Revert "Revert "PLXCOMP-220: defensive checks to avoid passing negative uid/gid into TarEntry or encoding into tar output stream""

krosenvold · krosenvold · commit 1d58276f6d70 · 2013-04-19T18:10:10.000+02:00
This reverts commit 580c425.
diff --git a/src/main/java/org/codehaus/plexus/archiver/tar/PosixTarEntry.java b/src/main/java/org/codehaus/plexus/archiver/tar/PosixTarEntry.java
@@ -121,8 +121,8 @@ public void writeEntryHeader( byte[] outbuf )
 
         offset = TarUtils.getNameBytes( this.name, outbuf, offset, NAMELEN );
         offset = TarUtils.getOctalBytes( this.mode, outbuf, offset, MODELEN );
-        offset = TarUtils.getOctalBytes( this.userId, outbuf, offset, UIDLEN );
-        offset = TarUtils.getOctalBytes( this.groupId, outbuf, offset, GIDLEN );
+        offset = TarUtils.getOctalBytes( ( this.userId >= 0 ? this.userId : 0 ), outbuf, offset, UIDLEN );
+        offset = TarUtils.getOctalBytes( ( this.groupId >= 0 ? this.groupId : 0 ), outbuf, offset, GIDLEN );
         offset = TarUtils.getLongOctalBytes( this.size, outbuf, offset, SIZELEN );
         offset = TarUtils.getLongOctalBytes( this.modTime, outbuf, offset, MODTIMELEN );
 
diff --git a/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java b/src/main/java/org/codehaus/plexus/archiver/tar/TarArchiver.java
@@ -17,14 +17,6 @@
  *  limitations under the License.
  */
 
-import java.io.BufferedOutputStream;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.util.zip.GZIPOutputStream;
-
 import org.apache.commons.compress.compressors.bzip2.BZip2CompressorOutputStream;
 import org.codehaus.plexus.archiver.AbstractArchiver;
 import org.codehaus.plexus.archiver.ArchiveEntry;
@@ -38,6 +30,14 @@
 import org.codehaus.plexus.util.IOUtil;
 import org.codehaus.plexus.util.StringUtils;
 
+import java.io.BufferedOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.zip.GZIPOutputStream;
+
 /**
  * @author <a href="mailto:evenisse@codehaus.org">Emmanuel Venisse</a>
  * @version $Revision$ $Date$
@@ -249,7 +249,7 @@ protected void tarFile( ArchiveEntry entry, TarOutputStream tOut, String vPath )
         int pathLength = vPath.length();
         try
         {
-        	TarEntry te = null;
+            final TarEntry te;
 			if (  !longFileMode.isGnuMode() && pathLength >= TarConstants.NAMELEN )
 			{
         		int maxPosixPathLen = TarConstants.NAMELEN + TarConstants.POSIX_PREFIXLEN;
@@ -337,10 +337,20 @@ else if ( longFileMode.isFailMode() )
                             : options.getUserName() );
             te.setGroupName( ( attributes != null && attributes.getGroupName() != null ) ? attributes.getGroupName()
                             : options.getGroup() );
-            te.setUserId( ( attributes != null && attributes.getUserId() != null) ? attributes.getUserId()
-                            : options.getUid() );
-            te.setGroupId( ( attributes != null && attributes.getGroupId() != null) ? attributes.getGroupId()
-                            : options.getGid() );
+
+            final int userId =
+                ( attributes != null && attributes.getUserId() != null ) ? attributes.getUserId() : options.getUid();
+            if ( userId > 0 )
+            {
+                te.setUserId( userId );
+            }
+
+            final int groupId =
+                ( attributes != null && attributes.getGroupId() != null ) ? attributes.getGroupId() : options.getGid();
+            if ( groupId > 0 )
+            {
+                te.setGroupId( groupId );
+            }
 
             tOut.putNextEntry( te );
 
diff --git a/src/main/java/org/codehaus/plexus/archiver/tar/TarEntry.java b/src/main/java/org/codehaus/plexus/archiver/tar/TarEntry.java
@@ -22,12 +22,12 @@
  * (time@ice.com) to whom the Ant project is very grateful for his great code.
  */
 
+import org.codehaus.plexus.archiver.ArchiveFile;
+
 import java.io.File;
 import java.util.Date;
 import java.util.Locale;
 
-import org.codehaus.plexus.archiver.ArchiveFile;
-
 /**
  * This class represents an entry in a Tar archive. It consists
  * of the entry's header, as well as the entry's File. Entries
@@ -670,8 +670,8 @@ public void writeEntryHeader( byte[] outbuf )
 
         offset = TarUtils.getNameBytes( this.name, outbuf, offset, NAMELEN );
         offset = TarUtils.getOctalBytes( this.mode, outbuf, offset, MODELEN );
-        offset = TarUtils.getOctalBytes( this.userId, outbuf, offset, UIDLEN );
-        offset = TarUtils.getOctalBytes( this.groupId, outbuf, offset, GIDLEN );
+        offset = TarUtils.getOctalBytes( ( this.userId >= 0 ? this.userId : 0 ), outbuf, offset, UIDLEN );
+        offset = TarUtils.getOctalBytes( ( this.groupId >= 0 ? this.groupId : 0 ), outbuf, offset, GIDLEN );
         offset = TarUtils.getLongOctalBytes( this.size, outbuf, offset, SIZELEN );
         offset = TarUtils.getLongOctalBytes( this.modTime, outbuf, offset, MODTIMELEN );
 
