2 * Copyright 2003-2005 Colin Percival
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted providing that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
22 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
23 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
24 * POSSIBILITY OF SUCH DAMAGE.
27 #include <sys/cdefs.h>
28 __FBSDID("$FreeBSD$");
30 #if defined(__FreeBSD__)
31 #include <sys/param.h>
32 #if __FreeBSD_version >= 1001511
33 #include <sys/capsicum.h>
53 #define HEADER_SIZE 32
56 static int dirfd = -1;
62 if (dirfd != -1 && newfile != NULL)
63 if (unlinkat(dirfd, newfile, 0))
67 static off_t offtin(u_char *buf)
72 y = y * 256; y += buf[6];
73 y = y * 256; y += buf[5];
74 y = y * 256; y += buf[4];
75 y = y * 256; y += buf[3];
76 y = y * 256; y += buf[2];
77 y = y * 256; y += buf[1];
78 y = y * 256; y += buf[0];
86 int main(int argc, char *argv[])
88 FILE *f, *cpf, *dpf, *epf;
89 BZFILE *cpfbz2, *dpfbz2, *epfbz2;
90 char *directory, *namebuf;
91 int cbz2err, dbz2err, ebz2err;
93 off_t oldsize, newsize;
94 off_t bzctrllen, bzdatalen;
95 u_char header[HEADER_SIZE], buf[8];
99 off_t i, lenread, offset;
101 cap_rights_t rights_dir, rights_ro, rights_wr;
104 if(argc!=4) errx(1,"usage: %s oldfile newfile patchfile\n",argv[0]);
106 /* Open patch file */
107 if ((f = fopen(argv[3], "rb")) == NULL)
108 err(1, "fopen(%s)", argv[3]);
109 /* Open patch file for control block */
110 if ((cpf = fopen(argv[3], "rb")) == NULL)
111 err(1, "fopen(%s)", argv[3]);
112 /* open patch file for diff block */
113 if ((dpf = fopen(argv[3], "rb")) == NULL)
114 err(1, "fopen(%s)", argv[3]);
115 /* open patch file for extra block */
116 if ((epf = fopen(argv[3], "rb")) == NULL)
117 err(1, "fopen(%s)", argv[3]);
119 if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0)
120 err(1, "open(%s)", argv[1]);
121 /* open directory where we'll write newfile */
122 if ((namebuf = strdup(argv[2])) == NULL ||
123 (directory = dirname(namebuf)) == NULL ||
124 (dirfd = open(directory, O_DIRECTORY)) < 0)
125 err(1, "open %s", argv[2]);
127 if ((newfile = basename(argv[2])) == NULL)
130 if ((newfd = openat(dirfd, newfile,
131 O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0)
132 err(1, "open(%s)", argv[2]);
133 atexit(exit_cleanup);
136 if (cap_enter() < 0) {
137 /* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
139 err(1, "failed to enter security sandbox");
141 /* Capsicum Available */
142 cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
143 cap_rights_init(&rights_wr, CAP_WRITE);
144 cap_rights_init(&rights_dir, CAP_UNLINKAT);
146 if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
147 cap_rights_limit(fileno(cpf), &rights_ro) < 0 ||
148 cap_rights_limit(fileno(dpf), &rights_ro) < 0 ||
149 cap_rights_limit(fileno(epf), &rights_ro) < 0 ||
150 cap_rights_limit(oldfd, &rights_ro) < 0 ||
151 cap_rights_limit(newfd, &rights_wr) < 0 ||
152 cap_rights_limit(dirfd, &rights_dir) < 0)
153 err(1, "cap_rights_limit() failed, could not restrict"
164 32 X bzip2(control block)
165 32+X Y bzip2(diff block)
166 32+X+Y ??? bzip2(extra block)
167 with control block a set of triples (x,y,z) meaning "add x bytes
168 from oldfile to x bytes from the diff block; copy y bytes from the
169 extra block; seek forwards in oldfile by z bytes".
173 if (fread(header, 1, HEADER_SIZE, f) < HEADER_SIZE) {
175 errx(1, "Corrupt patch");
176 err(1, "fread(%s)", argv[3]);
179 /* Check for appropriate magic */
180 if (memcmp(header, "BSDIFF40", 8) != 0)
181 errx(1, "Corrupt patch");
183 /* Read lengths from header */
184 bzctrllen = offtin(header + 8);
185 bzdatalen = offtin(header + 16);
186 newsize = offtin(header + 24);
187 if (bzctrllen < 0 || bzctrllen > OFF_MAX - HEADER_SIZE ||
188 bzdatalen < 0 || bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen ||
189 newsize < 0 || newsize > SSIZE_MAX)
190 errx(1, "Corrupt patch");
192 /* Close patch file and re-open it via libbzip2 at the right places */
194 err(1, "fclose(%s)", argv[3]);
195 offset = HEADER_SIZE;
196 if (fseeko(cpf, offset, SEEK_SET))
197 err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
198 if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL)
199 errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err);
201 if (fseeko(dpf, offset, SEEK_SET))
202 err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
203 if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL)
204 errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err);
206 if (fseeko(epf, offset, SEEK_SET))
207 err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
208 if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL)
209 errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err);
211 if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 ||
212 oldsize > SSIZE_MAX ||
213 (old = malloc(oldsize)) == NULL ||
214 lseek(oldfd, 0, SEEK_SET) != 0 ||
215 read(oldfd, old, oldsize) != oldsize ||
217 err(1, "%s", argv[1]);
218 if ((new = malloc(newsize)) == NULL)
223 while (newpos < newsize) {
224 /* Read control data */
225 for (i = 0; i <= 2; i++) {
226 lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8);
227 if ((lenread < 8) || ((cbz2err != BZ_OK) &&
228 (cbz2err != BZ_STREAM_END)))
229 errx(1, "Corrupt patch");
230 ctrl[i] = offtin(buf);
234 if (ctrl[0] < 0 || ctrl[0] > INT_MAX ||
235 ctrl[1] < 0 || ctrl[1] > INT_MAX)
236 errx(1, "Corrupt patch");
239 if (newpos + ctrl[0] > newsize)
240 errx(1, "Corrupt patch");
242 /* Read diff string */
243 lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]);
244 if ((lenread < ctrl[0]) ||
245 ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END)))
246 errx(1, "Corrupt patch");
248 /* Add old data to diff string */
249 for (i = 0; i < ctrl[0]; i++)
250 if ((oldpos + i >= 0) && (oldpos + i < oldsize))
251 new[newpos + i] += old[oldpos + i];
253 /* Adjust pointers */
258 if (newpos + ctrl[1] > newsize)
259 errx(1, "Corrupt patch");
261 /* Read extra string */
262 lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]);
263 if ((lenread < ctrl[1]) ||
264 ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END)))
265 errx(1, "Corrupt patch");
267 /* Adjust pointers */
272 /* Clean up the bzip2 reads */
273 BZ2_bzReadClose(&cbz2err, cpfbz2);
274 BZ2_bzReadClose(&dbz2err, dpfbz2);
275 BZ2_bzReadClose(&ebz2err, epfbz2);
276 if (fclose(cpf) || fclose(dpf) || fclose(epf))
277 err(1, "fclose(%s)", argv[3]);
279 /* Write the new file */
280 if (write(newfd, new, newsize) != newsize || close(newfd) == -1)
281 err(1, "%s", argv[2]);
282 /* Disable atexit cleanup */