@@ -1,17 +1,64 @@

-18-09-16  Stuart Caie <kyzer@cabextract.org.uk>

-

-    * cabd.c: add new parameter, MSCABD_PARAM_SALVAGE, which makes CAB file

-    reading and extraction more lenient, to allow damaged or mangled CABs

-    to be extracted. When enabled, cabd->open() will no longer reject

-    cabinets entirely if they have files with invalid folder indicies

-    or filenames, but will simply ignore those files. Also, cabd->extract()

-    will limit files with invalid lengths to the maximum possible, rather

-    than reject them. Finally, invalid data block checksums will produce

-    warnings, but won't cause decompression to fail. It's still possible

-    for corrupted files to fail extraction, but hopefully more data can

-    be extracted before they do. This new parameter doesn't affect the

-    existing MSCABD_PARAM_FIXMSZIP parameter, which ignores MSZIP

-    decompression failures.

+2018-10-20  Stuart Caie <kyzer@cabextract.org.uk>

+

+	* src/chmextract.c: add anti "../" and leading slash protection to

+	chmextract. I'm not pleased about this. All the sample code provided

+	with libmspack is meant to be simple examples of library use, not

+	"productised" binaries. Making the "useful" code samples install

+	as binaries was a mistake. They were never intended to protect you

+	from unpacking archive files with relative/absolute paths, and I

+	would prefer that they never will be.

+

+2018-10-17  Stuart Caie <kyzer@cabextract.org.uk>

+

+	* cab.h: Make the CAB block input buffer one byte larger, to allow

+	a maximum-allowed-size input block and the special extra byte added

+	after the block by cabd_sys_read_block to help Quantum alignment.

+	Thanks to Henri Salo for reporting this.

+

+2018-10-17  Stuart Caie <kyzer@cabextract.org.uk>

+

+	* chmd_read_headers(): again reject files with blank filenames, this

+	time because their 1st or 2nd byte is null, not because their length

+	is zero.  Thanks again to Hanno Böck for finding the issue.

+

+2018-10-16  Stuart Caie <kyzer@cabextract.org.uk>

+

+	* Makefile.am: using automake _DEPENDENCIES for chmd_test appears to

+	override the default dependencies (e.g. sources), so libchmd.la was no

+	longer considered a dependency of chmd_test. This breaks parallel

+	builds like "make -j4". Added libchmd.la explicitly to dependencies.

+	Thanks to Thomas Deutschmann for reporting this.

+

+2018-10-16  Stuart Caie <kyzer@cabextract.org.uk>

+

+	* cabd.c: add new parameter, MSCABD_PARAM_SALVAGE, which makes CAB file

+	reading and extraction more lenient, to allow damaged or mangled CABs

+	to be extracted. When enabled:

+	- cabd->open() won't reject cabinets with files that have invalid

+	  folder indices or filenames. These files will simply be skipped

+	- cabd->extract() won't reject files with invalid lengths, but will

+	  limit them to the maximum possible

+	- block output sizes over 32768 bytes won't be rejected

+	- invalid data block checksums won't be rejected

+	

+	It's still possible for corrupted files to fail extraction, but more

+	data can be extracted before they do.

+	

+	This new parameter doesn't affect the existing MSCABD_PARAM_FIXMSZIP

+	parameter, which ignores MSZIP decompression failures. You can enable

+	both at once.

+	

+	Thanks to Micah Snyder from ClamAV for working with me to get this

+	feature into libmspack. This also helps ClamAV move towards using a

+	vanilla copy of libmspack without needing their own patchset.

+

+2018-08-13  Stuart Caie <kyzer@cabextract.org.uk>

+

+	* mspack.h: clarify that mspack_system.free() should allow NULL. If your

+	mspack_system implementation doesn't, it would already have crashed, as

+	there are several places where libmspack calls sys->free(NULL). This

+	change makes it official, and amends a few "if (x) sys->free(x)" cases

+	to the simpler "sys->free(x)" to make it clearer.

 2018-08-09  Stuart Caie <kyzer@cabextract.org.uk>

@@ -89,7 +89,7 @@ test_chmd_order_SOURCES =	test/chmd_order.c test/md5.c test/md5.h \

 test_chmd_order_LDADD =		libmschmd.la

 test_chmd_test_SOURCES =	test/chmd_test.c libmschmd.la

 test_chmd_test_LDADD =		libmschmd.la

-test_chmd_test_DEPENDENCIES = 	test/test_files/chmd/cve-2015-4467-reset-interval-zero.chm

+test_chmd_test_DEPENDENCIES = 	libmschmd.la test/test_files/chmd/cve-2015-4467-reset-interval-zero.chm

 test_chminfo_SOURCES =		test/chminfo.c libmschmd.la

 test_chminfo_LDADD =		libmschmd.la

 test_kwajd_test_SOURCES =	test/kwajd_test.c libmspack.la

@@ -515,7 +515,7 @@ test_chmd_order_SOURCES = test/chmd_order.c test/md5.c test/md5.h \

 test_chmd_order_LDADD = libmschmd.la

 test_chmd_test_SOURCES = test/chmd_test.c libmschmd.la

 test_chmd_test_LDADD = libmschmd.la

-test_chmd_test_DEPENDENCIES = test/test_files/chmd/cve-2015-4467-reset-interval-zero.chm

+test_chmd_test_DEPENDENCIES = libmschmd.la test/test_files/chmd/cve-2015-4467-reset-interval-zero.chm

 test_chminfo_SOURCES = test/chminfo.c libmschmd.la

 test_chminfo_LDADD = libmschmd.la

 test_kwajd_test_SOURCES = test/kwajd_test.c libmspack.la

@@ -1,4 +1,4 @@

-libmspack 0.7.1alpha

+libmspack 0.8alpha

 The purpose of libmspack is to provide compressors and decompressors,

 archivers and dearchivers for Microsoft compression formats: CAB, CHM, WIM,

@@ -36,12 +36,11 @@ make install

 This will install the main libmspack library and mspack.h header file.

 Some other libraries and executables are built, but not installed.

-If building from the Subversion repository, running rebuild.sh will create

-all the automatically generated files like the configure script, and will

-then ./configure, make and make distcheck. Running cleanup.sh will perform

-a thorough clean, deleting all automatically generated files.

+If building from the Git repository, running rebuild.sh will create all the

+auto-generated files, then run ./configure && make. Running cleanup.sh will

+perform a thorough clean, deleting all auto-generated files.

-In addition to gcc, you also need the following for building from Subversion:

+In addition to gcc, you also need the following for building from repository:

 - at least autoconf 2.57

 - at least automake 1.7

@@ -1,6 +1,6 @@

 #! /bin/sh

 # Guess values for system-dependent variables and create Makefiles.

-# Generated by GNU Autoconf 2.69 for libmspack 0.7.1alpha.

+# Generated by GNU Autoconf 2.69 for libmspack 0.8alpha.

 #

 # Report bugs to <kyzer@cabextract.org.uk>.

 #

@@ -590,8 +590,8 @@ MAKEFLAGS=

 # Identity of this package.

 PACKAGE_NAME='libmspack'

 PACKAGE_TARNAME='libmspack'

-PACKAGE_VERSION='0.7.1alpha'

-PACKAGE_STRING='libmspack 0.7.1alpha'

+PACKAGE_VERSION='0.8alpha'

+PACKAGE_STRING='libmspack 0.8alpha'

 PACKAGE_BUGREPORT='kyzer@cabextract.org.uk'

 PACKAGE_URL=''

@@ -1330,7 +1330,7 @@ if test "$ac_init_help" = "long"; then

   # Omit some internal or obsolete options to make the list less imposing.

   # This message is too long to be a string in the A/UX 3.1 sh.

   cat <<_ACEOF

-\`configure' configures libmspack 0.7.1alpha to adapt to many kinds of systems.

+\`configure' configures libmspack 0.8alpha to adapt to many kinds of systems.

 Usage: $0 [OPTION]... [VAR=VALUE]...

@@ -1401,7 +1401,7 @@ fi

 if test -n "$ac_init_help"; then

   case $ac_init_help in

-     short | recursive ) echo "Configuration of libmspack 0.7.1alpha:";;

+     short | recursive ) echo "Configuration of libmspack 0.8alpha:";;

    esac

   cat <<\_ACEOF

@@ -1513,7 +1513,7 @@ fi

 test -n "$ac_init_help" && exit $ac_status

 if $ac_init_version; then

   cat <<\_ACEOF

-libmspack configure 0.7.1alpha

+libmspack configure 0.8alpha

 generated by GNU Autoconf 2.69

 Copyright (C) 2012 Free Software Foundation, Inc.

@@ -2119,7 +2119,7 @@ cat >config.log <<_ACEOF

 This file contains any messages produced by compilers while

 running configure, to aid debugging if configure makes a mistake.

-It was created by libmspack $as_me 0.7.1alpha, which was

+It was created by libmspack $as_me 0.8alpha, which was

 generated by GNU Autoconf 2.69.  Invocation command line was

   $ $0 $@

@@ -2983,7 +2983,7 @@ fi

 # Define the identity of the package.

  PACKAGE='libmspack'

- VERSION='0.7.1alpha'

+ VERSION='0.8alpha'

 cat >>confdefs.h <<_ACEOF

@@ -13640,7 +13640,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1

 # report actual input values of CONFIG_FILES etc. instead of their

 # values after options handling.

 ac_log="

-This file was extended by libmspack $as_me 0.7.1alpha, which was

+This file was extended by libmspack $as_me 0.8alpha, which was

 generated by GNU Autoconf 2.69.  Invocation command line was

   CONFIG_FILES    = $CONFIG_FILES

@@ -13706,7 +13706,7 @@ _ACEOF

 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1

 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"

 ac_cs_version="\\

-libmspack config.status 0.7.1alpha

+libmspack config.status 0.8alpha

 configured by $0, generated by GNU Autoconf 2.69,

   with options \\"\$ac_cs_config\\"

@@ -1,7 +1,7 @@

 # -*- Autoconf -*-

 # Process this file with autoconf to produce a configure script.

 AC_PREREQ(2.59)

-AC_INIT([libmspack],[0.7.1alpha],[kyzer@cabextract.org.uk])

+AC_INIT([libmspack],[0.8alpha],[kyzer@cabextract.org.uk])

 AC_CONFIG_MACRO_DIR([m4])

 AM_INIT_AUTOMAKE

 AC_CONFIG_SRCDIR([mspack/mspack.h])

@@ -1,5 +1,5 @@

 /* This file is part of libmspack.

- * (C) 2003-2004 Stuart Caie.

+ * (C) 2003-2018 Stuart Caie.

  *

  * libmspack is free software; you can redistribute it and/or modify it under

  * the terms of the GNU Lesser General Public License (LGPL) version 2.1

@@ -67,16 +67,24 @@

  * more than 6144 bytes. Quantum has no documentation, but the largest

  * block seen in the wild is 337 bytes above uncompressed size.

  */

-#define CAB_BLOCKMAX (65535)

-#define CAB_BLOCKSTD (32768)

+#define CAB_BLOCKMAX (32768)

 #define CAB_INPUTMAX (CAB_BLOCKMAX+6144)

+/* input buffer needs to be CAB_INPUTMAX + 1 byte to allow for max-sized block

+ * plus 1 trailer byte added by cabd_sys_read_block() for Quantum alignment.

+ *

+ * When MSCABD_PARAM_SALVAGE is set, block size is not checked so can be

+ * up to 65535 bytes, so max input buffer size needed is 65535 + 1

+ */

+#define CAB_INPUTMAX_SALVAGE (65535)

+#define CAB_INPUTBUF (CAB_INPUTMAX_SALVAGE + 1)

+

 /* There are no more than 65535 data blocks per folder, so a folder cannot

  * be more than 32768*65535 bytes in length. As files cannot span more than

  * one folder, this is also their max offset, length and offset+length limit.

  */

 #define CAB_FOLDERMAX (65535)

-#define CAB_LENGTHMAX UINT_MAX

+#define CAB_LENGTHMAX (CAB_BLOCKMAX * CAB_FOLDERMAX)

 /* CAB compression definitions */

@@ -93,6 +101,7 @@ struct mscabd_decompress_state {

   struct mscabd_folder_data *data;   /* current folder split we're in        */

   unsigned int offset;               /* uncompressed offset within folder    */

   unsigned int block;                /* which block are we decompressing?    */

+  off_t outlen;                      /* cumulative sum of block output sizes */

   struct mspack_system sys;          /* special I/O code for decompressor    */

   int comp_type;                     /* type of compression used by folder   */

   int (*decompress)(void *, off_t);  /* decompressor code                    */

@@ -101,7 +110,7 @@ struct mscabd_decompress_state {

   struct mspack_file *infh;          /* input file handle                    */

   struct mspack_file *outfh;         /* output file handle                   */

   unsigned char *i_ptr, *i_end;      /* input data consumed, end             */

-  unsigned char input[CAB_INPUTMAX]; /* one input block of data              */

+  unsigned char input[CAB_INPUTBUF]; /* one input block of data              */

 };

 struct mscab_decompressor_p {

@@ -1,5 +1,5 @@

 /* This file is part of libmspack.

- * (C) 2003-2011 Stuart Caie.

+ * (C) 2003-2018 Stuart Caie.

  *

  * libmspack is free software; you can redistribute it and/or modify it under

  * the terms of the GNU Lesser General Public License (LGPL) version 2.1

@@ -109,7 +109,7 @@ static int cabd_sys_write(

   struct mspack_file *file, void *buffer, int bytes);

 static int cabd_sys_read_block(

   struct mspack_system *sys, struct mscabd_decompress_state *d, int *out,

-  int ignore_cksum);

+  int ignore_cksum, int ignore_blocksize);

 static unsigned int cabd_checksum(

   unsigned char *data, unsigned int bytes, unsigned int cksum);

 static struct noned_state *noned_init(

@@ -306,9 +306,9 @@ static void cabd_close(struct mscab_decompressor *base,

 static int cabd_read_headers(struct mspack_system *sys,

 			     struct mspack_file *fh,

 			     struct mscabd_cabinet_p *cab,

-			     off_t offset, int quiet, int salvage)

+			     off_t offset, int salvage, int quiet)

 {

-  int num_folders, num_files, folder_resv, i, x, fidx, fidx_ok, read_string_errno = 0;

+  int num_folders, num_files, folder_resv, i, x, err, fidx;

   struct mscabd_folder_p *fol, *linkfol = NULL;

   struct mscabd_file *file, *linkfile = NULL;

   unsigned char buf[64];

@@ -392,18 +392,18 @@ static int cabd_read_headers(struct mspack_system *sys,

   /* read name and info of preceeding cabinet in set, if present */

   if (cab->base.flags & cfheadPREV_CABINET) {

-    cab->base.prevname = cabd_read_string(sys, fh, &read_string_errno);

-    if (read_string_errno) return read_string_errno;

-    cab->base.previnfo = cabd_read_string(sys, fh, &read_string_errno);

-    if (read_string_errno) return read_string_errno;

+    cab->base.prevname = cabd_read_string(sys, fh, &err);

+    if (err) return err;

+    cab->base.previnfo = cabd_read_string(sys, fh, &err);

+    if (err) return err;

   }

   /* read name and info of next cabinet in set, if present */

   if (cab->base.flags & cfheadNEXT_CABINET) {

-    cab->base.nextname = cabd_read_string(sys, fh, &read_string_errno);

-    if (read_string_errno) return read_string_errno;

-    cab->base.nextinfo = cabd_read_string(sys, fh, &read_string_errno);

-    if (read_string_errno) return read_string_errno;

+    cab->base.nextname = cabd_read_string(sys, fh, &err);

+    if (err) return err;

+    cab->base.nextinfo = cabd_read_string(sys, fh, &err);

+    if (err) return err;

   }

   /* read folders */

@@ -452,7 +452,6 @@ static int cabd_read_headers(struct mspack_system *sys,

     file->offset   = EndGetI32(&buf[cffile_FolderOffset]);

     /* set folder pointer */

-    fidx_ok = 1;

     fidx = EndGetI16(&buf[cffile_FolderIndex]);

     if (fidx < cffileCONTINUED_FROM_PREV) {

       /* normal folder index; count up to the correct folder */

@@ -462,12 +461,8 @@ static int cabd_read_headers(struct mspack_system *sys,

         file->folder = ifol;

       }

       else {

-        file->folder = NULL;

-      }

-

-      if (!file->folder) {

         D(("invalid folder index"))

-        fidx_ok = 0;

+        file->folder = NULL;

       }

     }

     else {

@@ -511,11 +506,14 @@ static int cabd_read_headers(struct mspack_system *sys,

     file->date_y = (x >> 9) + 1980;

     /* get filename */

-    file->filename = cabd_read_string(sys, fh, &read_string_errno);

-    if (read_string_errno || !fidx_ok) {

+    file->filename = cabd_read_string(sys, fh, &err);

+

+    /* if folder index or filename are bad, either skip it or fail */

+    if (err || !file->folder) {

       sys->free(file->filename);

       sys->free(file);

-      if (salvage) continue; else return read_string_errno;

+      if (salvage) continue;

+      return err ? err : MSPACK_ERR_DATAFORMAT;

     }

     /* link file entry into file list */

@@ -726,10 +724,11 @@ static int cabd_find(struct mscab_decompressor_p *self, unsigned char *buf,

 	/* check that the files offset is less than the alleged length of

 	 * the cabinet, and that the offset + the alleged length are

-	 * 'roughly' within the end of overall file length */

+	 * 'roughly' within the end of overall file length. In salvage

+	 * mode, don't check the alleged length, allow it to be garbage */

 	if ((foffset_u32 < cablen_u32) &&

 	    ((caboff + (off_t) foffset_u32) < (flen + 32)) &&

-	    ((caboff + (off_t) cablen_u32)  < (flen + 32)) )

+	    (((caboff + (off_t) cablen_u32)  < (flen + 32)) || salvage))

 	{

 	  /* likely cabinet found -- try reading it */

 	  if (!(cab = (struct mscabd_cabinet_p *) sys->alloc(sys, sizeof(struct mscabd_cabinet_p)))) {

@@ -1012,7 +1011,7 @@ static int cabd_extract(struct mscab_decompressor *base,

   struct mscabd_folder_p *fol;

   struct mspack_system *sys;

   struct mspack_file *fh;

-  off_t filelen, maxlen;

+  off_t filelen;

   if (!self) return MSPACK_ERR_ARGS;

   if (!file) return self->error = MSPACK_ERR_ARGS;

@@ -1045,17 +1044,12 @@ static int cabd_extract(struct mscab_decompressor *base,

     return self->error = MSPACK_ERR_DECRUNCH;

   }

-  /* if file goes beyond what can be decoded, either error,

-   * or in salvage mode reduce file length to what can be decoded

+  /* if file goes beyond what can be decoded, given an error.

+   * In salvage mode, don't assume block sizes, just try decoding

    */

-  maxlen = fol->base.num_blocks * CAB_BLOCKMAX;

-  if ((file->offset + filelen) > maxlen) {

-    if (self->param[MSCABD_PARAM_SALVAGE]) {

-      sys->message(NULL, "WARNING: can only extract first %"LD" bytes "

-                   " of file \"%s\"", maxlen, file->filename);

-      filelen = maxlen;

-    }

-    else {

+  if (!self->param[MSCABD_PARAM_SALVAGE]) {

+    off_t maxlen = fol->base.num_blocks * CAB_BLOCKMAX;

+    if ((file->offset + filelen) > maxlen) {

       sys->message(NULL, "ERROR; file \"%s\" cannot be extracted, "

                    "cabinet set is incomplete", file->filename);

       return self->error = MSPACK_ERR_DECRUNCH;

@@ -1107,6 +1101,7 @@ static int cabd_extract(struct mscab_decompressor *base,

     self->d->data   = &fol->data;

     self->d->offset = 0;

     self->d->block  = 0;

+    self->d->outlen = 0;

     self->d->i_ptr = self->d->i_end = &self->d->input[0];

     /* read_error lasts for the lifetime of a decompressor */

@@ -1227,11 +1222,12 @@ static int cabd_sys_read(struct mspack_file *file, void *buffer, int bytes) {

   struct mscab_decompressor_p *self = (struct mscab_decompressor_p *) file;

   unsigned char *buf = (unsigned char *) buffer;

   struct mspack_system *sys = self->system;

-  int avail, todo, outlen, ignore_cksum;

+  int avail, todo, outlen, ignore_cksum, ignore_blocksize;

   ignore_cksum = self->param[MSCABD_PARAM_SALVAGE] ||

     (self->param[MSCABD_PARAM_FIXMSZIP] && 

      ((self->d->comp_type & cffoldCOMPTYPE_MASK) == cffoldCOMPTYPE_MSZIP));

+  ignore_blocksize = self->param[MSCABD_PARAM_SALVAGE];

   todo = bytes;

   while (todo > 0) {

@@ -1251,16 +1247,20 @@ static int cabd_sys_read(struct mspack_file *file, void *buffer, int bytes) {

       /* check if we're out of input blocks, advance block counter */

       if (self->d->block++ >= self->d->folder->base.num_blocks) {

-        if (!self->param[MSCABD_PARAM_SALVAGE])

+        if (!self->param[MSCABD_PARAM_SALVAGE]) {

           self->read_error = MSPACK_ERR_DATAFORMAT;

-        else

+        }

+        else {

           D(("Ran out of CAB input blocks prematurely"))

+        }

         break;

       }

       /* read a block */

-      self->read_error = cabd_sys_read_block(sys, self->d, &outlen, ignore_cksum);

+      self->read_error = cabd_sys_read_block(sys, self->d, &outlen,

+        ignore_cksum, ignore_blocksize);

       if (self->read_error) return -1;

+      self->d->outlen += outlen;

       /* special Quantum hack -- trailer byte to allow the decompressor

        * to realign itself. CAB Quantum blocks, unlike LZX blocks, can have

@@ -1271,19 +1271,10 @@ static int cabd_sys_read(struct mspack_file *file, void *buffer, int bytes) {

       /* is this the last block? */

       if (self->d->block >= self->d->folder->base.num_blocks) {

-	/* last block */

 	if ((self->d->comp_type & cffoldCOMPTYPE_MASK) == cffoldCOMPTYPE_LZX) {

 	  /* special LZX hack -- on the last block, inform LZX of the

 	   * size of the output data stream. */

-	  lzxd_set_output_length((struct lzxd_stream *) self->d->state, (off_t)

-				 ((self->d->block-1) * CAB_BLOCKSTD + outlen));

-	}

-      }

-      else {

-	/* not the last block */

-	if (outlen != CAB_BLOCKMAX) {

-	  self->system->message(self->d->infh,

-				"WARNING; non-maximal data block");

+	  lzxd_set_output_length((struct lzxd_stream *) self->d->state, self->d->outlen);

 	}

       }

     } /* if (avail) */

@@ -1308,11 +1299,12 @@ static int cabd_sys_write(struct mspack_file *file, void *buffer, int bytes) {

  */

 static int cabd_sys_read_block(struct mspack_system *sys,

 			       struct mscabd_decompress_state *d,

-			       int *out, int ignore_cksum)

+			       int *out, int ignore_cksum,

+                               int ignore_blocksize)

 {

   unsigned char hdr[cfdata_SIZEOF];

   unsigned int cksum;

-  int len;

+  int len, full_len;

   /* reset the input block pointer and end of block pointer */

   d->i_ptr = d->i_end = &d->input[0];

@@ -1333,16 +1325,19 @@ static int cabd_sys_read_block(struct mspack_system *sys,

     /* blocks must not be over CAB_INPUTMAX in size */

     len = EndGetI16(&hdr[cfdata_CompressedSize]);

-    if (((d->i_end - d->i_ptr) + len) > CAB_INPUTMAX) {

-      D(("block size > CAB_INPUTMAX (%ld + %d)",

-          (long)(d->i_end - d->i_ptr), len))

-      return MSPACK_ERR_DATAFORMAT;

+    full_len = (d->i_end - d->i_ptr) + len; /* include cab-spanning blocks */

+    if (full_len > CAB_INPUTMAX) {

+      D(("block size %d > CAB_INPUTMAX", full_len));

+      /* in salvage mode, blocks can be 65535 bytes but no more than that */

+      if (!ignore_blocksize || full_len > CAB_INPUTMAX_SALVAGE) {

+          return MSPACK_ERR_DATAFORMAT;

+      }

     }

      /* blocks must not expand to more than CAB_BLOCKMAX */

     if (EndGetI16(&hdr[cfdata_UncompressedSize]) > CAB_BLOCKMAX) {

       D(("block size > CAB_BLOCKMAX"))

-      return MSPACK_ERR_DATAFORMAT;

+      if (!ignore_blocksize) return MSPACK_ERR_DATAFORMAT;

     }

     /* read the block data */

@@ -447,14 +447,14 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,

     while (num_entries--) {

       READ_ENCINT(name_len);

       if (name_len > (unsigned int) (end - p)) goto chunk_end;

-      /* consider blank filenames to be an error */

-      if (name_len == 0) goto chunk_end;

       name = p; p += name_len;

-

       READ_ENCINT(section);

       READ_ENCINT(offset);

       READ_ENCINT(length);

+      /* ignore blank or one-char (e.g. "/") filenames we'd return as blank */

+      if (name_len < 2 || !name[0] || !name[1]) continue;

+

       /* empty files and directory names are stored as a file entry at

        * offset 0 with length 0. We want to keep empty files, but not

        * directory names, which end with a "/" */

@@ -536,7 +536,7 @@ static int chmd_fast_find(struct mschm_decompressor *base,

     struct mschm_decompressor_p *self = (struct mschm_decompressor_p *) base;

     struct mspack_system *sys;

     struct mspack_file *fh;

-    const unsigned char *chunk, *p = NULL, *end = NULL;

+    const unsigned char *chunk, *p, *end;

     int err = MSPACK_ERR_OK, result = -1;

     unsigned int n, sec;

@@ -113,8 +113,8 @@ static struct mskwajd_header *kwajd_open(struct mskwaj_decompressor *base,

     }

     if (self->error) {

-	if (fh)  sys->close(fh);

-	if (hdr) sys->free(hdr);

+	if (fh) sys->close(fh);

+	sys->free(hdr);

 	hdr = NULL;

     }

@@ -424,7 +424,7 @@ struct mspack_system {

   /**

    * Frees memory.

    * 

-   * @param ptr the memory to be freed.

+   * @param ptr the memory to be freed. NULL is accepted and ignored.

    * @see alloc()

    */

   void (*free)(void *ptr);

@@ -236,14 +236,10 @@ static int oabd_decompress(struct msoab_decompressor *_self, const char *input,

   }

  out:

-  if (lzx)

-    lzxd_free(lzx);

-  if (buf)

-    sys->free(buf);

-  if (outfh)

-    sys->close(outfh);

-  if (infh)

-    sys->close(infh);

+  if (lzx) lzxd_free(lzx);

+  if (outfh) sys->close(outfh);

+  if (infh) sys->close(infh);

+  sys->free(buf);

   return ret;

 }

@@ -390,16 +386,11 @@ static int oabd_decompress_incremental(struct msoab_decompressor *_self,

   }

  out:

-  if (lzx)

-    lzxd_free(lzx);

-  if (buf)

-    sys->free(buf);

-  if (outfh)

-    sys->close(outfh);

-  if (basefh)

-    sys->close(basefh);

-  if (infh)

-    sys->close(infh);

+  if (lzx) lzxd_free(lzx);

+  if (outfh) sys->close(outfh);

+  if (basefh) sys->close(basefh);

+  if (infh) sys->close(infh);

+  sys->free(buf);

   return ret;

 }

@@ -99,8 +99,8 @@ static struct msszddd_header *szddd_open(struct msszdd_decompressor *base,

     }

     if (self->error) {

-	if (fh)  sys->close(fh);

-	if (hdr) sys->free(hdr);

+	if (fh) sys->close(fh);

+	sys->free(hdr);

 	hdr = NULL;

     }

@@ -8,74 +8,78 @@

 #include <mspack.h>

 #include <system.h>

+#if HAVE_FSEEKO

+# define fseek fseeko

+#endif

+

 #define BUF_SIZE (1024*4096)

 char buf[BUF_SIZE];

 void rip(char *fname, off_t offset, unsigned int length) {

-  static unsigned int counter = 1;

-   struct stat st_buf;

-  char outname[13];

-  FILE *in, *out;

+    static unsigned int counter = 1;

+    struct stat st_buf;

+    char outname[13];

+    FILE *in = NULL, *out = NULL;

-  do {

-    snprintf(outname, 13, "%08u.cab", counter++);

-  } while (stat(outname, &st_buf) == 0);

+    /* find an unused output filename */

+    do {

+        snprintf(outname, 13, "%08u.cab", counter++);

+    } while (stat(outname, &st_buf) == 0);

-  printf("ripping %s offset %" LD " length %u to %s\n",

-	 fname, offset, length, outname);

+    printf("ripping %s offset %" LD " length %u to %s\n",

+           fname, offset, length, outname);

-  if ((in = fopen(fname, "rb"))) {

-#if HAVE_FSEEKO

-    if (!fseeko(in, offset, SEEK_SET)) {

-#else

-    if (!fseek(in, offset, SEEK_SET)) {

-#endif

-      if ((out = fopen(outname, "wb"))) {

-	while (length > 0) {

-	  unsigned int run = BUF_SIZE;

-	  if (run > length) run = length;

-	  if (fread(&buf[0], 1, run, in) != run) {

-	    perror(fname);

-	    break;

-	  }

-	  if (fwrite(&buf[0], 1, run, out) != run) {

-	    perror(outname);

-	    break;

-	  }

-	  length -= run;

-	}

-	fclose(out);

-      }

-      else {

-	perror(outname);

-      }

+    if (!(in = fopen(fname, "rb"))) {

+        perror(fname);

+        goto cleanup;

+    }

+    if (!(out = fopen(outname, "wb"))) {

+        perror(outname);

+        goto cleanup;

     }

-    else {

-      perror(fname);

+    if (fseek(in, offset, SEEK_SET)) {

+        fprintf(stderr, "%s: can't seek to cab offset %"LD"\n", fname, offset);

+        goto cleanup;

     }

-    fclose(in);

-  }

-  else {

-    perror(fname);

-  }

+    while (length) {

+        size_t run = (length > BUF_SIZE) ? BUF_SIZE : length;

+        size_t actual = fread(&buf[0], 1, run, in);

+        if (actual < run) {

+            fprintf(stderr, "%s: file %u bytes shorter than expected\n",

+                    fname, length - (run - actual));

+            length = run = actual;

+        }

+        if (fwrite(&buf[0], 1, run, out) != run) {

+            perror(outname);

+            break;

+        }

+        length -= run;

+    }

+

+cleanup:

+    if (in) fclose(in);

+    if (out) fclose(out);

 }

 int main(int argc, char *argv[]) {

-  struct mscab_decompressor *cabd;

-  struct mscabd_cabinet *cab, *c;

-  int err;

+    struct mscab_decompressor *cabd;

+    struct mscabd_cabinet *cab, *c;

+    int err;

-  MSPACK_SYS_SELFTEST(err);

-  if (err) return 0;

+    MSPACK_SYS_SELFTEST(err);

+    if (err) return 0;

-  if ((cabd = mspack_create_cab_decompressor(NULL))) {

-    for (argv++; *argv; argv++) {

-      if ((cab = cabd->search(cabd, *argv))) {

-	for (c = cab; c; c = c->next) rip(*argv, c->base_offset, c->length);

-	cabd->close(cabd, cab);

-      }

+    if ((cabd = mspack_create_cab_decompressor(NULL))) {

+        cabd->set_param(cabd, MSCABD_PARAM_SALVAGE, 1);

+        for (argv++; *argv; argv++) {

+            if ((cab = cabd->search(cabd, *argv))) {

+                for (c = cab; c; c = c->next) {

+                    rip(*argv, c->base_offset, c->length);

+                }

+                cabd->close(cabd, cab);

+            }

+        }

+        mspack_destroy_cab_decompressor(cabd);

     }

-    mspack_destroy_cab_decompressor(cabd);

-  }

-  return 0;

+    return 0;

 }

@@ -25,8 +25,6 @@

 mode_t user_umask;

-#define FILENAME ".test.chmx"

-

 /**

  * Ensures that all directory components in a filepath exist. New directory

  * components are created, if necessary.

@@ -51,126 +49,22 @@ static int ensure_filepath(char *path) {

   return 1;

 }

-/**

- * Creates a UNIX filename from the internal CAB filename and the given

- * parameters.

- *

- * @param fname  the internal CAB filename.

- * @param dir    a directory path to prepend to the output filename.

- * @param lower  if non-zero, filename should be made lower-case.

- * @param isunix if zero, MS-DOS path seperators are used in the internal

- *               CAB filename. If non-zero, UNIX path seperators are used.

- * @param utf8   if non-zero, the internal CAB filename is encoded in UTF8.

- * @return a freshly allocated and created filename, or NULL if there was

- *         not enough memory.

- * @see unix_path_seperators()

- */

-static char *create_output_name(unsigned char *fname, unsigned char *dir,

-			 int lower, int isunix, int utf8)

-{

-  unsigned char *p, *name, c, *fe, sep, slash;

-  unsigned int x;

-

-  sep   = (isunix) ? '/'  : '\\'; /* the path-seperator */

-  slash = (isunix) ? '\\' : '/';  /* the other slash */

-

-  /* length of filename */

-  x = strlen((char *) fname);

-  /* UTF8 worst case scenario: tolower() expands all chars from 1 to 3 bytes */

-  if (utf8) x *= 3;

-  /* length of output directory */

-  if (dir) x += strlen((char *) dir);

-

-  if (!(name = (unsigned char *) malloc(x + 2))) {

-    fprintf(stderr, "out of memory!\n");

-    return NULL;

-  }

-  

-  /* start with blank name */

-  *name = '\0';

-

-  /* add output directory if needed */

-  if (dir) {

-    strcpy((char *) name, (char *) dir);

-    strcat((char *) name, "/");

-  }

-

-  /* remove leading slashes */

-  while (*fname == sep) fname++;

-

-  /* copy from fi->filename to new name, converting MS-DOS slashes to UNIX

-   * slashes as we go. Also lowercases characters if needed.

-   */

-  p = &name[strlen((char *)name)];

-  fe = &fname[strlen((char *)fname)];

-

-  if (utf8) {

-    /* UTF8 translates two-byte unicode characters into 1, 2 or 3 bytes.

-     * %000000000xxxxxxx -> %0xxxxxxx

-     * %00000xxxxxyyyyyy -> %110xxxxx %10yyyyyy

-     * %xxxxyyyyyyzzzzzz -> %1110xxxx %10yyyyyy %10zzzzzz

-     *

-     * Therefore, the inverse is as follows:

-     * First char:

-     *  0x00 - 0x7F = one byte char

-     *  0x80 - 0xBF = invalid

-     *  0xC0 - 0xDF = 2 byte char (next char only 0x80-0xBF is valid)

-     *  0xE0 - 0xEF = 3 byte char (next 2 chars only 0x80-0xBF is valid)

-     *  0xF0 - 0xFF = invalid

-     */

-    do {

-      if (fname >= fe) {

-	free(name);

-	return NULL;

-      }

-

-      /* get next UTF8 char */

-      if ((c = *fname++) < 0x80) x = c;

-      else {

-	if ((c >= 0xC0) && (c < 0xE0)) {

-	  x = (c & 0x1F) << 6;

-	  x |= *fname++ & 0x3F;

-	}

-	else if ((c >= 0xE0) && (c < 0xF0)) {

-	  x = (c & 0xF) << 12;

-	  x |= (*fname++ & 0x3F) << 6;

-	  x |= *fname++ & 0x3F;

-	}

-	else x = '?';

-      }

-

-      /* whatever is the path seperator -> '/'

-       * whatever is the other slash    -> '\\'

-       * otherwise, if lower is set, the lowercase version */

-      if      (x == sep)   x = '/';

-      else if (x == slash) x = '\\';

-      else if (lower)      x = (unsigned int) tolower((int) x);

-

-      /* integer back to UTF8 */

-      if (x < 0x80) {

-	*p++ = (unsigned char) x;

-      }

-      else if (x < 0x800) {

-	*p++ = 0xC0 | (x >> 6);   

-	*p++ = 0x80 | (x & 0x3F);

-      }

-      else {

-	*p++ = 0xE0 | (x >> 12);

-	*p++ = 0x80 | ((x >> 6) & 0x3F);

-	*p++ = 0x80 | (x & 0x3F);

-      }

-    } while (x);

-  }

-  else {

-    /* regular non-utf8 version */

-    do {

-      c = *fname++;

-      if      (c == sep)   c = '/';

-      else if (c == slash) c = '\\';