Index: usr.bin/bsdiff/bspatch/bspatch.c =================================================================== --- usr.bin/bsdiff/bspatch/bspatch.c +++ usr.bin/bsdiff/bspatch/bspatch.c @@ -35,6 +35,8 @@ #include #include +#include + #ifndef O_BINARY #define O_BINARY 0 #endif @@ -68,9 +70,10 @@ int main(int argc,char * argv[]) { FILE * f, * cpf, * dpf, * epf; + cap_rights_t rights_ro, rights_wr; BZFILE * cpfbz2, * dpfbz2, * epfbz2; int cbz2err, dbz2err, ebz2err; - int fd; + int rfd, wfd; ssize_t oldsize,newsize; ssize_t bzctrllen,bzdatalen; u_char header[32],buf[8]; @@ -83,9 +86,43 @@ if (argc != 4) usage(); - /* Open patch file */ + /* Open patchfile */ if ((f = fopen(argv[3], "rb")) == NULL) err(1, "fopen(%s)", argv[3]); + /* Open patch file for control block */ + if ((cpf = fopen(argv[3], "rb")) == NULL) + err(1, "fopen(%s)", argv[3]); + /* open patch file for diff block */ + if ((dpf = fopen(argv[3], "rb")) == NULL) + err(1, "fopen(%s)", argv[3]); + /* open patch file for extra block */ + if ((epf = fopen(argv[3], "rb")) == NULL) + err(1, "fopen(%s)", argv[3]); + /* open oldfile */ + if ((rfd = open(argv[1], O_RDONLY|O_BINARY, 0)) < 0) + err(1,"open(%s)", argv[1]); + /* open newfile */ + if ((wfd = open(argv[2], O_CREAT|O_TRUNC|O_WRONLY|O_BINARY, 0666)) < 0) + err(1,"open(%s)", argv[2]); + + if (cap_enter() < 0) + err(1, "failed to enter security sandbox"); + + cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK); + cap_rights_init(&rights_wr, CAP_WRITE); + + if (cap_rights_limit(fileno(f), &rights_ro) < 0) + err(1, "cap_rights_limit() failed on patch"); + if (cap_rights_limit(fileno(cpf), &rights_ro) < 0) + err(1, "cap_rights_limit() failed on patch"); + if (cap_rights_limit(fileno(dpf), &rights_ro) < 0) + err(1, "cap_rights_limit() failed on patch"); + if (cap_rights_limit(fileno(epf), &rights_ro) < 0) + err(1, "cap_rights_limit() failed on patch"); + if (cap_rights_limit(rfd, &rights_ro) < 0) + err(1, "cap_rights_limit() failed on input"); + if (cap_rights_limit(wfd, &rights_wr) < 0) + err(1, "cap_rights_limit() failed on output"); /* File format: @@ -122,34 +159,27 @@ /* Close patch file and re-open it via libbzip2 at the right places */ if (fclose(f)) err(1, "fclose(%s)", argv[3]); - if ((cpf = fopen(argv[3], "rb")) == NULL) - err(1, "fopen(%s)", argv[3]); if (fseeko(cpf, 32, SEEK_SET)) err(1, "fseeko(%s, %lld)", argv[3], (long long)32); if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL) errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err); - if ((dpf = fopen(argv[3], "rb")) == NULL) - err(1, "fopen(%s)", argv[3]); if (fseeko(dpf, 32 + bzctrllen, SEEK_SET)) err(1, "fseeko(%s, %lld)", argv[3], (long long)(32 + bzctrllen)); if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL) errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err); - if ((epf = fopen(argv[3], "rb")) == NULL) - err(1, "fopen(%s)", argv[3]); if (fseeko(epf, 32 + bzctrllen + bzdatalen, SEEK_SET)) err(1, "fseeko(%s, %lld)", argv[3], (long long)(32 + bzctrllen + bzdatalen)); if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL) errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err); - if(((fd=open(argv[1],O_RDONLY|O_BINARY,0))<0) || - ((oldsize=lseek(fd,0,SEEK_END))==-1) || + if(((oldsize=lseek(rfd,0,SEEK_END))==-1) || ((old=malloc(oldsize+1))==NULL) || - (lseek(fd,0,SEEK_SET)!=0) || - (read(fd,old,oldsize)!=oldsize) || - (close(fd)==-1)) err(1,"%s",argv[1]); + (lseek(rfd,0,SEEK_SET)!=0) || + (read(rfd,old,oldsize)!=oldsize) || + (close(rfd)==-1)) err(1,"%s",argv[1]); if((new=malloc(newsize+1))==NULL) err(1,NULL); oldpos=0;newpos=0; @@ -209,8 +239,7 @@ err(1, "fclose(%s)", argv[3]); /* Write the new file */ - if(((fd=open(argv[2],O_CREAT|O_TRUNC|O_WRONLY|O_BINARY,0666))<0) || - (write(fd,new,newsize)!=newsize) || (close(fd)==-1)) + if ((write(wfd, new, newsize) != newsize) || (close(wfd) == -1)) err(1,"%s",argv[2]); free(new);