]> git.wh0rd.org - dump.git/blob - restore/symtab.c
git.wh0rd.org / dump.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Buffer overflow in dump, as reported from Bugtraq
[dump.git] / restore / symtab.c
1 /*
2 * Ported to Linux's Second Extended File System as part of the
3 * dump and restore backup suit
4 * Remy Card <card@Linux.EU.Org>, 1994-1997
5 * Stelian Pop <pop@cybercable.fr>, 1999-2000
6 */
7
8 /*
9 * Copyright (c) 1983, 1993
10 * The Regents of the University of California. All rights reserved.
11 *
12 * Redistribution and use in source and binary forms, with or without
13 * modification, are permitted provided that the following conditions
14 * are met:
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in the
19 * documentation and/or other materials provided with the distribution.
20 * 3. All advertising materials mentioning features or use of this software
21 * must display the following acknowledgement:
22 * This product includes software developed by the University of
23 * California, Berkeley and its contributors.
24 * 4. Neither the name of the University nor the names of its contributors
25 * may be used to endorse or promote products derived from this software
26 * without specific prior written permission.
27 *
28 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
29 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
30 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
31 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
32 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
36 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
37 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 * SUCH DAMAGE.
39 */
40
41 #ifndef lint
42 static const char rcsid[] =
43 "$Id: symtab.c,v 1.8 2000/03/01 10:16:05 stelian Exp $";
44 #endif /* not lint */
45
46 /*
47 * These routines maintain the symbol table which tracks the state
48 * of the file system being restored. They provide lookup by either
49 * name or inode number. They also provide for creation, deletion,
50 * and renaming of entries. Because of the dynamic nature of pathnames,
51 * names should not be saved, but always constructed just before they
52 * are needed, by calling "myname".
53 */
54
55 #include <sys/param.h>
56 #include <sys/stat.h>
57
58 #ifdef __linux__
59 #include <sys/time.h>
60 #include <linux/ext2_fs.h>
61 #include <bsdcompat.h>
62 #else /* __linux__ */
63 #include <ufs/ufs/dinode.h>
64 #endif /* __linux__ */
65
66 #include <errno.h>
67 #include <compaterr.h>
68 #include <fcntl.h>
69 #include <stdio.h>
70 #include <stdlib.h>
71 #include <string.h>
72 #include <unistd.h>
73
74 #ifdef __linux__
75 #include <ext2fs/ext2fs.h>
76 #endif
77
78 #include "restore.h"
79 #include "extern.h"
80
81 /*
82 * The following variables define the inode symbol table.
83 * The primary hash table is dynamically allocated based on
84 * the number of inodes in the file system (maxino), scaled by
85 * HASHFACTOR. The variable "entry" points to the hash table;
86 * the variable "entrytblsize" indicates its size (in entries).
87 */
88 #define HASHFACTOR 5
89 static struct entry **entry;
90 static long entrytblsize;
91
92 static void addino __P((ino_t, struct entry *));
93 static struct entry *lookupparent __P((char *));
94 static void removeentry __P((struct entry *));
95
96 /*
97 * Look up an entry by inode number
98 */
99 struct entry *
100 lookupino(ino_t inum)
101 {
102 register struct entry *ep;
103
104 if (inum < WINO || inum >= maxino)
105 return (NULL);
106 for (ep = entry[inum % entrytblsize]; ep != NULL; ep = ep->e_next)
107 if (ep->e_ino == inum)
108 return (ep);
109 return (NULL);
110 }
111
112 /*
113 * Add an entry into the entry table
114 */
115 static void
116 addino(ino_t inum, struct entry *np)
117 {
118 struct entry **epp;
119
120 if (inum < WINO || inum >= maxino)
121 panic("addino: out of range %d\n", inum);
122 epp = &entry[inum % entrytblsize];
123 np->e_ino = inum;
124 np->e_next = *epp;
125 *epp = np;
126 if (dflag)
127 for (np = np->e_next; np != NULL; np = np->e_next)
128 if (np->e_ino == inum)
129 badentry(np, "duplicate inum");
130 }
131
132 /*
133 * Delete an entry from the entry table
134 */
135 void
136 deleteino(ino_t inum)
137 {
138 register struct entry *next;
139 struct entry **prev;
140
141 if (inum < WINO || inum >= maxino)
142 panic("deleteino: out of range %d\n", inum);
143 prev = &entry[inum % entrytblsize];
144 for (next = *prev; next != NULL; next = next->e_next) {
145 if (next->e_ino == inum) {
146 next->e_ino = 0;
147 *prev = next->e_next;
148 return;
149 }
150 prev = &next->e_next;
151 }
152 panic("deleteino: %d not found\n", inum);
153 }
154
155 /*
156 * Look up an entry by name
157 */
158 struct entry *
159 lookupname(char *name)
160 {
161 register struct entry *ep;
162 register char *np, *cp;
163 char buf[MAXPATHLEN];
164
165 cp = name;
166 for (ep = lookupino(ROOTINO); ep != NULL; ep = ep->e_entries) {
167 for (np = buf; *cp != '/' && *cp != '\0' &&
168 np < &buf[sizeof(buf)]; )
169 *np++ = *cp++;
170 if (np == &buf[sizeof(buf)])
171 break;
172 *np = '\0';
173 for ( ; ep != NULL; ep = ep->e_sibling)
174 if (strcmp(ep->e_name, buf) == 0)
175 break;
176 if (ep == NULL)
177 break;
178 if (*cp++ == '\0')
179 return (ep);
180 }
181 return (NULL);
182 }
183
184 /*
185 * Look up the parent of a pathname
186 */
187 static struct entry *
188 lookupparent(char *name)
189 {
190 struct entry *ep;
191 char *tailindex;
192
193 tailindex = strrchr(name, '/');
194 if (tailindex == NULL)
195 return (NULL);
196 *tailindex = '\0';
197 ep = lookupname(name);
198 *tailindex = '/';
199 if (ep == NULL)
200 return (NULL);
201 if (ep->e_type != NODE)
202 panic("%s is not a directory\n", name);
203 return (ep);
204 }
205
206 /*
207 * Determine the current pathname of a node or leaf
208 */
209 char *
210 myname(struct entry *ep)
211 {
212 register char *cp;
213 static char namebuf[MAXPATHLEN];
214
215 for (cp = &namebuf[MAXPATHLEN - 2]; cp > &namebuf[ep->e_namlen]; ) {
216 cp -= ep->e_namlen;
217 memmove(cp, ep->e_name, (size_t)ep->e_namlen);
218 if (ep == lookupino(ROOTINO))
219 return (cp);
220 *(--cp) = '/';
221 ep = ep->e_parent;
222 }
223 panic("%s: pathname too long\n", cp);
224 return(cp);
225 }
226
227 /*
228 * Unused symbol table entries are linked together on a free list
229 * headed by the following pointer.
230 */
231 static struct entry *freelist = NULL;
232
233 /*
234 * add an entry to the symbol table
235 */
236 struct entry *
237 addentry(char *name, ino_t inum, int type)
238 {
239 register struct entry *np, *ep;
240
241 if (freelist != NULL) {
242 np = freelist;
243 freelist = np->e_next;
244 memset(np, 0, sizeof(struct entry));
245 } else {
246 np = (struct entry *)calloc(1, sizeof(struct entry));
247 if (np == NULL)
248 panic("no memory to extend symbol table\n");
249 }
250 np->e_type = type & ~LINK;
251 ep = lookupparent(name);
252 if (ep == NULL) {
253 if (inum != ROOTINO || lookupino(ROOTINO) != NULL)
254 panic("bad name to addentry %s\n", name);
255 np->e_name = savename(name);
256 np->e_namlen = strlen(name);
257 np->e_parent = np;
258 addino(ROOTINO, np);
259 return (np);
260 }
261 np->e_name = savename(strrchr(name, '/') + 1);
262 np->e_namlen = strlen(np->e_name);
263 np->e_parent = ep;
264 np->e_sibling = ep->e_entries;
265 ep->e_entries = np;
266 if (type & LINK) {
267 ep = lookupino(inum);
268 if (ep == NULL)
269 panic("link to non-existent name\n");
270 np->e_ino = inum;
271 np->e_links = ep->e_links;
272 ep->e_links = np;
273 } else if (inum != 0) {
274 if (lookupino(inum) != NULL)
275 panic("duplicate entry\n");
276 addino(inum, np);
277 }
278 return (np);
279 }
280
281 /*
282 * delete an entry from the symbol table
283 */
284 void
285 freeentry(struct entry *ep)
286 {
287 register struct entry *np;
288 ino_t inum;
289
290 if (ep->e_flags != REMOVED)
291 badentry(ep, "not marked REMOVED");
292 if (ep->e_type == NODE) {
293 if (ep->e_links != NULL)
294 badentry(ep, "freeing referenced directory");
295 if (ep->e_entries != NULL)
296 badentry(ep, "freeing non-empty directory");
297 }
298 if (ep->e_ino != 0) {
299 np = lookupino(ep->e_ino);
300 if (np == NULL)
301 badentry(ep, "lookupino failed");
302 if (np == ep) {
303 inum = ep->e_ino;
304 deleteino(inum);
305 if (ep->e_links != NULL)
306 addino(inum, ep->e_links);
307 } else {
308 for (; np != NULL; np = np->e_links) {
309 if (np->e_links == ep) {
310 np->e_links = ep->e_links;
311 break;
312 }
313 }
314 if (np == NULL)
315 badentry(ep, "link not found");
316 }
317 }
318 removeentry(ep);
319 freename(ep->e_name);
320 ep->e_next = freelist;
321 freelist = ep;
322 }
323
324 /*
325 * Relocate an entry in the tree structure
326 */
327 void
328 moveentry(struct entry *ep, char *newname)
329 {
330 struct entry *np;
331 char *cp;
332
333 np = lookupparent(newname);
334 if (np == NULL)
335 badentry(ep, "cannot move ROOT");
336 if (np != ep->e_parent) {
337 removeentry(ep);
338 ep->e_parent = np;
339 ep->e_sibling = np->e_entries;
340 np->e_entries = ep;
341 }
342 cp = strrchr(newname, '/') + 1;
343 freename(ep->e_name);
344 ep->e_name = savename(cp);
345 ep->e_namlen = strlen(cp);
346 if (strcmp(gentempname(ep), ep->e_name) == 0)
347 ep->e_flags |= TMPNAME;
348 else
349 ep->e_flags &= ~TMPNAME;
350 }
351
352 /*
353 * Remove an entry in the tree structure
354 */
355 static void
356 removeentry(struct entry *ep)
357 {
358 register struct entry *np;
359
360 np = ep->e_parent;
361 if (np->e_entries == ep) {
362 np->e_entries = ep->e_sibling;
363 } else {
364 for (np = np->e_entries; np != NULL; np = np->e_sibling) {
365 if (np->e_sibling == ep) {
366 np->e_sibling = ep->e_sibling;
367 break;
368 }
369 }
370 if (np == NULL)
371 badentry(ep, "cannot find entry in parent list");
372 }
373 }
374
375 /*
376 * Table of unused string entries, sorted by length.
377 *
378 * Entries are allocated in STRTBLINCR sized pieces so that names
379 * of similar lengths can use the same entry. The value of STRTBLINCR
380 * is chosen so that every entry has at least enough space to hold
381 * a "struct strtbl" header. Thus every entry can be linked onto an
382 * appropriate free list.
383 *
384 * NB. The macro "allocsize" below assumes that "struct strhdr"
385 * has a size that is a power of two.
386 */
387 struct strhdr {
388 struct strhdr *next;
389 };
390
391 #define STRTBLINCR (sizeof(struct strhdr))
392 #define allocsize(size) (((size) + 1 + STRTBLINCR - 1) & ~(STRTBLINCR - 1))
393
394 static struct strhdr strtblhdr[allocsize(MAXNAMLEN) / STRTBLINCR];
395
396 /*
397 * Allocate space for a name. It first looks to see if it already
398 * has an appropriate sized entry, and if not allocates a new one.
399 */
400 char *
401 savename(char *name)
402 {
403 struct strhdr *np;
404 long len;
405 char *cp;
406
407 if (name == NULL)
408 panic("bad name\n");
409 len = strlen(name);
410 np = strtblhdr[len / STRTBLINCR].next;
411 if (np != NULL) {
412 strtblhdr[len / STRTBLINCR].next = np->next;
413 cp = (char *)np;
414 } else {
415 cp = malloc((unsigned)allocsize(len));
416 if (cp == NULL)
417 panic("no space for string table\n");
418 }
419 (void) strcpy(cp, name);
420 return (cp);
421 }
422
423 /*
424 * Free space for a name. The resulting entry is linked onto the
425 * appropriate free list.
426 */
427 void
428 freename(char *name)
429 {
430 struct strhdr *tp, *np;
431
432 tp = &strtblhdr[strlen(name) / STRTBLINCR];
433 np = (struct strhdr *)name;
434 np->next = tp->next;
435 tp->next = np;
436 }
437
438 /*
439 * Useful quantities placed at the end of a dumped symbol table.
440 */
441 struct symtableheader {
442 int32_t volno;
443 int32_t stringsize;
444 int32_t entrytblsize;
445 time_t dumptime;
446 time_t dumpdate;
447 ino_t maxino;
448 int32_t ntrec;
449 };
450
451 /*
452 * dump a snapshot of the symbol table
453 */
454 void
455 dumpsymtable(char *filename, long checkpt)
456 {
457 register struct entry *ep, *tep;
458 register ino_t i;
459 struct entry temp, *tentry;
460 long mynum = 1, stroff = 0;
461 FILE *fd;
462 struct symtableheader hdr;
463
464 Vprintf(stdout, "Check pointing the restore\n");
465 if (Nflag)
466 return;
467 if ((fd = fopen(filename, "w")) == NULL) {
468 warn("fopen");
469 panic("cannot create save file %s for symbol table\n",
470 filename);
471 }
472 clearerr(fd);
473 /*
474 * Assign indices to each entry
475 * Write out the string entries
476 */
477 for (i = WINO; i <= maxino; i++) {
478 for (ep = lookupino(i); ep != NULL; ep = ep->e_links) {
479 ep->e_index = mynum++;
480 (void) fwrite(ep->e_name, sizeof(char),
481 (int)allocsize(ep->e_namlen), fd);
482 }
483 }
484 /*
485 * Convert pointers to indexes, and output
486 */
487 tep = &temp;
488 stroff = 0;
489 for (i = WINO; i <= maxino; i++) {
490 for (ep = lookupino(i); ep != NULL; ep = ep->e_links) {
491 memmove(tep, ep, sizeof(struct entry));
492 tep->e_name = (char *)stroff;
493 stroff += allocsize(ep->e_namlen);
494 tep->e_parent = (struct entry *)ep->e_parent->e_index;
495 if (ep->e_links != NULL)
496 tep->e_links =
497 (struct entry *)ep->e_links->e_index;
498 if (ep->e_sibling != NULL)
499 tep->e_sibling =
500 (struct entry *)ep->e_sibling->e_index;
501 if (ep->e_entries != NULL)
502 tep->e_entries =
503 (struct entry *)ep->e_entries->e_index;
504 if (ep->e_next != NULL)
505 tep->e_next =
506 (struct entry *)ep->e_next->e_index;
507 (void) fwrite((char *)tep, sizeof(struct entry), 1, fd);
508 }
509 }
510 /*
511 * Convert entry pointers to indexes, and output
512 */
513 for (i = 0; i < entrytblsize; i++) {
514 if (entry[i] == NULL)
515 tentry = NULL;
516 else
517 tentry = (struct entry *)entry[i]->e_index;
518 (void) fwrite((char *)&tentry, sizeof(struct entry *), 1, fd);
519 }
520 hdr.volno = checkpt;
521 hdr.maxino = maxino;
522 hdr.entrytblsize = entrytblsize;
523 hdr.stringsize = stroff;
524 hdr.dumptime = dumptime;
525 hdr.dumpdate = dumpdate;
526 hdr.ntrec = ntrec;
527 (void) fwrite((char *)&hdr, sizeof(struct symtableheader), 1, fd);
528 if (ferror(fd)) {
529 warn("fwrite");
530 panic("output error to file %s writing symbol table\n",
531 filename);
532 }
533 (void) fclose(fd);
534 }
535
536 /*
537 * Initialize a symbol table from a file
538 */
539 void
540 initsymtable(char *filename)
541 {
542 char *base;
543 long tblsize;
544 register struct entry *ep;
545 struct entry *baseep, *lep;
546 struct symtableheader hdr;
547 struct stat stbuf;
548 register long i;
549 int fd;
550
551 Vprintf(stdout, "Initialize symbol table.\n");
552 if (filename == NULL) {
553 entrytblsize = maxino / HASHFACTOR;
554 entry = (struct entry **)
555 calloc((unsigned)entrytblsize, sizeof(struct entry *));
556 if (entry == (struct entry **)NULL)
557 panic("no memory for entry table\n");
558 ep = addentry(".", ROOTINO, NODE);
559 ep->e_flags |= NEW;
560 return;
561 }
562 if ((fd = open(filename, O_RDONLY, 0)) < 0) {
563 warn("open");
564 panic("cannot open symbol table file %s\n", filename);
565 }
566 if (fstat(fd, &stbuf) < 0) {
567 warn("stat");
568 panic("cannot stat symbol table file %s\n", filename);
569 }
570 tblsize = stbuf.st_size - sizeof(struct symtableheader);
571 base = calloc(sizeof(char), (unsigned)tblsize);
572 if (base == NULL)
573 panic("cannot allocate space for symbol table\n");
574 if (read(fd, base, (int)tblsize) < 0 ||
575 read(fd, (char *)&hdr, sizeof(struct symtableheader)) < 0) {
576 warn("read");
577 panic("cannot read symbol table file %s\n", filename);
578 }
579 switch (command) {
580 case 'r':
581 /*
582 * For normal continuation, insure that we are using
583 * the next incremental tape
584 */
585 if (hdr.dumpdate != dumptime)
586 errx(1, "Incremental tape too %s",
587 (hdr.dumpdate < dumptime) ? "low" : "high");
588 break;
589 case 'R':
590 /*
591 * For restart, insure that we are using the same tape
592 */
593 curfile.action = SKIP;
594 dumptime = hdr.dumptime;
595 dumpdate = hdr.dumpdate;
596 if (!bflag)
597 newtapebuf(hdr.ntrec);
598 getvol(hdr.volno);
599 break;
600 default:
601 panic("initsymtable called from command %c\n", command);
602 break;
603 }
604 maxino = hdr.maxino;
605 entrytblsize = hdr.entrytblsize;
606 entry = (struct entry **)
607 (base + tblsize - (entrytblsize * sizeof(struct entry *)));
608 baseep = (struct entry *)(base + hdr.stringsize - sizeof(struct entry));
609 lep = (struct entry *)entry;
610 for (i = 0; i < entrytblsize; i++) {
611 if (entry[i] == NULL)
612 continue;
613 entry[i] = &baseep[(long)entry[i]];
614 }
615 for (ep = &baseep[1]; ep < lep; ep++) {
616 ep->e_name = base + (long)ep->e_name;
617 ep->e_parent = &baseep[(long)ep->e_parent];
618 if (ep->e_sibling != NULL)
619 ep->e_sibling = &baseep[(long)ep->e_sibling];
620 if (ep->e_links != NULL)
621 ep->e_links = &baseep[(long)ep->e_links];
622 if (ep->e_entries != NULL)
623 ep->e_entries = &baseep[(long)ep->e_entries];
624 if (ep->e_next != NULL)
625 ep->e_next = &baseep[(long)ep->e_next];
626 }
627 }
Unnamed repository; edit this file 'description' to name the repository.