Also adds checks that the filename does not exceed PATH_MAX. Signed-off-by: Andrew Gregory <andrew.gregory.8@gmail.com> --- lib/libalpm/add.c | 133 ++++++++++++++++++++++++------------------------------ 1 file changed, 60 insertions(+), 73 deletions(-) diff --git a/lib/libalpm/add.c b/lib/libalpm/add.c index 3509100..c9ebbc8 100644 --- a/lib/libalpm/add.c +++ b/lib/libalpm/add.c @@ -178,6 +178,7 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive, const char *hash_orig = NULL; int errors = 0; struct stat lsbuf; + size_t filename_len; if(*entryname == '.') { return extract_db_file(handle, archive, entry, newpkg, entryname); @@ -191,7 +192,12 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive, } /* build the new entryname relative to handle->root */ - snprintf(filename, PATH_MAX, "%s%s", handle->root, entryname); + filename_len = snprintf(filename, PATH_MAX, "%s%s", handle->root, entryname); + if(filename_len >= PATH_MAX) { + _alpm_log(handle, ALPM_LOG_ERROR, + _("unable to extract %s%s: path too long"), handle->root, entryname); + return 1; + } /* if a file is in NoExtract then we never extract it */ if(_alpm_fnmatch_patterns(handle->noextract, entryname) == 0) { @@ -280,23 +286,54 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive, } } - if(needbackup) { - char *checkfile; - char *hash_local = NULL, *hash_pkg = NULL; - size_t len; + if(notouch || needbackup) { + if(filename_len + strlen(".pacnew") >= PATH_MAX) { + _alpm_log(handle, ALPM_LOG_ERROR, + _("unable to extract %s.pacnew: path too long"), filename); + return 1; + } + strcpy(filename + filename_len, ".pacnew"); + } - len = strlen(filename) + 10; - MALLOC(checkfile, len, - errors++; handle->pm_errno = ALPM_ERR_MEMORY; goto needbackup_cleanup); - snprintf(checkfile, len, "%s.pacnew", filename); + if(handle->trans->flags & ALPM_TRANS_FLAG_FORCE) { + /* if FORCE was used, unlink() each file (whether it's there + * or not) before extracting. This prevents the old "Text file busy" + * error that crops up if forcing a glibc or pacman upgrade. */ + unlink(filename); + } - if(perform_extraction(handle, archive, entry, checkfile)) { - errors++; - goto needbackup_cleanup; - } + _alpm_log(handle, ALPM_LOG_DEBUG, "extracting %s\n", filename); + if(perform_extraction(handle, archive, entry, filename)) { + errors++; + return errors; + } + + if(backup) { + FREE(backup->hash); + backup->hash = alpm_compute_md5sum(filename); + } + + if(notouch) { + alpm_event_pacnew_created_t event = { + .type = ALPM_EVENT_PACNEW_CREATED, + .from_noupgrade = 1, + .oldpkg = oldpkg, + .newpkg = newpkg, + .file = filename + }; + /* "remove" the .pacnew suffix */ + filename[filename_len] = '\0'; + EVENT(handle, &event); + alpm_logaction(handle, ALPM_CALLER_PREFIX, + "warning: %s installed as %s.pacnew\n", filename, filename); + } else if(needbackup) { + char *hash_local = NULL, *hash_pkg = NULL; + char origfile[PATH_MAX]; + + strncpy(origfile, filename, filename_len); - hash_local = alpm_compute_md5sum(filename); - hash_pkg = alpm_compute_md5sum(checkfile); + hash_local = alpm_compute_md5sum(origfile); + hash_pkg = alpm_compute_md5sum(filename); /* update the md5 hash in newpkg's backup (it will be the new original) */ if(backup) { @@ -304,7 +341,7 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive, STRDUP(backup->hash, hash_pkg, RET_ERR(handle, ALPM_ERR_MEMORY, -1)); } - _alpm_log(handle, ALPM_LOG_DEBUG, "checking hashes for %s\n", filename); + _alpm_log(handle, ALPM_LOG_DEBUG, "checking hashes for %s\n", origfile); _alpm_log(handle, ALPM_LOG_DEBUG, "current: %s\n", hash_local); _alpm_log(handle, ALPM_LOG_DEBUG, "new: %s\n", hash_pkg); _alpm_log(handle, ALPM_LOG_DEBUG, "original: %s\n", hash_orig); @@ -313,8 +350,8 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive, /* local and new files are the same, updating anyway to get * correct timestamps */ _alpm_log(handle, ALPM_LOG_DEBUG, "action: installing new file: %s\n", - filename); - if(try_rename(handle, checkfile, filename)) { + origfile); + if(try_rename(handle, filename, origfile)) { errors++; } } else if(hash_orig && hash_pkg && strcmp(hash_orig, hash_pkg) == 0) { @@ -322,13 +359,13 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive, * including any user changes */ _alpm_log(handle, ALPM_LOG_DEBUG, "action: leaving existing file in place\n"); - unlink(checkfile); + unlink(filename); } else if(hash_orig && hash_local && strcmp(hash_orig, hash_local) == 0) { /* installed file has NOT been changed by user, * update to the new version */ _alpm_log(handle, ALPM_LOG_DEBUG, "action: installing new file: %s\n", - filename); - if(try_rename(handle, checkfile, filename)) { + origfile); + if(try_rename(handle, filename, origfile)) { errors++; } } else { @@ -339,68 +376,18 @@ static int extract_single_file(alpm_handle_t *handle, struct archive *archive, .from_noupgrade = 0, .oldpkg = oldpkg, .newpkg = newpkg, - .file = filename + .file = origfile }; _alpm_log(handle, ALPM_LOG_DEBUG, "action: keeping current file and installing" " new one with .pacnew ending\n"); EVENT(handle, &event); alpm_logaction(handle, ALPM_CALLER_PREFIX, - "warning: %s installed as %s\n", filename, checkfile); + "warning: %s installed as %s\n", origfile, filename); } -needbackup_cleanup: - free(checkfile); free(hash_local); free(hash_pkg); - } else { - size_t len; - /* we didn't need a backup */ - if(notouch) { - /* change the path to a .pacnew extension */ - _alpm_log(handle, ALPM_LOG_DEBUG, "%s is in NoUpgrade -- skipping\n", filename); - /* remember len so we can get the old filename back for the event */ - len = strlen(filename); - strncat(filename, ".pacnew", PATH_MAX - len); - } else { - _alpm_log(handle, ALPM_LOG_DEBUG, "extracting %s\n", filename); - } - - if(handle->trans->flags & ALPM_TRANS_FLAG_FORCE) { - /* if FORCE was used, unlink() each file (whether it's there - * or not) before extracting. This prevents the old "Text file busy" - * error that crops up if forcing a glibc or pacman upgrade. */ - unlink(filename); - } - - if(perform_extraction(handle, archive, entry, filename)) { - /* error */ - errors++; - return errors; - } - - if(notouch) { - alpm_event_pacnew_created_t event = { - .type = ALPM_EVENT_PACNEW_CREATED, - .from_noupgrade = 1, - .oldpkg = oldpkg, - .newpkg = newpkg, - .file = filename - }; - /* "remove" the .pacnew suffix */ - filename[len] = '\0'; - EVENT(handle, &event); - alpm_logaction(handle, ALPM_CALLER_PREFIX, - "warning: %s installed as %s.pacnew\n", filename, filename); - /* restore */ - filename[len] = '.'; - } - - /* calculate an hash if this is in newpkg's backup */ - if(backup) { - FREE(backup->hash); - backup->hash = alpm_compute_md5sum(filename); - } } return errors; } -- 2.1.1