On Sun, 14 Feb 2016, Nicolas Bedos wrote:
...
> >Description:
>     Please note I could only test this on a -stable machine.
> 
>     pax(1) gets stuck in an infinite loop when recreating intermediate
>     directories from a pathname ending with '/' while extracting a cpio
>     archive

It can also affect pax's -rw mode, ala:
        echo /tmp/foo/bar/ | pax -rwv . 

> >Fix:
>     I did some digging and it seems pax gets stuck in a loop after
>     calling node_creat (file_subs.c) to create /tmp/foo/bar: 
...
>     The first argument of chk_path seems to end with '/' because of the
>     cpio format. I could not reproduce the problem with the ustar
>     format. I did not look any further since I think it is chk_path
>     which is at fault here.

It doesn't occur when reading ustar format input because a filename with a 
trailing slash is already specially handled there to provide compat with 
the old tar format where directories are stored with a trailing slash.


>     The diff below breaks out of the for loop when reaching the
>     terminating '/'.  /tmp/foo/bar should be created by node_creat, not
>     by chk_path.
...
> --- file_subs.c 19 Mar 2015 05:14:24 -0000      1.47
> +++ file_subs.c 13 Feb 2016 21:55:34 -0000
> @@ -611,7 +611,7 @@ chk_path(char *name, uid_t st_uid, gid_t
>                  * work forward from the first / and check each part of the 
> path
>                  */
>                 spt = strchr(spt, '/');
> -               if (spt == NULL)
> +               if (spt == NULL || (*spt == '/' && *(spt+1) == '\0'))
>                         break;

(One minor point: the return value of strchr() is either NULL or points to 
the searched for character, so the *spt=='/' check is superfluous.)


I'm not sure that change will be enough to handle paths ending in slash 
for all file types.  No value archive would have such but we should make 
sure we don't loop or mishandle those others cases; I need to generate 
some bogus archives to check.


It laso looks like handling of doubled slashes in the middle of paths is 
also less than ideal, resulting in duplicated checks when they could be 
skipped over, though changes for that will probably be too invasive to get 
in before release.


Philip Guenther

Reply via email to