view lwar/extract.c @ 342:12e2453f8417

Fix potential memory access after free in lw_expr_simplify_go() Thanks to Erik Gavriluk (erik@bombfactory.com) for spotting a missing "else" when attempting to resolve a "special" reference. This could have led to access to memory that had already been freed if a "special" resolved to an expression that also referenced the same special (a circular reference). Whether that can actually happen is questionable but the check must have been added for a reason so it follows that it should be done correctly. This also brings the code in line with similar code resolving symbol references which makes a similar check.
author William Astle <lost@l-w.ca>
date Sat, 14 Mar 2015 14:06:13 -0600
parents 6f4c4d59666f
children 45df37e81741
line wrap: on
line source

/*
extract.c
Copyright © 2009 William Astle

This file is part of LWAR.

LWAR is free software: you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.

This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
more details.

You should have received a copy of the GNU General Public License along with
this program. If not, see <http://www.gnu.org/licenses/>.

*/

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "lwar.h"

void do_extract(void)
{
	FILE *f;
	char buf[8];
	long l;
	int c;
	char fnbuf[1024];
	int i;
	FILE *nf;
	
	f = fopen(archive_file, "rb");
	if (!f)
	{
		perror("Opening archive file");
		exit(1);
	}
	
	(void)(fread(buf, 1, 6, f) && 1);
	if (memcmp("LWAR1V", buf, 6))
	{
		fprintf(stderr, "%s is not a valid archive file.\n", archive_file);
		exit(1);
	}

	for (;;)
	{
		c = fgetc(f);
		if (ferror(f))
		{
			perror("Reading archive file");
			exit(1);
		}
		if (c == EOF)
			return;
		
		
		// find the end of the file name
		if (!c)
			return;
		
		i = 0;
		while (c)
		{
			fnbuf[i++] = c;
			c = fgetc(f);
			if (c == EOF || ferror(f))
			{
				fprintf(stderr, "Bad archive file\n");
				exit(1);
			}
		}
		fnbuf[i] = 0;
		
		// get length of archive member
		l = 0;
		c = fgetc(f);
		l = c << 24;
		c = fgetc(f);
		l |= c << 16;
		c = fgetc(f);
		l |= c << 8;
		c = fgetc(f);
		l |= c;
		
		for (i = 0; i < nfiles; i++)
		{
			if (!strcmp(files[i], fnbuf))
				break;
		}
		if (i < nfiles || nfiles == 0)
		{
			// extract the file
			nf = fopen(fnbuf, "wb");
			if (!nf)
			{
				fprintf(stderr, "Cannot extract '%s': %s\n", fnbuf, strerror(errno));
				exit(1);
			}
			while (l)
			{
				c = fgetc(f);
				fputc(c, nf);
				l--;
			}
			fclose(nf);
		}
		else
		{
			// skip the file
			fseek(f, l, SEEK_CUR);
		}
	}
}