unpack.c 4.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161
  1. #define _GNU_SOURCE /* For O_NOFOLLOW. */
  2. #include <errno.h>
  3. #include <ioall.h>
  4. #include <fcntl.h>
  5. #include <sys/time.h>
  6. #include <sys/stat.h>
  7. #include <stdlib.h>
  8. #include <unistd.h>
  9. #include <stdio.h>
  10. #include "filecopy.h"
  11. #include "crc32.h"
  12. char untrusted_namebuf[MAX_PATH_LENGTH];
  13. long long bytes_limit = 0;
  14. long long files_limit = 0;
  15. long long total_bytes = 0;
  16. long long total_files = 0;
  17. void notify_progress(int p1, int p2)
  18. {
  19. }
  20. void set_size_limit(long long new_bytes_limit, long long new_files_limit)
  21. {
  22. bytes_limit = new_bytes_limit;
  23. files_limit = new_files_limit;
  24. }
  25. unsigned long crc32_sum = 0;
  26. int read_all_with_crc(int fd, void *buf, int size) {
  27. int ret;
  28. ret = read_all(fd, buf, size);
  29. if (ret)
  30. crc32_sum = Crc32_ComputeBuf(crc32_sum, buf, size);
  31. return ret;
  32. }
  33. void send_status_and_crc(int code) {
  34. struct result_header hdr;
  35. int saved_errno;
  36. saved_errno = errno;
  37. hdr.error_code = code;
  38. hdr.crc32 = crc32_sum;
  39. if (!write_all(1, &hdr, sizeof(hdr)))
  40. perror("write status");
  41. errno = saved_errno;
  42. }
  43. void do_exit(int code)
  44. {
  45. close(0);
  46. send_status_and_crc(code);
  47. exit(code);
  48. }
  49. void fix_times_and_perms(struct file_header *untrusted_hdr,
  50. char *untrusted_name)
  51. {
  52. struct timeval times[2] =
  53. { {untrusted_hdr->atime, untrusted_hdr->atime_nsec / 1000},
  54. {untrusted_hdr->mtime,
  55. untrusted_hdr->mtime_nsec / 1000}
  56. };
  57. if (chmod(untrusted_name, untrusted_hdr->mode & 07777)) /* safe because of chroot */
  58. do_exit(errno);
  59. if (utimes(untrusted_name, times)) /* as above */
  60. do_exit(errno);
  61. }
  62. void process_one_file_reg(struct file_header *untrusted_hdr,
  63. char *untrusted_name)
  64. {
  65. int ret;
  66. int fdout = open(untrusted_name, O_WRONLY | O_CREAT | O_EXCL | O_NOFOLLOW, 0700); /* safe because of chroot */
  67. if (fdout < 0)
  68. do_exit(errno);
  69. total_bytes += untrusted_hdr->filelen;
  70. if (bytes_limit && total_bytes > bytes_limit)
  71. do_exit(EDQUOT);
  72. ret = copy_file(fdout, 0, untrusted_hdr->filelen, &crc32_sum);
  73. if (ret != COPY_FILE_OK) {
  74. if (ret == COPY_FILE_READ_EOF
  75. || ret == COPY_FILE_READ_ERROR)
  76. do_exit(LEGAL_EOF); // hopefully remote will produce error message
  77. else
  78. do_exit(errno);
  79. }
  80. close(fdout);
  81. fix_times_and_perms(untrusted_hdr, untrusted_name);
  82. }
  83. void process_one_file_dir(struct file_header *untrusted_hdr,
  84. char *untrusted_name)
  85. {
  86. // fix perms only when the directory is sent for the second time
  87. // it allows to transfer r.x directory contents, as we create it rwx initially
  88. if (!mkdir(untrusted_name, 0700)) /* safe because of chroot */
  89. return;
  90. if (errno != EEXIST)
  91. do_exit(errno);
  92. fix_times_and_perms(untrusted_hdr, untrusted_name);
  93. }
  94. void process_one_file_link(struct file_header *untrusted_hdr,
  95. char *untrusted_name)
  96. {
  97. char untrusted_content[MAX_PATH_LENGTH];
  98. unsigned int filelen;
  99. if (untrusted_hdr->filelen > MAX_PATH_LENGTH - 1)
  100. do_exit(ENAMETOOLONG);
  101. filelen = untrusted_hdr->filelen; /* sanitized above */
  102. if (!read_all_with_crc(0, untrusted_content, filelen))
  103. do_exit(LEGAL_EOF); // hopefully remote has produced error message
  104. untrusted_content[filelen] = 0;
  105. if (symlink(untrusted_content, untrusted_name)) /* safe because of chroot */
  106. do_exit(errno);
  107. }
  108. void process_one_file(struct file_header *untrusted_hdr)
  109. {
  110. unsigned int namelen;
  111. if (untrusted_hdr->namelen > MAX_PATH_LENGTH - 1)
  112. do_exit(ENAMETOOLONG);
  113. namelen = untrusted_hdr->namelen; /* sanitized above */
  114. if (!read_all_with_crc(0, untrusted_namebuf, namelen))
  115. do_exit(LEGAL_EOF); // hopefully remote has produced error message
  116. untrusted_namebuf[namelen] = 0;
  117. if (S_ISREG(untrusted_hdr->mode))
  118. process_one_file_reg(untrusted_hdr, untrusted_namebuf);
  119. else if (S_ISLNK(untrusted_hdr->mode))
  120. process_one_file_link(untrusted_hdr, untrusted_namebuf);
  121. else if (S_ISDIR(untrusted_hdr->mode))
  122. process_one_file_dir(untrusted_hdr, untrusted_namebuf);
  123. else
  124. do_exit(EINVAL);
  125. }
  126. int do_unpack()
  127. {
  128. struct file_header untrusted_hdr;
  129. /* initialize checksum */
  130. crc32_sum = 0;
  131. while (read_all_with_crc(0, &untrusted_hdr, sizeof untrusted_hdr)) {
  132. /* check for end of transfer marker */
  133. if (untrusted_hdr.namelen == 0) {
  134. errno = 0;
  135. break;
  136. }
  137. process_one_file(&untrusted_hdr);
  138. total_files++;
  139. if (files_limit && total_files > files_limit)
  140. do_exit(EDQUOT);
  141. }
  142. send_status_and_crc(errno);
  143. return errno;
  144. }