Tar file fixes for some BSD tar files + ftpfs security fix

1998-08-07 16:47:44 +00:00 · 1998-08-07 16:47:44 +00:00 · da486c379b
--- a/vfs/ChangeLog
+++ b/vfs/ChangeLog
@ -1,3 +1,12 @@
+1998-08-07  Timur Bakeyev (timur@comtat.ru)
+
+	* tar.c (read_header): Support for linkflag on BSDI tar (pax), it
+	is always 0.
+
+1998-06-22  Miguel de Icaza  <miguel@nuclecu.unam.mx>
+
+	* ftpfs.c (ftpfs_open_socket): Potential security break fix.
+
 1998-08-06  Raja R Harinath  <harinath@cs.umn.edu>

 	* Makefile.am (BUILT_SOURCES): Make it `make dist' friendly.
@ -81,6 +90,7 @@ Thu May 28 16:42:31 1998  Pavel Machek <pavel@ucw.cz>
 	better defined meaning. Similar changes are done to all other
 	protocols. This change touched really _many_ places of code.

+
 1998-05-26  Miguel de Icaza  <miguel@nuclecu.unam.mx>

 	* vfs.c (MC_DIROP): Macro now returns the proper value. 
--- a/vfs/ftpfs.c
+++ b/vfs/ftpfs.c
@ -755,8 +755,9 @@ ftpfs_open_socket(struct ftpfs_connection *bucket)
 	    return -1;
 	}
 	server_address.sin_family = hp->h_addrtype;
-	bcopy ((char *) hp->h_addr, (char *) &server_address.sin_addr,
-	       hp->h_length);
+
+	/* We copy only 4 bytes, we can not trust hp->h_length, as it comes from the DNS */
+	bcopy ((char *) hp->h_addr, (char *) &server_address.sin_addr, 4);
    }

 #define THE_PORT qproxy(bucket) ? port : qport (bucket)
--- a/vfs/tar.c
+++ b/vfs/tar.c
@ -543,17 +543,25 @@ static int read_header (struct tarfs_archive *archive, int tard)

    if (sum == 8 * ' ') {
 	/*
-		 * This is a zeroed record...whole record is 0's except
-		 * for the 8 blanks we faked for the checksum field.
-		 */
+	 * This is a zeroed record...whole record is 0's except
+	 * for the 8 blanks we faked for the checksum field.
+	 */
 	return 2;
    }
    if (sum != recsum && signed_sum != recsum)
 	return 0;
-
+    
    /*
-	 * Good record.  Decode file size and return.
-	 */
+     * linkflag on BSDI tar (pax) always '\000'
+     */
+    if(header->header.linkflag == '\000' &&
+       strlen(header->header.arch_name) &&
+       header->header.arch_name[strlen(header->header.arch_name) - 1] == '/')
+	header->header.linkflag = LF_DIR;
+    
+     /*
+     * Good record.  Decode file size and return.
+     */
    if (header->header.linkflag == LF_LINK || header->header.linkflag == LF_DIR)
 	hstat.st_size = 0;	/* Links 0 size on tape */
    else