Introduce xbps_mmap_file() and use it in strategic points.

Rather than using a random buffer from stack or heap, and decide
what size to use, create a private memory mapped object...

This simplifies the code in lib/verifysig.c and xbps-create.

bin/xbps-create/main.c

@@ -427,11 +427,8 @@ process_destdir(const char *mutable_files)
 static void
 write_entry(struct archive *ar, struct archive_entry *entry)
 {
-	char buf[16384];
+	char *mmf;
-	const char *name;
+	size_t mmflen, filelen;
-	int fd = -1;
-	off_t len;
-	ssize_t buf_len;
 
 	if (archive_entry_pathname(entry) == NULL)
 		return;
@@ -449,25 +446,11 @@ write_entry(struct archive *ar, struct archive_entry *entry)
 		return;
 	}
 
-	name = archive_entry_sourcepath(entry);
+	if (!xbps_mmap_file(archive_entry_sourcepath(entry), (void *)&mmf, &mmflen, &filelen))
-	fd = open(name, O_RDONLY);
+		die("cannot read %s file", name);
-	assert(fd != -1);
-
-	len = archive_entry_size(entry);
-	while (len > 0) {
-		buf_len = (len > (off_t)sizeof(buf)) ?
-			(ssize_t)sizeof(buf) : (ssize_t)len;
-
-		if ((buf_len = read(fd, buf, buf_len)) == 0)
-			break;
-		else if (buf_len < 0)
-			die("cannot read from %s", name);
-
-		archive_write_data(ar, buf, (size_t)buf_len);
-		len -= buf_len;
-	}
-	close(fd);
 
+	archive_write_data(ar, mmf, filelen);
+	(void)munmap(mmf, mmflen);
 	archive_entry_free(entry);
 }
 

include/xbps.h.in

@@ -48,7 +48,7 @@
  *
  * This header documents the full API for the XBPS Library.
  */
-#define XBPS_API_VERSION	"20140923"
+#define XBPS_API_VERSION	"20140927"
 
 #ifndef XBPS_VERSION
  #define XBPS_VERSION		"UNSET"
@@ -1635,6 +1635,21 @@ int xbps_mkpath(const char *path, mode_t mode);
  */
 char *xbps_xasprintf(const char *fmt, ...);
 
+/**
+ * Creates a memory mapped object from file \a file into \a mmf
+ * with size \a mmflen, and file size to \a filelen;
+ *
+ * @param[in] file Path to a file.
+ * @param[out] mmf Memory mapped object.
+ * @param[out] mmflen Length of memory mapped object.
+ * @param[out] filelen File size length.
+ *
+ * @return True on success, false otherwise and errno
+ * is set appropiately. The mmaped object should be munmap()ed when it's
+ * not longer needed.
+ */
+bool xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filelen);
+
 /**
  * Returns a string with the sha256 hash for the file specified
  * by \a file.

lib/util_hash.c

@@ -22,7 +22,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
-
+#include <sys/mman.h>
 #include <stdio.h>
 #include <stdbool.h>
 #include <stdlib.h>
@@ -57,44 +57,77 @@ digest2string(const uint8_t *digest, char *string, size_t len)
 	*string = '\0';
 }
 
-char *
+bool
-xbps_file_hash(const char *file)
+xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filelen)
 {
 	struct stat st;
-	SHA256_CTX ctx;
+	size_t pgsize = (size_t)sysconf(_SC_PAGESIZE);
-	char hash[SHA256_DIGEST_LENGTH * 2 + 1];
+	size_t pgmask = pgsize - 1, mapsize;
-	unsigned char digest[SHA256_DIGEST_LENGTH];
+	unsigned char *mf;
-	ssize_t ret;
+	bool need_guard = false;
-	unsigned char buf[4096];
 	int fd;
 
+	assert(file);
+
 	if ((fd = open(file, O_RDONLY)) == -1)
-		return NULL;
+		return false;
 
 	if (fstat(fd, &st) == -1) {
 		(void)close(fd);
-		return NULL;
+		return false;
 	}
 	if (st.st_size > SSIZE_MAX - 1) {
 		(void)close(fd);
-		return NULL;
+		return false;
 	}
-
+	mapsize = ((size_t)st.st_size + pgmask) & ~pgmask;
-	SHA256_Init(&ctx);
+	if (mapsize < (size_t)st.st_size) {
-	while ((ret = read(fd, buf, sizeof(buf))) > 0)
-		SHA256_Update(&ctx, buf, ret);
-
-	if (ret == -1) {
-		/* read error */
 		(void)close(fd);
-		return NULL;
+		return false;
+	}
+	/*
+	 * If the file length is an integral number of pages, then we
+	 * need to map a guard page at the end in order to provide the
+	 * necessary NUL-termination of the buffer.
+	 */
+	if ((st.st_size & pgmask) == 0)
+		need_guard = true;
+
+	mf = mmap(NULL, need_guard ? mapsize + pgsize : mapsize,
+	    PROT_READ, MAP_PRIVATE, fd, 0);
+	(void)close(fd);
+	if (mf == MAP_FAILED) {
+		(void)munmap(mf, mapsize);
+		return false;
 	}
 
-	SHA256_Final(digest, &ctx);
+	*mmf = mf;
-	(void)close(fd);
+	*mmflen = mapsize;
-	digest2string(digest, hash, SHA256_DIGEST_LENGTH);
+	*filelen = st.st_size;
 
-	return strdup(hash);
+	return true;
+}
+
+char *
+xbps_file_hash(const char *file)
+{
+	char *res, hash[SHA256_DIGEST_LENGTH * 2 + 1];
+	unsigned char digest[SHA256_DIGEST_LENGTH];
+	unsigned char *mmf = NULL;
+	size_t mmflen, filelen;
+
+	if (!xbps_mmap_file(file, (void *)&mmf, &mmflen, &filelen))
+		return NULL;
+
+	if (SHA256(mmf, filelen, digest) == NULL) {
+		(void)munmap(mmf, mmflen);
+		return NULL;
+	}
+	digest2string(digest, hash, SHA256_DIGEST_LENGTH);
+	res = strdup(hash);
+	(void)munmap(mmf, mmflen);
+
+	return res;
 }
 
 int

lib/verifysig.c

@@ -30,6 +30,7 @@
 #include <libgen.h>
 #include <fcntl.h>
 #include <sys/stat.h>
+#include <sys/mman.h>
 
 #include <openssl/err.h>
 #include <openssl/sha.h>
@@ -81,11 +82,10 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
 {
 	xbps_dictionary_t repokeyd = NULL;
 	xbps_data_t pubkey;
-	struct stat st, sig_st;
 	const char *hexfp = NULL;
 	unsigned char *buf = NULL, *sig_buf = NULL;
+	size_t buflen, filelen, sigbuflen, sigfilelen;
 	char *rkeyfile = NULL, *sig = NULL;
-	int fd = -1, sig_fd = -1;
 	bool val = false;
 
 	if (!xbps_dictionary_count(repo->idxmeta)) {
@@ -116,50 +116,30 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
 	/*
 	 * Prepare fname and signature data buffers.
 	 */
-	if ((fd = open(fname, O_RDONLY)) == -1) {
+	if (!xbps_mmap_file(fname, (void *)&buf, &buflen, &filelen)) {
 		xbps_dbg_printf(repo->xhp, "can't open file %s: %s\n", fname, strerror(errno));
 		goto out;
 	}
 	sig = xbps_xasprintf("%s.sig", fname);
-	if ((sig_fd = open(sig, O_RDONLY)) == -1) {
+	if (!xbps_mmap_file(sig, (void *)&sig_buf, &sigbuflen, &sigfilelen)) {
 		xbps_dbg_printf(repo->xhp, "can't open signature file %s: %s\n", sig, strerror(errno));
 		goto out;
 	}
-	fstat(fd, &st);
-	fstat(sig_fd, &sig_st);
-
-	buf = malloc(st.st_size);
-	assert(buf);
-	sig_buf = malloc(sig_st.st_size);
-	assert(sig_buf);
-
-	if (read(fd, buf, st.st_size) != st.st_size) {
-		xbps_dbg_printf(repo->xhp, "failed to read file %s: %s\n", fname, strerror(errno));
-		goto out;
-	}
-	if (read(sig_fd, sig_buf, sig_st.st_size) != sig_st.st_size) {
-		xbps_dbg_printf(repo->xhp, "failed to read signature file %s: %s\n", sig, strerror(errno));
-		goto out;
-	}
 	/*
 	 * Verify fname RSA signature.
 	 */
-	if (rsa_verify_buf(repo, pubkey, sig_buf, sig_st.st_size, buf, st.st_size))
+	if (rsa_verify_buf(repo, pubkey, sig_buf, sigfilelen, buf, filelen))
 		val = true;
 
 out:
 	if (rkeyfile)
 		free(rkeyfile);
-	if (fd != -1)
-		close(fd);
-	if (sig_fd != -1)
-		close(sig_fd);
 	if (buf)
-		free(buf);
+		(void)munmap(buf, buflen);
+	if (sig_buf)
+		(void)munmap(sig_buf, sigbuflen);
 	if (sig)
 		free(sig);
-	if (sig_buf)
-		free(sig_buf);
 	if (repokeyd)
 		xbps_object_release(repokeyd);