bspatch.c revision 306941 
1/*-
2 * Copyright 2003-2005 Colin Percival
3 * All rights reserved
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted providing that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
22 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
23 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24 * POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: releng/10.1/usr.bin/bsdiff/bspatch/bspatch.c 306941 2016-10-10 07:18:54Z delphij $");
29
30#if defined(__FreeBSD__)
31#include <sys/param.h>
32#if __FreeBSD_version >= 1001511
33#include <sys/capsicum.h>
34#define HAVE_CAPSICUM
35#endif
36#endif
37
38#include <bzlib.h>
39#include <err.h>
40#include <errno.h>
41#include <fcntl.h>
42#include <libgen.h>
43#include <limits.h>
44#include <stdint.h>
45#include <stdio.h>
46#include <stdlib.h>
47#include <string.h>
48#include <unistd.h>
49
50#ifndef O_BINARY
51#define O_BINARY 0
52#endif
53#define HEADER_SIZE 32
54
55static char *newfile;
56static int dirfd = -1;
57
58static void
59exit_cleanup(void)
60{
61
62	if (dirfd != -1 && newfile != NULL)
63		if (unlinkat(dirfd, newfile, 0))
64			warn("unlinkat");
65}
66
67static off_t offtin(u_char *buf)
68{
69	off_t y;
70
71	y = buf[7] & 0x7F;
72	y = y * 256; y += buf[6];
73	y = y * 256; y += buf[5];
74	y = y * 256; y += buf[4];
75	y = y * 256; y += buf[3];
76	y = y * 256; y += buf[2];
77	y = y * 256; y += buf[1];
78	y = y * 256; y += buf[0];
79
80	if (buf[7] & 0x80)
81		y = -y;
82
83	return (y);
84}
85
86int main(int argc, char *argv[])
87{
88	FILE *f, *cpf, *dpf, *epf;
89	BZFILE *cpfbz2, *dpfbz2, *epfbz2;
90	char *directory, *namebuf;
91	int cbz2err, dbz2err, ebz2err;
92	int newfd, oldfd;
93	off_t oldsize, newsize;
94	off_t bzctrllen, bzdatalen;
95	u_char header[HEADER_SIZE], buf[8];
96	u_char *old, *new;
97	off_t oldpos, newpos;
98	off_t ctrl[3];
99	off_t i, lenread, offset;
100#ifdef HAVE_CAPSICUM
101	cap_rights_t rights_dir, rights_ro, rights_wr;
102#endif
103
104	if(argc!=4) errx(1,"usage: %s oldfile newfile patchfile\n",argv[0]);
105
106	/* Open patch file */
107	if ((f = fopen(argv[3], "rb")) == NULL)
108		err(1, "fopen(%s)", argv[3]);
109	/* Open patch file for control block */
110	if ((cpf = fopen(argv[3], "rb")) == NULL)
111		err(1, "fopen(%s)", argv[3]);
112	/* open patch file for diff block */
113	if ((dpf = fopen(argv[3], "rb")) == NULL)
114		err(1, "fopen(%s)", argv[3]);
115	/* open patch file for extra block */
116	if ((epf = fopen(argv[3], "rb")) == NULL)
117		err(1, "fopen(%s)", argv[3]);
118	/* open oldfile */
119	if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0)
120		err(1, "open(%s)", argv[1]);
121	/* open directory where we'll write newfile */
122	if ((namebuf = strdup(argv[2])) == NULL ||
123	    (directory = dirname(namebuf)) == NULL ||
124	    (dirfd = open(directory, O_DIRECTORY)) < 0)
125		err(1, "open %s", argv[2]);
126	free(namebuf);
127	if ((newfile = basename(argv[2])) == NULL)
128		err(1, "basename");
129	/* open newfile */
130	if ((newfd = openat(dirfd, newfile,
131	    O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0)
132		err(1, "open(%s)", argv[2]);
133	atexit(exit_cleanup);
134
135#ifdef HAVE_CAPSICUM
136	if (cap_enter() < 0) {
137		/* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
138		if (errno != ENOSYS)
139			err(1, "failed to enter security sandbox");
140	} else {
141		/* Capsicum Available */
142		cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
143		cap_rights_init(&rights_wr, CAP_WRITE);
144		cap_rights_init(&rights_dir, CAP_UNLINKAT);
145
146		if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
147		    cap_rights_limit(fileno(cpf), &rights_ro) < 0 ||
148		    cap_rights_limit(fileno(dpf), &rights_ro) < 0 ||
149		    cap_rights_limit(fileno(epf), &rights_ro) < 0 ||
150		    cap_rights_limit(oldfd, &rights_ro) < 0 ||
151		    cap_rights_limit(newfd, &rights_wr) < 0 ||
152		    cap_rights_limit(dirfd, &rights_dir) < 0)
153			err(1, "cap_rights_limit() failed, could not restrict"
154			    " capabilities");
155	}
156#endif
157
158	/*
159	File format:
160		0	8	"BSDIFF40"
161		8	8	X
162		16	8	Y
163		24	8	sizeof(newfile)
164		32	X	bzip2(control block)
165		32+X	Y	bzip2(diff block)
166		32+X+Y	???	bzip2(extra block)
167	with control block a set of triples (x,y,z) meaning "add x bytes
168	from oldfile to x bytes from the diff block; copy y bytes from the
169	extra block; seek forwards in oldfile by z bytes".
170	*/
171
172	/* Read header */
173	if (fread(header, 1, HEADER_SIZE, f) < HEADER_SIZE) {
174		if (feof(f))
175			errx(1, "Corrupt patch");
176		err(1, "fread(%s)", argv[3]);
177	}
178
179	/* Check for appropriate magic */
180	if (memcmp(header, "BSDIFF40", 8) != 0)
181		errx(1, "Corrupt patch");
182
183	/* Read lengths from header */
184	bzctrllen = offtin(header + 8);
185	bzdatalen = offtin(header + 16);
186	newsize = offtin(header + 24);
187	if (bzctrllen < 0 || bzctrllen > OFF_MAX - HEADER_SIZE ||
188	    bzdatalen < 0 || bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen ||
189	    newsize < 0 || newsize > SSIZE_MAX)
190		errx(1, "Corrupt patch");
191
192	/* Close patch file and re-open it via libbzip2 at the right places */
193	if (fclose(f))
194		err(1, "fclose(%s)", argv[3]);
195	offset = HEADER_SIZE;
196	if (fseeko(cpf, offset, SEEK_SET))
197		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
198	if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL)
199		errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err);
200	offset += bzctrllen;
201	if (fseeko(dpf, offset, SEEK_SET))
202		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
203	if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL)
204		errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err);
205	offset += bzdatalen;
206	if (fseeko(epf, offset, SEEK_SET))
207		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
208	if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL)
209		errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err);
210
211	if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 ||
212	    oldsize > SSIZE_MAX ||
213	    (old = malloc(oldsize)) == NULL ||
214	    lseek(oldfd, 0, SEEK_SET) != 0 ||
215	    read(oldfd, old, oldsize) != oldsize ||
216	    close(oldfd) == -1)
217		err(1, "%s", argv[1]);
218	if ((new = malloc(newsize)) == NULL)
219		err(1, NULL);
220
221	oldpos = 0;
222	newpos = 0;
223	while (newpos < newsize) {
224		/* Read control data */
225		for (i = 0; i <= 2; i++) {
226			lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8);
227			if ((lenread < 8) || ((cbz2err != BZ_OK) &&
228			    (cbz2err != BZ_STREAM_END)))
229				errx(1, "Corrupt patch");
230			ctrl[i] = offtin(buf);
231		};
232
233		/* Sanity-check */
234		if (ctrl[0] < 0 || ctrl[0] > INT_MAX ||
235		    ctrl[1] < 0 || ctrl[1] > INT_MAX)
236			errx(1, "Corrupt patch");
237
238		/* Sanity-check */
239		if (newpos + ctrl[0] > newsize)
240			errx(1, "Corrupt patch");
241
242		/* Read diff string */
243		lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]);
244		if ((lenread < ctrl[0]) ||
245		    ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END)))
246			errx(1, "Corrupt patch");
247
248		/* Add old data to diff string */
249		for (i = 0; i < ctrl[0]; i++)
250			if ((oldpos + i >= 0) && (oldpos + i < oldsize))
251				new[newpos + i] += old[oldpos + i];
252
253		/* Adjust pointers */
254		newpos += ctrl[0];
255		oldpos += ctrl[0];
256
257		/* Sanity-check */
258		if (newpos + ctrl[1] > newsize)
259			errx(1, "Corrupt patch");
260
261		/* Read extra string */
262		lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]);
263		if ((lenread < ctrl[1]) ||
264		    ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END)))
265			errx(1, "Corrupt patch");
266
267		/* Adjust pointers */
268		newpos+=ctrl[1];
269		oldpos+=ctrl[2];
270	};
271
272	/* Clean up the bzip2 reads */
273	BZ2_bzReadClose(&cbz2err, cpfbz2);
274	BZ2_bzReadClose(&dbz2err, dpfbz2);
275	BZ2_bzReadClose(&ebz2err, epfbz2);
276	if (fclose(cpf) || fclose(dpf) || fclose(epf))
277		err(1, "fclose(%s)", argv[3]);
278
279	/* Write the new file */
280	if (write(newfd, new, newsize) != newsize || close(newfd) == -1)
281		err(1, "%s", argv[2]);
282	/* Disable atexit cleanup */
283	newfile = NULL;
284
285	free(new);
286	free(old);
287
288	return (0);
289}
290