1 /*-
2 * Copyright (c) 2003-2007 Tim Kientzle
3 * Copyright (c) 2011 Andres Mejia
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include "archive_platform.h"
28
29 #ifdef HAVE_ERRNO_H
30 #include <errno.h>
31 #endif
32 #include <time.h>
33 #include <limits.h>
34 #ifdef HAVE_ZLIB_H
35 #include <zlib.h> /* crc32 */
36 #endif
37
38 #include "archive.h"
39 #ifndef HAVE_ZLIB_H
40 #include "archive_crc32.h"
41 #endif
42 #include "archive_endian.h"
43 #include "archive_entry.h"
44 #include "archive_entry_locale.h"
45 #include "archive_ppmd7_private.h"
46 #include "archive_private.h"
47 #include "archive_read_private.h"
48
49 /* RAR signature, also known as the mark header */
50 #define RAR_SIGNATURE "\x52\x61\x72\x21\x1A\x07\x00"
51
52 /* Header types */
53 #define MARK_HEAD 0x72
54 #define MAIN_HEAD 0x73
55 #define FILE_HEAD 0x74
56 #define COMM_HEAD 0x75
57 #define AV_HEAD 0x76
58 #define SUB_HEAD 0x77
59 #define PROTECT_HEAD 0x78
60 #define SIGN_HEAD 0x79
61 #define NEWSUB_HEAD 0x7a
62 #define ENDARC_HEAD 0x7b
63
64 /* Main Header Flags */
65 #define MHD_VOLUME 0x0001
66 #define MHD_COMMENT 0x0002
67 #define MHD_LOCK 0x0004
68 #define MHD_SOLID 0x0008
69 #define MHD_NEWNUMBERING 0x0010
70 #define MHD_AV 0x0020
71 #define MHD_PROTECT 0x0040
72 #define MHD_PASSWORD 0x0080
73 #define MHD_FIRSTVOLUME 0x0100
74 #define MHD_ENCRYPTVER 0x0200
75
76 /* Flags common to all headers */
77 #define HD_MARKDELETION 0x4000
78 #define HD_ADD_SIZE_PRESENT 0x8000
79
80 /* File Header Flags */
81 #define FHD_SPLIT_BEFORE 0x0001
82 #define FHD_SPLIT_AFTER 0x0002
83 #define FHD_PASSWORD 0x0004
84 #define FHD_COMMENT 0x0008
85 #define FHD_SOLID 0x0010
86 #define FHD_LARGE 0x0100
87 #define FHD_UNICODE 0x0200
88 #define FHD_SALT 0x0400
89 #define FHD_VERSION 0x0800
90 #define FHD_EXTTIME 0x1000
91 #define FHD_EXTFLAGS 0x2000
92
93 /* File dictionary sizes */
94 #define DICTIONARY_SIZE_64 0x00
95 #define DICTIONARY_SIZE_128 0x20
96 #define DICTIONARY_SIZE_256 0x40
97 #define DICTIONARY_SIZE_512 0x60
98 #define DICTIONARY_SIZE_1024 0x80
99 #define DICTIONARY_SIZE_2048 0xA0
100 #define DICTIONARY_SIZE_4096 0xC0
101 #define FILE_IS_DIRECTORY 0xE0
102 #define DICTIONARY_MASK FILE_IS_DIRECTORY
103
104 /* OS Flags */
105 #define OS_MSDOS 0
106 #define OS_OS2 1
107 #define OS_WIN32 2
108 #define OS_UNIX 3
109 #define OS_MAC_OS 4
110 #define OS_BEOS 5
111
112 /* Compression Methods */
113 #define COMPRESS_METHOD_STORE 0x30
114 /* LZSS */
115 #define COMPRESS_METHOD_FASTEST 0x31
116 #define COMPRESS_METHOD_FAST 0x32
117 #define COMPRESS_METHOD_NORMAL 0x33
118 /* PPMd Variant H */
119 #define COMPRESS_METHOD_GOOD 0x34
120 #define COMPRESS_METHOD_BEST 0x35
121
122 #define CRC_POLYNOMIAL 0xEDB88320
123
124 #define NS_UNIT 10000000
125
126 #define DICTIONARY_MAX_SIZE 0x400000
127
128 #define MAINCODE_SIZE 299
129 #define OFFSETCODE_SIZE 60
130 #define LOWOFFSETCODE_SIZE 17
131 #define LENGTHCODE_SIZE 28
132 #define HUFFMAN_TABLE_SIZE \
133 MAINCODE_SIZE + OFFSETCODE_SIZE + LOWOFFSETCODE_SIZE + LENGTHCODE_SIZE
134
135 #define MAX_SYMBOL_LENGTH 0xF
136 #define MAX_SYMBOLS 20
137
138 /* Virtual Machine Properties */
139 #define VM_MEMORY_SIZE 0x40000
140 #define VM_MEMORY_MASK (VM_MEMORY_SIZE - 1)
141 #define PROGRAM_WORK_SIZE 0x3C000
142 #define PROGRAM_GLOBAL_SIZE 0x2000
143 #define PROGRAM_SYSTEM_GLOBAL_ADDRESS PROGRAM_WORK_SIZE
144 #define PROGRAM_SYSTEM_GLOBAL_SIZE 0x40
145 #define PROGRAM_USER_GLOBAL_ADDRESS (PROGRAM_SYSTEM_GLOBAL_ADDRESS + PROGRAM_SYSTEM_GLOBAL_SIZE)
146 #define PROGRAM_USER_GLOBAL_SIZE (PROGRAM_GLOBAL_SIZE - PROGRAM_SYSTEM_GLOBAL_SIZE)
147
148 /*
149 * Considering L1,L2 cache miss and a calling of write system-call,
150 * the best size of the output buffer(uncompressed buffer) is 128K.
151 * If the structure of extracting process is changed, this value
152 * might be researched again.
153 */
154 #define UNP_BUFFER_SIZE (128 * 1024)
155
156 /* Define this here for non-Windows platforms */
157 #if !((defined(__WIN32__) || defined(_WIN32) || defined(__WIN32)) && !defined(__CYGWIN__))
158 #define FILE_ATTRIBUTE_DIRECTORY 0x10
159 #endif
160
161 #undef minimum
162 #define minimum(a, b) ((a)<(b)?(a):(b))
163
164 /* Stack overflow check */
165 #define MAX_COMPRESS_DEPTH 1024
166
167 /* Fields common to all headers */
168 struct rar_header
169 {
170 char crc[2];
171 char type;
172 char flags[2];
173 char size[2];
174 };
175
176 /* Fields common to all file headers */
177 struct rar_file_header
178 {
179 char pack_size[4];
180 char unp_size[4];
181 char host_os;
182 char file_crc[4];
183 char file_time[4];
184 char unp_ver;
185 char method;
186 char name_size[2];
187 char file_attr[4];
188 };
189
190 struct huffman_tree_node
191 {
192 int branches[2];
193 };
194
195 struct huffman_table_entry
196 {
197 unsigned int length;
198 int value;
199 };
200
201 struct huffman_code
202 {
203 struct huffman_tree_node *tree;
204 int numentries;
205 int numallocatedentries;
206 int minlength;
207 int maxlength;
208 int tablesize;
209 struct huffman_table_entry *table;
210 };
211
212 struct lzss
213 {
214 unsigned char *window;
215 int mask;
216 int64_t position;
217 };
218
219 struct data_block_offsets
220 {
221 int64_t header_size;
222 int64_t start_offset;
223 int64_t end_offset;
224 };
225
226 struct rar_program_code
227 {
228 uint8_t *staticdata;
229 uint32_t staticdatalen;
230 uint8_t *globalbackup;
231 uint32_t globalbackuplen;
232 uint64_t fingerprint;
233 uint32_t usagecount;
234 uint32_t oldfilterlength;
235 struct rar_program_code *next;
236 };
237
238 struct rar_filter
239 {
240 struct rar_program_code *prog;
241 uint32_t initialregisters[8];
242 uint8_t *globaldata;
243 uint32_t globaldatalen;
244 size_t blockstartpos;
245 uint32_t blocklength;
246 uint32_t filteredblockaddress;
247 uint32_t filteredblocklength;
248 struct rar_filter *next;
249 };
250
251 struct memory_bit_reader
252 {
253 const uint8_t *bytes;
254 size_t length;
255 size_t offset;
256 uint64_t bits;
257 int available;
258 int at_eof;
259 };
260
261 struct rar_virtual_machine
262 {
263 uint32_t registers[8];
264 uint8_t memory[VM_MEMORY_SIZE + sizeof(uint32_t)];
265 };
266
267 struct rar_filters
268 {
269 struct rar_virtual_machine *vm;
270 struct rar_program_code *progs;
271 struct rar_filter *stack;
272 int64_t filterstart;
273 uint32_t lastfilternum;
274 int64_t lastend;
275 uint8_t *bytes;
276 size_t bytes_ready;
277 };
278
279 struct audio_state
280 {
281 int8_t weight[5];
282 int16_t delta[4];
283 int8_t lastdelta;
284 int error[11];
285 int count;
286 uint8_t lastbyte;
287 };
288
289 struct rar
290 {
291 /* Entries from main RAR header */
292 unsigned main_flags;
293 unsigned long file_crc;
294 char reserved1[2];
295 char reserved2[4];
296 char encryptver;
297
298 /* File header entries */
299 char compression_method;
300 unsigned file_flags;
301 int64_t packed_size;
302 int64_t unp_size;
303 time_t mtime;
304 long mnsec;
305 mode_t mode;
306 char *filename;
307 char *filename_save;
308 size_t filename_save_size;
309 size_t filename_allocated;
310
311 /* File header optional entries */
312 char salt[8];
313 time_t atime;
314 long ansec;
315 time_t ctime;
316 long cnsec;
317 time_t arctime;
318 long arcnsec;
319
320 /* Fields to help with tracking decompression of files. */
321 int64_t bytes_unconsumed;
322 int64_t bytes_remaining;
323 int64_t bytes_uncopied;
324 int64_t offset;
325 int64_t offset_outgoing;
326 int64_t offset_seek;
327 char valid;
328 unsigned int unp_offset;
329 unsigned int unp_buffer_size;
330 unsigned char *unp_buffer;
331 unsigned int dictionary_size;
332 char start_new_block;
333 char entry_eof;
334 unsigned long crc_calculated;
335 int found_first_header;
336 char has_endarc_header;
337 struct data_block_offsets *dbo;
338 unsigned int cursor;
339 unsigned int nodes;
340 char filename_must_match;
341
342 /* LZSS members */
343 struct huffman_code maincode;
344 struct huffman_code offsetcode;
345 struct huffman_code lowoffsetcode;
346 struct huffman_code lengthcode;
347 unsigned char lengthtable[HUFFMAN_TABLE_SIZE];
348 struct lzss lzss;
349 unsigned int lastlength;
350 unsigned int lastoffset;
351 unsigned int oldoffset[4];
352 unsigned int lastlowoffset;
353 unsigned int numlowoffsetrepeats;
354 char start_new_table;
355
356 /* Filters */
357 struct rar_filters filters;
358
359 /* PPMd Variant H members */
360 char ppmd_valid;
361 char ppmd_eod;
362 char is_ppmd_block;
363 int ppmd_escape;
364 CPpmd7 ppmd7_context;
365 CPpmd7z_RangeDec range_dec;
366 IByteIn bytein;
367
368 /*
369 * String conversion object.
370 */
371 int init_default_conversion;
372 struct archive_string_conv *sconv_default;
373 struct archive_string_conv *opt_sconv;
374 struct archive_string_conv *sconv_utf8;
375 struct archive_string_conv *sconv_utf16be;
376
377 /*
378 * Bit stream reader.
379 */
380 struct rar_br {
381 #define CACHE_TYPE uint64_t
382 #define CACHE_BITS (8 * sizeof(CACHE_TYPE))
383 /* Cache buffer. */
384 CACHE_TYPE cache_buffer;
385 /* Indicates how many bits avail in cache_buffer. */
386 int cache_avail;
387 ssize_t avail_in;
388 const unsigned char *next_in;
389 } br;
390
391 /*
392 * Custom field to denote that this archive contains encrypted entries
393 */
394 int has_encrypted_entries;
395 };
396
397 static int archive_read_support_format_rar_capabilities(struct archive_read *);
398 static int archive_read_format_rar_has_encrypted_entries(struct archive_read *);
399 static int archive_read_format_rar_bid(struct archive_read *, int);
400 static int archive_read_format_rar_options(struct archive_read *,
401 const char *, const char *);
402 static int archive_read_format_rar_read_header(struct archive_read *,
403 struct archive_entry *);
404 static int archive_read_format_rar_read_data(struct archive_read *,
405 const void **, size_t *, int64_t *);
406 static int archive_read_format_rar_read_data_skip(struct archive_read *a);
407 static int64_t archive_read_format_rar_seek_data(struct archive_read *, int64_t,
408 int);
409 static int archive_read_format_rar_cleanup(struct archive_read *);
410
411 /* Support functions */
412 static int read_header(struct archive_read *, struct archive_entry *, char);
413 static time_t get_time(int);
414 static int read_exttime(const char *, struct rar *, const char *);
415 static int read_symlink_stored(struct archive_read *, struct archive_entry *,
416 struct archive_string_conv *);
417 static int read_data_stored(struct archive_read *, const void **, size_t *,
418 int64_t *);
419 static int read_data_compressed(struct archive_read *, const void **, size_t *,
420 int64_t *, size_t);
421 static int rar_br_preparation(struct archive_read *, struct rar_br *);
422 static int parse_codes(struct archive_read *);
423 static void free_codes(struct archive_read *);
424 static int read_next_symbol(struct archive_read *, struct huffman_code *);
425 static int create_code(struct archive_read *, struct huffman_code *,
426 unsigned char *, int, char);
427 static int add_value(struct archive_read *, struct huffman_code *, int, int,
428 int);
429 static int new_node(struct huffman_code *);
430 static int make_table(struct archive_read *, struct huffman_code *);
431 static int make_table_recurse(struct archive_read *, struct huffman_code *, int,
432 struct huffman_table_entry *, int, int);
433 static int expand(struct archive_read *, int64_t *);
434 static int copy_from_lzss_window_to_unp(struct archive_read *, const void **,
435 int64_t, int);
436 static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *);
437 static int parse_filter(struct archive_read *, const uint8_t *, uint16_t,
438 uint8_t);
439 static int run_filters(struct archive_read *);
440 static void clear_filters(struct rar_filters *);
441 static struct rar_filter *create_filter(struct rar_program_code *,
442 const uint8_t *, uint32_t,
443 uint32_t[8], size_t, uint32_t);
444 static void delete_filter(struct rar_filter *filter);
445 static struct rar_program_code *compile_program(const uint8_t *, size_t);
446 static void delete_program_code(struct rar_program_code *prog);
447 static uint32_t membr_next_rarvm_number(struct memory_bit_reader *br);
448 static inline uint32_t membr_bits(struct memory_bit_reader *br, int bits);
449 static int membr_fill(struct memory_bit_reader *br, int bits);
450 static int read_filter(struct archive_read *, int64_t *);
451 static int rar_decode_byte(struct archive_read*, uint8_t *);
452 static int execute_filter(struct archive_read*, struct rar_filter *,
453 struct rar_virtual_machine *, size_t);
454 static int copy_from_lzss_window(struct archive_read *, void *, int64_t, int);
455 static inline void vm_write_32(struct rar_virtual_machine*, size_t, uint32_t);
456 static inline uint32_t vm_read_32(struct rar_virtual_machine*, size_t);
457
458 /*
459 * Bit stream reader.
460 */
461 /* Check that the cache buffer has enough bits. */
462 #define rar_br_has(br, n) ((br)->cache_avail >= n)
463 /* Get compressed data by bit. */
464 #define rar_br_bits(br, n) \
465 (((uint32_t)((br)->cache_buffer >> \
466 ((br)->cache_avail - (n)))) & cache_masks[n])
467 #define rar_br_bits_forced(br, n) \
468 (((uint32_t)((br)->cache_buffer << \
469 ((n) - (br)->cache_avail))) & cache_masks[n])
470 /* Read ahead to make sure the cache buffer has enough compressed data we
471 * will use.
472 * True : completed, there is enough data in the cache buffer.
473 * False : there is no data in the stream. */
474 #define rar_br_read_ahead(a, br, n) \
475 ((rar_br_has(br, (n)) || rar_br_fillup(a, br)) || rar_br_has(br, (n)))
476 /* Notify how many bits we consumed. */
477 #define rar_br_consume(br, n) ((br)->cache_avail -= (n))
478 #define rar_br_consume_unalined_bits(br) ((br)->cache_avail &= ~7)
479
480 static const uint32_t cache_masks[] = {
481 0x00000000, 0x00000001, 0x00000003, 0x00000007,
482 0x0000000F, 0x0000001F, 0x0000003F, 0x0000007F,
483 0x000000FF, 0x000001FF, 0x000003FF, 0x000007FF,
484 0x00000FFF, 0x00001FFF, 0x00003FFF, 0x00007FFF,
485 0x0000FFFF, 0x0001FFFF, 0x0003FFFF, 0x0007FFFF,
486 0x000FFFFF, 0x001FFFFF, 0x003FFFFF, 0x007FFFFF,
487 0x00FFFFFF, 0x01FFFFFF, 0x03FFFFFF, 0x07FFFFFF,
488 0x0FFFFFFF, 0x1FFFFFFF, 0x3FFFFFFF, 0x7FFFFFFF,
489 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF
490 };
491
492 /*
493 * Shift away used bits in the cache data and fill it up with following bits.
494 * Call this when cache buffer does not have enough bits you need.
495 *
496 * Returns 1 if the cache buffer is full.
497 * Returns 0 if the cache buffer is not full; input buffer is empty.
498 */
499 static int
rar_br_fillup(struct archive_read * a,struct rar_br * br)500 rar_br_fillup(struct archive_read *a, struct rar_br *br)
501 {
502 struct rar *rar = (struct rar *)(a->format->data);
503 int n = CACHE_BITS - br->cache_avail;
504
505 for (;;) {
506 switch (n >> 3) {
507 case 8:
508 if (br->avail_in >= 8) {
509 br->cache_buffer =
510 ((uint64_t)br->next_in[0]) << 56 |
511 ((uint64_t)br->next_in[1]) << 48 |
512 ((uint64_t)br->next_in[2]) << 40 |
513 ((uint64_t)br->next_in[3]) << 32 |
514 ((uint32_t)br->next_in[4]) << 24 |
515 ((uint32_t)br->next_in[5]) << 16 |
516 ((uint32_t)br->next_in[6]) << 8 |
517 (uint32_t)br->next_in[7];
518 br->next_in += 8;
519 br->avail_in -= 8;
520 br->cache_avail += 8 * 8;
521 rar->bytes_unconsumed += 8;
522 rar->bytes_remaining -= 8;
523 return (1);
524 }
525 break;
526 case 7:
527 if (br->avail_in >= 7) {
528 br->cache_buffer =
529 (br->cache_buffer << 56) |
530 ((uint64_t)br->next_in[0]) << 48 |
531 ((uint64_t)br->next_in[1]) << 40 |
532 ((uint64_t)br->next_in[2]) << 32 |
533 ((uint32_t)br->next_in[3]) << 24 |
534 ((uint32_t)br->next_in[4]) << 16 |
535 ((uint32_t)br->next_in[5]) << 8 |
536 (uint32_t)br->next_in[6];
537 br->next_in += 7;
538 br->avail_in -= 7;
539 br->cache_avail += 7 * 8;
540 rar->bytes_unconsumed += 7;
541 rar->bytes_remaining -= 7;
542 return (1);
543 }
544 break;
545 case 6:
546 if (br->avail_in >= 6) {
547 br->cache_buffer =
548 (br->cache_buffer << 48) |
549 ((uint64_t)br->next_in[0]) << 40 |
550 ((uint64_t)br->next_in[1]) << 32 |
551 ((uint32_t)br->next_in[2]) << 24 |
552 ((uint32_t)br->next_in[3]) << 16 |
553 ((uint32_t)br->next_in[4]) << 8 |
554 (uint32_t)br->next_in[5];
555 br->next_in += 6;
556 br->avail_in -= 6;
557 br->cache_avail += 6 * 8;
558 rar->bytes_unconsumed += 6;
559 rar->bytes_remaining -= 6;
560 return (1);
561 }
562 break;
563 case 0:
564 /* We have enough compressed data in
565 * the cache buffer.*/
566 return (1);
567 default:
568 break;
569 }
570 if (br->avail_in <= 0) {
571
572 if (rar->bytes_unconsumed > 0) {
573 /* Consume as much as the decompressor
574 * actually used. */
575 __archive_read_consume(a, rar->bytes_unconsumed);
576 rar->bytes_unconsumed = 0;
577 }
578 br->next_in = rar_read_ahead(a, 1, &(br->avail_in));
579 if (br->next_in == NULL)
580 return (0);
581 if (br->avail_in == 0)
582 return (0);
583 }
584 br->cache_buffer =
585 (br->cache_buffer << 8) | *br->next_in++;
586 br->avail_in--;
587 br->cache_avail += 8;
588 n -= 8;
589 rar->bytes_unconsumed++;
590 rar->bytes_remaining--;
591 }
592 }
593
594 static int
rar_br_preparation(struct archive_read * a,struct rar_br * br)595 rar_br_preparation(struct archive_read *a, struct rar_br *br)
596 {
597 struct rar *rar = (struct rar *)(a->format->data);
598
599 if (rar->bytes_remaining > 0) {
600 br->next_in = rar_read_ahead(a, 1, &(br->avail_in));
601 if (br->next_in == NULL) {
602 archive_set_error(&a->archive,
603 ARCHIVE_ERRNO_FILE_FORMAT,
604 "Truncated RAR file data");
605 return (ARCHIVE_FATAL);
606 }
607 if (br->cache_avail == 0)
608 (void)rar_br_fillup(a, br);
609 }
610 return (ARCHIVE_OK);
611 }
612
613 /* Find last bit set */
614 static inline int
rar_fls(unsigned int word)615 rar_fls(unsigned int word)
616 {
617 word |= (word >> 1);
618 word |= (word >> 2);
619 word |= (word >> 4);
620 word |= (word >> 8);
621 word |= (word >> 16);
622 return word - (word >> 1);
623 }
624
625 /* LZSS functions */
626 static inline int64_t
lzss_position(struct lzss * lzss)627 lzss_position(struct lzss *lzss)
628 {
629 return lzss->position;
630 }
631
632 static inline int
lzss_mask(struct lzss * lzss)633 lzss_mask(struct lzss *lzss)
634 {
635 return lzss->mask;
636 }
637
638 static inline int
lzss_size(struct lzss * lzss)639 lzss_size(struct lzss *lzss)
640 {
641 return lzss->mask + 1;
642 }
643
644 static inline int
lzss_offset_for_position(struct lzss * lzss,int64_t pos)645 lzss_offset_for_position(struct lzss *lzss, int64_t pos)
646 {
647 return (int)(pos & lzss->mask);
648 }
649
650 static inline unsigned char *
lzss_pointer_for_position(struct lzss * lzss,int64_t pos)651 lzss_pointer_for_position(struct lzss *lzss, int64_t pos)
652 {
653 return &lzss->window[lzss_offset_for_position(lzss, pos)];
654 }
655
656 static inline int
lzss_current_offset(struct lzss * lzss)657 lzss_current_offset(struct lzss *lzss)
658 {
659 return lzss_offset_for_position(lzss, lzss->position);
660 }
661
662 static inline uint8_t *
lzss_current_pointer(struct lzss * lzss)663 lzss_current_pointer(struct lzss *lzss)
664 {
665 return lzss_pointer_for_position(lzss, lzss->position);
666 }
667
668 static inline void
lzss_emit_literal(struct rar * rar,uint8_t literal)669 lzss_emit_literal(struct rar *rar, uint8_t literal)
670 {
671 *lzss_current_pointer(&rar->lzss) = literal;
672 rar->lzss.position++;
673 }
674
675 static inline void
lzss_emit_match(struct rar * rar,int offset,int length)676 lzss_emit_match(struct rar *rar, int offset, int length)
677 {
678 int dstoffs = lzss_current_offset(&rar->lzss);
679 int srcoffs = (dstoffs - offset) & lzss_mask(&rar->lzss);
680 int l, li, remaining;
681 unsigned char *d, *s;
682
683 remaining = length;
684 while (remaining > 0) {
685 l = remaining;
686 if (dstoffs > srcoffs) {
687 if (l > lzss_size(&rar->lzss) - dstoffs)
688 l = lzss_size(&rar->lzss) - dstoffs;
689 } else {
690 if (l > lzss_size(&rar->lzss) - srcoffs)
691 l = lzss_size(&rar->lzss) - srcoffs;
692 }
693 d = &(rar->lzss.window[dstoffs]);
694 s = &(rar->lzss.window[srcoffs]);
695 if ((dstoffs + l < srcoffs) || (srcoffs + l < dstoffs))
696 memcpy(d, s, l);
697 else {
698 for (li = 0; li < l; li++)
699 d[li] = s[li];
700 }
701 remaining -= l;
702 dstoffs = (dstoffs + l) & lzss_mask(&(rar->lzss));
703 srcoffs = (srcoffs + l) & lzss_mask(&(rar->lzss));
704 }
705 rar->lzss.position += length;
706 }
707
708 static Byte
ppmd_read(void * p)709 ppmd_read(void *p)
710 {
711 struct archive_read *a = ((IByteIn*)p)->a;
712 struct rar *rar = (struct rar *)(a->format->data);
713 struct rar_br *br = &(rar->br);
714 Byte b;
715 if (!rar_br_read_ahead(a, br, 8))
716 {
717 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
718 "Truncated RAR file data");
719 rar->valid = 0;
720 return 0;
721 }
722 b = rar_br_bits(br, 8);
723 rar_br_consume(br, 8);
724 return b;
725 }
726
727 int
archive_read_support_format_rar(struct archive * _a)728 archive_read_support_format_rar(struct archive *_a)
729 {
730 struct archive_read *a = (struct archive_read *)_a;
731 struct rar *rar;
732 int r;
733
734 archive_check_magic(_a, ARCHIVE_READ_MAGIC, ARCHIVE_STATE_NEW,
735 "archive_read_support_format_rar");
736
737 rar = (struct rar *)calloc(sizeof(*rar), 1);
738 if (rar == NULL)
739 {
740 archive_set_error(&a->archive, ENOMEM, "Can't allocate rar data");
741 return (ARCHIVE_FATAL);
742 }
743
744 /*
745 * Until enough data has been read, we cannot tell about
746 * any encrypted entries yet.
747 */
748 rar->has_encrypted_entries = ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
749
750 r = __archive_read_register_format(a,
751 rar,
752 "rar",
753 archive_read_format_rar_bid,
754 archive_read_format_rar_options,
755 archive_read_format_rar_read_header,
756 archive_read_format_rar_read_data,
757 archive_read_format_rar_read_data_skip,
758 archive_read_format_rar_seek_data,
759 archive_read_format_rar_cleanup,
760 archive_read_support_format_rar_capabilities,
761 archive_read_format_rar_has_encrypted_entries);
762
763 if (r != ARCHIVE_OK)
764 free(rar);
765 return (r);
766 }
767
768 static int
archive_read_support_format_rar_capabilities(struct archive_read * a)769 archive_read_support_format_rar_capabilities(struct archive_read * a)
770 {
771 (void)a; /* UNUSED */
772 return (ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_DATA
773 | ARCHIVE_READ_FORMAT_CAPS_ENCRYPT_METADATA);
774 }
775
776 static int
archive_read_format_rar_has_encrypted_entries(struct archive_read * _a)777 archive_read_format_rar_has_encrypted_entries(struct archive_read *_a)
778 {
779 if (_a && _a->format) {
780 struct rar * rar = (struct rar *)_a->format->data;
781 if (rar) {
782 return rar->has_encrypted_entries;
783 }
784 }
785 return ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW;
786 }
787
788
789 static int
archive_read_format_rar_bid(struct archive_read * a,int best_bid)790 archive_read_format_rar_bid(struct archive_read *a, int best_bid)
791 {
792 const char *p;
793
794 /* If there's already a bid > 30, we'll never win. */
795 if (best_bid > 30)
796 return (-1);
797
798 if ((p = __archive_read_ahead(a, 7, NULL)) == NULL)
799 return (-1);
800
801 if (memcmp(p, RAR_SIGNATURE, 7) == 0)
802 return (30);
803
804 if ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0) {
805 /* This is a PE file */
806 ssize_t offset = 0x10000;
807 ssize_t window = 4096;
808 ssize_t bytes_avail;
809 while (offset + window <= (1024 * 128)) {
810 const char *buff = __archive_read_ahead(a, offset + window, &bytes_avail);
811 if (buff == NULL) {
812 /* Remaining bytes are less than window. */
813 window >>= 1;
814 if (window < 0x40)
815 return (0);
816 continue;
817 }
818 p = buff + offset;
819 while (p + 7 < buff + bytes_avail) {
820 if (memcmp(p, RAR_SIGNATURE, 7) == 0)
821 return (30);
822 p += 0x10;
823 }
824 offset = p - buff;
825 }
826 }
827 return (0);
828 }
829
830 static int
skip_sfx(struct archive_read * a)831 skip_sfx(struct archive_read *a)
832 {
833 const void *h;
834 const char *p, *q;
835 size_t skip, total;
836 ssize_t bytes, window;
837
838 total = 0;
839 window = 4096;
840 while (total + window <= (1024 * 128)) {
841 h = __archive_read_ahead(a, window, &bytes);
842 if (h == NULL) {
843 /* Remaining bytes are less than window. */
844 window >>= 1;
845 if (window < 0x40)
846 goto fatal;
847 continue;
848 }
849 if (bytes < 0x40)
850 goto fatal;
851 p = h;
852 q = p + bytes;
853
854 /*
855 * Scan ahead until we find something that looks
856 * like the RAR header.
857 */
858 while (p + 7 < q) {
859 if (memcmp(p, RAR_SIGNATURE, 7) == 0) {
860 skip = p - (const char *)h;
861 __archive_read_consume(a, skip);
862 return (ARCHIVE_OK);
863 }
864 p += 0x10;
865 }
866 skip = p - (const char *)h;
867 __archive_read_consume(a, skip);
868 total += skip;
869 }
870 fatal:
871 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
872 "Couldn't find out RAR header");
873 return (ARCHIVE_FATAL);
874 }
875
876 static int
archive_read_format_rar_options(struct archive_read * a,const char * key,const char * val)877 archive_read_format_rar_options(struct archive_read *a,
878 const char *key, const char *val)
879 {
880 struct rar *rar;
881 int ret = ARCHIVE_FAILED;
882
883 rar = (struct rar *)(a->format->data);
884 if (strcmp(key, "hdrcharset") == 0) {
885 if (val == NULL || val[0] == 0)
886 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
887 "rar: hdrcharset option needs a character-set name");
888 else {
889 rar->opt_sconv =
890 archive_string_conversion_from_charset(
891 &a->archive, val, 0);
892 if (rar->opt_sconv != NULL)
893 ret = ARCHIVE_OK;
894 else
895 ret = ARCHIVE_FATAL;
896 }
897 return (ret);
898 }
899
900 /* Note: The "warn" return is just to inform the options
901 * supervisor that we didn't handle it. It will generate
902 * a suitable error if no one used this option. */
903 return (ARCHIVE_WARN);
904 }
905
906 static int
archive_read_format_rar_read_header(struct archive_read * a,struct archive_entry * entry)907 archive_read_format_rar_read_header(struct archive_read *a,
908 struct archive_entry *entry)
909 {
910 const void *h;
911 const char *p;
912 struct rar *rar;
913 size_t skip;
914 char head_type;
915 int ret;
916 unsigned flags;
917 unsigned long crc32_expected;
918
919 a->archive.archive_format = ARCHIVE_FORMAT_RAR;
920 if (a->archive.archive_format_name == NULL)
921 a->archive.archive_format_name = "RAR";
922
923 rar = (struct rar *)(a->format->data);
924
925 /*
926 * It should be sufficient to call archive_read_next_header() for
927 * a reader to determine if an entry is encrypted or not. If the
928 * encryption of an entry is only detectable when calling
929 * archive_read_data(), so be it. We'll do the same check there
930 * as well.
931 */
932 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
933 rar->has_encrypted_entries = 0;
934 }
935
936 /* RAR files can be generated without EOF headers, so return ARCHIVE_EOF if
937 * this fails.
938 */
939 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
940 return (ARCHIVE_EOF);
941
942 p = h;
943 if (rar->found_first_header == 0 &&
944 ((p[0] == 'M' && p[1] == 'Z') || memcmp(p, "\x7F\x45LF", 4) == 0)) {
945 /* This is an executable ? Must be self-extracting... */
946 ret = skip_sfx(a);
947 if (ret < ARCHIVE_WARN)
948 return (ret);
949 }
950 rar->found_first_header = 1;
951
952 while (1)
953 {
954 unsigned long crc32_val;
955
956 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
957 return (ARCHIVE_FATAL);
958 p = h;
959
960 head_type = p[2];
961 switch(head_type)
962 {
963 case MARK_HEAD:
964 if (memcmp(p, RAR_SIGNATURE, 7) != 0) {
965 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
966 "Invalid marker header");
967 return (ARCHIVE_FATAL);
968 }
969 __archive_read_consume(a, 7);
970 break;
971
972 case MAIN_HEAD:
973 rar->main_flags = archive_le16dec(p + 3);
974 skip = archive_le16dec(p + 5);
975 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)) {
976 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
977 "Invalid header size");
978 return (ARCHIVE_FATAL);
979 }
980 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL)
981 return (ARCHIVE_FATAL);
982 p = h;
983 memcpy(rar->reserved1, p + 7, sizeof(rar->reserved1));
984 memcpy(rar->reserved2, p + 7 + sizeof(rar->reserved1),
985 sizeof(rar->reserved2));
986 if (rar->main_flags & MHD_ENCRYPTVER) {
987 if (skip < 7 + sizeof(rar->reserved1) + sizeof(rar->reserved2)+1) {
988 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
989 "Invalid header size");
990 return (ARCHIVE_FATAL);
991 }
992 rar->encryptver = *(p + 7 + sizeof(rar->reserved1) +
993 sizeof(rar->reserved2));
994 }
995
996 /* Main header is password encrypted, so we cannot read any
997 file names or any other info about files from the header. */
998 if (rar->main_flags & MHD_PASSWORD)
999 {
1000 archive_entry_set_is_metadata_encrypted(entry, 1);
1001 archive_entry_set_is_data_encrypted(entry, 1);
1002 rar->has_encrypted_entries = 1;
1003 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1004 "RAR encryption support unavailable.");
1005 return (ARCHIVE_FATAL);
1006 }
1007
1008 crc32_val = crc32(0, (const unsigned char *)p + 2, (unsigned)skip - 2);
1009 if ((crc32_val & 0xffff) != archive_le16dec(p)) {
1010 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1011 "Header CRC error");
1012 return (ARCHIVE_FATAL);
1013 }
1014 __archive_read_consume(a, skip);
1015 break;
1016
1017 case FILE_HEAD:
1018 return read_header(a, entry, head_type);
1019
1020 case COMM_HEAD:
1021 case AV_HEAD:
1022 case SUB_HEAD:
1023 case PROTECT_HEAD:
1024 case SIGN_HEAD:
1025 case ENDARC_HEAD:
1026 flags = archive_le16dec(p + 3);
1027 skip = archive_le16dec(p + 5);
1028 if (skip < 7) {
1029 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1030 "Invalid header size too small");
1031 return (ARCHIVE_FATAL);
1032 }
1033 if (flags & HD_ADD_SIZE_PRESENT)
1034 {
1035 if (skip < 7 + 4) {
1036 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1037 "Invalid header size too small");
1038 return (ARCHIVE_FATAL);
1039 }
1040 if ((h = __archive_read_ahead(a, skip, NULL)) == NULL)
1041 return (ARCHIVE_FATAL);
1042 p = h;
1043 skip += archive_le32dec(p + 7);
1044 }
1045
1046 /* Skip over the 2-byte CRC at the beginning of the header. */
1047 crc32_expected = archive_le16dec(p);
1048 __archive_read_consume(a, 2);
1049 skip -= 2;
1050
1051 /* Skim the entire header and compute the CRC. */
1052 crc32_val = 0;
1053 while (skip > 0) {
1054 size_t to_read = skip;
1055 if (to_read > 32 * 1024)
1056 to_read = 32 * 1024;
1057 if ((h = __archive_read_ahead(a, to_read, NULL)) == NULL) {
1058 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1059 "Bad RAR file");
1060 return (ARCHIVE_FATAL);
1061 }
1062 p = h;
1063 crc32_val = crc32(crc32_val, (const unsigned char *)p, to_read);
1064 __archive_read_consume(a, to_read);
1065 skip -= to_read;
1066 }
1067 if ((crc32_val & 0xffff) != crc32_expected) {
1068 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1069 "Header CRC error");
1070 return (ARCHIVE_FATAL);
1071 }
1072 if (head_type == ENDARC_HEAD)
1073 return (ARCHIVE_EOF);
1074 break;
1075
1076 case NEWSUB_HEAD:
1077 if ((ret = read_header(a, entry, head_type)) < ARCHIVE_WARN)
1078 return ret;
1079 break;
1080
1081 default:
1082 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1083 "Bad RAR file");
1084 return (ARCHIVE_FATAL);
1085 }
1086 }
1087 }
1088
1089 static int
archive_read_format_rar_read_data(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1090 archive_read_format_rar_read_data(struct archive_read *a, const void **buff,
1091 size_t *size, int64_t *offset)
1092 {
1093 struct rar *rar = (struct rar *)(a->format->data);
1094 int ret;
1095
1096 if (rar->has_encrypted_entries == ARCHIVE_READ_FORMAT_ENCRYPTION_DONT_KNOW) {
1097 rar->has_encrypted_entries = 0;
1098 }
1099
1100 if (rar->bytes_unconsumed > 0) {
1101 /* Consume as much as the decompressor actually used. */
1102 __archive_read_consume(a, rar->bytes_unconsumed);
1103 rar->bytes_unconsumed = 0;
1104 }
1105
1106 *buff = NULL;
1107 if (rar->entry_eof || rar->offset_seek >= rar->unp_size) {
1108 *size = 0;
1109 *offset = rar->offset;
1110 if (*offset < rar->unp_size)
1111 *offset = rar->unp_size;
1112 return (ARCHIVE_EOF);
1113 }
1114
1115 switch (rar->compression_method)
1116 {
1117 case COMPRESS_METHOD_STORE:
1118 ret = read_data_stored(a, buff, size, offset);
1119 break;
1120
1121 case COMPRESS_METHOD_FASTEST:
1122 case COMPRESS_METHOD_FAST:
1123 case COMPRESS_METHOD_NORMAL:
1124 case COMPRESS_METHOD_GOOD:
1125 case COMPRESS_METHOD_BEST:
1126 ret = read_data_compressed(a, buff, size, offset, 0);
1127 if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) {
1128 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1129 rar->start_new_table = 1;
1130 rar->ppmd_valid = 0;
1131 }
1132 break;
1133
1134 default:
1135 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1136 "Unsupported compression method for RAR file.");
1137 ret = ARCHIVE_FATAL;
1138 break;
1139 }
1140 return (ret);
1141 }
1142
1143 static int
archive_read_format_rar_read_data_skip(struct archive_read * a)1144 archive_read_format_rar_read_data_skip(struct archive_read *a)
1145 {
1146 struct rar *rar;
1147 int64_t bytes_skipped;
1148 int ret;
1149
1150 rar = (struct rar *)(a->format->data);
1151
1152 if (rar->bytes_unconsumed > 0) {
1153 /* Consume as much as the decompressor actually used. */
1154 __archive_read_consume(a, rar->bytes_unconsumed);
1155 rar->bytes_unconsumed = 0;
1156 }
1157
1158 if (rar->bytes_remaining > 0) {
1159 bytes_skipped = __archive_read_consume(a, rar->bytes_remaining);
1160 if (bytes_skipped < 0)
1161 return (ARCHIVE_FATAL);
1162 }
1163
1164 /* Compressed data to skip must be read from each header in a multivolume
1165 * archive.
1166 */
1167 if (rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER)
1168 {
1169 ret = archive_read_format_rar_read_header(a, a->entry);
1170 if (ret == (ARCHIVE_EOF))
1171 ret = archive_read_format_rar_read_header(a, a->entry);
1172 if (ret != (ARCHIVE_OK))
1173 return ret;
1174 return archive_read_format_rar_read_data_skip(a);
1175 }
1176
1177 return (ARCHIVE_OK);
1178 }
1179
1180 static int64_t
archive_read_format_rar_seek_data(struct archive_read * a,int64_t offset,int whence)1181 archive_read_format_rar_seek_data(struct archive_read *a, int64_t offset,
1182 int whence)
1183 {
1184 int64_t client_offset, ret;
1185 unsigned int i;
1186 struct rar *rar = (struct rar *)(a->format->data);
1187
1188 if (rar->compression_method == COMPRESS_METHOD_STORE)
1189 {
1190 /* Modify the offset for use with SEEK_SET */
1191 switch (whence)
1192 {
1193 case SEEK_CUR:
1194 client_offset = rar->offset_seek;
1195 break;
1196 case SEEK_END:
1197 client_offset = rar->unp_size;
1198 break;
1199 case SEEK_SET:
1200 default:
1201 client_offset = 0;
1202 }
1203 client_offset += offset;
1204 if (client_offset < 0)
1205 {
1206 /* Can't seek past beginning of data block */
1207 return -1;
1208 }
1209 else if (client_offset > rar->unp_size)
1210 {
1211 /*
1212 * Set the returned offset but only seek to the end of
1213 * the data block.
1214 */
1215 rar->offset_seek = client_offset;
1216 client_offset = rar->unp_size;
1217 }
1218
1219 client_offset += rar->dbo[0].start_offset;
1220 i = 0;
1221 while (i < rar->cursor)
1222 {
1223 i++;
1224 client_offset += rar->dbo[i].start_offset - rar->dbo[i-1].end_offset;
1225 }
1226 if (rar->main_flags & MHD_VOLUME)
1227 {
1228 /* Find the appropriate offset among the multivolume archive */
1229 while (1)
1230 {
1231 if (client_offset < rar->dbo[rar->cursor].start_offset &&
1232 rar->file_flags & FHD_SPLIT_BEFORE)
1233 {
1234 /* Search backwards for the correct data block */
1235 if (rar->cursor == 0)
1236 {
1237 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1238 "Attempt to seek past beginning of RAR data block");
1239 return (ARCHIVE_FAILED);
1240 }
1241 rar->cursor--;
1242 client_offset -= rar->dbo[rar->cursor+1].start_offset -
1243 rar->dbo[rar->cursor].end_offset;
1244 if (client_offset < rar->dbo[rar->cursor].start_offset)
1245 continue;
1246 ret = __archive_read_seek(a, rar->dbo[rar->cursor].start_offset -
1247 rar->dbo[rar->cursor].header_size, SEEK_SET);
1248 if (ret < (ARCHIVE_OK))
1249 return ret;
1250 ret = archive_read_format_rar_read_header(a, a->entry);
1251 if (ret != (ARCHIVE_OK))
1252 {
1253 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1254 "Error during seek of RAR file");
1255 return (ARCHIVE_FAILED);
1256 }
1257 rar->cursor--;
1258 break;
1259 }
1260 else if (client_offset > rar->dbo[rar->cursor].end_offset &&
1261 rar->file_flags & FHD_SPLIT_AFTER)
1262 {
1263 /* Search forward for the correct data block */
1264 rar->cursor++;
1265 if (rar->cursor < rar->nodes &&
1266 client_offset > rar->dbo[rar->cursor].end_offset)
1267 {
1268 client_offset += rar->dbo[rar->cursor].start_offset -
1269 rar->dbo[rar->cursor-1].end_offset;
1270 continue;
1271 }
1272 rar->cursor--;
1273 ret = __archive_read_seek(a, rar->dbo[rar->cursor].end_offset,
1274 SEEK_SET);
1275 if (ret < (ARCHIVE_OK))
1276 return ret;
1277 ret = archive_read_format_rar_read_header(a, a->entry);
1278 if (ret == (ARCHIVE_EOF))
1279 {
1280 rar->has_endarc_header = 1;
1281 ret = archive_read_format_rar_read_header(a, a->entry);
1282 }
1283 if (ret != (ARCHIVE_OK))
1284 {
1285 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1286 "Error during seek of RAR file");
1287 return (ARCHIVE_FAILED);
1288 }
1289 client_offset += rar->dbo[rar->cursor].start_offset -
1290 rar->dbo[rar->cursor-1].end_offset;
1291 continue;
1292 }
1293 break;
1294 }
1295 }
1296
1297 ret = __archive_read_seek(a, client_offset, SEEK_SET);
1298 if (ret < (ARCHIVE_OK))
1299 return ret;
1300 rar->bytes_remaining = rar->dbo[rar->cursor].end_offset - ret;
1301 i = rar->cursor;
1302 while (i > 0)
1303 {
1304 i--;
1305 ret -= rar->dbo[i+1].start_offset - rar->dbo[i].end_offset;
1306 }
1307 ret -= rar->dbo[0].start_offset;
1308
1309 /* Always restart reading the file after a seek */
1310 __archive_reset_read_data(&a->archive);
1311
1312 rar->bytes_unconsumed = 0;
1313 rar->offset = 0;
1314
1315 /*
1316 * If a seek past the end of file was requested, return the requested
1317 * offset.
1318 */
1319 if (ret == rar->unp_size && rar->offset_seek > rar->unp_size)
1320 return rar->offset_seek;
1321
1322 /* Return the new offset */
1323 rar->offset_seek = ret;
1324 return rar->offset_seek;
1325 }
1326 else
1327 {
1328 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
1329 "Seeking of compressed RAR files is unsupported");
1330 }
1331 return (ARCHIVE_FAILED);
1332 }
1333
1334 static int
archive_read_format_rar_cleanup(struct archive_read * a)1335 archive_read_format_rar_cleanup(struct archive_read *a)
1336 {
1337 struct rar *rar;
1338
1339 rar = (struct rar *)(a->format->data);
1340 free_codes(a);
1341 clear_filters(&rar->filters);
1342 free(rar->filename);
1343 free(rar->filename_save);
1344 free(rar->dbo);
1345 free(rar->unp_buffer);
1346 free(rar->lzss.window);
1347 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1348 free(rar);
1349 (a->format->data) = NULL;
1350 return (ARCHIVE_OK);
1351 }
1352
1353 static int
read_header(struct archive_read * a,struct archive_entry * entry,char head_type)1354 read_header(struct archive_read *a, struct archive_entry *entry,
1355 char head_type)
1356 {
1357 const void *h;
1358 const char *p, *endp;
1359 struct rar *rar;
1360 struct rar_header rar_header;
1361 struct rar_file_header file_header;
1362 int64_t header_size;
1363 unsigned filename_size, end;
1364 char *filename;
1365 char *strp;
1366 char packed_size[8];
1367 char unp_size[8];
1368 int ttime;
1369 struct archive_string_conv *sconv, *fn_sconv;
1370 unsigned long crc32_val;
1371 int ret = (ARCHIVE_OK), ret2;
1372
1373 rar = (struct rar *)(a->format->data);
1374
1375 /* Setup a string conversion object for non-rar-unicode filenames. */
1376 sconv = rar->opt_sconv;
1377 if (sconv == NULL) {
1378 if (!rar->init_default_conversion) {
1379 rar->sconv_default =
1380 archive_string_default_conversion_for_read(
1381 &(a->archive));
1382 rar->init_default_conversion = 1;
1383 }
1384 sconv = rar->sconv_default;
1385 }
1386
1387
1388 if ((h = __archive_read_ahead(a, 7, NULL)) == NULL)
1389 return (ARCHIVE_FATAL);
1390 p = h;
1391 memcpy(&rar_header, p, sizeof(rar_header));
1392 rar->file_flags = archive_le16dec(rar_header.flags);
1393 header_size = archive_le16dec(rar_header.size);
1394 if (header_size < (int64_t)sizeof(file_header) + 7) {
1395 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1396 "Invalid header size");
1397 return (ARCHIVE_FATAL);
1398 }
1399 crc32_val = crc32(0, (const unsigned char *)p + 2, 7 - 2);
1400 __archive_read_consume(a, 7);
1401
1402 if (!(rar->file_flags & FHD_SOLID))
1403 {
1404 rar->compression_method = 0;
1405 rar->packed_size = 0;
1406 rar->unp_size = 0;
1407 rar->mtime = 0;
1408 rar->ctime = 0;
1409 rar->atime = 0;
1410 rar->arctime = 0;
1411 rar->mode = 0;
1412 memset(&rar->salt, 0, sizeof(rar->salt));
1413 rar->atime = 0;
1414 rar->ansec = 0;
1415 rar->ctime = 0;
1416 rar->cnsec = 0;
1417 rar->mtime = 0;
1418 rar->mnsec = 0;
1419 rar->arctime = 0;
1420 rar->arcnsec = 0;
1421 }
1422 else
1423 {
1424 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1425 "RAR solid archive support unavailable.");
1426 return (ARCHIVE_FATAL);
1427 }
1428
1429 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL)
1430 return (ARCHIVE_FATAL);
1431
1432 /* File Header CRC check. */
1433 crc32_val = crc32(crc32_val, h, (unsigned)(header_size - 7));
1434 if ((crc32_val & 0xffff) != archive_le16dec(rar_header.crc)) {
1435 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1436 "Header CRC error");
1437 return (ARCHIVE_FATAL);
1438 }
1439 /* If no CRC error, Go on parsing File Header. */
1440 p = h;
1441 endp = p + header_size - 7;
1442 memcpy(&file_header, p, sizeof(file_header));
1443 p += sizeof(file_header);
1444
1445 rar->compression_method = file_header.method;
1446
1447 ttime = archive_le32dec(file_header.file_time);
1448 rar->mtime = get_time(ttime);
1449
1450 rar->file_crc = archive_le32dec(file_header.file_crc);
1451
1452 if (rar->file_flags & FHD_PASSWORD)
1453 {
1454 archive_entry_set_is_data_encrypted(entry, 1);
1455 rar->has_encrypted_entries = 1;
1456 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1457 "RAR encryption support unavailable.");
1458 /* Since it is only the data part itself that is encrypted we can at least
1459 extract information about the currently processed entry and don't need
1460 to return ARCHIVE_FATAL here. */
1461 /*return (ARCHIVE_FATAL);*/
1462 }
1463
1464 if (rar->file_flags & FHD_LARGE)
1465 {
1466 memcpy(packed_size, file_header.pack_size, 4);
1467 memcpy(packed_size + 4, p, 4); /* High pack size */
1468 p += 4;
1469 memcpy(unp_size, file_header.unp_size, 4);
1470 memcpy(unp_size + 4, p, 4); /* High unpack size */
1471 p += 4;
1472 rar->packed_size = archive_le64dec(&packed_size);
1473 rar->unp_size = archive_le64dec(&unp_size);
1474 }
1475 else
1476 {
1477 rar->packed_size = archive_le32dec(file_header.pack_size);
1478 rar->unp_size = archive_le32dec(file_header.unp_size);
1479 }
1480
1481 if (rar->packed_size < 0 || rar->unp_size < 0)
1482 {
1483 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1484 "Invalid sizes specified.");
1485 return (ARCHIVE_FATAL);
1486 }
1487
1488 rar->bytes_remaining = rar->packed_size;
1489
1490 /* TODO: RARv3 subblocks contain comments. For now the complete block is
1491 * consumed at the end.
1492 */
1493 if (head_type == NEWSUB_HEAD) {
1494 size_t distance = p - (const char *)h;
1495 header_size += rar->packed_size;
1496 /* Make sure we have the extended data. */
1497 if ((h = __archive_read_ahead(a, (size_t)header_size - 7, NULL)) == NULL)
1498 return (ARCHIVE_FATAL);
1499 p = h;
1500 endp = p + header_size - 7;
1501 p += distance;
1502 }
1503
1504 filename_size = archive_le16dec(file_header.name_size);
1505 if (p + filename_size > endp) {
1506 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1507 "Invalid filename size");
1508 return (ARCHIVE_FATAL);
1509 }
1510 if (rar->filename_allocated < filename_size * 2 + 2) {
1511 char *newptr;
1512 size_t newsize = filename_size * 2 + 2;
1513 newptr = realloc(rar->filename, newsize);
1514 if (newptr == NULL) {
1515 archive_set_error(&a->archive, ENOMEM,
1516 "Couldn't allocate memory.");
1517 return (ARCHIVE_FATAL);
1518 }
1519 rar->filename = newptr;
1520 rar->filename_allocated = newsize;
1521 }
1522 filename = rar->filename;
1523 memcpy(filename, p, filename_size);
1524 filename[filename_size] = '\0';
1525 if (rar->file_flags & FHD_UNICODE)
1526 {
1527 if (filename_size != strlen(filename))
1528 {
1529 unsigned char highbyte, flagbits, flagbyte;
1530 unsigned fn_end, offset;
1531
1532 end = filename_size;
1533 fn_end = filename_size * 2;
1534 filename_size = 0;
1535 offset = (unsigned)strlen(filename) + 1;
1536 highbyte = *(p + offset++);
1537 flagbits = 0;
1538 flagbyte = 0;
1539 while (offset < end && filename_size < fn_end)
1540 {
1541 if (!flagbits)
1542 {
1543 flagbyte = *(p + offset++);
1544 flagbits = 8;
1545 }
1546
1547 flagbits -= 2;
1548 switch((flagbyte >> flagbits) & 3)
1549 {
1550 case 0:
1551 filename[filename_size++] = '\0';
1552 filename[filename_size++] = *(p + offset++);
1553 break;
1554 case 1:
1555 filename[filename_size++] = highbyte;
1556 filename[filename_size++] = *(p + offset++);
1557 break;
1558 case 2:
1559 filename[filename_size++] = *(p + offset + 1);
1560 filename[filename_size++] = *(p + offset);
1561 offset += 2;
1562 break;
1563 case 3:
1564 {
1565 char extra, high;
1566 uint8_t length = *(p + offset++);
1567
1568 if (length & 0x80) {
1569 extra = *(p + offset++);
1570 high = (char)highbyte;
1571 } else
1572 extra = high = 0;
1573 length = (length & 0x7f) + 2;
1574 while (length && filename_size < fn_end) {
1575 unsigned cp = filename_size >> 1;
1576 filename[filename_size++] = high;
1577 filename[filename_size++] = p[cp] + extra;
1578 length--;
1579 }
1580 }
1581 break;
1582 }
1583 }
1584 if (filename_size > fn_end) {
1585 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1586 "Invalid filename");
1587 return (ARCHIVE_FATAL);
1588 }
1589 filename[filename_size++] = '\0';
1590 /*
1591 * Do not increment filename_size here as the computations below
1592 * add the space for the terminating NUL explicitly.
1593 */
1594 filename[filename_size] = '\0';
1595
1596 /* Decoded unicode form is UTF-16BE, so we have to update a string
1597 * conversion object for it. */
1598 if (rar->sconv_utf16be == NULL) {
1599 rar->sconv_utf16be = archive_string_conversion_from_charset(
1600 &a->archive, "UTF-16BE", 1);
1601 if (rar->sconv_utf16be == NULL)
1602 return (ARCHIVE_FATAL);
1603 }
1604 fn_sconv = rar->sconv_utf16be;
1605
1606 strp = filename;
1607 while (memcmp(strp, "\x00\x00", 2))
1608 {
1609 if (!memcmp(strp, "\x00\\", 2))
1610 *(strp + 1) = '/';
1611 strp += 2;
1612 }
1613 p += offset;
1614 } else {
1615 /*
1616 * If FHD_UNICODE is set but no unicode data, this file name form
1617 * is UTF-8, so we have to update a string conversion object for
1618 * it accordingly.
1619 */
1620 if (rar->sconv_utf8 == NULL) {
1621 rar->sconv_utf8 = archive_string_conversion_from_charset(
1622 &a->archive, "UTF-8", 1);
1623 if (rar->sconv_utf8 == NULL)
1624 return (ARCHIVE_FATAL);
1625 }
1626 fn_sconv = rar->sconv_utf8;
1627 while ((strp = strchr(filename, '\\')) != NULL)
1628 *strp = '/';
1629 p += filename_size;
1630 }
1631 }
1632 else
1633 {
1634 fn_sconv = sconv;
1635 while ((strp = strchr(filename, '\\')) != NULL)
1636 *strp = '/';
1637 p += filename_size;
1638 }
1639
1640 /* Split file in multivolume RAR. No more need to process header. */
1641 if (rar->filename_save &&
1642 filename_size == rar->filename_save_size &&
1643 !memcmp(rar->filename, rar->filename_save, filename_size + 1))
1644 {
1645 __archive_read_consume(a, header_size - 7);
1646 rar->cursor++;
1647 if (rar->cursor >= rar->nodes)
1648 {
1649 rar->nodes++;
1650 if ((rar->dbo =
1651 realloc(rar->dbo, sizeof(*rar->dbo) * rar->nodes)) == NULL)
1652 {
1653 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
1654 return (ARCHIVE_FATAL);
1655 }
1656 rar->dbo[rar->cursor].header_size = header_size;
1657 rar->dbo[rar->cursor].start_offset = -1;
1658 rar->dbo[rar->cursor].end_offset = -1;
1659 }
1660 if (rar->dbo[rar->cursor].start_offset < 0)
1661 {
1662 rar->dbo[rar->cursor].start_offset = a->filter->position;
1663 rar->dbo[rar->cursor].end_offset = rar->dbo[rar->cursor].start_offset +
1664 rar->packed_size;
1665 }
1666 return ret;
1667 }
1668 else if (rar->filename_must_match)
1669 {
1670 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1671 "Mismatch of file parts split across multi-volume archive");
1672 return (ARCHIVE_FATAL);
1673 }
1674
1675 rar->filename_save = (char*)realloc(rar->filename_save,
1676 filename_size + 1);
1677 memcpy(rar->filename_save, rar->filename, filename_size + 1);
1678 rar->filename_save_size = filename_size;
1679
1680 /* Set info for seeking */
1681 free(rar->dbo);
1682 if ((rar->dbo = calloc(1, sizeof(*rar->dbo))) == NULL)
1683 {
1684 archive_set_error(&a->archive, ENOMEM, "Couldn't allocate memory.");
1685 return (ARCHIVE_FATAL);
1686 }
1687 rar->dbo[0].header_size = header_size;
1688 rar->dbo[0].start_offset = -1;
1689 rar->dbo[0].end_offset = -1;
1690 rar->cursor = 0;
1691 rar->nodes = 1;
1692
1693 if (rar->file_flags & FHD_SALT)
1694 {
1695 if (p + 8 > endp) {
1696 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1697 "Invalid header size");
1698 return (ARCHIVE_FATAL);
1699 }
1700 memcpy(rar->salt, p, 8);
1701 p += 8;
1702 }
1703
1704 if (rar->file_flags & FHD_EXTTIME) {
1705 if (read_exttime(p, rar, endp) < 0) {
1706 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1707 "Invalid header size");
1708 return (ARCHIVE_FATAL);
1709 }
1710 }
1711
1712 __archive_read_consume(a, header_size - 7);
1713 rar->dbo[0].start_offset = a->filter->position;
1714 rar->dbo[0].end_offset = rar->dbo[0].start_offset + rar->packed_size;
1715
1716 switch(file_header.host_os)
1717 {
1718 case OS_MSDOS:
1719 case OS_OS2:
1720 case OS_WIN32:
1721 rar->mode = archive_le32dec(file_header.file_attr);
1722 if (rar->mode & FILE_ATTRIBUTE_DIRECTORY)
1723 rar->mode = AE_IFDIR | S_IXUSR | S_IXGRP | S_IXOTH;
1724 else
1725 rar->mode = AE_IFREG;
1726 rar->mode |= S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH;
1727 break;
1728
1729 case OS_UNIX:
1730 case OS_MAC_OS:
1731 case OS_BEOS:
1732 rar->mode = archive_le32dec(file_header.file_attr);
1733 break;
1734
1735 default:
1736 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1737 "Unknown file attributes from RAR file's host OS");
1738 return (ARCHIVE_FATAL);
1739 }
1740
1741 rar->bytes_uncopied = rar->bytes_unconsumed = 0;
1742 rar->lzss.position = rar->offset = 0;
1743 rar->offset_seek = 0;
1744 rar->dictionary_size = 0;
1745 rar->offset_outgoing = 0;
1746 rar->br.cache_avail = 0;
1747 rar->br.avail_in = 0;
1748 rar->crc_calculated = 0;
1749 rar->entry_eof = 0;
1750 rar->valid = 1;
1751 rar->is_ppmd_block = 0;
1752 rar->start_new_table = 1;
1753 free(rar->unp_buffer);
1754 rar->unp_buffer = NULL;
1755 rar->unp_offset = 0;
1756 rar->unp_buffer_size = UNP_BUFFER_SIZE;
1757 memset(rar->lengthtable, 0, sizeof(rar->lengthtable));
1758 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
1759 rar->ppmd_valid = rar->ppmd_eod = 0;
1760 rar->filters.filterstart = INT64_MAX;
1761
1762 /* Don't set any archive entries for non-file header types */
1763 if (head_type == NEWSUB_HEAD)
1764 return ret;
1765
1766 archive_entry_set_mtime(entry, rar->mtime, rar->mnsec);
1767 archive_entry_set_ctime(entry, rar->ctime, rar->cnsec);
1768 archive_entry_set_atime(entry, rar->atime, rar->ansec);
1769 archive_entry_set_size(entry, rar->unp_size);
1770 archive_entry_set_mode(entry, rar->mode);
1771
1772 if (archive_entry_copy_pathname_l(entry, filename, filename_size, fn_sconv))
1773 {
1774 if (errno == ENOMEM)
1775 {
1776 archive_set_error(&a->archive, ENOMEM,
1777 "Can't allocate memory for Pathname");
1778 return (ARCHIVE_FATAL);
1779 }
1780 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1781 "Pathname cannot be converted from %s to current locale.",
1782 archive_string_conversion_charset_name(fn_sconv));
1783 ret = (ARCHIVE_WARN);
1784 }
1785
1786 if (((rar->mode) & AE_IFMT) == AE_IFLNK)
1787 {
1788 /* Make sure a symbolic-link file does not have its body. */
1789 rar->bytes_remaining = 0;
1790 archive_entry_set_size(entry, 0);
1791
1792 /* Read a symbolic-link name. */
1793 if ((ret2 = read_symlink_stored(a, entry, sconv)) < (ARCHIVE_WARN))
1794 return ret2;
1795 if (ret > ret2)
1796 ret = ret2;
1797 }
1798
1799 if (rar->bytes_remaining == 0)
1800 rar->entry_eof = 1;
1801
1802 return ret;
1803 }
1804
1805 static time_t
get_time(int ttime)1806 get_time(int ttime)
1807 {
1808 struct tm tm;
1809 tm.tm_sec = 2 * (ttime & 0x1f);
1810 tm.tm_min = (ttime >> 5) & 0x3f;
1811 tm.tm_hour = (ttime >> 11) & 0x1f;
1812 tm.tm_mday = (ttime >> 16) & 0x1f;
1813 tm.tm_mon = ((ttime >> 21) & 0x0f) - 1;
1814 tm.tm_year = ((ttime >> 25) & 0x7f) + 80;
1815 tm.tm_isdst = -1;
1816 return mktime(&tm);
1817 }
1818
1819 static int
read_exttime(const char * p,struct rar * rar,const char * endp)1820 read_exttime(const char *p, struct rar *rar, const char *endp)
1821 {
1822 unsigned rmode, flags, rem, j, count;
1823 int ttime, i;
1824 struct tm *tm;
1825 time_t t;
1826 long nsec;
1827 #if defined(HAVE_LOCALTIME_R) || defined(HAVE__LOCALTIME64_S)
1828 struct tm tmbuf;
1829 #endif
1830 #if defined(HAVE__LOCALTIME64_S)
1831 errno_t terr;
1832 __time64_t tmptime;
1833 #endif
1834
1835 if (p + 2 > endp)
1836 return (-1);
1837 flags = archive_le16dec(p);
1838 p += 2;
1839
1840 for (i = 3; i >= 0; i--)
1841 {
1842 t = 0;
1843 if (i == 3)
1844 t = rar->mtime;
1845 rmode = flags >> i * 4;
1846 if (rmode & 8)
1847 {
1848 if (!t)
1849 {
1850 if (p + 4 > endp)
1851 return (-1);
1852 ttime = archive_le32dec(p);
1853 t = get_time(ttime);
1854 p += 4;
1855 }
1856 rem = 0;
1857 count = rmode & 3;
1858 if (p + count > endp)
1859 return (-1);
1860 for (j = 0; j < count; j++)
1861 {
1862 rem = (((unsigned)(unsigned char)*p) << 16) | (rem >> 8);
1863 p++;
1864 }
1865 #if defined(HAVE_LOCALTIME_R)
1866 tm = localtime_r(&t, &tmbuf);
1867 #elif defined(HAVE__LOCALTIME64_S)
1868 tmptime = t;
1869 terr = _localtime64_s(&tmbuf, &tmptime);
1870 if (terr)
1871 tm = NULL;
1872 else
1873 tm = &tmbuf;
1874 #else
1875 tm = localtime(&t);
1876 #endif
1877 nsec = tm->tm_sec + rem / NS_UNIT;
1878 if (rmode & 4)
1879 {
1880 tm->tm_sec++;
1881 t = mktime(tm);
1882 }
1883 if (i == 3)
1884 {
1885 rar->mtime = t;
1886 rar->mnsec = nsec;
1887 }
1888 else if (i == 2)
1889 {
1890 rar->ctime = t;
1891 rar->cnsec = nsec;
1892 }
1893 else if (i == 1)
1894 {
1895 rar->atime = t;
1896 rar->ansec = nsec;
1897 }
1898 else
1899 {
1900 rar->arctime = t;
1901 rar->arcnsec = nsec;
1902 }
1903 }
1904 }
1905 return (0);
1906 }
1907
1908 static int
read_symlink_stored(struct archive_read * a,struct archive_entry * entry,struct archive_string_conv * sconv)1909 read_symlink_stored(struct archive_read *a, struct archive_entry *entry,
1910 struct archive_string_conv *sconv)
1911 {
1912 const void *h;
1913 const char *p;
1914 struct rar *rar;
1915 int ret = (ARCHIVE_OK);
1916
1917 rar = (struct rar *)(a->format->data);
1918 if ((h = rar_read_ahead(a, (size_t)rar->packed_size, NULL)) == NULL)
1919 return (ARCHIVE_FATAL);
1920 p = h;
1921
1922 if (archive_entry_copy_symlink_l(entry,
1923 p, (size_t)rar->packed_size, sconv))
1924 {
1925 if (errno == ENOMEM)
1926 {
1927 archive_set_error(&a->archive, ENOMEM,
1928 "Can't allocate memory for link");
1929 return (ARCHIVE_FATAL);
1930 }
1931 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1932 "link cannot be converted from %s to current locale.",
1933 archive_string_conversion_charset_name(sconv));
1934 ret = (ARCHIVE_WARN);
1935 }
1936 __archive_read_consume(a, rar->packed_size);
1937 return ret;
1938 }
1939
1940 static int
read_data_stored(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset)1941 read_data_stored(struct archive_read *a, const void **buff, size_t *size,
1942 int64_t *offset)
1943 {
1944 struct rar *rar;
1945 ssize_t bytes_avail;
1946
1947 rar = (struct rar *)(a->format->data);
1948 if (rar->bytes_remaining == 0 &&
1949 !(rar->main_flags & MHD_VOLUME && rar->file_flags & FHD_SPLIT_AFTER))
1950 {
1951 *buff = NULL;
1952 *size = 0;
1953 *offset = rar->offset;
1954 if (rar->file_crc != rar->crc_calculated) {
1955 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1956 "File CRC error");
1957 return (ARCHIVE_FATAL);
1958 }
1959 rar->entry_eof = 1;
1960 return (ARCHIVE_EOF);
1961 }
1962
1963 *buff = rar_read_ahead(a, 1, &bytes_avail);
1964 if (bytes_avail <= 0)
1965 {
1966 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
1967 "Truncated RAR file data");
1968 return (ARCHIVE_FATAL);
1969 }
1970
1971 *size = bytes_avail;
1972 *offset = rar->offset;
1973 rar->offset += bytes_avail;
1974 rar->offset_seek += bytes_avail;
1975 rar->bytes_remaining -= bytes_avail;
1976 rar->bytes_unconsumed = bytes_avail;
1977 /* Calculate File CRC. */
1978 rar->crc_calculated = crc32(rar->crc_calculated, *buff,
1979 (unsigned)bytes_avail);
1980 return (ARCHIVE_OK);
1981 }
1982
1983 static int
read_data_compressed(struct archive_read * a,const void ** buff,size_t * size,int64_t * offset,size_t looper)1984 read_data_compressed(struct archive_read *a, const void **buff, size_t *size,
1985 int64_t *offset, size_t looper)
1986 {
1987 if (looper++ > MAX_COMPRESS_DEPTH)
1988 return (ARCHIVE_FATAL);
1989
1990 struct rar *rar;
1991 int64_t start, end;
1992 size_t bs;
1993 int ret = (ARCHIVE_OK), sym, code, lzss_offset, length, i;
1994
1995 rar = (struct rar *)(a->format->data);
1996
1997 do {
1998 if (!rar->valid)
1999 return (ARCHIVE_FATAL);
2000
2001 if (rar->filters.bytes_ready > 0)
2002 {
2003 /* Flush unp_buffer first */
2004 if (rar->unp_offset > 0)
2005 {
2006 *buff = rar->unp_buffer;
2007 *size = rar->unp_offset;
2008 rar->unp_offset = 0;
2009 *offset = rar->offset_outgoing;
2010 rar->offset_outgoing += *size;
2011 }
2012 else
2013 {
2014 *buff = rar->filters.bytes;
2015 *size = rar->filters.bytes_ready;
2016
2017 rar->offset += *size;
2018 *offset = rar->offset_outgoing;
2019 rar->offset_outgoing += *size;
2020
2021 rar->filters.bytes_ready -= *size;
2022 rar->filters.bytes += *size;
2023 }
2024 goto ending_block;
2025 }
2026
2027 if (rar->ppmd_eod ||
2028 (rar->dictionary_size && rar->offset >= rar->unp_size))
2029 {
2030 if (rar->unp_offset > 0) {
2031 /*
2032 * We have unprocessed extracted data. write it out.
2033 */
2034 *buff = rar->unp_buffer;
2035 *size = rar->unp_offset;
2036 *offset = rar->offset_outgoing;
2037 rar->offset_outgoing += *size;
2038 /* Calculate File CRC. */
2039 rar->crc_calculated = crc32(rar->crc_calculated, *buff,
2040 (unsigned)*size);
2041 rar->unp_offset = 0;
2042 return (ARCHIVE_OK);
2043 }
2044 *buff = NULL;
2045 *size = 0;
2046 *offset = rar->offset;
2047 if (rar->file_crc != rar->crc_calculated) {
2048 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2049 "File CRC error");
2050 return (ARCHIVE_FATAL);
2051 }
2052 rar->entry_eof = 1;
2053 return (ARCHIVE_EOF);
2054 }
2055
2056 if (!rar->is_ppmd_block && rar->dictionary_size && rar->bytes_uncopied > 0)
2057 {
2058 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset))
2059 bs = rar->unp_buffer_size - rar->unp_offset;
2060 else
2061 bs = (size_t)rar->bytes_uncopied;
2062 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs);
2063 if (ret != ARCHIVE_OK)
2064 return (ret);
2065 rar->offset += bs;
2066 rar->bytes_uncopied -= bs;
2067 if (*buff != NULL) {
2068 rar->unp_offset = 0;
2069 *size = rar->unp_buffer_size;
2070 *offset = rar->offset_outgoing;
2071 rar->offset_outgoing += *size;
2072 /* Calculate File CRC. */
2073 rar->crc_calculated = crc32(rar->crc_calculated, *buff,
2074 (unsigned)*size);
2075 return (ret);
2076 }
2077 continue;
2078 }
2079
2080 if (rar->filters.lastend == rar->filters.filterstart)
2081 {
2082 if (!run_filters(a))
2083 return (ARCHIVE_FATAL);
2084 continue;
2085 }
2086
2087 if (!rar->br.next_in &&
2088 (ret = rar_br_preparation(a, &(rar->br))) < ARCHIVE_WARN)
2089 return (ret);
2090 if (rar->start_new_table && ((ret = parse_codes(a)) < (ARCHIVE_WARN)))
2091 return (ret);
2092
2093 if (rar->is_ppmd_block)
2094 {
2095 if ((sym = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2096 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2097 {
2098 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2099 "Invalid symbol");
2100 return (ARCHIVE_FATAL);
2101 }
2102 if(sym != rar->ppmd_escape)
2103 {
2104 lzss_emit_literal(rar, sym);
2105 rar->bytes_uncopied++;
2106 }
2107 else
2108 {
2109 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2110 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2111 {
2112 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2113 "Invalid symbol");
2114 return (ARCHIVE_FATAL);
2115 }
2116
2117 switch(code)
2118 {
2119 case 0:
2120 rar->start_new_table = 1;
2121 return read_data_compressed(a, buff, size, offset, looper);
2122
2123 case 2:
2124 rar->ppmd_eod = 1;/* End Of ppmd Data. */
2125 continue;
2126
2127 case 3:
2128 archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
2129 "Parsing filters is unsupported.");
2130 return (ARCHIVE_FAILED);
2131
2132 case 4:
2133 lzss_offset = 0;
2134 for (i = 2; i >= 0; i--)
2135 {
2136 if ((code = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2137 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2138 {
2139 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2140 "Invalid symbol");
2141 return (ARCHIVE_FATAL);
2142 }
2143 lzss_offset |= code << (i * 8);
2144 }
2145 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2146 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2147 {
2148 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2149 "Invalid symbol");
2150 return (ARCHIVE_FATAL);
2151 }
2152 lzss_emit_match(rar, lzss_offset + 2, length + 32);
2153 rar->bytes_uncopied += length + 32;
2154 break;
2155
2156 case 5:
2157 if ((length = __archive_ppmd7_functions.Ppmd7_DecodeSymbol(
2158 &rar->ppmd7_context, &rar->range_dec.p)) < 0)
2159 {
2160 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2161 "Invalid symbol");
2162 return (ARCHIVE_FATAL);
2163 }
2164 lzss_emit_match(rar, 1, length + 4);
2165 rar->bytes_uncopied += length + 4;
2166 break;
2167
2168 default:
2169 lzss_emit_literal(rar, sym);
2170 rar->bytes_uncopied++;
2171 }
2172 }
2173 }
2174 else
2175 {
2176 start = rar->offset;
2177 end = start + rar->dictionary_size;
2178 if (rar->filters.filterstart < end) {
2179 end = rar->filters.filterstart;
2180 }
2181
2182 ret = expand(a, &end);
2183 if (ret != ARCHIVE_OK)
2184 return (ret);
2185
2186 rar->bytes_uncopied = end - start;
2187 rar->filters.lastend = end;
2188 if (rar->filters.lastend != rar->filters.filterstart && rar->bytes_uncopied == 0) {
2189 /* Broken RAR files cause this case.
2190 * NOTE: If this case were possible on a normal RAR file
2191 * we would find out where it was actually bad and
2192 * what we would do to solve it. */
2193 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2194 "Internal error extracting RAR file");
2195 return (ARCHIVE_FATAL);
2196 }
2197 }
2198 if (rar->bytes_uncopied > (rar->unp_buffer_size - rar->unp_offset))
2199 bs = rar->unp_buffer_size - rar->unp_offset;
2200 else
2201 bs = (size_t)rar->bytes_uncopied;
2202 ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs);
2203 if (ret != ARCHIVE_OK)
2204 return (ret);
2205 rar->offset += bs;
2206 rar->bytes_uncopied -= bs;
2207 /*
2208 * If *buff is NULL, it means unp_buffer is not full.
2209 * So we have to continue extracting a RAR file.
2210 */
2211 } while (*buff == NULL);
2212
2213 rar->unp_offset = 0;
2214 *size = rar->unp_buffer_size;
2215 *offset = rar->offset_outgoing;
2216 rar->offset_outgoing += *size;
2217 ending_block:
2218 /* Calculate File CRC. */
2219 rar->crc_calculated = crc32(rar->crc_calculated, *buff, (unsigned)*size);
2220 return ret;
2221 }
2222
2223 static int
parse_codes(struct archive_read * a)2224 parse_codes(struct archive_read *a)
2225 {
2226 int i, j, val, n, r;
2227 unsigned char bitlengths[MAX_SYMBOLS], zerocount, ppmd_flags;
2228 unsigned int maxorder;
2229 struct huffman_code precode;
2230 struct rar *rar = (struct rar *)(a->format->data);
2231 struct rar_br *br = &(rar->br);
2232
2233 free_codes(a);
2234
2235 /* Skip to the next byte */
2236 rar_br_consume_unalined_bits(br);
2237
2238 /* PPMd block flag */
2239 if (!rar_br_read_ahead(a, br, 1))
2240 goto truncated_data;
2241 if ((rar->is_ppmd_block = rar_br_bits(br, 1)) != 0)
2242 {
2243 rar_br_consume(br, 1);
2244 if (!rar_br_read_ahead(a, br, 7))
2245 goto truncated_data;
2246 ppmd_flags = rar_br_bits(br, 7);
2247 rar_br_consume(br, 7);
2248
2249 /* Memory is allocated in MB */
2250 if (ppmd_flags & 0x20)
2251 {
2252 if (!rar_br_read_ahead(a, br, 8))
2253 goto truncated_data;
2254 rar->dictionary_size = (rar_br_bits(br, 8) + 1) << 20;
2255 rar_br_consume(br, 8);
2256 }
2257
2258 if (ppmd_flags & 0x40)
2259 {
2260 if (!rar_br_read_ahead(a, br, 8))
2261 goto truncated_data;
2262 rar->ppmd_escape = rar->ppmd7_context.InitEsc = rar_br_bits(br, 8);
2263 rar_br_consume(br, 8);
2264 }
2265 else
2266 rar->ppmd_escape = 2;
2267
2268 if (ppmd_flags & 0x20)
2269 {
2270 maxorder = (ppmd_flags & 0x1F) + 1;
2271 if(maxorder > 16)
2272 maxorder = 16 + (maxorder - 16) * 3;
2273
2274 if (maxorder == 1)
2275 {
2276 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2277 "Truncated RAR file data");
2278 return (ARCHIVE_FATAL);
2279 }
2280
2281 /* Make sure ppmd7_contest is freed before Ppmd7_Construct
2282 * because reading a broken file cause this abnormal sequence. */
2283 __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context);
2284
2285 rar->bytein.a = a;
2286 rar->bytein.Read = &ppmd_read;
2287 __archive_ppmd7_functions.PpmdRAR_RangeDec_CreateVTable(&rar->range_dec);
2288 rar->range_dec.Stream = &rar->bytein;
2289 __archive_ppmd7_functions.Ppmd7_Construct(&rar->ppmd7_context);
2290
2291 if (rar->dictionary_size == 0) {
2292 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2293 "Invalid zero dictionary size");
2294 return (ARCHIVE_FATAL);
2295 }
2296
2297 if (!__archive_ppmd7_functions.Ppmd7_Alloc(&rar->ppmd7_context,
2298 rar->dictionary_size))
2299 {
2300 archive_set_error(&a->archive, ENOMEM,
2301 "Out of memory");
2302 return (ARCHIVE_FATAL);
2303 }
2304 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec))
2305 {
2306 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2307 "Unable to initialize PPMd range decoder");
2308 return (ARCHIVE_FATAL);
2309 }
2310 __archive_ppmd7_functions.Ppmd7_Init(&rar->ppmd7_context, maxorder);
2311 rar->ppmd_valid = 1;
2312 }
2313 else
2314 {
2315 if (!rar->ppmd_valid) {
2316 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2317 "Invalid PPMd sequence");
2318 return (ARCHIVE_FATAL);
2319 }
2320 if (!__archive_ppmd7_functions.PpmdRAR_RangeDec_Init(&rar->range_dec))
2321 {
2322 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2323 "Unable to initialize PPMd range decoder");
2324 return (ARCHIVE_FATAL);
2325 }
2326 }
2327 }
2328 else
2329 {
2330 rar_br_consume(br, 1);
2331
2332 /* Keep existing table flag */
2333 if (!rar_br_read_ahead(a, br, 1))
2334 goto truncated_data;
2335 if (!rar_br_bits(br, 1))
2336 memset(rar->lengthtable, 0, sizeof(rar->lengthtable));
2337 rar_br_consume(br, 1);
2338
2339 memset(&bitlengths, 0, sizeof(bitlengths));
2340 for (i = 0; i < MAX_SYMBOLS;)
2341 {
2342 if (!rar_br_read_ahead(a, br, 4))
2343 goto truncated_data;
2344 bitlengths[i++] = rar_br_bits(br, 4);
2345 rar_br_consume(br, 4);
2346 if (bitlengths[i-1] == 0xF)
2347 {
2348 if (!rar_br_read_ahead(a, br, 4))
2349 goto truncated_data;
2350 zerocount = rar_br_bits(br, 4);
2351 rar_br_consume(br, 4);
2352 if (zerocount)
2353 {
2354 i--;
2355 for (j = 0; j < zerocount + 2 && i < MAX_SYMBOLS; j++)
2356 bitlengths[i++] = 0;
2357 }
2358 }
2359 }
2360
2361 memset(&precode, 0, sizeof(precode));
2362 r = create_code(a, &precode, bitlengths, MAX_SYMBOLS, MAX_SYMBOL_LENGTH);
2363 if (r != ARCHIVE_OK) {
2364 free(precode.tree);
2365 free(precode.table);
2366 return (r);
2367 }
2368
2369 for (i = 0; i < HUFFMAN_TABLE_SIZE;)
2370 {
2371 if ((val = read_next_symbol(a, &precode)) < 0) {
2372 free(precode.tree);
2373 free(precode.table);
2374 return (ARCHIVE_FATAL);
2375 }
2376 if (val < 16)
2377 {
2378 rar->lengthtable[i] = (rar->lengthtable[i] + val) & 0xF;
2379 i++;
2380 }
2381 else if (val < 18)
2382 {
2383 if (i == 0)
2384 {
2385 free(precode.tree);
2386 free(precode.table);
2387 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2388 "Internal error extracting RAR file.");
2389 return (ARCHIVE_FATAL);
2390 }
2391
2392 if(val == 16) {
2393 if (!rar_br_read_ahead(a, br, 3)) {
2394 free(precode.tree);
2395 free(precode.table);
2396 goto truncated_data;
2397 }
2398 n = rar_br_bits(br, 3) + 3;
2399 rar_br_consume(br, 3);
2400 } else {
2401 if (!rar_br_read_ahead(a, br, 7)) {
2402 free(precode.tree);
2403 free(precode.table);
2404 goto truncated_data;
2405 }
2406 n = rar_br_bits(br, 7) + 11;
2407 rar_br_consume(br, 7);
2408 }
2409
2410 for (j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++)
2411 {
2412 rar->lengthtable[i] = rar->lengthtable[i-1];
2413 i++;
2414 }
2415 }
2416 else
2417 {
2418 if(val == 18) {
2419 if (!rar_br_read_ahead(a, br, 3)) {
2420 free(precode.tree);
2421 free(precode.table);
2422 goto truncated_data;
2423 }
2424 n = rar_br_bits(br, 3) + 3;
2425 rar_br_consume(br, 3);
2426 } else {
2427 if (!rar_br_read_ahead(a, br, 7)) {
2428 free(precode.tree);
2429 free(precode.table);
2430 goto truncated_data;
2431 }
2432 n = rar_br_bits(br, 7) + 11;
2433 rar_br_consume(br, 7);
2434 }
2435
2436 for(j = 0; j < n && i < HUFFMAN_TABLE_SIZE; j++)
2437 rar->lengthtable[i++] = 0;
2438 }
2439 }
2440 free(precode.tree);
2441 free(precode.table);
2442
2443 r = create_code(a, &rar->maincode, &rar->lengthtable[0], MAINCODE_SIZE,
2444 MAX_SYMBOL_LENGTH);
2445 if (r != ARCHIVE_OK)
2446 return (r);
2447 r = create_code(a, &rar->offsetcode, &rar->lengthtable[MAINCODE_SIZE],
2448 OFFSETCODE_SIZE, MAX_SYMBOL_LENGTH);
2449 if (r != ARCHIVE_OK)
2450 return (r);
2451 r = create_code(a, &rar->lowoffsetcode,
2452 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE],
2453 LOWOFFSETCODE_SIZE, MAX_SYMBOL_LENGTH);
2454 if (r != ARCHIVE_OK)
2455 return (r);
2456 r = create_code(a, &rar->lengthcode,
2457 &rar->lengthtable[MAINCODE_SIZE + OFFSETCODE_SIZE +
2458 LOWOFFSETCODE_SIZE], LENGTHCODE_SIZE, MAX_SYMBOL_LENGTH);
2459 if (r != ARCHIVE_OK)
2460 return (r);
2461 }
2462
2463 if (!rar->dictionary_size || !rar->lzss.window)
2464 {
2465 /* Seems as though dictionary sizes are not used. Even so, minimize
2466 * memory usage as much as possible.
2467 */
2468 void *new_window;
2469 unsigned int new_size;
2470
2471 if (rar->unp_size >= DICTIONARY_MAX_SIZE)
2472 new_size = DICTIONARY_MAX_SIZE;
2473 else
2474 new_size = rar_fls((unsigned int)rar->unp_size) << 1;
2475 if (new_size == 0) {
2476 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2477 "Zero window size is invalid.");
2478 return (ARCHIVE_FATAL);
2479 }
2480 new_window = realloc(rar->lzss.window, new_size);
2481 if (new_window == NULL) {
2482 archive_set_error(&a->archive, ENOMEM,
2483 "Unable to allocate memory for uncompressed data.");
2484 return (ARCHIVE_FATAL);
2485 }
2486 rar->lzss.window = (unsigned char *)new_window;
2487 rar->dictionary_size = new_size;
2488 memset(rar->lzss.window, 0, rar->dictionary_size);
2489 rar->lzss.mask = rar->dictionary_size - 1;
2490 }
2491
2492 rar->start_new_table = 0;
2493 return (ARCHIVE_OK);
2494 truncated_data:
2495 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2496 "Truncated RAR file data");
2497 rar->valid = 0;
2498 return (ARCHIVE_FATAL);
2499 }
2500
2501 static void
free_codes(struct archive_read * a)2502 free_codes(struct archive_read *a)
2503 {
2504 struct rar *rar = (struct rar *)(a->format->data);
2505 free(rar->maincode.tree);
2506 free(rar->offsetcode.tree);
2507 free(rar->lowoffsetcode.tree);
2508 free(rar->lengthcode.tree);
2509 free(rar->maincode.table);
2510 free(rar->offsetcode.table);
2511 free(rar->lowoffsetcode.table);
2512 free(rar->lengthcode.table);
2513 memset(&rar->maincode, 0, sizeof(rar->maincode));
2514 memset(&rar->offsetcode, 0, sizeof(rar->offsetcode));
2515 memset(&rar->lowoffsetcode, 0, sizeof(rar->lowoffsetcode));
2516 memset(&rar->lengthcode, 0, sizeof(rar->lengthcode));
2517 }
2518
2519
2520 static int
read_next_symbol(struct archive_read * a,struct huffman_code * code)2521 read_next_symbol(struct archive_read *a, struct huffman_code *code)
2522 {
2523 unsigned char bit;
2524 unsigned int bits;
2525 int length, value, node;
2526 struct rar *rar;
2527 struct rar_br *br;
2528
2529 if (!code->table)
2530 {
2531 if (make_table(a, code) != (ARCHIVE_OK))
2532 return -1;
2533 }
2534
2535 rar = (struct rar *)(a->format->data);
2536 br = &(rar->br);
2537
2538 /* Look ahead (peek) at bits */
2539 if (!rar_br_read_ahead(a, br, code->tablesize)) {
2540 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2541 "Truncated RAR file data");
2542 rar->valid = 0;
2543 return -1;
2544 }
2545 bits = rar_br_bits(br, code->tablesize);
2546
2547 length = code->table[bits].length;
2548 value = code->table[bits].value;
2549
2550 if (length < 0)
2551 {
2552 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2553 "Invalid prefix code in bitstream");
2554 return -1;
2555 }
2556
2557 if (length <= code->tablesize)
2558 {
2559 /* Skip length bits */
2560 rar_br_consume(br, length);
2561 return value;
2562 }
2563
2564 /* Skip tablesize bits */
2565 rar_br_consume(br, code->tablesize);
2566
2567 node = value;
2568 while (!(code->tree[node].branches[0] ==
2569 code->tree[node].branches[1]))
2570 {
2571 if (!rar_br_read_ahead(a, br, 1)) {
2572 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2573 "Truncated RAR file data");
2574 rar->valid = 0;
2575 return -1;
2576 }
2577 bit = rar_br_bits(br, 1);
2578 rar_br_consume(br, 1);
2579
2580 if (code->tree[node].branches[bit] < 0)
2581 {
2582 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2583 "Invalid prefix code in bitstream");
2584 return -1;
2585 }
2586 node = code->tree[node].branches[bit];
2587 }
2588
2589 return code->tree[node].branches[0];
2590 }
2591
2592 static int
create_code(struct archive_read * a,struct huffman_code * code,unsigned char * lengths,int numsymbols,char maxlength)2593 create_code(struct archive_read *a, struct huffman_code *code,
2594 unsigned char *lengths, int numsymbols, char maxlength)
2595 {
2596 int i, j, codebits = 0, symbolsleft = numsymbols;
2597
2598 code->numentries = 0;
2599 code->numallocatedentries = 0;
2600 if (new_node(code) < 0) {
2601 archive_set_error(&a->archive, ENOMEM,
2602 "Unable to allocate memory for node data.");
2603 return (ARCHIVE_FATAL);
2604 }
2605 code->numentries = 1;
2606 code->minlength = INT_MAX;
2607 code->maxlength = INT_MIN;
2608 codebits = 0;
2609 for(i = 1; i <= maxlength; i++)
2610 {
2611 for(j = 0; j < numsymbols; j++)
2612 {
2613 if (lengths[j] != i) continue;
2614 if (add_value(a, code, j, codebits, i) != ARCHIVE_OK)
2615 return (ARCHIVE_FATAL);
2616 codebits++;
2617 if (--symbolsleft <= 0)
2618 break;
2619 }
2620 if (symbolsleft <= 0)
2621 break;
2622 codebits <<= 1;
2623 }
2624 return (ARCHIVE_OK);
2625 }
2626
2627 static int
add_value(struct archive_read * a,struct huffman_code * code,int value,int codebits,int length)2628 add_value(struct archive_read *a, struct huffman_code *code, int value,
2629 int codebits, int length)
2630 {
2631 int lastnode, bitpos, bit;
2632 /* int repeatpos, repeatnode, nextnode; */
2633
2634 free(code->table);
2635 code->table = NULL;
2636
2637 if(length > code->maxlength)
2638 code->maxlength = length;
2639 if(length < code->minlength)
2640 code->minlength = length;
2641
2642 /*
2643 * Dead code, repeatpos was is -1
2644 *
2645 repeatpos = -1;
2646 if (repeatpos == 0 || (repeatpos >= 0
2647 && (((codebits >> (repeatpos - 1)) & 3) == 0
2648 || ((codebits >> (repeatpos - 1)) & 3) == 3)))
2649 {
2650 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2651 "Invalid repeat position");
2652 return (ARCHIVE_FATAL);
2653 }
2654 */
2655
2656 lastnode = 0;
2657 for (bitpos = length - 1; bitpos >= 0; bitpos--)
2658 {
2659 bit = (codebits >> bitpos) & 1;
2660
2661 /* Leaf node check */
2662 if (code->tree[lastnode].branches[0] ==
2663 code->tree[lastnode].branches[1])
2664 {
2665 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2666 "Prefix found");
2667 return (ARCHIVE_FATAL);
2668 }
2669
2670 /*
2671 * Dead code, repeatpos was -1, bitpos >=0
2672 *
2673 if (bitpos == repeatpos)
2674 {
2675 * Open branch check *
2676 if (!(code->tree[lastnode].branches[bit] < 0))
2677 {
2678 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2679 "Invalid repeating code");
2680 return (ARCHIVE_FATAL);
2681 }
2682
2683 if ((repeatnode = new_node(code)) < 0) {
2684 archive_set_error(&a->archive, ENOMEM,
2685 "Unable to allocate memory for node data.");
2686 return (ARCHIVE_FATAL);
2687 }
2688 if ((nextnode = new_node(code)) < 0) {
2689 archive_set_error(&a->archive, ENOMEM,
2690 "Unable to allocate memory for node data.");
2691 return (ARCHIVE_FATAL);
2692 }
2693
2694 * Set branches *
2695 code->tree[lastnode].branches[bit] = repeatnode;
2696 code->tree[repeatnode].branches[bit] = repeatnode;
2697 code->tree[repeatnode].branches[bit^1] = nextnode;
2698 lastnode = nextnode;
2699
2700 bitpos++; * terminating bit already handled, skip it *
2701 }
2702 else
2703 {
2704 */
2705 /* Open branch check */
2706 if (code->tree[lastnode].branches[bit] < 0)
2707 {
2708 if (new_node(code) < 0) {
2709 archive_set_error(&a->archive, ENOMEM,
2710 "Unable to allocate memory for node data.");
2711 return (ARCHIVE_FATAL);
2712 }
2713 code->tree[lastnode].branches[bit] = code->numentries++;
2714 }
2715
2716 /* set to branch */
2717 lastnode = code->tree[lastnode].branches[bit];
2718 /* } */
2719 }
2720
2721 if (!(code->tree[lastnode].branches[0] == -1
2722 && code->tree[lastnode].branches[1] == -2))
2723 {
2724 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2725 "Prefix found");
2726 return (ARCHIVE_FATAL);
2727 }
2728
2729 /* Set leaf value */
2730 code->tree[lastnode].branches[0] = value;
2731 code->tree[lastnode].branches[1] = value;
2732
2733 return (ARCHIVE_OK);
2734 }
2735
2736 static int
new_node(struct huffman_code * code)2737 new_node(struct huffman_code *code)
2738 {
2739 void *new_tree;
2740 if (code->numallocatedentries == code->numentries) {
2741 int new_num_entries = 256;
2742 if (code->numentries > 0) {
2743 new_num_entries = code->numentries * 2;
2744 }
2745 new_tree = realloc(code->tree, new_num_entries * sizeof(*code->tree));
2746 if (new_tree == NULL)
2747 return (-1);
2748 code->tree = (struct huffman_tree_node *)new_tree;
2749 code->numallocatedentries = new_num_entries;
2750 }
2751 code->tree[code->numentries].branches[0] = -1;
2752 code->tree[code->numentries].branches[1] = -2;
2753 return 1;
2754 }
2755
2756 static int
make_table(struct archive_read * a,struct huffman_code * code)2757 make_table(struct archive_read *a, struct huffman_code *code)
2758 {
2759 if (code->maxlength < code->minlength || code->maxlength > 10)
2760 code->tablesize = 10;
2761 else
2762 code->tablesize = code->maxlength;
2763
2764 code->table =
2765 (struct huffman_table_entry *)calloc(1, sizeof(*code->table)
2766 * ((size_t)1 << code->tablesize));
2767
2768 return make_table_recurse(a, code, 0, code->table, 0, code->tablesize);
2769 }
2770
2771 static int
make_table_recurse(struct archive_read * a,struct huffman_code * code,int node,struct huffman_table_entry * table,int depth,int maxdepth)2772 make_table_recurse(struct archive_read *a, struct huffman_code *code, int node,
2773 struct huffman_table_entry *table, int depth,
2774 int maxdepth)
2775 {
2776 int currtablesize, i, ret = (ARCHIVE_OK);
2777
2778 if (!code->tree)
2779 {
2780 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2781 "Huffman tree was not created.");
2782 return (ARCHIVE_FATAL);
2783 }
2784 if (node < 0 || node >= code->numentries)
2785 {
2786 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
2787 "Invalid location to Huffman tree specified.");
2788 return (ARCHIVE_FATAL);
2789 }
2790
2791 currtablesize = 1 << (maxdepth - depth);
2792
2793 if (code->tree[node].branches[0] ==
2794 code->tree[node].branches[1])
2795 {
2796 for(i = 0; i < currtablesize; i++)
2797 {
2798 table[i].length = depth;
2799 table[i].value = code->tree[node].branches[0];
2800 }
2801 }
2802 /*
2803 * Dead code, node >= 0
2804 *
2805 else if (node < 0)
2806 {
2807 for(i = 0; i < currtablesize; i++)
2808 table[i].length = -1;
2809 }
2810 */
2811 else
2812 {
2813 if(depth == maxdepth)
2814 {
2815 table[0].length = maxdepth + 1;
2816 table[0].value = node;
2817 }
2818 else
2819 {
2820 ret |= make_table_recurse(a, code, code->tree[node].branches[0], table,
2821 depth + 1, maxdepth);
2822 ret |= make_table_recurse(a, code, code->tree[node].branches[1],
2823 table + currtablesize / 2, depth + 1, maxdepth);
2824 }
2825 }
2826 return ret;
2827 }
2828
2829 static int
expand(struct archive_read * a,int64_t * end)2830 expand(struct archive_read *a, int64_t *end)
2831 {
2832 static const unsigned char lengthbases[] =
2833 { 0, 1, 2, 3, 4, 5, 6,
2834 7, 8, 10, 12, 14, 16, 20,
2835 24, 28, 32, 40, 48, 56, 64,
2836 80, 96, 112, 128, 160, 192, 224 };
2837 static const unsigned char lengthbits[] =
2838 { 0, 0, 0, 0, 0, 0, 0,
2839 0, 1, 1, 1, 1, 2, 2,
2840 2, 2, 3, 3, 3, 3, 4,
2841 4, 4, 4, 5, 5, 5, 5 };
2842 static const int lengthb_min = minimum(
2843 (int)(sizeof(lengthbases)/sizeof(lengthbases[0])),
2844 (int)(sizeof(lengthbits)/sizeof(lengthbits[0]))
2845 );
2846 static const unsigned int offsetbases[] =
2847 { 0, 1, 2, 3, 4, 6,
2848 8, 12, 16, 24, 32, 48,
2849 64, 96, 128, 192, 256, 384,
2850 512, 768, 1024, 1536, 2048, 3072,
2851 4096, 6144, 8192, 12288, 16384, 24576,
2852 32768, 49152, 65536, 98304, 131072, 196608,
2853 262144, 327680, 393216, 458752, 524288, 589824,
2854 655360, 720896, 786432, 851968, 917504, 983040,
2855 1048576, 1310720, 1572864, 1835008, 2097152, 2359296,
2856 2621440, 2883584, 3145728, 3407872, 3670016, 3932160 };
2857 static const unsigned char offsetbits[] =
2858 { 0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4,
2859 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10,
2860 11, 11, 12, 12, 13, 13, 14, 14, 15, 15, 16, 16,
2861 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
2862 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18, 18 };
2863 static const int offsetb_min = minimum(
2864 (int)(sizeof(offsetbases)/sizeof(offsetbases[0])),
2865 (int)(sizeof(offsetbits)/sizeof(offsetbits[0]))
2866 );
2867 static const unsigned char shortbases[] =
2868 { 0, 4, 8, 16, 32, 64, 128, 192 };
2869 static const unsigned char shortbits[] =
2870 { 2, 2, 3, 4, 5, 6, 6, 6 };
2871
2872 int symbol, offs, len, offsindex, lensymbol, i, offssymbol, lowoffsetsymbol;
2873 unsigned char newfile;
2874 struct rar *rar = (struct rar *)(a->format->data);
2875 struct rar_br *br = &(rar->br);
2876
2877 if (rar->filters.filterstart < *end)
2878 *end = rar->filters.filterstart;
2879
2880 while (1)
2881 {
2882 if(lzss_position(&rar->lzss) >= *end) {
2883 return (ARCHIVE_OK);
2884 }
2885
2886 if(rar->is_ppmd_block) {
2887 *end = lzss_position(&rar->lzss);
2888 return (ARCHIVE_OK);
2889 }
2890
2891 if ((symbol = read_next_symbol(a, &rar->maincode)) < 0)
2892 return (ARCHIVE_FATAL);
2893
2894 if (symbol < 256)
2895 {
2896 lzss_emit_literal(rar, symbol);
2897 continue;
2898 }
2899 else if (symbol == 256)
2900 {
2901 if (!rar_br_read_ahead(a, br, 1))
2902 goto truncated_data;
2903 newfile = !rar_br_bits(br, 1);
2904 rar_br_consume(br, 1);
2905
2906 if(newfile)
2907 {
2908 rar->start_new_block = 1;
2909 if (!rar_br_read_ahead(a, br, 1))
2910 goto truncated_data;
2911 rar->start_new_table = rar_br_bits(br, 1);
2912 rar_br_consume(br, 1);
2913 *end = lzss_position(&rar->lzss);
2914 return (ARCHIVE_OK);
2915 }
2916 else
2917 {
2918 if (parse_codes(a) != ARCHIVE_OK)
2919 return (ARCHIVE_FATAL);
2920 continue;
2921 }
2922 }
2923 else if(symbol==257)
2924 {
2925 if (!read_filter(a, end))
2926 return (ARCHIVE_FATAL);
2927 continue;
2928 }
2929 else if(symbol==258)
2930 {
2931 if(rar->lastlength == 0)
2932 continue;
2933
2934 offs = rar->lastoffset;
2935 len = rar->lastlength;
2936 }
2937 else if (symbol <= 262)
2938 {
2939 offsindex = symbol - 259;
2940 offs = rar->oldoffset[offsindex];
2941
2942 if ((lensymbol = read_next_symbol(a, &rar->lengthcode)) < 0)
2943 goto bad_data;
2944 if (lensymbol > lengthb_min)
2945 goto bad_data;
2946 len = lengthbases[lensymbol] + 2;
2947 if (lengthbits[lensymbol] > 0) {
2948 if (!rar_br_read_ahead(a, br, lengthbits[lensymbol]))
2949 goto truncated_data;
2950 len += rar_br_bits(br, lengthbits[lensymbol]);
2951 rar_br_consume(br, lengthbits[lensymbol]);
2952 }
2953
2954 for (i = offsindex; i > 0; i--)
2955 rar->oldoffset[i] = rar->oldoffset[i-1];
2956 rar->oldoffset[0] = offs;
2957 }
2958 else if(symbol<=270)
2959 {
2960 offs = shortbases[symbol-263] + 1;
2961 if(shortbits[symbol-263] > 0) {
2962 if (!rar_br_read_ahead(a, br, shortbits[symbol-263]))
2963 goto truncated_data;
2964 offs += rar_br_bits(br, shortbits[symbol-263]);
2965 rar_br_consume(br, shortbits[symbol-263]);
2966 }
2967
2968 len = 2;
2969
2970 for(i = 3; i > 0; i--)
2971 rar->oldoffset[i] = rar->oldoffset[i-1];
2972 rar->oldoffset[0] = offs;
2973 }
2974 else
2975 {
2976 if (symbol-271 > lengthb_min)
2977 goto bad_data;
2978 len = lengthbases[symbol-271]+3;
2979 if(lengthbits[symbol-271] > 0) {
2980 if (!rar_br_read_ahead(a, br, lengthbits[symbol-271]))
2981 goto truncated_data;
2982 len += rar_br_bits(br, lengthbits[symbol-271]);
2983 rar_br_consume(br, lengthbits[symbol-271]);
2984 }
2985
2986 if ((offssymbol = read_next_symbol(a, &rar->offsetcode)) < 0)
2987 goto bad_data;
2988 if (offssymbol > offsetb_min)
2989 goto bad_data;
2990 offs = offsetbases[offssymbol]+1;
2991 if(offsetbits[offssymbol] > 0)
2992 {
2993 if(offssymbol > 9)
2994 {
2995 if(offsetbits[offssymbol] > 4) {
2996 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol] - 4))
2997 goto truncated_data;
2998 offs += rar_br_bits(br, offsetbits[offssymbol] - 4) << 4;
2999 rar_br_consume(br, offsetbits[offssymbol] - 4);
3000 }
3001
3002 if(rar->numlowoffsetrepeats > 0)
3003 {
3004 rar->numlowoffsetrepeats--;
3005 offs += rar->lastlowoffset;
3006 }
3007 else
3008 {
3009 if ((lowoffsetsymbol =
3010 read_next_symbol(a, &rar->lowoffsetcode)) < 0)
3011 return (ARCHIVE_FATAL);
3012 if(lowoffsetsymbol == 16)
3013 {
3014 rar->numlowoffsetrepeats = 15;
3015 offs += rar->lastlowoffset;
3016 }
3017 else
3018 {
3019 offs += lowoffsetsymbol;
3020 rar->lastlowoffset = lowoffsetsymbol;
3021 }
3022 }
3023 }
3024 else {
3025 if (!rar_br_read_ahead(a, br, offsetbits[offssymbol]))
3026 goto truncated_data;
3027 offs += rar_br_bits(br, offsetbits[offssymbol]);
3028 rar_br_consume(br, offsetbits[offssymbol]);
3029 }
3030 }
3031
3032 if (offs >= 0x40000)
3033 len++;
3034 if (offs >= 0x2000)
3035 len++;
3036
3037 for(i = 3; i > 0; i--)
3038 rar->oldoffset[i] = rar->oldoffset[i-1];
3039 rar->oldoffset[0] = offs;
3040 }
3041
3042 rar->lastoffset = offs;
3043 rar->lastlength = len;
3044
3045 lzss_emit_match(rar, rar->lastoffset, rar->lastlength);
3046 }
3047 truncated_data:
3048 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3049 "Truncated RAR file data");
3050 rar->valid = 0;
3051 return (ARCHIVE_FATAL);
3052 bad_data:
3053 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3054 "Bad RAR file data");
3055 return (ARCHIVE_FATAL);
3056 }
3057
3058 static int
copy_from_lzss_window(struct archive_read * a,void * buffer,int64_t startpos,int length)3059 copy_from_lzss_window(struct archive_read *a, void *buffer,
3060 int64_t startpos, int length)
3061 {
3062 int windowoffs, firstpart;
3063 struct rar *rar = (struct rar *)(a->format->data);
3064
3065 windowoffs = lzss_offset_for_position(&rar->lzss, startpos);
3066 firstpart = lzss_size(&rar->lzss) - windowoffs;
3067 if (firstpart < 0) {
3068 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3069 "Bad RAR file data");
3070 return (ARCHIVE_FATAL);
3071 }
3072 if (firstpart < length) {
3073 memcpy(buffer, &rar->lzss.window[windowoffs], firstpart);
3074 memcpy(buffer, &rar->lzss.window[0], length - firstpart);
3075 } else {
3076 memcpy(buffer, &rar->lzss.window[windowoffs], length);
3077 }
3078 return (ARCHIVE_OK);
3079 }
3080
3081 static int
copy_from_lzss_window_to_unp(struct archive_read * a,const void ** buffer,int64_t startpos,int length)3082 copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer,
3083 int64_t startpos, int length)
3084 {
3085 int windowoffs, firstpart;
3086 struct rar *rar = (struct rar *)(a->format->data);
3087
3088 if (!rar->unp_buffer)
3089 {
3090 if ((rar->unp_buffer = malloc(rar->unp_buffer_size)) == NULL)
3091 {
3092 archive_set_error(&a->archive, ENOMEM,
3093 "Unable to allocate memory for uncompressed data.");
3094 return (ARCHIVE_FATAL);
3095 }
3096 }
3097
3098 windowoffs = lzss_offset_for_position(&rar->lzss, startpos);
3099 if(windowoffs + length <= lzss_size(&rar->lzss)) {
3100 memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs],
3101 length);
3102 } else if (length <= lzss_size(&rar->lzss)) {
3103 firstpart = lzss_size(&rar->lzss) - windowoffs;
3104 if (firstpart < 0) {
3105 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3106 "Bad RAR file data");
3107 return (ARCHIVE_FATAL);
3108 }
3109 if (firstpart < length) {
3110 memcpy(&rar->unp_buffer[rar->unp_offset],
3111 &rar->lzss.window[windowoffs], firstpart);
3112 memcpy(&rar->unp_buffer[rar->unp_offset + firstpart],
3113 &rar->lzss.window[0], length - firstpart);
3114 } else {
3115 memcpy(&rar->unp_buffer[rar->unp_offset],
3116 &rar->lzss.window[windowoffs], length);
3117 }
3118 } else {
3119 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
3120 "Bad RAR file data");
3121 return (ARCHIVE_FATAL);
3122 }
3123 rar->unp_offset += length;
3124 if (rar->unp_offset >= rar->unp_buffer_size)
3125 *buffer = rar->unp_buffer;
3126 else
3127 *buffer = NULL;
3128 return (ARCHIVE_OK);
3129 }
3130
3131 static const void *
rar_read_ahead(struct archive_read * a,size_t min,ssize_t * avail)3132 rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
3133 {
3134 struct rar *rar = (struct rar *)(a->format->data);
3135 const void *h = __archive_read_ahead(a, min, avail);
3136 int ret;
3137 if (avail)
3138 {
3139 if (a->archive.read_data_is_posix_read && *avail > (ssize_t)a->archive.read_data_requested)
3140 *avail = a->archive.read_data_requested;
3141 if (*avail > rar->bytes_remaining)
3142 *avail = (ssize_t)rar->bytes_remaining;
3143 if (*avail < 0)
3144 return NULL;
3145 else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
3146 rar->file_flags & FHD_SPLIT_AFTER)
3147 {
3148 rar->filename_must_match = 1;
3149 ret = archive_read_format_rar_read_header(a, a->entry);
3150 if (ret == (ARCHIVE_EOF))
3151 {
3152 rar->has_endarc_header = 1;
3153 ret = archive_read_format_rar_read_header(a, a->entry);
3154 }
3155 rar->filename_must_match = 0;
3156 if (ret != (ARCHIVE_OK))
3157 return NULL;
3158 return rar_read_ahead(a, min, avail);
3159 }
3160 }
3161 return h;
3162 }
3163
3164 static int
parse_filter(struct archive_read * a,const uint8_t * bytes,uint16_t length,uint8_t flags)3165 parse_filter(struct archive_read *a, const uint8_t *bytes, uint16_t length, uint8_t flags)
3166 {
3167 struct rar *rar = (struct rar *)(a->format->data);
3168 struct rar_filters *filters = &rar->filters;
3169
3170 struct memory_bit_reader br = { 0 };
3171 struct rar_program_code *prog;
3172 struct rar_filter *filter, **nextfilter;
3173
3174 uint32_t numprogs, num, blocklength, globaldatalen;
3175 uint8_t *globaldata;
3176 size_t blockstartpos;
3177 uint32_t registers[8] = { 0 };
3178 uint32_t i;
3179
3180 br.bytes = bytes;
3181 br.length = length;
3182
3183 numprogs = 0;
3184 for (prog = filters->progs; prog; prog = prog->next)
3185 numprogs++;
3186
3187 if ((flags & 0x80))
3188 {
3189 num = membr_next_rarvm_number(&br);
3190 if (num == 0)
3191 {
3192 delete_filter(filters->stack);
3193 filters->stack = NULL;
3194 delete_program_code(filters->progs);
3195 filters->progs = NULL;
3196 }
3197 else
3198 num--;
3199 if (num > numprogs) {
3200 return 0;
3201 }
3202 filters->lastfilternum = num;
3203 }
3204 else
3205 num = filters->lastfilternum;
3206
3207 prog = filters->progs;
3208 for (i = 0; i < num; i++)
3209 prog = prog->next;
3210 if (prog)
3211 prog->usagecount++;
3212
3213 blockstartpos = membr_next_rarvm_number(&br) + (size_t)lzss_position(&rar->lzss);
3214 if ((flags & 0x40))
3215 blockstartpos += 258;
3216 if ((flags & 0x20))
3217 blocklength = membr_next_rarvm_number(&br);
3218 else
3219 blocklength = prog ? prog->oldfilterlength : 0;
3220
3221 registers[3] = PROGRAM_SYSTEM_GLOBAL_ADDRESS;
3222 registers[4] = blocklength;
3223 registers[5] = prog ? prog->usagecount : 0;
3224 registers[7] = VM_MEMORY_SIZE;
3225
3226 if ((flags & 0x10))
3227 {
3228 uint8_t mask = (uint8_t)membr_bits(&br, 7);
3229 for (i = 0; i < 7; i++)
3230 if ((mask & (1 << i)))
3231 registers[i] = membr_next_rarvm_number(&br);
3232 }
3233
3234 if (!prog)
3235 {
3236 uint32_t len = membr_next_rarvm_number(&br);
3237 uint8_t *bytecode;
3238 struct rar_program_code **next;
3239
3240 if (len == 0 || len > 0x10000)
3241 return 0;
3242 bytecode = malloc(len);
3243 if (!bytecode)
3244 return 0;
3245 for (i = 0; i < len; i++)
3246 bytecode[i] = (uint8_t)membr_bits(&br, 8);
3247 prog = compile_program(bytecode, len);
3248 if (!prog) {
3249 free(bytecode);
3250 return 0;
3251 }
3252 free(bytecode);
3253 next = &filters->progs;
3254 while (*next)
3255 next = &(*next)->next;
3256 *next = prog;
3257 }
3258 prog->oldfilterlength = blocklength;
3259
3260 globaldata = NULL;
3261 globaldatalen = 0;
3262 if ((flags & 0x08))
3263 {
3264 globaldatalen = membr_next_rarvm_number(&br);
3265 if (globaldatalen > PROGRAM_USER_GLOBAL_SIZE)
3266 return 0;
3267 globaldata = malloc(globaldatalen + PROGRAM_SYSTEM_GLOBAL_SIZE);
3268 if (!globaldata)
3269 return 0;
3270 for (i = 0; i < globaldatalen; i++)
3271 globaldata[i + PROGRAM_SYSTEM_GLOBAL_SIZE] = (uint8_t)membr_bits(&br, 8);
3272 }
3273
3274 if (br.at_eof)
3275 {
3276 free(globaldata);
3277 return 0;
3278 }
3279
3280 filter = create_filter(prog, globaldata, globaldatalen, registers, blockstartpos, blocklength);
3281 free(globaldata);
3282 if (!filter)
3283 return 0;
3284
3285 for (i = 0; i < 7; i++)
3286 archive_le32enc(&filter->globaldata[i * 4], registers[i]);
3287 archive_le32enc(&filter->globaldata[0x1C], blocklength);
3288 archive_le32enc(&filter->globaldata[0x20], 0);
3289 archive_le32enc(&filter->globaldata[0x2C], prog->usagecount);
3290
3291 nextfilter = &filters->stack;
3292 while (*nextfilter)
3293 nextfilter = &(*nextfilter)->next;
3294 *nextfilter = filter;
3295
3296 if (!filters->stack->next)
3297 filters->filterstart = blockstartpos;
3298
3299 return 1;
3300 }
3301
3302 static struct rar_filter *
create_filter(struct rar_program_code * prog,const uint8_t * globaldata,uint32_t globaldatalen,uint32_t registers[8],size_t startpos,uint32_t length)3303 create_filter(struct rar_program_code *prog, const uint8_t *globaldata, uint32_t globaldatalen, uint32_t registers[8], size_t startpos, uint32_t length)
3304 {
3305 struct rar_filter *filter;
3306
3307 filter = calloc(1, sizeof(*filter));
3308 if (!filter)
3309 return NULL;
3310 filter->prog = prog;
3311 filter->globaldatalen = globaldatalen > PROGRAM_SYSTEM_GLOBAL_SIZE ? globaldatalen : PROGRAM_SYSTEM_GLOBAL_SIZE;
3312 filter->globaldata = calloc(1, filter->globaldatalen);
3313 if (!filter->globaldata)
3314 return NULL;
3315 if (globaldata)
3316 memcpy(filter->globaldata, globaldata, globaldatalen);
3317 if (registers)
3318 memcpy(filter->initialregisters, registers, sizeof(filter->initialregisters));
3319 filter->blockstartpos = startpos;
3320 filter->blocklength = length;
3321
3322 return filter;
3323 }
3324
3325 static int
run_filters(struct archive_read * a)3326 run_filters(struct archive_read *a)
3327 {
3328 struct rar *rar = (struct rar *)(a->format->data);
3329 struct rar_filters *filters = &rar->filters;
3330 struct rar_filter *filter = filters->stack;
3331 struct rar_filter *f;
3332 size_t start, end;
3333 int64_t tend;
3334 uint32_t lastfilteraddress;
3335 uint32_t lastfilterlength;
3336 int ret;
3337
3338 if (filters == NULL || filter == NULL)
3339 return (0);
3340
3341 start = filters->filterstart;
3342 end = start + filter->blocklength;
3343
3344 filters->filterstart = INT64_MAX;
3345 tend = (int64_t)end;
3346 ret = expand(a, &tend);
3347 if (ret != ARCHIVE_OK)
3348 return 0;
3349
3350 /* Check if filter stack was modified in expand() */
3351 ret = ARCHIVE_FATAL;
3352 f = filters->stack;
3353 while (f)
3354 {
3355 if (f == filter)
3356 {
3357 ret = ARCHIVE_OK;
3358 break;
3359 }
3360 f = f->next;
3361 }
3362 if (ret != ARCHIVE_OK)
3363 return 0;
3364
3365 if (tend < 0)
3366 return 0;
3367 end = (size_t)tend;
3368 if (end != start + filter->blocklength)
3369 return 0;
3370
3371 if (!filters->vm)
3372 {
3373 filters->vm = calloc(1, sizeof(*filters->vm));
3374 if (!filters->vm)
3375 return 0;
3376 }
3377
3378 ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
3379 if (ret != ARCHIVE_OK)
3380 return 0;
3381 if (!execute_filter(a, filter, filters->vm, rar->offset))
3382 return 0;
3383
3384 lastfilteraddress = filter->filteredblockaddress;
3385 lastfilterlength = filter->filteredblocklength;
3386 filters->stack = filter->next;
3387 filter->next = NULL;
3388 delete_filter(filter);
3389
3390 while ((filter = filters->stack) != NULL && (int64_t)filter->blockstartpos == filters->filterstart && filter->blocklength == lastfilterlength)
3391 {
3392 memmove(&filters->vm->memory[0], &filters->vm->memory[lastfilteraddress], lastfilterlength);
3393 if (!execute_filter(a, filter, filters->vm, rar->offset))
3394 return 0;
3395
3396 lastfilteraddress = filter->filteredblockaddress;
3397 lastfilterlength = filter->filteredblocklength;
3398 filters->stack = filter->next;
3399 filter->next = NULL;
3400 delete_filter(filter);
3401 }
3402
3403 if (filters->stack)
3404 {
3405 if (filters->stack->blockstartpos < end)
3406 return 0;
3407 filters->filterstart = filters->stack->blockstartpos;
3408 }
3409
3410 filters->lastend = end;
3411 filters->bytes = &filters->vm->memory[lastfilteraddress];
3412 filters->bytes_ready = lastfilterlength;
3413
3414 return 1;
3415 }
3416
3417 static struct rar_program_code *
compile_program(const uint8_t * bytes,size_t length)3418 compile_program(const uint8_t *bytes, size_t length)
3419 {
3420 struct memory_bit_reader br = { 0 };
3421 struct rar_program_code *prog;
3422 // uint32_t instrcount = 0;
3423 uint8_t xor;
3424 size_t i;
3425
3426 xor = 0;
3427 for (i = 1; i < length; i++)
3428 xor ^= bytes[i];
3429 if (!length || xor != bytes[0])
3430 return NULL;
3431
3432 br.bytes = bytes;
3433 br.length = length;
3434 br.offset = 1;
3435
3436 prog = calloc(1, sizeof(*prog));
3437 if (!prog)
3438 return NULL;
3439 prog->fingerprint = crc32(0, bytes, length) | ((uint64_t)length << 32);
3440
3441 if (membr_bits(&br, 1))
3442 {
3443 prog->staticdatalen = membr_next_rarvm_number(&br) + 1;
3444 prog->staticdata = malloc(prog->staticdatalen);
3445 if (!prog->staticdata)
3446 {
3447 delete_program_code(prog);
3448 return NULL;
3449 }
3450 for (i = 0; i < prog->staticdatalen; i++)
3451 prog->staticdata[i] = (uint8_t)membr_bits(&br, 8);
3452 }
3453
3454 return prog;
3455 }
3456
3457 static void
delete_filter(struct rar_filter * filter)3458 delete_filter(struct rar_filter *filter)
3459 {
3460 while (filter)
3461 {
3462 struct rar_filter *next = filter->next;
3463 free(filter->globaldata);
3464 free(filter);
3465 filter = next;
3466 }
3467 }
3468
3469 static void
clear_filters(struct rar_filters * filters)3470 clear_filters(struct rar_filters *filters)
3471 {
3472 delete_filter(filters->stack);
3473 delete_program_code(filters->progs);
3474 free(filters->vm);
3475 }
3476
3477 static void
delete_program_code(struct rar_program_code * prog)3478 delete_program_code(struct rar_program_code *prog)
3479 {
3480 while (prog)
3481 {
3482 struct rar_program_code *next = prog->next;
3483 free(prog->staticdata);
3484 free(prog->globalbackup);
3485 free(prog);
3486 prog = next;
3487 }
3488 }
3489
3490 static uint32_t
membr_next_rarvm_number(struct memory_bit_reader * br)3491 membr_next_rarvm_number(struct memory_bit_reader *br)
3492 {
3493 uint32_t val;
3494 switch (membr_bits(br, 2))
3495 {
3496 case 0:
3497 return membr_bits(br, 4);
3498 case 1:
3499 val = membr_bits(br, 8);
3500 if (val >= 16)
3501 return val;
3502 return 0xFFFFFF00 | (val << 4) | membr_bits(br, 4);
3503 case 2:
3504 return membr_bits(br, 16);
3505 default:
3506 return membr_bits(br, 32);
3507 }
3508 }
3509
3510 static inline uint32_t
membr_bits(struct memory_bit_reader * br,int bits)3511 membr_bits(struct memory_bit_reader *br, int bits)
3512 {
3513 if (bits > br->available && (br->at_eof || !membr_fill(br, bits)))
3514 return 0;
3515 return (uint32_t)((br->bits >> (br->available -= bits)) & (((uint64_t)1 << bits) - 1));
3516 }
3517
3518 static int
membr_fill(struct memory_bit_reader * br,int bits)3519 membr_fill(struct memory_bit_reader *br, int bits)
3520 {
3521 while (br->available < bits && br->offset < br->length)
3522 {
3523 br->bits = (br->bits << 8) | br->bytes[br->offset++];
3524 br->available += 8;
3525 }
3526 if (bits > br->available)
3527 {
3528 br->at_eof = 1;
3529 return 0;
3530 }
3531 return 1;
3532 }
3533
3534 static int
read_filter(struct archive_read * a,int64_t * end)3535 read_filter(struct archive_read *a, int64_t *end)
3536 {
3537 struct rar *rar = (struct rar *)(a->format->data);
3538 uint8_t flags, val, *code;
3539 uint16_t length, i;
3540
3541 if (!rar_decode_byte(a, &flags))
3542 return 0;
3543 length = (flags & 0x07) + 1;
3544 if (length == 7)
3545 {
3546 if (!rar_decode_byte(a, &val))
3547 return 0;
3548 length = val + 7;
3549 }
3550 else if (length == 8)
3551 {
3552 if (!rar_decode_byte(a, &val))
3553 return 0;
3554 length = val << 8;
3555 if (!rar_decode_byte(a, &val))
3556 return 0;
3557 length |= val;
3558 }
3559
3560 code = malloc(length);
3561 if (!code)
3562 return 0;
3563 for (i = 0; i < length; i++)
3564 {
3565 if (!rar_decode_byte(a, &code[i]))
3566 {
3567 free(code);
3568 return 0;
3569 }
3570 }
3571 if (!parse_filter(a, code, length, flags))
3572 {
3573 free(code);
3574 return 0;
3575 }
3576 free(code);
3577
3578 if (rar->filters.filterstart < *end)
3579 *end = rar->filters.filterstart;
3580
3581 return 1;
3582 }
3583
3584 static int
execute_filter_delta(struct rar_filter * filter,struct rar_virtual_machine * vm)3585 execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm)
3586 {
3587 uint32_t length = filter->initialregisters[4];
3588 uint32_t numchannels = filter->initialregisters[0];
3589 uint8_t *src, *dst;
3590 uint32_t i, idx;
3591
3592 if (length > PROGRAM_WORK_SIZE / 2)
3593 return 0;
3594
3595 src = &vm->memory[0];
3596 dst = &vm->memory[length];
3597 for (i = 0; i < numchannels; i++)
3598 {
3599 uint8_t lastbyte = 0;
3600 for (idx = i; idx < length; idx += numchannels)
3601 lastbyte = dst[idx] = lastbyte - *src++;
3602 }
3603
3604 filter->filteredblockaddress = length;
3605 filter->filteredblocklength = length;
3606
3607 return 1;
3608 }
3609
3610 static int
execute_filter_e8(struct rar_filter * filter,struct rar_virtual_machine * vm,size_t pos,int e9also)3611 execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos, int e9also)
3612 {
3613 uint32_t length = filter->initialregisters[4];
3614 uint32_t filesize = 0x1000000;
3615 uint32_t i;
3616
3617 if (length > PROGRAM_WORK_SIZE || length < 4)
3618 return 0;
3619
3620 for (i = 0; i <= length - 5; i++)
3621 {
3622 if (vm->memory[i] == 0xE8 || (e9also && vm->memory[i] == 0xE9))
3623 {
3624 uint32_t currpos = (uint32_t)pos + i + 1;
3625 int32_t address = (int32_t)vm_read_32(vm, i + 1);
3626 if (address < 0 && currpos >= (uint32_t)-address)
3627 vm_write_32(vm, i + 1, address + filesize);
3628 else if (address >= 0 && (uint32_t)address < filesize)
3629 vm_write_32(vm, i + 1, address - currpos);
3630 i += 4;
3631 }
3632 }
3633
3634 filter->filteredblockaddress = 0;
3635 filter->filteredblocklength = length;
3636
3637 return 1;
3638 }
3639
3640 static int
execute_filter_rgb(struct rar_filter * filter,struct rar_virtual_machine * vm)3641 execute_filter_rgb(struct rar_filter *filter, struct rar_virtual_machine *vm)
3642 {
3643 uint32_t stride = filter->initialregisters[0];
3644 uint32_t byteoffset = filter->initialregisters[1];
3645 uint32_t blocklength = filter->initialregisters[4];
3646 uint8_t *src, *dst;
3647 uint32_t i, j;
3648
3649 if (blocklength > PROGRAM_WORK_SIZE / 2 || stride > blocklength)
3650 return 0;
3651
3652 src = &vm->memory[0];
3653 dst = &vm->memory[blocklength];
3654 for (i = 0; i < 3; i++) {
3655 uint8_t byte = 0;
3656 uint8_t *prev = dst + i - stride;
3657 for (j = i; j < blocklength; j += 3)
3658 {
3659 if (prev >= dst)
3660 {
3661 uint32_t delta1 = abs(prev[3] - prev[0]);
3662 uint32_t delta2 = abs(byte - prev[0]);
3663 uint32_t delta3 = abs(prev[3] - prev[0] + byte - prev[0]);
3664 if (delta1 > delta2 || delta1 > delta3)
3665 byte = delta2 <= delta3 ? prev[3] : prev[0];
3666 }
3667 byte -= *src++;
3668 dst[j] = byte;
3669 prev += 3;
3670 }
3671 }
3672 for (i = byteoffset; i < blocklength - 2; i += 3)
3673 {
3674 dst[i] += dst[i + 1];
3675 dst[i + 2] += dst[i + 1];
3676 }
3677
3678 filter->filteredblockaddress = blocklength;
3679 filter->filteredblocklength = blocklength;
3680
3681 return 1;
3682 }
3683
3684 static int
execute_filter_audio(struct rar_filter * filter,struct rar_virtual_machine * vm)3685 execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm)
3686 {
3687 uint32_t length = filter->initialregisters[4];
3688 uint32_t numchannels = filter->initialregisters[0];
3689 uint8_t *src, *dst;
3690 uint32_t i, j;
3691
3692 if (length > PROGRAM_WORK_SIZE / 2)
3693 return 0;
3694
3695 src = &vm->memory[0];
3696 dst = &vm->memory[length];
3697 for (i = 0; i < numchannels; i++)
3698 {
3699 struct audio_state state;
3700 memset(&state, 0, sizeof(state));
3701 for (j = i; j < length; j += numchannels)
3702 {
3703 int8_t delta = (int8_t)*src++;
3704 uint8_t predbyte, byte;
3705 int prederror;
3706 state.delta[2] = state.delta[1];
3707 state.delta[1] = state.lastdelta - state.delta[0];
3708 state.delta[0] = state.lastdelta;
3709 predbyte = ((8 * state.lastbyte + state.weight[0] * state.delta[0] + state.weight[1] * state.delta[1] + state.weight[2] * state.delta[2]) >> 3) & 0xFF;
3710 byte = (predbyte - delta) & 0xFF;
3711 prederror = delta << 3;
3712 state.error[0] += abs(prederror);
3713 state.error[1] += abs(prederror - state.delta[0]); state.error[2] += abs(prederror + state.delta[0]);
3714 state.error[3] += abs(prederror - state.delta[1]); state.error[4] += abs(prederror + state.delta[1]);
3715 state.error[5] += abs(prederror - state.delta[2]); state.error[6] += abs(prederror + state.delta[2]);
3716 state.lastdelta = (int8_t)(byte - state.lastbyte);
3717 dst[j] = state.lastbyte = byte;
3718 if (!(state.count++ & 0x1F))
3719 {
3720 uint8_t k, idx = 0;
3721 for (k = 1; k < 7; k++)
3722 {
3723 if (state.error[k] < state.error[idx])
3724 idx = k;
3725 }
3726 memset(state.error, 0, sizeof(state.error));
3727 switch (idx)
3728 {
3729 case 1: if (state.weight[0] >= -16) state.weight[0]--; break;
3730 case 2: if (state.weight[0] < 16) state.weight[0]++; break;
3731 case 3: if (state.weight[1] >= -16) state.weight[1]--; break;
3732 case 4: if (state.weight[1] < 16) state.weight[1]++; break;
3733 case 5: if (state.weight[2] >= -16) state.weight[2]--; break;
3734 case 6: if (state.weight[2] < 16) state.weight[2]++; break;
3735 }
3736 }
3737 }
3738 }
3739
3740 filter->filteredblockaddress = length;
3741 filter->filteredblocklength = length;
3742
3743 return 1;
3744 }
3745
3746
3747 static int
execute_filter(struct archive_read * a,struct rar_filter * filter,struct rar_virtual_machine * vm,size_t pos)3748 execute_filter(struct archive_read *a, struct rar_filter *filter, struct rar_virtual_machine *vm, size_t pos)
3749 {
3750 if (filter->prog->fingerprint == 0x1D0E06077D)
3751 return execute_filter_delta(filter, vm);
3752 if (filter->prog->fingerprint == 0x35AD576887)
3753 return execute_filter_e8(filter, vm, pos, 0);
3754 if (filter->prog->fingerprint == 0x393CD7E57E)
3755 return execute_filter_e8(filter, vm, pos, 1);
3756 if (filter->prog->fingerprint == 0x951C2C5DC8)
3757 return execute_filter_rgb(filter, vm);
3758 if (filter->prog->fingerprint == 0xD8BC85E701)
3759 return execute_filter_audio(filter, vm);
3760
3761 archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "No support for RAR VM program filter");
3762 return 0;
3763 }
3764
3765 static int
rar_decode_byte(struct archive_read * a,uint8_t * byte)3766 rar_decode_byte(struct archive_read *a, uint8_t *byte)
3767 {
3768 struct rar *rar = (struct rar *)(a->format->data);
3769 struct rar_br *br = &(rar->br);
3770 if (!rar_br_read_ahead(a, br, 8))
3771 return 0;
3772 *byte = (uint8_t)rar_br_bits(br, 8);
3773 rar_br_consume(br, 8);
3774 return 1;
3775 }
3776
3777 static inline void
vm_write_32(struct rar_virtual_machine * vm,size_t offset,uint32_t u32)3778 vm_write_32(struct rar_virtual_machine* vm, size_t offset, uint32_t u32)
3779 {
3780 archive_le32enc(vm->memory + offset, u32);
3781 }
3782
3783 static inline uint32_t
vm_read_32(struct rar_virtual_machine * vm,size_t offset)3784 vm_read_32(struct rar_virtual_machine* vm, size_t offset)
3785 {
3786 return archive_le32dec(vm->memory + offset);
3787 }
3788