diff options
author | Timo Teräs <timo.teras@iki.fi> | 2020-01-24 10:32:54 +0200 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2020-01-24 10:39:01 +0200 |
commit | 9a76f0d6a6f3deabeba72f4fb2788bd45f929a8a (patch) | |
tree | bfa031ac11c2450f4316167330af7ec3e0374591 | |
parent | d25e5e3879f1a1c1cf6a5bcd82f6cc2eb7288c72 (diff) | |
download | apk-tools-9a76f0d6a6f3deabeba72f4fb2788bd45f929a8a.tar.gz apk-tools-9a76f0d6a6f3deabeba72f4fb2788bd45f929a8a.tar.bz2 apk-tools-9a76f0d6a6f3deabeba72f4fb2788bd45f929a8a.tar.xz apk-tools-9a76f0d6a6f3deabeba72f4fb2788bd45f929a8a.zip |
db: additional clean up and hardening for apk extraction
This enforces all scripts to be in the control block, and
all data files to be in data block. Ignoring of dot files in
root is added back: packages without any real files will
ship one ".dummy" item in the data block to trigger processing
and validation to work.
-rw-r--r-- | src/database.c | 31 |
1 files changed, 16 insertions, 15 deletions
diff --git a/src/database.c b/src/database.c index d7abcca..be46608 100644 --- a/src/database.c +++ b/src/database.c @@ -2381,7 +2381,7 @@ static int apk_db_install_archive_entry(void *_ctx, apk_blob_t name = APK_BLOB_STR(ae->name), bdir, bfile; struct apk_db_dir_instance *diri = ctx->diri; struct apk_db_file *file, *link_target_file = NULL; - int ret = 0, r, type = APK_SCRIPT_INVALID; + int ret = 0, r; char tmpname_file[TMPNAME_MAX], tmpname_link_target[TMPNAME_MAX]; r = apk_sign_ctx_process_file(&ctx->sctx, ae, is); @@ -2390,18 +2390,29 @@ static int apk_db_install_archive_entry(void *_ctx, /* Package metainfo and script processing */ if (ctx->sctx.control_started && !ctx->sctx.data_started) { + if (ae->name[0] != '.') return 0; if (strcmp(ae->name, ".PKGINFO") == 0) { apk_blob_t l, token = APK_BLOB_STR("\n"); while (!APK_BLOB_IS_NULL(l = apk_istream_get_delim(is, token))) read_info_line(ctx, l); return 0; } - if (ae->name[0] == '.') - type = apk_script_type(&ae->name[1]); - if (type == APK_SCRIPT_INVALID) - return 0; + r = apk_script_type(&ae->name[1]); + if (r != APK_SCRIPT_INVALID) { + apk_ipkg_add_script(ipkg, is, r, ae->size); + ctx->script_pending |= (r == ctx->script); + apk_db_run_pending_script(ctx); + } + return 0; } + /* Handle script */ + apk_db_run_pending_script(ctx); + + /* Rest of files need to be inside data portion */ + if (!ctx->sctx.data_started || ae->name[0] == '.') + return 0; + /* Sanity check the file name */ if (ae->name[0] == '/' || strncmp(ae->name, "/./"+1, 3) == 0 || @@ -2414,16 +2425,6 @@ static int apk_db_install_archive_entry(void *_ctx, return 0; } - /* Handle script */ - if (type != APK_SCRIPT_INVALID) { - apk_ipkg_add_script(ipkg, is, type, ae->size); - if (type == ctx->script) - ctx->script_pending = TRUE; - apk_db_run_pending_script(ctx); - return 0; - } - apk_db_run_pending_script(ctx); - /* Installable entry */ ctx->current_file_size = apk_calc_installed_size(ae->size); if (!S_ISDIR(ae->mode)) { |