1/*- 2 * Copyright 2003-2005 Colin Percival 3 * All rights reserved 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted providing that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 22 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 23 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 * POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27#include <sys/cdefs.h> 28__FBSDID("$FreeBSD: releng/10.1/usr.bin/bsdiff/bspatch/bspatch.c 306941 2016-10-10 07:18:54Z delphij $"); 29 30#if defined(__FreeBSD__) 31#include <sys/param.h> 32#if __FreeBSD_version >= 1001511 33#include <sys/capsicum.h> 34#define HAVE_CAPSICUM 35#endif 36#endif 37 38#include <bzlib.h> 39#include <err.h> 40#include <errno.h> 41#include <fcntl.h> 42#include <libgen.h> 43#include <limits.h> 44#include <stdint.h> 45#include <stdio.h> 46#include <stdlib.h> 47#include <string.h> 48#include <unistd.h> 49 50#ifndef O_BINARY 51#define O_BINARY 0 52#endif 53#define HEADER_SIZE 32 54 55static char *newfile; 56static int dirfd = -1; 57 58static void 59exit_cleanup(void) 60{ 61 62 if (dirfd != -1 && newfile != NULL) 63 if (unlinkat(dirfd, newfile, 0)) 64 warn("unlinkat"); 65} 66 67static off_t offtin(u_char *buf) 68{ 69 off_t y; 70 71 y = buf[7] & 0x7F; 72 y = y * 256; y += buf[6]; 73 y = y * 256; y += buf[5]; 74 y = y * 256; y += buf[4]; 75 y = y * 256; y += buf[3]; 76 y = y * 256; y += buf[2]; 77 y = y * 256; y += buf[1]; 78 y = y * 256; y += buf[0]; 79 80 if (buf[7] & 0x80) 81 y = -y; 82 83 return (y); 84} 85 86int main(int argc, char *argv[]) 87{ 88 FILE *f, *cpf, *dpf, *epf; 89 BZFILE *cpfbz2, *dpfbz2, *epfbz2; 90 char *directory, *namebuf; 91 int cbz2err, dbz2err, ebz2err; 92 int newfd, oldfd; 93 off_t oldsize, newsize; 94 off_t bzctrllen, bzdatalen; 95 u_char header[HEADER_SIZE], buf[8]; 96 u_char *old, *new; 97 off_t oldpos, newpos; 98 off_t ctrl[3]; 99 off_t i, lenread, offset; 100#ifdef HAVE_CAPSICUM 101 cap_rights_t rights_dir, rights_ro, rights_wr; 102#endif 103 104 if(argc!=4) errx(1,"usage: %s oldfile newfile patchfile\n",argv[0]); 105 106 /* Open patch file */ 107 if ((f = fopen(argv[3], "rb")) == NULL) 108 err(1, "fopen(%s)", argv[3]); 109 /* Open patch file for control block */ 110 if ((cpf = fopen(argv[3], "rb")) == NULL) 111 err(1, "fopen(%s)", argv[3]); 112 /* open patch file for diff block */ 113 if ((dpf = fopen(argv[3], "rb")) == NULL) 114 err(1, "fopen(%s)", argv[3]); 115 /* open patch file for extra block */ 116 if ((epf = fopen(argv[3], "rb")) == NULL) 117 err(1, "fopen(%s)", argv[3]); 118 /* open oldfile */ 119 if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0) 120 err(1, "open(%s)", argv[1]); 121 /* open directory where we'll write newfile */ 122 if ((namebuf = strdup(argv[2])) == NULL || 123 (directory = dirname(namebuf)) == NULL || 124 (dirfd = open(directory, O_DIRECTORY)) < 0) 125 err(1, "open %s", argv[2]); 126 free(namebuf); 127 if ((newfile = basename(argv[2])) == NULL) 128 err(1, "basename"); 129 /* open newfile */ 130 if ((newfd = openat(dirfd, newfile, 131 O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0) 132 err(1, "open(%s)", argv[2]); 133 atexit(exit_cleanup); 134 135#ifdef HAVE_CAPSICUM 136 if (cap_enter() < 0) { 137 /* Failed to sandbox, fatal if CAPABILITY_MODE enabled */ 138 if (errno != ENOSYS) 139 err(1, "failed to enter security sandbox"); 140 } else { 141 /* Capsicum Available */ 142 cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK); 143 cap_rights_init(&rights_wr, CAP_WRITE); 144 cap_rights_init(&rights_dir, CAP_UNLINKAT); 145 146 if (cap_rights_limit(fileno(f), &rights_ro) < 0 || 147 cap_rights_limit(fileno(cpf), &rights_ro) < 0 || 148 cap_rights_limit(fileno(dpf), &rights_ro) < 0 || 149 cap_rights_limit(fileno(epf), &rights_ro) < 0 || 150 cap_rights_limit(oldfd, &rights_ro) < 0 || 151 cap_rights_limit(newfd, &rights_wr) < 0 || 152 cap_rights_limit(dirfd, &rights_dir) < 0) 153 err(1, "cap_rights_limit() failed, could not restrict" 154 " capabilities"); 155 } 156#endif 157 158 /* 159 File format: 160 0 8 "BSDIFF40" 161 8 8 X 162 16 8 Y 163 24 8 sizeof(newfile) 164 32 X bzip2(control block) 165 32+X Y bzip2(diff block) 166 32+X+Y ??? bzip2(extra block) 167 with control block a set of triples (x,y,z) meaning "add x bytes 168 from oldfile to x bytes from the diff block; copy y bytes from the 169 extra block; seek forwards in oldfile by z bytes". 170 */ 171 172 /* Read header */ 173 if (fread(header, 1, HEADER_SIZE, f) < HEADER_SIZE) { 174 if (feof(f)) 175 errx(1, "Corrupt patch"); 176 err(1, "fread(%s)", argv[3]); 177 } 178 179 /* Check for appropriate magic */ 180 if (memcmp(header, "BSDIFF40", 8) != 0) 181 errx(1, "Corrupt patch"); 182 183 /* Read lengths from header */ 184 bzctrllen = offtin(header + 8); 185 bzdatalen = offtin(header + 16); 186 newsize = offtin(header + 24); 187 if (bzctrllen < 0 || bzctrllen > OFF_MAX - HEADER_SIZE || 188 bzdatalen < 0 || bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen || 189 newsize < 0 || newsize > SSIZE_MAX) 190 errx(1, "Corrupt patch"); 191 192 /* Close patch file and re-open it via libbzip2 at the right places */ 193 if (fclose(f)) 194 err(1, "fclose(%s)", argv[3]); 195 offset = HEADER_SIZE; 196 if (fseeko(cpf, offset, SEEK_SET)) 197 err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); 198 if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL) 199 errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err); 200 offset += bzctrllen; 201 if (fseeko(dpf, offset, SEEK_SET)) 202 err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); 203 if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL) 204 errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err); 205 offset += bzdatalen; 206 if (fseeko(epf, offset, SEEK_SET)) 207 err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); 208 if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL) 209 errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err); 210 211 if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 || 212 oldsize > SSIZE_MAX || 213 (old = malloc(oldsize)) == NULL || 214 lseek(oldfd, 0, SEEK_SET) != 0 || 215 read(oldfd, old, oldsize) != oldsize || 216 close(oldfd) == -1) 217 err(1, "%s", argv[1]); 218 if ((new = malloc(newsize)) == NULL) 219 err(1, NULL); 220 221 oldpos = 0; 222 newpos = 0; 223 while (newpos < newsize) { 224 /* Read control data */ 225 for (i = 0; i <= 2; i++) { 226 lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8); 227 if ((lenread < 8) || ((cbz2err != BZ_OK) && 228 (cbz2err != BZ_STREAM_END))) 229 errx(1, "Corrupt patch"); 230 ctrl[i] = offtin(buf); 231 }; 232 233 /* Sanity-check */ 234 if (ctrl[0] < 0 || ctrl[0] > INT_MAX || 235 ctrl[1] < 0 || ctrl[1] > INT_MAX) 236 errx(1, "Corrupt patch"); 237 238 /* Sanity-check */ 239 if (newpos + ctrl[0] > newsize) 240 errx(1, "Corrupt patch"); 241 242 /* Read diff string */ 243 lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]); 244 if ((lenread < ctrl[0]) || 245 ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END))) 246 errx(1, "Corrupt patch"); 247 248 /* Add old data to diff string */ 249 for (i = 0; i < ctrl[0]; i++) 250 if ((oldpos + i >= 0) && (oldpos + i < oldsize)) 251 new[newpos + i] += old[oldpos + i]; 252 253 /* Adjust pointers */ 254 newpos += ctrl[0]; 255 oldpos += ctrl[0]; 256 257 /* Sanity-check */ 258 if (newpos + ctrl[1] > newsize) 259 errx(1, "Corrupt patch"); 260 261 /* Read extra string */ 262 lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]); 263 if ((lenread < ctrl[1]) || 264 ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END))) 265 errx(1, "Corrupt patch"); 266 267 /* Adjust pointers */ 268 newpos+=ctrl[1]; 269 oldpos+=ctrl[2]; 270 }; 271 272 /* Clean up the bzip2 reads */ 273 BZ2_bzReadClose(&cbz2err, cpfbz2); 274 BZ2_bzReadClose(&dbz2err, dpfbz2); 275 BZ2_bzReadClose(&ebz2err, epfbz2); 276 if (fclose(cpf) || fclose(dpf) || fclose(epf)) 277 err(1, "fclose(%s)", argv[3]); 278 279 /* Write the new file */ 280 if (write(newfd, new, newsize) != newsize || close(newfd) == -1) 281 err(1, "%s", argv[2]); 282 /* Disable atexit cleanup */ 283 newfile = NULL; 284 285 free(new); 286 free(old); 287 288 return (0); 289} 290