1 /*
2  * Copyright 1986, Larry Wall
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following condition is met:
6  * 1. Redistributions of source code must retain the above copyright notice,
7  * this condition and the following disclaimer.
8  *
9  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
10  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
11  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
12  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
13  * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
14  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
15  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
16  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
17  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
18  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
19  * SUCH DAMAGE.
20  */
21 
22 /*
23  * Copyright (c) 2022 Omar Polo <op@openbsd.org>
24  *
25  * Permission to use, copy, modify, and distribute this software for any
26  * purpose with or without fee is hereby granted, provided that the above
27  * copyright notice and this permission notice appear in all copies.
28  *
29  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
30  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
31  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
32  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
33  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
34  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
35  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
36  */
37 
38 #include <sys/types.h>
39 #include <sys/queue.h>
40 #include <sys/uio.h>
41 
42 #include <ctype.h>
43 #include <limits.h>
44 #include <paths.h>
45 #include <sha1.h>
46 #include <sha2.h>
47 #include <stdint.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <unistd.h>
52 
53 #include "got_error.h"
54 #include "got_object.h"
55 
56 #include "got_compat.h"
57 
58 #include "got_lib_delta.h"
59 #include "got_lib_object.h"
60 #include "got_lib_privsep.h"
61 #include "got_lib_hash.h"
62 
63 struct imsgbuf ibuf;
64 
65 static const struct got_error *
66 send_patch(const char *oldname, const char *newname, const char *commitid,
67     const char *blob, const int xbit, int git)
68 {
69 	struct got_imsg_patch p;
70 
71 	memset(&p, 0, sizeof(p));
72 
73 	if (oldname != NULL)
74 		strlcpy(p.old, oldname, sizeof(p.old));
75 
76 	if (newname != NULL)
77 		strlcpy(p.new, newname, sizeof(p.new));
78 
79 	if (commitid != NULL)
80 		strlcpy(p.cid, commitid, sizeof(p.cid));
81 
82 	if (blob != NULL)
83 		strlcpy(p.blob, blob, sizeof(p.blob));
84 
85 	p.xbit = xbit;
86 	p.git = git;
87 	if (imsg_compose(&ibuf, GOT_IMSG_PATCH, 0, 0, -1, &p, sizeof(p)) == -1)
88 		return got_error_from_errno("imsg_compose GOT_IMSG_PATCH");
89 	return NULL;
90 }
91 
92 static const struct got_error *
93 send_patch_done(void)
94 {
95 	if (imsg_compose(&ibuf, GOT_IMSG_PATCH_DONE, 0, 0, -1,
96 	    NULL, 0) == -1)
97 		return got_error_from_errno("imsg_compose GOT_IMSG_PATCH_EOF");
98 	return got_privsep_flush_imsg(&ibuf);
99 }
100 
101 /* based on fetchname from usr.bin/patch/util.c */
102 static const struct got_error *
103 filename(const char *at, char **name)
104 {
105 	char	*tmp, *t;
106 
107 	*name = NULL;
108 	if (*at == '\0')
109 		return NULL;
110 
111 	while (isspace((unsigned char)*at))
112 		at++;
113 
114 	/* files can be created or removed by diffing against /dev/null */
115 	if (!strncmp(at, _PATH_DEVNULL, sizeof(_PATH_DEVNULL) - 1))
116 		return NULL;
117 
118 	tmp = strdup(at);
119 	if (tmp == NULL)
120 		return got_error_from_errno("strdup");
121 	if ((t = strchr(tmp, '\t')) != NULL)
122 		*t = '\0';
123 	if ((t = strchr(tmp, '\n')) != NULL)
124 		*t = '\0';
125 
126 	*name = strdup(tmp);
127 	free(tmp);
128 	if (*name == NULL)
129 		return got_error_from_errno("strdup");
130 	return NULL;
131 }
132 
133 static int
134 binary_deleted(const char *line)
135 {
136 	const char *prefix = "Binary files ";
137 	const char *suffix = " and /dev/null differ\n";
138 	size_t len, d;
139 
140 	if (strncmp(line, prefix, strlen(prefix)) != 0)
141 		return 0;
142 	line += strlen(prefix);
143 
144 	len = strlen(line);
145 	if (len <= strlen(suffix))
146 		return 0;
147 	d = len - strlen(suffix);
148 	return (strcmp(line + d, suffix) == 0);
149 }
150 
151 static const struct got_error *
152 binaryfilename(const char *at, char **name)
153 {
154 	const char *suffix = " and /dev/null differ\n";
155 	size_t len, d;
156 
157 	*name = NULL;
158 
159 	len = strlen(at);
160 	if (len <= strlen(suffix))
161 		return NULL;
162 
163 	d = len - strlen(suffix);
164 	if (strcmp(at + d, suffix) != 0)
165 		return NULL;
166 
167 	*name = strndup(at, d);
168 	if (*name == NULL)
169 		return got_error_from_errno("strndup");
170 	return NULL;
171 }
172 
173 static int
174 filexbit(const char *line)
175 {
176 	char *m;
177 
178 	m = strchr(line, '(');
179 	if (m && !strncmp(m + 1, "mode ", 5))
180 		return strncmp(m + 6, "755", 3) == 0;
181 
182 	return 0;
183 }
184 
185 static const struct got_error *
186 blobid(const char *line, char **blob, int git)
187 {
188 	uint8_t digest[SHA1_DIGEST_LENGTH];
189 	size_t len;
190 
191 	*blob = NULL;
192 
193 	len = strspn(line, "0123456789abcdefABCDEF");
194 	if ((*blob = strndup(line, len)) == NULL)
195 		return got_error_from_errno("strndup");
196 
197 	if (!git && !got_parse_sha1_digest(digest, *blob)) {
198 		/* silently ignore invalid blob ids */
199 		free(*blob);
200 		*blob = NULL;
201 	}
202 	return NULL;
203 }
204 
205 static const struct got_error *
206 patch_start(int *git, char **cid, FILE *fp)
207 {
208 	const struct got_error *err = NULL;
209 	char	*line = NULL;
210 	size_t	 linesize = 0;
211 	ssize_t	 linelen;
212 
213 	*git = 0;
214 
215 	while ((linelen = getline(&line, &linesize, fp)) != -1) {
216 		if (!strncmp(line, "diff --git ", 11)) {
217 			*git = 1;
218 			free(*cid);
219 			*cid = NULL;
220 			break;
221 		} else if (!strncmp(line, "diff ", 5)) {
222 			*git = 0;
223 			free(*cid);
224 			*cid = NULL;
225 		} else if (!strncmp(line, "commit - ", 9)) {
226 			free(*cid);
227 			err = blobid(line + 9, cid, *git);
228 			if (err)
229 				break;
230 		} else if (!strncmp(line, "--- ", 4) ||
231 		    !strncmp(line, "+++ ", 4) ||
232 		    !strncmp(line, "blob - ", 7) ||
233 		    binary_deleted(line)) {
234 			/* rewind to previous line */
235 			if (fseeko(fp, -linelen, SEEK_CUR) == -1)
236 				err = got_error_from_errno("fseeko");
237 			break;
238 		}
239 	}
240 
241 	free(line);
242 	if (ferror(fp) && err == NULL)
243 		err = got_error_from_errno("getline");
244 	if (feof(fp) && err == NULL)
245 		err = got_error(GOT_ERR_NO_PATCH);
246 	return err;
247 }
248 
249 static const struct got_error *
250 find_diff(int *done, int *next, FILE *fp, int git, const char *commitid)
251 {
252 	const struct got_error *err = NULL;
253 	char	*old = NULL, *new = NULL;
254 	char	*blob = NULL;
255 	char	*line = NULL;
256 	size_t	 linesize = 0;
257 	ssize_t	 linelen;
258 	int	 create, delete_binary = 0, rename = 0, xbit = 0;
259 
260 	*done = 0;
261 	*next = 0;
262 	while ((linelen = getline(&line, &linesize, fp)) != -1) {
263 		/*
264 		 * Ignore the Index name like GNU and larry' patch,
265 		 * we don't have to follow POSIX.
266 		 */
267 
268 		if (!strncmp(line, "--- ", 4)) {
269 			free(old);
270 			err = filename(line+4, &old);
271 		} else if (rename && !strncmp(line, "rename from ", 12)) {
272 			free(old);
273 			err = filename(line+12, &old);
274 		} else if (!strncmp(line, "+++ ", 4)) {
275 			free(new);
276 			err = filename(line+4, &new);
277 		} else if (!strncmp(line, "blob + ", 7) ||
278 		    !strncmp(line, "file + ", 7)) {
279 			xbit = filexbit(line);
280 		} else if (!git && !strncmp(line, "blob - ", 7)) {
281 			free(blob);
282 			err = blobid(line + 7, &blob, git);
283 		} else if (!strncmp(line, "Binary files ", 13)) {
284 			delete_binary = 1;
285 			free(old);
286 			err = binaryfilename(line + 13, &old);
287 		} else if (rename && !strncmp(line, "rename to ", 10)) {
288 			free(new);
289 			err = filename(line + 10, &new);
290 		} else if (git && !strncmp(line, "similarity index 100%", 21))
291 			rename = 1;
292 		else if (git && !strncmp(line, "new file mode 100", 17))
293 			xbit = strncmp(line + 17, "755", 3) == 0;
294 		else if (git && !strncmp(line, "index ", 6)) {
295 			free(blob);
296 			err = blobid(line + 6, &blob, git);
297 		} else if (!strncmp(line, "diff ", 5)) {
298 			/* rewind to previous line */
299 			if (fseeko(fp, -linelen, SEEK_CUR) == -1)
300 				err = got_error_from_errno("fseeko");
301 			*next = 1;
302 			break;
303 		}
304 
305 		if (err)
306 			break;
307 
308 		/*
309 		 * Git-style diffs with "similarity index 100%" don't
310 		 * have any hunks and ends with the "rename to foobar"
311 		 * line.
312 		 */
313 		if (rename && old != NULL && new != NULL) {
314 			*done = 1;
315 			err = send_patch(old, new, commitid,
316 			    blob, xbit, git);
317 			break;
318 		}
319 
320 		/*
321 		 * Diffs that remove binary files have no hunks.
322 		 */
323 		if (delete_binary && old != NULL) {
324 			*done = 1;
325 			err = send_patch(old, new, commitid,
326 			    blob, xbit, git);
327 			break;
328 		}
329 
330 		if (!strncmp(line, "@@ -", 4)) {
331 			create = !strncmp(line+4, "0,0", 3);
332 			if ((old == NULL && new == NULL) ||
333 			    (!create && old == NULL))
334 				err = got_error(GOT_ERR_PATCH_MALFORMED);
335 			else
336 				err = send_patch(old, new, commitid,
337 				    blob, xbit, git);
338 
339 			if (err)
340 				break;
341 
342 			/* rewind to previous line */
343 			if (fseeko(fp, -linelen, SEEK_CUR) == -1)
344 				err = got_error_from_errno("fseeko");
345 			break;
346 		}
347 	}
348 
349 	free(old);
350 	free(new);
351 	free(blob);
352 	free(line);
353 	if (ferror(fp) && err == NULL)
354 		err = got_error_from_errno("getline");
355 	if (feof(fp) && err == NULL)
356 		err = got_error(GOT_ERR_NO_PATCH);
357 	return err;
358 }
359 
360 static const struct got_error *
361 strtolnum(char **str, int *n)
362 {
363 	char		*p, c;
364 	const char	*errstr;
365 
366 	for (p = *str; isdigit((unsigned char)*p); ++p)
367 		/* nop */;
368 
369 	c = *p;
370 	*p = '\0';
371 
372 	*n = strtonum(*str, 0, INT_MAX, &errstr);
373 	if (errstr != NULL)
374 		return got_error(GOT_ERR_PATCH_MALFORMED);
375 
376 	*p = c;
377 	*str = p;
378 	return NULL;
379 }
380 
381 static const struct got_error *
382 parse_hdr(char *s, int *done, struct got_imsg_patch_hunk *hdr)
383 {
384 	static const struct got_error *err = NULL;
385 
386 	if (strncmp(s, "@@ -", 4)) {
387 		*done = 1;
388 		return NULL;
389 	}
390 
391 	s += 4;
392 	if (!*s)
393 		return NULL;
394 	err = strtolnum(&s, &hdr->oldfrom);
395 	if (err)
396 		return err;
397 	if (*s == ',') {
398 		s++;
399 		err = strtolnum(&s, &hdr->oldlines);
400 		if (err)
401 			return err;
402 	} else
403 		hdr->oldlines = 1;
404 
405 	if (*s == ' ')
406 		s++;
407 
408 	if (*s != '+' || !*++s)
409 		return got_error(GOT_ERR_PATCH_MALFORMED);
410 	err = strtolnum(&s, &hdr->newfrom);
411 	if (err)
412 		return err;
413 	if (*s == ',') {
414 		s++;
415 		err = strtolnum(&s, &hdr->newlines);
416 		if (err)
417 			return err;
418 	} else
419 		hdr->newlines = 1;
420 
421 	if (*s == ' ')
422 		s++;
423 
424 	if (*s != '@')
425 		return got_error(GOT_ERR_PATCH_MALFORMED);
426 
427 	if (hdr->oldfrom >= INT_MAX - hdr->oldlines ||
428 	    hdr->newfrom >= INT_MAX - hdr->newlines ||
429 	    /* not so sure about this one */
430 	    hdr->oldlines >= INT_MAX - hdr->newlines - 1 ||
431 	    (hdr->oldlines == 0 && hdr->newlines == 0))
432 		return got_error(GOT_ERR_PATCH_MALFORMED);
433 
434 	if (hdr->oldlines == 0) {
435 		/* larry says to "do append rather than insert"; I don't
436 		 * quite get it, but i trust him.
437 		 */
438 		hdr->oldfrom++;
439 	}
440 
441 	if (imsg_compose(&ibuf, GOT_IMSG_PATCH_HUNK, 0, 0, -1,
442 	    hdr, sizeof(*hdr)) == -1)
443 		return got_error_from_errno(
444 		    "imsg_compose GOT_IMSG_PATCH_HUNK");
445 	return NULL;
446 }
447 
448 static const struct got_error *
449 send_line(const char *line)
450 {
451 	static const struct got_error *err = NULL;
452 	char *p = NULL;
453 
454 	if (*line != '+' && *line != '-' && *line != ' ' && *line != '\\') {
455 		if (asprintf(&p, " %s", line) == -1)
456 			return got_error_from_errno("asprintf");
457 		line = p;
458 	}
459 
460 	if (imsg_compose(&ibuf, GOT_IMSG_PATCH_LINE, 0, 0, -1,
461 	    line, strlen(line) + 1) == -1)
462 		err = got_error_from_errno(
463 		    "imsg_compose GOT_IMSG_PATCH_LINE");
464 
465 	free(p);
466 	return err;
467 }
468 
469 static const struct got_error *
470 peek_special_line(FILE *fp)
471 {
472 	const struct got_error *err;
473 	int ch;
474 
475 	ch = fgetc(fp);
476 	if (ch != EOF && ch != '\\') {
477 		ungetc(ch, fp);
478 		return NULL;
479 	}
480 
481 	if (ch == '\\') {
482 		err = send_line("\\");
483 		if (err)
484 			return err;
485 	}
486 
487 	while (ch != EOF && ch != '\n')
488 		ch = fgetc(fp);
489 
490 	if (ch != EOF || feof(fp))
491 		return NULL;
492 	return got_error(GOT_ERR_IO);
493 }
494 
495 static const struct got_error *
496 parse_hunk(FILE *fp, int *done)
497 {
498 	static const struct got_error *err = NULL;
499 	struct got_imsg_patch_hunk hdr;
500 	char	*line = NULL, ch;
501 	size_t	 linesize = 0;
502 	ssize_t	 linelen;
503 	int	 leftold, leftnew;
504 
505 	linelen = getline(&line, &linesize, fp);
506 	if (linelen == -1) {
507 		*done = 1;
508 		goto done;
509 	}
510 
511 	err = parse_hdr(line, done, &hdr);
512 	if (err)
513 		goto done;
514 	if (*done) {
515 		if (fseeko(fp, -linelen, SEEK_CUR) == -1)
516 			err = got_error_from_errno("fseeko");
517 		goto done;
518 	}
519 
520 	leftold = hdr.oldlines;
521 	leftnew = hdr.newlines;
522 
523 	while (leftold > 0 || leftnew > 0) {
524 		linelen = getline(&line, &linesize, fp);
525 		if (linelen == -1) {
526 			if (ferror(fp)) {
527 				err = got_error_from_errno("getline");
528 				goto done;
529 			}
530 
531 			/* trailing newlines may be chopped */
532 			if (leftold < 3 && leftnew < 3) {
533 				*done = 1;
534 				break;
535 			}
536 
537 			err = got_error(GOT_ERR_PATCH_TRUNCATED);
538 			goto done;
539 		}
540 		if (line[linelen - 1] == '\n')
541 			line[linelen - 1] = '\0';
542 
543 		/* usr.bin/patch allows '=' as context char */
544 		if (*line == '=')
545 			*line = ' ';
546 
547 		ch = *line;
548 		if (ch == '\t' || ch == '\0')
549 			ch = ' ';	/* the space got eaten */
550 
551 		switch (ch) {
552 		case '-':
553 			leftold--;
554 			break;
555 		case ' ':
556 			leftold--;
557 			leftnew--;
558 			break;
559 		case '+':
560 			leftnew--;
561 			break;
562 		default:
563 			err = got_error(GOT_ERR_PATCH_MALFORMED);
564 			goto done;
565 		}
566 
567 		if (leftold < 0 || leftnew < 0) {
568 			err = got_error(GOT_ERR_PATCH_MALFORMED);
569 			goto done;
570 		}
571 
572 		err = send_line(line);
573 		if (err)
574 			goto done;
575 
576 		if ((ch == '-' && leftold == 0) ||
577 		    (ch == '+' && leftnew == 0)) {
578 			err = peek_special_line(fp);
579 			if (err)
580 				goto done;
581 		}
582 	}
583 
584 done:
585 	free(line);
586 	return err;
587 }
588 
589 static const struct got_error *
590 read_patch(struct imsgbuf *ibuf, int fd)
591 {
592 	const struct got_error *err = NULL;
593 	FILE *fp;
594 	int git, patch_found = 0;
595 	char *cid = NULL;
596 
597 	if ((fp = fdopen(fd, "r")) == NULL) {
598 		err = got_error_from_errno("fdopen");
599 		close(fd);
600 		return err;
601 	}
602 
603 	while ((err = patch_start(&git, &cid, fp)) == NULL) {
604 		int done, next;
605 
606 		err = find_diff(&done, &next, fp, git, cid);
607 		if (err)
608 			goto done;
609 		if (next)
610 			continue;
611 
612 		patch_found = 1;
613 
614 		while (!done) {
615 			err = parse_hunk(fp, &done);
616 			if (err)
617 				goto done;
618 		}
619 
620 		err = send_patch_done();
621 		if (err)
622 			goto done;
623 	}
624 
625 done:
626 	fclose(fp);
627 	free(cid);
628 
629 	/* ignore trailing gibberish */
630 	if (err != NULL && err->code == GOT_ERR_NO_PATCH && patch_found)
631 		err = NULL;
632 
633 	return err;
634 }
635 
636 int
637 main(int argc, char **argv)
638 {
639 	const struct got_error *err = NULL;
640 	struct imsg imsg;
641 #if 0
642 	static int attached;
643 	while (!attached)
644 		sleep(1);
645 #endif
646 
647 	imsg_init(&ibuf, GOT_IMSG_FD_CHILD);
648 #ifndef PROFILE
649 	/* revoke access to most system calls */
650 	if (pledge("stdio recvfd", NULL) == -1) {
651 		err = got_error_from_errno("pledge");
652 		got_privsep_send_error(&ibuf, err);
653 		return 1;
654 	}
655 
656 	/* revoke fs access */
657 	if (landlock_no_fs() == -1) {
658 		err = got_error_from_errno("landlock_no_fs");
659 		got_privsep_send_error(&ibuf, err);
660 		return 1;
661 	}
662 	if (cap_enter() == -1) {
663 		err = got_error_from_errno("cap_enter");
664 		got_privsep_send_error(&ibuf, err);
665 		return 1;
666 	}
667 #endif
668 
669 	err = got_privsep_recv_imsg(&imsg, &ibuf, 0);
670 	if (err)
671 		goto done;
672 	if (imsg.hdr.type != GOT_IMSG_PATCH_FILE || imsg.fd == -1) {
673 		err = got_error(GOT_ERR_PRIVSEP_MSG);
674 		goto done;
675 	}
676 
677 	err = read_patch(&ibuf, imsg.fd);
678 	if (err)
679 		goto done;
680 	if (imsg_compose(&ibuf, GOT_IMSG_PATCH_EOF, 0, 0, -1,
681 	    NULL, 0) == -1) {
682 		err = got_error_from_errno("imsg_compose GOT_IMSG_PATCH_EOF");
683 		goto done;
684 	}
685 	err = got_privsep_flush_imsg(&ibuf);
686 done:
687 	imsg_free(&imsg);
688 	if (err != NULL) {
689 		got_privsep_send_error(&ibuf, err);
690 		err = NULL;
691 	}
692 	if (close(GOT_IMSG_FD_CHILD) == -1 && err == NULL)
693 		err = got_error_from_errno("close");
694 	if (err && err->code != GOT_ERR_PRIVSEP_PIPE)
695 		fprintf(stderr, "%s: %s\n", getprogname(), err->msg);
696 	return err ? 1 : 0;
697 }