Index: usr.bin/bsdiff/bspatch/bspatch.c =================================================================== --- usr.bin/bsdiff/bspatch/bspatch.c +++ usr.bin/bsdiff/bspatch/bspatch.c @@ -27,8 +27,21 @@ #include __FBSDID("$FreeBSD$"); +#include + +#if defined(__FreeBSD__) +#if __FreeBSD_version >= 1100014 +#include +#define HAVE_CAPSICUM +#elif __FreeBSD_version >= 1000000 +#include +#define HAVE_CAPSICUM +#endif +#endif + #include #include +#include #include #include #include @@ -80,6 +93,9 @@ off_t ctrl[3]; off_t lenread; off_t i; +#ifdef HAVE_CAPSICUM + cap_rights_t rights_ro, rights_wr; +#endif if (argc != 4) usage(); @@ -87,6 +103,44 @@ /* Open patch file */ if ((f = fopen(argv[3], "rb")) == NULL) err(1, "fopen(%s)", argv[3]); + /* Open patch file for control block */ + if ((cpf = fopen(argv[3], "rb")) == NULL) + err(1, "fopen(%s)", argv[3]); + /* open patch file for diff block */ + if ((dpf = fopen(argv[3], "rb")) == NULL) + err(1, "fopen(%s)", argv[3]); + /* open patch file for extra block */ + if ((epf = fopen(argv[3], "rb")) == NULL) + err(1, "fopen(%s)", argv[3]); + /* open oldfile */ + if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0) + err(1,"open(%s)", argv[1]); + /* open newfile */ + if ((newfd = open(argv[2], O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0) + err(1,"open(%s)", argv[2]); + +#ifdef HAVE_CAPSICUM + if (cap_enter() < 0) { + /* Failed to engage Capsicum */ + if (errno == ENOSYS) { + warn("could not enter security sandbox, CAPABILITY_MODE is disabled"); + } else { + err(1, "failed to enter security sandbox"); + } + } else { + /* Capsicum Available */ + cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK); + cap_rights_init(&rights_wr, CAP_WRITE); + + if (cap_rights_limit(fileno(f), &rights_ro) < 0 || + cap_rights_limit(fileno(cpf), &rights_ro) < 0 || + cap_rights_limit(fileno(dpf), &rights_ro) < 0 || + cap_rights_limit(fileno(epf), &rights_ro) < 0 || + cap_rights_limit(oldfd, &rights_ro) < 0 || + cap_rights_limit(newfd, &rights_wr) < 0) + err(1, "cap_rights_limit() failed, could not restrict capabilities"); + } +#endif /* File format: @@ -123,31 +177,22 @@ /* Close patch file and re-open it via libbzip2 at the right places */ if (fclose(f)) err(1, "fclose(%s)", argv[3]); - if ((cpf = fopen(argv[3], "rb")) == NULL) - err(1, "fopen(%s)", argv[3]); if (fseeko(cpf, 32, SEEK_SET)) err(1, "fseeko(%s, %lld)", argv[3], (long long)32); if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL) errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err); - if ((dpf = fopen(argv[3], "rb")) == NULL) - err(1, "fopen(%s)", argv[3]); if (fseeko(dpf, 32 + bzctrllen, SEEK_SET)) err(1, "fseeko(%s, %lld)", argv[3], (long long)(32 + bzctrllen)); if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL) errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err); - if ((epf = fopen(argv[3], "rb")) == NULL) - err(1, "fopen(%s)", argv[3]); if (fseeko(epf, 32 + bzctrllen + bzdatalen, SEEK_SET)) err(1, "fseeko(%s, %lld)", argv[3], (long long)(32 + bzctrllen + bzdatalen)); if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL) errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err); - oldfd = open(argv[1], O_RDONLY | O_BINARY, 0); - if (oldfd < 0) - err(1, "%s", argv[1]); if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 || (old = malloc(oldsize+1)) == NULL || lseek(oldfd, 0, SEEK_SET) != 0 || @@ -215,9 +260,6 @@ err(1, "fclose(%s)", argv[3]); /* Write the new file */ - newfd = open(argv[2], O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666); - if (newfd < 0) - err(1, "%s", argv[2]); if (write(newfd, new, newsize) != newsize || close(newfd) == -1) err(1, "%s", argv[2]);