xref: /freebsd/usr.bin/bsdiff/bspatch/bspatch.c (revision 7be8de4271d5cb5d441e2757912c1824f6c3dc3b) 
1 /*-
2  * Copyright 2003-2005 Colin Percival
3  * All rights reserved
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted providing that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
22  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
23  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24  * POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
29 
30 #if defined(__FreeBSD__)
31 #include <sys/param.h>
32 #if __FreeBSD_version >= 1100014
33 #include <sys/capsicum.h>
34 #define HAVE_CAPSICUM
35 #elif __FreeBSD_version >= 1000000
36 #include <sys/capability.h>
37 #define HAVE_CAPSICUM
38 #endif
39 #endif
40 
41 #include <bzlib.h>
42 #include <err.h>
43 #include <errno.h>
44 #include <fcntl.h>
45 #include <libgen.h>
46 #include <stdio.h>
47 #include <stdlib.h>
48 #include <string.h>
49 #include <unistd.h>
50 
51 #ifndef O_BINARY
52 #define O_BINARY 0
53 #endif
54 
55 static char *newfile;
56 static int dirfd = -1;
57 
58 static void
59 exit_cleanup(void)
60 {
61 
62 	if (dirfd != -1 && newfile != NULL)
63 		if (unlinkat(dirfd, newfile, 0))
64 			warn("unlinkat");
65 }
66 
67 static off_t offtin(u_char *buf)
68 {
69 	off_t y;
70 
71 	y = buf[7] & 0x7F;
72 	y = y * 256; y += buf[6];
73 	y = y * 256; y += buf[5];
74 	y = y * 256; y += buf[4];
75 	y = y * 256; y += buf[3];
76 	y = y * 256; y += buf[2];
77 	y = y * 256; y += buf[1];
78 	y = y * 256; y += buf[0];
79 
80 	if (buf[7] & 0x80)
81 		y = -y;
82 
83 	return (y);
84 }
85 
86 static void
87 usage(void)
88 {
89 
90 	fprintf(stderr, "usage: bspatch oldfile newfile patchfile\n");
91 	exit(1);
92 }
93 
94 int main(int argc, char *argv[])
95 {
96 	FILE *f, *cpf, *dpf, *epf;
97 	BZFILE *cpfbz2, *dpfbz2, *epfbz2;
98 	char *directory, *namebuf;
99 	int cbz2err, dbz2err, ebz2err;
100 	int newfd, oldfd;
101 	ssize_t oldsize, newsize;
102 	ssize_t bzctrllen, bzdatalen;
103 	u_char header[32], buf[8];
104 	u_char *old, *new;
105 	off_t oldpos, newpos;
106 	off_t ctrl[3];
107 	off_t lenread;
108 	off_t i;
109 #ifdef HAVE_CAPSICUM
110 	cap_rights_t rights_dir, rights_ro, rights_wr;
111 #endif
112 
113 	if (argc != 4)
114 		usage();
115 
116 	/* Open patch file */
117 	if ((f = fopen(argv[3], "rb")) == NULL)
118 		err(1, "fopen(%s)", argv[3]);
119 	/* Open patch file for control block */
120 	if ((cpf = fopen(argv[3], "rb")) == NULL)
121 		err(1, "fopen(%s)", argv[3]);
122 	/* open patch file for diff block */
123 	if ((dpf = fopen(argv[3], "rb")) == NULL)
124 		err(1, "fopen(%s)", argv[3]);
125 	/* open patch file for extra block */
126 	if ((epf = fopen(argv[3], "rb")) == NULL)
127 		err(1, "fopen(%s)", argv[3]);
128 	/* open oldfile */
129 	if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0)
130 		err(1, "open(%s)", argv[1]);
131 	/* open directory where we'll write newfile */
132 	if ((namebuf = strdup(argv[2])) == NULL ||
133 	    (directory = dirname(namebuf)) == NULL ||
134 	    (dirfd = open(directory, O_DIRECTORY)) < 0)
135 		err(1, "open %s", argv[2]);
136 	free(namebuf);
137 	if ((newfile = basename(argv[2])) == NULL)
138 		err(1, "basename");
139 	/* open newfile */
140 	if ((newfd = openat(dirfd, newfile,
141 	    O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0)
142 		err(1, "open(%s)", argv[2]);
143 	atexit(exit_cleanup);
144 
145 #ifdef HAVE_CAPSICUM
146 	if (cap_enter() < 0) {
147 		/* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
148 		if (errno != ENOSYS)
149 			err(1, "failed to enter security sandbox");
150 	} else {
151 		/* Capsicum Available */
152 		cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
153 		cap_rights_init(&rights_wr, CAP_WRITE);
154 		cap_rights_init(&rights_dir, CAP_UNLINKAT);
155 
156 		if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
157 		    cap_rights_limit(fileno(cpf), &rights_ro) < 0 ||
158 		    cap_rights_limit(fileno(dpf), &rights_ro) < 0 ||
159 		    cap_rights_limit(fileno(epf), &rights_ro) < 0 ||
160 		    cap_rights_limit(oldfd, &rights_ro) < 0 ||
161 		    cap_rights_limit(newfd, &rights_wr) < 0 ||
162 		    cap_rights_limit(dirfd, &rights_dir) < 0)
163 			err(1, "cap_rights_limit() failed, could not restrict"
164 			    " capabilities");
165 	}
166 #endif
167 
168 	/*
169 	File format:
170 		0	8	"BSDIFF40"
171 		8	8	X
172 		16	8	Y
173 		24	8	sizeof(newfile)
174 		32	X	bzip2(control block)
175 		32+X	Y	bzip2(diff block)
176 		32+X+Y	???	bzip2(extra block)
177 	with control block a set of triples (x,y,z) meaning "add x bytes
178 	from oldfile to x bytes from the diff block; copy y bytes from the
179 	extra block; seek forwards in oldfile by z bytes".
180 	*/
181 
182 	/* Read header */
183 	if (fread(header, 1, 32, f) < 32) {
184 		if (feof(f))
185 			errx(1, "Corrupt patch\n");
186 		err(1, "fread(%s)", argv[3]);
187 	}
188 
189 	/* Check for appropriate magic */
190 	if (memcmp(header, "BSDIFF40", 8) != 0)
191 		errx(1, "Corrupt patch\n");
192 
193 	/* Read lengths from header */
194 	bzctrllen = offtin(header + 8);
195 	bzdatalen = offtin(header + 16);
196 	newsize = offtin(header + 24);
197 	if ((bzctrllen < 0) || (bzdatalen < 0) || (newsize < 0))
198 		errx(1, "Corrupt patch\n");
199 
200 	/* Close patch file and re-open it via libbzip2 at the right places */
201 	if (fclose(f))
202 		err(1, "fclose(%s)", argv[3]);
203 	if (fseeko(cpf, 32, SEEK_SET))
204 		err(1, "fseeko(%s, %lld)", argv[3],
205 		    (long long)32);
206 	if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL)
207 		errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err);
208 	if (fseeko(dpf, 32 + bzctrllen, SEEK_SET))
209 		err(1, "fseeko(%s, %lld)", argv[3],
210 		    (long long)(32 + bzctrllen));
211 	if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL)
212 		errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err);
213 	if (fseeko(epf, 32 + bzctrllen + bzdatalen, SEEK_SET))
214 		err(1, "fseeko(%s, %lld)", argv[3],
215 		    (long long)(32 + bzctrllen + bzdatalen));
216 	if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL)
217 		errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err);
218 
219 	if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 ||
220 	    (old = malloc(oldsize+1)) == NULL ||
221 	    lseek(oldfd, 0, SEEK_SET) != 0 ||
222 	    read(oldfd, old, oldsize) != oldsize ||
223 	    close(oldfd) == -1)
224 		err(1, "%s", argv[1]);
225 	if ((new = malloc(newsize + 1)) == NULL)
226 		err(1, NULL);
227 
228 	oldpos = 0;
229 	newpos = 0;
230 	while (newpos < newsize) {
231 		/* Read control data */
232 		for (i = 0; i <= 2; i++) {
233 			lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8);
234 			if ((lenread < 8) || ((cbz2err != BZ_OK) &&
235 			    (cbz2err != BZ_STREAM_END)))
236 				errx(1, "Corrupt patch\n");
237 			ctrl[i] = offtin(buf);
238 		}
239 
240 		/* Sanity-check */
241 		if ((ctrl[0] < 0) || (ctrl[1] < 0))
242 			errx(1, "Corrupt patch\n");
243 
244 		/* Sanity-check */
245 		if (newpos + ctrl[0] > newsize)
246 			errx(1, "Corrupt patch\n");
247 
248 		/* Read diff string */
249 		lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]);
250 		if ((lenread < ctrl[0]) ||
251 		    ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END)))
252 			errx(1, "Corrupt patch\n");
253 
254 		/* Add old data to diff string */
255 		for (i = 0; i < ctrl[0]; i++)
256 			if ((oldpos + i >= 0) && (oldpos + i < oldsize))
257 				new[newpos + i] += old[oldpos + i];
258 
259 		/* Adjust pointers */
260 		newpos += ctrl[0];
261 		oldpos += ctrl[0];
262 
263 		/* Sanity-check */
264 		if (newpos + ctrl[1] > newsize)
265 			errx(1, "Corrupt patch\n");
266 
267 		/* Read extra string */
268 		lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]);
269 		if ((lenread < ctrl[1]) ||
270 		    ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END)))
271 			errx(1, "Corrupt patch\n");
272 
273 		/* Adjust pointers */
274 		newpos+=ctrl[1];
275 		oldpos+=ctrl[2];
276 	}
277 
278 	/* Clean up the bzip2 reads */
279 	BZ2_bzReadClose(&cbz2err, cpfbz2);
280 	BZ2_bzReadClose(&dbz2err, dpfbz2);
281 	BZ2_bzReadClose(&ebz2err, epfbz2);
282 	if (fclose(cpf) || fclose(dpf) || fclose(epf))
283 		err(1, "fclose(%s)", argv[3]);
284 
285 	/* Write the new file */
286 	if (write(newfd, new, newsize) != newsize || close(newfd) == -1)
287 		err(1, "%s", argv[2]);
288 	/* Disable atexit cleanup */
289 	newfile = NULL;
290 
291 	free(new);
292 	free(old);
293 
294 	return (0);
295 }
296