1 /*
2  * Copyright (C) 2008 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 // This file is a nearly line-for-line copy of bspatch.c from the
18 // bsdiff-4.3 distribution; the primary differences being how the
19 // input and output data are read and the error handling.  Running
20 // applypatch with the -l option will display the bsdiff license
21 // notice.
22 
23 #include <stdio.h>
24 #include <sys/stat.h>
25 #include <errno.h>
26 #include <malloc.h>
27 #include <unistd.h>
28 #include <string.h>
29 
30 #include <bzlib.h>
31 
32 #include "mincrypt/sha.h"
33 #include "applypatch.h"
34 
ShowBSDiffLicense()35 void ShowBSDiffLicense() {
36     puts("The bsdiff library used herein is:\n"
37          "\n"
38          "Copyright 2003-2005 Colin Percival\n"
39          "All rights reserved\n"
40          "\n"
41          "Redistribution and use in source and binary forms, with or without\n"
42          "modification, are permitted providing that the following conditions\n"
43          "are met:\n"
44          "1. Redistributions of source code must retain the above copyright\n"
45          "   notice, this list of conditions and the following disclaimer.\n"
46          "2. Redistributions in binary form must reproduce the above copyright\n"
47          "   notice, this list of conditions and the following disclaimer in the\n"
48          "   documentation and/or other materials provided with the distribution.\n"
49          "\n"
50          "THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n"
51          "IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\n"
52          "WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n"
53          "ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY\n"
54          "DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n"
55          "DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n"
56          "OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n"
57          "HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n"
58          "STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING\n"
59          "IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE\n"
60          "POSSIBILITY OF SUCH DAMAGE.\n"
61          "\n------------------\n\n"
62          "This program uses Julian R Seward's \"libbzip2\" library, available\n"
63          "from http://www.bzip.org/.\n"
64         );
65 }
66 
offtin(u_char * buf)67 static off_t offtin(u_char *buf)
68 {
69     off_t y;
70 
71     y=buf[7]&0x7F;
72     y=y*256;y+=buf[6];
73     y=y*256;y+=buf[5];
74     y=y*256;y+=buf[4];
75     y=y*256;y+=buf[3];
76     y=y*256;y+=buf[2];
77     y=y*256;y+=buf[1];
78     y=y*256;y+=buf[0];
79 
80     if(buf[7]&0x80) y=-y;
81 
82     return y;
83 }
84 
FillBuffer(unsigned char * buffer,int size,bz_stream * stream)85 int FillBuffer(unsigned char* buffer, int size, bz_stream* stream) {
86     stream->next_out = (char*)buffer;
87     stream->avail_out = size;
88     while (stream->avail_out > 0) {
89         int bzerr = BZ2_bzDecompress(stream);
90         if (bzerr != BZ_OK && bzerr != BZ_STREAM_END) {
91             printf("bz error %d decompressing\n", bzerr);
92             return -1;
93         }
94         if (stream->avail_out > 0) {
95             printf("need %d more bytes\n", stream->avail_out);
96         }
97     }
98     return 0;
99 }
100 
ApplyBSDiffPatch(const unsigned char * old_data,ssize_t old_size,const Value * patch,ssize_t patch_offset,SinkFn sink,void * token,SHA_CTX * ctx)101 int ApplyBSDiffPatch(const unsigned char* old_data, ssize_t old_size,
102                      const Value* patch, ssize_t patch_offset,
103                      SinkFn sink, void* token, SHA_CTX* ctx) {
104 
105     unsigned char* new_data;
106     ssize_t new_size;
107     if (ApplyBSDiffPatchMem(old_data, old_size, patch, patch_offset,
108                             &new_data, &new_size) != 0) {
109         return -1;
110     }
111 
112     if (sink(new_data, new_size, token) < new_size) {
113         printf("short write of output: %d (%s)\n", errno, strerror(errno));
114         return 1;
115     }
116     if (ctx) SHA_update(ctx, new_data, new_size);
117     free(new_data);
118 
119     return 0;
120 }
121 
ApplyBSDiffPatchMem(const unsigned char * old_data,ssize_t old_size,const Value * patch,ssize_t patch_offset,unsigned char ** new_data,ssize_t * new_size)122 int ApplyBSDiffPatchMem(const unsigned char* old_data, ssize_t old_size,
123                         const Value* patch, ssize_t patch_offset,
124                         unsigned char** new_data, ssize_t* new_size) {
125     // Patch data format:
126     //   0       8       "BSDIFF40"
127     //   8       8       X
128     //   16      8       Y
129     //   24      8       sizeof(newfile)
130     //   32      X       bzip2(control block)
131     //   32+X    Y       bzip2(diff block)
132     //   32+X+Y  ???     bzip2(extra block)
133     // with control block a set of triples (x,y,z) meaning "add x bytes
134     // from oldfile to x bytes from the diff block; copy y bytes from the
135     // extra block; seek forwards in oldfile by z bytes".
136 
137     unsigned char* header = (unsigned char*) patch->data + patch_offset;
138     if (memcmp(header, "BSDIFF40", 8) != 0) {
139         printf("corrupt bsdiff patch file header (magic number)\n");
140         return 1;
141     }
142 
143     ssize_t ctrl_len, data_len;
144     ctrl_len = offtin(header+8);
145     data_len = offtin(header+16);
146     *new_size = offtin(header+24);
147 
148     if (ctrl_len < 0 || data_len < 0 || *new_size < 0) {
149         printf("corrupt patch file header (data lengths)\n");
150         return 1;
151     }
152 
153     int bzerr;
154 
155     bz_stream cstream;
156     cstream.next_in = patch->data + patch_offset + 32;
157     cstream.avail_in = ctrl_len;
158     cstream.bzalloc = NULL;
159     cstream.bzfree = NULL;
160     cstream.opaque = NULL;
161     if ((bzerr = BZ2_bzDecompressInit(&cstream, 0, 0)) != BZ_OK) {
162         printf("failed to bzinit control stream (%d)\n", bzerr);
163     }
164 
165     bz_stream dstream;
166     dstream.next_in = patch->data + patch_offset + 32 + ctrl_len;
167     dstream.avail_in = data_len;
168     dstream.bzalloc = NULL;
169     dstream.bzfree = NULL;
170     dstream.opaque = NULL;
171     if ((bzerr = BZ2_bzDecompressInit(&dstream, 0, 0)) != BZ_OK) {
172         printf("failed to bzinit diff stream (%d)\n", bzerr);
173     }
174 
175     bz_stream estream;
176     estream.next_in = patch->data + patch_offset + 32 + ctrl_len + data_len;
177     estream.avail_in = patch->size - (patch_offset + 32 + ctrl_len + data_len);
178     estream.bzalloc = NULL;
179     estream.bzfree = NULL;
180     estream.opaque = NULL;
181     if ((bzerr = BZ2_bzDecompressInit(&estream, 0, 0)) != BZ_OK) {
182         printf("failed to bzinit extra stream (%d)\n", bzerr);
183     }
184 
185     *new_data = malloc(*new_size);
186     if (*new_data == NULL) {
187         printf("failed to allocate %ld bytes of memory for output file\n",
188                (long)*new_size);
189         return 1;
190     }
191 
192     off_t oldpos = 0, newpos = 0;
193     off_t ctrl[3];
194     off_t len_read;
195     int i;
196     unsigned char buf[24];
197     while (newpos < *new_size) {
198         // Read control data
199         if (FillBuffer(buf, 24, &cstream) != 0) {
200             printf("error while reading control stream\n");
201             return 1;
202         }
203         ctrl[0] = offtin(buf);
204         ctrl[1] = offtin(buf+8);
205         ctrl[2] = offtin(buf+16);
206 
207         if (ctrl[0] < 0 || ctrl[1] < 0) {
208             printf("corrupt patch (negative byte counts)\n");
209             return 1;
210         }
211 
212         // Sanity check
213         if (newpos + ctrl[0] > *new_size) {
214             printf("corrupt patch (new file overrun)\n");
215             return 1;
216         }
217 
218         // Read diff string
219         if (FillBuffer(*new_data + newpos, ctrl[0], &dstream) != 0) {
220             printf("error while reading diff stream\n");
221             return 1;
222         }
223 
224         // Add old data to diff string
225         for (i = 0; i < ctrl[0]; ++i) {
226             if ((oldpos+i >= 0) && (oldpos+i < old_size)) {
227                 (*new_data)[newpos+i] += old_data[oldpos+i];
228             }
229         }
230 
231         // Adjust pointers
232         newpos += ctrl[0];
233         oldpos += ctrl[0];
234 
235         // Sanity check
236         if (newpos + ctrl[1] > *new_size) {
237             printf("corrupt patch (new file overrun)\n");
238             return 1;
239         }
240 
241         // Read extra string
242         if (FillBuffer(*new_data + newpos, ctrl[1], &estream) != 0) {
243             printf("error while reading extra stream\n");
244             return 1;
245         }
246 
247         // Adjust pointers
248         newpos += ctrl[1];
249         oldpos += ctrl[2];
250     }
251 
252     BZ2_bzDecompressEnd(&cstream);
253     BZ2_bzDecompressEnd(&dstream);
254     BZ2_bzDecompressEnd(&estream);
255     return 0;
256 }
257