Commit Graph

192 Commits

Author SHA1 Message Date
Conrad Meyer
63298eb19c restore(8): Prevent some heap overflows
The environment variable TMPDIR was copied unchecked into a fixed-size heap
buffer.  Use a length-limiting snprintf in place of ordinary sprintf to
prevent the overflow.  Long TMPDIR variables can still cause odd truncated
filenames, which may be undesirable.

Reported by:	Coverity (CWE-120)
CIDs:		1006706, 1006707
Sponsored by:	Dell EMC Isilon
2017-04-14 00:14:40 +00:00
Enji Cooper
22289a8c3d sbin: normalize paths using SRCTOP-relative paths or :H when possible
This simplifies make logic/output

MFC after:	1 month
Sponsored by:	Dell EMC Isilon
2017-03-04 11:33:01 +00:00
Warner Losh
fbbd9655e5 Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
Ed Maste
1dc349ab95 prefix UFS symbols with UFS_ to reduce namespace pollution
Specifically:
  ROOTINO -> UFS_ROOTINO
  WINO -> UFS_WINO
  NXADDR -> UFS_NXADDR
  NDADDR -> UFS_NDADDR
  NIADDR -> UFS_NIADDR
  MAXSYMLINKLEN_UFS[12] -> UFS[12]_MAXSYMLINKLEN (for consistency)

Also prefix ext2's and nandfs's NDADDR and NIADDR with EXT2_ and NANDFS_

Reviewed by:	kib, mckusick
Obtained from:	NetBSD
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D9536
2017-02-15 19:50:26 +00:00
Kirk McKusick
8b273fc833 By default, when doing incremental restores the restore program
overwrites an existing file rather than removing it and creating a
new file.  If the old and new version of the file both have extended
attributes and the extended attributes of the two versions of the
file are different, the result is that the new file ends up with
the union of the extended attributes of the old and new files.

To get the behavior of replacing the extended attributes rather
than augmenting them requires explicitly removing the old attributes
and then adding the new ones.

To get this behavior, the old file must be unlinked (which clears
out the old extended attributes).  Then the new file of the same
name must be created and the new extended attributes added to it.

This behavior can be obtained by specifying the -u flag when running
restore.  Rather than defaulting the -u option to on and possibly
breaking existing scripts using restore, this change simply notes
in the restore.8 manual page that the -u flag is recommended when
using restore on filesystems that contain extended attributes.

PR:                     216127
Reported by:            dewayne at heuristicsystems.com.au
Differential Revision:  https://reviews.freebsd.org/D9208
2017-01-22 17:49:14 +00:00
Conrad Meyer
c9bf814804 restore(8): Handle extended attribute names correctly
UFS2 extended attribute names are not NUL-terminated.  Handle
appropriately.

Correct the EXTATTR_BASE_LENGTH() macro, which handled ea_namelength ==
one (mod eight) extended attributes incorrectly.

PR:		216127
Reported by:	dewayne at heuristicsystems.com.au
Reviewed by:	kib@
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D9208
2017-01-18 18:16:57 +00:00
Pedro F. Giffuni
71a53e69d6 restore: promote some getfiles() parameters to size_t.
This is based on a change from OpenBSD:

"Fix restore so that it can actually restore files larger than 4GB by
changing the type of "size" to off_t in getfiles() plus little dependent
type cleanup, from Daniel Lucq."

It is an important for machines with 32 bit longs.
While here unsign the flags, also from OpenBSD.

Obtained from:	OpenBSD (through bitrig, I hate CVS)
MFC after:	2 weeks
2016-05-01 21:17:30 +00:00
Pedro F. Giffuni
24229eeb2f restore: fix resource handle leak.
CID:		1007784
MFC after:	5 days
2016-05-01 02:39:39 +00:00
Pedro F. Giffuni
12527d70ac restore: drop casts for calloc(). 2016-05-01 02:31:22 +00:00
Pedro F. Giffuni
e451cf5f4c restore: fix memory leak.
CID:		272297
MFC after:	5 days
2016-04-30 22:51:09 +00:00
Pedro F. Giffuni
cac8854eb6 restore: use our howmany() instead of reinventing the macro. 2016-04-30 20:05:23 +00:00
Marcelo Araujo
f4b72a8dd2 Use MIN()/MAX() macros from sys/param.h.
MFC after:	2 weeks.
2016-04-21 06:24:13 +00:00
Pedro F. Giffuni
05cfc40ab0 restore: use our roundup2/rounddown2() macros when param.h is available.
While here cleanup a little a malloc call.
2016-04-19 20:47:14 +00:00
Marcelo Araujo
e63ce3de7f malloc will return NULL if it cannot allocate memory.
MFC after:	2 weeks.
2016-04-19 02:00:48 +00:00
Marcelo Araujo
edf6b683e8 Use NULL instead of 0 for pointers.
strchr(3) will return NULL if the character does not appear in the
string.

MFC after:	2 weeks.
2016-04-18 14:08:35 +00:00
Glen Barber
d60840138f MFH
Sponsored by:	The FreeBSD Foundation
2016-04-04 23:55:32 +00:00
Pedro F. Giffuni
8f07cb00a5 restore(8): fix use of uninitialized value.
Prevent uninitialized use of scalar newvol when jumping to gethdr.

CID:	1006491
2016-03-31 02:01:11 +00:00
Glen Barber
406d87b1c3 Explicitly add more files to the 'runtime' package.
Sponsored by:	The FreeBSD Foundation
2016-02-09 20:19:31 +00:00
John-Mark Gurney
9ed7fa550e If you backup a large file that is mostly holes, previously we'd issue
a seek for every block...  For large (Exabyte sized files) this would
issue lots of unneeded seeks, so combine them...

Thanks for the work Jan, sorry took so long to commit...  And an item
completed off the IdeasPage!

Submitted by:	Jan Sucan
2015-11-16 01:29:58 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Jilles Tjoelker
59966d51c6 restore: Preserve timestamps to the nanosecond.
The restore utility already knows the full-resolution timestamps, so the
only thing to do is to stop converting the timespecs to timevals and use
futimens() and utimensat().

Differential Revision:	https://reviews.freebsd.org/D2020
Reviewed by:	jhb
2015-03-14 13:45:43 +00:00
Simon J. Gerraty
9268022b74 Merge from head@274682 2014-11-19 01:07:58 +00:00
Kirk McKusick
73187559a6 When restoring a UFS dump onto a ZFS filesystem, an assertion in
restore was failing because ZFS was reporting a blocksize that was
not a multiple of 1024.  Replace restore's failed assertion with
code that writes restored files in a blocksize that works for
restore (a multiple of 1024) despite being non-optimal for ZFS.

Submitted by: Dmitry Morozovsky
Tested by:    Dmitry Morozovsky
MFC after:    1 week
2014-07-30 14:52:04 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Eitan Adler
50e04779c4 Check the return error of set[e][ug]id. While this can never fail in the
current version of FreeBSD, this isn't guarenteed by the API.
Custom security modules, or future implementations of the setuid and
setgid may fail.

Submitted by:	Erik Cederstrand
Approved by:	cperciva
MFC after:	3 days
2012-10-22 03:07:05 +00:00
Matthew D Fleming
e25a029eb2 Fix sbin/ build with a 64-bit ino_t.
Original code by:	Gleb Kurtsou
2012-09-27 23:31:06 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Kevin Lo
544c5e5b53 Make sure that each va_start has one and only one matching va_end,
especially in error cases.
2012-05-29 01:48:06 +00:00
Joel Dahl
a692c58a90 mdoc: move two sentences from synopsis to description (where they really
belong). With this change, mandoc now formats these manpages properly.
2012-05-23 15:06:13 +00:00
Ulrich Spörlein
2914feeb7e mdoc: make pages render with mandoc
It's a bit more pedantic regarding .Bl list elements. This has an added
benefit of unbreaking the ipfw(8) manpage, where groff was silently
skipping one list element.
2010-10-21 12:27:13 +00:00
Christian Brueffer
589fb6a1d9 Fix grammar in a line of output.
PR:		145343
Submitted by:	Hywel Mallett <hywel@hmallett.co.uk>
MFC after:	1 week
2010-05-12 20:21:44 +00:00
Ulrich Spörlein
8fa03d08ca Fix common misspelling of hierarchy
Pointed out by:		bf1783 at gmail
Approved by:		np (cxgb), kientzle (tar, etc.), philip (mentor)
2010-02-20 10:19:19 +00:00
Jaakko Heinonen
384e3c00a0 Don't try to determine tape block size when the -P option is used.
This was missed in r203157.

PR:		bin/121502
2010-02-13 10:22:07 +00:00
Jaakko Heinonen
9312d906aa - Handle short reads when the -P option is used. Short reads must be
handled when reading from pipes.
- Remove dead code related to the -P option from getvol(). pipein and
  pipecmdin are never set at the same time.

PR:		bin/121502
Approved by:	trasz (mentor)
MFC after:	2 weeks
2010-01-29 10:04:00 +00:00
Jaakko Heinonen
cca1b3aa87 - Cast time_t, int64_t and some int32_t values to intmax_t and use "%jd"
in format strings.
- Use (void) instead of (void *) when discarding strcat(3) return value.
- Format string fixes to match variable types.
- Change canon() len parameter and getcmd() size parameter type from
  int to size_t.
- Style Makefile and increase WARNS to 2.

PR:		bin/140061
Submitted by:	uqs
Approved by:	trasz (mentor)
2010-01-29 10:00:42 +00:00
Edward Tomasz Napierala
ae1add4e55 Make 'struct acl' larger, as required to support NFSv4 ACLs. Provide
compatibility interfaces in both kernel and libc.

Reviewed by:	rwatson
2009-05-22 15:56:43 +00:00
Warner Losh
688ff09fed Restore necessary NUL termination of locname.
Submitted by:	ian dowse
MFC after:	2 days
2009-01-28 16:23:21 +00:00
Kirk McKusick
a73665b028 Fix nits pointed out in PR bin/39905 that have not already been
corrected since it was filed. With this change the PR will be closed.

PR:     bin/39905
2008-05-23 19:17:08 +00:00
Kirk McKusick
4e5867d27e This fixes the "getfile: lost data" panic when restoring dumps
on a 7.0 or later system that were created on a pre-5.0 system.
We must ensure that restore zeros out the previously undefined
birthtime and external attribute size fields when reading dump
tapes made by the UFS1 dump program.

The problem is that UFS2 dump carefully zeros out the unused
birthtime and external attribute size fields in the dump header
when dumping UFS1 filesystems, but the UFS1 dump didn't know about
those fields (they were spares) so just left whatever random junk
was in them. So, when restoring one of these pre-UFS2 dumps,
the new restore would eventually trip across a header that had
a non-zero external attribute size and try to extract it. That
consumed several tape blocks which left it totally out of sync
and very unhappy (i.e., the panic). The fix is in the gethead()
function which modernizes old headers by copying old fields to
their new location (and with this fix) zeroing out previously
undefined fields.

PR:		bin/120881
Review by:	David Malone & Scott Lambert
MFC after:	1 week
2008-05-22 22:19:33 +00:00
Kirk McKusick
67dafe43c1 Follow on to fix 1.51 for "Header with wrong dumpdate" message.
Must ensure that dump tapes from UFS1 filesystems properly copy
old fields of dump headers to new locations. Move check of dumpdate
to follow the code which ensures that the appropriate fields have
been copied.

PR:		bin/118087
Help from:	David Malone, Scott Lambert, Javier Martín Rueda
MFC after:	2 weeks
2008-05-22 22:18:38 +00:00
Kirk McKusick
aed3576d26 restore(8) does not check for write failure while building two temp
files containing directory and ownership data. If /tmp fills, the
console is blasted with zillions of "file system full" errors, and
restore continues on, even though directory and/or ownership data
has been lost. This is particularly likely to happen when running
from the live CD, which has little /tmp space.

PR:         bin/93603, also probably bin/107213
Fix from:   Ken Lalonde
2008-04-14 20:15:53 +00:00
Kirk McKusick
cfbb5cdd50 Avoid printing spurious ``Header with wrong dumpdate.'' message. 2008-04-11 21:51:53 +00:00
Kirk McKusick
c028393d70 Correctly set file group when restore is run by a user other than root. 2008-04-11 21:48:14 +00:00
Warner Losh
52b370fe8e Use safer string handling.
Reviewed by: security-team
2008-04-03 20:37:38 +00:00