1#!/bin/sh 2# Copyright 2009 by Denys Vlasenko 3# Licensed under GPLv2, see file LICENSE in this source tree. 4 5. ./testing.sh 6 7unset LANG 8unset LANGUAGE 9unset LC_COLLATE 10unset LC_ALL 11umask 022 12 13# testing "test name" "script" "expected result" "file input" "stdin" 14 15testing "Empty file is not a tarball" '\ 16tar xvf - 2>&1; echo $? 17' "\ 18tar: short read 191 20" \ 21"" "" 22SKIP= 23 24optional FEATURE_SEAMLESS_GZ GUNZIP 25# In NOMMU case, "invalid magic" message comes from gunzip child process. 26# Otherwise, it comes from tar. 27# Need to fix output up to avoid false positive. 28testing "Empty file is not a tarball.tar.gz" '\ 29{ tar xvzf - 2>&1; echo $?; } | grep -Fv "invalid magic" 30' "\ 31tar: short read 321 33" \ 34"" "" 35SKIP= 36 37testing "Two zeroed blocks is a ('truncated') empty tarball" '\ 38dd if=/dev/zero bs=512 count=2 2>/dev/null | tar xvf - 2>&1; echo $? 39' "\ 400 41" \ 42"" "" 43SKIP= 44 45testing "Twenty zeroed blocks is an empty tarball" '\ 46dd if=/dev/zero bs=512 count=20 2>/dev/null | tar xvf - 2>&1; echo $? 47' "\ 480 49" \ 50"" "" 51SKIP= 52 53mkdir tar.tempdir && cd tar.tempdir || exit 1 54# "tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input": 55# GNU tar 1.26 records as hardlinks: 56# input_hard2 -> input_hard1 57# input_hard1 -> input_hard1 (!!!) 58# input_dir/file -> input_dir/file 59# input -> input 60# As of 1.24.0, we don't record last two: for them, nlink==1 61# and we check for "hardlink"ness only files with nlink!=1 62# We also don't use "hrw-r--r--" notation for hardlinks in "tar tv" listing. 63optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES 64testing "tar hardlinks and repeated files" '\ 65>input_hard1 66ln input_hard1 input_hard2 67mkdir input_dir 68>input_dir/file 69chmod -R 644 * 70chmod 755 input_dir 71tar cf test.tar input input_dir/ input_hard1 input_hard2 input_hard1 input_dir/ input 72tar tvf test.tar | sed "s/.*[0-9] input/input/" 73rm -rf input_dir 74tar xf test.tar 2>&1 75echo Ok: $? 76ls -l . input_dir/* | grep input_ | sed "s/\\(^[^ ]*\\) .* input/\\1 input/" 77' "\ 78input 79input_dir/ 80input_dir/file 81input_hard1 82input_hard2 -> input_hard1 83input_hard1 -> input_hard1 84input_dir/ 85input_dir/file 86input 87Ok: 0 88-rw-r--r-- input_dir/file 89drwxr-xr-x input_dir 90-rw-r--r-- input_hard1 91-rw-r--r-- input_hard2 92" \ 93"" "" 94SKIP= 95cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 96 97mkdir tar.tempdir && cd tar.tempdir || exit 1 98optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES 99testing "tar hardlinks mode" '\ 100>input_hard1 101chmod 741 input_hard1 102ln input_hard1 input_hard2 103mkdir input_dir 104ln input_hard1 input_dir 105ln input_hard2 input_dir 106chmod 550 input_dir 107# On some filesystems, input_dir/input_hard2 is returned by readdir 108# BEFORE input_dir/input_hard1! Thats why we cant just "tar cf ... input_*": 109tar cf test.tar input_dir/input_hard* input_hard* 110tar tvf test.tar | sed "s/.*[0-9] input/input/" 111chmod 770 input_dir 112rm -rf input_* 113tar xf test.tar 2>&1 114echo Ok: $? 115ls -l . input_dir/* | grep "input.*hard" | sed "s/\\(^[^ ]*\\) .* input/\\1 input/" 116' "\ 117input_dir/input_hard1 118input_dir/input_hard2 -> input_dir/input_hard1 119input_hard1 -> input_dir/input_hard1 120input_hard2 -> input_dir/input_hard1 121Ok: 0 122-rwxr----x input_dir/input_hard1 123-rwxr----x input_dir/input_hard2 124-rwxr----x input_hard1 125-rwxr----x input_hard2 126" \ 127"" "" 128SKIP= 129cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 130 131mkdir tar.tempdir && cd tar.tempdir || exit 1 132optional FEATURE_TAR_CREATE FEATURE_LS_SORTFILES 133testing "tar symlinks mode" '\ 134>input_file 135chmod 741 input_file 136ln -s input_file input_soft 137mkdir input_dir 138ln input_file input_dir 139ln input_soft input_dir 140chmod 550 input_dir 141tar cf test.tar input_dir/* input_[fs]* 142tar tvf test.tar | sed "s/.*[0-9] input/input/" | sort 143chmod 770 input_dir 144rm -rf input_* 145tar xf test.tar 2>&1 146echo Ok: $? 147ls -l . input_dir/* | grep "input_[fs]" | sed "s/\\(^[^ ]*\\) .* input/\\1 input/" 148' "\ 149input_dir/input_file 150input_dir/input_soft -> input_file 151input_file -> input_dir/input_file 152input_soft -> input_dir/input_soft 153Ok: 0 154-rwxr----x input_dir/input_file 155lrwxrwxrwx input_file 156-rwxr----x input_file 157lrwxrwxrwx input_file 158" \ 159"" "" 160SKIP= 161cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 162 163mkdir tar.tempdir && cd tar.tempdir || exit 1 164optional FEATURE_TAR_CREATE FEATURE_TAR_LONG_OPTIONS 165testing "tar --overwrite" "\ 166ln input input_hard 167tar cf test.tar input_hard 168echo WRONG >input 169# --overwrite opens 'input_hard' without unlinking, 170# thus 'input_hard' still linked to 'input' and we write 'Ok' into it 171tar xf test.tar --overwrite 2>&1 && cat input 172" "\ 173Ok 174" \ 175"Ok\n" "" 176SKIP= 177cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 178 179mkdir tar.tempdir && cd tar.tempdir || exit 1 180test x"$SKIP_KNOWN_BUGS" = x"" && { 181# Needs to be run under non-root for meaningful test 182optional FEATURE_TAR_CREATE 183testing "tar writing into read-only dir" '\ 184mkdir input_dir 185>input_dir/input_file 186chmod 550 input_dir 187tar cf test.tar input_dir 188tar tvf test.tar | sed "s/.*[0-9] input/input/" 189chmod 770 input_dir 190rm -rf input_* 191tar xf test.tar 2>&1 192echo Ok: $? 193ls -l input_dir/* . | grep input_ | sed "s/\\(^[^ ]*\\) .* input/\\1 input/" 194chmod 770 input_dir 195' "\ 196input_dir/ 197input_dir/input_file 198Ok: 0 199-rw-r--r-- input_dir/input_file 200dr-xr-x--- input_dir 201" \ 202"" "" 203SKIP= 204} 205cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 206 207mkdir tar.tempdir && cd tar.tempdir || exit 1 208# Had a bug where on extract autodetect first "switched off" -z 209# and then failed to recognize .tgz extension 210optional FEATURE_TAR_CREATE FEATURE_SEAMLESS_GZ GUNZIP 211testing "tar extract tgz" "\ 212dd count=1 bs=1M if=/dev/zero of=F0 2>/dev/null 213tar -czf F0.tgz F0 214rm F0 215tar -xzvf F0.tgz && echo Ok 216rm F0 || echo BAD 217" "\ 218F0 219Ok 220" \ 221"" "" 222SKIP= 223cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 224 225mkdir tar.tempdir && cd tar.tempdir || exit 1 226# Do we detect XZ-compressed data (even w/o .tar.xz or txz extension)? 227# (the uuencoded hello_world.txz contains one empty file named "hello_world") 228optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_XZ 229testing "tar extract txz" "\ 230uudecode -o input && tar tf input && echo Ok 231" "\ 232hello_world 233Ok 234" \ 235"" "\ 236begin-base64 644 hello_world.txz 237/Td6WFoAAATm1rRGAgAhARYAAAB0L+Wj4AX/AEldADQZSe6ODIZQ3rSQ8kAJ 238SnMPTX+XWGKW3Yu/Rwqg4Ik5wqgQKgVH97J8yA8IvZ4ahaCQogUNHRkXibr2 239Q615wcb2G7fJU49AhWAAAAAAUA8gu9DyXfAAAWWADAAAAB5FXGCxxGf7AgAA 240AAAEWVo= 241==== 242" 243SKIP= 244cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 245 246mkdir tar.tempdir && cd tar.tempdir || exit 1 247# On extract, everything up to and including last ".." component is stripped 248optional FEATURE_TAR_CREATE 249testing "tar strips /../ on extract" "\ 250rm -rf input_* test.tar 2>/dev/null 251mkdir input_dir 252echo Ok >input_dir/file 253tar cf test.tar ./../tar.tempdir/input_dir/../input_dir 2>&1 254rm -rf input_* 2>/dev/null 255tar -vxf test.tar 2>&1 256cat input_dir/file 2>&1 257" "\ 258tar: removing leading './../tar.tempdir/input_dir/../' from member names 259input_dir/ 260input_dir/file 261Ok 262" \ 263"" "" 264SKIP= 265cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 266 267mkdir tar.tempdir && cd tar.tempdir || exit 1 268# attack.tar.bz2 has symlink pointing to a system file 269# followed by a regular file with the same name 270# containing "root::0:0::/root:/bin/sh": 271# lrwxrwxrwx root/root passwd -> /tmp/passwd 272# -rw-r--r-- root/root passwd 273# naive tar implementation may end up creating the symlink 274# and then writing into it. 275# The correct implementation unlinks target before 276# creating the second file. 277# We test that /tmp/passwd remains empty: 278optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2 279testing "tar does not extract into symlinks" "\ 280>>/tmp/passwd && uudecode -o input && tar xf input 2>&1 && rm passwd; cat /tmp/passwd; echo \$? 281" "\ 282tar: can't create symlink 'passwd' to '/tmp/passwd' 2830 284" \ 285"" "\ 286begin-base64 644 attack.tar.bz2 287QlpoOTFBWSZTWRVn/bIAAKt7hMqwAEBAAP2QAhB0Y96AAACACCAAlISgpqe0 288po0DIaDynqAkpDRP1ANAhiYNSPR8VchKhAz0AK59+DA6FcMKBggOARIJdVHL 289DGllrjs20ATUgR1HmccBX3EhoMnpMJaNyggmxgLDMz54lBnBTJO/1L1lbMS4 290l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI= 291==== 292" 293SKIP= 294cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 295 296mkdir tar.tempdir && cd tar.tempdir || exit 1 297# And same with -k 298optional UUDECODE FEATURE_TAR_AUTODETECT FEATURE_SEAMLESS_BZ2 299testing "tar -k does not extract into symlinks" "\ 300>>/tmp/passwd && uudecode -o input && tar xf input -k 2>&1 && rm passwd; cat /tmp/passwd; echo \$? 301" "\ 302tar: can't create symlink 'passwd' to '/tmp/passwd' 3030 304" \ 305"" "\ 306begin-base64 644 attack.tar.bz2 307QlpoOTFBWSZTWRVn/bIAAKt7hMqwAEBAAP2QAhB0Y96AAACACCAAlISgpqe0 308po0DIaDynqAkpDRP1ANAhiYNSPR8VchKhAz0AK59+DA6FcMKBggOARIJdVHL 309DGllrjs20ATUgR1HmccBX3EhoMnpMJaNyggmxgLDMz54lBnBTJO/1L1lbMS4 310l4/V8LDoe90yiWJhOJvIypgEfxdyRThQkBVn/bI= 311==== 312" 313SKIP= 314cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 315 316mkdir tar.tempdir && cd tar.tempdir || exit 1 317optional UNICODE_SUPPORT FEATURE_TAR_GNU_EXTENSIONS FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT 318testing "Pax-encoded UTF8 names and symlinks" '\ 319tar xvf ../tar.utf8.tar.bz2 2>&1; echo $? 320export LANG=en_US.UTF-8 321ls -l etc/ssl/certs/* | sed "s:.*etc/:etc/:" | sort 322unset LANG 323rm -rf etc usr 324' "\ 325etc/ssl/certs/3b2716e5.0 326etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem 327etc/ssl/certs/f80cc7f6.0 328usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt 3290 330etc/ssl/certs/3b2716e5.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem 331etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem -> /usr/share/ca-certificates/mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt 332etc/ssl/certs/f80cc7f6.0 -> EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem 333" \ 334"" "" 335SKIP= 336cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 337 338mkdir tar.tempdir && cd tar.tempdir || exit 1 339optional FEATURE_SEAMLESS_BZ2 FEATURE_TAR_AUTODETECT LS 340testing "Symlink attack: create symlink and then write through it" '\ 341exec 2>&1 342uudecode -o input && tar xvf input; echo $? 343ls /tmp/bb_test_evilfile 344ls bb_test_evilfile 345ls symlink/bb_test_evilfile 346' "\ 347anything.txt 348symlink 349symlink/bb_test_evilfile 350tar: can't create symlink 'symlink' to '/tmp' 3511 352ls: /tmp/bb_test_evilfile: No such file or directory 353ls: bb_test_evilfile: No such file or directory 354symlink/bb_test_evilfile 355" \ 356"" "\ 357begin-base64 644 tar_symlink_attack.tar.bz2 358QlpoOTFBWSZTWZgs7bQAALT/hMmQAFBAAf+AEMAGJPPv32AAAIAIMAC5thlR 359omAjAmCMADQT1BqNE0AEwAAjAEwElTKeo9NTR6h6gaeoA0DQNLVdwZZ5iNTk 360AQwCAV6S00QFJYhrlfFkVCEDEGtgNVqYrI0uK3ggnt30gqk4e1TTQm5QIAKa 361SJqzRGSFLMmOloHSAcvLiFxxRiQtQZF+qPxbo173ZDISOAoNoPN4PQPhBhKS 362n8fYaKlioCTzL2oXYczyUUIP4u5IpwoSEwWdtoA= 363==== 364" 365SKIP= 366cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 367 368mkdir tar.tempdir && cd tar.tempdir || exit 1 369optional FEATURE_TAR_CREATE 370testing "Symlinks and hardlinks coexist" '\ 371mkdir dir 372>dir/a 373ln -s ../dir/a dir/b 374ln dir/b dir/c 375mkdir new 376tar cf - dir/* | tar -C new -xvf - 2>&1 377' "\ 378dir/a 379dir/b 380dir/c 381" \ 382"" "" 383SKIP= 384cd .. || exit 1; rm -rf tar.tempdir 2>/dev/null 385 386exit $FAILCOUNT 387