Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Feb 22, 2015
  1. Tim Kientzle

    Remove mentions of a required signature. This was added

    kientzle authored
    by libarchive but never caught on with other mtree implementations.
Commits on Feb 21, 2015
  1. Tim Kientzle
  2. Tim Kientzle

    Issue 407: Tar reader tries to examine last character of an empty fil…

    kientzle authored
    …ename
    
    Of interest:  While working on this, I noted that we have
    an existing test for tar files with empty filenames.
    That test asserts that the correct behavior here is for the
    format handler to return the entry with the empty filename
    and a status of ARCHIVE_OK.  Clients need to be robust against
    empty filenames.
  3. Tim Kientzle
  4. Tim Kientzle
  5. Tim Kientzle
Commits on Feb 14, 2015
  1. Tim Kientzle

    Issue 409: archive_read_extract object leaked

    kientzle authored
    Register the cleanup function for the object at the point
    where the object is actually allocated to ensure that
    it always gets cleaned up.
Commits on Feb 8, 2015
  1. Tim Kientzle

    Issue 405: segfault on malformed 7z archive

    kientzle authored
    Reject a couple of nonsensical cases.
  2. Tim Kientzle

    Issue 406: Segfault on malformed Zip archive

    kientzle authored
    Issue here was reading a size field as a signed number
    and then using that as an offset.  Fixed by correctly
    masking the size value to an unsigned result.
    
    Includes test based on the archive provided in the issue report.
Commits on Feb 7, 2015
  1. Tim Kientzle

    A correct fix for Issue 404: Read past end of string parsing fflags

    kientzle authored
    The previous fix actually broke the fflag parsing.  We
    cannot use strcmp() here because we're comparing a null-terminated
    string to a part of another string.
    
    This fix explicitly tracks the various string lengths and
    checks that they match before calling memcmp() or wmemcmp().
    That avoids any buffer overrun without breaking the parser.
  2. Tim Kientzle

    Issue 402: Failed to recognize empty dir name in lha/lzh file

    kientzle authored
    When parsing a directory name, we checked for the name
    length being zero, but not for the first byte being a
    null byte.  Add a similar check for the file case.
  3. Tim Kientzle
  4. Tim Kientzle
  5. Tim Kientzle

    Issue 403: Buffer underflow parsing 'ar' header

    kientzle authored
    While pruning trailing text from ar filenames, we did not
    check for an empty filename.  This results in reading the byte
    before the filename on the stack.
    
    While here, change a number of ar format issues from WARN to FATAL.
    It's better to abort on a damaged file than risk reading garbage.
    No doubt, this will require additional tuning in the future.
  6. Tim Kientzle

    Issue 400: Crash reading malformed compress (.Z) input

    kientzle authored
    The KwKwK case can never validly appear as the first token
    after a reset.
    
    Thanks to the afl-gcc folks for finding this.
  7. Tim Kientzle

    Issue 398: Overlapping memcpy

    kientzle authored
    Some of the pathname edits parse a part of the pathname
    in the entry, then try to set the pathname from that part.
    This leads the text routines to memcpy() from within the
    string buffer.
    
    Avoid this by simply using memmove() for low-level string append
    operations.
  8. Tim Kientzle

    Set a proper error message if we hit end-of-file when

    kientzle authored
    trying to read a cpio header.
    
    Suggested by Issue #395, although the actual problem there
    seems to have been the same as Issue #394.
Commits on Feb 2, 2015
  1. snarkmaster

    Do not request 0-length skips; sanity-check return.

    snarkmaster authored
    I noticed that my skip callback was always being invoked with a request of
    0.  This is a bit wasteful since skip callbacks commonly involve a syscall
    like lseek().
    
    Also, it seems good to error out when the skip callback is buggy, and claims
    to skip more than requested.
    
    Test Plan:
    
    ```
    autoreconf -ivf && ./configure && make && make check
    ```
    
    The same tests fail as before, with the same error messages. If interested,
    both failure logs are here:
    
    snarkmaster@00c9751
    
    These are on Ubuntu 14.04.
Commits on Feb 1, 2015
  1. Tim Kientzle

    Add a check to archive_read_filter_consume to reject any

    kientzle authored
    attempts to move the file pointer by a negative amount.
    
    Note:  Either this or commit 3865cf2 provides a fix for
    Issue 394.
Commits on Jan 31, 2015
  1. Tim Kientzle

    Issue 394: Segfault when reading malformed old-style cpio archives

    kientzle authored
    Root cause here was an implicit cast that resulted in
    reading very large file sizes as negative numbers.
  2. Tim Kientzle

    Extend the fuzz test to fuzz more bytes in small files;

    kientzle authored
    add the sample cpio_bin_le file to the test.
  3. Tim Kientzle
Commits on Jan 27, 2015
  1. Sevan Janiyan

    Update tar.5

    sevan authored
    Joerg Shilling's star is CDDL with some components in GPL (autoconf files) (see COPYING file in star source archive)
Commits on Jan 26, 2015
  1. Tim Kientzle

    Missing .El at end of list.

    kientzle authored
  2. Tim Kientzle
Commits on Jan 22, 2015
  1. Tim Kientzle

    Merge pull request #97 from alkino/master

    kientzle authored
    Add a support for utf-8 in archive_entry fields
  2. Tim Kientzle

    Merge pull request #83 from kjk/master

    kientzle authored
    speed up new_node() by reallocating more than one node at a time
Commits on Jan 19, 2015
  1. fix capitalized windows includes

    Martin Müllenhaupt authored
Commits on Jan 10, 2015
  1. Tim Kientzle

    Fix a potential crash issue discovered by Alexander Cherepanov:

    kientzle authored
    It seems bsdtar automatically handles stacked compression. This is a
    nice feature but it could be problematic when it's completely
    unlimited.  Most clearly it's illustrated with quines:
    
    $ curl -sRO http://www.maximumcompression.com/selfgz.gz
    $ (ulimit -v 10000000 && bsdtar -tvf selfgz.gz)
    bsdtar: Error opening archive: Can't allocate data for gzip decompression
    
    Without ulimit, bsdtar will eat all available memory. This could also
    be a problem for other applications using libarchive.
  2. Tim Kientzle

    Issue #131: Implement tar --no-xattr

    kientzle authored
    This option suppresses both archiving and
    restoring xattrs.  The latter relies on existing
    machinery; for the former, I've added a
    ARCHIVE_READDISK_NO_XATTR flag to archive_read_disk.
    
    Caveat: I've not implemented any tests for these new features.
  3. Tim Kientzle

    Issue 327: tar should accept zero-sized exclude files with -X

    kientzle authored
    Key problem:  We were using archive_read_format_raw() to read
    the exclude file which does not accept empty files.
    Enabling archive_read_format_empty() and reworking the
    end-of-input handling fixed this.
    
    Also add a test for this case to prevent it from regressing.
  4. Tim Kientzle

    Pass the correct pointer when checking the Zip64 end-of-central-direc…

    kientzle authored
    …tory
    
    locator.
    
    This fixes a bug introduced in 94bab9f when I reworked the
    EOCD scan.
Commits on Jan 4, 2015
  1. Tim Kientzle

    Issue 379: Zip containing another Zip misparsed

    kientzle authored
    The revised code now scans backwards from the end
    of the file to ensure we always pick the last end-of-central-directory
    record in case there is more than one.
  2. Tim Kientzle
Commits on Dec 15, 2014
  1. Tim Kientzle

    Fix typos in archive_pathmatch logic.

    kientzle authored
    This was explored in pull request #78 by github user maksqwe.
    After considering the alternatives, I think the existing
    behavior was correct (but the comments were wrong and there was
    extraneous code).  Extended tests to cover this case and some
    other cases that were not fully exercised.
Something went wrong with that request. Please try again.