create a tar.gz file using C

Question

Hello guys i want to create tar.gz file from a c program

I tried system("tar -zcvf file.tar.gz file") but it didn't work. Is there any better alternative you could do. This is my code

int make_tar() {
    char buff[100];
    DIR *d;
    struct dirent *dir;
    d = opendir(".");

    if (d) {
        while ((dir = readdir(d)) != NULL) {
          if (dir->d_type == DT_REG) {
             sprintf(buff,"%s",dir->d_name);
             system("tar -zxvf buff.tar.xz buff");
         }
    }
    closedir(d);

    return(0);
}

Read the man-page of `tar`. – too honest for this site Sep 18 '15 at 16:59 — too honest for this site, Sep 18 '15 at 16:59
I'm guessing the file 'buff' doesn't exist. – keithmo Sep 18 '15 at 17:03 — keithmo, Sep 18 '15 at 17:03
nope i declared it as char buff[100] – Jagdish Sep 18 '15 at 17:04 — Jagdish, Sep 18 '15 at 17:04

score 2 · Accepted Answer · edited May 23 '17 at 11:58

Replacing

        sprintf(buff,"%s",dir->d_name);
        system("tar -zxvf buff.tar.xz buff");

with

if (snprintf(buff, sizeof(buff), "tar -czvf %s.tar.gz %s", 
         dir->name, dir->name) /// possible code injection!
    >= sizeof(buff)) 
   exit(EXIT_FAILURE);

fflush(NULL);
int err = system(buff);
if (err) {
   fprintf(stderr, "command failed: %s (%d)\n", buff, err);
   exit(EXIT_FAILURE);
}
else printf ("did %s\n", buff);

might be helpful. You should use snprintf(3) (avoid sprintf !!) to avoid buffer overflow, and you need to put the actual name of the file in the command (not buff).

You'll better declare buff to contain more characters, e.g. char buff[512]; or even static char buff[2*PATH_MAX+25]; (that could be more than 8 kilobytes) or char buff[2*NAME_MAX+30]; or use asprintf(3)

Read also about code injection, this will make you be scared of your code. Imagine a malicious user of your program having a file named foo ; rm -rf .. (since file names can contain spaces, semicolons, dashes and dots)..

You should consider using libtar ...

You should read more about tar(1) and might also consider passing the -T i.e. --files-from=FILE option to it (and have your program construct a temporary textual file listing each file to backup, one per line; this won't be good for filenames with a newline in them).

I suggest to mention that ```buff``` should be ```NAME_MAX + 1``` bytes here (http://pubs.opengroup.org/onlinepubs/007908775/xsh/dirent.h.html) — gavv, Sep 18 '15 at 17:25
Err, not ```NAME_MAX + 1```, but ```NAME_MAX * 2 + N```. But ```PATH_MAX``` is an overkill here. — gavv, Sep 18 '15 at 17:32

cup · Answer 2 · 2015-09-18T17:22:31.107

1

Change your sprintf and your system call

sprintf(buff,"tar -zcvf buff.tar.xz %s",dir->d_name);
system(buff);

I'm guessing you want to tar the directory which has been found.

edited Sep 18 '15 at 17:22

answered Sep 18 '15 at 17:08

cup

7,589
4
19
42

create a tar.gz file using C

2 Answers2