xref: /freebsd/usr.bin/bsdiff/bspatch/bspatch.c (revision 5e1e3ea237e921377a1d5a8b7adffbaf6a392de0) 
1  /*-
2   * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3   *
4   * Copyright 2003-2005 Colin Percival
5   * All rights reserved
6   *
7   * Redistribution and use in source and binary forms, with or without
8   * modification, are permitted providing that the following conditions
9   * are met:
10   * 1. Redistributions of source code must retain the above copyright
11   *    notice, this list of conditions and the following disclaimer.
12   * 2. Redistributions in binary form must reproduce the above copyright
13   *    notice, this list of conditions and the following disclaimer in the
14   *    documentation and/or other materials provided with the distribution.
15   *
16   * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17   * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18   * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19   * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20   * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21   * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22   * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23   * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25   * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26   * POSSIBILITY OF SUCH DAMAGE.
27   */
28  
29  #include <sys/cdefs.h>
30  __FBSDID("$FreeBSD$");
31  
32  #if defined(__FreeBSD__)
33  #include <sys/param.h>
34  #if __FreeBSD_version >= 1001511
35  #include <sys/capsicum.h>
36  #define HAVE_CAPSICUM
37  #endif
38  #endif
39  
40  #include <bzlib.h>
41  #include <err.h>
42  #include <errno.h>
43  #include <fcntl.h>
44  #include <libgen.h>
45  #include <limits.h>
46  #include <stdint.h>
47  #include <stdio.h>
48  #include <stdlib.h>
49  #include <string.h>
50  #include <unistd.h>
51  
52  #ifndef O_BINARY
53  #define O_BINARY 0
54  #endif
55  #define HEADER_SIZE 32
56  
57  static char *newfile;
58  static int dirfd = -1;
59  
60  static void
61  exit_cleanup(void)
62  {
63  
64  	if (dirfd != -1 && newfile != NULL)
65  		if (unlinkat(dirfd, newfile, 0))
66  			warn("unlinkat");
67  }
68  
69  static off_t offtin(u_char *buf)
70  {
71  	off_t y;
72  
73  	y = buf[7] & 0x7F;
74  	y = y * 256; y += buf[6];
75  	y = y * 256; y += buf[5];
76  	y = y * 256; y += buf[4];
77  	y = y * 256; y += buf[3];
78  	y = y * 256; y += buf[2];
79  	y = y * 256; y += buf[1];
80  	y = y * 256; y += buf[0];
81  
82  	if (buf[7] & 0x80)
83  		y = -y;
84  
85  	return (y);
86  }
87  
88  static void
89  usage(void)
90  {
91  
92  	fprintf(stderr, "usage: bspatch oldfile newfile patchfile\n");
93  	exit(1);
94  }
95  
96  int main(int argc, char *argv[])
97  {
98  	FILE *f, *cpf, *dpf, *epf;
99  	BZFILE *cpfbz2, *dpfbz2, *epfbz2;
100  	char *directory, *namebuf;
101  	int cbz2err, dbz2err, ebz2err;
102  	int newfd, oldfd;
103  	off_t oldsize, newsize;
104  	off_t bzctrllen, bzdatalen;
105  	u_char header[HEADER_SIZE], buf[8];
106  	u_char *old, *new;
107  	off_t oldpos, newpos;
108  	off_t ctrl[3];
109  	off_t i, lenread, offset;
110  #ifdef HAVE_CAPSICUM
111  	cap_rights_t rights_dir, rights_ro, rights_wr;
112  #endif
113  
114  	if (argc != 4)
115  		usage();
116  
117  	/* Open patch file */
118  	if ((f = fopen(argv[3], "rb")) == NULL)
119  		err(1, "fopen(%s)", argv[3]);
120  	/* Open patch file for control block */
121  	if ((cpf = fopen(argv[3], "rb")) == NULL)
122  		err(1, "fopen(%s)", argv[3]);
123  	/* open patch file for diff block */
124  	if ((dpf = fopen(argv[3], "rb")) == NULL)
125  		err(1, "fopen(%s)", argv[3]);
126  	/* open patch file for extra block */
127  	if ((epf = fopen(argv[3], "rb")) == NULL)
128  		err(1, "fopen(%s)", argv[3]);
129  	/* open oldfile */
130  	if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0)
131  		err(1, "open(%s)", argv[1]);
132  	/* open directory where we'll write newfile */
133  	if ((namebuf = strdup(argv[2])) == NULL ||
134  	    (directory = dirname(namebuf)) == NULL ||
135  	    (dirfd = open(directory, O_DIRECTORY)) < 0)
136  		err(1, "open %s", argv[2]);
137  	free(namebuf);
138  	if ((newfile = basename(argv[2])) == NULL)
139  		err(1, "basename");
140  	/* open newfile */
141  	if ((newfd = openat(dirfd, newfile,
142  	    O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0)
143  		err(1, "open(%s)", argv[2]);
144  	atexit(exit_cleanup);
145  
146  #ifdef HAVE_CAPSICUM
147  	if (cap_enter() < 0) {
148  		/* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
149  		if (errno != ENOSYS)
150  			err(1, "failed to enter security sandbox");
151  	} else {
152  		/* Capsicum Available */
153  		cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
154  		cap_rights_init(&rights_wr, CAP_WRITE);
155  		cap_rights_init(&rights_dir, CAP_UNLINKAT);
156  
157  		if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
158  		    cap_rights_limit(fileno(cpf), &rights_ro) < 0 ||
159  		    cap_rights_limit(fileno(dpf), &rights_ro) < 0 ||
160  		    cap_rights_limit(fileno(epf), &rights_ro) < 0 ||
161  		    cap_rights_limit(oldfd, &rights_ro) < 0 ||
162  		    cap_rights_limit(newfd, &rights_wr) < 0 ||
163  		    cap_rights_limit(dirfd, &rights_dir) < 0)
164  			err(1, "cap_rights_limit() failed, could not restrict"
165  			    " capabilities");
166  	}
167  #endif
168  
169  	/*
170  	File format:
171  		0	8	"BSDIFF40"
172  		8	8	X
173  		16	8	Y
174  		24	8	sizeof(newfile)
175  		32	X	bzip2(control block)
176  		32+X	Y	bzip2(diff block)
177  		32+X+Y	???	bzip2(extra block)
178  	with control block a set of triples (x,y,z) meaning "add x bytes
179  	from oldfile to x bytes from the diff block; copy y bytes from the
180  	extra block; seek forwards in oldfile by z bytes".
181  	*/
182  
183  	/* Read header */
184  	if (fread(header, 1, HEADER_SIZE, f) < HEADER_SIZE) {
185  		if (feof(f))
186  			errx(1, "Corrupt patch");
187  		err(1, "fread(%s)", argv[3]);
188  	}
189  
190  	/* Check for appropriate magic */
191  	if (memcmp(header, "BSDIFF40", 8) != 0)
192  		errx(1, "Corrupt patch");
193  
194  	/* Read lengths from header */
195  	bzctrllen = offtin(header + 8);
196  	bzdatalen = offtin(header + 16);
197  	newsize = offtin(header + 24);
198  	if (bzctrllen < 0 || bzctrllen > OFF_MAX - HEADER_SIZE ||
199  	    bzdatalen < 0 || bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen ||
200  	    newsize < 0 || newsize > SSIZE_MAX)
201  		errx(1, "Corrupt patch");
202  
203  	/* Close patch file and re-open it via libbzip2 at the right places */
204  	if (fclose(f))
205  		err(1, "fclose(%s)", argv[3]);
206  	offset = HEADER_SIZE;
207  	if (fseeko(cpf, offset, SEEK_SET))
208  		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
209  	if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL)
210  		errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err);
211  	offset += bzctrllen;
212  	if (fseeko(dpf, offset, SEEK_SET))
213  		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
214  	if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL)
215  		errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err);
216  	offset += bzdatalen;
217  	if (fseeko(epf, offset, SEEK_SET))
218  		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
219  	if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL)
220  		errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err);
221  
222  	if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 ||
223  	    oldsize > SSIZE_MAX ||
224  	    (old = malloc(oldsize)) == NULL ||
225  	    lseek(oldfd, 0, SEEK_SET) != 0 ||
226  	    read(oldfd, old, oldsize) != oldsize ||
227  	    close(oldfd) == -1)
228  		err(1, "%s", argv[1]);
229  	if ((new = malloc(newsize)) == NULL)
230  		err(1, NULL);
231  
232  	oldpos = 0;
233  	newpos = 0;
234  	while (newpos < newsize) {
235  		/* Read control data */
236  		for (i = 0; i <= 2; i++) {
237  			lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8);
238  			if ((lenread < 8) || ((cbz2err != BZ_OK) &&
239  			    (cbz2err != BZ_STREAM_END)))
240  				errx(1, "Corrupt patch");
241  			ctrl[i] = offtin(buf);
242  		}
243  
244  		/* Sanity-check */
245  		if (ctrl[0] < 0 || ctrl[0] > INT_MAX ||
246  		    ctrl[1] < 0 || ctrl[1] > INT_MAX)
247  			errx(1, "Corrupt patch");
248  
249  		/* Sanity-check */
250  		if (newpos + ctrl[0] > newsize)
251  			errx(1, "Corrupt patch");
252  
253  		/* Read diff string */
254  		lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]);
255  		if ((lenread < ctrl[0]) ||
256  		    ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END)))
257  			errx(1, "Corrupt patch");
258  
259  		/* Add old data to diff string */
260  		for (i = 0; i < ctrl[0]; i++)
261  			if ((oldpos + i >= 0) && (oldpos + i < oldsize))
262  				new[newpos + i] += old[oldpos + i];
263  
264  		/* Adjust pointers */
265  		newpos += ctrl[0];
266  		oldpos += ctrl[0];
267  
268  		/* Sanity-check */
269  		if (newpos + ctrl[1] > newsize)
270  			errx(1, "Corrupt patch");
271  
272  		/* Read extra string */
273  		lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]);
274  		if ((lenread < ctrl[1]) ||
275  		    ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END)))
276  			errx(1, "Corrupt patch");
277  
278  		/* Adjust pointers */
279  		newpos+=ctrl[1];
280  		oldpos+=ctrl[2];
281  	}
282  
283  	/* Clean up the bzip2 reads */
284  	BZ2_bzReadClose(&cbz2err, cpfbz2);
285  	BZ2_bzReadClose(&dbz2err, dpfbz2);
286  	BZ2_bzReadClose(&ebz2err, epfbz2);
287  	if (fclose(cpf) || fclose(dpf) || fclose(epf))
288  		err(1, "fclose(%s)", argv[3]);
289  
290  	/* Write the new file */
291  	if (write(newfd, new, newsize) != newsize || close(newfd) == -1)
292  		err(1, "%s", argv[2]);
293  	/* Disable atexit cleanup */
294  	newfile = NULL;
295  
296  	free(new);
297  	free(old);
298  
299  	return (0);
300  }
301