RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 606813 - Archive::Tar->extract_archive() does not return proper exit code
Summary: Archive::Tar->extract_archive() does not return proper exit code
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: perl
Version: 6.0
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Petr Pisar
QA Contact: Martin Cermak
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-06-22 14:30 UTC by Martin Cermak
Modified: 2010-11-10 21:19 UTC (History)
4 users (show)

Fixed In Version: perl-5.10.1-113.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 607687 (view as bug list)
Environment:
Last Closed: 2010-11-10 21:19:59 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Possible fix (754 bytes, patch)
2010-06-23 07:37 UTC, Tomas Hoger 		no flags Details | Diff
Updated patch (1.14 KB, patch)
2010-06-23 08:21 UTC, Tomas Hoger 		no flags Details | Diff
Hmm, I do see it. Please, try out my "patched" file /usr/share/perl5/Archive/Tar.pm. (67.35 KB, text/plain)
2010-06-23 10:24 UTC, Martin Cermak 		no flags Details
Show Obsolete (1) View All


Links
System ID Private Priority Status Summary Last Updated
CPAN 58636 0 None None None Never

Description Martin Cermak 2010-06-22 14:30:56 UTC 
Description of problem:

   The perl-Archive-Tar's Archive::Tar->extract_archive() returns true 
   even if its operation fails: If I do something like this:

#!/usr/bin/perl
use Archive::Tar;
local $Archive::Tar::DEBUG = 0;
local $Archive::Tar::INSECURE_EXTRACT_MODE  =  0;
exit 1 if (!Archive::Tar->extract_archive('some-unexisting-file.tar', 0)); 

   then the script exits with status 1, which is right, because 
   some-unexisting-file.tar does not exist. But when I do something like 

#!/usr/bin/perl
use Archive::Tar;
local $Archive::Tar::DEBUG = 0;
local $Archive::Tar::INSECURE_EXTRACT_MODE  =  0;
exit 1 if (!Archive::Tar->extract_archive('rep-sym-abspath.tar', 0));

   where 

$ tar tvf rep-sym-abspath.tar
lrwxrwxrwx 0/0		     0 2007-09-12 10:59 dir -> /tmp
-rw------- 0/0		     4 2007-09-12 10:59 dir/bar

   then I got error message "...not allowed under SECURE EXTRACT MODE..."
   which is right (see [1] for more info) but the script ends up with 
   zero exit code. Which is IMHO bad. 

Version-Release number of selected component (if applicable):

   perl-Archive-Tar-1.58-109.el6.x86_64

How reproducible:

   Always

Additional info:

   Additionally I can't find the perl-Archive-Tar component among RHEL6
   perl components in Bugzilla. Thus filing this bug against the perl 
   component.


---------------------------------------------------
[1] https://bugzilla.redhat.com/show_bug.cgi?id=295021#c14
Comment 1 Martin Cermak 2010-06-22 14:33:40 UTC 
Created attachment 425955 [details]
reproducer file
Comment 2 Tomas Hoger 2010-06-22 20:24:20 UTC 
(In reply to comment #0)
> #!/usr/bin/perl
> use Archive::Tar;
> local $Archive::Tar::DEBUG = 0;
> local $Archive::Tar::INSECURE_EXTRACT_MODE  =  0;
> exit 1 if (!Archive::Tar->extract_archive('rep-sym-abspath.tar', 0));
> 
>    where 
> 
> $ tar tvf rep-sym-abspath.tar
> lrwxrwxrwx 0/0       0 2007-09-12 10:59 dir -> /tmp
> -rw------- 0/0       4 2007-09-12 10:59 dir/bar
> 
>    then I got error message "...not allowed under SECURE EXTRACT MODE..."
>    which is right (see [1] for more info) but the script ends up with 
>    zero exit code. Which is IMHO bad. 

Such behaviour is clearly not consistent with Archive::Tar man page.  However, secure mode extract failure is not the only case where you may get such incorrect return value.  Try (as non-root user) e.g.:

cd /etc/
Archive::Tar->extract_archive('/path/to/harmless.tar',0)

>    Additionally I can't find the perl-Archive-Tar component among RHEL6
>    perl components in Bugzilla. Thus filing this bug against the perl 
>    component.

perl-Archive-Tar RPM is now built from perl SRPM.
Comment 3 Martin Cermak 2010-06-23 05:45:31 UTC 
I'm not sure if the argumentation like "This is a bug. But I won't take care of it as there are many others" is the best resolution ;-)

Anyway I understand it is not critical. So I will not consider it as a show stopper for https://bugzilla.redhat.com/show_bug.cgi?id=295021#c35.
Comment 4 Tomas Hoger 2010-06-23 07:37:03 UTC 
Created attachment 426187 [details]
Possible fix
Comment 5 Tomas Hoger 2010-06-23 07:46:04 UTC 
(In reply to comment #3)
> I'm not sure if the argumentation like "This is a bug. But I won't take care of
> it as there are many others" is the best resolution ;-)

I'm fine with addition of the fix to EL4/EL5 updates too, if we can come up with a good fix.  I've attached patch that should fix extract_archive.  However, I'm not sure whether extract_archive return value as currently defined is all that useful.  What if extraction failure happens in the middle of processing of larger archive (due to insecure path, full disk or permission failure)?  Is it better to return names of files that were extracted already (as you may want to remove them) or just indicate failure?

This fix breaks iter with option extract=>1 (Can't use an undefined value as an ARRAY reference at /path/to/Archive/Tar.pm line 1592).
Comment 6 Martin Cermak 2010-06-23 07:53:37 UTC 
> Created an attachment (id=426187) [details]
> Possible fix    

In this case I get right exitcode, but loose the error message: "Entry ... is
attempting to extract to a symlinked directory (...). This is considered a
security vulnerability and not allowed under SECURE EXTRACT MODE at ...". 

=> regression.
Comment 7 Tomas Hoger 2010-06-23 08:05:00 UTC 
(In reply to comment #6)
> In this case I get right exitcode, but loose the error message: "Entry ... is
> attempting to extract to a symlinked directory (...). This is considered a
> security vulnerability and not allowed under SECURE EXTRACT MODE at ...". 

What is your test case?  I get error msg printed to stderr and set in $Archive::Tar::error too.
Comment 8 Tomas Hoger 2010-06-23 08:21:30 UTC 
Created attachment 426194 [details]
Updated patch

Work-around for the extract=>1 iter() breakage mentioned above.  Returns empty list on the first extract failure.  Function does not have error return value defined, so the same return value as end-of-archive.
Comment 9 RHEL Program Management 2010-06-23 08:23:10 UTC 
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.
Comment 10 Martin Cermak 2010-06-23 08:35:11 UTC 
> What is your test case?  I get error msg printed to stderr and 
> set in $Archive::Tar::error too.

Basically my test case with reproducer files you can find in [1] but I'm testing it on RHEL6 this way:


-------------8<----------------------------------------------------------

a6# cat repro.pl 
#!/usr/bin/perl

use Archive::Tar;

local $Archive::Tar::DEBUG = 0;
local $Archive::Tar::INSECURE_EXTRACT_MODE  =  0; 

#exit 1 if (!Archive::Tar->extract_archive('some-unexisting-file.tar', 0));
exit 1 if (!Archive::Tar->extract_archive('rep-sym-abspath.tar', 0));





a6# ./repro.pl 
Making symbolic link '/root/dir' to '/tmp' failed at ./repro.pl line 9
Entry 'dir/bar' is attempting to extract to a symlinked directory (/root/dir => /tmp). This is considered a security vulnerability and not allowed under SECURE EXTRACT MODE at ./repro.pl line 9

-------------8<----------------------------------------------------------


[1] https://bugzilla.redhat.com/show_bug.cgi?id=295021#c14
Comment 11 Tomas Hoger 2010-06-23 08:54:01 UTC 
Sorry, I don't see the regression mentioned in comment #6.
Comment 12 Martin Cermak 2010-06-23 10:24:03 UTC 
Created attachment 426222 [details]
Hmm, I do see it. Please, try out my "patched" file /usr/share/perl5/Archive/Tar.pm.

Note, that I'm using 

a6# rpm -q perl
perl-5.10.1-109.el6.x86_64
Comment 13 Tomas Hoger 2010-06-23 11:32:29 UTC 
$ ./repro.pl ../rep-sym-abspath.tar 
Entry 'dir/bar' is attempting to extract to a symlinked directory (/path/to/dir => /tmp). This is considered a security vulnerability and not allowed under SECURE EXTRACT MODE at ./repro.pl line 8

Error message is printed as expected.
Comment 14 Martin Cermak 2010-06-23 13:16:17 UTC 
Re: comment #12: My fault. Need to remove previously extracted "dir" first as discussed via IRC. There is no regression in fact. Thanks for clarification.

=> Patch looks acceptable.
Comment 15 Tomas Hoger 2010-06-23 14:29:06 UTC 
(In reply to comment #14)
> Re: comment #12: My fault. Need to remove previously extracted "dir" first as
> discussed via IRC. There is no regression in fact. Thanks for clarification.

The problem here is that _extract_file fails to extract symlink if another file (regular, symlink or directory) with the same name already exists.  Proposed patch causes extract_archive to stop extracting on the first error.

Martin also filed upstream bug:
  https://rt.cpan.org/Public/Bug/Display.html?id=58636
Comment 27 Martin Cermak 2010-07-15 10:24:30 UTC 
=> VERIFIED
Comment 28 releng-rhel@redhat.com 2010-11-10 21:19:59 UTC 
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.
Note You need to log in before you can comment on or make changes to this bug.