1 /*- 2 * Copyright 2003-2005 Colin Percival 3 * All rights reserved 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted providing that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 22 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 23 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 * POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #if defined(__FreeBSD__) 31 #include <sys/param.h> 32 #if __FreeBSD_version >= 1100014 33 #include <sys/capsicum.h> 34 #define HAVE_CAPSICUM 35 #elif __FreeBSD_version >= 1000000 36 #include <sys/capability.h> 37 #define HAVE_CAPSICUM 38 #endif 39 #endif 40 41 #include <bzlib.h> 42 #include <err.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <libgen.h> 46 #include <limits.h> 47 #include <stdint.h> 48 #include <stdio.h> 49 #include <stdlib.h> 50 #include <string.h> 51 #include <unistd.h> 52 53 #ifndef O_BINARY 54 #define O_BINARY 0 55 #endif 56 #define HEADER_SIZE 32 57 58 static char *newfile; 59 static int dirfd = -1; 60 61 static void 62 exit_cleanup(void) 63 { 64 65 if (dirfd != -1 && newfile != NULL) 66 if (unlinkat(dirfd, newfile, 0)) 67 warn("unlinkat"); 68 } 69 70 static off_t offtin(u_char *buf) 71 { 72 off_t y; 73 74 y = buf[7] & 0x7F; 75 y = y * 256; y += buf[6]; 76 y = y * 256; y += buf[5]; 77 y = y * 256; y += buf[4]; 78 y = y * 256; y += buf[3]; 79 y = y * 256; y += buf[2]; 80 y = y * 256; y += buf[1]; 81 y = y * 256; y += buf[0]; 82 83 if (buf[7] & 0x80) 84 y = -y; 85 86 return (y); 87 } 88 89 static void 90 usage(void) 91 { 92 93 fprintf(stderr, "usage: bspatch oldfile newfile patchfile\n"); 94 exit(1); 95 } 96 97 int main(int argc, char *argv[]) 98 { 99 FILE *f, *cpf, *dpf, *epf; 100 BZFILE *cpfbz2, *dpfbz2, *epfbz2; 101 char *directory, *namebuf; 102 int cbz2err, dbz2err, ebz2err; 103 int newfd, oldfd; 104 off_t oldsize, newsize; 105 off_t bzctrllen, bzdatalen; 106 u_char header[HEADER_SIZE], buf[8]; 107 u_char *old, *new; 108 off_t oldpos, newpos; 109 off_t ctrl[3]; 110 off_t i, lenread, offset; 111 #ifdef HAVE_CAPSICUM 112 cap_rights_t rights_dir, rights_ro, rights_wr; 113 #endif 114 115 if (argc != 4) 116 usage(); 117 118 /* Open patch file */ 119 if ((f = fopen(argv[3], "rb")) == NULL) 120 err(1, "fopen(%s)", argv[3]); 121 /* Open patch file for control block */ 122 if ((cpf = fopen(argv[3], "rb")) == NULL) 123 err(1, "fopen(%s)", argv[3]); 124 /* open patch file for diff block */ 125 if ((dpf = fopen(argv[3], "rb")) == NULL) 126 err(1, "fopen(%s)", argv[3]); 127 /* open patch file for extra block */ 128 if ((epf = fopen(argv[3], "rb")) == NULL) 129 err(1, "fopen(%s)", argv[3]); 130 /* open oldfile */ 131 if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0) 132 err(1, "open(%s)", argv[1]); 133 /* open directory where we'll write newfile */ 134 if ((namebuf = strdup(argv[2])) == NULL || 135 (directory = dirname(namebuf)) == NULL || 136 (dirfd = open(directory, O_DIRECTORY)) < 0) 137 err(1, "open %s", argv[2]); 138 free(namebuf); 139 if ((newfile = basename(argv[2])) == NULL) 140 err(1, "basename"); 141 /* open newfile */ 142 if ((newfd = openat(dirfd, newfile, 143 O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0) 144 err(1, "open(%s)", argv[2]); 145 atexit(exit_cleanup); 146 147 #ifdef HAVE_CAPSICUM 148 if (cap_enter() < 0) { 149 /* Failed to sandbox, fatal if CAPABILITY_MODE enabled */ 150 if (errno != ENOSYS) 151 err(1, "failed to enter security sandbox"); 152 } else { 153 /* Capsicum Available */ 154 cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK); 155 cap_rights_init(&rights_wr, CAP_WRITE); 156 cap_rights_init(&rights_dir, CAP_UNLINKAT); 157 158 if (cap_rights_limit(fileno(f), &rights_ro) < 0 || 159 cap_rights_limit(fileno(cpf), &rights_ro) < 0 || 160 cap_rights_limit(fileno(dpf), &rights_ro) < 0 || 161 cap_rights_limit(fileno(epf), &rights_ro) < 0 || 162 cap_rights_limit(oldfd, &rights_ro) < 0 || 163 cap_rights_limit(newfd, &rights_wr) < 0 || 164 cap_rights_limit(dirfd, &rights_dir) < 0) 165 err(1, "cap_rights_limit() failed, could not restrict" 166 " capabilities"); 167 } 168 #endif 169 170 /* 171 File format: 172 0 8 "BSDIFF40" 173 8 8 X 174 16 8 Y 175 24 8 sizeof(newfile) 176 32 X bzip2(control block) 177 32+X Y bzip2(diff block) 178 32+X+Y ??? bzip2(extra block) 179 with control block a set of triples (x,y,z) meaning "add x bytes 180 from oldfile to x bytes from the diff block; copy y bytes from the 181 extra block; seek forwards in oldfile by z bytes". 182 */ 183 184 /* Read header */ 185 if (fread(header, 1, HEADER_SIZE, f) < HEADER_SIZE) { 186 if (feof(f)) 187 errx(1, "Corrupt patch"); 188 err(1, "fread(%s)", argv[3]); 189 } 190 191 /* Check for appropriate magic */ 192 if (memcmp(header, "BSDIFF40", 8) != 0) 193 errx(1, "Corrupt patch"); 194 195 /* Read lengths from header */ 196 bzctrllen = offtin(header + 8); 197 bzdatalen = offtin(header + 16); 198 newsize = offtin(header + 24); 199 if (bzctrllen < 0 || bzctrllen > OFF_MAX - HEADER_SIZE || 200 bzdatalen < 0 || bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen || 201 newsize < 0 || newsize > SSIZE_MAX) 202 errx(1, "Corrupt patch"); 203 204 /* Close patch file and re-open it via libbzip2 at the right places */ 205 if (fclose(f)) 206 err(1, "fclose(%s)", argv[3]); 207 offset = HEADER_SIZE; 208 if (fseeko(cpf, offset, SEEK_SET)) 209 err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); 210 if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL) 211 errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err); 212 offset += bzctrllen; 213 if (fseeko(dpf, offset, SEEK_SET)) 214 err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); 215 if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL) 216 errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err); 217 offset += bzdatalen; 218 if (fseeko(epf, offset, SEEK_SET)) 219 err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset); 220 if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL) 221 errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err); 222 223 if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 || 224 oldsize > SSIZE_MAX || 225 (old = malloc(oldsize)) == NULL || 226 lseek(oldfd, 0, SEEK_SET) != 0 || 227 read(oldfd, old, oldsize) != oldsize || 228 close(oldfd) == -1) 229 err(1, "%s", argv[1]); 230 if ((new = malloc(newsize)) == NULL) 231 err(1, NULL); 232 233 oldpos = 0; 234 newpos = 0; 235 while (newpos < newsize) { 236 /* Read control data */ 237 for (i = 0; i <= 2; i++) { 238 lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8); 239 if ((lenread < 8) || ((cbz2err != BZ_OK) && 240 (cbz2err != BZ_STREAM_END))) 241 errx(1, "Corrupt patch"); 242 ctrl[i] = offtin(buf); 243 } 244 245 /* Sanity-check */ 246 if (ctrl[0] < 0 || ctrl[0] > INT_MAX || 247 ctrl[1] < 0 || ctrl[1] > INT_MAX) 248 errx(1, "Corrupt patch"); 249 250 /* Sanity-check */ 251 if (newpos + ctrl[0] > newsize) 252 errx(1, "Corrupt patch"); 253 254 /* Read diff string */ 255 lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]); 256 if ((lenread < ctrl[0]) || 257 ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END))) 258 errx(1, "Corrupt patch"); 259 260 /* Add old data to diff string */ 261 for (i = 0; i < ctrl[0]; i++) 262 if ((oldpos + i >= 0) && (oldpos + i < oldsize)) 263 new[newpos + i] += old[oldpos + i]; 264 265 /* Adjust pointers */ 266 newpos += ctrl[0]; 267 oldpos += ctrl[0]; 268 269 /* Sanity-check */ 270 if (newpos + ctrl[1] > newsize) 271 errx(1, "Corrupt patch"); 272 273 /* Read extra string */ 274 lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]); 275 if ((lenread < ctrl[1]) || 276 ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END))) 277 errx(1, "Corrupt patch"); 278 279 /* Adjust pointers */ 280 newpos+=ctrl[1]; 281 oldpos+=ctrl[2]; 282 } 283 284 /* Clean up the bzip2 reads */ 285 BZ2_bzReadClose(&cbz2err, cpfbz2); 286 BZ2_bzReadClose(&dbz2err, dpfbz2); 287 BZ2_bzReadClose(&ebz2err, epfbz2); 288 if (fclose(cpf) || fclose(dpf) || fclose(epf)) 289 err(1, "fclose(%s)", argv[3]); 290 291 /* Write the new file */ 292 if (write(newfd, new, newsize) != newsize || close(newfd) == -1) 293 err(1, "%s", argv[2]); 294 /* Disable atexit cleanup */ 295 newfile = NULL; 296 297 free(new); 298 free(old); 299 300 return (0); 301 } 302