xref: /freebsd/usr.bin/bsdiff/bspatch/bspatch.c (revision 780fb4a2) 
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright 2003-2005 Colin Percival
5  * All rights reserved
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted providing that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
24  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
25  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26  * POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
31 
32 #if defined(__FreeBSD__)
33 #include <sys/param.h>
34 #if __FreeBSD_version >= 1001511
35 #include <sys/capsicum.h>
36 #define HAVE_CAPSICUM
37 #endif
38 #endif
39 
40 #include <bzlib.h>
41 #include <err.h>
42 #include <errno.h>
43 #include <fcntl.h>
44 #include <libgen.h>
45 #include <limits.h>
46 #include <stdint.h>
47 #include <stdio.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <unistd.h>
51 
52 #ifndef O_BINARY
53 #define O_BINARY 0
54 #endif
55 #define HEADER_SIZE 32
56 
57 static char *newfile;
58 static int dirfd = -1;
59 
60 static void
61 exit_cleanup(void)
62 {
63 
64 	if (dirfd != -1 && newfile != NULL)
65 		if (unlinkat(dirfd, newfile, 0))
66 			warn("unlinkat");
67 }
68 
69 static off_t offtin(u_char *buf)
70 {
71 	off_t y;
72 
73 	y = buf[7] & 0x7F;
74 	y = y * 256; y += buf[6];
75 	y = y * 256; y += buf[5];
76 	y = y * 256; y += buf[4];
77 	y = y * 256; y += buf[3];
78 	y = y * 256; y += buf[2];
79 	y = y * 256; y += buf[1];
80 	y = y * 256; y += buf[0];
81 
82 	if (buf[7] & 0x80)
83 		y = -y;
84 
85 	return (y);
86 }
87 
88 static void
89 usage(void)
90 {
91 
92 	fprintf(stderr, "usage: bspatch oldfile newfile patchfile\n");
93 	exit(1);
94 }
95 
96 int main(int argc, char *argv[])
97 {
98 	FILE *f, *cpf, *dpf, *epf;
99 	BZFILE *cpfbz2, *dpfbz2, *epfbz2;
100 	char *directory, *namebuf;
101 	int cbz2err, dbz2err, ebz2err;
102 	int newfd, oldfd;
103 	off_t oldsize, newsize;
104 	off_t bzctrllen, bzdatalen;
105 	u_char header[HEADER_SIZE], buf[8];
106 	u_char *old, *new;
107 	off_t oldpos, newpos;
108 	off_t ctrl[3];
109 	off_t i, lenread, offset;
110 #ifdef HAVE_CAPSICUM
111 	cap_rights_t rights_dir, rights_ro, rights_wr;
112 #endif
113 
114 	if (argc != 4)
115 		usage();
116 
117 	/* Open patch file */
118 	if ((f = fopen(argv[3], "rb")) == NULL)
119 		err(1, "fopen(%s)", argv[3]);
120 	/* Open patch file for control block */
121 	if ((cpf = fopen(argv[3], "rb")) == NULL)
122 		err(1, "fopen(%s)", argv[3]);
123 	/* open patch file for diff block */
124 	if ((dpf = fopen(argv[3], "rb")) == NULL)
125 		err(1, "fopen(%s)", argv[3]);
126 	/* open patch file for extra block */
127 	if ((epf = fopen(argv[3], "rb")) == NULL)
128 		err(1, "fopen(%s)", argv[3]);
129 	/* open oldfile */
130 	if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0)
131 		err(1, "open(%s)", argv[1]);
132 	/* open directory where we'll write newfile */
133 	if ((namebuf = strdup(argv[2])) == NULL ||
134 	    (directory = dirname(namebuf)) == NULL ||
135 	    (dirfd = open(directory, O_DIRECTORY)) < 0)
136 		err(1, "open %s", argv[2]);
137 	free(namebuf);
138 	if ((newfile = basename(argv[2])) == NULL)
139 		err(1, "basename");
140 	/* open newfile */
141 	if ((newfd = openat(dirfd, newfile,
142 	    O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0)
143 		err(1, "open(%s)", argv[2]);
144 	atexit(exit_cleanup);
145 
146 #ifdef HAVE_CAPSICUM
147 	if (cap_enter() < 0) {
148 		/* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
149 		if (errno != ENOSYS)
150 			err(1, "failed to enter security sandbox");
151 	} else {
152 		/* Capsicum Available */
153 		cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
154 		cap_rights_init(&rights_wr, CAP_WRITE);
155 		cap_rights_init(&rights_dir, CAP_UNLINKAT);
156 
157 		if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
158 		    cap_rights_limit(fileno(cpf), &rights_ro) < 0 ||
159 		    cap_rights_limit(fileno(dpf), &rights_ro) < 0 ||
160 		    cap_rights_limit(fileno(epf), &rights_ro) < 0 ||
161 		    cap_rights_limit(oldfd, &rights_ro) < 0 ||
162 		    cap_rights_limit(newfd, &rights_wr) < 0 ||
163 		    cap_rights_limit(dirfd, &rights_dir) < 0)
164 			err(1, "cap_rights_limit() failed, could not restrict"
165 			    " capabilities");
166 	}
167 #endif
168 
169 	/*
170 	File format:
171 		0	8	"BSDIFF40"
172 		8	8	X
173 		16	8	Y
174 		24	8	sizeof(newfile)
175 		32	X	bzip2(control block)
176 		32+X	Y	bzip2(diff block)
177 		32+X+Y	???	bzip2(extra block)
178 	with control block a set of triples (x,y,z) meaning "add x bytes
179 	from oldfile to x bytes from the diff block; copy y bytes from the
180 	extra block; seek forwards in oldfile by z bytes".
181 	*/
182 
183 	/* Read header */
184 	if (fread(header, 1, HEADER_SIZE, f) < HEADER_SIZE) {
185 		if (feof(f))
186 			errx(1, "Corrupt patch");
187 		err(1, "fread(%s)", argv[3]);
188 	}
189 
190 	/* Check for appropriate magic */
191 	if (memcmp(header, "BSDIFF40", 8) != 0)
192 		errx(1, "Corrupt patch");
193 
194 	/* Read lengths from header */
195 	bzctrllen = offtin(header + 8);
196 	bzdatalen = offtin(header + 16);
197 	newsize = offtin(header + 24);
198 	if (bzctrllen < 0 || bzctrllen > OFF_MAX - HEADER_SIZE ||
199 	    bzdatalen < 0 || bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen ||
200 	    newsize < 0 || newsize > SSIZE_MAX)
201 		errx(1, "Corrupt patch");
202 
203 	/* Close patch file and re-open it via libbzip2 at the right places */
204 	if (fclose(f))
205 		err(1, "fclose(%s)", argv[3]);
206 	offset = HEADER_SIZE;
207 	if (fseeko(cpf, offset, SEEK_SET))
208 		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
209 	if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL)
210 		errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err);
211 	offset += bzctrllen;
212 	if (fseeko(dpf, offset, SEEK_SET))
213 		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
214 	if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL)
215 		errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err);
216 	offset += bzdatalen;
217 	if (fseeko(epf, offset, SEEK_SET))
218 		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
219 	if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL)
220 		errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err);
221 
222 	if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 ||
223 	    oldsize > SSIZE_MAX ||
224 	    (old = malloc(oldsize)) == NULL ||
225 	    lseek(oldfd, 0, SEEK_SET) != 0 ||
226 	    read(oldfd, old, oldsize) != oldsize ||
227 	    close(oldfd) == -1)
228 		err(1, "%s", argv[1]);
229 	if ((new = malloc(newsize)) == NULL)
230 		err(1, NULL);
231 
232 	oldpos = 0;
233 	newpos = 0;
234 	while (newpos < newsize) {
235 		/* Read control data */
236 		for (i = 0; i <= 2; i++) {
237 			lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8);
238 			if ((lenread < 8) || ((cbz2err != BZ_OK) &&
239 			    (cbz2err != BZ_STREAM_END)))
240 				errx(1, "Corrupt patch");
241 			ctrl[i] = offtin(buf);
242 		}
243 
244 		/* Sanity-check */
245 		if (ctrl[0] < 0 || ctrl[0] > INT_MAX ||
246 		    ctrl[1] < 0 || ctrl[1] > INT_MAX)
247 			errx(1, "Corrupt patch");
248 
249 		/* Sanity-check */
250 		if (newpos + ctrl[0] > newsize)
251 			errx(1, "Corrupt patch");
252 
253 		/* Read diff string */
254 		lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]);
255 		if ((lenread < ctrl[0]) ||
256 		    ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END)))
257 			errx(1, "Corrupt patch");
258 
259 		/* Add old data to diff string */
260 		for (i = 0; i < ctrl[0]; i++)
261 			if ((oldpos + i >= 0) && (oldpos + i < oldsize))
262 				new[newpos + i] += old[oldpos + i];
263 
264 		/* Adjust pointers */
265 		newpos += ctrl[0];
266 		oldpos += ctrl[0];
267 
268 		/* Sanity-check */
269 		if (newpos + ctrl[1] > newsize)
270 			errx(1, "Corrupt patch");
271 
272 		/* Read extra string */
273 		lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]);
274 		if ((lenread < ctrl[1]) ||
275 		    ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END)))
276 			errx(1, "Corrupt patch");
277 
278 		/* Adjust pointers */
279 		newpos+=ctrl[1];
280 		oldpos+=ctrl[2];
281 	}
282 
283 	/* Clean up the bzip2 reads */
284 	BZ2_bzReadClose(&cbz2err, cpfbz2);
285 	BZ2_bzReadClose(&dbz2err, dpfbz2);
286 	BZ2_bzReadClose(&ebz2err, epfbz2);
287 	if (fclose(cpf) || fclose(dpf) || fclose(epf))
288 		err(1, "fclose(%s)", argv[3]);
289 
290 	/* Write the new file */
291 	if (write(newfd, new, newsize) != newsize || close(newfd) == -1)
292 		err(1, "%s", argv[2]);
293 	/* Disable atexit cleanup */
294 	newfile = NULL;
295 
296 	free(new);
297 	free(old);
298 
299 	return (0);
300 }
301