1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 /*
18 * Read-only access to Zip archives, with minimal heap allocation.
19 */
20
21 #define LOG_TAG "ziparchive"
22
23 #include "ziparchive/zip_archive.h"
24
25 #include <errno.h>
26 #include <fcntl.h>
27 #include <inttypes.h>
28 #include <limits.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <time.h>
32 #include <unistd.h>
33
34 #include <memory>
35 #include <vector>
36
37 #if defined(__APPLE__)
38 #define lseek64 lseek
39 #endif
40
41 #if defined(__BIONIC__)
42 #include <android/fdsan.h>
43 #endif
44
45 #include <android-base/file.h>
46 #include <android-base/logging.h>
47 #include <android-base/macros.h> // TEMP_FAILURE_RETRY may or may not be in unistd
48 #include <android-base/mapped_file.h>
49 #include <android-base/memory.h>
50 #include <android-base/strings.h>
51 #include <android-base/utf8.h>
52 #include <log/log.h>
53 #include "zlib.h"
54
55 #include "entry_name_utils-inl.h"
56 #include "zip_archive_common.h"
57 #include "zip_archive_private.h"
58
59 using android::base::get_unaligned;
60
61 // Used to turn on crc checks - verify that the content CRC matches the values
62 // specified in the local file header and the central directory.
63 static constexpr bool kCrcChecksEnabled = false;
64
65 // The maximum number of bytes to scan backwards for the EOCD start.
66 static const uint32_t kMaxEOCDSearch = kMaxCommentLen + sizeof(EocdRecord);
67
68 /*
69 * A Read-only Zip archive.
70 *
71 * We want "open" and "find entry by name" to be fast operations, and
72 * we want to use as little memory as possible. We memory-map the zip
73 * central directory, and load a hash table with pointers to the filenames
74 * (which aren't null-terminated). The other fields are at a fixed offset
75 * from the filename, so we don't need to extract those (but we do need
76 * to byte-read and endian-swap them every time we want them).
77 *
78 * It's possible that somebody has handed us a massive (~1GB) zip archive,
79 * so we can't expect to mmap the entire file.
80 *
81 * To speed comparisons when doing a lookup by name, we could make the mapping
82 * "private" (copy-on-write) and null-terminate the filenames after verifying
83 * the record structure. However, this requires a private mapping of
84 * every page that the Central Directory touches. Easier to tuck a copy
85 * of the string length into the hash table entry.
86 */
87
88 /*
89 * Round up to the next highest power of 2.
90 *
91 * Found on http://graphics.stanford.edu/~seander/bithacks.html.
92 */
RoundUpPower2(uint32_t val)93 static uint32_t RoundUpPower2(uint32_t val) {
94 val--;
95 val |= val >> 1;
96 val |= val >> 2;
97 val |= val >> 4;
98 val |= val >> 8;
99 val |= val >> 16;
100 val++;
101
102 return val;
103 }
104
ComputeHash(std::string_view name)105 static uint32_t ComputeHash(std::string_view name) {
106 return static_cast<uint32_t>(std::hash<std::string_view>{}(name));
107 }
108
109 /*
110 * Convert a ZipEntry to a hash table index, verifying that it's in a
111 * valid range.
112 */
EntryToIndex(const ZipStringOffset * hash_table,const uint32_t hash_table_size,std::string_view name,const uint8_t * start)113 static int64_t EntryToIndex(const ZipStringOffset* hash_table, const uint32_t hash_table_size,
114 std::string_view name, const uint8_t* start) {
115 const uint32_t hash = ComputeHash(name);
116
117 // NOTE: (hash_table_size - 1) is guaranteed to be non-negative.
118 uint32_t ent = hash & (hash_table_size - 1);
119 while (hash_table[ent].name_offset != 0) {
120 if (hash_table[ent].ToStringView(start) == name) {
121 return ent;
122 }
123 ent = (ent + 1) & (hash_table_size - 1);
124 }
125
126 ALOGV("Zip: Unable to find entry %.*s", static_cast<int>(name.size()), name.data());
127 return kEntryNotFound;
128 }
129
130 /*
131 * Add a new entry to the hash table.
132 */
AddToHash(ZipStringOffset * hash_table,const uint32_t hash_table_size,std::string_view name,const uint8_t * start)133 static int32_t AddToHash(ZipStringOffset* hash_table, const uint32_t hash_table_size,
134 std::string_view name, const uint8_t* start) {
135 const uint64_t hash = ComputeHash(name);
136 uint32_t ent = hash & (hash_table_size - 1);
137
138 /*
139 * We over-allocated the table, so we're guaranteed to find an empty slot.
140 * Further, we guarantee that the hashtable size is not 0.
141 */
142 while (hash_table[ent].name_offset != 0) {
143 if (hash_table[ent].ToStringView(start) == name) {
144 // We've found a duplicate entry. We don't accept duplicates.
145 ALOGW("Zip: Found duplicate entry %.*s", static_cast<int>(name.size()), name.data());
146 return kDuplicateEntry;
147 }
148 ent = (ent + 1) & (hash_table_size - 1);
149 }
150
151 // `name` has already been validated before entry.
152 const char* start_char = reinterpret_cast<const char*>(start);
153 hash_table[ent].name_offset = static_cast<uint32_t>(name.data() - start_char);
154 hash_table[ent].name_length = static_cast<uint16_t>(name.size());
155 return 0;
156 }
157
158 #if defined(__BIONIC__)
GetOwnerTag(const ZipArchive * archive)159 uint64_t GetOwnerTag(const ZipArchive* archive) {
160 return android_fdsan_create_owner_tag(ANDROID_FDSAN_OWNER_TYPE_ZIPARCHIVE,
161 reinterpret_cast<uint64_t>(archive));
162 }
163 #endif
164
ZipArchive(MappedZipFile && map,bool assume_ownership)165 ZipArchive::ZipArchive(MappedZipFile&& map, bool assume_ownership)
166 : mapped_zip(map),
167 close_file(assume_ownership),
168 directory_offset(0),
169 central_directory(),
170 directory_map(),
171 num_entries(0),
172 hash_table_size(0),
173 hash_table(nullptr) {
174 #if defined(__BIONIC__)
175 if (assume_ownership) {
176 CHECK(mapped_zip.HasFd());
177 android_fdsan_exchange_owner_tag(mapped_zip.GetFileDescriptor(), 0, GetOwnerTag(this));
178 }
179 #endif
180 }
181
ZipArchive(const void * address,size_t length)182 ZipArchive::ZipArchive(const void* address, size_t length)
183 : mapped_zip(address, length),
184 close_file(false),
185 directory_offset(0),
186 central_directory(),
187 directory_map(),
188 num_entries(0),
189 hash_table_size(0),
190 hash_table(nullptr) {}
191
~ZipArchive()192 ZipArchive::~ZipArchive() {
193 if (close_file && mapped_zip.GetFileDescriptor() >= 0) {
194 #if defined(__BIONIC__)
195 android_fdsan_close_with_tag(mapped_zip.GetFileDescriptor(), GetOwnerTag(this));
196 #else
197 close(mapped_zip.GetFileDescriptor());
198 #endif
199 }
200
201 free(hash_table);
202 }
203
MapCentralDirectory0(const char * debug_file_name,ZipArchive * archive,off64_t file_length,uint32_t read_amount,uint8_t * scan_buffer)204 static int32_t MapCentralDirectory0(const char* debug_file_name, ZipArchive* archive,
205 off64_t file_length, uint32_t read_amount,
206 uint8_t* scan_buffer) {
207 const off64_t search_start = file_length - read_amount;
208
209 if (!archive->mapped_zip.ReadAtOffset(scan_buffer, read_amount, search_start)) {
210 ALOGE("Zip: read %" PRId64 " from offset %" PRId64 " failed", static_cast<int64_t>(read_amount),
211 static_cast<int64_t>(search_start));
212 return kIoError;
213 }
214
215 /*
216 * Scan backward for the EOCD magic. In an archive without a trailing
217 * comment, we'll find it on the first try. (We may want to consider
218 * doing an initial minimal read; if we don't find it, retry with a
219 * second read as above.)
220 */
221 CHECK_LE(read_amount, std::numeric_limits<int32_t>::max());
222 int32_t i = read_amount - sizeof(EocdRecord);
223 for (; i >= 0; i--) {
224 if (scan_buffer[i] == 0x50) {
225 uint32_t* sig_addr = reinterpret_cast<uint32_t*>(&scan_buffer[i]);
226 if (get_unaligned<uint32_t>(sig_addr) == EocdRecord::kSignature) {
227 ALOGV("+++ Found EOCD at buf+%d", i);
228 break;
229 }
230 }
231 }
232 if (i < 0) {
233 ALOGD("Zip: EOCD not found, %s is not zip", debug_file_name);
234 return kInvalidFile;
235 }
236
237 const off64_t eocd_offset = search_start + i;
238 const EocdRecord* eocd = reinterpret_cast<const EocdRecord*>(scan_buffer + i);
239 /*
240 * Verify that there's no trailing space at the end of the central directory
241 * and its comment.
242 */
243 const off64_t calculated_length = eocd_offset + sizeof(EocdRecord) + eocd->comment_length;
244 if (calculated_length != file_length) {
245 ALOGW("Zip: %" PRId64 " extraneous bytes at the end of the central directory",
246 static_cast<int64_t>(file_length - calculated_length));
247 return kInvalidFile;
248 }
249
250 /*
251 * Grab the CD offset and size, and the number of entries in the
252 * archive and verify that they look reasonable.
253 */
254 if (static_cast<off64_t>(eocd->cd_start_offset) + eocd->cd_size > eocd_offset) {
255 ALOGW("Zip: bad offsets (dir %" PRIu32 ", size %" PRIu32 ", eocd %" PRId64 ")",
256 eocd->cd_start_offset, eocd->cd_size, static_cast<int64_t>(eocd_offset));
257 return kInvalidOffset;
258 }
259 if (eocd->num_records == 0) {
260 #if defined(__ANDROID__)
261 ALOGW("Zip: empty archive?");
262 #endif
263 return kEmptyArchive;
264 }
265
266 ALOGV("+++ num_entries=%" PRIu32 " dir_size=%" PRIu32 " dir_offset=%" PRIu32, eocd->num_records,
267 eocd->cd_size, eocd->cd_start_offset);
268
269 // It all looks good. Create a mapping for the CD, and set the fields
270 // in archive.
271 if (!archive->InitializeCentralDirectory(static_cast<off64_t>(eocd->cd_start_offset),
272 static_cast<size_t>(eocd->cd_size))) {
273 return kMmapFailed;
274 }
275
276 archive->num_entries = eocd->num_records;
277 archive->directory_offset = eocd->cd_start_offset;
278
279 return 0;
280 }
281
282 /*
283 * Find the zip Central Directory and memory-map it.
284 *
285 * On success, returns 0 after populating fields from the EOCD area:
286 * directory_offset
287 * directory_ptr
288 * num_entries
289 */
MapCentralDirectory(const char * debug_file_name,ZipArchive * archive)290 static int32_t MapCentralDirectory(const char* debug_file_name, ZipArchive* archive) {
291 // Test file length. We use lseek64 to make sure the file
292 // is small enough to be a zip file (Its size must be less than
293 // 0xffffffff bytes).
294 off64_t file_length = archive->mapped_zip.GetFileLength();
295 if (file_length == -1) {
296 return kInvalidFile;
297 }
298
299 if (file_length > static_cast<off64_t>(0xffffffff)) {
300 ALOGV("Zip: zip file too long %" PRId64, static_cast<int64_t>(file_length));
301 return kInvalidFile;
302 }
303
304 if (file_length < static_cast<off64_t>(sizeof(EocdRecord))) {
305 ALOGV("Zip: length %" PRId64 " is too small to be zip", static_cast<int64_t>(file_length));
306 return kInvalidFile;
307 }
308
309 /*
310 * Perform the traditional EOCD snipe hunt.
311 *
312 * We're searching for the End of Central Directory magic number,
313 * which appears at the start of the EOCD block. It's followed by
314 * 18 bytes of EOCD stuff and up to 64KB of archive comment. We
315 * need to read the last part of the file into a buffer, dig through
316 * it to find the magic number, parse some values out, and use those
317 * to determine the extent of the CD.
318 *
319 * We start by pulling in the last part of the file.
320 */
321 uint32_t read_amount = kMaxEOCDSearch;
322 if (file_length < read_amount) {
323 read_amount = static_cast<uint32_t>(file_length);
324 }
325
326 std::vector<uint8_t> scan_buffer(read_amount);
327 int32_t result =
328 MapCentralDirectory0(debug_file_name, archive, file_length, read_amount, scan_buffer.data());
329 return result;
330 }
331
332 /*
333 * Parses the Zip archive's Central Directory. Allocates and populates the
334 * hash table.
335 *
336 * Returns 0 on success.
337 */
ParseZipArchive(ZipArchive * archive)338 static int32_t ParseZipArchive(ZipArchive* archive) {
339 const uint8_t* const cd_ptr = archive->central_directory.GetBasePtr();
340 const size_t cd_length = archive->central_directory.GetMapLength();
341 const uint16_t num_entries = archive->num_entries;
342
343 /*
344 * Create hash table. We have a minimum 75% load factor, possibly as
345 * low as 50% after we round off to a power of 2. There must be at
346 * least one unused entry to avoid an infinite loop during creation.
347 */
348 archive->hash_table_size = RoundUpPower2(1 + (num_entries * 4) / 3);
349 archive->hash_table =
350 reinterpret_cast<ZipStringOffset*>(calloc(archive->hash_table_size, sizeof(ZipStringOffset)));
351 if (archive->hash_table == nullptr) {
352 ALOGW("Zip: unable to allocate the %u-entry hash_table, entry size: %zu",
353 archive->hash_table_size, sizeof(ZipStringOffset));
354 return kAllocationFailed;
355 }
356
357 /*
358 * Walk through the central directory, adding entries to the hash
359 * table and verifying values.
360 */
361 const uint8_t* const cd_end = cd_ptr + cd_length;
362 const uint8_t* ptr = cd_ptr;
363 for (uint16_t i = 0; i < num_entries; i++) {
364 if (ptr > cd_end - sizeof(CentralDirectoryRecord)) {
365 ALOGW("Zip: ran off the end (item #%" PRIu16 ", %zu bytes of central directory)", i,
366 cd_length);
367 #if defined(__ANDROID__)
368 android_errorWriteLog(0x534e4554, "36392138");
369 #endif
370 return kInvalidFile;
371 }
372
373 const CentralDirectoryRecord* cdr = reinterpret_cast<const CentralDirectoryRecord*>(ptr);
374 if (cdr->record_signature != CentralDirectoryRecord::kSignature) {
375 ALOGW("Zip: missed a central dir sig (at %" PRIu16 ")", i);
376 return kInvalidFile;
377 }
378
379 const off64_t local_header_offset = cdr->local_file_header_offset;
380 if (local_header_offset >= archive->directory_offset) {
381 ALOGW("Zip: bad LFH offset %" PRId64 " at entry %" PRIu16,
382 static_cast<int64_t>(local_header_offset), i);
383 return kInvalidFile;
384 }
385
386 const uint16_t file_name_length = cdr->file_name_length;
387 const uint16_t extra_length = cdr->extra_field_length;
388 const uint16_t comment_length = cdr->comment_length;
389 const uint8_t* file_name = ptr + sizeof(CentralDirectoryRecord);
390
391 if (file_name + file_name_length > cd_end) {
392 ALOGW("Zip: file name for entry %" PRIu16
393 " exceeds the central directory range, file_name_length: %" PRIu16 ", cd_length: %zu",
394 i, file_name_length, cd_length);
395 return kInvalidEntryName;
396 }
397 // Check that file name is valid UTF-8 and doesn't contain NUL (U+0000) characters.
398 if (!IsValidEntryName(file_name, file_name_length)) {
399 ALOGW("Zip: invalid file name at entry %" PRIu16, i);
400 return kInvalidEntryName;
401 }
402
403 // Add the CDE filename to the hash table.
404 std::string_view entry_name{reinterpret_cast<const char*>(file_name), file_name_length};
405 const int add_result = AddToHash(archive->hash_table, archive->hash_table_size, entry_name,
406 archive->central_directory.GetBasePtr());
407 if (add_result != 0) {
408 ALOGW("Zip: Error adding entry to hash table %d", add_result);
409 return add_result;
410 }
411
412 ptr += sizeof(CentralDirectoryRecord) + file_name_length + extra_length + comment_length;
413 if ((ptr - cd_ptr) > static_cast<int64_t>(cd_length)) {
414 ALOGW("Zip: bad CD advance (%tu vs %zu) at entry %" PRIu16, ptr - cd_ptr, cd_length, i);
415 return kInvalidFile;
416 }
417 }
418
419 uint32_t lfh_start_bytes;
420 if (!archive->mapped_zip.ReadAtOffset(reinterpret_cast<uint8_t*>(&lfh_start_bytes),
421 sizeof(uint32_t), 0)) {
422 ALOGW("Zip: Unable to read header for entry at offset == 0.");
423 return kInvalidFile;
424 }
425
426 if (lfh_start_bytes != LocalFileHeader::kSignature) {
427 ALOGW("Zip: Entry at offset zero has invalid LFH signature %" PRIx32, lfh_start_bytes);
428 #if defined(__ANDROID__)
429 android_errorWriteLog(0x534e4554, "64211847");
430 #endif
431 return kInvalidFile;
432 }
433
434 ALOGV("+++ zip good scan %" PRIu16 " entries", num_entries);
435
436 return 0;
437 }
438
OpenArchiveInternal(ZipArchive * archive,const char * debug_file_name)439 static int32_t OpenArchiveInternal(ZipArchive* archive, const char* debug_file_name) {
440 int32_t result = MapCentralDirectory(debug_file_name, archive);
441 return result != 0 ? result : ParseZipArchive(archive);
442 }
443
OpenArchiveFd(int fd,const char * debug_file_name,ZipArchiveHandle * handle,bool assume_ownership)444 int32_t OpenArchiveFd(int fd, const char* debug_file_name, ZipArchiveHandle* handle,
445 bool assume_ownership) {
446 ZipArchive* archive = new ZipArchive(MappedZipFile(fd), assume_ownership);
447 *handle = archive;
448 return OpenArchiveInternal(archive, debug_file_name);
449 }
450
OpenArchiveFdRange(int fd,const char * debug_file_name,ZipArchiveHandle * handle,off64_t length,off64_t offset,bool assume_ownership)451 int32_t OpenArchiveFdRange(int fd, const char* debug_file_name, ZipArchiveHandle* handle,
452 off64_t length, off64_t offset, bool assume_ownership) {
453 ZipArchive* archive = new ZipArchive(MappedZipFile(fd, length, offset), assume_ownership);
454 *handle = archive;
455
456 if (length < 0) {
457 ALOGW("Invalid zip length %" PRId64, length);
458 return kIoError;
459 }
460
461 if (offset < 0) {
462 ALOGW("Invalid zip offset %" PRId64, offset);
463 return kIoError;
464 }
465
466 return OpenArchiveInternal(archive, debug_file_name);
467 }
468
OpenArchive(const char * fileName,ZipArchiveHandle * handle)469 int32_t OpenArchive(const char* fileName, ZipArchiveHandle* handle) {
470 const int fd = ::android::base::utf8::open(fileName, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
471 ZipArchive* archive = new ZipArchive(MappedZipFile(fd), true);
472 *handle = archive;
473
474 if (fd < 0) {
475 ALOGW("Unable to open '%s': %s", fileName, strerror(errno));
476 return kIoError;
477 }
478
479 return OpenArchiveInternal(archive, fileName);
480 }
481
OpenArchiveFromMemory(const void * address,size_t length,const char * debug_file_name,ZipArchiveHandle * handle)482 int32_t OpenArchiveFromMemory(const void* address, size_t length, const char* debug_file_name,
483 ZipArchiveHandle* handle) {
484 ZipArchive* archive = new ZipArchive(address, length);
485 *handle = archive;
486 return OpenArchiveInternal(archive, debug_file_name);
487 }
488
GetArchiveInfo(ZipArchiveHandle archive)489 ZipArchiveInfo GetArchiveInfo(ZipArchiveHandle archive) {
490 ZipArchiveInfo result;
491 result.archive_size = archive->mapped_zip.GetFileLength();
492 result.entry_count = archive->num_entries;
493 return result;
494 }
495
496 /*
497 * Close a ZipArchive, closing the file and freeing the contents.
498 */
CloseArchive(ZipArchiveHandle archive)499 void CloseArchive(ZipArchiveHandle archive) {
500 ALOGV("Closing archive %p", archive);
501 delete archive;
502 }
503
ValidateDataDescriptor(MappedZipFile & mapped_zip,ZipEntry * entry)504 static int32_t ValidateDataDescriptor(MappedZipFile& mapped_zip, ZipEntry* entry) {
505 uint8_t ddBuf[sizeof(DataDescriptor) + sizeof(DataDescriptor::kOptSignature)];
506 off64_t offset = entry->offset;
507 if (entry->method != kCompressStored) {
508 offset += entry->compressed_length;
509 } else {
510 offset += entry->uncompressed_length;
511 }
512
513 if (!mapped_zip.ReadAtOffset(ddBuf, sizeof(ddBuf), offset)) {
514 return kIoError;
515 }
516
517 const uint32_t ddSignature = *(reinterpret_cast<const uint32_t*>(ddBuf));
518 const uint16_t ddOffset = (ddSignature == DataDescriptor::kOptSignature) ? 4 : 0;
519 const DataDescriptor* descriptor = reinterpret_cast<const DataDescriptor*>(ddBuf + ddOffset);
520
521 // Validate that the values in the data descriptor match those in the central
522 // directory.
523 if (entry->compressed_length != descriptor->compressed_size ||
524 entry->uncompressed_length != descriptor->uncompressed_size ||
525 entry->crc32 != descriptor->crc32) {
526 ALOGW("Zip: size/crc32 mismatch. expected {%" PRIu32 ", %" PRIu32 ", %" PRIx32
527 "}, was {%" PRIu32 ", %" PRIu32 ", %" PRIx32 "}",
528 entry->compressed_length, entry->uncompressed_length, entry->crc32,
529 descriptor->compressed_size, descriptor->uncompressed_size, descriptor->crc32);
530 return kInconsistentInformation;
531 }
532
533 return 0;
534 }
535
FindEntry(const ZipArchive * archive,const int32_t ent,ZipEntry * data)536 static int32_t FindEntry(const ZipArchive* archive, const int32_t ent, ZipEntry* data) {
537 const uint16_t nameLen = archive->hash_table[ent].name_length;
538
539 // Recover the start of the central directory entry from the filename
540 // pointer. The filename is the first entry past the fixed-size data,
541 // so we can just subtract back from that.
542 const uint8_t* base_ptr = archive->central_directory.GetBasePtr();
543 const uint8_t* ptr = base_ptr + archive->hash_table[ent].name_offset;
544 ptr -= sizeof(CentralDirectoryRecord);
545
546 // This is the base of our mmapped region, we have to sanity check that
547 // the name that's in the hash table is a pointer to a location within
548 // this mapped region.
549 if (ptr < base_ptr || ptr > base_ptr + archive->central_directory.GetMapLength()) {
550 ALOGW("Zip: Invalid entry pointer");
551 return kInvalidOffset;
552 }
553
554 const CentralDirectoryRecord* cdr = reinterpret_cast<const CentralDirectoryRecord*>(ptr);
555
556 // The offset of the start of the central directory in the zipfile.
557 // We keep this lying around so that we can sanity check all our lengths
558 // and our per-file structures.
559 const off64_t cd_offset = archive->directory_offset;
560
561 // Fill out the compression method, modification time, crc32
562 // and other interesting attributes from the central directory. These
563 // will later be compared against values from the local file header.
564 data->method = cdr->compression_method;
565 data->mod_time = cdr->last_mod_date << 16 | cdr->last_mod_time;
566 data->crc32 = cdr->crc32;
567 data->compressed_length = cdr->compressed_size;
568 data->uncompressed_length = cdr->uncompressed_size;
569
570 // Figure out the local header offset from the central directory. The
571 // actual file data will begin after the local header and the name /
572 // extra comments.
573 const off64_t local_header_offset = cdr->local_file_header_offset;
574 if (local_header_offset + static_cast<off64_t>(sizeof(LocalFileHeader)) >= cd_offset) {
575 ALOGW("Zip: bad local hdr offset in zip");
576 return kInvalidOffset;
577 }
578
579 uint8_t lfh_buf[sizeof(LocalFileHeader)];
580 if (!archive->mapped_zip.ReadAtOffset(lfh_buf, sizeof(lfh_buf), local_header_offset)) {
581 ALOGW("Zip: failed reading lfh name from offset %" PRId64,
582 static_cast<int64_t>(local_header_offset));
583 return kIoError;
584 }
585
586 const LocalFileHeader* lfh = reinterpret_cast<const LocalFileHeader*>(lfh_buf);
587
588 if (lfh->lfh_signature != LocalFileHeader::kSignature) {
589 ALOGW("Zip: didn't find signature at start of lfh, offset=%" PRId64,
590 static_cast<int64_t>(local_header_offset));
591 return kInvalidOffset;
592 }
593
594 // Paranoia: Match the values specified in the local file header
595 // to those specified in the central directory.
596
597 // Warn if central directory and local file header don't agree on the use
598 // of a trailing Data Descriptor. The reference implementation is inconsistent
599 // and appears to use the LFH value during extraction (unzip) but the CD value
600 // while displayng information about archives (zipinfo). The spec remains
601 // silent on this inconsistency as well.
602 //
603 // For now, always use the version from the LFH but make sure that the values
604 // specified in the central directory match those in the data descriptor.
605 //
606 // NOTE: It's also worth noting that unzip *does* warn about inconsistencies in
607 // bit 11 (EFS: The language encoding flag, marking that filename and comment are
608 // encoded using UTF-8). This implementation does not check for the presence of
609 // that flag and always enforces that entry names are valid UTF-8.
610 if ((lfh->gpb_flags & kGPBDDFlagMask) != (cdr->gpb_flags & kGPBDDFlagMask)) {
611 ALOGW("Zip: gpb flag mismatch at bit 3. expected {%04" PRIx16 "}, was {%04" PRIx16 "}",
612 cdr->gpb_flags, lfh->gpb_flags);
613 }
614
615 // If there is no trailing data descriptor, verify that the central directory and local file
616 // header agree on the crc, compressed, and uncompressed sizes of the entry.
617 if ((lfh->gpb_flags & kGPBDDFlagMask) == 0) {
618 data->has_data_descriptor = 0;
619 if (data->compressed_length != lfh->compressed_size ||
620 data->uncompressed_length != lfh->uncompressed_size || data->crc32 != lfh->crc32) {
621 ALOGW("Zip: size/crc32 mismatch. expected {%" PRIu32 ", %" PRIu32 ", %" PRIx32
622 "}, was {%" PRIu32 ", %" PRIu32 ", %" PRIx32 "}",
623 data->compressed_length, data->uncompressed_length, data->crc32, lfh->compressed_size,
624 lfh->uncompressed_size, lfh->crc32);
625 return kInconsistentInformation;
626 }
627 } else {
628 data->has_data_descriptor = 1;
629 }
630
631 // 4.4.2.1: the upper byte of `version_made_by` gives the source OS. Unix is 3.
632 data->version_made_by = cdr->version_made_by;
633 data->external_file_attributes = cdr->external_file_attributes;
634 if ((data->version_made_by >> 8) == 3) {
635 data->unix_mode = (cdr->external_file_attributes >> 16) & 0xffff;
636 } else {
637 data->unix_mode = 0777;
638 }
639
640 // 4.4.4: general purpose bit flags.
641 data->gpbf = lfh->gpb_flags;
642
643 // 4.4.14: the lowest bit of the internal file attributes field indicates text.
644 // Currently only needed to implement zipinfo.
645 data->is_text = (cdr->internal_file_attributes & 1);
646
647 // Check that the local file header name matches the declared
648 // name in the central directory.
649 if (lfh->file_name_length != nameLen) {
650 ALOGW("Zip: lfh name length did not match central directory");
651 return kInconsistentInformation;
652 }
653 const off64_t name_offset = local_header_offset + sizeof(LocalFileHeader);
654 if (name_offset + lfh->file_name_length > cd_offset) {
655 ALOGW("Zip: lfh name has invalid declared length");
656 return kInvalidOffset;
657 }
658 std::vector<uint8_t> name_buf(nameLen);
659 if (!archive->mapped_zip.ReadAtOffset(name_buf.data(), nameLen, name_offset)) {
660 ALOGW("Zip: failed reading lfh name from offset %" PRId64, static_cast<int64_t>(name_offset));
661 return kIoError;
662 }
663 const std::string_view entry_name =
664 archive->hash_table[ent].ToStringView(archive->central_directory.GetBasePtr());
665 if (memcmp(entry_name.data(), name_buf.data(), nameLen) != 0) {
666 ALOGW("Zip: lfh name did not match central directory");
667 return kInconsistentInformation;
668 }
669
670 const off64_t data_offset = local_header_offset + sizeof(LocalFileHeader) +
671 lfh->file_name_length + lfh->extra_field_length;
672 if (data_offset > cd_offset) {
673 ALOGW("Zip: bad data offset %" PRId64 " in zip", static_cast<int64_t>(data_offset));
674 return kInvalidOffset;
675 }
676
677 if (static_cast<off64_t>(data_offset + data->compressed_length) > cd_offset) {
678 ALOGW("Zip: bad compressed length in zip (%" PRId64 " + %" PRIu32 " > %" PRId64 ")",
679 static_cast<int64_t>(data_offset), data->compressed_length,
680 static_cast<int64_t>(cd_offset));
681 return kInvalidOffset;
682 }
683
684 if (data->method == kCompressStored &&
685 static_cast<off64_t>(data_offset + data->uncompressed_length) > cd_offset) {
686 ALOGW("Zip: bad uncompressed length in zip (%" PRId64 " + %" PRIu32 " > %" PRId64 ")",
687 static_cast<int64_t>(data_offset), data->uncompressed_length,
688 static_cast<int64_t>(cd_offset));
689 return kInvalidOffset;
690 }
691
692 data->offset = data_offset;
693 return 0;
694 }
695
696 struct IterationHandle {
697 ZipArchive* archive;
698
699 std::string prefix;
700 std::string suffix;
701
702 uint32_t position = 0;
703
IterationHandleIterationHandle704 IterationHandle(ZipArchive* archive, std::string_view in_prefix, std::string_view in_suffix)
705 : archive(archive), prefix(in_prefix), suffix(in_suffix) {}
706 };
707
StartIteration(ZipArchiveHandle archive,void ** cookie_ptr,const std::string_view optional_prefix,const std::string_view optional_suffix)708 int32_t StartIteration(ZipArchiveHandle archive, void** cookie_ptr,
709 const std::string_view optional_prefix,
710 const std::string_view optional_suffix) {
711 if (archive == NULL || archive->hash_table == NULL) {
712 ALOGW("Zip: Invalid ZipArchiveHandle");
713 return kInvalidHandle;
714 }
715
716 if (optional_prefix.size() > static_cast<size_t>(UINT16_MAX) ||
717 optional_suffix.size() > static_cast<size_t>(UINT16_MAX)) {
718 ALOGW("Zip: prefix/suffix too long");
719 return kInvalidEntryName;
720 }
721
722 *cookie_ptr = new IterationHandle(archive, optional_prefix, optional_suffix);
723 return 0;
724 }
725
EndIteration(void * cookie)726 void EndIteration(void* cookie) {
727 delete reinterpret_cast<IterationHandle*>(cookie);
728 }
729
FindEntry(const ZipArchiveHandle archive,const std::string_view entryName,ZipEntry * data)730 int32_t FindEntry(const ZipArchiveHandle archive, const std::string_view entryName,
731 ZipEntry* data) {
732 if (entryName.empty() || entryName.size() > static_cast<size_t>(UINT16_MAX)) {
733 ALOGW("Zip: Invalid filename of length %zu", entryName.size());
734 return kInvalidEntryName;
735 }
736
737 const int64_t ent = EntryToIndex(archive->hash_table, archive->hash_table_size, entryName,
738 archive->central_directory.GetBasePtr());
739 if (ent < 0) {
740 ALOGV("Zip: Could not find entry %.*s", static_cast<int>(entryName.size()), entryName.data());
741 return static_cast<int32_t>(ent); // kEntryNotFound is safe to truncate.
742 }
743 // We know there are at most hash_table_size entries, safe to truncate.
744 return FindEntry(archive, static_cast<uint32_t>(ent), data);
745 }
746
Next(void * cookie,ZipEntry * data,std::string * name)747 int32_t Next(void* cookie, ZipEntry* data, std::string* name) {
748 std::string_view sv;
749 int32_t result = Next(cookie, data, &sv);
750 if (result == 0 && name) {
751 *name = std::string(sv);
752 }
753 return result;
754 }
755
Next(void * cookie,ZipEntry * data,std::string_view * name)756 int32_t Next(void* cookie, ZipEntry* data, std::string_view* name) {
757 IterationHandle* handle = reinterpret_cast<IterationHandle*>(cookie);
758 if (handle == NULL) {
759 ALOGW("Zip: Null ZipArchiveHandle");
760 return kInvalidHandle;
761 }
762
763 ZipArchive* archive = handle->archive;
764 if (archive == NULL || archive->hash_table == NULL) {
765 ALOGW("Zip: Invalid ZipArchiveHandle");
766 return kInvalidHandle;
767 }
768
769 const uint32_t currentOffset = handle->position;
770 const uint32_t hash_table_length = archive->hash_table_size;
771 const ZipStringOffset* hash_table = archive->hash_table;
772 for (uint32_t i = currentOffset; i < hash_table_length; ++i) {
773 const std::string_view entry_name =
774 hash_table[i].ToStringView(archive->central_directory.GetBasePtr());
775 if (hash_table[i].name_offset != 0 && (android::base::StartsWith(entry_name, handle->prefix) &&
776 android::base::EndsWith(entry_name, handle->suffix))) {
777 handle->position = (i + 1);
778 const int error = FindEntry(archive, i, data);
779 if (!error && name) {
780 *name = entry_name;
781 }
782 return error;
783 }
784 }
785
786 handle->position = 0;
787 return kIterationEnd;
788 }
789
790 // A Writer that writes data to a fixed size memory region.
791 // The size of the memory region must be equal to the total size of
792 // the data appended to it.
793 class MemoryWriter : public zip_archive::Writer {
794 public:
MemoryWriter(uint8_t * buf,size_t size)795 MemoryWriter(uint8_t* buf, size_t size) : Writer(), buf_(buf), size_(size), bytes_written_(0) {}
796
Append(uint8_t * buf,size_t buf_size)797 virtual bool Append(uint8_t* buf, size_t buf_size) override {
798 if (bytes_written_ + buf_size > size_) {
799 ALOGW("Zip: Unexpected size %zu (declared) vs %zu (actual)", size_,
800 bytes_written_ + buf_size);
801 return false;
802 }
803
804 memcpy(buf_ + bytes_written_, buf, buf_size);
805 bytes_written_ += buf_size;
806 return true;
807 }
808
809 private:
810 uint8_t* const buf_;
811 const size_t size_;
812 size_t bytes_written_;
813 };
814
815 // A Writer that appends data to a file |fd| at its current position.
816 // The file will be truncated to the end of the written data.
817 class FileWriter : public zip_archive::Writer {
818 public:
819 // Creates a FileWriter for |fd| and prepare to write |entry| to it,
820 // guaranteeing that the file descriptor is valid and that there's enough
821 // space on the volume to write out the entry completely and that the file
822 // is truncated to the correct length (no truncation if |fd| references a
823 // block device).
824 //
825 // Returns a valid FileWriter on success, |nullptr| if an error occurred.
Create(int fd,const ZipEntry * entry)826 static FileWriter Create(int fd, const ZipEntry* entry) {
827 const uint32_t declared_length = entry->uncompressed_length;
828 const off64_t current_offset = lseek64(fd, 0, SEEK_CUR);
829 if (current_offset == -1) {
830 ALOGW("Zip: unable to seek to current location on fd %d: %s", fd, strerror(errno));
831 return FileWriter{};
832 }
833
834 #if defined(__linux__)
835 if (declared_length > 0) {
836 // Make sure we have enough space on the volume to extract the compressed
837 // entry. Note that the call to ftruncate below will change the file size but
838 // will not allocate space on disk and this call to fallocate will not
839 // change the file size.
840 // Note: fallocate is only supported by the following filesystems -
841 // btrfs, ext4, ocfs2, and xfs. Therefore fallocate might fail with
842 // EOPNOTSUPP error when issued in other filesystems.
843 // Hence, check for the return error code before concluding that the
844 // disk does not have enough space.
845 long result = TEMP_FAILURE_RETRY(fallocate(fd, 0, current_offset, declared_length));
846 if (result == -1 && errno == ENOSPC) {
847 ALOGW("Zip: unable to allocate %" PRId64 " bytes at offset %" PRId64 ": %s",
848 static_cast<int64_t>(declared_length), static_cast<int64_t>(current_offset),
849 strerror(errno));
850 return FileWriter{};
851 }
852 }
853 #endif // __linux__
854
855 struct stat sb;
856 if (fstat(fd, &sb) == -1) {
857 ALOGW("Zip: unable to fstat file: %s", strerror(errno));
858 return FileWriter{};
859 }
860
861 // Block device doesn't support ftruncate(2).
862 if (!S_ISBLK(sb.st_mode)) {
863 long result = TEMP_FAILURE_RETRY(ftruncate(fd, declared_length + current_offset));
864 if (result == -1) {
865 ALOGW("Zip: unable to truncate file to %" PRId64 ": %s",
866 static_cast<int64_t>(declared_length + current_offset), strerror(errno));
867 return FileWriter{};
868 }
869 }
870
871 return FileWriter(fd, declared_length);
872 }
873
FileWriter(FileWriter && other)874 FileWriter(FileWriter&& other) noexcept
875 : fd_(other.fd_),
876 declared_length_(other.declared_length_),
877 total_bytes_written_(other.total_bytes_written_) {
878 other.fd_ = -1;
879 }
880
IsValid() const881 bool IsValid() const { return fd_ != -1; }
882
Append(uint8_t * buf,size_t buf_size)883 virtual bool Append(uint8_t* buf, size_t buf_size) override {
884 if (total_bytes_written_ + buf_size > declared_length_) {
885 ALOGW("Zip: Unexpected size %zu (declared) vs %zu (actual)", declared_length_,
886 total_bytes_written_ + buf_size);
887 return false;
888 }
889
890 const bool result = android::base::WriteFully(fd_, buf, buf_size);
891 if (result) {
892 total_bytes_written_ += buf_size;
893 } else {
894 ALOGW("Zip: unable to write %zu bytes to file; %s", buf_size, strerror(errno));
895 }
896
897 return result;
898 }
899
900 private:
FileWriter(const int fd=-1,const size_t declared_length=0)901 explicit FileWriter(const int fd = -1, const size_t declared_length = 0)
902 : Writer(), fd_(fd), declared_length_(declared_length), total_bytes_written_(0) {}
903
904 int fd_;
905 const size_t declared_length_;
906 size_t total_bytes_written_;
907 };
908
909 class EntryReader : public zip_archive::Reader {
910 public:
EntryReader(const MappedZipFile & zip_file,const ZipEntry * entry)911 EntryReader(const MappedZipFile& zip_file, const ZipEntry* entry)
912 : Reader(), zip_file_(zip_file), entry_(entry) {}
913
ReadAtOffset(uint8_t * buf,size_t len,uint32_t offset) const914 virtual bool ReadAtOffset(uint8_t* buf, size_t len, uint32_t offset) const {
915 return zip_file_.ReadAtOffset(buf, len, entry_->offset + offset);
916 }
917
~EntryReader()918 virtual ~EntryReader() {}
919
920 private:
921 const MappedZipFile& zip_file_;
922 const ZipEntry* entry_;
923 };
924
925 // This method is using libz macros with old-style-casts
926 #pragma GCC diagnostic push
927 #pragma GCC diagnostic ignored "-Wold-style-cast"
zlib_inflateInit2(z_stream * stream,int window_bits)928 static inline int zlib_inflateInit2(z_stream* stream, int window_bits) {
929 return inflateInit2(stream, window_bits);
930 }
931 #pragma GCC diagnostic pop
932
933 namespace zip_archive {
934
935 // Moved out of line to avoid -Wweak-vtables.
~Reader()936 Reader::~Reader() {}
~Writer()937 Writer::~Writer() {}
938
Inflate(const Reader & reader,const uint32_t compressed_length,const uint32_t uncompressed_length,Writer * writer,uint64_t * crc_out)939 int32_t Inflate(const Reader& reader, const uint32_t compressed_length,
940 const uint32_t uncompressed_length, Writer* writer, uint64_t* crc_out) {
941 const size_t kBufSize = 32768;
942 std::vector<uint8_t> read_buf(kBufSize);
943 std::vector<uint8_t> write_buf(kBufSize);
944 z_stream zstream;
945 int zerr;
946
947 /*
948 * Initialize the zlib stream struct.
949 */
950 memset(&zstream, 0, sizeof(zstream));
951 zstream.zalloc = Z_NULL;
952 zstream.zfree = Z_NULL;
953 zstream.opaque = Z_NULL;
954 zstream.next_in = NULL;
955 zstream.avail_in = 0;
956 zstream.next_out = &write_buf[0];
957 zstream.avail_out = kBufSize;
958 zstream.data_type = Z_UNKNOWN;
959
960 /*
961 * Use the undocumented "negative window bits" feature to tell zlib
962 * that there's no zlib header waiting for it.
963 */
964 zerr = zlib_inflateInit2(&zstream, -MAX_WBITS);
965 if (zerr != Z_OK) {
966 if (zerr == Z_VERSION_ERROR) {
967 ALOGE("Installed zlib is not compatible with linked version (%s)", ZLIB_VERSION);
968 } else {
969 ALOGW("Call to inflateInit2 failed (zerr=%d)", zerr);
970 }
971
972 return kZlibError;
973 }
974
975 auto zstream_deleter = [](z_stream* stream) {
976 inflateEnd(stream); /* free up any allocated structures */
977 };
978
979 std::unique_ptr<z_stream, decltype(zstream_deleter)> zstream_guard(&zstream, zstream_deleter);
980
981 const bool compute_crc = (crc_out != nullptr);
982 uLong crc = 0;
983 uint32_t remaining_bytes = compressed_length;
984 do {
985 /* read as much as we can */
986 if (zstream.avail_in == 0) {
987 const uint32_t read_size = (remaining_bytes > kBufSize) ? kBufSize : remaining_bytes;
988 const uint32_t offset = (compressed_length - remaining_bytes);
989 // Make sure to read at offset to ensure concurrent access to the fd.
990 if (!reader.ReadAtOffset(read_buf.data(), read_size, offset)) {
991 ALOGW("Zip: inflate read failed, getSize = %u: %s", read_size, strerror(errno));
992 return kIoError;
993 }
994
995 remaining_bytes -= read_size;
996
997 zstream.next_in = &read_buf[0];
998 zstream.avail_in = read_size;
999 }
1000
1001 /* uncompress the data */
1002 zerr = inflate(&zstream, Z_NO_FLUSH);
1003 if (zerr != Z_OK && zerr != Z_STREAM_END) {
1004 ALOGW("Zip: inflate zerr=%d (nIn=%p aIn=%u nOut=%p aOut=%u)", zerr, zstream.next_in,
1005 zstream.avail_in, zstream.next_out, zstream.avail_out);
1006 return kZlibError;
1007 }
1008
1009 /* write when we're full or when we're done */
1010 if (zstream.avail_out == 0 || (zerr == Z_STREAM_END && zstream.avail_out != kBufSize)) {
1011 const size_t write_size = zstream.next_out - &write_buf[0];
1012 if (!writer->Append(&write_buf[0], write_size)) {
1013 return kIoError;
1014 } else if (compute_crc) {
1015 DCHECK_LE(write_size, kBufSize);
1016 crc = crc32(crc, &write_buf[0], static_cast<uint32_t>(write_size));
1017 }
1018
1019 zstream.next_out = &write_buf[0];
1020 zstream.avail_out = kBufSize;
1021 }
1022 } while (zerr == Z_OK);
1023
1024 CHECK_EQ(zerr, Z_STREAM_END); /* other errors should've been caught */
1025
1026 // NOTE: zstream.adler is always set to 0, because we're using the -MAX_WBITS
1027 // "feature" of zlib to tell it there won't be a zlib file header. zlib
1028 // doesn't bother calculating the checksum in that scenario. We just do
1029 // it ourselves above because there are no additional gains to be made by
1030 // having zlib calculate it for us, since they do it by calling crc32 in
1031 // the same manner that we have above.
1032 if (compute_crc) {
1033 *crc_out = crc;
1034 }
1035
1036 if (zstream.total_out != uncompressed_length || remaining_bytes != 0) {
1037 ALOGW("Zip: size mismatch on inflated file (%lu vs %" PRIu32 ")", zstream.total_out,
1038 uncompressed_length);
1039 return kInconsistentInformation;
1040 }
1041
1042 return 0;
1043 }
1044 } // namespace zip_archive
1045
InflateEntryToWriter(MappedZipFile & mapped_zip,const ZipEntry * entry,zip_archive::Writer * writer,uint64_t * crc_out)1046 static int32_t InflateEntryToWriter(MappedZipFile& mapped_zip, const ZipEntry* entry,
1047 zip_archive::Writer* writer, uint64_t* crc_out) {
1048 const EntryReader reader(mapped_zip, entry);
1049
1050 return zip_archive::Inflate(reader, entry->compressed_length, entry->uncompressed_length, writer,
1051 crc_out);
1052 }
1053
CopyEntryToWriter(MappedZipFile & mapped_zip,const ZipEntry * entry,zip_archive::Writer * writer,uint64_t * crc_out)1054 static int32_t CopyEntryToWriter(MappedZipFile& mapped_zip, const ZipEntry* entry,
1055 zip_archive::Writer* writer, uint64_t* crc_out) {
1056 static const uint32_t kBufSize = 32768;
1057 std::vector<uint8_t> buf(kBufSize);
1058
1059 const uint32_t length = entry->uncompressed_length;
1060 uint32_t count = 0;
1061 uLong crc = 0;
1062 while (count < length) {
1063 uint32_t remaining = length - count;
1064 off64_t offset = entry->offset + count;
1065
1066 // Safe conversion because kBufSize is narrow enough for a 32 bit signed value.
1067 const uint32_t block_size = (remaining > kBufSize) ? kBufSize : remaining;
1068
1069 // Make sure to read at offset to ensure concurrent access to the fd.
1070 if (!mapped_zip.ReadAtOffset(buf.data(), block_size, offset)) {
1071 ALOGW("CopyFileToFile: copy read failed, block_size = %u, offset = %" PRId64 ": %s",
1072 block_size, static_cast<int64_t>(offset), strerror(errno));
1073 return kIoError;
1074 }
1075
1076 if (!writer->Append(&buf[0], block_size)) {
1077 return kIoError;
1078 }
1079 if (crc_out) {
1080 crc = crc32(crc, &buf[0], block_size);
1081 }
1082 count += block_size;
1083 }
1084
1085 if (crc_out) {
1086 *crc_out = crc;
1087 }
1088
1089 return 0;
1090 }
1091
ExtractToWriter(ZipArchiveHandle archive,ZipEntry * entry,zip_archive::Writer * writer)1092 int32_t ExtractToWriter(ZipArchiveHandle archive, ZipEntry* entry, zip_archive::Writer* writer) {
1093 const uint16_t method = entry->method;
1094
1095 // this should default to kUnknownCompressionMethod.
1096 int32_t return_value = -1;
1097 uint64_t crc = 0;
1098 if (method == kCompressStored) {
1099 return_value =
1100 CopyEntryToWriter(archive->mapped_zip, entry, writer, kCrcChecksEnabled ? &crc : nullptr);
1101 } else if (method == kCompressDeflated) {
1102 return_value = InflateEntryToWriter(archive->mapped_zip, entry, writer,
1103 kCrcChecksEnabled ? &crc : nullptr);
1104 }
1105
1106 if (!return_value && entry->has_data_descriptor) {
1107 return_value = ValidateDataDescriptor(archive->mapped_zip, entry);
1108 if (return_value) {
1109 return return_value;
1110 }
1111 }
1112
1113 // Validate that the CRC matches the calculated value.
1114 if (kCrcChecksEnabled && (entry->crc32 != static_cast<uint32_t>(crc))) {
1115 ALOGW("Zip: crc mismatch: expected %" PRIu32 ", was %" PRIu64, entry->crc32, crc);
1116 return kInconsistentInformation;
1117 }
1118
1119 return return_value;
1120 }
1121
ExtractToMemory(ZipArchiveHandle archive,ZipEntry * entry,uint8_t * begin,uint32_t size)1122 int32_t ExtractToMemory(ZipArchiveHandle archive, ZipEntry* entry, uint8_t* begin, uint32_t size) {
1123 MemoryWriter writer(begin, size);
1124 return ExtractToWriter(archive, entry, &writer);
1125 }
1126
ExtractEntryToFile(ZipArchiveHandle archive,ZipEntry * entry,int fd)1127 int32_t ExtractEntryToFile(ZipArchiveHandle archive, ZipEntry* entry, int fd) {
1128 auto writer = FileWriter::Create(fd, entry);
1129 if (!writer.IsValid()) {
1130 return kIoError;
1131 }
1132
1133 return ExtractToWriter(archive, entry, &writer);
1134 }
1135
ErrorCodeString(int32_t error_code)1136 const char* ErrorCodeString(int32_t error_code) {
1137 // Make sure that the number of entries in kErrorMessages and ErrorCodes
1138 // match.
1139 static_assert((-kLastErrorCode + 1) == arraysize(kErrorMessages),
1140 "(-kLastErrorCode + 1) != arraysize(kErrorMessages)");
1141
1142 const uint32_t idx = -error_code;
1143 if (idx < arraysize(kErrorMessages)) {
1144 return kErrorMessages[idx];
1145 }
1146
1147 return "Unknown return code";
1148 }
1149
GetFileDescriptor(const ZipArchiveHandle archive)1150 int GetFileDescriptor(const ZipArchiveHandle archive) {
1151 return archive->mapped_zip.GetFileDescriptor();
1152 }
1153
GetFileDescriptorOffset(const ZipArchiveHandle archive)1154 off64_t GetFileDescriptorOffset(const ZipArchiveHandle archive) {
1155 return archive->mapped_zip.GetFileOffset();
1156 }
1157
1158 #if !defined(_WIN32)
1159 class ProcessWriter : public zip_archive::Writer {
1160 public:
ProcessWriter(ProcessZipEntryFunction func,void * cookie)1161 ProcessWriter(ProcessZipEntryFunction func, void* cookie)
1162 : Writer(), proc_function_(func), cookie_(cookie) {}
1163
Append(uint8_t * buf,size_t buf_size)1164 virtual bool Append(uint8_t* buf, size_t buf_size) override {
1165 return proc_function_(buf, buf_size, cookie_);
1166 }
1167
1168 private:
1169 ProcessZipEntryFunction proc_function_;
1170 void* cookie_;
1171 };
1172
ProcessZipEntryContents(ZipArchiveHandle archive,ZipEntry * entry,ProcessZipEntryFunction func,void * cookie)1173 int32_t ProcessZipEntryContents(ZipArchiveHandle archive, ZipEntry* entry,
1174 ProcessZipEntryFunction func, void* cookie) {
1175 ProcessWriter writer(func, cookie);
1176 return ExtractToWriter(archive, entry, &writer);
1177 }
1178
1179 #endif //! defined(_WIN32)
1180
GetFileDescriptor() const1181 int MappedZipFile::GetFileDescriptor() const {
1182 if (!has_fd_) {
1183 ALOGW("Zip: MappedZipFile doesn't have a file descriptor.");
1184 return -1;
1185 }
1186 return fd_;
1187 }
1188
GetBasePtr() const1189 const void* MappedZipFile::GetBasePtr() const {
1190 if (has_fd_) {
1191 ALOGW("Zip: MappedZipFile doesn't have a base pointer.");
1192 return nullptr;
1193 }
1194 return base_ptr_;
1195 }
1196
GetFileOffset() const1197 off64_t MappedZipFile::GetFileOffset() const {
1198 return fd_offset_;
1199 }
1200
GetFileLength() const1201 off64_t MappedZipFile::GetFileLength() const {
1202 if (has_fd_) {
1203 if (data_length_ != -1) {
1204 return data_length_;
1205 }
1206 data_length_ = lseek64(fd_, 0, SEEK_END);
1207 if (data_length_ == -1) {
1208 ALOGE("Zip: lseek on fd %d failed: %s", fd_, strerror(errno));
1209 }
1210 return data_length_;
1211 } else {
1212 if (base_ptr_ == nullptr) {
1213 ALOGE("Zip: invalid file map");
1214 return -1;
1215 }
1216 return data_length_;
1217 }
1218 }
1219
1220 // Attempts to read |len| bytes into |buf| at offset |off|.
ReadAtOffset(uint8_t * buf,size_t len,off64_t off) const1221 bool MappedZipFile::ReadAtOffset(uint8_t* buf, size_t len, off64_t off) const {
1222 if (has_fd_) {
1223 if (off < 0) {
1224 ALOGE("Zip: invalid offset %" PRId64, off);
1225 return false;
1226 }
1227
1228 off64_t read_offset;
1229 if (__builtin_add_overflow(fd_offset_, off, &read_offset)) {
1230 ALOGE("Zip: invalid read offset %" PRId64 " overflows, fd offset %" PRId64, off, fd_offset_);
1231 return false;
1232 }
1233
1234 if (data_length_ != -1) {
1235 off64_t read_end;
1236 if (len > std::numeric_limits<off64_t>::max() ||
1237 __builtin_add_overflow(off, static_cast<off64_t>(len), &read_end)) {
1238 ALOGE("Zip: invalid read length %" PRId64 " overflows, offset %" PRId64,
1239 static_cast<off64_t>(len), off);
1240 return false;
1241 }
1242
1243 if (read_end > data_length_) {
1244 ALOGE("Zip: invalid read length %" PRId64 " exceeds data length %" PRId64 ", offset %"
1245 PRId64, static_cast<off64_t>(len), data_length_, off);
1246 return false;
1247 }
1248 }
1249
1250 if (!android::base::ReadFullyAtOffset(fd_, buf, len, read_offset)) {
1251 ALOGE("Zip: failed to read at offset %" PRId64, off);
1252 return false;
1253 }
1254 } else {
1255 if (off < 0 || off > data_length_) {
1256 ALOGE("Zip: invalid offset: %" PRId64 ", data length: %" PRId64, off, data_length_);
1257 return false;
1258 }
1259 memcpy(buf, static_cast<const uint8_t*>(base_ptr_) + off, len);
1260 }
1261 return true;
1262 }
1263
Initialize(const void * map_base_ptr,off64_t cd_start_offset,size_t cd_size)1264 void CentralDirectory::Initialize(const void* map_base_ptr, off64_t cd_start_offset,
1265 size_t cd_size) {
1266 base_ptr_ = static_cast<const uint8_t*>(map_base_ptr) + cd_start_offset;
1267 length_ = cd_size;
1268 }
1269
InitializeCentralDirectory(off64_t cd_start_offset,size_t cd_size)1270 bool ZipArchive::InitializeCentralDirectory(off64_t cd_start_offset, size_t cd_size) {
1271 if (mapped_zip.HasFd()) {
1272 directory_map = android::base::MappedFile::FromFd(mapped_zip.GetFileDescriptor(),
1273 mapped_zip.GetFileOffset() + cd_start_offset,
1274 cd_size, PROT_READ);
1275 if (!directory_map) {
1276 ALOGE("Zip: failed to map central directory (offset %" PRId64 ", size %zu): %s",
1277 cd_start_offset, cd_size, strerror(errno));
1278 return false;
1279 }
1280
1281 CHECK_EQ(directory_map->size(), cd_size);
1282 central_directory.Initialize(directory_map->data(), 0 /*offset*/, cd_size);
1283 } else {
1284 if (mapped_zip.GetBasePtr() == nullptr) {
1285 ALOGE("Zip: Failed to map central directory, bad mapped_zip base pointer");
1286 return false;
1287 }
1288 if (static_cast<off64_t>(cd_start_offset) + static_cast<off64_t>(cd_size) >
1289 mapped_zip.GetFileLength()) {
1290 ALOGE(
1291 "Zip: Failed to map central directory, offset exceeds mapped memory region ("
1292 "start_offset %" PRId64 ", cd_size %zu, mapped_region_size %" PRId64 ")",
1293 static_cast<int64_t>(cd_start_offset), cd_size, mapped_zip.GetFileLength());
1294 return false;
1295 }
1296
1297 central_directory.Initialize(mapped_zip.GetBasePtr(), cd_start_offset, cd_size);
1298 }
1299 return true;
1300 }
1301
1302 // This function returns the embedded timestamp as is; and doesn't perform validations.
GetModificationTime() const1303 tm ZipEntry::GetModificationTime() const {
1304 tm t = {};
1305
1306 t.tm_hour = (mod_time >> 11) & 0x1f;
1307 t.tm_min = (mod_time >> 5) & 0x3f;
1308 t.tm_sec = (mod_time & 0x1f) << 1;
1309
1310 t.tm_year = ((mod_time >> 25) & 0x7f) + 80;
1311 t.tm_mon = ((mod_time >> 21) & 0xf) - 1;
1312 t.tm_mday = (mod_time >> 16) & 0x1f;
1313
1314 return t;
1315 }
1316