1 /*- 2 * Copyright 2003-2005 Colin Percival 3 * All rights reserved 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted providing that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 22 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING 23 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 24 * POSSIBILITY OF SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 #if defined(__FreeBSD__) 31 #include <sys/param.h> 32 #if __FreeBSD_version >= 1100014 33 #include <sys/capsicum.h> 34 #define HAVE_CAPSICUM 35 #elif __FreeBSD_version >= 1000000 36 #include <sys/capability.h> 37 #define HAVE_CAPSICUM 38 #endif 39 #endif 40 41 #include <bzlib.h> 42 #include <err.h> 43 #include <errno.h> 44 #include <fcntl.h> 45 #include <libgen.h> 46 #include <limits.h> 47 #include <stdio.h> 48 #include <stdlib.h> 49 #include <string.h> 50 #include <unistd.h> 51 52 #ifndef O_BINARY 53 #define O_BINARY 0 54 #endif 55 56 static char *newfile; 57 static int dirfd = -1; 58 59 static void 60 exit_cleanup(void) 61 { 62 63 if (dirfd != -1 && newfile != NULL) 64 if (unlinkat(dirfd, newfile, 0)) 65 warn("unlinkat"); 66 } 67 68 static off_t offtin(u_char *buf) 69 { 70 off_t y; 71 72 y = buf[7] & 0x7F; 73 y = y * 256; y += buf[6]; 74 y = y * 256; y += buf[5]; 75 y = y * 256; y += buf[4]; 76 y = y * 256; y += buf[3]; 77 y = y * 256; y += buf[2]; 78 y = y * 256; y += buf[1]; 79 y = y * 256; y += buf[0]; 80 81 if (buf[7] & 0x80) 82 y = -y; 83 84 return (y); 85 } 86 87 static void 88 usage(void) 89 { 90 91 fprintf(stderr, "usage: bspatch oldfile newfile patchfile\n"); 92 exit(1); 93 } 94 95 int main(int argc, char *argv[]) 96 { 97 FILE *f, *cpf, *dpf, *epf; 98 BZFILE *cpfbz2, *dpfbz2, *epfbz2; 99 char *directory, *namebuf; 100 int cbz2err, dbz2err, ebz2err; 101 int newfd, oldfd; 102 off_t oldsize, newsize; 103 off_t bzctrllen, bzdatalen; 104 u_char header[32], buf[8]; 105 u_char *old, *new; 106 off_t oldpos, newpos; 107 off_t ctrl[3]; 108 off_t lenread; 109 off_t i; 110 #ifdef HAVE_CAPSICUM 111 cap_rights_t rights_dir, rights_ro, rights_wr; 112 #endif 113 114 if (argc != 4) 115 usage(); 116 117 /* Open patch file */ 118 if ((f = fopen(argv[3], "rb")) == NULL) 119 err(1, "fopen(%s)", argv[3]); 120 /* Open patch file for control block */ 121 if ((cpf = fopen(argv[3], "rb")) == NULL) 122 err(1, "fopen(%s)", argv[3]); 123 /* open patch file for diff block */ 124 if ((dpf = fopen(argv[3], "rb")) == NULL) 125 err(1, "fopen(%s)", argv[3]); 126 /* open patch file for extra block */ 127 if ((epf = fopen(argv[3], "rb")) == NULL) 128 err(1, "fopen(%s)", argv[3]); 129 /* open oldfile */ 130 if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0) 131 err(1, "open(%s)", argv[1]); 132 /* open directory where we'll write newfile */ 133 if ((namebuf = strdup(argv[2])) == NULL || 134 (directory = dirname(namebuf)) == NULL || 135 (dirfd = open(directory, O_DIRECTORY)) < 0) 136 err(1, "open %s", argv[2]); 137 free(namebuf); 138 if ((newfile = basename(argv[2])) == NULL) 139 err(1, "basename"); 140 /* open newfile */ 141 if ((newfd = openat(dirfd, newfile, 142 O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0) 143 err(1, "open(%s)", argv[2]); 144 atexit(exit_cleanup); 145 146 #ifdef HAVE_CAPSICUM 147 if (cap_enter() < 0) { 148 /* Failed to sandbox, fatal if CAPABILITY_MODE enabled */ 149 if (errno != ENOSYS) 150 err(1, "failed to enter security sandbox"); 151 } else { 152 /* Capsicum Available */ 153 cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK); 154 cap_rights_init(&rights_wr, CAP_WRITE); 155 cap_rights_init(&rights_dir, CAP_UNLINKAT); 156 157 if (cap_rights_limit(fileno(f), &rights_ro) < 0 || 158 cap_rights_limit(fileno(cpf), &rights_ro) < 0 || 159 cap_rights_limit(fileno(dpf), &rights_ro) < 0 || 160 cap_rights_limit(fileno(epf), &rights_ro) < 0 || 161 cap_rights_limit(oldfd, &rights_ro) < 0 || 162 cap_rights_limit(newfd, &rights_wr) < 0 || 163 cap_rights_limit(dirfd, &rights_dir) < 0) 164 err(1, "cap_rights_limit() failed, could not restrict" 165 " capabilities"); 166 } 167 #endif 168 169 /* 170 File format: 171 0 8 "BSDIFF40" 172 8 8 X 173 16 8 Y 174 24 8 sizeof(newfile) 175 32 X bzip2(control block) 176 32+X Y bzip2(diff block) 177 32+X+Y ??? bzip2(extra block) 178 with control block a set of triples (x,y,z) meaning "add x bytes 179 from oldfile to x bytes from the diff block; copy y bytes from the 180 extra block; seek forwards in oldfile by z bytes". 181 */ 182 183 /* Read header */ 184 if (fread(header, 1, 32, f) < 32) { 185 if (feof(f)) 186 errx(1, "Corrupt patch\n"); 187 err(1, "fread(%s)", argv[3]); 188 } 189 190 /* Check for appropriate magic */ 191 if (memcmp(header, "BSDIFF40", 8) != 0) 192 errx(1, "Corrupt patch\n"); 193 194 /* Read lengths from header */ 195 bzctrllen = offtin(header + 8); 196 bzdatalen = offtin(header + 16); 197 newsize = offtin(header + 24); 198 if (bzctrllen < 0 || bzctrllen > OFF_MAX - 32 || 199 bzdatalen < 0 || bzctrllen + 32 > OFF_MAX - bzdatalen || 200 newsize < 0 || newsize > SSIZE_MAX) 201 errx(1, "Corrupt patch\n"); 202 203 /* Close patch file and re-open it via libbzip2 at the right places */ 204 if (fclose(f)) 205 err(1, "fclose(%s)", argv[3]); 206 if (fseeko(cpf, 32, SEEK_SET)) 207 err(1, "fseeko(%s, %lld)", argv[3], 208 (long long)32); 209 if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL) 210 errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err); 211 if (fseeko(dpf, 32 + bzctrllen, SEEK_SET)) 212 err(1, "fseeko(%s, %lld)", argv[3], 213 (long long)(32 + bzctrllen)); 214 if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL) 215 errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err); 216 if (fseeko(epf, 32 + bzctrllen + bzdatalen, SEEK_SET)) 217 err(1, "fseeko(%s, %lld)", argv[3], 218 (long long)(32 + bzctrllen + bzdatalen)); 219 if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL) 220 errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err); 221 222 if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 || 223 oldsize > SSIZE_MAX || 224 (old = malloc(oldsize)) == NULL || 225 lseek(oldfd, 0, SEEK_SET) != 0 || 226 read(oldfd, old, oldsize) != oldsize || 227 close(oldfd) == -1) 228 err(1, "%s", argv[1]); 229 if ((new = malloc(newsize)) == NULL) 230 err(1, NULL); 231 232 oldpos = 0; 233 newpos = 0; 234 while (newpos < newsize) { 235 /* Read control data */ 236 for (i = 0; i <= 2; i++) { 237 lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8); 238 if ((lenread < 8) || ((cbz2err != BZ_OK) && 239 (cbz2err != BZ_STREAM_END))) 240 errx(1, "Corrupt patch\n"); 241 ctrl[i] = offtin(buf); 242 } 243 244 /* Sanity-check */ 245 if (ctrl[0] < 0 || ctrl[0] > INT_MAX || 246 ctrl[1] < 0 || ctrl[1] > INT_MAX) 247 errx(1, "Corrupt patch\n"); 248 249 /* Sanity-check */ 250 if (newpos + ctrl[0] > newsize) 251 errx(1, "Corrupt patch\n"); 252 253 /* Read diff string */ 254 lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]); 255 if ((lenread < ctrl[0]) || 256 ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END))) 257 errx(1, "Corrupt patch\n"); 258 259 /* Add old data to diff string */ 260 for (i = 0; i < ctrl[0]; i++) 261 if ((oldpos + i >= 0) && (oldpos + i < oldsize)) 262 new[newpos + i] += old[oldpos + i]; 263 264 /* Adjust pointers */ 265 newpos += ctrl[0]; 266 oldpos += ctrl[0]; 267 268 /* Sanity-check */ 269 if (newpos + ctrl[1] > newsize) 270 errx(1, "Corrupt patch\n"); 271 272 /* Read extra string */ 273 lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]); 274 if ((lenread < ctrl[1]) || 275 ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END))) 276 errx(1, "Corrupt patch\n"); 277 278 /* Adjust pointers */ 279 newpos+=ctrl[1]; 280 oldpos+=ctrl[2]; 281 } 282 283 /* Clean up the bzip2 reads */ 284 BZ2_bzReadClose(&cbz2err, cpfbz2); 285 BZ2_bzReadClose(&dbz2err, dpfbz2); 286 BZ2_bzReadClose(&ebz2err, epfbz2); 287 if (fclose(cpf) || fclose(dpf) || fclose(epf)) 288 err(1, "fclose(%s)", argv[3]); 289 290 /* Write the new file */ 291 if (write(newfd, new, newsize) != newsize || close(newfd) == -1) 292 err(1, "%s", argv[2]); 293 /* Disable atexit cleanup */ 294 newfile = NULL; 295 296 free(new); 297 free(old); 298 299 return (0); 300 } 301