Merge pull request #183 from Gottox/avoid_mmap

Avoid mmap

NEWS

@@ -1,5 +1,11 @@
 xbps-0.52 (???):
 
+ * libxbps: avoid mmap in cases where the mmaped file can fill up the address
+   space on 32bit causing out of memory errors. Patches provided by Enno
+   Boland in #183, reported by Christian Neukirchen in #182. See
+   https://github.com/voidlinux/xbps/pull/183 and
+   https://github.com/voidlinux/xbps/pull/182
+
  * xbps-create(1): accept -c/--changelog to set the changelog property of the
    package
 

bin/xbps-create/main.c

@@ -526,8 +526,9 @@ static void
 write_entry(struct archive *ar, struct archive_entry *entry)
 {
 	const char *name;
-	char *mmf;
+	int fd;
-	size_t mmflen, filelen;
+	char buf[65536];
+	ssize_t len;
 
 	if (archive_entry_pathname(entry) == NULL)
 		return;
@@ -546,11 +547,16 @@ write_entry(struct archive *ar, struct archive_entry *entry)
 	}
 
 	name = archive_entry_sourcepath(entry);
-	if (!xbps_mmap_file(name, (void *)&mmf, &mmflen, &filelen))
-		die("cannot read %s file", name);
 
-	archive_write_data(ar, mmf, filelen);
+	if ((fd = open(name, O_RDONLY)) < 0)
-	(void)munmap(mmf, mmflen);
+		die("cannot open %s file", name);
+	while ((len = read(fd, buf, sizeof(buf))) > 0)
+		archive_write_data(ar, buf, len);
+	(void)close(fd);
+
+	if(len < 0)
+		die("cannot open %s file", name);
+
 	archive_entry_free(entry);
 }
 

include/xbps.h.in

@@ -1795,6 +1795,17 @@ bool xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filele
  */
 char *xbps_file_hash(const char *file);
 
+/**
+ * Returns a raw byte buffer with the sha256 hash for the file specified
+ * by \a file.
+ *
+ * @param[in] file Path to a file.
+ * @return A pointer to a malloc(3)ed buffer, NULL otherwise and errno
+ * is set appropiately. The pointer should be free(3)d when it's no
+ * longer needed.
+ */
+unsigned char *xbps_file_hash_raw(const char *file);
+
 /**
  * Compares the sha256 hash of the file \a file with the sha256
  * string specified by \a sha256.

lib/util_hash.c

@@ -108,26 +108,46 @@ xbps_mmap_file(const char *file, void **mmf, size_t *mmflen, size_t *filelen)
 	return true;
 }
 
+unsigned char *
+xbps_file_hash_raw(const char *file)
+{
+	int fd;
+	ssize_t len;
+	unsigned char *digest, buf[65536];
+	SHA256_CTX sha256;
+
+	if ((fd = open(file, O_RDONLY)) < 0)
+		return NULL;
+	digest = malloc(SHA256_DIGEST_LENGTH);
+	assert(digest);
+	SHA256_Init(&sha256);
+	while ((len = read(fd, buf, sizeof(buf))) > 0)
+		SHA256_Update(&sha256, buf, len);
+	if(len < 0) {
+		free(digest);
+		return NULL;
+	}
+	SHA256_Final(digest, &sha256);
+	(void)close(fd);
+
+	return digest;
+}
+
 char *
 xbps_file_hash(const char *file)
 {
-	char *res, hash[SHA256_DIGEST_LENGTH * 2 + 1];
+	char *hash;
-	unsigned char digest[SHA256_DIGEST_LENGTH];
+	unsigned char *digest;
-	unsigned char *mmf = NULL;
-	size_t mmflen, filelen;
 
-	if (!xbps_mmap_file(file, (void *)&mmf, &mmflen, &filelen))
+	if (!(digest = xbps_file_hash_raw(file)))
 		return NULL;
 
-	if (SHA256(mmf, filelen, digest) == NULL) {
+	hash = malloc(SHA256_DIGEST_LENGTH * 2 + 1);
-		(void)munmap(mmf, mmflen);
+	assert(hash);
-		return NULL;
-	}
 	digest2string(digest, hash, SHA256_DIGEST_LENGTH);
-	res = strdup(hash);
+	free(digest);
-	(void)munmap(mmf, mmflen);
 
-	return res;
+	return hash;
 }
 
 int

lib/verifysig.c

@@ -41,14 +41,12 @@
 #include "xbps_api_impl.h"
 
 static bool
-rsa_verify_buf(struct xbps_repo *repo, xbps_data_t pubkey,
+rsa_verify_hash(struct xbps_repo *repo, xbps_data_t pubkey,
 		unsigned char *sig, unsigned int siglen,
-		unsigned char *buf, unsigned int buflen)
+		unsigned char *sha256)
 {
-	SHA256_CTX context;
 	BIO *bio;
 	RSA *rsa;
-	unsigned char sha256[SHA256_DIGEST_LENGTH];
 	int rv;
 
 	ERR_load_crypto_strings();
@@ -65,11 +63,7 @@ rsa_verify_buf(struct xbps_repo *repo, xbps_data_t pubkey,
 		return false;
 	}
 
-	SHA256_Init(&context);
+	rv = RSA_verify(NID_sha1, sha256, SHA256_DIGEST_LENGTH, sig, siglen, rsa);
-	SHA256_Update(&context, buf, buflen);
-	SHA256_Final(sha256, &context);
-
-	rv = RSA_verify(NID_sha1, sha256, sizeof(sha256), sig, siglen, rsa);
 	RSA_free(rsa);
 	BIO_free(bio);
 	ERR_free_strings();
@@ -83,8 +77,8 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
 	xbps_dictionary_t repokeyd = NULL;
 	xbps_data_t pubkey;
 	char *hexfp = NULL;
-	unsigned char *buf = NULL, *sig_buf = NULL;
+	unsigned char *digest = NULL, *sig_buf = NULL;
-	size_t buflen, filelen, sigbuflen, sigfilelen;
+	size_t sigbuflen, sigfilelen;
 	char *rkeyfile = NULL, *sig = NULL;
 	bool val = false;
 
@@ -116,7 +110,7 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
 	/*
 	 * Prepare fname and signature data buffers.
 	 */
-	if (!xbps_mmap_file(fname, (void *)&buf, &buflen, &filelen)) {
+	if (!(digest = xbps_file_hash_raw(fname))) {
 		xbps_dbg_printf(repo->xhp, "can't open file %s: %s\n", fname, strerror(errno));
 		goto out;
 	}
@@ -128,7 +122,7 @@ xbps_verify_file_signature(struct xbps_repo *repo, const char *fname)
 	/*
 	 * Verify fname RSA signature.
 	 */
-	if (rsa_verify_buf(repo, pubkey, sig_buf, sigfilelen, buf, filelen))
+	if (rsa_verify_hash(repo, pubkey, sig_buf, sigfilelen, digest))
 		val = true;
 
 out:
@@ -136,8 +130,8 @@ out:
 		free(hexfp);
 	if (rkeyfile)
 		free(rkeyfile);
-	if (buf)
+	if (digest)
-		(void)munmap(buf, buflen);
+		free(digest);
 	if (sig_buf)
 		(void)munmap(sig_buf, sigbuflen);
 	if (sig)