1 /*- 2 * Copyright 2003-2005 Colin Percival 3 * All rights reserved 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted providing that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 22 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 23 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 * POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #if defined(__FreeBSD__) 31 #include <sys/param.h> 32 #if __FreeBSD_version >= 1100014 33 #include <sys/capsicum.h> 34 #define HAVE_CAPSICUM 35 #elif __FreeBSD_version >= 1000000 36 #include <sys/capability.h> 37 #define HAVE_CAPSICUM 38 #endif 39 #endif 40 41 #include <bzlib.h> 42 #include <err.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <stdio.h> 46 #include <stdlib.h> 47 #include <string.h> 48 #include <unistd.h> 49 50 #ifndef O_BINARY 51 #define O_BINARY 0 52 #endif 53 54 static off_t offtin(u_char *buf) 55 { 56 off_t y; 57 58 y = buf[7] & 0x7F; 59 y = y * 256; y += buf[6]; 60 y = y * 256; y += buf[5]; 61 y = y * 256; y += buf[4]; 62 y = y * 256; y += buf[3]; 63 y = y * 256; y += buf[2]; 64 y = y * 256; y += buf[1]; 65 y = y * 256; y += buf[0]; 66 67 if (buf[7] & 0x80) 68 y = -y; 69 70 return (y); 71 } 72 73 static void 74 usage(void) 75 { 76 77 fprintf(stderr, "usage: bspatch oldfile newfile patchfile\n"); 78 exit(1); 79 } 80 81 int main(int argc, char *argv[]) 82 { 83 FILE *f, *cpf, *dpf, *epf; 84 BZFILE *cpfbz2, *dpfbz2, *epfbz2; 85 int cbz2err, dbz2err, ebz2err; 86 int newfd, oldfd; 87 ssize_t oldsize, newsize; 88 ssize_t bzctrllen, bzdatalen; 89 u_char header[32], buf[8]; 90 u_char *old, *new; 91 off_t oldpos, newpos; 92 off_t ctrl[3]; 93 off_t lenread; 94 off_t i; 95 #ifdef HAVE_CAPSICUM 96 cap_rights_t rights_ro, rights_wr; 97 #endif 98 99 if (argc != 4) 100 usage(); 101 102 /* Open patch file */ 103 if ((f = fopen(argv[3], "rb")) == NULL) 104 err(1, "fopen(%s)", argv[3]); 105 /* Open patch file for control block */ 106 if ((cpf = fopen(argv[3], "rb")) == NULL) 107 err(1, "fopen(%s)", argv[3]); 108 /* open patch file for diff block */ 109 if ((dpf = fopen(argv[3], "rb")) == NULL) 110 err(1, "fopen(%s)", argv[3]); 111 /* open patch file for extra block */ 112 if ((epf = fopen(argv[3], "rb")) == NULL) 113 err(1, "fopen(%s)", argv[3]); 114 /* open oldfile */ 115 if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0) 116 err(1, "open(%s)", argv[1]); 117 /* open newfile */ 118 if ((newfd = open(argv[2], O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 119 0666)) < 0) 120 err(1, "open(%s)", argv[2]); 121 122 #ifdef HAVE_CAPSICUM 123 if (cap_enter() < 0) { 124 /* Failed to sandbox, fatal if CAPABILITY_MODE enabled */ 125 if (errno != ENOSYS) 126 err(1, "failed to enter security sandbox"); 127 } else { 128 /* Capsicum Available */ 129 cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK); 130 cap_rights_init(&rights_wr, CAP_WRITE); 131 132 if (cap_rights_limit(fileno(f), &rights_ro) < 0 || 133 cap_rights_limit(fileno(cpf), &rights_ro) < 0 || 134 cap_rights_limit(fileno(dpf), &rights_ro) < 0 || 135 cap_rights_limit(fileno(epf), &rights_ro) < 0 || 136 cap_rights_limit(oldfd, &rights_ro) < 0 || 137 cap_rights_limit(newfd, &rights_wr) < 0) 138 err(1, "cap_rights_limit() failed, could not restrict" 139 " capabilities"); 140 } 141 #endif 142 143 /* 144 File format: 145 0 8 "BSDIFF40" 146 8 8 X 147 16 8 Y 148 24 8 sizeof(newfile) 149 32 X bzip2(control block) 150 32+X Y bzip2(diff block) 151 32+X+Y ??? bzip2(extra block) 152 with control block a set of triples (x,y,z) meaning "add x bytes 153 from oldfile to x bytes from the diff block; copy y bytes from the 154 extra block; seek forwards in oldfile by z bytes". 155 */ 156 157 /* Read header */ 158 if (fread(header, 1, 32, f) < 32) { 159 if (feof(f)) 160 errx(1, "Corrupt patch\n"); 161 err(1, "fread(%s)", argv[3]); 162 } 163 164 /* Check for appropriate magic */ 165 if (memcmp(header, "BSDIFF40", 8) != 0) 166 errx(1, "Corrupt patch\n"); 167 168 /* Read lengths from header */ 169 bzctrllen = offtin(header + 8); 170 bzdatalen = offtin(header + 16); 171 newsize = offtin(header + 24); 172 if ((bzctrllen < 0) || (bzdatalen < 0) || (newsize < 0)) 173 errx(1, "Corrupt patch\n"); 174 175 /* Close patch file and re-open it via libbzip2 at the right places */ 176 if (fclose(f)) 177 err(1, "fclose(%s)", argv[3]); 178 if (fseeko(cpf, 32, SEEK_SET)) 179 err(1, "fseeko(%s, %lld)", argv[3], 180 (long long)32); 181 if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL) 182 errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err); 183 if (fseeko(dpf, 32 + bzctrllen, SEEK_SET)) 184 err(1, "fseeko(%s, %lld)", argv[3], 185 (long long)(32 + bzctrllen)); 186 if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL) 187 errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err); 188 if (fseeko(epf, 32 + bzctrllen + bzdatalen, SEEK_SET)) 189 err(1, "fseeko(%s, %lld)", argv[3], 190 (long long)(32 + bzctrllen + bzdatalen)); 191 if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL) 192 errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err); 193 194 if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 || 195 (old = malloc(oldsize+1)) == NULL || 196 lseek(oldfd, 0, SEEK_SET) != 0 || 197 read(oldfd, old, oldsize) != oldsize || 198 close(oldfd) == -1) 199 err(1, "%s", argv[1]); 200 if ((new = malloc(newsize + 1)) == NULL) 201 err(1, NULL); 202 203 oldpos = 0; 204 newpos = 0; 205 while (newpos < newsize) { 206 /* Read control data */ 207 for (i = 0; i <= 2; i++) { 208 lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8); 209 if ((lenread < 8) || ((cbz2err != BZ_OK) && 210 (cbz2err != BZ_STREAM_END))) 211 errx(1, "Corrupt patch\n"); 212 ctrl[i] = offtin(buf); 213 } 214 215 /* Sanity-check */ 216 if ((ctrl[0] < 0) || (ctrl[1] < 0)) 217 errx(1, "Corrupt patch\n"); 218 219 /* Sanity-check */ 220 if (newpos + ctrl[0] > newsize) 221 errx(1, "Corrupt patch\n"); 222 223 /* Read diff string */ 224 lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]); 225 if ((lenread < ctrl[0]) || 226 ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END))) 227 errx(1, "Corrupt patch\n"); 228 229 /* Add old data to diff string */ 230 for (i = 0; i < ctrl[0]; i++) 231 if ((oldpos + i >= 0) && (oldpos + i < oldsize)) 232 new[newpos + i] += old[oldpos + i]; 233 234 /* Adjust pointers */ 235 newpos += ctrl[0]; 236 oldpos += ctrl[0]; 237 238 /* Sanity-check */ 239 if (newpos + ctrl[1] > newsize) 240 errx(1, "Corrupt patch\n"); 241 242 /* Read extra string */ 243 lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]); 244 if ((lenread < ctrl[1]) || 245 ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END))) 246 errx(1, "Corrupt patch\n"); 247 248 /* Adjust pointers */ 249 newpos+=ctrl[1]; 250 oldpos+=ctrl[2]; 251 } 252 253 /* Clean up the bzip2 reads */ 254 BZ2_bzReadClose(&cbz2err, cpfbz2); 255 BZ2_bzReadClose(&dbz2err, dpfbz2); 256 BZ2_bzReadClose(&ebz2err, epfbz2); 257 if (fclose(cpf) || fclose(dpf) || fclose(epf)) 258 err(1, "fclose(%s)", argv[3]); 259 260 /* Write the new file */ 261 if (write(newfd, new, newsize) != newsize || close(newfd) == -1) 262 err(1, "%s", argv[2]); 263 264 free(new); 265 free(old); 266 267 return (0); 268 } 269