aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLasse Collin <lasse.collin@tukaani.org>2023-09-22 02:33:29 +0300
committerLasse Collin <lasse.collin@tukaani.org>2023-09-22 20:16:40 +0300
commit2a9929af0ab7e6c0ab725565034afe3293e51d71 (patch)
tree54d41e87f2aba2ea5d4a1fc84d280f126db26638
parentCMake: Wrap two overlong lines that are possible to wrap. (diff)
downloadxz-2a9929af0ab7e6c0ab725565034afe3293e51d71.tar.xz
xz: Windows: Don't (de)compress to special files like "con" or "nul".
Before this commit, the following writes "foo" to the console and deletes the input file: echo foo | xz > con_xz xz --suffix=_xz --decompress con_xz It cannot happen without --suffix because names like con.xz are also special and so attempting to decompress con.xz (or compress con to con.xz) will already fail when opening the input file. Similar thing is possible when compressing. The following writes to "nul" and the input file "n" is deleted. echo foo | xz > n xz --suffix=ul n Now xz checks if the destination is a special file before continuing. DOS/DJGPP version had a check for this but Windows (and OS/2) didn't.
-rw-r--r--src/xz/file_io.c35
1 files changed, 28 insertions, 7 deletions
diff --git a/src/xz/file_io.c b/src/xz/file_io.c
index f0d895bc..e6e4f158 100644
--- a/src/xz/file_io.c
+++ b/src/xz/file_io.c
@@ -970,20 +970,41 @@ io_open_dest_real(file_pair *pair)
}
}
-#ifndef TUKLIB_DOSLIKE
- // dest_st isn't used on DOS-like systems except as a dummy
- // argument to io_unlink(), so don't fstat() on such systems.
if (fstat(pair->dest_fd, &pair->dest_st)) {
// If fstat() really fails, we have a safe fallback here.
-# if defined(__VMS)
+#if defined(__VMS)
pair->dest_st.st_ino[0] = 0;
pair->dest_st.st_ino[1] = 0;
pair->dest_st.st_ino[2] = 0;
-# else
+#else
pair->dest_st.st_dev = 0;
pair->dest_st.st_ino = 0;
-# endif
- } else if (try_sparse && opt_mode == MODE_DECOMPRESS) {
+#endif
+ }
+#if defined(TUKLIB_DOSLIKE) && !defined(__DJGPP__)
+ // Check that the output file is a regular file. We open with O_EXCL
+ // but that doesn't prevent open()/_open() on Windows from opening
+ // files like "con" or "nul".
+ //
+ // With DJGPP this check is done with stat() even before opening
+ // the output file. That method or a variant of it doesn't work on
+ // Windows because on Windows stat()/_stat64() sets st.st_mode so
+ // that S_ISREG(st.st_mode) will be true even for special files.
+ // With fstat()/_fstat64() it works.
+ else if (pair->dest_fd != STDOUT_FILENO
+ && !S_ISREG(pair->dest_st.st_mode)) {
+ message_error("%s: Destination is not a regular file",
+ pair->dest_name);
+
+ // dest_fd needs to be reset to -1 to keep io_close() working.
+ (void)close(pair->dest_fd);
+ pair->dest_fd = -1;
+
+ free(pair->dest_name);
+ return true;
+ }
+#elif !defined(TUKLIB_DOSLIKE)
+ else if (try_sparse && opt_mode == MODE_DECOMPRESS) {
// When writing to standard output, we need to be extra
// careful:
// - It may be connected to something else than