1 /*
2 * Copyright 2006 The Android Open Source Project
3 *
4 * Simple Zip file support.
5 */
6 #include "safe_iop.h"
7 #include "zlib.h"
8
9 #include <errno.h>
10 #include <fcntl.h>
11 #include <limits.h>
12 #include <stdint.h> // for uintptr_t
13 #include <stdlib.h>
14 #include <sys/stat.h> // for S_ISLNK()
15 #include <unistd.h>
16
17 #define LOG_TAG "minzip"
18 #include "Zip.h"
19 #include "Bits.h"
20 #include "Log.h"
21 #include "DirUtil.h"
22
23 #undef NDEBUG // do this after including Log.h
24 #include <assert.h>
25
26 #define SORT_ENTRIES 1
27
28 /*
29 * Offset and length constants (java.util.zip naming convention).
30 */
31 enum {
32 CENSIG = 0x02014b50, // PK12
33 CENHDR = 46,
34
35 CENVEM = 4,
36 CENVER = 6,
37 CENFLG = 8,
38 CENHOW = 10,
39 CENTIM = 12,
40 CENCRC = 16,
41 CENSIZ = 20,
42 CENLEN = 24,
43 CENNAM = 28,
44 CENEXT = 30,
45 CENCOM = 32,
46 CENDSK = 34,
47 CENATT = 36,
48 CENATX = 38,
49 CENOFF = 42,
50
51 ENDSIG = 0x06054b50, // PK56
52 ENDHDR = 22,
53
54 ENDSUB = 8,
55 ENDTOT = 10,
56 ENDSIZ = 12,
57 ENDOFF = 16,
58 ENDCOM = 20,
59
60 EXTSIG = 0x08074b50, // PK78
61 EXTHDR = 16,
62
63 EXTCRC = 4,
64 EXTSIZ = 8,
65 EXTLEN = 12,
66
67 LOCSIG = 0x04034b50, // PK34
68 LOCHDR = 30,
69
70 LOCVER = 4,
71 LOCFLG = 6,
72 LOCHOW = 8,
73 LOCTIM = 10,
74 LOCCRC = 14,
75 LOCSIZ = 18,
76 LOCLEN = 22,
77 LOCNAM = 26,
78 LOCEXT = 28,
79
80 STORED = 0,
81 DEFLATED = 8,
82
83 CENVEM_UNIX = 3 << 8, // the high byte of CENVEM
84 };
85
86
87 /*
88 * For debugging, dump the contents of a ZipEntry.
89 */
90 #if 0
91 static void dumpEntry(const ZipEntry* pEntry)
92 {
93 LOGI(" %p '%.*s'\n", pEntry->fileName,pEntry->fileNameLen,pEntry->fileName);
94 LOGI(" off=%ld comp=%ld uncomp=%ld how=%d\n", pEntry->offset,
95 pEntry->compLen, pEntry->uncompLen, pEntry->compression);
96 }
97 #endif
98
99 /*
100 * (This is a mzHashTableLookup callback.)
101 *
102 * Compare two ZipEntry structs, by name.
103 */
hashcmpZipEntry(const void * ventry1,const void * ventry2)104 static int hashcmpZipEntry(const void* ventry1, const void* ventry2)
105 {
106 const ZipEntry* entry1 = (const ZipEntry*) ventry1;
107 const ZipEntry* entry2 = (const ZipEntry*) ventry2;
108
109 if (entry1->fileNameLen != entry2->fileNameLen)
110 return entry1->fileNameLen - entry2->fileNameLen;
111 return memcmp(entry1->fileName, entry2->fileName, entry1->fileNameLen);
112 }
113
114 /*
115 * (This is a mzHashTableLookup callback.)
116 *
117 * find a ZipEntry struct by name.
118 */
hashcmpZipName(const void * ventry,const void * vname)119 static int hashcmpZipName(const void* ventry, const void* vname)
120 {
121 const ZipEntry* entry = (const ZipEntry*) ventry;
122 const char* name = (const char*) vname;
123 unsigned int nameLen = strlen(name);
124
125 if (entry->fileNameLen != nameLen)
126 return entry->fileNameLen - nameLen;
127 return memcmp(entry->fileName, name, nameLen);
128 }
129
130 /*
131 * Compute the hash code for a ZipEntry filename.
132 *
133 * Not expected to be compatible with any other hash function, so we init
134 * to 2 to ensure it doesn't happen to match.
135 */
computeHash(const char * name,int nameLen)136 static unsigned int computeHash(const char* name, int nameLen)
137 {
138 unsigned int hash = 2;
139
140 while (nameLen--)
141 hash = hash * 31 + *name++;
142
143 return hash;
144 }
145
addEntryToHashTable(HashTable * pHash,ZipEntry * pEntry)146 static void addEntryToHashTable(HashTable* pHash, ZipEntry* pEntry)
147 {
148 unsigned int itemHash = computeHash(pEntry->fileName, pEntry->fileNameLen);
149 const ZipEntry* found;
150
151 found = (const ZipEntry*)mzHashTableLookup(pHash,
152 itemHash, pEntry, hashcmpZipEntry, true);
153 if (found != pEntry) {
154 LOGW("WARNING: duplicate entry '%.*s' in Zip\n",
155 found->fileNameLen, found->fileName);
156 /* keep going */
157 }
158 }
159
validFilename(const char * fileName,unsigned int fileNameLen)160 static int validFilename(const char *fileName, unsigned int fileNameLen)
161 {
162 // Forbid super long filenames.
163 if (fileNameLen >= PATH_MAX) {
164 LOGW("Filename too long (%d chatacters)\n", fileNameLen);
165 return 0;
166 }
167
168 // Require all characters to be printable ASCII (no NUL, no UTF-8, etc).
169 unsigned int i;
170 for (i = 0; i < fileNameLen; ++i) {
171 if (fileName[i] < 32 || fileName[i] >= 127) {
172 LOGW("Filename contains invalid character '\%03o'\n", fileName[i]);
173 return 0;
174 }
175 }
176
177 return 1;
178 }
179
180 /*
181 * Parse the contents of a Zip archive. After confirming that the file
182 * is in fact a Zip, we scan out the contents of the central directory and
183 * store it in a hash table.
184 *
185 * Returns "true" on success.
186 */
parseZipArchive(ZipArchive * pArchive)187 static bool parseZipArchive(ZipArchive* pArchive)
188 {
189 bool result = false;
190 const unsigned char* ptr;
191 unsigned int i, numEntries, cdOffset;
192 unsigned int val;
193
194 /*
195 * The first 4 bytes of the file will either be the local header
196 * signature for the first file (LOCSIG) or, if the archive doesn't
197 * have any files in it, the end-of-central-directory signature (ENDSIG).
198 */
199 val = get4LE(pArchive->addr);
200 if (val == ENDSIG) {
201 LOGW("Found Zip archive, but it looks empty\n");
202 goto bail;
203 } else if (val != LOCSIG) {
204 LOGW("Not a Zip archive (found 0x%08x)\n", val);
205 goto bail;
206 }
207
208 /*
209 * Find the EOCD. We'll find it immediately unless they have a file
210 * comment.
211 */
212 ptr = pArchive->addr + pArchive->length - ENDHDR;
213
214 while (ptr >= (const unsigned char*) pArchive->addr) {
215 if (*ptr == (ENDSIG & 0xff) && get4LE(ptr) == ENDSIG)
216 break;
217 ptr--;
218 }
219 if (ptr < (const unsigned char*) pArchive->addr) {
220 LOGW("Could not find end-of-central-directory in Zip\n");
221 goto bail;
222 }
223
224 /*
225 * There are two interesting items in the EOCD block: the number of
226 * entries in the file, and the file offset of the start of the
227 * central directory.
228 */
229 numEntries = get2LE(ptr + ENDSUB);
230 cdOffset = get4LE(ptr + ENDOFF);
231
232 LOGVV("numEntries=%d cdOffset=%d\n", numEntries, cdOffset);
233 if (numEntries == 0 || cdOffset >= pArchive->length) {
234 LOGW("Invalid entries=%d offset=%d (len=%zd)\n",
235 numEntries, cdOffset, pArchive->length);
236 goto bail;
237 }
238
239 /*
240 * Create data structures to hold entries.
241 */
242 pArchive->numEntries = numEntries;
243 pArchive->pEntries = (ZipEntry*) calloc(numEntries, sizeof(ZipEntry));
244 pArchive->pHash = mzHashTableCreate(mzHashSize(numEntries), NULL);
245 if (pArchive->pEntries == NULL || pArchive->pHash == NULL)
246 goto bail;
247
248 ptr = pArchive->addr + cdOffset;
249 for (i = 0; i < numEntries; i++) {
250 ZipEntry* pEntry;
251 unsigned int fileNameLen, extraLen, commentLen, localHdrOffset;
252 const unsigned char* localHdr;
253 const char *fileName;
254
255 if (ptr + CENHDR > (const unsigned char*)pArchive->addr + pArchive->length) {
256 LOGW("Ran off the end (at %d)\n", i);
257 goto bail;
258 }
259 if (get4LE(ptr) != CENSIG) {
260 LOGW("Missed a central dir sig (at %d)\n", i);
261 goto bail;
262 }
263
264 localHdrOffset = get4LE(ptr + CENOFF);
265 fileNameLen = get2LE(ptr + CENNAM);
266 extraLen = get2LE(ptr + CENEXT);
267 commentLen = get2LE(ptr + CENCOM);
268 fileName = (const char*)ptr + CENHDR;
269 if (fileName + fileNameLen > (const char*)pArchive->addr + pArchive->length) {
270 LOGW("Filename ran off the end (at %d)\n", i);
271 goto bail;
272 }
273 if (!validFilename(fileName, fileNameLen)) {
274 LOGW("Invalid filename (at %d)\n", i);
275 goto bail;
276 }
277
278 #if SORT_ENTRIES
279 /* Figure out where this entry should go (binary search).
280 */
281 if (i > 0) {
282 int low, high;
283
284 low = 0;
285 high = i - 1;
286 while (low <= high) {
287 int mid;
288 int diff;
289 int diffLen;
290
291 mid = low + ((high - low) / 2); // avoid overflow
292
293 if (pArchive->pEntries[mid].fileNameLen < fileNameLen) {
294 diffLen = pArchive->pEntries[mid].fileNameLen;
295 } else {
296 diffLen = fileNameLen;
297 }
298 diff = strncmp(pArchive->pEntries[mid].fileName, fileName,
299 diffLen);
300 if (diff == 0) {
301 diff = pArchive->pEntries[mid].fileNameLen - fileNameLen;
302 }
303 if (diff < 0) {
304 low = mid + 1;
305 } else if (diff > 0) {
306 high = mid - 1;
307 } else {
308 high = mid;
309 break;
310 }
311 }
312
313 unsigned int target = high + 1;
314 assert(target <= i);
315 if (target != i) {
316 /* It belongs somewhere other than at the end of
317 * the list. Make some room at [target].
318 */
319 memmove(pArchive->pEntries + target + 1,
320 pArchive->pEntries + target,
321 (i - target) * sizeof(ZipEntry));
322 }
323 pEntry = &pArchive->pEntries[target];
324 } else {
325 pEntry = &pArchive->pEntries[0];
326 }
327 #else
328 pEntry = &pArchive->pEntries[i];
329 #endif
330 pEntry->fileNameLen = fileNameLen;
331 pEntry->fileName = fileName;
332
333 pEntry->compLen = get4LE(ptr + CENSIZ);
334 pEntry->uncompLen = get4LE(ptr + CENLEN);
335 pEntry->compression = get2LE(ptr + CENHOW);
336 pEntry->modTime = get4LE(ptr + CENTIM);
337 pEntry->crc32 = get4LE(ptr + CENCRC);
338
339 /* These two are necessary for finding the mode of the file.
340 */
341 pEntry->versionMadeBy = get2LE(ptr + CENVEM);
342 if ((pEntry->versionMadeBy & 0xff00) != 0 &&
343 (pEntry->versionMadeBy & 0xff00) != CENVEM_UNIX)
344 {
345 LOGW("Incompatible \"version made by\": 0x%02x (at %d)\n",
346 pEntry->versionMadeBy >> 8, i);
347 goto bail;
348 }
349 pEntry->externalFileAttributes = get4LE(ptr + CENATX);
350
351 // Perform pArchive->addr + localHdrOffset, ensuring that it won't
352 // overflow. This is needed because localHdrOffset is untrusted.
353 if (!safe_add((uintptr_t *)&localHdr, (uintptr_t)pArchive->addr,
354 (uintptr_t)localHdrOffset)) {
355 LOGW("Integer overflow adding in parseZipArchive\n");
356 goto bail;
357 }
358 if ((uintptr_t)localHdr + LOCHDR >
359 (uintptr_t)pArchive->addr + pArchive->length) {
360 LOGW("Bad offset to local header: %d (at %d)\n", localHdrOffset, i);
361 goto bail;
362 }
363 if (get4LE(localHdr) != LOCSIG) {
364 LOGW("Missed a local header sig (at %d)\n", i);
365 goto bail;
366 }
367 pEntry->offset = localHdrOffset + LOCHDR
368 + get2LE(localHdr + LOCNAM) + get2LE(localHdr + LOCEXT);
369 if (!safe_add(NULL, pEntry->offset, pEntry->compLen)) {
370 LOGW("Integer overflow adding in parseZipArchive\n");
371 goto bail;
372 }
373 if ((size_t)pEntry->offset + pEntry->compLen > pArchive->length) {
374 LOGW("Data ran off the end (at %d)\n", i);
375 goto bail;
376 }
377
378 #if !SORT_ENTRIES
379 /* Add to hash table; no need to lock here.
380 * Can't do this now if we're sorting, because entries
381 * will move around.
382 */
383 addEntryToHashTable(pArchive->pHash, pEntry);
384 #endif
385
386 //dumpEntry(pEntry);
387 ptr += CENHDR + fileNameLen + extraLen + commentLen;
388 }
389
390 #if SORT_ENTRIES
391 /* If we're sorting, we have to wait until all entries
392 * are in their final places, otherwise the pointers will
393 * probably point to the wrong things.
394 */
395 for (i = 0; i < numEntries; i++) {
396 /* Add to hash table; no need to lock here.
397 */
398 addEntryToHashTable(pArchive->pHash, &pArchive->pEntries[i]);
399 }
400 #endif
401
402 result = true;
403
404 bail:
405 if (!result) {
406 mzHashTableFree(pArchive->pHash);
407 pArchive->pHash = NULL;
408 }
409 return result;
410 }
411
412 /*
413 * Open a Zip archive and scan out the contents.
414 *
415 * The easiest way to do this is to mmap() the whole thing and do the
416 * traditional backward scan for central directory. Since the EOCD is
417 * a relatively small bit at the end, we should end up only touching a
418 * small set of pages.
419 *
420 * This will be called on non-Zip files, especially during startup, so
421 * we don't want to be too noisy about failures. (Do we want a "quiet"
422 * flag?)
423 *
424 * On success, we fill out the contents of "pArchive".
425 */
mzOpenZipArchive(unsigned char * addr,size_t length,ZipArchive * pArchive)426 int mzOpenZipArchive(unsigned char* addr, size_t length, ZipArchive* pArchive)
427 {
428 int err;
429
430 if (length < ENDHDR) {
431 err = -1;
432 LOGW("Archive %p is too small to be zip (%zd)\n", pArchive, length);
433 goto bail;
434 }
435
436 pArchive->addr = addr;
437 pArchive->length = length;
438
439 if (!parseZipArchive(pArchive)) {
440 err = -1;
441 LOGW("Parsing archive %p failed\n", pArchive);
442 goto bail;
443 }
444
445 err = 0;
446
447 bail:
448 if (err != 0)
449 mzCloseZipArchive(pArchive);
450 return err;
451 }
452
453 /*
454 * Close a ZipArchive, closing the file and freeing the contents.
455 *
456 * NOTE: the ZipArchive may not have been fully created.
457 */
mzCloseZipArchive(ZipArchive * pArchive)458 void mzCloseZipArchive(ZipArchive* pArchive)
459 {
460 LOGV("Closing archive %p\n", pArchive);
461
462 free(pArchive->pEntries);
463
464 mzHashTableFree(pArchive->pHash);
465
466 pArchive->pHash = NULL;
467 pArchive->pEntries = NULL;
468 }
469
470 /*
471 * Find a matching entry.
472 *
473 * Returns NULL if no matching entry found.
474 */
mzFindZipEntry(const ZipArchive * pArchive,const char * entryName)475 const ZipEntry* mzFindZipEntry(const ZipArchive* pArchive,
476 const char* entryName)
477 {
478 unsigned int itemHash = computeHash(entryName, strlen(entryName));
479
480 return (const ZipEntry*)mzHashTableLookup(pArchive->pHash,
481 itemHash, (char*) entryName, hashcmpZipName, false);
482 }
483
484 /*
485 * Return true if the entry is a symbolic link.
486 */
mzIsZipEntrySymlink(const ZipEntry * pEntry)487 static bool mzIsZipEntrySymlink(const ZipEntry* pEntry)
488 {
489 if ((pEntry->versionMadeBy & 0xff00) == CENVEM_UNIX) {
490 return S_ISLNK(pEntry->externalFileAttributes >> 16);
491 }
492 return false;
493 }
494
495 /* Call processFunction on the uncompressed data of a STORED entry.
496 */
processStoredEntry(const ZipArchive * pArchive,const ZipEntry * pEntry,ProcessZipEntryContentsFunction processFunction,void * cookie)497 static bool processStoredEntry(const ZipArchive *pArchive,
498 const ZipEntry *pEntry, ProcessZipEntryContentsFunction processFunction,
499 void *cookie)
500 {
501 return processFunction(pArchive->addr + pEntry->offset, pEntry->uncompLen, cookie);
502 }
503
processDeflatedEntry(const ZipArchive * pArchive,const ZipEntry * pEntry,ProcessZipEntryContentsFunction processFunction,void * cookie)504 static bool processDeflatedEntry(const ZipArchive *pArchive,
505 const ZipEntry *pEntry, ProcessZipEntryContentsFunction processFunction,
506 void *cookie)
507 {
508 long result = -1;
509 unsigned char procBuf[32 * 1024];
510 z_stream zstream;
511 int zerr;
512 long compRemaining;
513
514 compRemaining = pEntry->compLen;
515
516 /*
517 * Initialize the zlib stream.
518 */
519 memset(&zstream, 0, sizeof(zstream));
520 zstream.zalloc = Z_NULL;
521 zstream.zfree = Z_NULL;
522 zstream.opaque = Z_NULL;
523 zstream.next_in = pArchive->addr + pEntry->offset;
524 zstream.avail_in = pEntry->compLen;
525 zstream.next_out = (Bytef*) procBuf;
526 zstream.avail_out = sizeof(procBuf);
527 zstream.data_type = Z_UNKNOWN;
528
529 /*
530 * Use the undocumented "negative window bits" feature to tell zlib
531 * that there's no zlib header waiting for it.
532 */
533 zerr = inflateInit2(&zstream, -MAX_WBITS);
534 if (zerr != Z_OK) {
535 if (zerr == Z_VERSION_ERROR) {
536 LOGE("Installed zlib is not compatible with linked version (%s)\n",
537 ZLIB_VERSION);
538 } else {
539 LOGE("Call to inflateInit2 failed (zerr=%d)\n", zerr);
540 }
541 goto bail;
542 }
543
544 /*
545 * Loop while we have data.
546 */
547 do {
548 /* uncompress the data */
549 zerr = inflate(&zstream, Z_NO_FLUSH);
550 if (zerr != Z_OK && zerr != Z_STREAM_END) {
551 LOGW("zlib inflate call failed (zerr=%d)\n", zerr);
552 goto z_bail;
553 }
554
555 /* write when we're full or when we're done */
556 if (zstream.avail_out == 0 ||
557 (zerr == Z_STREAM_END && zstream.avail_out != sizeof(procBuf)))
558 {
559 long procSize = zstream.next_out - procBuf;
560 LOGVV("+++ processing %d bytes\n", (int) procSize);
561 bool ret = processFunction(procBuf, procSize, cookie);
562 if (!ret) {
563 LOGW("Process function elected to fail (in inflate)\n");
564 goto z_bail;
565 }
566
567 zstream.next_out = procBuf;
568 zstream.avail_out = sizeof(procBuf);
569 }
570 } while (zerr == Z_OK);
571
572 assert(zerr == Z_STREAM_END); /* other errors should've been caught */
573
574 // success!
575 result = zstream.total_out;
576
577 z_bail:
578 inflateEnd(&zstream); /* free up any allocated structures */
579
580 bail:
581 if (result != pEntry->uncompLen) {
582 if (result != -1) // error already shown?
583 LOGW("Size mismatch on inflated file (%ld vs %ld)\n",
584 result, pEntry->uncompLen);
585 return false;
586 }
587 return true;
588 }
589
590 /*
591 * Stream the uncompressed data through the supplied function,
592 * passing cookie to it each time it gets called. processFunction
593 * may be called more than once.
594 *
595 * If processFunction returns false, the operation is abandoned and
596 * mzProcessZipEntryContents() immediately returns false.
597 *
598 * This is useful for calculating the hash of an entry's uncompressed contents.
599 */
mzProcessZipEntryContents(const ZipArchive * pArchive,const ZipEntry * pEntry,ProcessZipEntryContentsFunction processFunction,void * cookie)600 bool mzProcessZipEntryContents(const ZipArchive *pArchive,
601 const ZipEntry *pEntry, ProcessZipEntryContentsFunction processFunction,
602 void *cookie)
603 {
604 bool ret = false;
605
606 switch (pEntry->compression) {
607 case STORED:
608 ret = processStoredEntry(pArchive, pEntry, processFunction, cookie);
609 break;
610 case DEFLATED:
611 ret = processDeflatedEntry(pArchive, pEntry, processFunction, cookie);
612 break;
613 default:
614 LOGE("Unsupported compression type %d for entry '%s'\n",
615 pEntry->compression, pEntry->fileName);
616 break;
617 }
618
619 return ret;
620 }
621
622 typedef struct {
623 char *buf;
624 int bufLen;
625 } CopyProcessArgs;
626
copyProcessFunction(const unsigned char * data,int dataLen,void * cookie)627 static bool copyProcessFunction(const unsigned char *data, int dataLen,
628 void *cookie)
629 {
630 CopyProcessArgs *args = (CopyProcessArgs *)cookie;
631 if (dataLen <= args->bufLen) {
632 memcpy(args->buf, data, dataLen);
633 args->buf += dataLen;
634 args->bufLen -= dataLen;
635 return true;
636 }
637 return false;
638 }
639
640 /*
641 * Read an entry into a buffer allocated by the caller.
642 */
mzReadZipEntry(const ZipArchive * pArchive,const ZipEntry * pEntry,char * buf,int bufLen)643 bool mzReadZipEntry(const ZipArchive* pArchive, const ZipEntry* pEntry,
644 char *buf, int bufLen)
645 {
646 CopyProcessArgs args;
647 bool ret;
648
649 args.buf = buf;
650 args.bufLen = bufLen;
651 ret = mzProcessZipEntryContents(pArchive, pEntry, copyProcessFunction,
652 (void *)&args);
653 if (!ret) {
654 LOGE("Can't extract entry to buffer.\n");
655 return false;
656 }
657 return true;
658 }
659
writeProcessFunction(const unsigned char * data,int dataLen,void * cookie)660 static bool writeProcessFunction(const unsigned char *data, int dataLen,
661 void *cookie)
662 {
663 int fd = (int)(intptr_t)cookie;
664 if (dataLen == 0) {
665 return true;
666 }
667 ssize_t soFar = 0;
668 while (true) {
669 ssize_t n = TEMP_FAILURE_RETRY(write(fd, data+soFar, dataLen-soFar));
670 if (n <= 0) {
671 LOGE("Error writing %zd bytes from zip file from %p: %s\n",
672 dataLen-soFar, data+soFar, strerror(errno));
673 return false;
674 } else if (n > 0) {
675 soFar += n;
676 if (soFar == dataLen) return true;
677 if (soFar > dataLen) {
678 LOGE("write overrun? (%zd bytes instead of %d)\n",
679 soFar, dataLen);
680 return false;
681 }
682 }
683 }
684 }
685
686 /*
687 * Uncompress "pEntry" in "pArchive" to "fd" at the current offset.
688 */
mzExtractZipEntryToFile(const ZipArchive * pArchive,const ZipEntry * pEntry,int fd)689 bool mzExtractZipEntryToFile(const ZipArchive *pArchive,
690 const ZipEntry *pEntry, int fd)
691 {
692 bool ret = mzProcessZipEntryContents(pArchive, pEntry, writeProcessFunction,
693 (void*)(intptr_t)fd);
694 if (!ret) {
695 LOGE("Can't extract entry to file.\n");
696 return false;
697 }
698 return true;
699 }
700
701 typedef struct {
702 unsigned char* buffer;
703 long len;
704 } BufferExtractCookie;
705
bufferProcessFunction(const unsigned char * data,int dataLen,void * cookie)706 static bool bufferProcessFunction(const unsigned char *data, int dataLen,
707 void *cookie) {
708 BufferExtractCookie *bec = (BufferExtractCookie*)cookie;
709
710 memmove(bec->buffer, data, dataLen);
711 bec->buffer += dataLen;
712 bec->len -= dataLen;
713
714 return true;
715 }
716
717 /*
718 * Uncompress "pEntry" in "pArchive" to buffer, which must be large
719 * enough to hold mzGetZipEntryUncomplen(pEntry) bytes.
720 */
mzExtractZipEntryToBuffer(const ZipArchive * pArchive,const ZipEntry * pEntry,unsigned char * buffer)721 bool mzExtractZipEntryToBuffer(const ZipArchive *pArchive,
722 const ZipEntry *pEntry, unsigned char *buffer)
723 {
724 BufferExtractCookie bec;
725 bec.buffer = buffer;
726 bec.len = mzGetZipEntryUncompLen(pEntry);
727
728 bool ret = mzProcessZipEntryContents(pArchive, pEntry,
729 bufferProcessFunction, (void*)&bec);
730 if (!ret || bec.len != 0) {
731 LOGE("Can't extract entry to memory buffer.\n");
732 return false;
733 }
734 return true;
735 }
736
737
738 /* Helper state to make path translation easier and less malloc-happy.
739 */
740 typedef struct {
741 const char *targetDir;
742 const char *zipDir;
743 char *buf;
744 int targetDirLen;
745 int zipDirLen;
746 int bufLen;
747 } MzPathHelper;
748
749 /* Given the values of targetDir and zipDir in the helper,
750 * return the target filename of the provided entry.
751 * The helper must be initialized first.
752 */
targetEntryPath(MzPathHelper * helper,ZipEntry * pEntry)753 static const char *targetEntryPath(MzPathHelper *helper, ZipEntry *pEntry)
754 {
755 int needLen;
756 bool firstTime = (helper->buf == NULL);
757
758 /* target file <-- targetDir + / + entry[zipDirLen:]
759 */
760 needLen = helper->targetDirLen + 1 +
761 pEntry->fileNameLen - helper->zipDirLen + 1;
762 if (needLen > helper->bufLen) {
763 char *newBuf;
764
765 needLen *= 2;
766 newBuf = (char *)realloc(helper->buf, needLen);
767 if (newBuf == NULL) {
768 return NULL;
769 }
770 helper->buf = newBuf;
771 helper->bufLen = needLen;
772 }
773
774 /* Every path will start with the target path and a slash.
775 */
776 if (firstTime) {
777 char *p = helper->buf;
778 memcpy(p, helper->targetDir, helper->targetDirLen);
779 p += helper->targetDirLen;
780 if (p == helper->buf || p[-1] != '/') {
781 helper->targetDirLen += 1;
782 *p++ = '/';
783 }
784 }
785
786 /* Replace the custom part of the path with the appropriate
787 * part of the entry's path.
788 */
789 char *epath = helper->buf + helper->targetDirLen;
790 memcpy(epath, pEntry->fileName + helper->zipDirLen,
791 pEntry->fileNameLen - helper->zipDirLen);
792 epath += pEntry->fileNameLen - helper->zipDirLen;
793 *epath = '\0';
794
795 return helper->buf;
796 }
797
798 /*
799 * Inflate all entries under zipDir to the directory specified by
800 * targetDir, which must exist and be a writable directory.
801 *
802 * The immediate children of zipDir will become the immediate
803 * children of targetDir; e.g., if the archive contains the entries
804 *
805 * a/b/c/one
806 * a/b/c/two
807 * a/b/c/d/three
808 *
809 * and mzExtractRecursive(a, "a/b/c", "/tmp") is called, the resulting
810 * files will be
811 *
812 * /tmp/one
813 * /tmp/two
814 * /tmp/d/three
815 *
816 * Returns true on success, false on failure.
817 */
mzExtractRecursive(const ZipArchive * pArchive,const char * zipDir,const char * targetDir,const struct utimbuf * timestamp,void (* callback)(const char * fn,void *),void * cookie,struct selabel_handle * sehnd)818 bool mzExtractRecursive(const ZipArchive *pArchive,
819 const char *zipDir, const char *targetDir,
820 const struct utimbuf *timestamp,
821 void (*callback)(const char *fn, void *), void *cookie,
822 struct selabel_handle *sehnd)
823 {
824 if (zipDir[0] == '/') {
825 LOGE("mzExtractRecursive(): zipDir must be a relative path.\n");
826 return false;
827 }
828 if (targetDir[0] != '/') {
829 LOGE("mzExtractRecursive(): targetDir must be an absolute path.\n");
830 return false;
831 }
832
833 unsigned int zipDirLen;
834 char *zpath;
835
836 zipDirLen = strlen(zipDir);
837 zpath = (char *)malloc(zipDirLen + 2);
838 if (zpath == NULL) {
839 LOGE("Can't allocate %d bytes for zip path\n", zipDirLen + 2);
840 return false;
841 }
842 /* If zipDir is empty, we'll extract the entire zip file.
843 * Otherwise, canonicalize the path.
844 */
845 if (zipDirLen > 0) {
846 /* Make sure there's (hopefully, exactly one) slash at the
847 * end of the path. This way we don't need to worry about
848 * accidentally extracting "one/twothree" when a path like
849 * "one/two" is specified.
850 */
851 memcpy(zpath, zipDir, zipDirLen);
852 if (zpath[zipDirLen-1] != '/') {
853 zpath[zipDirLen++] = '/';
854 }
855 }
856 zpath[zipDirLen] = '\0';
857
858 /* Set up the helper structure that we'll use to assemble paths.
859 */
860 MzPathHelper helper;
861 helper.targetDir = targetDir;
862 helper.targetDirLen = strlen(helper.targetDir);
863 helper.zipDir = zpath;
864 helper.zipDirLen = strlen(helper.zipDir);
865 helper.buf = NULL;
866 helper.bufLen = 0;
867
868 /* Walk through the entries and extract anything whose path begins
869 * with zpath.
870 //TODO: since the entries are sorted, binary search for the first match
871 // and stop after the first non-match.
872 */
873 unsigned int i;
874 bool seenMatch = false;
875 int ok = true;
876 int extractCount = 0;
877 for (i = 0; i < pArchive->numEntries; i++) {
878 ZipEntry *pEntry = pArchive->pEntries + i;
879 if (pEntry->fileNameLen < zipDirLen) {
880 //TODO: look out for a single empty directory entry that matches zpath, but
881 // missing the trailing slash. Most zip files seem to include
882 // the trailing slash, but I think it's legal to leave it off.
883 // e.g., zpath "a/b/", entry "a/b", with no children of the entry.
884 /* No chance of matching.
885 */
886 #if SORT_ENTRIES
887 if (seenMatch) {
888 /* Since the entries are sorted, we can give up
889 * on the first mismatch after the first match.
890 */
891 break;
892 }
893 #endif
894 continue;
895 }
896 /* If zpath is empty, this strncmp() will match everything,
897 * which is what we want.
898 */
899 if (strncmp(pEntry->fileName, zpath, zipDirLen) != 0) {
900 #if SORT_ENTRIES
901 if (seenMatch) {
902 /* Since the entries are sorted, we can give up
903 * on the first mismatch after the first match.
904 */
905 break;
906 }
907 #endif
908 continue;
909 }
910 /* This entry begins with zipDir, so we'll extract it.
911 */
912 seenMatch = true;
913
914 /* Find the target location of the entry.
915 */
916 const char *targetFile = targetEntryPath(&helper, pEntry);
917 if (targetFile == NULL) {
918 LOGE("Can't assemble target path for \"%.*s\"\n",
919 pEntry->fileNameLen, pEntry->fileName);
920 ok = false;
921 break;
922 }
923
924 #define UNZIP_DIRMODE 0755
925 #define UNZIP_FILEMODE 0644
926 /*
927 * Create the file or directory. We ignore directory entries
928 * because we recursively create paths to each file entry we encounter
929 * in the zip archive anyway.
930 *
931 * NOTE: A "directory entry" in a zip archive is just a zero length
932 * entry that ends in a "/". They're not mandatory and many tools get
933 * rid of them. We need to process them only if we want to preserve
934 * empty directories from the archive.
935 */
936 if (pEntry->fileName[pEntry->fileNameLen-1] != '/') {
937 /* This is not a directory. First, make sure that
938 * the containing directory exists.
939 */
940 int ret = dirCreateHierarchy(
941 targetFile, UNZIP_DIRMODE, timestamp, true, sehnd);
942 if (ret != 0) {
943 LOGE("Can't create containing directory for \"%s\": %s\n",
944 targetFile, strerror(errno));
945 ok = false;
946 break;
947 }
948
949 /*
950 * The entry is a regular file or a symlink. Open the target for writing.
951 *
952 * TODO: This behavior for symlinks seems rather bizarre. For a
953 * symlink foo/bar/baz -> foo/tar/taz, we will create a file called
954 * "foo/bar/baz" whose contents are the literal "foo/tar/taz". We
955 * warn about this for now and preserve older behavior.
956 */
957 if (mzIsZipEntrySymlink(pEntry)) {
958 LOGE("Symlink entry \"%.*s\" will be output as a regular file.",
959 pEntry->fileNameLen, pEntry->fileName);
960 }
961
962 char *secontext = NULL;
963
964 if (sehnd) {
965 selabel_lookup(sehnd, &secontext, targetFile, UNZIP_FILEMODE);
966 setfscreatecon(secontext);
967 }
968
969 int fd = open(targetFile, O_CREAT|O_WRONLY|O_TRUNC|O_SYNC,
970 UNZIP_FILEMODE);
971
972 if (secontext) {
973 freecon(secontext);
974 setfscreatecon(NULL);
975 }
976
977 if (fd < 0) {
978 LOGE("Can't create target file \"%s\": %s\n",
979 targetFile, strerror(errno));
980 ok = false;
981 break;
982 }
983
984 bool ok = mzExtractZipEntryToFile(pArchive, pEntry, fd);
985 if (ok) {
986 ok = (fsync(fd) == 0);
987 }
988 if (close(fd) != 0) {
989 ok = false;
990 }
991 if (!ok) {
992 LOGE("Error extracting \"%s\"\n", targetFile);
993 ok = false;
994 break;
995 }
996
997 if (timestamp != NULL && utime(targetFile, timestamp)) {
998 LOGE("Error touching \"%s\"\n", targetFile);
999 ok = false;
1000 break;
1001 }
1002
1003 LOGV("Extracted file \"%s\"\n", targetFile);
1004 ++extractCount;
1005 }
1006
1007 if (callback != NULL) callback(targetFile, cookie);
1008 }
1009
1010 LOGV("Extracted %d file(s)\n", extractCount);
1011
1012 free(helper.buf);
1013 free(zpath);
1014
1015 return ok;
1016 }
1017