsquashfs: add sqfs_free() functionDavid Oberhollenzer
On systems like Windows, the dynamic library and applications can easily end up being linked against different runtime libraries, so applications cannot be expected to be able to free() any malloc'd pointer that the library returns. This commit adds an sqfs_free function so the application can pass pointers back to the library to call the correct free() implementation. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-10-31Fix: tar2sqfs: if --root-becomes is used, also retarget linksDavid Oberhollenzer
In addition to skipping non-prefixed files and stripping the prefix off of entries we accept, the targets of links also have to be altered, since they can be absolute paths with the root prefix attached. This can affect symbolic links as well. Altough they are allowed to point into nowhere, across filesystem boundaries, they may also be absolute paths refering to existing locations in the filesystem, so no distinction is made by default. However, the later may be intended (e.g. only a subdirectory is packed into SquashFS and then mounted at that location), so a command line switch is added to disable symlink retargetting. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-09-29Fix: rdsquashfs: describe: don't escape the prefixed file input pathDavid Oberhollenzer
If rdsquashfs describes a filesystem, is configured to use a prefix-path and a file contains a space, the resulting input path has the prefix printed as is and the rest of the string in quotation marks. gensquashfs simply takes the entire rest of the line as is as its input path and no longer finds the file. Fix this by omitting the escapes and quotation marks for the input path. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-09-24Fix: tar2sqfs: when skipping non-prefixed files, also skip contentsDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-09-24Fix: tar2sqfs: don't touch the path after determining it is brokenDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-08-26Fix rdsquashfs unpack under Windows if a directory existsDavid Oberhollenzer
Behave the same way as the POSIX port and do not treat that as an error. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-08-12Add a "--stat" option to rdsquashfsDavid Oberhollenzer
This commit adds a --stat option to rdsquashfs that dumps a lot of information about and inode that tunred out to be usefull in debugging. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-06-11Add flags to functions that might logically be expanded in the futureDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-06-07Replace assert with propper error handling in rdsquashfs describeDavid Oberhollenzer
If a SquashFS archive contains file names with '..', '/' or similar nonsense in them, the unpacking code already refuses to process them, but the 'describe' code path simply triggers an assert that might not be there if the binary was compiled with NDEBUG defined. This commit replaces the assert with propper error handling that also reports on why things are failing and adds an additional check in the describe_tree function that tests if the file name is sane. Reported-by: Zachary Dremann <dremann@gmail.com> Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-06-02tar2sqfs: add missing copyright headerDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-30Fix: Only add Selinux flags if WITH_SELINUX is setDavid Oberhollenzer
On a current Fedora 31, when cross compiling with mingw, pkg config manages to find the Selinux library, but not the header. The configure script disables WITH_SELINUX, but the library variable is still set, causing a linker error further down the line. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-30sqfs2tar: Move hard link detection to tree-repacking codeDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-30Cleanup: sqfs2tar: break up and simplify the repacking codeDavid Oberhollenzer
- Move the xattr extraction and repacking to xattr.c - Don't on-the-fly delete the tar xattr list, use the function from libtar.a - Split minor tasks into static helper functions - creating a libtar xattr struct from libsqfs xattr data - finding a hard link entry from current path and inode number Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-30Cleanup: Reorganize structure of Automake filesDavid Oberhollenzer
- Split up the huge file in bin/ into one small file per sub directory - Remove the stub in doc/ Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-30Cleanup: move man pages to the respective program source directoriesDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-30Cleanup: try to split tar2sqfs.c in a reasonable wayDavid Oberhollenzer
This commit breaks tar2sqfs.c into multiple files: - options.c contains the command line argument processing - process_tarball.c contains the main tar repacking code - tar2sqfs.c contains what is left (the main function) - A header is added for gluing it all together. No actual code is changed. The tar repacking code is slightly modified to pass the sqfs writer and input file pointer around as argument rather than using a global variable. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-30Cleanup: try to split sqfs2tar.c in a reasonable wayDavid Oberhollenzer
This comit breaks sqfs2tar into multiple files: - options.c contains the command line argument processing - write_tree.c contains the code for generating the actual tar archive - sqfs2tar.c contains what is left - A header is added for glueing it all together. No actual code is changed. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-26sqfsdiff: extract compressor options, but don't fail on errorDavid Oberhollenzer
This commit modifies sqfsdiff to extract the compressor options from the squashfs image and store them in a compressor configuration if possible. The failure path is modified to *not* burst into flames on error, because those options are not required by any compressor to read data from the disk and pretty much every vendor modifed SquashFS has messed with those to the point that they cannot be propperly decoded (or the flag is set and there are no options). Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-21Fix the semantics of the super block deduplicationDavid Oberhollenzer
Its purely informational, but make sure other programs don't print out scary messages that imply the data has been ineficiently. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-03Fix: unify extra argument rejection in tar2sqfs & gensquashfsDavid Oberhollenzer
Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-03Fix: the --all-root option does not take an arugmentDavid Oberhollenzer
Change the "required_argument" to the correct "no_argument". Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-05-03Fix: use 0644 as default permissions when creating filesDavid Oberhollenzer
Until now, when packing or unpacking a SquashFS image, files where created with paranoid permissions (i.e. 0600). The rational behind this was that otherwise, the tools may inadvertently expose secrets, e.g. if a root user packs files that that aren't world readable, such as the /etc/shadows file, but the packed SquashFS image is, we have accidentally leaked this file to other users that can access the newly created SquashFS image. The same line of reasoning also applies when unpacking files. Unfortunately, this breaks a list of other, more common standard use cases (e.g. a build server where the an image is built by a deamon running as user X but then has to be accessed by another deamon running as Y). This commit changes to a more standard approach of using permissive file permissions by default and asking paranoid users to simply use a paranoid umask. For tar2sqfs & gensquashfs this simply means chaning the default permissions in the libsquashfs file implementation. For rdsquashfs on the other hand there is still the use case where the unpacked files get the permissions from the [secret] image, so setting a strict umask is not applicable and changing to permissive file mode leaks something. For this case a second code path needs to be added that derives the permissions from the ones in the image. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-04-27Cleanup/fix: gensquashfs: split directory scanning from xattr scanningDavid Oberhollenzer
On the one hand, this commit cleanes the code a bit by splitting the "scan directory contents" code from the "scan xattrs from directory contents" and moving the later in a seperate file. On the other hand, the xattr scanning is now done *after* the fstree is post processed, which includes sorting it. This way, the xattrs are always added in a deterministic, reproducible order. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-04-27gensquashfs: Add options to globally override UID/GID valuesDavid Oberhollenzer
A common use case for mksquashfs is to simply pack a directory and set a magic option to force all user/group IDs to root. This commit adds similar options to gensquashfs to maek it better suited as a direct replacement for packing an input directory. Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>
2020-04-27Cleanup directory structure of the binary programsDavid Oberhollenzer
Instead of having the binary programs in randomly named subdirectories, move all of them to a "bin" subdirectory, similar to the utility libraries that have subdirectories within "lib" and give the subdirectories the propper names (e.g. have gensquashfs source in a directory *actually* named "gensquashfs"). Signed-off-by: David Oberhollenzer <david.oberhollenzer@sigma-star.at>