[Toybox] [PATCH] tar: Fix support for long symbolic links

Rob Landley rob at landley.net
Thu Mar 21 09:58:48 PDT 2019


On 3/20/19 7:44 PM, enh via Toybox wrote:
> in case you're curious, the copy of this that was uploaded to AOSP
> (https://android-review.googlesource.com/c/platform/external/toybox/+/931533)
> also included the motivation:
> 
>   We need this to run the tar command that can be found at
> https://01.org/linuxgraphics/gfx-docs/drm/dev-tools/gcov.html#appendix-b-gather-on-test-sh
>
>   When we enable gcov in the kernel, it creates symlinks in debugfs
> with very long target names.
> 
>   lrwxrwxrwx 1 root root 0 1970-01-01 00:00
> /d/gcov/usr/local/google/home/d/a/k/p-dev-msm-bluecross-4.9/out/android-msm-bluecross-4.9/private/msm-google/kernel/smpboot.gcno
> -> /usr/local/google/home/d/a/k/p-dev-msm-bluecross-4.9/out/android-msm-bluecross-4.9/private/msm-google/kernel/.tmp_smpboot.gcno
> 
> (iirc you were looking for some real-world examples of long names...)

As test cases. I already knew they exist out in nature. (With spaces in them and
everything. Go far enough and there's utf8 in filenames that spells out broken
unicode. And then you hotplug a USB stick into a mac an it get Unhappy, and
Linus points and laughs. Sadly as a Google+ comment to somebody else's post so I
there's no obvious way to link directly to it, but various people covered it:

https://www.cio.com/article/2868393/linus-torvalds-apples-hfs-is-probably-the-worst-file-system-ever.html

What I need to test here is files of 99, 100, 101, and 102 character length, the
edge cases of the long and short modes, for name and link.

And I should figure out if "filename with trailing \n in the actual filename" is
an interesting case, because right now you can't specify it either on the
command line (even with exec()) or via any of the file list input methods.
(It'll grab it as part of normal extraction or directory recursion, of course...)

Someone somewhere is probably going to find a way to make that exploitable, but
they probably already have. If you do:

  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>

  int main(int argc, char *argv[])
  {
    open("abcdef\n", O_CREAT|O_TRUNC, 0666);
  }

And then try to tab complete that file, bash gets confused. You can "rm abcdef?"
manually, so you're ok as long as there isn't an abcdefg in the directory...

Rob

P.S. I need to redo the hardlink plumbing entirely, but I've had plans there
ever since mke2fs...


More information about the Toybox mailing list