lpd: spool mode added by Vladimir

lpr: more robust error reporting *: introduce and use xchroot libbb: full_read/write now will report partial data counts prior to error isdirectory.c: style fixes lpd_main 249 486 +237 xchroot - 29 +29 get_response_or_say_and_die 110 139 +29 full_write 52 60 +8 full_read 55 63 +8 static.newline 1 - -1 switch_root_main 404 400 -4 chpst_main 1089 1079 -10 getopt32 1370 1359 -11 chroot_main 115 101 -14 ------------------------------------------------------------------------------ (add/remove: 1/1 grow/shrink: 4/4 up/down: 311/-40) Total: 271 bytes text data bss dec hex filename 798472 728 7484 806684 c4f1c busybox_old 798775 728 7484 806987 c504b busybox_unstripped
author: Denis Vlasenko <vda.linux@googlemail.com> 2008-02-25 20:30:24 +0000
committer: Denis Vlasenko <vda.linux@googlemail.com> 2008-02-25 20:30:24 +0000
commit: 394eebed6656dfc2e56a79500b602023000ac415 (patch)
tree: b5b5858663e7333b9624cb4f329e91ae649f3247 /printutils
parent: 38b8831b3201a9e44cfb156b5b8577e4f5e8d761 (diff)
download: busybox-w32-394eebed6656dfc2e56a79500b602023000ac415.tar.gz
busybox-w32-394eebed6656dfc2e56a79500b602023000ac415.tar.bz2
busybox-w32-394eebed6656dfc2e56a79500b602023000ac415.zip
2 files changed, 108 insertions, 65 deletions
diff --git a/printutils/lpd.c b/printutils/lpd.c
index ed3d9d100..916fd6213 100644
--- a/printutils/lpd.c
+++ b/printutils/lpd.c
@@ -1,6 +1,6 @@
 /* vi: set sw=4 ts=4: */
 /*
- * micro lpd - a small non-queueing lpd
+ * micro lpd
 *
 * Copyright (C) 2008 by Vladimir Dronnikov <dronnikov@gmail.com>
 *
@@ -8,72 +8,108 @@
 */
 #include "libbb.h"
+// TODO: xmalloc_reads is vulnerable to remote OOM attack!
 int lpd_main(int argc, char *argv[]) MAIN_EXTERNALLY_VISIBLE;
 int lpd_main(int argc, char *argv[])
 {
-        char *s;
+        int spooling;
+        char *s, *queue;
+        // read command
+        s = xmalloc_reads(STDIN_FILENO, NULL);
+        // we understand only "receive job" command
+        if (2 != *s) {
+ unsupported_cmd:
+                printf("Command %02x %s\n",
+                        (unsigned char)s[0], "is not supported");
+                return EXIT_FAILURE;
+        }
-        // goto spool directory
        // spool directory contains either links to real printer devices or just simple files
        // these links or files are called "queues"
-        if (!argv[1])
+        // OR
-                bb_show_usage();
+        // if a directory named as given queue exists within spool directory
+        // then LPD enters spooling mode and just dumps both control and data files to it
-        xchdir(argv[1]);
+        // goto spool directory
+        if (argv[1])
+                xchdir(argv[1]);
-        xdup2(1, 2);
+        // parse command: "\x2QUEUE_NAME\n"
+        queue = s + 1;
+        *strchrnul(s, '\n') = '\0';
-        // read command
+        // protect against "/../" attacks
-        s = xmalloc_reads(STDIN_FILENO, NULL);
+        if (queue[0] == '.' || strstr(queue, "/."))
+                return EXIT_FAILURE;
-        // N.B. we keep things simple
+        // queue is a directory -> chdir to it and enter spooling mode
-        // only "receive job" command is meaningful here...
+        spooling = chdir(queue) + 1; /* 0: cannot chdir, 1: done */
-        if (2 == *s) {
-                char *queue;
-                // parse command: "\x2QUEUE_NAME\n"
+        xdup2(STDOUT_FILENO, STDERR_FILENO);
-                queue = s + 1;
-                *strchrnul(s, '\n') = '\0';
-                while (1) {
+        while (1) {
-                        // signal OK
+                char *fname;
-                        write(STDOUT_FILENO, "", 1);
+                int fd;
-                        // get subcommand
+                // int is easier than ssize_t: can use xatoi_u,
-                        s = xmalloc_reads(STDIN_FILENO, NULL);
+                // and can correctly display error returns (-1)
-                        if (!s)
+                int expected_len, real_len;
-                                return EXIT_SUCCESS; // EOF (probably)
-                        // valid s must be of form: SUBCMD | LEN | SP | FNAME
+                // signal OK
-                        // N.B. we bail out on any error
+                write(STDOUT_FILENO, "", 1);
-                        // control or data file follows
-                        if (2 == s[0] || 3 == s[0]) {
+                // get subcommand
-                                int fd;
+                s = xmalloc_reads(STDIN_FILENO, NULL);
-                                size_t len;
+                if (!s)
-                                // 2: control file (ignoring), 3: data file
+                        return EXIT_SUCCESS; // probably EOF
-                                fd = -1;
+                // we understand only "control file" or "data file" cmds
-                                if (3 == s[0])
+                if (2 != s[0] && 3 != s[0])
-                                        fd = xopen(queue, O_RDWR | O_APPEND);
+                        goto unsupported_cmd;
-                                // get data length
-                                *strchrnul(s, ' ') = '\0';
-                                len = xatou(s + 1);
-                                // dump exactly len bytes to file, or die
-                                bb_copyfd_exact_size(STDIN_FILENO, fd, len);
-                                close(fd); // NB: can do close(-1). Who cares?
-                                free(s);
-                                // got no ACK? -> bail out
-                                if (safe_read(STDIN_FILENO, s, 1) <= 0 || s[0]) {
-                                        // don't talk to peer - it obviously
-                                        // don't follow the protocol
-                                        return EXIT_FAILURE;
-                                }
-                        } else {
-                                // any other subcommand aborts receiving job
-                                // N.B. abort subcommand itself doesn't contain
-                                // fname so it failed earlier...
-                                break;
-                        }
-                }
-        }
-        printf("Command %02x not supported\n", (unsigned char)*s);
+                *strchrnul(s, '\n') = '\0';
-        return EXIT_FAILURE;
+                // valid s must be of form: SUBCMD | LEN | SP | FNAME
+                // N.B. we bail out on any error
+                fname = strchr(s, ' ');
+                if (!fname) {
+                        printf("Command %02x %s\n",
+                                (unsigned char)s[0], "lacks filename");
+                        return EXIT_FAILURE;
+                }
+                *fname++ = '\0';
+                if (spooling) {
+                        // spooling mode: dump both files
+                        // make "/../" attacks in file names ineffective
+                        xchroot(".");
+                        // job in flight has mode 0200 "only writable"
+                        fd = xopen3(fname, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0200);
+                } else {
+                        // non-spooling mode:
+                        // 2: control file (ignoring), 3: data file
+                        fd = -1;
+                        if (3 == s[0])
+                                fd = xopen(queue, O_RDWR | O_APPEND);
+                }
+                expected_len = xatoi_u(s + 1);
+                real_len = bb_copyfd_size(STDIN_FILENO, fd, expected_len);
+                if (spooling && real_len != expected_len) {
+                        unlink(fname); // don't keep corrupted files
+                        printf("Expected %d but got %d bytes\n",
+                                expected_len, real_len);
+                        return EXIT_FAILURE;
+                }
+                // get ACK and see whether it is NUL (ok)
+                if (read(STDIN_FILENO, s, 1) != 1 || s[0] != 0) {
+                        // don't send error msg to peer - it obviously
+                        // don't follow the protocol, so probably
+                        // it can't understand us either
+                        return EXIT_FAILURE;
+                }
+                // chmod completely downloaded job as "readable+writable"
+                if (spooling)
+                        fchmod(fd, 0600);
+                close(fd); // NB: can do close(-1). Who cares?
+                free(s);
+        } /* while (1) */
 }
diff --git a/printutils/lpr.c b/printutils/lpr.c
index 52983bfb7..09fbc6ad1 100644
--- a/printutils/lpr.c
+++ b/printutils/lpr.c
@@ -19,19 +19,26 @@
 */
 static void get_response_or_say_and_die(const char *errmsg)
 {
-        static const char newline = '\n';
+        ssize_t sz;
-        char buf = ' ';
+        char buf[128];
        fflush(stdout);
-        safe_read(STDOUT_FILENO, &buf, 1);
+        buf[0] = ' ';
-        if ('\0' != buf) {
+        sz = safe_read(STDOUT_FILENO, buf, 1);
+        if ('\0' != buf[0]) {
                // request has failed
-                bb_error_msg("error while %s. Server said:", errmsg);
+                // try to make sure last char is '\n', but do not add
-                safe_write(STDERR_FILENO, &buf, 1);
+                // superfluous one
-                logmode = 0; /* no error messages from bb_copyfd_eof() pls */
+                sz = full_read(STDOUT_FILENO, buf + 1, 126);
-                bb_copyfd_eof(STDOUT_FILENO, STDERR_FILENO);
+                bb_error_msg("error while %s%s", errmsg,
-                safe_write(STDERR_FILENO, &newline, 1);
+                                (sz > 0 ? ". Server said:" : ""));
+                if (sz > 0) {
+                        // sz = (bytes in buf) - 1
+                        if (buf[sz] != '\n')
+                                buf[++sz] = '\n';
+                        safe_write(STDERR_FILENO, buf, sz + 1);
+                }
                xfunc_die();
        }
 }
author	Denis Vlasenko <vda.linux@googlemail.com>	2008-02-25 20:30:24 +0000
committer	Denis Vlasenko <vda.linux@googlemail.com>	2008-02-25 20:30:24 +0000
commit	394eebed6656dfc2e56a79500b602023000ac415 (patch)
tree	b5b5858663e7333b9624cb4f329e91ae649f3247 /printutils
parent	38b8831b3201a9e44cfb156b5b8577e4f5e8d761 (diff)
download	busybox-w32-394eebed6656dfc2e56a79500b602023000ac415.tar.gz busybox-w32-394eebed6656dfc2e56a79500b602023000ac415.tar.bz2 busybox-w32-394eebed6656dfc2e56a79500b602023000ac415.zip

diff --git a/printutils/lpd.c b/printutils/lpd.c index ed3d9d100..916fd6213 100644 --- a/printutils/lpd.c +++ b/printutils/lpd.c
@@ -1,6 +1,6 @@
1	/* vi: set sw=4 ts=4: */	1	/* vi: set sw=4 ts=4: */
2	/*	2	/*
3	* micro lpd - a small non-queueing lpd	3	* micro lpd
4	*	4	*
5	* Copyright (C) 2008 by Vladimir Dronnikov <dronnikov@gmail.com>	5	* Copyright (C) 2008 by Vladimir Dronnikov <dronnikov@gmail.com>
6	*	6	*
@@ -8,72 +8,108 @@
8	*/	8	*/
9	#include "libbb.h"	9	#include "libbb.h"
10		10
		11	// TODO: xmalloc_reads is vulnerable to remote OOM attack!
		12
11	int lpd_main(int argc, char *argv[]) MAIN_EXTERNALLY_VISIBLE;	13	int lpd_main(int argc, char *argv[]) MAIN_EXTERNALLY_VISIBLE;
12	int lpd_main(int argc, char *argv[])	14	int lpd_main(int argc, char *argv[])
13	{	15	{
14	char *s;	16	int spooling;
		17	char s, queue;
		18
		19	// read command
		20	s = xmalloc_reads(STDIN_FILENO, NULL);
		21
		22	// we understand only "receive job" command
		23	if (2 != *s) {
		24	unsupported_cmd:
		25	printf("Command %02x %s\n",
		26	(unsigned char)s[0], "is not supported");
		27	return EXIT_FAILURE;
		28	}
15		29
16	// goto spool directory
17	// spool directory contains either links to real printer devices or just simple files	30	// spool directory contains either links to real printer devices or just simple files
18	// these links or files are called "queues"	31	// these links or files are called "queues"
19	if (!argv[1])	32	// OR
20	bb_show_usage();	33	// if a directory named as given queue exists within spool directory
		34	// then LPD enters spooling mode and just dumps both control and data files to it
21		35
22	xchdir(argv[1]);	36	// goto spool directory
		37	if (argv[1])
		38	xchdir(argv[1]);
23		39
24	xdup2(1, 2);	40	// parse command: "\x2QUEUE_NAME\n"
		41	queue = s + 1;
		42	*strchrnul(s, '\n') = '\0';
25		43
26	// read command	44	// protect against "/../" attacks
27	s = xmalloc_reads(STDIN_FILENO, NULL);	45	if (queue[0] == '.' \|\| strstr(queue, "/."))
		46	return EXIT_FAILURE;
28		47
29	// N.B. we keep things simple	48	// queue is a directory -> chdir to it and enter spooling mode
30	// only "receive job" command is meaningful here...	49	spooling = chdir(queue) + 1; /* 0: cannot chdir, 1: done */
31	if (2 == *s) {
32	char *queue;
33		50
34	// parse command: "\x2QUEUE_NAME\n"	51	xdup2(STDOUT_FILENO, STDERR_FILENO);
35	queue = s + 1;
36	*strchrnul(s, '\n') = '\0';
37		52
38	while (1) {	53	while (1) {
39	// signal OK	54	char *fname;
40	write(STDOUT_FILENO, "", 1);	55	int fd;
41	// get subcommand	56	// int is easier than ssize_t: can use xatoi_u,
42	s = xmalloc_reads(STDIN_FILENO, NULL);	57	// and can correctly display error returns (-1)
43	if (!s)	58	int expected_len, real_len;
44	return EXIT_SUCCESS; // EOF (probably)	59
45	// valid s must be of form: SUBCMD \| LEN \| SP \| FNAME	60	// signal OK
46	// N.B. we bail out on any error	61	write(STDOUT_FILENO, "", 1);
47	// control or data file follows	62
48	if (2 == s[0] \|\| 3 == s[0]) {	63	// get subcommand
49	int fd;	64	s = xmalloc_reads(STDIN_FILENO, NULL);
50	size_t len;	65	if (!s)
51	// 2: control file (ignoring), 3: data file	66	return EXIT_SUCCESS; // probably EOF
52	fd = -1;	67	// we understand only "control file" or "data file" cmds
53	if (3 == s[0])	68	if (2 != s[0] && 3 != s[0])
54	fd = xopen(queue, O_RDWR \| O_APPEND);	69	goto unsupported_cmd;
55	// get data length
56	*strchrnul(s, ' ') = '\0';
57	len = xatou(s + 1);
58	// dump exactly len bytes to file, or die
59	bb_copyfd_exact_size(STDIN_FILENO, fd, len);
60	close(fd); // NB: can do close(-1). Who cares?
61	free(s);
62	// got no ACK? -> bail out
63	if (safe_read(STDIN_FILENO, s, 1) <= 0 \|\| s[0]) {
64	// don't talk to peer - it obviously
65	// don't follow the protocol
66	return EXIT_FAILURE;
67	}
68	} else {
69	// any other subcommand aborts receiving job
70	// N.B. abort subcommand itself doesn't contain
71	// fname so it failed earlier...
72	break;
73	}
74	}
75	}
76		70
77	printf("Command %02x not supported\n", (unsigned char)*s);	71	*strchrnul(s, '\n') = '\0';
78	return EXIT_FAILURE;	72	// valid s must be of form: SUBCMD \| LEN \| SP \| FNAME
		73	// N.B. we bail out on any error
		74	fname = strchr(s, ' ');
		75	if (!fname) {
		76	printf("Command %02x %s\n",
		77	(unsigned char)s[0], "lacks filename");
		78	return EXIT_FAILURE;
		79	}
		80	*fname++ = '\0';
		81	if (spooling) {
		82	// spooling mode: dump both files
		83	// make "/../" attacks in file names ineffective
		84	xchroot(".");
		85	// job in flight has mode 0200 "only writable"
		86	fd = xopen3(fname, O_CREAT \| O_WRONLY \| O_TRUNC \| O_EXCL, 0200);
		87	} else {
		88	// non-spooling mode:
		89	// 2: control file (ignoring), 3: data file
		90	fd = -1;
		91	if (3 == s[0])
		92	fd = xopen(queue, O_RDWR \| O_APPEND);
		93	}
		94	expected_len = xatoi_u(s + 1);
		95	real_len = bb_copyfd_size(STDIN_FILENO, fd, expected_len);
		96	if (spooling && real_len != expected_len) {
		97	unlink(fname); // don't keep corrupted files
		98	printf("Expected %d but got %d bytes\n",
		99	expected_len, real_len);
		100	return EXIT_FAILURE;
		101	}
		102	// get ACK and see whether it is NUL (ok)
		103	if (read(STDIN_FILENO, s, 1) != 1 \|\| s[0] != 0) {
		104	// don't send error msg to peer - it obviously
		105	// don't follow the protocol, so probably
		106	// it can't understand us either
		107	return EXIT_FAILURE;
		108	}
		109	// chmod completely downloaded job as "readable+writable"
		110	if (spooling)
		111	fchmod(fd, 0600);
		112	close(fd); // NB: can do close(-1). Who cares?
		113	free(s);
		114	} /* while (1) */
79	}	115	}


diff --git a/printutils/lpr.c b/printutils/lpr.c index 52983bfb7..09fbc6ad1 100644 --- a/printutils/lpr.c +++ b/printutils/lpr.c
@@ -19,19 +19,26 @@
19	*/	19	*/
20	static void get_response_or_say_and_die(const char *errmsg)	20	static void get_response_or_say_and_die(const char *errmsg)
21	{	21	{
22	static const char newline = '\n';	22	ssize_t sz;
23	char buf = ' ';	23	char buf[128];
24		24
25	fflush(stdout);	25	fflush(stdout);
26		26
27	safe_read(STDOUT_FILENO, &buf, 1);	27	buf[0] = ' ';
28	if ('\0' != buf) {	28	sz = safe_read(STDOUT_FILENO, buf, 1);
		29	if ('\0' != buf[0]) {
29	// request has failed	30	// request has failed
30	bb_error_msg("error while %s. Server said:", errmsg);	31	// try to make sure last char is '\n', but do not add
31	safe_write(STDERR_FILENO, &buf, 1);	32	// superfluous one
32	logmode = 0; /* no error messages from bb_copyfd_eof() pls */	33	sz = full_read(STDOUT_FILENO, buf + 1, 126);
33	bb_copyfd_eof(STDOUT_FILENO, STDERR_FILENO);	34	bb_error_msg("error while %s%s", errmsg,
34	safe_write(STDERR_FILENO, &newline, 1);	35	(sz > 0 ? ". Server said:" : ""));
		36	if (sz > 0) {
		37	// sz = (bytes in buf) - 1
		38	if (buf[sz] != '\n')
		39	buf[++sz] = '\n';
		40	safe_write(STDERR_FILENO, buf, sz + 1);
		41	}
35	xfunc_die();	42	xfunc_die();
36	}	43	}
37	}	44	}