Enforce 'rdev' (device file major/minor) is 0

Historically OSTree supported device files, but it wasn't useful, and
added attack surface.  Support was removed in

https://git.gnome.org/browse/ostree/commit/?id=62a896350bd54bff5a9413d2ee0fad7ff4364f9a

Perform a further cleanup by enforcing internally that the device
major/minor must be 0.

Conflicts:
	src/libostree/ostree-core.c

diff --git a/src/libostree/ostree-core-private.h b/src/libostree/ostree-core-private.h
index 294edfa5f4b77ddc0d8c288b4bf8b21c8eee925a..5691f921eea0d5126140349a53c53ee4e5dc44fe 100644 (file)
--- a/src/libostree/ostree-core-private.h
+++ b/src/libostree/ostree-core-private.h
@@ -38,7 +38,7 @@ G_BEGIN_DECLS
  * u - uid
  * u - gid
  * u - mode
- * u - rdev
+ * u - rdev (must be 0)
  * s - symlink target 
  * a(ayay) - xattrs
  *
@@ -55,7 +55,7 @@ G_BEGIN_DECLS
  * u - uid
  * u - gid
  * u - mode
- * u - rdev
+ * u - rdev (must be 0)
  * s - symlink target 
  * a(ayay) - xattrs
  * ---

diff --git a/src/libostree/ostree-core.c b/src/libostree/ostree-core.c
index 78dd7112fe9c5cc4263b94b2cd6fbe17282946b2..8483812ff90bcb32f74461e768db9bbe6f984b41 100644 (file)
--- a/src/libostree/ostree-core.c
+++ b/src/libostree/ostree-core.c
@@ -207,7 +207,6 @@ file_header_new (GFileInfo         *file_info,
   guint32 uid;
   guint32 gid;
   guint32 mode;
-  guint32 rdev;
   const char *symlink_target;
   GVariant *ret;
   gs_unref_variant GVariant *tmp_xattrs = NULL;
@@ -215,7 +214,6 @@ file_header_new (GFileInfo         *file_info,
   uid = g_file_info_get_attribute_uint32 (file_info, "unix::uid");
   gid = g_file_info_get_attribute_uint32 (file_info, "unix::gid");
   mode = g_file_info_get_attribute_uint32 (file_info, "unix::mode");
-  rdev = g_file_info_get_attribute_uint32 (file_info, "unix::rdev");
 
   if (g_file_info_get_file_type (file_info) == G_FILE_TYPE_SYMBOLIC_LINK)
     symlink_target = g_file_info_get_symlink_target (file_info);
@@ -226,7 +224,7 @@ file_header_new (GFileInfo         *file_info,
     tmp_xattrs = g_variant_ref_sink (g_variant_new_array (G_VARIANT_TYPE ("(ayay)"), NULL, 0));
 
   ret = g_variant_new ("(uuuus@a(ayay))", GUINT32_TO_BE (uid),
-                       GUINT32_TO_BE (gid), GUINT32_TO_BE (mode), GUINT32_TO_BE (rdev),
+                       GUINT32_TO_BE (gid), GUINT32_TO_BE (mode), 0,
                        symlink_target, xattrs ? xattrs : tmp_xattrs);
   g_variant_ref_sink (ret);
   return ret;
@@ -247,7 +245,6 @@ _ostree_zlib_file_header_new (GFileInfo         *file_info,
   guint32 uid;
   guint32 gid;
   guint32 mode;
-  guint32 rdev;
   const char *symlink_target;
   GVariant *ret;
   gs_unref_variant GVariant *tmp_xattrs = NULL;
@@ -256,7 +253,6 @@ _ostree_zlib_file_header_new (GFileInfo         *file_info,
   uid = g_file_info_get_attribute_uint32 (file_info, "unix::uid");
   gid = g_file_info_get_attribute_uint32 (file_info, "unix::gid");
   mode = g_file_info_get_attribute_uint32 (file_info, "unix::mode");
-  rdev = g_file_info_get_attribute_uint32 (file_info, "unix::rdev");
 
   if (g_file_info_get_file_type (file_info) == G_FILE_TYPE_SYMBOLIC_LINK)
     symlink_target = g_file_info_get_symlink_target (file_info);
@@ -268,7 +264,7 @@ _ostree_zlib_file_header_new (GFileInfo         *file_info,
 
   ret = g_variant_new ("(tuuuus@a(ayay))",
                        GUINT64_TO_BE (size), GUINT32_TO_BE (uid),
-                       GUINT32_TO_BE (gid), GUINT32_TO_BE (mode), GUINT32_TO_BE (rdev),
+                       GUINT32_TO_BE (gid), GUINT32_TO_BE (mode), 0,
                        symlink_target, xattrs ? xattrs : tmp_xattrs);
   g_variant_ref_sink (ret);
   return ret;
@@ -1386,11 +1382,16 @@ file_header_parse (GVariant         *metadata,
   g_variant_get (metadata, "(uuuu&s@a(ayay))",
                  &uid, &gid, &mode, &rdev,
                  &symlink_target, &ret_xattrs);
+  if (rdev != 0)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Corrupted archive file; invalid rdev %u", GUINT32_FROM_BE (rdev));
+      goto out;
+    }
 
   uid = GUINT32_FROM_BE (uid);
   gid = GUINT32_FROM_BE (gid);
   mode = GUINT32_FROM_BE (mode);
-  rdev = GUINT32_FROM_BE (rdev);
 
   ret_file_info = _ostree_header_gfile_info_new (mode, uid, gid);
 
@@ -1442,11 +1443,16 @@ zlib_file_header_parse (GVariant         *metadata,
   g_variant_get (metadata, "(tuuuu&s@a(ayay))", &size,
                  &uid, &gid, &mode, &rdev,
                  &symlink_target, &ret_xattrs);
+  if (rdev != 0)
+    {
+      g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                   "Corrupted archive file; invalid rdev %u", GUINT32_FROM_BE (rdev));
+      goto out;
+    }
 
   uid = GUINT32_FROM_BE (uid);
   gid = GUINT32_FROM_BE (gid);
   mode = GUINT32_FROM_BE (mode);
-  rdev = GUINT32_FROM_BE (rdev);
   ret_file_info = _ostree_header_gfile_info_new (mode, uid, gid);
 
   g_file_info_set_size (ret_file_info, GUINT64_FROM_BE (size));

diff --git a/src/libostree/ostree-repo-libarchive.c b/src/libostree/ostree-repo-libarchive.c
index e25d6231a4a06d8a7150fd1b007332d7d03f68bb..613b493ef0403098bea1a173f2df5c250359a052 100644 (file)
--- a/src/libostree/ostree-repo-libarchive.c
+++ b/src/libostree/ostree-repo-libarchive.c
@@ -67,10 +67,6 @@ file_info_from_archive_entry_and_modifier (OstreeRepo *repo,
     {
       g_file_info_set_attribute_byte_string (info, "standard::symlink-target", archive_entry_symlink (entry));
     }
-  else if (file_type == G_FILE_TYPE_SPECIAL)
-    {
-      g_file_info_set_attribute_uint32 (info, "unix::rdev", st->st_rdev);
-    }
 
   _ostree_repo_commit_modifier_apply (repo, modifier,
                                       archive_entry_pathname (entry),