mirror of
https://github.com/sheumann/hush.git
synced 2024-12-21 23:29:34 +00:00
68404f13d4
function old new delta procps_scan 1265 1298 +33 aliascmd 278 283 +5 parse_file_cmd 116 120 +4 dname_enc 373 377 +4 setcmd 90 93 +3 execcmd 57 60 +3 count_lines 72 74 +2 process_command_subs 340 339 -1 test_main 409 407 -2 mknod_main 179 177 -2 handle_incoming_and_exit 2653 2651 -2 argstr 1312 1310 -2 shiftcmd 131 128 -3 exitcmd 46 43 -3 dotcmd 297 294 -3 breakcmd 86 83 -3 evalpipe 353 349 -4 evalcommand 1180 1176 -4 evalcmd 109 105 -4 send_tree 374 369 -5 mkfifo_main 82 77 -5 evalsubshell 152 147 -5 typecmd 75 69 -6 letcmd 61 55 -6 add_cmd 1190 1183 -7 main 891 883 -8 ash_main 1415 1407 -8 parse_stream 1377 1367 -10 alloc_procps_scan 55 - -55 ------------------------------------------------------------------------------ (add/remove: 0/1 grow/shrink: 7/21 up/down: 54/-148) Total: -94 bytes text data bss dec hex filename 797195 658 7428 805281 c49a1 busybox_old 797101 658 7428 805187 c4943 busybox_unstripped
116 lines
3.1 KiB
C
116 lines
3.1 KiB
C
/* vi: set sw=4 ts=4: */
|
|
/*
|
|
* micro lpd
|
|
*
|
|
* Copyright (C) 2008 by Vladimir Dronnikov <dronnikov@gmail.com>
|
|
*
|
|
* Licensed under GPLv2, see file LICENSE in this tarball for details.
|
|
*/
|
|
#include "libbb.h"
|
|
|
|
// TODO: xmalloc_reads is vulnerable to remote OOM attack!
|
|
|
|
int lpd_main(int argc, char *argv[]) MAIN_EXTERNALLY_VISIBLE;
|
|
int lpd_main(int argc ATTRIBUTE_UNUSED, char *argv[])
|
|
{
|
|
int spooling;
|
|
char *s, *queue;
|
|
|
|
// read command
|
|
s = xmalloc_reads(STDIN_FILENO, NULL);
|
|
|
|
// we understand only "receive job" command
|
|
if (2 != *s) {
|
|
unsupported_cmd:
|
|
printf("Command %02x %s\n",
|
|
(unsigned char)s[0], "is not supported");
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
// spool directory contains either links to real printer devices or just simple files
|
|
// these links or files are called "queues"
|
|
// OR
|
|
// if a directory named as given queue exists within spool directory
|
|
// then LPD enters spooling mode and just dumps both control and data files to it
|
|
|
|
// goto spool directory
|
|
if (argv[1])
|
|
xchdir(argv[1]);
|
|
|
|
// parse command: "\x2QUEUE_NAME\n"
|
|
queue = s + 1;
|
|
*strchrnul(s, '\n') = '\0';
|
|
|
|
// protect against "/../" attacks
|
|
if (queue[0] == '.' || strstr(queue, "/."))
|
|
return EXIT_FAILURE;
|
|
|
|
// queue is a directory -> chdir to it and enter spooling mode
|
|
spooling = chdir(queue) + 1; /* 0: cannot chdir, 1: done */
|
|
|
|
xdup2(STDOUT_FILENO, STDERR_FILENO);
|
|
|
|
while (1) {
|
|
char *fname;
|
|
int fd;
|
|
// int is easier than ssize_t: can use xatoi_u,
|
|
// and can correctly display error returns (-1)
|
|
int expected_len, real_len;
|
|
|
|
// signal OK
|
|
write(STDOUT_FILENO, "", 1);
|
|
|
|
// get subcommand
|
|
s = xmalloc_reads(STDIN_FILENO, NULL);
|
|
if (!s)
|
|
return EXIT_SUCCESS; // probably EOF
|
|
// we understand only "control file" or "data file" cmds
|
|
if (2 != s[0] && 3 != s[0])
|
|
goto unsupported_cmd;
|
|
|
|
*strchrnul(s, '\n') = '\0';
|
|
// valid s must be of form: SUBCMD | LEN | SP | FNAME
|
|
// N.B. we bail out on any error
|
|
fname = strchr(s, ' ');
|
|
if (!fname) {
|
|
printf("Command %02x %s\n",
|
|
(unsigned char)s[0], "lacks filename");
|
|
return EXIT_FAILURE;
|
|
}
|
|
*fname++ = '\0';
|
|
if (spooling) {
|
|
// spooling mode: dump both files
|
|
// make "/../" attacks in file names ineffective
|
|
xchroot(".");
|
|
// job in flight has mode 0200 "only writable"
|
|
fd = xopen3(fname, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0200);
|
|
} else {
|
|
// non-spooling mode:
|
|
// 2: control file (ignoring), 3: data file
|
|
fd = -1;
|
|
if (3 == s[0])
|
|
fd = xopen(queue, O_RDWR | O_APPEND);
|
|
}
|
|
expected_len = xatoi_u(s + 1);
|
|
real_len = bb_copyfd_size(STDIN_FILENO, fd, expected_len);
|
|
if (spooling && real_len != expected_len) {
|
|
unlink(fname); // don't keep corrupted files
|
|
printf("Expected %d but got %d bytes\n",
|
|
expected_len, real_len);
|
|
return EXIT_FAILURE;
|
|
}
|
|
// get ACK and see whether it is NUL (ok)
|
|
if (read(STDIN_FILENO, s, 1) != 1 || s[0] != 0) {
|
|
// don't send error msg to peer - it obviously
|
|
// don't follow the protocol, so probably
|
|
// it can't understand us either
|
|
return EXIT_FAILURE;
|
|
}
|
|
// chmod completely downloaded job as "readable+writable"
|
|
if (spooling)
|
|
fchmod(fd, 0600);
|
|
close(fd); // NB: can do close(-1). Who cares?
|
|
free(s);
|
|
} /* while (1) */
|
|
}
|