bspatch.c revision 306379 
1/*-
2 * Copyright 2003-2005 Colin Percival
3 * All rights reserved
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted providing that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
22 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
23 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24 * POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD: releng/11.0/usr.bin/bsdiff/bspatch/bspatch.c 306379 2016-09-27 19:36:12Z emaste $");
29
30#if defined(__FreeBSD__)
31#include <sys/param.h>
32#if __FreeBSD_version >= 1001511
33#include <sys/capsicum.h>
34#define HAVE_CAPSICUM
35#endif
36#endif
37
38#include <bzlib.h>
39#include <err.h>
40#include <errno.h>
41#include <fcntl.h>
42#include <libgen.h>
43#include <limits.h>
44#include <stdint.h>
45#include <stdio.h>
46#include <stdlib.h>
47#include <string.h>
48#include <unistd.h>
49
50#ifndef O_BINARY
51#define O_BINARY 0
52#endif
53#define HEADER_SIZE 32
54
55static char *newfile;
56static int dirfd = -1;
57
58static void
59exit_cleanup(void)
60{
61
62	if (dirfd != -1 && newfile != NULL)
63		if (unlinkat(dirfd, newfile, 0))
64			warn("unlinkat");
65}
66
67static off_t offtin(u_char *buf)
68{
69	off_t y;
70
71	y = buf[7] & 0x7F;
72	y = y * 256; y += buf[6];
73	y = y * 256; y += buf[5];
74	y = y * 256; y += buf[4];
75	y = y * 256; y += buf[3];
76	y = y * 256; y += buf[2];
77	y = y * 256; y += buf[1];
78	y = y * 256; y += buf[0];
79
80	if (buf[7] & 0x80)
81		y = -y;
82
83	return (y);
84}
85
86static void
87usage(void)
88{
89
90	fprintf(stderr, "usage: bspatch oldfile newfile patchfile\n");
91	exit(1);
92}
93
94int main(int argc, char *argv[])
95{
96	FILE *f, *cpf, *dpf, *epf;
97	BZFILE *cpfbz2, *dpfbz2, *epfbz2;
98	char *directory, *namebuf;
99	int cbz2err, dbz2err, ebz2err;
100	int newfd, oldfd;
101	off_t oldsize, newsize;
102	off_t bzctrllen, bzdatalen;
103	u_char header[HEADER_SIZE], buf[8];
104	u_char *old, *new;
105	off_t oldpos, newpos;
106	off_t ctrl[3];
107	off_t i, lenread, offset;
108#ifdef HAVE_CAPSICUM
109	cap_rights_t rights_dir, rights_ro, rights_wr;
110#endif
111
112	if (argc != 4)
113		usage();
114
115	/* Open patch file */
116	if ((f = fopen(argv[3], "rb")) == NULL)
117		err(1, "fopen(%s)", argv[3]);
118	/* Open patch file for control block */
119	if ((cpf = fopen(argv[3], "rb")) == NULL)
120		err(1, "fopen(%s)", argv[3]);
121	/* open patch file for diff block */
122	if ((dpf = fopen(argv[3], "rb")) == NULL)
123		err(1, "fopen(%s)", argv[3]);
124	/* open patch file for extra block */
125	if ((epf = fopen(argv[3], "rb")) == NULL)
126		err(1, "fopen(%s)", argv[3]);
127	/* open oldfile */
128	if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0)
129		err(1, "open(%s)", argv[1]);
130	/* open directory where we'll write newfile */
131	if ((namebuf = strdup(argv[2])) == NULL ||
132	    (directory = dirname(namebuf)) == NULL ||
133	    (dirfd = open(directory, O_DIRECTORY)) < 0)
134		err(1, "open %s", argv[2]);
135	free(namebuf);
136	if ((newfile = basename(argv[2])) == NULL)
137		err(1, "basename");
138	/* open newfile */
139	if ((newfd = openat(dirfd, newfile,
140	    O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0)
141		err(1, "open(%s)", argv[2]);
142	atexit(exit_cleanup);
143
144#ifdef HAVE_CAPSICUM
145	if (cap_enter() < 0) {
146		/* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
147		if (errno != ENOSYS)
148			err(1, "failed to enter security sandbox");
149	} else {
150		/* Capsicum Available */
151		cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
152		cap_rights_init(&rights_wr, CAP_WRITE);
153		cap_rights_init(&rights_dir, CAP_UNLINKAT);
154
155		if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
156		    cap_rights_limit(fileno(cpf), &rights_ro) < 0 ||
157		    cap_rights_limit(fileno(dpf), &rights_ro) < 0 ||
158		    cap_rights_limit(fileno(epf), &rights_ro) < 0 ||
159		    cap_rights_limit(oldfd, &rights_ro) < 0 ||
160		    cap_rights_limit(newfd, &rights_wr) < 0 ||
161		    cap_rights_limit(dirfd, &rights_dir) < 0)
162			err(1, "cap_rights_limit() failed, could not restrict"
163			    " capabilities");
164	}
165#endif
166
167	/*
168	File format:
169		0	8	"BSDIFF40"
170		8	8	X
171		16	8	Y
172		24	8	sizeof(newfile)
173		32	X	bzip2(control block)
174		32+X	Y	bzip2(diff block)
175		32+X+Y	???	bzip2(extra block)
176	with control block a set of triples (x,y,z) meaning "add x bytes
177	from oldfile to x bytes from the diff block; copy y bytes from the
178	extra block; seek forwards in oldfile by z bytes".
179	*/
180
181	/* Read header */
182	if (fread(header, 1, HEADER_SIZE, f) < HEADER_SIZE) {
183		if (feof(f))
184			errx(1, "Corrupt patch");
185		err(1, "fread(%s)", argv[3]);
186	}
187
188	/* Check for appropriate magic */
189	if (memcmp(header, "BSDIFF40", 8) != 0)
190		errx(1, "Corrupt patch");
191
192	/* Read lengths from header */
193	bzctrllen = offtin(header + 8);
194	bzdatalen = offtin(header + 16);
195	newsize = offtin(header + 24);
196	if (bzctrllen < 0 || bzctrllen > OFF_MAX - HEADER_SIZE ||
197	    bzdatalen < 0 || bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen ||
198	    newsize < 0 || newsize > SSIZE_MAX)
199		errx(1, "Corrupt patch");
200
201	/* Close patch file and re-open it via libbzip2 at the right places */
202	if (fclose(f))
203		err(1, "fclose(%s)", argv[3]);
204	offset = HEADER_SIZE;
205	if (fseeko(cpf, offset, SEEK_SET))
206		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
207	if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL)
208		errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err);
209	offset += bzctrllen;
210	if (fseeko(dpf, offset, SEEK_SET))
211		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
212	if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL)
213		errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err);
214	offset += bzdatalen;
215	if (fseeko(epf, offset, SEEK_SET))
216		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
217	if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL)
218		errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err);
219
220	if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 ||
221	    oldsize > SSIZE_MAX ||
222	    (old = malloc(oldsize)) == NULL ||
223	    lseek(oldfd, 0, SEEK_SET) != 0 ||
224	    read(oldfd, old, oldsize) != oldsize ||
225	    close(oldfd) == -1)
226		err(1, "%s", argv[1]);
227	if ((new = malloc(newsize)) == NULL)
228		err(1, NULL);
229
230	oldpos = 0;
231	newpos = 0;
232	while (newpos < newsize) {
233		/* Read control data */
234		for (i = 0; i <= 2; i++) {
235			lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8);
236			if ((lenread < 8) || ((cbz2err != BZ_OK) &&
237			    (cbz2err != BZ_STREAM_END)))
238				errx(1, "Corrupt patch");
239			ctrl[i] = offtin(buf);
240		}
241
242		/* Sanity-check */
243		if (ctrl[0] < 0 || ctrl[0] > INT_MAX ||
244		    ctrl[1] < 0 || ctrl[1] > INT_MAX)
245			errx(1, "Corrupt patch");
246
247		/* Sanity-check */
248		if (newpos + ctrl[0] > newsize)
249			errx(1, "Corrupt patch");
250
251		/* Read diff string */
252		lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]);
253		if ((lenread < ctrl[0]) ||
254		    ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END)))
255			errx(1, "Corrupt patch");
256
257		/* Add old data to diff string */
258		for (i = 0; i < ctrl[0]; i++)
259			if ((oldpos + i >= 0) && (oldpos + i < oldsize))
260				new[newpos + i] += old[oldpos + i];
261
262		/* Adjust pointers */
263		newpos += ctrl[0];
264		oldpos += ctrl[0];
265
266		/* Sanity-check */
267		if (newpos + ctrl[1] > newsize)
268			errx(1, "Corrupt patch");
269
270		/* Read extra string */
271		lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]);
272		if ((lenread < ctrl[1]) ||
273		    ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END)))
274			errx(1, "Corrupt patch");
275
276		/* Adjust pointers */
277		newpos+=ctrl[1];
278		oldpos+=ctrl[2];
279	}
280
281	/* Clean up the bzip2 reads */
282	BZ2_bzReadClose(&cbz2err, cpfbz2);
283	BZ2_bzReadClose(&dbz2err, dpfbz2);
284	BZ2_bzReadClose(&ebz2err, epfbz2);
285	if (fclose(cpf) || fclose(dpf) || fclose(epf))
286		err(1, "fclose(%s)", argv[3]);
287
288	/* Write the new file */
289	if (write(newfd, new, newsize) != newsize || close(newfd) == -1)
290		err(1, "%s", argv[2]);
291	/* Disable atexit cleanup */
292	newfile = NULL;
293
294	free(new);
295	free(old);
296
297	return (0);
298}
299