archival/libarchive/get_header_tar.c - nest-cam/v366/busybox - Git at Google

 /* vi: set sw=4 ts=4: */
 /* Licensed under GPLv2 or later, see file LICENSE in this source tree.
  *
  * FIXME:
  *    In privileged mode if uname and gname map to a uid and gid then use the
  *    mapped value instead of the uid/gid values in tar header
  *
  * References:
  *    GNU tar and star man pages,
  *    Opengroup's ustar interchange format,
  *    http://www.opengroup.org/onlinepubs/007904975/utilities/pax.html
  */

 #include "libbb.h"
 #include "archive.h"

 typedef uint32_t aliased_uint32_t FIX_ALIASING;
 typedef off_t    aliased_off_t    FIX_ALIASING;


 const char* FAST_FUNC strip_unsafe_prefix(const char *str)
 {
 	const char *cp = str;
 	while (1) {
 		char *cp2;
 		if (*cp == '/') {
 			cp++;
 			continue;
 		}
 		if (strncmp(cp, "/../"+1, 3) == 0) {
 			cp += 3;
 			continue;
 		}
 		cp2 = strstr(cp, "/../");
 		if (!cp2)
 			break;
 		cp = cp2 + 4;
 	}
 	if (cp != str) {
 		static smallint warned = 0;
 		if (!warned) {
 			warned = 1;
 			bb_error_msg("removing leading '%.*s' from member names",
 				(int)(cp - str), str);
 		}
 	}
 	return cp;
 }

 /* NB: _DESTROYS_ str[len] character! */
 static unsigned long long getOctal(char *str, int len)
 {
 	unsigned long long v;
 	char *end;
 	/* NB: leading spaces are allowed. Using strtoull to handle that.
 	 * The downside is that we accept e.g. "-123" too :(
 	 */
 	str[len] = '\0';
 	v = strtoull(str, &end, 8);
 	/* std: "Each numeric field is terminated by one or more
 	 * <space> or NUL characters". We must support ' '! */
 	if (*end != '\0' && *end != ' ') {
 		int8_t first = str[0];
 		if (!(first & 0x80))
 			bb_error_msg_and_die("corrupted octal value in tar header");
 		/*
 		 * GNU tar uses "base-256 encoding" for very large numbers.
 		 * Encoding is binary, with highest bit always set as a marker
 		 * and sign in next-highest bit:
 		 * 80 00 .. 00 - zero
 		 * bf ff .. ff - largest positive number
 		 * ff ff .. ff - minus 1
 		 * c0 00 .. 00 - smallest negative number
 		 *
 		 * Example of tar file with 8914993153 (0x213600001) byte file.
 		 * Field starts at offset 7c:
 		 * 00070  30 30 30 00 30 30 30 30  30 30 30 00 80 00 00 00  |000.0000000.....|
 		 * 00080  00 00 00 02 13 60 00 01  31 31 31 32 30 33 33 36  |.....`..11120336|
 		 *
 		 * NB: tarballs with NEGATIVE unix times encoded that way were seen!
 		 */
 		v = first;
 		/* Sign-extend using 6th bit: */
 		v <<= sizeof(unsigned long long)*8 - 7;
 		v = (long long)v >> (sizeof(unsigned long long)*8 - 7);
 		while (--len != 0)
 			v = (v << 8) + (unsigned char) *str++;
 	}
 	return v;
 }
 #define GET_OCTAL(a) getOctal((a), sizeof(a))

 #if ENABLE_FEATURE_TAR_SELINUX
 /* Scan a PAX header for SELinux contexts, via "RHT.security.selinux" keyword.
  * This is what Red Hat's patched version of tar uses.
  */
 # define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
 static char *get_selinux_sctx_from_pax_hdr(archive_handle_t *archive_handle, unsigned sz)
 {
 	char *buf, *p;
 	char *result;

 	p = buf = xmalloc(sz + 1);
 	/* prevent bb_strtou from running off the buffer */
 	buf[sz] = '\0';
 	xread(archive_handle->src_fd, buf, sz);
 	archive_handle->offset += sz;

 	result = NULL;
 	while (sz != 0) {
 		char *end, *value;
 		unsigned len;

 		/* Every record has this format: "LEN NAME=VALUE\n" */
 		len = bb_strtou(p, &end, 10);
 		/* expect errno to be EINVAL, because the character
 		 * following the digits should be a space
 		 */
 		p += len;
 		sz -= len;
 		if ((int)sz < 0
 		 || len == 0
 		 || errno != EINVAL
 		 || *end != ' '
 		) {
 			bb_error_msg("malformed extended header, skipped");
 			// More verbose version:
 			//bb_error_msg("malformed extended header at %"OFF_FMT"d, skipped",
 			//		archive_handle->offset - (sz + len));
 			break;
 		}
 		/* overwrite the terminating newline with NUL
 		 * (we do not bother to check that it *was* a newline)
 		 */
 		p[-1] = '\0';
 		/* Is it selinux security context? */
 		value = end + 1;
 		if (strncmp(value, SELINUX_CONTEXT_KEYWORD"=", sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1) == 0) {
 			value += sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1;
 			result = xstrdup(value);
 			break;
 		}
 	}

 	free(buf);
 	return result;
 }
 #endif

 char FAST_FUNC get_header_tar(archive_handle_t *archive_handle)
 {
 	file_header_t *file_header = archive_handle->file_header;
 	struct tar_header_t tar;
 	char *cp;
 	int i, sum_u, sum;
 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
 	int sum_s;
 #endif
 	int parse_names;

 	/* Our "private data" */
 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
 # define p_longname (archive_handle->tar__longname)
 # define p_linkname (archive_handle->tar__linkname)
 #else
 # define p_longname 0
 # define p_linkname 0
 #endif

 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS || ENABLE_FEATURE_TAR_SELINUX
  again:
 #endif
 	/* Align header */
 	data_align(archive_handle, 512);

  again_after_align:

 #if ENABLE_DESKTOP || ENABLE_FEATURE_TAR_AUTODETECT
 	/* to prevent misdetection of bz2 sig */
 	*(aliased_uint32_t*)&tar = 0;
 	i = full_read(archive_handle->src_fd, &tar, 512);
 	/* If GNU tar sees EOF in above read, it says:
 	 * "tar: A lone zero block at N", where N = kilobyte
 	 * where EOF was met (not EOF block, actual EOF!),
 	 * and exits with EXIT_SUCCESS.
 	 * We will mimic exit(EXIT_SUCCESS), although we will not mimic
 	 * the message and we don't check whether we indeed
 	 * saw zero block directly before this. */
 	if (i == 0) {
 		xfunc_error_retval = 0;
  short_read:
 		bb_error_msg_and_die("short read");
 	}
 	if (i != 512) {
 		IF_FEATURE_TAR_AUTODETECT(goto autodetect;)
 		goto short_read;
 	}

 #else
 	i = 512;
 	xread(archive_handle->src_fd, &tar, i);
 #endif
 	archive_handle->offset += i;

 	/* If there is no filename its an empty header */
 	if (tar.name[0] == 0 && tar.prefix[0] == 0) {
 		if (archive_handle->tar__end) {
 			/* Second consecutive empty header - end of archive.
 			 * Read until the end to empty the pipe from gz or bz2
 			 */
 			while (full_read(archive_handle->src_fd, &tar, 512) == 512)
 				continue;
 			return EXIT_FAILURE;
 		}
 		archive_handle->tar__end = 1;
 		return EXIT_SUCCESS;
 	}
 	archive_handle->tar__end = 0;

 	/* Check header has valid magic, "ustar" is for the proper tar,
 	 * five NULs are for the old tar format  */
 	if (strncmp(tar.magic, "ustar", 5) != 0
 	 && (!ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
 	     || memcmp(tar.magic, "\0\0\0\0", 5) != 0)
 	) {
 #if ENABLE_FEATURE_TAR_AUTODETECT
 		char FAST_FUNC (*get_header_ptr)(archive_handle_t *);
 		uint16_t magic2;

  autodetect:
 		magic2 = *(bb__aliased_uint16_t*)tar.name;
 		/* tar gz/bz autodetect: check for gz/bz2 magic.
 		 * If we see the magic, and it is the very first block,
 		 * we can switch to get_header_tar_gz/bz2/lzma().
 		 * Needs seekable fd. I wish recv(MSG_PEEK) works
 		 * on any fd... */
 # if ENABLE_FEATURE_SEAMLESS_GZ
 		if (magic2 == GZIP_MAGIC) {
 			get_header_ptr = get_header_tar_gz;
 		} else
 # endif
 # if ENABLE_FEATURE_SEAMLESS_BZ2
 		if (magic2 == BZIP2_MAGIC
 		 && tar.name[2] == 'h' && isdigit(tar.name[3])
 		) { /* bzip2 */
 			get_header_ptr = get_header_tar_bz2;
 		} else
 # endif
 # if ENABLE_FEATURE_SEAMLESS_XZ
 		//TODO: if (magic2 == XZ_MAGIC1)...
 		//else
 # endif
 			goto err;
 		/* Two different causes for lseek() != 0:
 		 * unseekable fd (would like to support that too, but...),
 		 * or not first block (false positive, it's not .gz/.bz2!) */
 		if (lseek(archive_handle->src_fd, -i, SEEK_CUR) != 0)
 			goto err;
 		while (get_header_ptr(archive_handle) == EXIT_SUCCESS)
 			continue;
 		return EXIT_FAILURE;
  err:
 #endif /* FEATURE_TAR_AUTODETECT */
 		bb_error_msg_and_die("invalid tar magic");
 	}

 	/* Do checksum on headers.
 	 * POSIX says that checksum is done on unsigned bytes, but
 	 * Sun and HP-UX gets it wrong... more details in
 	 * GNU tar source. */
 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
 	sum_s = ' ' * sizeof(tar.chksum);
 #endif
 	sum_u = ' ' * sizeof(tar.chksum);
 	for (i = 0; i < 148; i++) {
 		sum_u += ((unsigned char*)&tar)[i];
 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
 		sum_s += ((signed char*)&tar)[i];
 #endif
 	}
 	for (i = 156; i < 512; i++) {
 		sum_u += ((unsigned char*)&tar)[i];
 #if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
 		sum_s += ((signed char*)&tar)[i];
 #endif
 	}
 	/* This field does not need special treatment (getOctal) */
 	{
 		char *endp; /* gcc likes temp var for &endp */
 		sum = strtoul(tar.chksum, &endp, 8);
 		if ((*endp != '\0' && *endp != ' ')
 		 || (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum))
 		) {
 			bb_error_msg_and_die("invalid tar header checksum");
 		}
 	}
 	/* don't use xstrtoul, tar.chksum may have leading spaces */
 	sum = strtoul(tar.chksum, NULL, 8);
 	if (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum)) {
 		bb_error_msg_and_die("invalid tar header checksum");
 	}

 	/* 0 is reserved for high perf file, treat as normal file */
 	if (!tar.typeflag) tar.typeflag = '0';
 	parse_names = (tar.typeflag >= '0' && tar.typeflag <= '7');

 	/* getOctal trashes subsequent field, therefore we call it
 	 * on fields in reverse order */
 	if (tar.devmajor[0]) {
 		char t = tar.prefix[0];
 		/* we trash prefix[0] here, but we DO need it later! */
 		unsigned minor = GET_OCTAL(tar.devminor);
 		unsigned major = GET_OCTAL(tar.devmajor);
 		file_header->device = makedev(major, minor);
 		tar.prefix[0] = t;
 	}
 	file_header->link_target = NULL;
 	if (!p_linkname && parse_names && tar.linkname[0]) {
 		file_header->link_target = xstrndup(tar.linkname, sizeof(tar.linkname));
 		/* FIXME: what if we have non-link object with link_target? */
 		/* Will link_target be free()ed? */
 	}
 #if ENABLE_FEATURE_TAR_UNAME_GNAME
 	file_header->tar__uname = tar.uname[0] ? xstrndup(tar.uname, sizeof(tar.uname)) : NULL;
 	file_header->tar__gname = tar.gname[0] ? xstrndup(tar.gname, sizeof(tar.gname)) : NULL;
 #endif
 	file_header->mtime = GET_OCTAL(tar.mtime);
 	file_header->size = GET_OCTAL(tar.size);
 	file_header->gid = GET_OCTAL(tar.gid);
 	file_header->uid = GET_OCTAL(tar.uid);
 	/* Set bits 0-11 of the files mode */
 	file_header->mode = 07777 & GET_OCTAL(tar.mode);

 	file_header->name = NULL;
 	if (!p_longname && parse_names) {
 		/* we trash mode[0] here, it's ok */
 		//tar.name[sizeof(tar.name)] = '\0'; - gcc 4.3.0 would complain
 		tar.mode[0] = '\0';
 		if (tar.prefix[0]) {
 			/* and padding[0] */
 			//tar.prefix[sizeof(tar.prefix)] = '\0'; - gcc 4.3.0 would complain
 			tar.padding[0] = '\0';
 			file_header->name = concat_path_file(tar.prefix, tar.name);
 		} else
 			file_header->name = xstrdup(tar.name);
 	}

 	/* Set bits 12-15 of the files mode */
 	/* (typeflag was not trashed because chksum does not use getOctal) */
 	switch (tar.typeflag) {
 	case '1': /* hardlink */
 		/* we mark hardlinks as regular files with zero size and a link name */
 		file_header->mode |= S_IFREG;
 		/* on size of link fields from star(4)
 		 * ... For tar archives written by pre POSIX.1-1988
 		 * implementations, the size field usually contains the size of
 		 * the file and needs to be ignored as no data may follow this
 		 * header type.  For POSIX.1- 1988 compliant archives, the size
 		 * field needs to be 0.  For POSIX.1-2001 compliant archives,
 		 * the size field may be non zero, indicating that file data is
 		 * included in the archive.
 		 * i.e; always assume this is zero for safety.
 		 */
 		goto size0;
 	case '7':
 	/* case 0: */
 	case '0':
 #if ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
 		if (last_char_is(file_header->name, '/')) {
 			goto set_dir;
 		}
 #endif
 		file_header->mode |= S_IFREG;
 		break;
 	case '2':
 		file_header->mode |= S_IFLNK;
 		/* have seen tarballs with size field containing
 		 * the size of the link target's name */
  size0:
 		file_header->size = 0;
 		break;
 	case '3':
 		file_header->mode |= S_IFCHR;
 		goto size0; /* paranoia */
 	case '4':
 		file_header->mode |= S_IFBLK;
 		goto size0;
 	case '5':
  IF_FEATURE_TAR_OLDGNU_COMPATIBILITY(set_dir:)
 		file_header->mode |= S_IFDIR;
 		goto size0;
 	case '6':
 		file_header->mode |= S_IFIFO;
 		goto size0;
 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
 	case 'L':
 		/* free: paranoia: tar with several consecutive longnames */
 		free(p_longname);
 		/* For paranoia reasons we allocate extra NUL char */
 		p_longname = xzalloc(file_header->size + 1);
 		/* We read ASCIZ string, including NUL */
 		xread(archive_handle->src_fd, p_longname, file_header->size);
 		archive_handle->offset += file_header->size;
 		/* return get_header_tar(archive_handle); */
 		/* gcc 4.1.1 didn't optimize it into jump */
 		/* so we will do it ourself, this also saves stack */
 		goto again;
 	case 'K':
 		free(p_linkname);
 		p_linkname = xzalloc(file_header->size + 1);
 		xread(archive_handle->src_fd, p_linkname, file_header->size);
 		archive_handle->offset += file_header->size;
 		/* return get_header_tar(archive_handle); */
 		goto again;
 	case 'D':	/* GNU dump dir */
 	case 'M':	/* Continuation of multi volume archive */
 	case 'N':	/* Old GNU for names > 100 characters */
 	case 'S':	/* Sparse file */
 	case 'V':	/* Volume header */
 #endif
 #if !ENABLE_FEATURE_TAR_SELINUX
 	case 'g':	/* pax global header */
 	case 'x':	/* pax extended header */
 #else
  skip_ext_hdr:
 #endif
 	{
 		off_t sz;
 		bb_error_msg("warning: skipping header '%c'", tar.typeflag);
 		sz = (file_header->size + 511) & ~(off_t)511;
 		archive_handle->offset += sz;
 		sz >>= 9; /* sz /= 512 but w/o contortions for signed div */
 		while (sz--)
 			xread(archive_handle->src_fd, &tar, 512);
 		/* return get_header_tar(archive_handle); */
 		goto again_after_align;
 	}
 #if ENABLE_FEATURE_TAR_SELINUX
 	case 'g':	/* pax global header */
 	case 'x': {	/* pax extended header */
 		char **pp;
 		if ((uoff_t)file_header->size > 0xfffff) /* paranoia */
 			goto skip_ext_hdr;
 		pp = (tar.typeflag == 'g') ? &archive_handle->tar__global_sctx : &archive_handle->tar__next_file_sctx;
 		free(*pp);
 		*pp = get_selinux_sctx_from_pax_hdr(archive_handle, file_header->size);
 		goto again;
 	}
 #endif
 	default:
 		bb_error_msg_and_die("unknown typeflag: 0x%x", tar.typeflag);
 	}

 #if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
 	if (p_longname) {
 		file_header->name = p_longname;
 		p_longname = NULL;
 	}
 	if (p_linkname) {
 		file_header->link_target = p_linkname;
 		p_linkname = NULL;
 	}
 #endif

 	/* Everything up to and including last ".." component is stripped */
 	overlapping_strcpy(file_header->name, strip_unsafe_prefix(file_header->name));

 	/* Strip trailing '/' in directories */
 	/* Must be done after mode is set as '/' is used to check if it's a directory */
 	cp = last_char_is(file_header->name, '/');

 	if (archive_handle->filter(archive_handle) == EXIT_SUCCESS) {
 		archive_handle->action_header(/*archive_handle->*/ file_header);
 		/* Note that we kill the '/' only after action_header() */
 		/* (like GNU tar 1.15.1: verbose mode outputs "dir/dir/") */
 		if (cp)
 			*cp = '\0';
 		archive_handle->action_data(archive_handle);
 		if (archive_handle->accept || archive_handle->reject)
 			llist_add_to(&archive_handle->passed, file_header->name);
 		else /* Caller isn't interested in list of unpacked files */
 			free(file_header->name);
 	} else {
 		data_skip(archive_handle);
 		free(file_header->name);
 	}
 	archive_handle->offset += file_header->size;

 	free(file_header->link_target);
 	/* Do not free(file_header->name)!
 	 * It might be inserted in archive_handle->passed - see above */
 #if ENABLE_FEATURE_TAR_UNAME_GNAME
 	free(file_header->tar__uname);
 	free(file_header->tar__gname);
 #endif
 	return EXIT_SUCCESS;
 }
	/* vi: set sw=4 ts=4: */
	/* Licensed under GPLv2 or later, see file LICENSE in this source tree.
	*
	* FIXME:
	* In privileged mode if uname and gname map to a uid and gid then use the
	* mapped value instead of the uid/gid values in tar header
	*
	* References:
	* GNU tar and star man pages,
	* Opengroup's ustar interchange format,
	* http://www.opengroup.org/onlinepubs/007904975/utilities/pax.html
	*/

	#include "libbb.h"
	#include "archive.h"

	typedef uint32_t aliased_uint32_t FIX_ALIASING;
	typedef off_t aliased_off_t FIX_ALIASING;


	const char* FAST_FUNC strip_unsafe_prefix(const char *str)
	{
	const char *cp = str;
	while (1) {
	char *cp2;
	if (*cp == '/') {
	cp++;
	continue;
	}
	if (strncmp(cp, "/../"+1, 3) == 0) {
	cp += 3;
	continue;
	}
	cp2 = strstr(cp, "/../");
	if (!cp2)
	break;
	cp = cp2 + 4;
	}
	if (cp != str) {
	static smallint warned = 0;
	if (!warned) {
	warned = 1;
	bb_error_msg("removing leading '%.*s' from member names",
	(int)(cp - str), str);
	}
	}
	return cp;
	}

	/* NB: _DESTROYS_ str[len] character! */
	static unsigned long long getOctal(char *str, int len)
	{
	unsigned long long v;
	char *end;
	/* NB: leading spaces are allowed. Using strtoull to handle that.
	* The downside is that we accept e.g. "-123" too :(
	*/
	str[len] = '\0';
	v = strtoull(str, &end, 8);
	/* std: "Each numeric field is terminated by one or more
	* <space> or NUL characters". We must support ' '! */
	if (end != '\0' && end != ' ') {
	int8_t first = str[0];
	if (!(first & 0x80))
	bb_error_msg_and_die("corrupted octal value in tar header");
	/*
	* GNU tar uses "base-256 encoding" for very large numbers.
	* Encoding is binary, with highest bit always set as a marker
	* and sign in next-highest bit:
	* 80 00 .. 00 - zero
	* bf ff .. ff - largest positive number
	* ff ff .. ff - minus 1
	* c0 00 .. 00 - smallest negative number
	*
	* Example of tar file with 8914993153 (0x213600001) byte file.
	* Field starts at offset 7c:
	* 00070 30 30 30 00 30 30 30 30 30 30 30 00 80 00 00 00 \|000.0000000.....\|
	* 00080 00 00 00 02 13 60 00 01 31 31 31 32 30 33 33 36 \|.....`..11120336\|
	*
	* NB: tarballs with NEGATIVE unix times encoded that way were seen!
	*/
	v = first;
	/* Sign-extend using 6th bit: */
	v <<= sizeof(unsigned long long)*8 - 7;
	v = (long long)v >> (sizeof(unsigned long long)*8 - 7);
	while (--len != 0)
	v = (v << 8) + (unsigned char) *str++;
	}
	return v;
	}
	#define GET_OCTAL(a) getOctal((a), sizeof(a))

	#if ENABLE_FEATURE_TAR_SELINUX
	/* Scan a PAX header for SELinux contexts, via "RHT.security.selinux" keyword.
	* This is what Red Hat's patched version of tar uses.
	*/
	# define SELINUX_CONTEXT_KEYWORD "RHT.security.selinux"
	static char get_selinux_sctx_from_pax_hdr(archive_handle_t archive_handle, unsigned sz)
	{
	char buf, p;
	char *result;

	p = buf = xmalloc(sz + 1);
	/* prevent bb_strtou from running off the buffer */
	buf[sz] = '\0';
	xread(archive_handle->src_fd, buf, sz);
	archive_handle->offset += sz;

	result = NULL;
	while (sz != 0) {
	char end, value;
	unsigned len;

	/* Every record has this format: "LEN NAME=VALUE\n" */
	len = bb_strtou(p, &end, 10);
	/* expect errno to be EINVAL, because the character
	* following the digits should be a space
	*/
	p += len;
	sz -= len;
	if ((int)sz < 0
	\|\| len == 0
	\|\| errno != EINVAL
	\|\| *end != ' '
	) {
	bb_error_msg("malformed extended header, skipped");
	// More verbose version:
	//bb_error_msg("malformed extended header at %"OFF_FMT"d, skipped",
	// archive_handle->offset - (sz + len));
	break;
	}
	/* overwrite the terminating newline with NUL
	* (we do not bother to check that it was a newline)
	*/
	p[-1] = '\0';
	/* Is it selinux security context? */
	value = end + 1;
	if (strncmp(value, SELINUX_CONTEXT_KEYWORD"=", sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1) == 0) {
	value += sizeof(SELINUX_CONTEXT_KEYWORD"=") - 1;
	result = xstrdup(value);
	break;
	}
	}

	free(buf);
	return result;
	}
	#endif

	char FAST_FUNC get_header_tar(archive_handle_t *archive_handle)
	{
	file_header_t *file_header = archive_handle->file_header;
	struct tar_header_t tar;
	char *cp;
	int i, sum_u, sum;
	#if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
	int sum_s;
	#endif
	int parse_names;

	/* Our "private data" */
	#if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
	# define p_longname (archive_handle->tar__longname)
	# define p_linkname (archive_handle->tar__linkname)
	#else
	# define p_longname 0
	# define p_linkname 0
	#endif

	#if ENABLE_FEATURE_TAR_GNU_EXTENSIONS \|\| ENABLE_FEATURE_TAR_SELINUX
	again:
	#endif
	/* Align header */
	data_align(archive_handle, 512);

	again_after_align:

	#if ENABLE_DESKTOP \|\| ENABLE_FEATURE_TAR_AUTODETECT
	/* to prevent misdetection of bz2 sig */
	(aliased_uint32_t)&tar = 0;
	i = full_read(archive_handle->src_fd, &tar, 512);
	/* If GNU tar sees EOF in above read, it says:
	* "tar: A lone zero block at N", where N = kilobyte
	* where EOF was met (not EOF block, actual EOF!),
	* and exits with EXIT_SUCCESS.
	* We will mimic exit(EXIT_SUCCESS), although we will not mimic
	* the message and we don't check whether we indeed
	* saw zero block directly before this. */
	if (i == 0) {
	xfunc_error_retval = 0;
	short_read:
	bb_error_msg_and_die("short read");
	}
	if (i != 512) {
	IF_FEATURE_TAR_AUTODETECT(goto autodetect;)
	goto short_read;
	}

	#else
	i = 512;
	xread(archive_handle->src_fd, &tar, i);
	#endif
	archive_handle->offset += i;

	/* If there is no filename its an empty header */
	if (tar.name[0] == 0 && tar.prefix[0] == 0) {
	if (archive_handle->tar__end) {
	/* Second consecutive empty header - end of archive.
	* Read until the end to empty the pipe from gz or bz2
	*/
	while (full_read(archive_handle->src_fd, &tar, 512) == 512)
	continue;
	return EXIT_FAILURE;
	}
	archive_handle->tar__end = 1;
	return EXIT_SUCCESS;
	}
	archive_handle->tar__end = 0;

	/* Check header has valid magic, "ustar" is for the proper tar,
	* five NULs are for the old tar format */
	if (strncmp(tar.magic, "ustar", 5) != 0
	&& (!ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
	\|\| memcmp(tar.magic, "\0\0\0\0", 5) != 0)
	) {
	#if ENABLE_FEATURE_TAR_AUTODETECT
	char FAST_FUNC (get_header_ptr)(archive_handle_t );
	uint16_t magic2;

	autodetect:
	magic2 = (bb__aliased_uint16_t)tar.name;
	/* tar gz/bz autodetect: check for gz/bz2 magic.
	* If we see the magic, and it is the very first block,
	* we can switch to get_header_tar_gz/bz2/lzma().
	* Needs seekable fd. I wish recv(MSG_PEEK) works
	* on any fd... */
	# if ENABLE_FEATURE_SEAMLESS_GZ
	if (magic2 == GZIP_MAGIC) {
	get_header_ptr = get_header_tar_gz;
	} else
	# endif
	# if ENABLE_FEATURE_SEAMLESS_BZ2
	if (magic2 == BZIP2_MAGIC
	&& tar.name[2] == 'h' && isdigit(tar.name[3])
	) { /* bzip2 */
	get_header_ptr = get_header_tar_bz2;
	} else
	# endif
	# if ENABLE_FEATURE_SEAMLESS_XZ
	//TODO: if (magic2 == XZ_MAGIC1)...
	//else
	# endif
	goto err;
	/* Two different causes for lseek() != 0:
	* unseekable fd (would like to support that too, but...),
	* or not first block (false positive, it's not .gz/.bz2!) */
	if (lseek(archive_handle->src_fd, -i, SEEK_CUR) != 0)
	goto err;
	while (get_header_ptr(archive_handle) == EXIT_SUCCESS)
	continue;
	return EXIT_FAILURE;
	err:
	#endif /* FEATURE_TAR_AUTODETECT */
	bb_error_msg_and_die("invalid tar magic");
	}

	/* Do checksum on headers.
	* POSIX says that checksum is done on unsigned bytes, but
	* Sun and HP-UX gets it wrong... more details in
	* GNU tar source. */
	#if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
	sum_s = ' ' * sizeof(tar.chksum);
	#endif
	sum_u = ' ' * sizeof(tar.chksum);
	for (i = 0; i < 148; i++) {
	sum_u += ((unsigned char*)&tar)[i];
	#if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
	sum_s += ((signed char*)&tar)[i];
	#endif
	}
	for (i = 156; i < 512; i++) {
	sum_u += ((unsigned char*)&tar)[i];
	#if ENABLE_FEATURE_TAR_OLDSUN_COMPATIBILITY
	sum_s += ((signed char*)&tar)[i];
	#endif
	}
	/* This field does not need special treatment (getOctal) */
	{
	char endp; / gcc likes temp var for &endp */
	sum = strtoul(tar.chksum, &endp, 8);
	if ((endp != '\0' && endp != ' ')
	\|\| (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum))
	) {
	bb_error_msg_and_die("invalid tar header checksum");
	}
	}
	/* don't use xstrtoul, tar.chksum may have leading spaces */
	sum = strtoul(tar.chksum, NULL, 8);
	if (sum_u != sum IF_FEATURE_TAR_OLDSUN_COMPATIBILITY(&& sum_s != sum)) {
	bb_error_msg_and_die("invalid tar header checksum");
	}

	/* 0 is reserved for high perf file, treat as normal file */
	if (!tar.typeflag) tar.typeflag = '0';
	parse_names = (tar.typeflag >= '0' && tar.typeflag <= '7');

	/* getOctal trashes subsequent field, therefore we call it
	* on fields in reverse order */
	if (tar.devmajor[0]) {
	char t = tar.prefix[0];
	/* we trash prefix[0] here, but we DO need it later! */
	unsigned minor = GET_OCTAL(tar.devminor);
	unsigned major = GET_OCTAL(tar.devmajor);
	file_header->device = makedev(major, minor);
	tar.prefix[0] = t;
	}
	file_header->link_target = NULL;
	if (!p_linkname && parse_names && tar.linkname[0]) {
	file_header->link_target = xstrndup(tar.linkname, sizeof(tar.linkname));
	/* FIXME: what if we have non-link object with link_target? */
	/* Will link_target be free()ed? */
	}
	#if ENABLE_FEATURE_TAR_UNAME_GNAME
	file_header->tar__uname = tar.uname[0] ? xstrndup(tar.uname, sizeof(tar.uname)) : NULL;
	file_header->tar__gname = tar.gname[0] ? xstrndup(tar.gname, sizeof(tar.gname)) : NULL;
	#endif
	file_header->mtime = GET_OCTAL(tar.mtime);
	file_header->size = GET_OCTAL(tar.size);
	file_header->gid = GET_OCTAL(tar.gid);
	file_header->uid = GET_OCTAL(tar.uid);
	/* Set bits 0-11 of the files mode */
	file_header->mode = 07777 & GET_OCTAL(tar.mode);

	file_header->name = NULL;
	if (!p_longname && parse_names) {
	/* we trash mode[0] here, it's ok */
	//tar.name[sizeof(tar.name)] = '\0'; - gcc 4.3.0 would complain
	tar.mode[0] = '\0';
	if (tar.prefix[0]) {
	/* and padding[0] */
	//tar.prefix[sizeof(tar.prefix)] = '\0'; - gcc 4.3.0 would complain
	tar.padding[0] = '\0';
	file_header->name = concat_path_file(tar.prefix, tar.name);
	} else
	file_header->name = xstrdup(tar.name);
	}

	/* Set bits 12-15 of the files mode */
	/* (typeflag was not trashed because chksum does not use getOctal) */
	switch (tar.typeflag) {
	case '1': /* hardlink */
	/* we mark hardlinks as regular files with zero size and a link name */
	file_header->mode \|= S_IFREG;
	/* on size of link fields from star(4)
	* ... For tar archives written by pre POSIX.1-1988
	* implementations, the size field usually contains the size of
	* the file and needs to be ignored as no data may follow this
	* header type. For POSIX.1- 1988 compliant archives, the size
	* field needs to be 0. For POSIX.1-2001 compliant archives,
	* the size field may be non zero, indicating that file data is
	* included in the archive.
	* i.e; always assume this is zero for safety.
	*/
	goto size0;
	case '7':
	/* case 0: */
	case '0':
	#if ENABLE_FEATURE_TAR_OLDGNU_COMPATIBILITY
	if (last_char_is(file_header->name, '/')) {
	goto set_dir;
	}
	#endif
	file_header->mode \|= S_IFREG;
	break;
	case '2':
	file_header->mode \|= S_IFLNK;
	/* have seen tarballs with size field containing
	* the size of the link target's name */
	size0:
	file_header->size = 0;
	break;
	case '3':
	file_header->mode \|= S_IFCHR;
	goto size0; /* paranoia */
	case '4':
	file_header->mode \|= S_IFBLK;
	goto size0;
	case '5':
	IF_FEATURE_TAR_OLDGNU_COMPATIBILITY(set_dir:)
	file_header->mode \|= S_IFDIR;
	goto size0;
	case '6':
	file_header->mode \|= S_IFIFO;
	goto size0;
	#if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
	case 'L':
	/* free: paranoia: tar with several consecutive longnames */
	free(p_longname);
	/* For paranoia reasons we allocate extra NUL char */
	p_longname = xzalloc(file_header->size + 1);
	/* We read ASCIZ string, including NUL */
	xread(archive_handle->src_fd, p_longname, file_header->size);
	archive_handle->offset += file_header->size;
	/* return get_header_tar(archive_handle); */
	/* gcc 4.1.1 didn't optimize it into jump */
	/* so we will do it ourself, this also saves stack */
	goto again;
	case 'K':
	free(p_linkname);
	p_linkname = xzalloc(file_header->size + 1);
	xread(archive_handle->src_fd, p_linkname, file_header->size);
	archive_handle->offset += file_header->size;
	/* return get_header_tar(archive_handle); */
	goto again;
	case 'D': /* GNU dump dir */
	case 'M': /* Continuation of multi volume archive */
	case 'N': /* Old GNU for names > 100 characters */
	case 'S': /* Sparse file */
	case 'V': /* Volume header */
	#endif
	#if !ENABLE_FEATURE_TAR_SELINUX
	case 'g': /* pax global header */
	case 'x': /* pax extended header */
	#else
	skip_ext_hdr:
	#endif
	{
	off_t sz;
	bb_error_msg("warning: skipping header '%c'", tar.typeflag);
	sz = (file_header->size + 511) & ~(off_t)511;
	archive_handle->offset += sz;
	sz >>= 9; /* sz /= 512 but w/o contortions for signed div */
	while (sz--)
	xread(archive_handle->src_fd, &tar, 512);
	/* return get_header_tar(archive_handle); */
	goto again_after_align;
	}
	#if ENABLE_FEATURE_TAR_SELINUX
	case 'g': /* pax global header */
	case 'x': { /* pax extended header */
	char **pp;
	if ((uoff_t)file_header->size > 0xfffff) /* paranoia */
	goto skip_ext_hdr;
	pp = (tar.typeflag == 'g') ? &archive_handle->tar__global_sctx : &archive_handle->tar__next_file_sctx;
	free(*pp);
	*pp = get_selinux_sctx_from_pax_hdr(archive_handle, file_header->size);
	goto again;
	}
	#endif
	default:
	bb_error_msg_and_die("unknown typeflag: 0x%x", tar.typeflag);
	}

	#if ENABLE_FEATURE_TAR_GNU_EXTENSIONS
	if (p_longname) {
	file_header->name = p_longname;
	p_longname = NULL;
	}
	if (p_linkname) {
	file_header->link_target = p_linkname;
	p_linkname = NULL;
	}
	#endif

	/* Everything up to and including last ".." component is stripped */
	overlapping_strcpy(file_header->name, strip_unsafe_prefix(file_header->name));

	/* Strip trailing '/' in directories */
	/* Must be done after mode is set as '/' is used to check if it's a directory */
	cp = last_char_is(file_header->name, '/');

	if (archive_handle->filter(archive_handle) == EXIT_SUCCESS) {
	archive_handle->action_header(/archive_handle->/ file_header);
	/* Note that we kill the '/' only after action_header() */
	/* (like GNU tar 1.15.1: verbose mode outputs "dir/dir/") */
	if (cp)
	*cp = '\0';
	archive_handle->action_data(archive_handle);
	if (archive_handle->accept \|\| archive_handle->reject)
	llist_add_to(&archive_handle->passed, file_header->name);
	else /* Caller isn't interested in list of unpacked files */
	free(file_header->name);
	} else {
	data_skip(archive_handle);
	free(file_header->name);
	}
	archive_handle->offset += file_header->size;

	free(file_header->link_target);
	/* Do not free(file_header->name)!
	* It might be inserted in archive_handle->passed - see above */
	#if ENABLE_FEATURE_TAR_UNAME_GNAME
	free(file_header->tar__uname);
	free(file_header->tar__gname);
	#endif
	return EXIT_SUCCESS;
	}