2009-11-29 19:09:29 +01:00
#!/bin/sh
# Copyright 2009 by Denys Vlasenko
2010-08-16 20:14:46 +02:00
# Licensed under GPLv2, see file LICENSE in this source tree.
2009-11-29 19:09:29 +01:00
. ./testing.sh
2010-08-10 23:33:57 -07:00
unset LANG
unset LANGUAGE
unset LC_COLLATE
unset LC_ALL
umask 022
2009-11-29 19:09:29 +01:00
# testing "test name" "script" "expected result" "file input" "stdin"
2013-11-19 17:17:48 +01:00
testing "Empty file is not a tarball" '\
tar xvf - 2>&1; echo $?
' "\
tar: short read
1
" \
"" ""
SKIP=
2016-06-20 01:40:19 +02:00
optional FEATURE_SEAMLESS_GZ GUNZIP
2013-12-31 23:22:36 +01:00
# In NOMMU case, "invalid magic" message comes from gunzip child process.
# Otherwise, it comes from tar.
# Need to fix output up to avoid false positive.
2013-11-19 16:56:26 +01:00
testing "Empty file is not a tarball.tar.gz" '\
2013-12-31 23:22:36 +01:00
{ tar xvzf - 2>&1; echo $?; } | grep -Fv "invalid magic"
2013-11-19 14:52:02 +01:00
' "\
tar: short read
1
" \
"" ""
SKIP=
2013-11-19 17:17:48 +01:00
testing "Two zeroed blocks is a ('truncated') empty tarball" '\
2013-12-31 23:25:46 +01:00
dd if=/dev/zero bs=512 count=2 2>/dev/null | tar xvf - 2>&1; echo $?
2013-11-19 17:17:48 +01:00
' "\
0
" \
"" ""
SKIP=
testing "Twenty zeroed blocks is an empty tarball" '\
dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $?
' "\
0
" \
"" ""
SKIP=
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2015-10-22 01:07:13 +02:00
# "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input":
# GNU tar 1.26 records as hardlinks:
# input_hard2 -> input_hard1
# input_hard1 -> input_hard1 (!!!)
# input_dir/file -> input_dir/file
# input -> input
# As of 1.24.0, we don't record last two: for them, nlink==1
# and we check for "hardlink"ness only files with nlink!=1
# We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing.
2010-05-11 03:53:57 +02:00
optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
2010-04-09 10:52:52 +02:00
testing "tar hardlinks and repeated files" '\
2009-12-16 22:46:01 +01:00
>input_hard1
2009-11-29 19:09:29 +01:00
ln input_hard1 input_hard2
mkdir input_dir
>input_dir/file
2010-04-09 10:52:52 +02:00
chmod -R 644 *
chmod 755 input_dir
2009-11-29 19:09:29 +01:00
tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input
2010-04-09 10:52:52 +02:00
tar tvf test.tar | sed "s/.*[0-9] input/input/"
2015-10-22 01:07:13 +02:00
rm -rf input_dir
2010-04-09 10:52:52 +02:00
tar xf test.tar 2>&1
echo Ok: $?
ls -l . input_dir/* | grep input_ | sed "s/\\(^[^ ]*\\) .* input/\\1 input/"
' "\
2009-12-16 22:46:01 +01:00
input
2009-11-29 19:09:29 +01:00
input_dir/
input_dir/file
input_hard1
input_hard2 -> input_hard1
input_hard1 -> input_hard1
input_dir/
input_dir/file
input
2010-04-09 10:52:52 +02:00
Ok: 0
-rw-r--r-- input_dir/file
drwxr-xr-x input_dir
-rw-r--r-- input_hard1
-rw-r--r-- input_hard2
" \
"" ""
2010-05-10 05:53:16 +02:00
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2010-04-09 10:52:52 +02:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2010-05-11 03:53:57 +02:00
optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
2010-04-09 10:52:52 +02:00
testing "tar hardlinks mode" '\
>input_hard1
chmod 741 input_hard1
ln input_hard1 input_hard2
mkdir input_dir
ln input_hard1 input_dir
ln input_hard2 input_dir
2010-09-02 18:38:00 -07:00
chmod 550 input_dir
2010-09-03 17:22:56 +02:00
# On some filesystems, input_dir/input_hard2 is returned by readdir
# BEFORE input_dir/input_hard1! Thats why we cant just "tar cf ... input_*":
tar cf test.tar input_dir/input_hard* input_hard*
2010-04-09 10:52:52 +02:00
tar tvf test.tar | sed "s/.*[0-9] input/input/"
2010-09-02 18:38:00 -07:00
chmod 770 input_dir
rm -rf input_*
2010-04-09 10:52:52 +02:00
tar xf test.tar 2>&1
echo Ok: $?
2010-09-03 17:22:56 +02:00
ls -l . input_dir/* | grep "input.*hard" | sed "s/\\(^[^ ]*\\) .* input/\\1 input/"
2010-04-09 10:52:52 +02:00
' "\
input_dir/input_hard1
input_dir/input_hard2 -> input_dir/input_hard1
input_hard1 -> input_dir/input_hard1
input_hard2 -> input_dir/input_hard1
Ok: 0
-rwxr----x input_dir/input_hard1
-rwxr----x input_dir/input_hard2
-rwxr----x input_hard1
-rwxr----x input_hard2
2009-11-29 19:09:29 +01:00
" \
"" ""
2010-05-10 05:53:16 +02:00
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2009-11-29 19:09:29 +01:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2010-05-11 03:53:57 +02:00
optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES
2010-04-09 14:11:45 +02:00
testing "tar symlinks mode" '\
>input_file
chmod 741 input_file
ln -s input_file input_soft
mkdir input_dir
ln input_file input_dir
ln input_soft input_dir
2010-09-02 18:38:00 -07:00
chmod 550 input_dir
2010-09-11 00:28:50 -07:00
tar cf test.tar input_dir/* input_[fs]*
2010-05-12 15:59:32 +02:00
tar tvf test.tar | sed "s/.*[0-9] input/input/" | sort
2010-09-02 18:38:00 -07:00
chmod 770 input_dir
rm -rf input_*
2010-04-09 14:11:45 +02:00
tar xf test.tar 2>&1
echo Ok: $?
2010-09-11 00:28:50 -07:00
ls -l . input_dir/* | grep "input_[fs]" | sed "s/\\(^[^ ]*\\) .* input/\\1 input/"
2010-04-09 14:11:45 +02:00
' "\
input_dir/input_file
input_dir/input_soft -> input_file
input_file -> input_dir/input_file
input_soft -> input_dir/input_soft
Ok: 0
-rwxr----x input_dir/input_file
lrwxrwxrwx input_file
-rwxr----x input_file
lrwxrwxrwx input_file
" \
"" ""
2010-05-10 05:53:16 +02:00
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2010-04-09 14:11:45 +02:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2010-05-11 12:02:48 +02:00
optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS
2009-12-16 23:18:59 +01:00
testing "tar --overwrite" "\
ln input input_hard
tar cf test.tar input_hard
echo WRONG >input
# --overwrite opens 'input_hard' without unlinking,
# thus 'input_hard' still linked to 'input' and we write 'Ok' into it
tar xf test.tar --overwrite 2>&1 && cat input
" "\
Ok
" \
"Ok\n" ""
2010-04-02 09:57:27 +02:00
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2009-12-16 23:18:59 +01:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2010-09-11 00:28:50 -07:00
test x"$SKIP_KNOWN_BUGS" = x"" && {
2010-09-05 16:16:46 +02:00
# Needs to be run under non-root for meaningful test
optional FEATURE_TAR_CREATE
testing "tar writing into read-only dir" '\
mkdir input_dir
>input_dir/input_file
chmod 550 input_dir
tar cf test.tar input_dir
tar tvf test.tar | sed "s/.*[0-9] input/input/"
chmod 770 input_dir
rm -rf input_*
tar xf test.tar 2>&1
echo Ok: $?
ls -l input_dir/* . | grep input_ | sed "s/\\(^[^ ]*\\) .* input/\\1 input/"
chmod 770 input_dir
' "\
input_dir/
input_dir/input_file
Ok: 0
-rw-r--r-- input_dir/input_file
dr-xr-x--- input_dir
" \
"" ""
SKIP=
2010-09-11 00:28:50 -07:00
}
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2010-09-11 00:28:50 -07:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2011-02-06 20:02:15 +01:00
# Had a bug where on extract autodetect first "switched off" -z
2011-02-06 20:01:11 +01:00
# and then failed to recognize .tgz extension
2016-06-20 11:04:04 +02:00
optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP
2011-02-06 20:01:11 +01:00
testing "tar extract tgz" "\
dd count=1 bs=1M if=/dev/zero of=F0 2>/dev/null
tar -czf F0.tgz F0
rm F0
tar -xzvf F0.tgz && echo Ok
rm F0 || echo BAD
" "\
F0
Ok
" \
"" ""
2011-08-10 00:51:29 +02:00
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2011-02-06 20:01:11 +01:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2012-03-06 16:57:01 +01:00
# Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)?
# (the uuencoded hello_world.txz contains one empty file named "hello_world")
optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ
testing "tar extract txz" "\
uudecode -o input && tar tf input && echo Ok
" "\
hello_world
Ok
" \
"" "\
begin-base64 644 hello_world.txz
/Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4AX/AEldADQZSe6ODIZQ3rSQ8kAJ
SnMPTX+XWGKW3Yu/Rwqg4Ik5wqgQKgVH97J8yA8IvZ4ahaCQogUNHRkXibr2
Q615wcb2G7fJU49AhWAAAAAAUA8gu9DyXfAAAWWADAAAAB5FXGCxxGf7AgAA
AAAEWVo=
====
"
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2012-03-06 16:57:01 +01:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2011-03-01 17:21:07 +01:00
# On extract, everything up to and including last ".." component is stripped
2011-08-10 00:51:29 +02:00
optional FEATURE_TAR_CREATE
2011-03-01 17:21:07 +01:00
testing "tar strips /../ on extract" "\
rm -rf input_* test.tar 2>/dev/null
mkdir input_dir
echo Ok >input_dir/file
tar cf test.tar ./../tar.tempdir/input_dir/../input_dir 2>&1
rm -rf input_* 2>/dev/null
tar -vxf test.tar 2>&1
cat input_dir/file 2>&1
" "\
2011-03-02 01:21:02 +01:00
tar: removing leading './../tar.tempdir/input_dir/../' from member names
2011-03-01 17:21:07 +01:00
input_dir/
input_dir/file
Ok
" \
"" ""
2011-08-10 00:51:29 +02:00
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2011-03-01 17:21:07 +01:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2015-10-22 16:37:01 +02:00
# attack.tar.bz2 has symlink pointing to a system file
# followed by a regular file with the same name
# containing "root::0:0::/root:/bin/sh":
# lrwxrwxrwx root/root passwd -> /tmp/passwd
# -rw-r--r-- root/root passwd
# naive tar implementation may end up creating the symlink
# and then writing into it.
# The correct implementation unlinks target before
# creating the second file.
# We test that /tmp/passwd remains empty:
2016-06-19 21:54:04 +02:00
optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
2015-10-22 16:37:01 +02:00
testing "tar does not extract into symlinks" "\
>>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
" "\
2017-08-10 11:52:42 +02:00
tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
2015-10-22 16:37:01 +02:00
0
" \
"" "\
begin-base64 644 attack.tar.bz2
QlpoOTFBWSZTWRVn/bIAAKt7hMqwAEBAAP2QAhB0Y96AAACACCAAlISgpqe0
po0DIaDynqAkpDRP1ANAhiYNSPR8VchKhAz0AK59+DA6FcMKBggOARIJdVHL
DGllrjs20ATUgR1HmccBX3EhoMnpMJaNyggmxgLDMz54lBnBTJO/1L1lbMS4
l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
====
"
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
mkdir tar.tempdir && cd tar.tempdir || exit 1
2015-10-22 16:37:01 +02:00
# And same with -k
2016-06-19 21:54:04 +02:00
optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2
2015-10-22 16:37:01 +02:00
testing "tar -k does not extract into symlinks" "\
>>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$?
" "\
2017-08-10 11:52:42 +02:00
tar: skipping unsafe symlink to '/tmp/passwd' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
2015-10-22 16:37:01 +02:00
0
" \
"" "\
begin-base64 644 attack.tar.bz2
QlpoOTFBWSZTWRVn/bIAAKt7hMqwAEBAAP2QAhB0Y96AAACACCAAlISgpqe0
po0DIaDynqAkpDRP1ANAhiYNSPR8VchKhAz0AK59+DA6FcMKBggOARIJdVHL
DGllrjs20ATUgR1HmccBX3EhoMnpMJaNyggmxgLDMz54lBnBTJO/1L1lbMS4
l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI=
====
"
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2015-10-22 16:37:01 +02:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
2016-12-12 14:33:53 +01:00
optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
2016-11-11 17:56:45 +01:00
testing "Pax-encoded UTF8 names and symlinks" '\
tar xvf ../tar.utf8.tar.bz2 2>&1; echo $?
export LANG=en_US.UTF-8
2016-12-12 19:17:12 +01:00
ls -l etc/ssl/certs/* | sed "s:.*etc/:etc/:" | sort
2016-11-11 17:56:45 +01:00
unset LANG
rm -rf etc usr
' "\
etc/ssl/certs/3b2716e5.0
etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayı cı sı .pem
2017-08-10 11:52:42 +02:00
tar: skipping unsafe symlink to '/usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayı cı sı .crt' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
2016-11-11 17:56:45 +01:00
etc/ssl/certs/f80cc7f6.0
usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayı cı sı .crt
0
etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayı cı sı .pem
etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayı cı sı .pem
" \
"" ""
SKIP=
2017-07-24 17:20:13 +02:00
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2016-11-11 17:56:45 +01:00
2017-07-24 17:20:13 +02:00
mkdir tar.tempdir && cd tar.tempdir || exit 1
optional FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT
testing "Symlink attack: create symlink and then write through it" '\
exec 2>&1
uudecode -o input && tar xvf input; echo $?
ls /tmp/bb_test_evilfile
ls bb_test_evilfile
ls symlink/bb_test_evilfile
' "\
anything.txt
symlink
2017-08-10 11:52:42 +02:00
tar: skipping unsafe symlink to '/tmp' in archive, set EXTRACT_UNSAFE_SYMLINKS=1 to extract
2017-07-24 17:20:13 +02:00
symlink/bb_test_evilfile
2017-08-10 11:52:42 +02:00
0
2017-07-24 17:20:13 +02:00
ls: /tmp/bb_test_evilfile: No such file or directory
ls: bb_test_evilfile: No such file or directory
symlink/bb_test_evilfile
" \
"" "\
begin-base64 644 tar_symlink_attack.tar.bz2
QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR
omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk
AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa
SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS
n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA=
====
"
SKIP=
cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null
2009-11-29 19:09:29 +01:00
exit $FAILCOUNT