Harden astreamer tar parsing logic against archives it can't handle. Previously, there was essentially no verification in this code that the input is a tar file at all, let alone that it fits into the subset of valid tar files that we can handle. This was exposed by the discovery that we couldn't handle files that FreeBSD's tar makes, because it's fairly aggressive about converting sparse WAL files into sparse tar entries. To fix:
* Bail out if we find a pax extension header. This covers the sparse-file case, and also protects us against scenarios where the pax header changes other file properties that we care about. (Eventually we may extend the logic to actually handle such headers, but that won't happen in time for v19.) * Be more wary about tar file type codes in general: do not assume that anything that's neither a directory nor a symlink must be a regular file. Instead, we just ignore entries that are none of the three supported types. * Apply pg_dump's isValidTarHeader to verify that a purported header block is actually in tar format. To make this possible, move isValidTarHeader into src/port/tar.c, which is probably where it should have been since that file was created. I also took the opportunity to const-ify the arguments of isValidTarHeader and tarChecksum, and to use symbols not hard-wired constants inside tarChecksum. Back-patch to v18 but not further. Although this code exists inside pg_basebackup in older branches, it's not really exposed in that usage to tar files that weren't generated by our own code, so it doesn't seem worth back-porting these changes across 3c9056981 and f80b09bac. I did choose to include a back-patch of 5868372bb into v18 though, to minimize cosmetic differences between these two branches. Author: Tom Lane <[email protected]> Reviewed-by: Thomas Munro <[email protected]> Discussion: https://postgr.es/m/[email protected]> Backpatch-through: 18 Branch ------ master Details ------- https://git.postgresql.org/pg/commitdiff/bc30c704add5518fbd831a5ad3bc46990c4954cf Modified Files -------------- src/bin/pg_basebackup/astreamer_inject.c | 3 ++- src/bin/pg_dump/pg_backup_archiver.c | 3 ++- src/bin/pg_dump/pg_backup_archiver.h | 2 -- src/bin/pg_dump/pg_backup_tar.c | 25 ------------------- src/bin/pg_verifybackup/astreamer_verify.c | 2 +- src/bin/pg_waldump/archive_waldump.c | 2 +- src/fe_utils/astreamer_file.c | 12 ++++----- src/fe_utils/astreamer_tar.c | 40 ++++++++++++++++++++++++------ src/include/fe_utils/astreamer.h | 4 ++- src/include/pgtar.h | 7 +++++- src/port/tar.c | 37 ++++++++++++++++++++++++--- 11 files changed, 87 insertions(+), 50 deletions(-)
