rewrite.go

Documentation: cmd/internal/buildid

     1  // Copyright 2017 The Go Authors. All rights reserved.
     2  // Use of this source code is governed by a BSD-style
     3  // license that can be found in the LICENSE file.
     4  
     5  package buildid
     6  
     7  import (
     8  	"bytes"
     9  	"cmd/internal/codesign"
    10  	"crypto/sha256"
    11  	"debug/macho"
    12  	"fmt"
    13  	"io"
    14  )
    15  
    16  // FindAndHash reads all of r and returns the offsets of occurrences of id.
    17  // While reading, findAndHash also computes and returns
    18  // a hash of the content of r, but with occurrences of id replaced by zeros.
    19  // FindAndHash reads bufSize bytes from r at a time.
    20  // If bufSize == 0, FindAndHash uses a reasonable default.
    21  func FindAndHash(r io.Reader, id string, bufSize int) (matches []int64, hash [32]byte, err error) {
    22  	if bufSize == 0 {
    23  		bufSize = 31 * 1024 // bufSize+little will likely fit in 32 kB
    24  	}
    25  	if len(id) > bufSize {
    26  		return nil, [32]byte{}, fmt.Errorf("buildid.FindAndHash: buffer too small")
    27  	}
    28  	zeros := make([]byte, len(id))
    29  	idBytes := []byte(id)
    30  
    31  	// For Mach-O files, we want to exclude the code signature.
    32  	// The code signature contains hashes of the whole file (except the signature
    33  	// itself), including the buildid. So the buildid cannot contain the signature.
    34  	r = excludeMachoCodeSignature(r)
    35  
    36  	// The strategy is to read the file through buf, looking for id,
    37  	// but we need to worry about what happens if id is broken up
    38  	// and returned in parts by two different reads.
    39  	// We allocate a tiny buffer (at least len(id)) and a big buffer (bufSize bytes)
    40  	// next to each other in memory and then copy the tail of
    41  	// one read into the tiny buffer before reading new data into the big buffer.
    42  	// The search for id is over the entire tiny+big buffer.
    43  	tiny := (len(id) + 127) &^ 127 // round up to 128-aligned
    44  	buf := make([]byte, tiny+bufSize)
    45  	h := sha256.New()
    46  	start := tiny
    47  	for offset := int64(0); ; {
    48  		// The file offset maintained by the loop corresponds to &buf[tiny].
    49  		// buf[start:tiny] is left over from previous iteration.
    50  		// After reading n bytes into buf[tiny:], we process buf[start:tiny+n].
    51  		n, err := io.ReadFull(r, buf[tiny:])
    52  		if err != io.ErrUnexpectedEOF && err != io.EOF && err != nil {
    53  			return nil, [32]byte{}, err
    54  		}
    55  
    56  		// Process any matches.
    57  		for {
    58  			i := bytes.Index(buf[start:tiny+n], idBytes)
    59  			if i < 0 {
    60  				break
    61  			}
    62  			matches = append(matches, offset+int64(start+i-tiny))
    63  			h.Write(buf[start : start+i])
    64  			h.Write(zeros)
    65  			start += i + len(id)
    66  		}
    67  		if n < bufSize {
    68  			// Did not fill buffer, must be at end of file.
    69  			h.Write(buf[start : tiny+n])
    70  			break
    71  		}
    72  
    73  		// Process all but final tiny bytes of buf (bufSize = len(buf)-tiny).
    74  		// Note that start > len(buf)-tiny is possible, if the search above
    75  		// found an id ending in the final tiny fringe. That's OK.
    76  		if start < len(buf)-tiny {
    77  			h.Write(buf[start : len(buf)-tiny])
    78  			start = len(buf) - tiny
    79  		}
    80  
    81  		// Slide ending tiny-sized fringe to beginning of buffer.
    82  		copy(buf[0:], buf[bufSize:])
    83  		start -= bufSize
    84  		offset += int64(bufSize)
    85  	}
    86  	h.Sum(hash[:0])
    87  	return matches, hash, nil
    88  }
    89  
    90  func Rewrite(w io.WriterAt, pos []int64, id string) error {
    91  	b := []byte(id)
    92  	for _, p := range pos {
    93  		if _, err := w.WriteAt(b, p); err != nil {
    94  			return err
    95  		}
    96  	}
    97  
    98  	// Update Mach-O code signature, if any.
    99  	if f, cmd, ok := findMachoCodeSignature(w); ok {
   100  		if codesign.Size(int64(cmd.Dataoff), "a.out") == int64(cmd.Datasize) {
   101  			// Update the signature if the size matches, so we don't need to
   102  			// fix up headers. Binaries generated by the Go linker should have
   103  			// the expected size. Otherwise skip.
   104  			text := f.Segment("__TEXT")
   105  			cs := make([]byte, cmd.Datasize)
   106  			codesign.Sign(cs, w.(io.Reader), "a.out", int64(cmd.Dataoff), int64(text.Offset), int64(text.Filesz), f.Type == macho.TypeExec)
   107  			if _, err := w.WriteAt(cs, int64(cmd.Dataoff)); err != nil {
   108  				return err
   109  			}
   110  		}
   111  	}
   112  
   113  	return nil
   114  }
   115  
   116  func excludeMachoCodeSignature(r io.Reader) io.Reader {
   117  	_, cmd, ok := findMachoCodeSignature(r)
   118  	if !ok {
   119  		return r
   120  	}
   121  	return &excludedReader{r, 0, int64(cmd.Dataoff), int64(cmd.Dataoff + cmd.Datasize)}
   122  }
   123  
   124  // excludedReader wraps an io.Reader. Reading from it returns the bytes from
   125  // the underlying reader, except that when the byte offset is within the
   126  // range between start and end, it returns zero bytes.
   127  type excludedReader struct {
   128  	r          io.Reader
   129  	off        int64 // current offset
   130  	start, end int64 // the range to be excluded (read as zero)
   131  }
   132  
   133  func (r *excludedReader) Read(p []byte) (int, error) {
   134  	n, err := r.r.Read(p)
   135  	if n > 0 && r.off+int64(n) > r.start && r.off < r.end {
   136  		cstart := r.start - r.off
   137  		if cstart < 0 {
   138  			cstart = 0
   139  		}
   140  		cend := r.end - r.off
   141  		if cend > int64(n) {
   142  			cend = int64(n)
   143  		}
   144  		zeros := make([]byte, cend-cstart)
   145  		copy(p[cstart:cend], zeros)
   146  	}
   147  	r.off += int64(n)
   148  	return n, err
   149  }
   150  
   151  func findMachoCodeSignature(r interface{}) (*macho.File, codesign.CodeSigCmd, bool) {
   152  	ra, ok := r.(io.ReaderAt)
   153  	if !ok {
   154  		return nil, codesign.CodeSigCmd{}, false
   155  	}
   156  	f, err := macho.NewFile(ra)
   157  	if err != nil {
   158  		return nil, codesign.CodeSigCmd{}, false
   159  	}
   160  	cmd, ok := codesign.FindCodeSigCmd(f)
   161  	return f, cmd, ok
   162  }
   163
View as plain text