| blob | 15f84f7bb956d94f7e6fde3d5c0fa1e8f161d5a5 |
1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* ***** BEGIN LICENSE BLOCK *****
3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 *
5 * The contents of this file are subject to the Mozilla Public License Version
6 * 1.1 (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/MPL/
9 *
10 * Software distributed under the License is distributed on an "AS IS" basis,
11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 * for the specific language governing rights and limitations under the
13 * License.
14 *
15 * The Original Code is Mozilla Communicator client code, released
16 * March 31, 1998.
17 *
18 * The Initial Developer of the Original Code is
19 * Netscape Communications Corporation.
20 * Portions created by the Initial Developer are Copyright (C) 1998
21 * the Initial Developer. All Rights Reserved.
22 *
23 * Contributor(s):
24 * Daniel Veditz <dveditz@netscape.com>
25 * Samir Gehani <sgehani@netscape.com>
26 * Mitch Stoltz <mstoltz@netsape.com>
27 * Pierre Phaneuf <pp@ludusdesign.com>
28 * Jeff Walden <jwalden+code@mit.edu>
29 *
30 * Alternatively, the contents of this file may be used under the terms of
31 * either the GNU General Public License Version 2 or later (the "GPL"), or
32 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
33 * in which case the provisions of the GPL or the LGPL are applicable instead
34 * of those above. If you wish to allow use of your version of this file only
35 * under the terms of either the GPL or the LGPL, and not to allow others to
36 * use your version of this file under the terms of the MPL, indicate your
37 * decision by deleting the provisions above and replace them with the notice
38 * and other provisions required by the GPL or the LGPL. If you do not delete
39 * the provisions above, a recipient may use your version of this file under
40 * the terms of any one of the MPL, the GPL or the LGPL.
41 *
42 * ***** END LICENSE BLOCK ***** */
43 #include <string.h>
51 #ifdef XP_UNIX
52 #include <sys/stat.h>
53 #elif defined (XP_WIN) || defined(XP_OS2)
54 #include <io.h>
55 #endif
57 //----------------------------------------------
58 // nsJARManifestItem declaration
59 //----------------------------------------------
60 /*
61 * nsJARManifestItem contains meta-information pertaining
62 * to an individual JAR entry, taken from the
63 * META-INF/MANIFEST.MF and META-INF/ *.SF files.
64 * This is security-critical information, defined here so it is not
65 * accessible from anywhere else.
66 */
68 {
74 class nsJARManifestItem
75 {
77 JARManifestItemType mType;
79 // True if the second step of verification (VerifyEntry)
80 // has taken place:
81 PRBool entryVerified;
83 // Not signed, valid, or failure code
84 PRInt16 status;
86 // Internal storage of digests
92 };
94 //-------------------------------------------------
95 // nsJARManifestItem constructors and destructor
96 //-------------------------------------------------
102 {
103 }
106 {
107 // Delete digests if necessary
110 }
112 //----------------------------------------------
113 // nsJAR constructor/destructor
114 //----------------------------------------------
115 static PRBool
117 {
118 //-- deletes an entry in mManifestData.
121 }
123 // The following initialization makes a guess of 10 entries per jarfile.
132 {
133 }
136 {
138 }
143 // Custom Release method works with nsZipReaderCache...
145 {
146 nsrefcnt count;
152 /* enable this to find non-threadsafe destructors: */
153 /* NS_ASSERT_OWNINGTHREAD(nsJAR); */
156 }
160 }
162 }
164 //----------------------------------------------
165 // nsIZipReader implementation
166 //----------------------------------------------
168 NS_IMETHODIMP
170 {
187 }
189 NS_IMETHODIMP
191 {
195 }
197 NS_IMETHODIMP
199 {
203 }
211 }
213 NS_IMETHODIMP
215 {
217 }
219 NS_IMETHODIMP
221 {
222 // nsZipArchive and zlib are not thread safe
223 // we need to use a lock to prevent bug #51267
226 nsresult rv;
233 // Remove existing file or directory so we set permissions correctly.
234 // If it's a directory that already exists and contains files, throw
235 // an exception and return.
237 //XXX Bug 332139:
238 //XXX If we guarantee that rv in the case of a non-empty directory
239 //XXX is always FILE_DIR_NOT_EMPTY, we can remove
240 //XXX |rv == NS_ERROR_FAILURE| - bug 322183 needs to be completely
241 //XXX fixed before that can happen
248 {
250 //XXX Do this in nsZipArchive? It would be nice to keep extraction
251 //XXX code completely there, but that would require a way to get a
252 //XXX PRDir from localFile.
253 }
254 else
255 {
260 // ExtractFile also closes the fd handle and resolves the symlink if needed
261 nsCAutoString path;
266 }
270 // nsIFile needs milliseconds, while prtime is in microseconds.
275 // non-fatal if this fails, ignore errors
279 }
281 NS_IMETHODIMP
283 {
292 }
294 NS_IMETHODIMP
296 {
299 }
301 NS_IMETHODIMP
303 {
314 }
318 }
320 NS_IMETHODIMP
322 {
324 }
326 NS_IMETHODIMP
329 {
333 // Watch out for the jar:foo.zip!/ (aDir is empty) top-level special case!
336 // First check if item exists in jar
339 }
341 // addref now so we can call InitFile/InitDirectory()
349 // Open jarfile, to get its own filedescriptor for the stream
350 // XXX The file may have been overwritten, so |item| might not be
351 // valid. We really want to work from inode rather than file name.
356 // |jis| now owns |fd|
359 }
360 }
363 }
365 }
367 //----------------------------------------------
368 // nsIJAR implementation
369 //----------------------------------------------
371 NS_IMETHODIMP
373 {
374 //-- Parameter check
379 //-- Parse the manifest
385 PRInt16 requestedStatus;
387 {
388 //-- Find the item
393 //-- Verify the item against the manifest
395 {
396 nsXPIDLCString entryData;
397 PRUint32 entryDataLen;
402 }
404 }
411 {
414 }
416 }
418 NS_IMETHODIMP
420 {
423 }
425 nsresult
427 {
431 }
433 PRFileDesc*
435 {
436 nsresult rv;
445 }
447 //----------------------------------------------
448 // nsJAR private implementation
449 //----------------------------------------------
450 nsresult
452 {
453 //-- Get a stream for reading the file
454 nsresult rv;
459 //-- Read the manifest file into memory
461 PRUint32 len;
468 PRUint32 bytesRead;
475 }
481 }
484 PRInt32
486 {
487 //--Moves pointer to beginning of next line and returns line length
488 // not including CR/LF.
489 PRInt32 length;
493 {
499 }
500 else
501 {
507 }
509 }
511 //-- The following #defines are used by ParseManifest()
512 // and ParseOneFile(). The header strings are defined in the JAR specification.
513 #define JAR_MF 1
514 #define JAR_SF 2
520 nsresult
522 {
523 //-- Verification Step 1
526 //-- (1)Manifest (MF) file
532 //-- Load the file into memory
533 PRBool more;
537 {
541 }
543 nsCAutoString manifestFilename;
547 // Check if there is more than one manifest, if so then error!
551 {
554 }
556 nsXPIDLCString manifestBuffer;
557 PRUint32 manifestLen;
561 //-- Parse it
565 //-- (2)Signature (SF) file
566 // If there are multiple signatures, we select one.
570 //-- Get an SF file
574 {
578 }
585 //-- Get its corresponding signature file
590 nsXPIDLCString sigBuffer;
591 PRUint32 sigLen;
592 {
595 }
597 {
600 }
602 {
606 }
608 //-- Get the signature verifier service
612 {
616 }
618 //-- Verify that the signature file is a valid signature of the SF file
619 PRInt32 verifyError;
627 else
630 //-- Parse the SF file. If the verification above failed, principal
631 // is null, and ParseOneFile will mark the relevant entries as invalid.
632 // if ParseOneFile fails, then it has no effect, and we can safely
633 // continue to the next SF file, or return.
638 }
640 nsresult
642 {
643 //-- Check file header
645 nsCAutoString curLine;
646 PRInt32 linelen;
654 //-- Skip header section
659 //-- Set up parsing variables
669 nsCAutoString curItemName;
670 nsCAutoString storedSectionDigest;
673 {
678 // end of section (blank line or end-of-file)
679 {
681 {
682 mTotalItemsInManifest++;
684 {
685 //-- Did this section have a name: line?
688 else
689 {
690 //-- If it's an internal item, it must correspond
691 // to a valid jar entry
693 {
694 PRBool exists;
698 }
699 //-- Check for duplicates
703 }
704 }
709 {
713 //-- Save item in the hashtable
716 }
724 else
725 //-- file type is SF, compare digest with calculated
726 // section digests from MF file.
727 {
729 {
734 {
742 else
743 {
748 }
760 //-- Look for continuations (beginning with a space) on subsequent lines
761 // and append them to the current line.
763 {
769 }
771 //-- Find colon in current line, this separates name from value
775 //-- Break down the line
776 nsCAutoString lineName;
778 nsCAutoString lineData;
781 //-- Lines to look for:
782 // (1) Digest:
785 //-- This is a digest line, save the data in the appropriate place
786 {
788 {
793 }
794 else
797 }
799 // (2) Name: associates this manifest section with a file in the jar.
802 {
806 }
808 // (3) Magic: this may be an inline Javascript.
809 // We can't do any other kind of magic.
813 {
817 else
820 }
826 nsresult
828 PRUint32 aLen)
829 {
831 {
833 // No entry digests in manifest file. Entry is unsigned.
835 else
844 }
845 }
848 }
851 {
852 //-- Generate error message
853 nsAutoString message;
857 else
861 {
866 message.AppendLiteral("the digital signature (*.RSA) file is not a valid signature of the signature instruction file (*.SF).");
872 message.AppendLiteral("the signature instruction file (*.SF) does not contain a valid hash of the MANIFEST.MF file.");
875 message.AppendLiteral("the MANIFEST.MF file does not contain a valid hash of the file being verified.");
882 }
884 // Report error in JS console
887 {
889 }
890 #ifdef DEBUG
895 #endif
896 }
901 {
903 nsresult rv;
915 nsCAutoString hashString;
922 }
926 //----------------------------------------------
927 // nsJAREnumerator::HasMore
928 //----------------------------------------------
929 NS_IMETHODIMP
931 {
932 // try to get the next element
939 }
941 }
945 }
947 //----------------------------------------------
948 // nsJAREnumerator::GetNext
949 //----------------------------------------------
950 NS_IMETHODIMP
952 {
953 // check if the current item is "stale"
955 PRBool bMore;
959 }
963 }
977 {
978 }
980 //------------------------------------------
981 // nsJARItem::GetCompression
982 //------------------------------------------
983 NS_IMETHODIMP
985 {
990 }
992 //------------------------------------------
993 // nsJARItem::GetSize
994 //------------------------------------------
995 NS_IMETHODIMP
997 {
1002 }
1004 //------------------------------------------
1005 // nsJARItem::GetRealSize
1006 //------------------------------------------
1007 NS_IMETHODIMP
1009 {
1014 }
1016 //------------------------------------------
1017 // nsJARItem::GetCrc32
1018 //------------------------------------------
1019 NS_IMETHODIMP
1021 {
1026 }
1028 //------------------------------------------
1029 // nsJARItem::GetIsDirectory
1030 //------------------------------------------
1031 NS_IMETHODIMP
1033 {
1038 }
1040 //------------------------------------------
1041 // nsJARItem::GetIsSynthetic
1042 //------------------------------------------
1043 NS_IMETHODIMP
1045 {
1050 }
1052 //------------------------------------------
1053 // nsJARItem::GetLastModifiedTime
1054 //------------------------------------------
1055 NS_IMETHODIMP
1057 {
1062 }
1064 ////////////////////////////////////////////////////////////////////////////////
1065 // nsIZipReaderCache
1067 NS_IMPL_THREADSAFE_ISUPPORTS3(nsZipReaderCache, nsIZipReaderCache, nsIObserver, nsISupportsWeakReference)
1072 #ifdef ZIP_CACHE_HIT_RATE
1073 ,
1078 #endif
1079 {
1080 }
1082 NS_IMETHODIMP
1084 {
1087 // Register as a memory pressure observer
1091 {
1094 }
1095 // ignore failure of the observer registration.
1099 }
1101 static PRBool
1103 {
1107 }
1110 {
1115 #ifdef ZIP_CACHE_HIT_RATE
1120 #endif
1121 }
1123 NS_IMETHODIMP
1125 {
1127 nsresult rv;
1131 #ifdef ZIP_CACHE_HIT_RATE
1132 mZipCacheLookups++;
1133 #endif
1135 nsCAutoString path;
1139 PRInt64 Mtime;
1146 #ifdef ZIP_CACHE_HIT_RATE
1147 mZipCacheHits++;
1148 #endif
1150 }
1155 }
1166 }
1170 }
1173 }
1175 static PRBool
1177 {
1186 }
1187 }
1189 }
1193 static PRBool
1195 {
1201 }
1203 }
1205 nsresult
1207 {
1208 nsresult rv;
1211 // It is possible that two thread compete for this zip. The dangerous
1212 // case is where one thread Releases the zip and discovers that the ref
1213 // count has gone to one. Before it can call this ReleaseZip method
1214 // another thread calls our GetZip method. The ref count goes to two. That
1215 // second thread then Releases the zip and the ref count goes to one. It
1216 // then tries to enter this ReleaseZip method and blocks while the first
1217 // thread is still here. The first thread continues and remove the zip from
1218 // the cache and calls its Release method sending the ref count to 0 and
1219 // deleting the zip. However, the second thread is still blocked at the
1220 // start of ReleaseZip, but the 'zip' param now hold a reference to a
1221 // deleted zip!
1222 //
1223 // So, we are going to try safeguarding here by searching our hashtable while
1224 // locked here for the zip. We return fast if it is not found.
1229 #ifdef ZIP_CACHE_HIT_RATE
1230 mZipSyncMisses++;
1231 #endif
1233 }
1243 // Because of the craziness above it is possible that there is no zip that
1244 // needs removing.
1248 #ifdef ZIP_CACHE_HIT_RATE
1249 mZipCacheFlushes++;
1250 #endif
1252 // Clear the cache pointer in case we gave out this oldest guy while
1253 // his Release call was being made. Otherwise we could nest on ReleaseZip
1254 // when the second owner calls Release and we are still here in this lock.
1257 // remove from hashtable
1258 nsCAutoString path;
1267 }
1269 static PRBool
1271 {
1279 }
1281 }
1283 NS_IMETHODIMP
1287 {
1298 #ifdef xDEBUG_jband
1300 #endif
1301 }
1302 }
1306 }
1308 }
1311 {
1312 PRExplodedTime time;
1331 }
1333 ////////////////////////////////////////////////////////////////////////////////