archive: honor tar.umask even for pax headers

git archive's tar format uses extended pax headers to encode metadata
into the archive.  Most tar implementations correctly treat these as
metadata, but some that do not understand the pax format extract these
as files instead.  Apply the tar.umask setting to these entries to
prevent tampering by other users.

Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/archive-tar.c b/archive-tar.c
index 719b6298e6abf9c9e9e8009ec49dfc76d0d9e49b..603650fa3cc83e844cd6b0e61f145ed99a67158c 100644 (file)
--- a/archive-tar.c
+++ b/archive-tar.c
@@ -192,7 +192,7 @@ static int write_extended_header(struct archiver_args *args,
        unsigned int mode;
        memset(&header, 0, sizeof(header));
        *header.typeflag = TYPEFLAG_EXT_HEADER;
-       mode = 0100666;
+       mode = 0100666 & ~tar_umask;
        sprintf(header.name, "%s.paxheader", sha1_to_hex(sha1));
        prepare_header(args, &header, mode, size);
        write_blocked(&header, sizeof(header));
@@ -300,7 +300,7 @@ static int write_global_extended_header(struct archiver_args *args)
        strbuf_append_ext_header(&ext_header, "comment", sha1_to_hex(sha1), 40);
        memset(&header, 0, sizeof(header));
        *header.typeflag = TYPEFLAG_GLOBAL_HEADER;
-       mode = 0100666;
+       mode = 0100666 & ~tar_umask;
        strcpy(header.name, "pax_global_header");
        prepare_header(args, &header, mode, ext_header.len);
        write_blocked(&header, sizeof(header));

diff --git a/t/t5004-archive-corner-cases.sh b/t/t5004-archive-corner-cases.sh
index 67f3b54bed3545417d1f6186f6f42452cb55dc87..4461c961a9b78a62f139318b1c74cc777d54f271 100755 (executable)
--- a/t/t5004-archive-corner-cases.sh
+++ b/t/t5004-archive-corner-cases.sh
@@ -113,4 +113,9 @@ test_expect_success 'archive empty subtree by direct pathspec' '
        check_dir extract sub
 '
 
+test_expect_success 'archive applies umask even for pax headers' '
+       git archive --format=tar HEAD >archive.tar &&
+       ! grep 0666 archive.tar
+'
+
 test_done