1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "zip_archive.h"
18
19 #include <vector>
20
21 #include <fcntl.h>
22 #include <sys/stat.h>
23 #include <sys/types.h>
24 #include <unistd.h>
25
26 #include "base/unix_file/fd_file.h"
27 #include "UniquePtr.h"
28
29 namespace art {
30
31 static const size_t kBufSize = 32 * KB;
32
33 // Get 2 little-endian bytes.
Le16ToHost(const byte * src)34 static uint32_t Le16ToHost(const byte* src) {
35 return ((src[0] << 0) |
36 (src[1] << 8));
37 }
38
39 // Get 4 little-endian bytes.
Le32ToHost(const byte * src)40 static uint32_t Le32ToHost(const byte* src) {
41 return ((src[0] << 0) |
42 (src[1] << 8) |
43 (src[2] << 16) |
44 (src[3] << 24));
45 }
46
GetCompressionMethod()47 uint16_t ZipEntry::GetCompressionMethod() {
48 return Le16ToHost(ptr_ + ZipArchive::kCDEMethod);
49 }
50
GetCompressedLength()51 uint32_t ZipEntry::GetCompressedLength() {
52 return Le32ToHost(ptr_ + ZipArchive::kCDECompLen);
53 }
54
GetUncompressedLength()55 uint32_t ZipEntry::GetUncompressedLength() {
56 return Le32ToHost(ptr_ + ZipArchive::kCDEUncompLen);
57 }
58
GetCrc32()59 uint32_t ZipEntry::GetCrc32() {
60 return Le32ToHost(ptr_ + ZipArchive::kCDECRC);
61 }
62
GetDataOffset()63 off64_t ZipEntry::GetDataOffset() {
64 // All we have is the offset to the Local File Header, which is
65 // variable size, so we have to read the contents of the struct to
66 // figure out where the actual data starts.
67
68 // We also need to make sure that the lengths are not so large that
69 // somebody trying to map the compressed or uncompressed data runs
70 // off the end of the mapped region.
71
72 off64_t dir_offset = zip_archive_->dir_offset_;
73 int64_t lfh_offset = Le32ToHost(ptr_ + ZipArchive::kCDELocalOffset);
74 if (lfh_offset + ZipArchive::kLFHLen >= dir_offset) {
75 LOG(WARNING) << "Zip: bad LFH offset in zip";
76 return -1;
77 }
78
79 if (lseek64(zip_archive_->fd_, lfh_offset, SEEK_SET) != lfh_offset) {
80 PLOG(WARNING) << "Zip: failed seeking to LFH at offset " << lfh_offset;
81 return -1;
82 }
83
84 uint8_t lfh_buf[ZipArchive::kLFHLen];
85 ssize_t actual = TEMP_FAILURE_RETRY(read(zip_archive_->fd_, lfh_buf, sizeof(lfh_buf)));
86 if (actual != sizeof(lfh_buf)) {
87 LOG(WARNING) << "Zip: failed reading LFH from offset " << lfh_offset;
88 return -1;
89 }
90
91 if (Le32ToHost(lfh_buf) != ZipArchive::kLFHSignature) {
92 LOG(WARNING) << "Zip: didn't find signature at start of LFH, offset " << lfh_offset;
93 return -1;
94 }
95
96 uint32_t gpbf = Le16ToHost(lfh_buf + ZipArchive::kLFHGPBFlags);
97 if ((gpbf & ZipArchive::kGPFUnsupportedMask) != 0) {
98 LOG(WARNING) << "Invalid General Purpose Bit Flag: " << gpbf;
99 return -1;
100 }
101
102 off64_t data_offset = (lfh_offset + ZipArchive::kLFHLen
103 + Le16ToHost(lfh_buf + ZipArchive::kLFHNameLen)
104 + Le16ToHost(lfh_buf + ZipArchive::kLFHExtraLen));
105 if (data_offset >= dir_offset) {
106 LOG(WARNING) << "Zip: bad data offset " << data_offset << " in zip";
107 return -1;
108 }
109
110 // check lengths
111
112 if (static_cast<off64_t>(data_offset + GetCompressedLength()) > dir_offset) {
113 LOG(WARNING) << "Zip: bad compressed length in zip "
114 << "(" << data_offset << " + " << GetCompressedLength()
115 << " > " << dir_offset << ")";
116 return -1;
117 }
118
119 if (GetCompressionMethod() == kCompressStored
120 && static_cast<off64_t>(data_offset + GetUncompressedLength()) > dir_offset) {
121 LOG(WARNING) << "Zip: bad uncompressed length in zip "
122 << "(" << data_offset << " + " << GetUncompressedLength()
123 << " > " << dir_offset << ")";
124 return -1;
125 }
126
127 return data_offset;
128 }
129
CopyFdToMemory(uint8_t * begin,size_t size,int in,size_t count)130 static bool CopyFdToMemory(uint8_t* begin, size_t size, int in, size_t count) {
131 uint8_t* dst = begin;
132 std::vector<uint8_t> buf(kBufSize);
133 while (count != 0) {
134 size_t bytes_to_read = (count > kBufSize) ? kBufSize : count;
135 ssize_t actual = TEMP_FAILURE_RETRY(read(in, &buf[0], bytes_to_read));
136 if (actual != static_cast<ssize_t>(bytes_to_read)) {
137 PLOG(WARNING) << "Zip: short read";
138 return false;
139 }
140 memcpy(dst, &buf[0], bytes_to_read);
141 dst += bytes_to_read;
142 count -= bytes_to_read;
143 }
144 DCHECK_EQ(dst, begin + size);
145 return true;
146 }
147
148 class ZStream {
149 public:
ZStream(byte * write_buf,size_t write_buf_size)150 ZStream(byte* write_buf, size_t write_buf_size) {
151 // Initialize the zlib stream struct.
152 memset(&zstream_, 0, sizeof(zstream_));
153 zstream_.zalloc = Z_NULL;
154 zstream_.zfree = Z_NULL;
155 zstream_.opaque = Z_NULL;
156 zstream_.next_in = NULL;
157 zstream_.avail_in = 0;
158 zstream_.next_out = reinterpret_cast<Bytef*>(write_buf);
159 zstream_.avail_out = write_buf_size;
160 zstream_.data_type = Z_UNKNOWN;
161 }
162
Get()163 z_stream& Get() {
164 return zstream_;
165 }
166
~ZStream()167 ~ZStream() {
168 inflateEnd(&zstream_);
169 }
170 private:
171 z_stream zstream_;
172 };
173
InflateToMemory(uint8_t * begin,size_t size,int in,size_t uncompressed_length,size_t compressed_length)174 static bool InflateToMemory(uint8_t* begin, size_t size,
175 int in, size_t uncompressed_length, size_t compressed_length) {
176 uint8_t* dst = begin;
177 UniquePtr<uint8_t[]> read_buf(new uint8_t[kBufSize]);
178 UniquePtr<uint8_t[]> write_buf(new uint8_t[kBufSize]);
179 if (read_buf.get() == NULL || write_buf.get() == NULL) {
180 LOG(WARNING) << "Zip: failed to allocate buffer to inflate";
181 return false;
182 }
183
184 UniquePtr<ZStream> zstream(new ZStream(write_buf.get(), kBufSize));
185
186 // Use the undocumented "negative window bits" feature to tell zlib
187 // that there's no zlib header waiting for it.
188 int zerr = inflateInit2(&zstream->Get(), -MAX_WBITS);
189 if (zerr != Z_OK) {
190 if (zerr == Z_VERSION_ERROR) {
191 LOG(ERROR) << "Installed zlib is not compatible with linked version (" << ZLIB_VERSION << ")";
192 } else {
193 LOG(WARNING) << "Call to inflateInit2 failed (zerr=" << zerr << ")";
194 }
195 return false;
196 }
197
198 size_t remaining = compressed_length;
199 do {
200 // read as much as we can
201 if (zstream->Get().avail_in == 0) {
202 size_t bytes_to_read = (remaining > kBufSize) ? kBufSize : remaining;
203
204 ssize_t actual = TEMP_FAILURE_RETRY(read(in, read_buf.get(), bytes_to_read));
205 if (actual != static_cast<ssize_t>(bytes_to_read)) {
206 LOG(WARNING) << "Zip: inflate read failed (" << actual << " vs " << bytes_to_read << ")";
207 return false;
208 }
209 remaining -= bytes_to_read;
210 zstream->Get().next_in = read_buf.get();
211 zstream->Get().avail_in = bytes_to_read;
212 }
213
214 // uncompress the data
215 zerr = inflate(&zstream->Get(), Z_NO_FLUSH);
216 if (zerr != Z_OK && zerr != Z_STREAM_END) {
217 LOG(WARNING) << "Zip: inflate zerr=" << zerr
218 << " (next_in=" << zstream->Get().next_in
219 << " avail_in=" << zstream->Get().avail_in
220 << " next_out=" << zstream->Get().next_out
221 << " avail_out=" << zstream->Get().avail_out
222 << ")";
223 return false;
224 }
225
226 // write when we're full or when we're done
227 if (zstream->Get().avail_out == 0 ||
228 (zerr == Z_STREAM_END && zstream->Get().avail_out != kBufSize)) {
229 size_t bytes_to_write = zstream->Get().next_out - write_buf.get();
230 memcpy(dst, write_buf.get(), bytes_to_write);
231 dst += bytes_to_write;
232 zstream->Get().next_out = write_buf.get();
233 zstream->Get().avail_out = kBufSize;
234 }
235 } while (zerr == Z_OK);
236
237 DCHECK_EQ(zerr, Z_STREAM_END); // other errors should've been caught
238
239 // paranoia
240 if (zstream->Get().total_out != uncompressed_length) {
241 LOG(WARNING) << "Zip: size mismatch on inflated file ("
242 << zstream->Get().total_out << " vs " << uncompressed_length << ")";
243 return false;
244 }
245
246 DCHECK_EQ(dst, begin + size);
247 return true;
248 }
249
ExtractToFile(File & file)250 bool ZipEntry::ExtractToFile(File& file) {
251 uint32_t length = GetUncompressedLength();
252 int result = TEMP_FAILURE_RETRY(ftruncate(file.Fd(), length));
253 if (result == -1) {
254 PLOG(WARNING) << "Zip: failed to ftruncate " << file.GetPath() << " to length " << length;
255 return false;
256 }
257
258 UniquePtr<MemMap> map(MemMap::MapFile(length, PROT_READ | PROT_WRITE, MAP_SHARED, file.Fd(), 0));
259 if (map.get() == NULL) {
260 LOG(WARNING) << "Zip: failed to mmap space for " << file.GetPath();
261 return false;
262 }
263
264 return ExtractToMemory(map->Begin(), map->Size());
265 }
266
ExtractToMemory(uint8_t * begin,size_t size)267 bool ZipEntry::ExtractToMemory(uint8_t* begin, size_t size) {
268 // If size is zero, data offset will be meaningless, so bail out early.
269 if (size == 0) {
270 return true;
271 }
272 off64_t data_offset = GetDataOffset();
273 if (data_offset == -1) {
274 LOG(WARNING) << "Zip: data_offset=" << data_offset;
275 return false;
276 }
277 if (lseek64(zip_archive_->fd_, data_offset, SEEK_SET) != data_offset) {
278 PLOG(WARNING) << "Zip: lseek to data at " << data_offset << " failed";
279 return false;
280 }
281
282 // TODO: this doesn't verify the data's CRC, but probably should (especially
283 // for uncompressed data).
284 switch (GetCompressionMethod()) {
285 case kCompressStored:
286 return CopyFdToMemory(begin, size, zip_archive_->fd_, GetUncompressedLength());
287 case kCompressDeflated:
288 return InflateToMemory(begin, size, zip_archive_->fd_,
289 GetUncompressedLength(), GetCompressedLength());
290 default:
291 LOG(WARNING) << "Zip: unknown compression method " << std::hex << GetCompressionMethod();
292 return false;
293 }
294 }
295
ExtractToMemMap(const char * entry_filename)296 MemMap* ZipEntry::ExtractToMemMap(const char* entry_filename) {
297 std::string name(entry_filename);
298 name += " extracted in memory from ";
299 name += entry_filename;
300 UniquePtr<MemMap> map(MemMap::MapAnonymous(name.c_str(),
301 NULL,
302 GetUncompressedLength(),
303 PROT_READ | PROT_WRITE));
304 if (map.get() == NULL) {
305 LOG(ERROR) << "Zip: mmap for '" << entry_filename << "' failed";
306 return NULL;
307 }
308
309 bool success = ExtractToMemory(map->Begin(), map->Size());
310 if (!success) {
311 LOG(ERROR) << "Zip: Failed to extract '" << entry_filename << "' to memory";
312 return NULL;
313 }
314
315 return map.release();
316 }
317
SetCloseOnExec(int fd)318 static void SetCloseOnExec(int fd) {
319 // This dance is more portable than Linux's O_CLOEXEC open(2) flag.
320 int flags = fcntl(fd, F_GETFD);
321 if (flags == -1) {
322 PLOG(WARNING) << "fcntl(" << fd << ", F_GETFD) failed";
323 return;
324 }
325 int rc = fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
326 if (rc == -1) {
327 PLOG(WARNING) << "fcntl(" << fd << ", F_SETFD, " << flags << ") failed";
328 return;
329 }
330 }
331
Open(const std::string & filename)332 ZipArchive* ZipArchive::Open(const std::string& filename) {
333 DCHECK(!filename.empty());
334 int fd = open(filename.c_str(), O_RDONLY, 0);
335 if (fd == -1) {
336 PLOG(WARNING) << "Unable to open '" << filename << "'";
337 return NULL;
338 }
339 return OpenFromFd(fd);
340 }
341
OpenFromFd(int fd)342 ZipArchive* ZipArchive::OpenFromFd(int fd) {
343 SetCloseOnExec(fd);
344 UniquePtr<ZipArchive> zip_archive(new ZipArchive(fd));
345 if (zip_archive.get() == NULL) {
346 return NULL;
347 }
348 if (!zip_archive->MapCentralDirectory()) {
349 zip_archive->Close();
350 return NULL;
351 }
352 if (!zip_archive->Parse()) {
353 zip_archive->Close();
354 return NULL;
355 }
356 return zip_archive.release();
357 }
358
Find(const char * name) const359 ZipEntry* ZipArchive::Find(const char* name) const {
360 DCHECK(name != NULL);
361 DirEntries::const_iterator it = dir_entries_.find(name);
362 if (it == dir_entries_.end()) {
363 return NULL;
364 }
365 return new ZipEntry(this, (*it).second);
366 }
367
Close()368 void ZipArchive::Close() {
369 if (fd_ != -1) {
370 close(fd_);
371 }
372 fd_ = -1;
373 num_entries_ = 0;
374 dir_offset_ = 0;
375 }
376
377 // Find the zip Central Directory and memory-map it.
378 //
379 // On success, returns true after populating fields from the EOCD area:
380 // num_entries_
381 // dir_offset_
382 // dir_map_
MapCentralDirectory()383 bool ZipArchive::MapCentralDirectory() {
384 /*
385 * Get and test file length.
386 */
387 off64_t file_length = lseek64(fd_, 0, SEEK_END);
388 if (file_length < kEOCDLen) {
389 LOG(WARNING) << "Zip: length " << file_length << " is too small to be zip";
390 return false;
391 }
392
393 size_t read_amount = kMaxEOCDSearch;
394 if (file_length < off64_t(read_amount)) {
395 read_amount = file_length;
396 }
397
398 UniquePtr<uint8_t[]> scan_buf(new uint8_t[read_amount]);
399 if (scan_buf.get() == NULL) {
400 return false;
401 }
402
403 /*
404 * Make sure this is a Zip archive.
405 */
406 if (lseek64(fd_, 0, SEEK_SET) != 0) {
407 PLOG(WARNING) << "seek to start failed: ";
408 return false;
409 }
410
411 ssize_t actual = TEMP_FAILURE_RETRY(read(fd_, scan_buf.get(), sizeof(int32_t)));
412 if (actual != static_cast<ssize_t>(sizeof(int32_t))) {
413 PLOG(INFO) << "couldn't read first signature from zip archive: ";
414 return false;
415 }
416
417 unsigned int header = Le32ToHost(scan_buf.get());
418 if (header != kLFHSignature) {
419 LOG(VERBOSE) << "Not a Zip archive (found " << std::hex << header << ")";
420 return false;
421 }
422
423 // Perform the traditional EOCD snipe hunt.
424 //
425 // We're searching for the End of Central Directory magic number,
426 // which appears at the start of the EOCD block. It's followed by
427 // 18 bytes of EOCD stuff and up to 64KB of archive comment. We
428 // need to read the last part of the file into a buffer, dig through
429 // it to find the magic number, parse some values out, and use those
430 // to determine the extent of the CD.
431 //
432 // We start by pulling in the last part of the file.
433 off64_t search_start = file_length - read_amount;
434
435 if (lseek64(fd_, search_start, SEEK_SET) != search_start) {
436 PLOG(WARNING) << "Zip: seek " << search_start << " failed";
437 return false;
438 }
439 actual = TEMP_FAILURE_RETRY(read(fd_, scan_buf.get(), read_amount));
440 if (actual != static_cast<ssize_t>(read_amount)) {
441 PLOG(WARNING) << "Zip: read " << actual << ", expected " << read_amount << ". failed";
442 return false;
443 }
444
445
446 // Scan backward for the EOCD magic. In an archive without a trailing
447 // comment, we'll find it on the first try. (We may want to consider
448 // doing an initial minimal read; if we don't find it, retry with a
449 // second read as above.)
450 int i;
451 for (i = read_amount - kEOCDLen; i >= 0; i--) {
452 if (scan_buf.get()[i] == 0x50 && Le32ToHost(&(scan_buf.get())[i]) == kEOCDSignature) {
453 break;
454 }
455 }
456 if (i < 0) {
457 LOG(WARNING) << "Zip: EOCD not found, not a zip file";
458 return false;
459 }
460
461 off64_t eocd_offset = search_start + i;
462 const byte* eocd_ptr = scan_buf.get() + i;
463
464 DCHECK(eocd_offset < file_length);
465
466 // Grab the CD offset and size, and the number of entries in the
467 // archive. Verify that they look reasonable.
468 uint16_t disk_number = Le16ToHost(eocd_ptr + kEOCDDiskNumber);
469 uint16_t disk_with_central_dir = Le16ToHost(eocd_ptr + kEOCDDiskNumberForCD);
470 uint16_t num_entries = Le16ToHost(eocd_ptr + kEOCDNumEntries);
471 uint16_t total_num_entries = Le16ToHost(eocd_ptr + kEOCDTotalNumEntries);
472 uint32_t dir_size = Le32ToHost(eocd_ptr + kEOCDSize);
473 uint32_t dir_offset = Le32ToHost(eocd_ptr + kEOCDFileOffset);
474 uint16_t comment_size = Le16ToHost(eocd_ptr + kEOCDCommentSize);
475
476 if ((uint64_t) dir_offset + (uint64_t) dir_size > (uint64_t) eocd_offset) {
477 LOG(WARNING) << "Zip: bad offsets ("
478 << "dir=" << dir_offset << ", "
479 << "size=" << dir_size << ", "
480 << "eocd=" << eocd_offset << ")";
481 return false;
482 }
483 if (num_entries == 0) {
484 LOG(WARNING) << "Zip: empty archive?";
485 return false;
486 } else if (num_entries != total_num_entries || disk_number != 0 || disk_with_central_dir != 0) {
487 LOG(WARNING) << "spanned archives not supported";
488 return false;
489 }
490
491 // Check to see if comment is a sane size
492 if ((comment_size > (file_length - kEOCDLen))
493 || (eocd_offset > (file_length - kEOCDLen) - comment_size)) {
494 LOG(WARNING) << "comment size runs off end of file";
495 return false;
496 }
497
498 // It all looks good. Create a mapping for the CD.
499 dir_map_.reset(MemMap::MapFile(dir_size, PROT_READ, MAP_SHARED, fd_, dir_offset));
500 if (dir_map_.get() == NULL) {
501 return false;
502 }
503
504 num_entries_ = num_entries;
505 dir_offset_ = dir_offset;
506 return true;
507 }
508
Parse()509 bool ZipArchive::Parse() {
510 const byte* cd_ptr = dir_map_->Begin();
511 size_t cd_length = dir_map_->Size();
512
513 // Walk through the central directory, adding entries to the hash
514 // table and verifying values.
515 const byte* ptr = cd_ptr;
516 for (int i = 0; i < num_entries_; i++) {
517 if (Le32ToHost(ptr) != kCDESignature) {
518 LOG(WARNING) << "Zip: missed a central dir sig (at " << i << ")";
519 return false;
520 }
521 if (ptr + kCDELen > cd_ptr + cd_length) {
522 LOG(WARNING) << "Zip: ran off the end (at " << i << ")";
523 return false;
524 }
525
526 int64_t local_hdr_offset = Le32ToHost(ptr + kCDELocalOffset);
527 if (local_hdr_offset >= dir_offset_) {
528 LOG(WARNING) << "Zip: bad LFH offset " << local_hdr_offset << " at entry " << i;
529 return false;
530 }
531
532 uint16_t gpbf = Le16ToHost(ptr + kCDEGPBFlags);
533 if ((gpbf & kGPFUnsupportedMask) != 0) {
534 LOG(WARNING) << "Invalid General Purpose Bit Flag: " << gpbf;
535 return false;
536 }
537
538 uint16_t name_len = Le16ToHost(ptr + kCDENameLen);
539 uint16_t extra_len = Le16ToHost(ptr + kCDEExtraLen);
540 uint16_t comment_len = Le16ToHost(ptr + kCDECommentLen);
541
542 // add the CDE filename to the hash table
543 const char* name = reinterpret_cast<const char*>(ptr + kCDELen);
544
545 // Check name for NULL characters
546 if (memchr(name, 0, name_len) != NULL) {
547 LOG(WARNING) << "Filename contains NUL byte";
548 return false;
549 }
550
551 dir_entries_.Put(StringPiece(name, name_len), ptr);
552 ptr += kCDELen + name_len + extra_len + comment_len;
553 if (ptr > cd_ptr + cd_length) {
554 LOG(WARNING) << "Zip: bad CD advance "
555 << "(" << ptr << " vs " << (cd_ptr + cd_length) << ") "
556 << "at entry " << i;
557 return false;
558 }
559 }
560 return true;
561 }
562
563 } // namespace art
564