/src/libzip/lib/zip_source_file_stdio_named.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | zip_source_file_stdio_named.c -- source for stdio file opened by name |
3 | | Copyright (C) 1999-2023 Dieter Baron and Thomas Klausner |
4 | | |
5 | | This file is part of libzip, a library to manipulate ZIP archives. |
6 | | The authors can be contacted at <info@libzip.org> |
7 | | |
8 | | Redistribution and use in source and binary forms, with or without |
9 | | modification, are permitted provided that the following conditions |
10 | | are met: |
11 | | 1. Redistributions of source code must retain the above copyright |
12 | | notice, this list of conditions and the following disclaimer. |
13 | | 2. Redistributions in binary form must reproduce the above copyright |
14 | | notice, this list of conditions and the following disclaimer in |
15 | | the documentation and/or other materials provided with the |
16 | | distribution. |
17 | | 3. The names of the authors may not be used to endorse or promote |
18 | | products derived from this software without specific prior |
19 | | written permission. |
20 | | |
21 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS |
22 | | OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
23 | | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | | ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY |
25 | | DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE |
27 | | GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
28 | | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER |
29 | | IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
30 | | OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
31 | | IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
32 | | */ |
33 | | |
34 | | #include "zipint.h" |
35 | | |
36 | | #include "zip_source_file.h" |
37 | | #include "zip_source_file_stdio.h" |
38 | | |
39 | | #include <fcntl.h> |
40 | | #include <stdlib.h> |
41 | | #include <sys/stat.h> |
42 | | #ifdef HAVE_UNISTD_H |
43 | | #include <unistd.h> |
44 | | #endif |
45 | | |
46 | | #ifdef HAVE_CLONEFILE |
47 | | #include <sys/attr.h> |
48 | | #include <sys/clonefile.h> |
49 | | #define CAN_CLONE |
50 | | #endif |
51 | | #ifdef HAVE_FICLONERANGE |
52 | | #include <linux/fs.h> |
53 | | #include <sys/ioctl.h> |
54 | | #define CAN_CLONE |
55 | | #endif |
56 | | |
57 | | static int create_temp_file(zip_source_file_context_t *ctx, bool create_file); |
58 | | |
59 | | static zip_int64_t _zip_stdio_op_commit_write(zip_source_file_context_t *ctx); |
60 | | static zip_int64_t _zip_stdio_op_create_temp_output(zip_source_file_context_t *ctx); |
61 | | #ifdef CAN_CLONE |
62 | | static zip_int64_t _zip_stdio_op_create_temp_output_cloning(zip_source_file_context_t *ctx, zip_uint64_t offset); |
63 | | #endif |
64 | | static bool _zip_stdio_op_open(zip_source_file_context_t *ctx); |
65 | | static zip_int64_t _zip_stdio_op_remove(zip_source_file_context_t *ctx); |
66 | | static void _zip_stdio_op_rollback_write(zip_source_file_context_t *ctx); |
67 | | static char *_zip_stdio_op_strdup(zip_source_file_context_t *ctx, const char *string); |
68 | | static zip_int64_t _zip_stdio_op_write(zip_source_file_context_t *ctx, const void *data, zip_uint64_t len); |
69 | | static FILE *_zip_fopen_close_on_exec(const char *name, bool writeable); |
70 | | |
71 | | /* clang-format off */ |
72 | | static zip_source_file_operations_t ops_stdio_named = { |
73 | | _zip_stdio_op_close, |
74 | | _zip_stdio_op_commit_write, |
75 | | _zip_stdio_op_create_temp_output, |
76 | | #ifdef CAN_CLONE |
77 | | _zip_stdio_op_create_temp_output_cloning, |
78 | | #else |
79 | | NULL, |
80 | | #endif |
81 | | _zip_stdio_op_open, |
82 | | _zip_stdio_op_read, |
83 | | _zip_stdio_op_remove, |
84 | | _zip_stdio_op_rollback_write, |
85 | | _zip_stdio_op_seek, |
86 | | _zip_stdio_op_stat, |
87 | | _zip_stdio_op_strdup, |
88 | | _zip_stdio_op_tell, |
89 | | _zip_stdio_op_write |
90 | | }; |
91 | | /* clang-format on */ |
92 | | |
93 | | ZIP_EXTERN zip_source_t * |
94 | 0 | zip_source_file(zip_t *za, const char *fname, zip_uint64_t start, zip_int64_t len) { |
95 | 0 | if (za == NULL) |
96 | 0 | return NULL; |
97 | | |
98 | 0 | return zip_source_file_create(fname, start, len, &za->error); |
99 | 0 | } |
100 | | |
101 | | |
102 | | ZIP_EXTERN zip_source_t * |
103 | 23 | zip_source_file_create(const char *fname, zip_uint64_t start, zip_int64_t length, zip_error_t *error) { |
104 | 23 | if (fname == NULL || length < ZIP_LENGTH_UNCHECKED) { |
105 | 0 | zip_error_set(error, ZIP_ER_INVAL, 0); |
106 | 0 | return NULL; |
107 | 0 | } |
108 | | |
109 | 23 | return zip_source_file_common_new(fname, NULL, start, length, NULL, &ops_stdio_named, NULL, error); |
110 | 23 | } |
111 | | |
112 | | |
113 | | static zip_int64_t |
114 | 0 | _zip_stdio_op_commit_write(zip_source_file_context_t *ctx) { |
115 | 0 | if (fclose(ctx->fout) < 0) { |
116 | 0 | zip_error_set(&ctx->error, ZIP_ER_WRITE, errno); |
117 | 0 | return -1; |
118 | 0 | } |
119 | 0 | if (rename(ctx->tmpname, ctx->fname) < 0) { |
120 | 0 | zip_error_set(&ctx->error, ZIP_ER_RENAME, errno); |
121 | 0 | return -1; |
122 | 0 | } |
123 | | |
124 | 0 | return 0; |
125 | 0 | } |
126 | | |
127 | | |
128 | | static zip_int64_t |
129 | 0 | _zip_stdio_op_create_temp_output(zip_source_file_context_t *ctx) { |
130 | 0 | int fd = create_temp_file(ctx, true); |
131 | | |
132 | 0 | if (fd < 0) { |
133 | 0 | return -1; |
134 | 0 | } |
135 | | |
136 | 0 | if ((ctx->fout = fdopen(fd, "r+b")) == NULL) { |
137 | 0 | zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno); |
138 | 0 | close(fd); |
139 | 0 | (void)remove(ctx->tmpname); |
140 | 0 | free(ctx->tmpname); |
141 | 0 | ctx->tmpname = NULL; |
142 | 0 | return -1; |
143 | 0 | } |
144 | | |
145 | 0 | return 0; |
146 | 0 | } |
147 | | |
148 | | #ifdef CAN_CLONE |
149 | | static zip_int64_t |
150 | 0 | _zip_stdio_op_create_temp_output_cloning(zip_source_file_context_t *ctx, zip_uint64_t offset) { |
151 | 0 | FILE *tfp; |
152 | | |
153 | 0 | if (offset > ZIP_OFF_MAX) { |
154 | 0 | zip_error_set(&ctx->error, ZIP_ER_SEEK, E2BIG); |
155 | 0 | return -1; |
156 | 0 | } |
157 | | |
158 | | #ifdef HAVE_CLONEFILE |
159 | | /* clonefile insists on creating the file, so just create a name */ |
160 | | if (create_temp_file(ctx, false) < 0) { |
161 | | return -1; |
162 | | } |
163 | | |
164 | | if (clonefile(ctx->fname, ctx->tmpname, 0) < 0) { |
165 | | zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno); |
166 | | free(ctx->tmpname); |
167 | | ctx->tmpname = NULL; |
168 | | return -1; |
169 | | } |
170 | | if ((tfp = _zip_fopen_close_on_exec(ctx->tmpname, true)) == NULL) { |
171 | | zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno); |
172 | | (void)remove(ctx->tmpname); |
173 | | free(ctx->tmpname); |
174 | | ctx->tmpname = NULL; |
175 | | return -1; |
176 | | } |
177 | | #else |
178 | 0 | { |
179 | 0 | int fd; |
180 | 0 | struct file_clone_range range; |
181 | 0 | zip_os_stat_t st; |
182 | | |
183 | 0 | if (zip_os_fstat(fileno(ctx->f), &st) < 0) { |
184 | 0 | zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno); |
185 | 0 | return -1; |
186 | 0 | } |
187 | | |
188 | 0 | if ((fd = create_temp_file(ctx, true)) < 0) { |
189 | 0 | return -1; |
190 | 0 | } |
191 | | |
192 | 0 | range.src_fd = fileno(ctx->f); |
193 | 0 | range.src_offset = 0; |
194 | 0 | range.src_length = ((offset + st.st_blksize - 1) / st.st_blksize) * st.st_blksize; |
195 | 0 | if (range.src_length > st.st_size) { |
196 | 0 | range.src_length = 0; |
197 | 0 | } |
198 | 0 | range.dest_offset = 0; |
199 | 0 | if (ioctl(fd, FICLONERANGE, &range) < 0) { |
200 | 0 | zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno); |
201 | 0 | (void)close(fd); |
202 | 0 | (void)remove(ctx->tmpname); |
203 | 0 | free(ctx->tmpname); |
204 | 0 | ctx->tmpname = NULL; |
205 | 0 | return -1; |
206 | 0 | } |
207 | | |
208 | 0 | if ((tfp = fdopen(fd, "r+b")) == NULL) { |
209 | 0 | zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno); |
210 | 0 | (void)close(fd); |
211 | 0 | (void)remove(ctx->tmpname); |
212 | 0 | free(ctx->tmpname); |
213 | 0 | ctx->tmpname = NULL; |
214 | 0 | return -1; |
215 | 0 | } |
216 | 0 | } |
217 | 0 | #endif |
218 | | |
219 | 0 | if (ftruncate(fileno(tfp), (off_t)offset) < 0) { |
220 | 0 | (void)fclose(tfp); |
221 | 0 | (void)remove(ctx->tmpname); |
222 | 0 | free(ctx->tmpname); |
223 | 0 | ctx->tmpname = NULL; |
224 | 0 | return -1; |
225 | 0 | } |
226 | 0 | if (zip_os_fseek(tfp, (zip_off_t)offset, SEEK_SET) < 0) { |
227 | 0 | zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno); |
228 | 0 | (void)fclose(tfp); |
229 | 0 | (void)remove(ctx->tmpname); |
230 | 0 | free(ctx->tmpname); |
231 | 0 | ctx->tmpname = NULL; |
232 | 0 | return -1; |
233 | 0 | } |
234 | | |
235 | 0 | ctx->fout = tfp; |
236 | |
|
237 | 0 | return 0; |
238 | 0 | } |
239 | | #endif |
240 | | |
241 | | static bool |
242 | 0 | _zip_stdio_op_open(zip_source_file_context_t *ctx) { |
243 | 0 | if ((ctx->f = _zip_fopen_close_on_exec(ctx->fname, false)) == NULL) { |
244 | 0 | zip_error_set(&ctx->error, ZIP_ER_OPEN, errno); |
245 | 0 | return false; |
246 | 0 | } |
247 | 0 | return true; |
248 | 0 | } |
249 | | |
250 | | |
251 | | static zip_int64_t |
252 | 0 | _zip_stdio_op_remove(zip_source_file_context_t *ctx) { |
253 | 0 | if (remove(ctx->fname) < 0) { |
254 | 0 | zip_error_set(&ctx->error, ZIP_ER_REMOVE, errno); |
255 | 0 | return -1; |
256 | 0 | } |
257 | 0 | return 0; |
258 | 0 | } |
259 | | |
260 | | |
261 | | static void |
262 | 0 | _zip_stdio_op_rollback_write(zip_source_file_context_t *ctx) { |
263 | 0 | if (ctx->fout) { |
264 | 0 | fclose(ctx->fout); |
265 | 0 | } |
266 | 0 | (void)remove(ctx->tmpname); |
267 | 0 | } |
268 | | |
269 | | static char * |
270 | 23 | _zip_stdio_op_strdup(zip_source_file_context_t *ctx, const char *string) { |
271 | 23 | return strdup(string); |
272 | 23 | } |
273 | | |
274 | | |
275 | | static zip_int64_t |
276 | 0 | _zip_stdio_op_write(zip_source_file_context_t *ctx, const void *data, zip_uint64_t len) { |
277 | 0 | size_t ret; |
278 | |
|
279 | 0 | clearerr((FILE *)ctx->fout); |
280 | 0 | ret = fwrite(data, 1, len, (FILE *)ctx->fout); |
281 | 0 | if (ret != len || ferror((FILE *)ctx->fout)) { |
282 | 0 | zip_error_set(&ctx->error, ZIP_ER_WRITE, errno); |
283 | 0 | return -1; |
284 | 0 | } |
285 | | |
286 | 0 | return (zip_int64_t)ret; |
287 | 0 | } |
288 | | |
289 | | |
290 | 0 | static int create_temp_file(zip_source_file_context_t *ctx, bool create_file) { |
291 | 0 | char *temp; |
292 | 0 | int mode; |
293 | 0 | zip_os_stat_t st; |
294 | 0 | int fd = 0; |
295 | 0 | char *start, *end; |
296 | | |
297 | 0 | if (zip_os_stat(ctx->fname, &st) == 0) { |
298 | 0 | mode = st.st_mode; |
299 | 0 | } |
300 | 0 | else { |
301 | 0 | mode = -1; |
302 | 0 | } |
303 | | |
304 | 0 | size_t temp_size = strlen(ctx->fname) + 13; |
305 | 0 | if ((temp = (char *)malloc(temp_size)) == NULL) { |
306 | 0 | zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0); |
307 | 0 | return -1; |
308 | 0 | } |
309 | 0 | snprintf_s(temp, temp_size, "%s.XXXXXX.part", ctx->fname); |
310 | 0 | end = temp + strlen(temp) - 5; |
311 | 0 | start = end - 6; |
312 | | |
313 | 0 | for (;;) { |
314 | 0 | zip_uint32_t value = zip_random_uint32(); |
315 | 0 | char *xs = start; |
316 | | |
317 | 0 | while (xs < end) { |
318 | 0 | char digit = value % 36; |
319 | 0 | if (digit < 10) { |
320 | 0 | *(xs++) = digit + '0'; |
321 | 0 | } |
322 | 0 | else { |
323 | 0 | *(xs++) = digit - 10 + 'a'; |
324 | 0 | } |
325 | 0 | value /= 36; |
326 | 0 | } |
327 | | |
328 | 0 | if (create_file) { |
329 | 0 | if ((fd = open(temp, O_CREAT | O_EXCL | O_RDWR | O_CLOEXEC, mode == -1 ? 0666 : (mode_t)mode)) >= 0) { |
330 | 0 | if (mode != -1) { |
331 | | /* open() honors umask(), which we don't want in this case */ |
332 | 0 | #ifdef HAVE_FCHMOD |
333 | 0 | (void)fchmod(fd, (mode_t)mode); |
334 | | #else |
335 | | (void)chmod(temp, (mode_t)mode); |
336 | | #endif |
337 | 0 | } |
338 | 0 | break; |
339 | 0 | } |
340 | 0 | if (errno != EEXIST) { |
341 | 0 | zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno); |
342 | 0 | free(temp); |
343 | 0 | return -1; |
344 | 0 | } |
345 | 0 | } |
346 | 0 | else { |
347 | 0 | if (zip_os_stat(temp, &st) < 0) { |
348 | 0 | if (errno == ENOENT) { |
349 | 0 | break; |
350 | 0 | } |
351 | 0 | else { |
352 | 0 | zip_error_set(&ctx->error, ZIP_ER_TMPOPEN, errno); |
353 | 0 | free(temp); |
354 | 0 | return -1; |
355 | 0 | } |
356 | 0 | } |
357 | 0 | } |
358 | 0 | } |
359 | | |
360 | 0 | ctx->tmpname = temp; |
361 | | |
362 | 0 | return fd; /* initialized to 0 if !create_file */ |
363 | 0 | } |
364 | | |
365 | | |
366 | | /* |
367 | | * fopen replacement that sets the close-on-exec flag |
368 | | * some implementations support an fopen 'e' flag for that, |
369 | | * but e.g. macOS doesn't. |
370 | | */ |
371 | 0 | static FILE *_zip_fopen_close_on_exec(const char *name, bool writeable) { |
372 | 0 | int fd; |
373 | 0 | int flags; |
374 | 0 | FILE *fp; |
375 | |
|
376 | 0 | flags = O_CLOEXEC; |
377 | 0 | if (writeable) { |
378 | 0 | flags |= O_RDWR; |
379 | 0 | } |
380 | 0 | else { |
381 | 0 | flags |= O_RDONLY; |
382 | 0 | } |
383 | | |
384 | | /* mode argument needed on Windows */ |
385 | 0 | if ((fd = open(name, flags, 0666)) < 0) { |
386 | 0 | return NULL; |
387 | 0 | } |
388 | 0 | if ((fp = fdopen(fd, writeable ? "r+b" : "rb")) == NULL) { |
389 | 0 | return NULL; |
390 | 0 | } |
391 | 0 | return fp; |
392 | 0 | } |