]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_utilities/lib/macho++.cpp
[apple/security.git] / OSX / libsecurity_utilities / lib / macho++.cpp
1 /*
2 * Copyright (c) 2006-2014 Apple Inc. All Rights Reserved.
3 *
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
11 * file.
12 *
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
20 *
22 */
24 //
25 // macho++ - Mach-O object file helpers
26 //
27 #include "macho++.h"
28 #include <security_utilities/alloc.h>
29 #include <security_utilities/memutils.h>
30 #include <security_utilities/endian.h>
31 #include <mach-o/dyld.h>
32 #include <list>
33 #include <algorithm>
34 #include <iterator>
36 namespace Security {
38 /* Maximum number of archs a fat binary can have */
39 static const int MAX_ARCH_COUNT = 100;
40 /* Maximum power of 2 that a mach-o can be aligned by */
41 static const int MAX_ALIGN = 30;
43 //
44 // Architecture values
45 //
46 Architecture::Architecture(const fat_arch &arch)
47 : pair<cpu_type_t, cpu_subtype_t>(arch.cputype, arch.cpusubtype)
48 {
49 }
51 Architecture::Architecture(const char *name)
52 {
53 if (const NXArchInfo *nxa = NXGetArchInfoFromName(name)) {
54 this->first = nxa->cputype;
55 this->second = nxa->cpusubtype;
56 } else {
57 this->first = this->second = none;
58 }
59 }
62 //
63 // The local architecture.
64 //
65 // We take this from ourselves - the architecture of our main program Mach-O binary.
66 // There's the NXGetLocalArchInfo API, but it insists on saying "i386" on modern
67 // x86_64-centric systems, and lies to ppc (Rosetta) programs claiming they're native ppc.
68 // So let's not use that.
69 //
70 Architecture Architecture::local()
71 {
72 return MainMachOImage().architecture();
73 }
76 //
77 // Translate between names and numbers
78 //
79 const char *Architecture::name() const
80 {
81 if (const NXArchInfo *info = NXGetArchInfoFromCpuType(cpuType(), cpuSubtype()))
82 return info->name;
83 else
84 return NULL;
85 }
87 std::string Architecture::displayName() const
88 {
89 if (const char *s = this->name())
90 return s;
91 char buf[20];
92 snprintf(buf, sizeof(buf), "(%d:%d)", cpuType(), cpuSubtype());
93 return buf;
94 }
97 //
98 // Compare architectures.
99 // This is asymmetrical; the second argument provides for some templating.
100 //
101 bool Architecture::matches(const Architecture &templ) const
102 {
103 if (first != templ.first)
104 return false; // main architecture mismatch
105 if (templ.second == CPU_SUBTYPE_MULTIPLE)
106 return true; // subtype wildcard
107 // match subtypes, ignoring feature bits
108 return ((second ^ templ.second) & ~CPU_SUBTYPE_MASK) == 0;
109 }
112 //
113 // MachOBase contains knowledge of the Mach-O object file format,
114 // but abstracts from any particular sourcing. It must be subclassed,
115 // and the subclass must provide the file header and commands area
116 // during its construction. Memory is owned by the subclass.
117 //
118 MachOBase::~MachOBase()
119 { /* virtual */ }
121 // provide the Mach-O file header, somehow
122 void MachOBase::initHeader(const mach_header *header)
123 {
124 mHeader = header;
125 switch (mHeader->magic) {
126 case MH_MAGIC:
127 mFlip = false;
128 m64 = false;
129 break;
130 case MH_CIGAM:
131 mFlip = true;
132 m64 = false;
133 break;
134 case MH_MAGIC_64:
135 mFlip = false;
136 m64 = true;
137 break;
138 case MH_CIGAM_64:
139 mFlip = true;
140 m64 = true;
141 break;
142 default:
143 secinfo("macho", "%p: unrecognized header magic (%x)", this, mHeader->magic);
144 UnixError::throwMe(ENOEXEC);
145 }
146 }
148 // provide the Mach-O commands section, somehow
149 void MachOBase::initCommands(const load_command *commands)
150 {
151 mCommands = commands;
152 mEndCommands = LowLevelMemoryUtilities::increment<load_command>(commands, flip(mHeader->sizeofcmds));
153 if (mCommands + 1 > mEndCommands) // ensure initial load command core available
154 UnixError::throwMe(ENOEXEC);
155 }
158 size_t MachOBase::headerSize() const
159 {
160 return m64 ? sizeof(mach_header_64) : sizeof(mach_header);
161 }
163 size_t MachOBase::commandSize() const
164 {
165 return flip(mHeader->sizeofcmds);
166 }
169 //
170 // Create a MachO object from an open file and a starting offset.
171 // We load (only) the header and load commands into memory at that time.
172 // Note that the offset must be relative to the start of the containing file
173 // (not relative to some intermediate container).
174 //
175 MachO::MachO(FileDesc fd, size_t offset, size_t length)
176 : FileDesc(fd), mOffset(offset), mLength(length), mSuspicious(false)
177 {
178 if (mOffset == 0)
179 mLength = fd.fileSize();
180 size_t size = fd.read(&mHeaderBuffer, sizeof(mHeaderBuffer), mOffset);
181 if (size != sizeof(mHeaderBuffer))
182 UnixError::throwMe(ENOEXEC);
183 this->initHeader(&mHeaderBuffer);
184 size_t cmdSize = this->commandSize();
185 mCommandBuffer = (load_command *)malloc(cmdSize);
186 if (!mCommandBuffer)
187 UnixError::throwMe();
188 if (fd.read(mCommandBuffer, cmdSize, this->headerSize() + mOffset) != cmdSize)
189 UnixError::throwMe(ENOEXEC);
190 this->initCommands(mCommandBuffer);
191 /* If we do not know the length, we cannot do a verification of the mach-o structure */
192 if (mLength != 0)
193 this->validateStructure();
194 }
196 void MachO::validateStructure()
197 {
198 bool isValid = false;
200 /* There should be either an LC_SEGMENT, an LC_SEGMENT_64, or an LC_SYMTAB
201 load_command and that + size must be equal to the end of the arch */
202 for (const struct load_command *cmd = loadCommands(); cmd != NULL; cmd = nextCommand(cmd)) {
203 uint32_t cmd_type = flip(cmd->cmd);
204 struct segment_command *seg = NULL;
205 struct segment_command_64 *seg64 = NULL;
206 struct symtab_command *symtab = NULL;
208 if (cmd_type == LC_SEGMENT) {
209 if(flip(cmd->cmdsize) < sizeof(struct segment_command)) {
210 UnixError::throwMe(ENOEXEC);
211 }
212 seg = (struct segment_command *)cmd;
213 if (strncmp(seg->segname, SEG_LINKEDIT, sizeof(seg->segname)) == 0) {
214 isValid = flip(seg->fileoff) + flip(seg->filesize) == this->length();
215 break;
216 }
217 } else if (cmd_type == LC_SEGMENT_64) {
218 if(flip(cmd->cmdsize) < sizeof(struct segment_command_64)) {
219 UnixError::throwMe(ENOEXEC);
220 }
221 seg64 = (struct segment_command_64 *)cmd;
222 if (strncmp(seg64->segname, SEG_LINKEDIT, sizeof(seg64->segname)) == 0) {
223 isValid = flip(seg64->fileoff) + flip(seg64->filesize) == this->length();
224 break;
225 }
226 /* PPC binaries have a SYMTAB section */
227 } else if (cmd_type == LC_SYMTAB) {
228 if(flip(cmd->cmdsize) < sizeof(struct symtab_command)) {
229 UnixError::throwMe(ENOEXEC);
230 }
231 symtab = (struct symtab_command *)cmd;
232 isValid = flip(symtab->stroff) + flip(symtab->strsize) == this->length();
233 break;
234 }
235 }
237 if (!isValid)
238 mSuspicious = true;
239 }
241 MachO::~MachO()
242 {
243 ::free(mCommandBuffer);
244 }
247 //
248 // Create a MachO object that is (entirely) mapped into memory.
249 // The caller must ensire that the underlying mapping persists
250 // at least as long as our object.
251 //
252 MachOImage::MachOImage(const void *address)
253 {
254 this->initHeader((const mach_header *)address);
255 this->initCommands(LowLevelMemoryUtilities::increment<const load_command>(address, this->headerSize()));
256 }
259 //
260 // Locate the Mach-O image of the main program
261 //
262 MainMachOImage::MainMachOImage()
263 : MachOImage(mainImageAddress())
264 {
265 }
267 const void *MainMachOImage::mainImageAddress()
268 {
269 return _dyld_get_image_header(0);
270 }
273 //
274 // Return various header fields
275 //
276 Architecture MachOBase::architecture() const
277 {
278 return Architecture(flip(mHeader->cputype), flip(mHeader->cpusubtype));
279 }
281 uint32_t MachOBase::type() const
282 {
283 return flip(mHeader->filetype);
284 }
286 uint32_t MachOBase::flags() const
287 {
288 return flip(mHeader->flags);
289 }
292 //
293 // Iterate through load commands
294 //
295 const load_command *MachOBase::nextCommand(const load_command *command) const
296 {
297 using LowLevelMemoryUtilities::increment;
298 /* Do not try and increment by 0, or it will loop forever */
299 if (flip(command->cmdsize) == 0)
300 UnixError::throwMe(ENOEXEC);
301 command = increment<const load_command>(command, flip(command->cmdsize));
302 if (command >= mEndCommands) // end of load commands
303 return NULL;
304 if (increment(command, sizeof(load_command)) > mEndCommands
305 || increment(command, flip(command->cmdsize)) > mEndCommands)
306 UnixError::throwMe(ENOEXEC);
307 return command;
308 }
311 //
312 // Find a specific load command, by command number.
313 // If there are multiples, returns the first one found.
314 //
315 const load_command *MachOBase::findCommand(uint32_t cmd) const
316 {
317 for (const load_command *command = loadCommands(); command; command = nextCommand(command))
318 if (flip(command->cmd) == cmd)
319 return command;
320 return NULL;
321 }
324 //
325 // Locate a segment command, by name
326 //
327 const segment_command *MachOBase::findSegment(const char *segname) const
328 {
329 for (const load_command *command = loadCommands(); command; command = nextCommand(command)) {
330 switch (flip(command->cmd)) {
331 case LC_SEGMENT:
332 case LC_SEGMENT_64:
333 {
334 if(flip(command->cmdsize) < sizeof(struct segment_command)) {
335 UnixError::throwMe(ENOEXEC);
336 }
337 const segment_command *seg = reinterpret_cast<const segment_command *>(command);
338 if (!strncmp(seg->segname, segname, sizeof(seg->segname)))
339 return seg;
340 break;
341 }
342 default:
343 break;
344 }
345 }
346 return NULL;
347 }
349 const section *MachOBase::findSection(const char *segname, const char *sectname) const
350 {
351 using LowLevelMemoryUtilities::increment;
352 if (const segment_command *seg = findSegment(segname)) {
353 if (is64()) {
354 if(flip(seg->cmdsize) < sizeof(segment_command_64)) {
355 UnixError::throwMe(ENOEXEC);
356 }
357 const segment_command_64 *seg64 = reinterpret_cast<const segment_command_64 *>(seg);
358 if (sizeof(*seg64) + (seg64->nsects * sizeof(section_64)) > flip(seg64->cmdsize)) // too many segments; doesn't fit (malformed Mach-O)
359 return NULL;
360 const section_64 *sect = increment<const section_64>(seg64 + 1, 0);
361 for (unsigned n = flip(seg64->nsects); n > 0; n--, sect++) {
362 if (!strncmp(sect->sectname, sectname, sizeof(sect->sectname)))
363 return reinterpret_cast<const section *>(sect);
364 }
365 } else {
366 if (sizeof(*seg) + (seg->nsects * sizeof(section)) > flip(seg->cmdsize)) // too many segments; doesn't fit (malformed Mach-O)
367 return NULL;
368 const section *sect = increment<const section>(seg + 1, 0);
369 for (unsigned n = flip(seg->nsects); n > 0; n--, sect++) {
370 if (!strncmp(sect->sectname, sectname, sizeof(sect->sectname)))
371 return sect;
372 }
373 }
374 }
375 return NULL;
376 }
379 //
380 // Translate a union lc_str into the string it denotes.
381 // Returns NULL (no exceptions) if the entry is corrupt.
382 //
383 const char *MachOBase::string(const load_command *cmd, const lc_str &str) const
384 {
385 size_t offset = flip(str.offset);
386 const char *sp = LowLevelMemoryUtilities::increment<const char>(cmd, offset);
387 if (offset + strlen(sp) + 1 > flip(cmd->cmdsize)) // corrupt string reference
388 return NULL;
389 return sp;
390 }
393 //
394 // Figure out where the Code Signing information starts in the Mach-O binary image.
395 // The code signature is at the end of the file, and identified
396 // by a specially-named section. So its starting offset is also the end
397 // of the signable part.
398 // Note that the offset returned is relative to the start of the Mach-O image.
399 // Returns zero if not found (usually indicating that the binary was not signed).
400 //
401 const linkedit_data_command *MachOBase::findCodeSignature() const
402 {
403 if (const load_command *cmd = findCommand(LC_CODE_SIGNATURE)) {
404 if(flip(cmd->cmdsize) < sizeof(linkedit_data_command)) {
405 UnixError::throwMe(ENOEXEC);
406 }
407 return reinterpret_cast<const linkedit_data_command *>(cmd);
408 }
409 return NULL; // not found
410 }
412 size_t MachOBase::signingOffset() const
413 {
414 if (const linkedit_data_command *lec = findCodeSignature())
415 return flip(lec->dataoff);
416 else
417 return 0;
418 }
420 size_t MachOBase::signingLength() const
421 {
422 if (const linkedit_data_command *lec = findCodeSignature())
423 return flip(lec->datasize);
424 else
425 return 0;
426 }
428 const linkedit_data_command *MachOBase::findLibraryDependencies() const
429 {
430 if (const load_command *cmd = findCommand(LC_DYLIB_CODE_SIGN_DRS)) {
431 if(flip(cmd->cmdsize) < sizeof(linkedit_data_command)) {
432 UnixError::throwMe(ENOEXEC);
433 }
434 return reinterpret_cast<const linkedit_data_command *>(cmd);
435 }
436 return NULL; // not found
437 }
439 const version_min_command *MachOBase::findMinVersion() const
440 {
441 for (const load_command *command = loadCommands(); command; command = nextCommand(command))
442 switch (flip(command->cmd)) {
447 if(flip(command->cmdsize) < sizeof(version_min_command)) {
448 UnixError::throwMe(ENOEXEC);
449 }
450 return reinterpret_cast<const version_min_command *>(command);
451 }
452 return NULL;
453 }
456 //
457 // Return the signing-limit length for this Mach-O binary image.
458 // This is the signingOffset if present, or the full length if not.
459 //
460 size_t MachO::signingExtent() const
461 {
462 if (size_t offset = signingOffset())
463 return offset;
464 else
465 return length();
466 }
469 //
470 // I/O operations
471 //
472 void MachO::seek(size_t offset)
473 {
474 FileDesc::seek(mOffset + offset);
475 }
477 CFDataRef MachO::dataAt(size_t offset, size_t size)
478 {
479 CFMallocData buffer(size);
480 if (this->read(buffer, size, mOffset + offset) != size)
481 UnixError::throwMe();
482 return buffer;
483 }
485 //
486 // Fat (aka universal) file wrappers.
487 // The offset is relative to the start of the containing file.
488 //
489 Universal::Universal(FileDesc fd, size_t offset /* = 0 */, size_t length /* = 0 */)
490 : FileDesc(fd), mBase(offset), mLength(length), mMachType(0), mSuspicious(false)
491 {
492 union {
493 fat_header header; // if this is a fat file
494 mach_header mheader; // if this is a thin file
495 } unionHeader;
497 if (fd.read(&unionHeader, sizeof(unionHeader), offset) != sizeof(unionHeader))
498 UnixError::throwMe(ENOEXEC);
499 switch (unionHeader.header.magic) {
500 case FAT_MAGIC:
501 case FAT_CIGAM:
502 {
503 //
504 // Hack alert.
505 // Under certain circumstances (15001604), mArchCount under-counts the architectures
506 // by one, and special testing is required to validate the extra-curricular entry.
507 // We always read an extra entry; in the situations where this might hit end-of-file,
508 // we are content to fail.
509 //
510 mArchCount = ntohl(unionHeader.header.nfat_arch);
512 if (mArchCount > MAX_ARCH_COUNT)
513 UnixError::throwMe(ENOEXEC);
515 size_t archSize = sizeof(fat_arch) * (mArchCount + 1);
516 mArchList = (fat_arch *)malloc(archSize);
517 if (!mArchList)
518 UnixError::throwMe();
519 if (fd.read(mArchList, archSize, mBase + sizeof(unionHeader.header)) != archSize) {
520 ::free(mArchList);
521 UnixError::throwMe(ENOEXEC);
522 }
523 for (fat_arch *arch = mArchList; arch <= mArchList + mArchCount; arch++) {
524 n2hi(arch->cputype);
525 n2hi(arch->cpusubtype);
526 n2hi(arch->offset);
527 n2hi(arch->size);
528 n2hi(arch->align);
529 }
530 const fat_arch *last_arch = mArchList + mArchCount;
531 if (last_arch->cputype == (CPU_ARCH_ABI64 | CPU_TYPE_ARM)) {
532 mArchCount++;
533 }
534 secinfo("macho", "%p is a fat file with %d architectures",
535 this, mArchCount);
537 /* A Mach-O universal file has padding of no more than "page size"
538 * between the header and slices. This padding must be zeroed out or the file
539 is not valid */
540 std::list<struct fat_arch *> sortedList;
541 for (unsigned i = 0; i < mArchCount; i++)
542 sortedList.push_back(mArchList + i);
544 sortedList.sort(^ bool (const struct fat_arch *arch1, const struct fat_arch *arch2) { return arch1->offset < arch2->offset; });
546 const size_t universalHeaderEnd = mBase + sizeof(unionHeader.header) + (sizeof(fat_arch) * mArchCount);
547 size_t prevHeaderEnd = universalHeaderEnd;
548 size_t prevArchSize = 0, prevArchStart = 0;
550 for (auto iterator = sortedList.begin(); iterator != sortedList.end(); ++iterator) {
551 auto ret = mSizes.insert(std::pair<size_t, size_t>((*iterator)->offset, (*iterator)->size));
552 if (ret.second == false) {
553 ::free(mArchList);
554 MacOSError::throwMe(errSecInternalError); // Something is wrong if the same size was encountered twice
555 }
557 size_t gapSize = (*iterator)->offset - prevHeaderEnd;
559 /* The size of the padding after the universal cannot be calculated to a fixed size */
560 if (prevHeaderEnd != universalHeaderEnd) {
561 if (((*iterator)->align > MAX_ALIGN) || gapSize >= (1 << (*iterator)->align)) {
562 mSuspicious = true;
563 break;
564 }
565 }
567 // validate gap bytes in tasty page-sized chunks
568 CssmAutoPtr<uint8_t> gapBytes(Allocator::standard().malloc<uint8_t>(PAGE_SIZE));
569 size_t off = 0;
570 while (off < gapSize) {
571 size_t want = min(gapSize - off, (size_t)PAGE_SIZE);
572 size_t got = fd.read(gapBytes, want, prevHeaderEnd + off);
573 if (got == 0) {
574 mSuspicious = true;
575 break;
576 }
577 off += got;
578 for (size_t x = 0; x < got; x++) {
579 if (gapBytes[x] != 0) {
580 mSuspicious = true;
581 break;
582 }
583 }
584 if (mSuspicious)
585 break;
586 }
587 if (off != gapSize)
588 mSuspicious = true;
589 if (mSuspicious)
590 break;
592 prevHeaderEnd = (*iterator)->offset + (*iterator)->size;
593 prevArchSize = (*iterator)->size;
594 prevArchStart = (*iterator)->offset;
595 }
597 /* If there is anything extra at the end of the file, reject this */
598 if (!mSuspicious && (prevArchStart + prevArchSize != fd.fileSize()))
599 mSuspicious = true;
601 break;
602 }
603 case MH_MAGIC:
604 case MH_MAGIC_64:
605 mArchList = NULL;
606 mArchCount = 0;
607 mThinArch = Architecture(unionHeader.mheader.cputype, unionHeader.mheader.cpusubtype);
608 secinfo("macho", "%p is a thin file (%s)", this, mThinArch.name());
609 break;
610 case MH_CIGAM:
611 case MH_CIGAM_64:
612 mArchList = NULL;
613 mArchCount = 0;
614 mThinArch = Architecture(flip(unionHeader.mheader.cputype), flip(unionHeader.mheader.cpusubtype));
615 secinfo("macho", "%p is a thin file (%s)", this, mThinArch.name());
616 break;
617 default:
618 UnixError::throwMe(ENOEXEC);
619 }
620 }
622 Universal::~Universal()
623 {
624 ::free(mArchList);
625 }
627 size_t Universal::lengthOfSlice(size_t offset) const
628 {
629 auto ret = mSizes.find(offset);
630 if (ret == mSizes.end())
631 MacOSError::throwMe(errSecInternalError);
632 return ret->second;
633 }
635 //
636 // Get the "local" architecture from the fat file
637 // Throws ENOEXEC if not found.
638 //
639 MachO *Universal::architecture() const
640 {
641 if (isUniversal())
642 return findImage(bestNativeArch());
643 else
644 return new MachO(*this, mBase, mLength);
645 }
647 size_t Universal::archOffset() const
648 {
649 if (isUniversal())
650 return mBase + findArch(bestNativeArch())->offset;
651 else
652 return mBase;
653 }
656 //
657 // Get the specified architecture from the fat file
658 // Throws ENOEXEC if not found.
659 //
660 MachO *Universal::architecture(const Architecture &arch) const
661 {
662 if (isUniversal())
663 return findImage(arch);
664 else if (mThinArch.matches(arch))
665 return new MachO(*this, mBase);
666 else
667 UnixError::throwMe(ENOEXEC);
668 }
670 size_t Universal::archOffset(const Architecture &arch) const
671 {
672 if (isUniversal())
673 return mBase + findArch(arch)->offset;
674 else if (mThinArch.matches(arch))
675 return 0;
676 else
677 UnixError::throwMe(ENOEXEC);
678 }
680 size_t Universal::archLength(const Architecture &arch) const
681 {
682 if (isUniversal())
683 return mBase + findArch(arch)->size;
684 else if (mThinArch.matches(arch))
685 return this->fileSize();
686 else
687 UnixError::throwMe(ENOEXEC);
688 }
690 //
691 // Get the architecture at a specified offset from the fat file.
692 // Throws an exception of the offset does not point at a Mach-O image.
693 //
694 MachO *Universal::architecture(size_t offset) const
695 {
696 if (isUniversal())
697 return make(new MachO(*this, offset));
698 else if (offset == mBase)
699 return new MachO(*this);
700 else
701 UnixError::throwMe(ENOEXEC);
702 }
705 //
706 // Locate an architecture from the fat file's list.
707 // Throws ENOEXEC if not found.
708 //
709 const fat_arch *Universal::findArch(const Architecture &target) const
710 {
711 assert(isUniversal());
712 const fat_arch *end = mArchList + mArchCount;
713 // exact match
714 for (const fat_arch *arch = mArchList; arch < end; ++arch)
715 if (arch->cputype == target.cpuType()
716 && arch->cpusubtype == target.cpuSubtype())
717 return arch;
718 // match for generic model of main architecture
719 for (const fat_arch *arch = mArchList; arch < end; ++arch)
720 if (arch->cputype == target.cpuType() && arch->cpusubtype == 0)
721 return arch;
722 // match for any subarchitecture of the main architecture (questionable)
723 for (const fat_arch *arch = mArchList; arch < end; ++arch)
724 if (arch->cputype == target.cpuType())
725 return arch;
726 // no match
727 UnixError::throwMe(ENOEXEC); // not found
728 }
730 MachO *Universal::findImage(const Architecture &target) const
731 {
732 const fat_arch *arch = findArch(target);
733 return make(new MachO(*this, mBase + arch->offset, arch->size));
734 }
736 MachO* Universal::make(MachO* macho) const
737 {
738 auto_ptr<MachO> mo(macho); // safe resource
739 uint32_t type = mo->type();
740 if (type == 0) // not a recognized Mach-O type
741 UnixError::throwMe(ENOEXEC);
742 if (mMachType && mMachType != type) // inconsistent members
743 UnixError::throwMe(ENOEXEC);
744 mMachType = type; // record
745 return mo.release();
746 }
749 //
750 // Find the best-matching architecture for this fat file.
751 // We pick the native architecture if it's available.
752 // If it contains exactly one architecture, we take that.
753 // Otherwise, we throw.
754 //
755 Architecture Universal::bestNativeArch() const
756 {
757 if (isUniversal()) {
758 // ask the NXArch API for our native architecture
759 const Architecture native = Architecture::local();
760 if (fat_arch *match = NXFindBestFatArch(native.cpuType(), native.cpuSubtype(), mArchList, mArchCount))
761 return *match;
762 // if the system can't figure it out, pick (arbitrarily) the first one
763 return mArchList[0];
764 } else
765 return mThinArch;
766 }
768 //
769 // List all architectures from the fat file's list.
770 //
771 void Universal::architectures(Architectures &archs) const
772 {
773 if (isUniversal()) {
774 for (unsigned n = 0; n < mArchCount; n++)
775 archs.insert(mArchList[n]);
776 } else {
777 auto_ptr<MachO> macho(architecture());
778 archs.insert(macho->architecture());
779 }
780 }
782 //
783 // Quickly guess the Mach-O type of a file.
784 // Returns type zero if the file isn't Mach-O or Universal.
785 // Always looks at the start of the file, and does not change the file pointer.
786 //
787 uint32_t Universal::typeOf(FileDesc fd)
788 {
789 mach_header header;
790 int max_tries = 3;
791 if (fd.read(&header, sizeof(header), 0) != sizeof(header))
792 return 0;
793 while (max_tries > 0) {
794 switch (header.magic) {
795 case MH_MAGIC:
796 case MH_MAGIC_64:
797 return header.filetype;
798 case MH_CIGAM:
799 case MH_CIGAM_64:
800 return flip(header.filetype);
801 case FAT_MAGIC:
802 case FAT_CIGAM:
803 {
804 const fat_arch *arch1 =
805 LowLevelMemoryUtilities::increment<fat_arch>(&header, sizeof(fat_header));
806 if (fd.read(&header, sizeof(header), ntohl(arch1->offset)) != sizeof(header))
807 return 0;
808 max_tries--;
809 continue;
810 }
811 default:
812 return 0;
813 }
814 }
815 return 0;
816 }
818 //
819 // Strict validation
820 //
821 bool Universal::isSuspicious() const
822 {
823 if (mSuspicious)
824 return true;
825 Universal::Architectures archList;
826 architectures(archList);
827 for (Universal::Architectures::const_iterator it = archList.begin(); it != archList.end(); ++it) {
828 auto_ptr<MachO> macho(architecture(*it));
829 if (macho->isSuspicious())
830 return true;
831 }
832 return false;
833 }
836 } // Security