summaryrefslogtreecommitdiff
path: root/src/io.c
AgeCommit message (Collapse)AuthorFilesLines
2021-12-20io.c: add missing limits.hPaul Spooren1-0/+1
Fixes compilation on MacOS X
2021-12-14everywhere: use stdlib.h for malloc(3) definition, not GNU-specific malloc.hAriadne Conill1-1/+0
musl implements support for malloc.h, but it is only a stub. we do not use any of the GNU-specific malloc interfaces, so just use POSIX stdlib.h instead. ref #10794
2021-07-23db: allow read-only operations without cacheTimo Teräs1-0/+17
fixes #10748
2021-04-11io_archive: add bounds limit for uname and gname tar header fieldsTimo Teräs1-6/+6
Modify apk_resolve_[ug]id to take the user/groupname as a blob, so proper length checking is done and honored. ==31584== Conditional jump or move depends on uninitialised value(s) ==31584== at 0x5C8CA5: strlen (strlen.c:17) ==31584== by 0x432575: APK_BLOB_STR (apk_blob.h:79) ==31584== by 0x4350EB: apk_resolve_uid (io.c:1112) ==31584== by 0x43696C: apk_tar_parse (io_archive.c:152) ==31584== by 0x4271BC: apk_pkg_read (package.c:929) ==31584== by 0x402D75: add_main (app_add.c:163) ==31584== by 0x40D5FF: main (apk-static.c:516) Fixes a potential crash (DoS) on a crafted TAR file. CVE-2021-30139. Reported-by: Sören Tempel <soeren+git@soeren-tempel.net> Reviewed-by: Ariadne Conill <ariadne@dereferenced.org>
2021-04-11io: fix fd leak in error handling pathsTimo Teräs1-5/+20
apk_dir_foreach_file and apk_resolve_[ug]id needs to free the fd in case fdopen/fdopendir fails. Additionally this does not rely on fdopen to fail if openat() returned -1, making sure that we don't call any syscalls with invalid file handle.
2021-02-07io: Handle really long linesOlliver Schinagl1-1/+1
While commit 18b0b45 (io: Handle long lines, Thu Jan 7 17:25:23 2021 +0100) did attempt to address this issue, the buffer really is still to small when dealing with big-big dependency lists. Lets make it sufficiently large for now, until the new APKINDEX format can support multi-line dependencies, making this not needed any more. [TT: Originally the buffer size was conservative to run on resource constrained embedded platforms. But since the available memory on those has also increased much, the adjustment to 128kB makes sense also to increase performance a little bit. Removing also the iolimit test.] Signed-off-by: Olliver Schinagl <oliver@schinagl.nl>
2021-01-11io: Handle long linesthibault.ferrante1-1/+1
As an APKINDEX can become arbitrarely long due to dependencies and other parameters, increasing the buffer size make this less likely to happens. Closes #10731.
2021-01-11database: Propagate errors when loading an APKINDEXthibault.ferrante1-5/+13
In case of failure when loading an APKINDEX, no errors are propagated to the user which may uncorrectly interpret the current problem.
2020-05-19make the atom functions not use global stateTimo Teräs1-7/+4
This greatly helps with memory management on applications that may want to daemonize and open/close database several times. Also the lifetime and "owner" of memory for all data is now explicitly bound to owning struct apk_database, which might be helpful when writing language bindings. As side effect, the interned "atoms" are unique only within what apk_database, so comparing packages from different apk_database may not work as expected. Fixes #10697
2020-05-07use SPDX-License-Identifier in source filesTBK1-3/+1
2020-02-14io: add stream copy helperTimo Teräs1-4/+30
2020-01-25don't ignore md parameter to apk_fileinfo_hash_xattr_array()Reid Rankin1-1/+1
2020-01-11io: use min() instead of MIN()Timo Teräs1-5/+4
2020-01-11io: convert bstream mmap to istream, remove the now obsolete bstream machineryTimo Teräs1-197/+65
2020-01-11convert remaining locations to use istream instead of bstreamTimo Teräs1-87/+110
2020-01-11istream, archive, db: convert db and tar function to use istreamTimo Teräs1-7/+157
2020-01-11istream: add buffering capabilityTimo Teräs1-33/+47
Convert all implementations to do buffering. This is in preparation to remove bstream interface as redundant. istream_read() will return full reads unless end-of-file. The backends can return short reads to optimize buffering or due to other reasons like boundary change for gz.
2020-01-06io: remove the now unused pid association with istreamTimo Teräs1-21/+6
2020-01-06io: remove unused size parameter from bstream closeTimo Teräs1-32/+22
2019-12-18io: use proper base struct types for method implementationsTimo Teräs1-50/+33
2018-10-30fix xattr hash to be sha1Timo Teräs1-1/+1
The hash type was accidentally changed in previous commit. Currently csum->data cannot hold longer hash, so fix the hash.
2018-10-26add support for openssl 1.1Timo Teräs1-19/+26
2018-01-04enable automatic update of indexes controlled by --cache-max-ageTimo Teräs1-5/+7
This modifies apk cache for indexes to be automatically refreshed periodically without explicit 'update' or '--update-cache' usage. The default is to do if-modified-since request if the local copy is older than 4 hours. This age can be changed with --cache-max-age. Using --update-cache will change this age to 60 seconds to make sure the cached copy is relatively new. The small age is in order to try to avoid downloading indexes second time when apk-tools is upgraded and apk re-execs after self-upgrade. Accordingly using explicitly 'apk update' will now enforce --force-refresh and request the very latest index by requesting any potential http proxy to do refresh too.
2017-10-12io: fix skip and splice to detect unexpected end-of-fileTimo Teräs1-28/+19
2017-08-23fix comparison of unsigned expression < 0 is always falseDmitry Golovin1-3/+5
found by clang
2017-06-23io: make io vtables const struct, and add accessors for themTimo Teräs1-36/+58
This reduces function pointers in heap, and unifies how the io functions are called.
2017-02-15add support for pre and post commit hooksHenrik Riomar1-3/+4
This allows for instance integration of etckeeper [TT: Reorganized code a bit, and modified to use single directory commit_hooks.d with argument for script of stage.]
2015-11-09io, database: preserve [am]time for cached and fetched filesTimo Teräs1-0/+58
preserve [am]time for all packages and indexes. this fixes the caching error that 'apk update' is after new index is generated, but before the used mirror is synchronized. this caused local apkindex timestamp to be newer than file in mirror, when in fact it was outdated index. this also fixes fetched files to have build timestamp so that files going to .iso or custom images have proper timestamps (rsync with appropriate --modify-window now works)
2015-10-08io: fix posix_fallocate failure handlingNatanael Copa1-1/+1
We need fall back to a splice buffer if posix_fallocate call fails due to file being a device (eg tty) or a pipe. This fixes apk fetch --stdout.
2015-09-03io: use posix_fallocate to allocate disk spaceTimo Teräs1-3/+8
ftruncate does not allocate it, and subsequent access to mmaped file will result in SIGBUS. this fixes to properly report disk full errors.
2015-06-12fix bstream_from_fd to use mmap when availableTimo Teräs1-1/+2
2015-05-26detect failures in writing to file during final flush of buffersAlex Dowad1-1/+3
In practice this should fix to e.g. not wipe out /etc/apk/world if final flush to /etc/apk/world.new fails. This was prompted by an incident the other day where I ran the root partition of an Alpine box out of space using 'apk add', and apk helpfully wiped the contents of /etc/apk/world at the same time. It might be tricky to try to reproduce exactly the same failure, but from an examination of the code, setting 'rc' before the final call to fdo_flush rather than after is one possible cause of this behavior. (If the entire contents of /etc/apk/world.new are buffered, and all get written out in the final fdo_flush call, and that call fails, fdo_close will still happily rename /etc/apk/world.new to /etc/apk/world.)
2015-04-22io: fix compiler error by including stdint.hAlex Dowad1-0/+1
According to the C standards, uint32_t is defined in stdint.h. Presumably apk is usually built against C libraries where stdint.h is indirectly included through another header file, but this isn't the case with the version of glibc which I am using.
2015-04-13fix tee io error handlingTimo Teräs1-3/+5
use ERR_PTR mechanism, and handle it at all places.
2015-04-08use memmove for copying buffer leftovers, as the ranges may overlapTimo Teräs1-1/+1
issue cought by fortify
2015-04-08unbreak audit after xattr supportTimo Teräs1-2/+1
2015-04-08audit xattrsTimo Teräs1-27/+71
ref #3027
2015-03-11calculate and store checksum of xattrsTimo Teräs1-0/+36
ref #3027
2015-03-10rename file info related functions for consistencyTimo Teräs1-3/+3
2015-03-10extract xattrs from packagesTimo Teräs1-0/+5
ref #3027
2015-03-10rework error handling for write streamsTimo Teräs1-7/+4
2015-03-10rework error handling for read streamsTimo Teräs1-12/+11
2015-01-30remove support for old database location in /varTimo Teräs1-31/+0
the location changed in apk-tools 2.1.0 (March 2011) which was used in Alpine Linux 2.2.
2014-10-08io,url,db: support for if-modified-sinceTimo Teräs1-17/+12
2014-10-07io: fix few error path leaksTimo Teräs1-2/+7
2013-07-04io: use fget{pw,gr}ent_r only on uclibc and glibcTimo Teräs1-4/+23
musl does not have those.
2013-06-17io: get rid of APK_PROGRESS_SCALETimo Teräs1-2/+2
no need to muldiv all the time, just pass the current amount of bytes done, and let callbacks use that directly.
2013-06-17cache: implement progress bar (ref #1170)Timo Teräs1-2/+9
2013-06-17io: fix splice for copying unknown lengthsTimo Teräs1-1/+3
2012-02-23db: keep architecture in $ROOT/etc/apk/archTimo Teräs1-0/+30
This we use proper arch in case modifying chroot installation.
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2024-11-13 11:40:44 +0000