summaryrefslogtreecommitdiffstats
path: root/src/cmd/internal/buildid/rewrite.go
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-16 19:23:18 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-16 19:23:18 +0000
commit43a123c1ae6613b3efeed291fa552ecd909d3acf (patch)
treefd92518b7024bc74031f78a1cf9e454b65e73665 /src/cmd/internal/buildid/rewrite.go
parentInitial commit. (diff)
downloadgolang-1.20-upstream.tar.xz
golang-1.20-upstream.zip
Adding upstream version 1.20.14.upstream/1.20.14upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/cmd/internal/buildid/rewrite.go')
-rw-r--r--src/cmd/internal/buildid/rewrite.go165
1 files changed, 165 insertions, 0 deletions
diff --git a/src/cmd/internal/buildid/rewrite.go b/src/cmd/internal/buildid/rewrite.go
new file mode 100644
index 0000000..becc078
--- /dev/null
+++ b/src/cmd/internal/buildid/rewrite.go
@@ -0,0 +1,165 @@
+// Copyright 2017 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package buildid
+
+import (
+ "bytes"
+ "cmd/internal/codesign"
+ "crypto/sha256"
+ "debug/macho"
+ "fmt"
+ "io"
+)
+
+// FindAndHash reads all of r and returns the offsets of occurrences of id.
+// While reading, findAndHash also computes and returns
+// a hash of the content of r, but with occurrences of id replaced by zeros.
+// FindAndHash reads bufSize bytes from r at a time.
+// If bufSize == 0, FindAndHash uses a reasonable default.
+func FindAndHash(r io.Reader, id string, bufSize int) (matches []int64, hash [32]byte, err error) {
+ if bufSize == 0 {
+ bufSize = 31 * 1024 // bufSize+little will likely fit in 32 kB
+ }
+ if len(id) == 0 {
+ return nil, [32]byte{}, fmt.Errorf("buildid.FindAndHash: no id specified")
+ }
+ if len(id) > bufSize {
+ return nil, [32]byte{}, fmt.Errorf("buildid.FindAndHash: buffer too small")
+ }
+ zeros := make([]byte, len(id))
+ idBytes := []byte(id)
+
+ // For Mach-O files, we want to exclude the code signature.
+ // The code signature contains hashes of the whole file (except the signature
+ // itself), including the buildid. So the buildid cannot contain the signature.
+ r = excludeMachoCodeSignature(r)
+
+ // The strategy is to read the file through buf, looking for id,
+ // but we need to worry about what happens if id is broken up
+ // and returned in parts by two different reads.
+ // We allocate a tiny buffer (at least len(id)) and a big buffer (bufSize bytes)
+ // next to each other in memory and then copy the tail of
+ // one read into the tiny buffer before reading new data into the big buffer.
+ // The search for id is over the entire tiny+big buffer.
+ tiny := (len(id) + 127) &^ 127 // round up to 128-aligned
+ buf := make([]byte, tiny+bufSize)
+ h := sha256.New()
+ start := tiny
+ for offset := int64(0); ; {
+ // The file offset maintained by the loop corresponds to &buf[tiny].
+ // buf[start:tiny] is left over from previous iteration.
+ // After reading n bytes into buf[tiny:], we process buf[start:tiny+n].
+ n, err := io.ReadFull(r, buf[tiny:])
+ if err != io.ErrUnexpectedEOF && err != io.EOF && err != nil {
+ return nil, [32]byte{}, err
+ }
+
+ // Process any matches.
+ for {
+ i := bytes.Index(buf[start:tiny+n], idBytes)
+ if i < 0 {
+ break
+ }
+ matches = append(matches, offset+int64(start+i-tiny))
+ h.Write(buf[start : start+i])
+ h.Write(zeros)
+ start += i + len(id)
+ }
+ if n < bufSize {
+ // Did not fill buffer, must be at end of file.
+ h.Write(buf[start : tiny+n])
+ break
+ }
+
+ // Process all but final tiny bytes of buf (bufSize = len(buf)-tiny).
+ // Note that start > len(buf)-tiny is possible, if the search above
+ // found an id ending in the final tiny fringe. That's OK.
+ if start < len(buf)-tiny {
+ h.Write(buf[start : len(buf)-tiny])
+ start = len(buf) - tiny
+ }
+
+ // Slide ending tiny-sized fringe to beginning of buffer.
+ copy(buf[0:], buf[bufSize:])
+ start -= bufSize
+ offset += int64(bufSize)
+ }
+ h.Sum(hash[:0])
+ return matches, hash, nil
+}
+
+func Rewrite(w io.WriterAt, pos []int64, id string) error {
+ b := []byte(id)
+ for _, p := range pos {
+ if _, err := w.WriteAt(b, p); err != nil {
+ return err
+ }
+ }
+
+ // Update Mach-O code signature, if any.
+ if f, cmd, ok := findMachoCodeSignature(w); ok {
+ if codesign.Size(int64(cmd.Dataoff), "a.out") == int64(cmd.Datasize) {
+ // Update the signature if the size matches, so we don't need to
+ // fix up headers. Binaries generated by the Go linker should have
+ // the expected size. Otherwise skip.
+ text := f.Segment("__TEXT")
+ cs := make([]byte, cmd.Datasize)
+ codesign.Sign(cs, w.(io.Reader), "a.out", int64(cmd.Dataoff), int64(text.Offset), int64(text.Filesz), f.Type == macho.TypeExec)
+ if _, err := w.WriteAt(cs, int64(cmd.Dataoff)); err != nil {
+ return err
+ }
+ }
+ }
+
+ return nil
+}
+
+func excludeMachoCodeSignature(r io.Reader) io.Reader {
+ _, cmd, ok := findMachoCodeSignature(r)
+ if !ok {
+ return r
+ }
+ return &excludedReader{r, 0, int64(cmd.Dataoff), int64(cmd.Dataoff + cmd.Datasize)}
+}
+
+// excludedReader wraps an io.Reader. Reading from it returns the bytes from
+// the underlying reader, except that when the byte offset is within the
+// range between start and end, it returns zero bytes.
+type excludedReader struct {
+ r io.Reader
+ off int64 // current offset
+ start, end int64 // the range to be excluded (read as zero)
+}
+
+func (r *excludedReader) Read(p []byte) (int, error) {
+ n, err := r.r.Read(p)
+ if n > 0 && r.off+int64(n) > r.start && r.off < r.end {
+ cstart := r.start - r.off
+ if cstart < 0 {
+ cstart = 0
+ }
+ cend := r.end - r.off
+ if cend > int64(n) {
+ cend = int64(n)
+ }
+ zeros := make([]byte, cend-cstart)
+ copy(p[cstart:cend], zeros)
+ }
+ r.off += int64(n)
+ return n, err
+}
+
+func findMachoCodeSignature(r any) (*macho.File, codesign.CodeSigCmd, bool) {
+ ra, ok := r.(io.ReaderAt)
+ if !ok {
+ return nil, codesign.CodeSigCmd{}, false
+ }
+ f, err := macho.NewFile(ra)
+ if err != nil {
+ return nil, codesign.CodeSigCmd{}, false
+ }
+ cmd, ok := codesign.FindCodeSigCmd(f)
+ return f, cmd, ok
+}