libarchive: sanitize out-of-range uids/gids

2010-07-26 12:44:48 +00:00 · 2010-07-26 12:44:48 +00:00 · c297701987
commit c297701987
parent 149153f8ca
2 changed files with 42 additions and 4 deletions
--- a/lib/libarchive/archive_entry.c
+++ b/lib/libarchive/archive_entry.c
@ -82,6 +82,9 @@ __FBSDID("$FreeBSD: head/lib/libarchive/archive_entry.c 201096 2009-12-28 02:41:
 #define	makedev(maj,min) ((0xff00 & ((maj)<<8)) | (0xffff00ff & (min)))
 #endif
 #include <grp.h>
 #include <pwd.h>
 /* Play games to come up with a suitable makedev() definition. */
 #ifdef __QNXNTO__
 /* QNX.  <sigh> */
@ -804,10 +807,27 @@ archive_entry_copy_fflags_text_w(struct archive_entry *entry,
 }
 void
-archive_entry_set_gid(struct archive_entry *entry, gid_t g)
+archive_entry_set_gid(struct archive_entry *entry, int g)
 {
 	entry->stat_valid = 0;
 	entry->ae_stat.aest_gid = g;
 	if(entry->ae_stat.aest_gid != g) {
 		static int warned = 0;
 		static struct group *nobodygroup;
 		gid_t truncgroup;
 		if(!nobodygroup)
 			nobodygroup = getgrnam("nobody");
 		if(nobodygroup)
 			truncgroup = nobodygroup->gr_gid;
 		else
 			truncgroup = 99;
 		if(!warned) {
 			fprintf(stderr, "libarchive: gid %d out of range; will be extracted as %d\n", 
 				g, truncgroup);
 			warned = 1;
 		}
 		entry->ae_stat.aest_gid = truncgroup;
 	}
 }
 void
@ -1159,10 +1179,28 @@ archive_entry_update_symlink_utf8(struct archive_entry *entry, const char *linkn
 }
 void
-archive_entry_set_uid(struct archive_entry *entry, uid_t u)
+archive_entry_set_uid(struct archive_entry *entry, int u)
 {
 	entry->stat_valid = 0;
 	entry->ae_stat.aest_uid = u;
 	if(entry->ae_stat.aest_uid != u) {
 		static int warned = 0;
 		static struct passwd *nobodyuser;
 		uid_t truncuser;
 		if(!nobodyuser)
 			nobodyuser = getpwnam("nobody");
 		if(nobodyuser)
 			truncuser = nobodyuser->pw_uid;
 		else
 			truncuser = 99;
 		if(!warned) {
 			fprintf(stderr, "libarchive: uid %d out of range; will be extracted as %d\n", 
 				u, truncuser);
 			warned = 1;
 		}
 		entry->ae_stat.aest_uid = truncuser;
 	}
 }
 void
--- a/lib/libarchive/archive_entry.h
+++ b/lib/libarchive/archive_entry.h
@ -270,7 +270,7 @@ __LA_DECL const char *archive_entry_copy_fflags_text(struct archive_entry *,
 	    const char *);
 __LA_DECL const wchar_t *archive_entry_copy_fflags_text_w(struct archive_entry *,
 	    const wchar_t *);
-__LA_DECL void	archive_entry_set_gid(struct archive_entry *, __LA_GID_T);
+__LA_DECL void	archive_entry_set_gid(struct archive_entry *, int);
 __LA_DECL void	archive_entry_set_gname(struct archive_entry *, const char *);
 __LA_DECL void	archive_entry_copy_gname(struct archive_entry *, const char *);
 __LA_DECL void	archive_entry_copy_gname_w(struct archive_entry *, const wchar_t *);
@ -315,7 +315,7 @@ __LA_DECL void	archive_entry_set_symlink(struct archive_entry *, const char *);
 __LA_DECL void	archive_entry_copy_symlink(struct archive_entry *, const char *);
 __LA_DECL void	archive_entry_copy_symlink_w(struct archive_entry *, const wchar_t *);
 __LA_DECL int	archive_entry_update_symlink_utf8(struct archive_entry *, const char *);
-__LA_DECL void	archive_entry_set_uid(struct archive_entry *, __LA_UID_T);
+__LA_DECL void	archive_entry_set_uid(struct archive_entry *, int);
 __LA_DECL void	archive_entry_set_uname(struct archive_entry *, const char *);
 __LA_DECL void	archive_entry_copy_uname(struct archive_entry *, const char *);
 __LA_DECL void	archive_entry_copy_uname_w(struct archive_entry *, const wchar_t *);