2001-09-10 02:21:46 +00:00
|
|
|
#include <sys/types.h>
|
2002-08-09 06:52:07 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <string.h>
|
2002-08-11 14:00:56 +00:00
|
|
|
#include <stdlib.h>
|
2001-09-10 02:21:46 +00:00
|
|
|
|
|
|
|
|
#ifndef _WIN32
|
2001-10-20 06:43:04 +00:00
|
|
|
#include <sys/time.h>
|
|
|
|
|
#include <sys/socket.h>
|
2001-09-10 02:21:46 +00:00
|
|
|
#include <unistd.h>
|
2002-07-24 14:52:28 +00:00
|
|
|
#ifdef HAVE_POLL
|
|
|
|
|
#include <sys/poll.h>
|
|
|
|
|
#endif
|
2001-10-20 06:43:04 +00:00
|
|
|
#else
|
2002-02-07 01:04:09 +00:00
|
|
|
#include <winsock2.h>
|
2001-10-20 06:43:04 +00:00
|
|
|
#include <windows.h>
|
2002-08-09 06:52:07 +00:00
|
|
|
#include <stdio.h>
|
|
|
|
|
#define snprintf _snprintf
|
|
|
|
|
#define strcasecmp stricmp
|
|
|
|
|
#define strncasecmp strnicmp
|
2001-09-10 02:21:46 +00:00
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include "sock.h"
|
|
|
|
|
|
|
|
|
|
#include "config.h"
|
|
|
|
|
#include "util.h"
|
2002-08-09 06:52:07 +00:00
|
|
|
#include "os.h"
|
2002-08-11 14:00:56 +00:00
|
|
|
#include "refbuf.h"
|
|
|
|
|
#include "connection.h"
|
|
|
|
|
#include "client.h"
|
|
|
|
|
|
|
|
|
|
#define CATMODULE "util"
|
|
|
|
|
|
|
|
|
|
#include "log.h"
|
|
|
|
|
#include "logging.h"
|
2001-09-10 02:21:46 +00:00
|
|
|
|
2002-07-24 14:52:28 +00:00
|
|
|
/* Abstract out an interface to use either poll or select depending on which
|
|
|
|
|
* is available (poll is preferred) to watch a single fd.
|
|
|
|
|
*
|
|
|
|
|
* timeout is in milliseconds.
|
|
|
|
|
*
|
|
|
|
|
* returns > 0 if activity on the fd occurs before the timeout.
|
|
|
|
|
* 0 if no activity occurs
|
|
|
|
|
* < 0 for error.
|
|
|
|
|
*/
|
|
|
|
|
int util_timed_wait_for_fd(int fd, int timeout)
|
|
|
|
|
{
|
|
|
|
|
#ifdef HAVE_POLL
|
|
|
|
|
struct pollfd ufds;
|
|
|
|
|
|
|
|
|
|
ufds.fd = fd;
|
|
|
|
|
ufds.events = POLLIN;
|
|
|
|
|
ufds.revents = 0;
|
|
|
|
|
|
|
|
|
|
return poll(&ufds, 1, timeout);
|
|
|
|
|
#else
|
|
|
|
|
fd_set rfds;
|
|
|
|
|
struct timeval tv;
|
|
|
|
|
|
|
|
|
|
FD_ZERO(&rfds);
|
|
|
|
|
FD_SET(fd, &rfds);
|
|
|
|
|
|
|
|
|
|
tv.tv_sec = timeout/1000;
|
2002-08-13 01:08:15 +00:00
|
|
|
tv.tv_usec = (timeout % 1000)*1000;
|
2002-07-24 14:52:28 +00:00
|
|
|
|
|
|
|
|
return select(fd+1, &rfds, NULL, NULL, &tv);
|
|
|
|
|
#endif
|
|
|
|
|
}
|
|
|
|
|
|
2001-09-10 02:21:46 +00:00
|
|
|
int util_read_header(int sock, char *buff, unsigned long len)
|
|
|
|
|
{
|
|
|
|
|
int read_bytes, ret;
|
|
|
|
|
unsigned long pos;
|
|
|
|
|
char c;
|
|
|
|
|
ice_config_t *config;
|
|
|
|
|
|
|
|
|
|
config = config_get_config();
|
|
|
|
|
|
|
|
|
|
read_bytes = 1;
|
|
|
|
|
pos = 0;
|
|
|
|
|
ret = 0;
|
|
|
|
|
|
|
|
|
|
while ((read_bytes == 1) && (pos < (len - 1))) {
|
|
|
|
|
read_bytes = 0;
|
|
|
|
|
|
2002-07-24 14:52:28 +00:00
|
|
|
if (util_timed_wait_for_fd(sock, config->header_timeout*1000) > 0) {
|
2001-09-10 02:21:46 +00:00
|
|
|
|
|
|
|
|
if ((read_bytes = recv(sock, &c, 1, 0))) {
|
|
|
|
|
if (c != '\r') buff[pos++] = c;
|
|
|
|
|
if ((pos > 1) && (buff[pos - 1] == '\n' && buff[pos - 2] == '\n')) {
|
|
|
|
|
ret = 1;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ret) buff[pos] = '\0';
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-10 08:01:56 +00:00
|
|
|
char *util_get_extension(char *path) {
|
|
|
|
|
char *ext = strrchr(path, '.');
|
|
|
|
|
|
|
|
|
|
if(ext == NULL)
|
|
|
|
|
return "";
|
|
|
|
|
else
|
|
|
|
|
return ext+1;
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-09 06:52:07 +00:00
|
|
|
int util_check_valid_extension(char *uri) {
|
|
|
|
|
int ret = 0;
|
|
|
|
|
char *p2;
|
|
|
|
|
|
|
|
|
|
if (uri) {
|
|
|
|
|
p2 = strrchr(uri, '.');
|
|
|
|
|
if (p2) {
|
|
|
|
|
p2++;
|
|
|
|
|
if (strncmp(p2, "xsl", strlen("xsl")) == 0) {
|
|
|
|
|
/* Build the full path for the request, concatenating the webroot from the config.
|
|
|
|
|
** Here would be also a good time to prevent accesses like '../../../../etc/passwd' or somesuch.
|
|
|
|
|
*/
|
|
|
|
|
ret = XSLT_CONTENT;
|
|
|
|
|
}
|
|
|
|
|
if (strncmp(p2, "htm", strlen("htm")) == 0) {
|
|
|
|
|
/* Build the full path for the request, concatenating the webroot from the config.
|
|
|
|
|
** Here would be also a good time to prevent accesses like '../../../../etc/passwd' or somesuch.
|
|
|
|
|
*/
|
|
|
|
|
ret = HTML_CONTENT;
|
|
|
|
|
}
|
|
|
|
|
if (strncmp(p2, "html", strlen("html")) == 0) {
|
|
|
|
|
/* Build the full path for the request, concatenating the webroot from the config.
|
|
|
|
|
** Here would be also a good time to prevent accesses like '../../../../etc/passwd' or somesuch.
|
|
|
|
|
*/
|
|
|
|
|
ret = HTML_CONTENT;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ret;
|
|
|
|
|
}
|
2001-09-10 02:21:46 +00:00
|
|
|
|
2002-08-11 14:00:56 +00:00
|
|
|
static int hex(char c)
|
|
|
|
|
{
|
|
|
|
|
if(c >= '0' && c <= '9')
|
|
|
|
|
return c - '0';
|
|
|
|
|
else if(c >= 'A' && c <= 'F')
|
|
|
|
|
return c - 'A' + 10;
|
|
|
|
|
else if(c >= 'a' && c <= 'f')
|
|
|
|
|
return c - 'a' + 10;
|
|
|
|
|
else
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int verify_path(char *path) {
|
|
|
|
|
int dir = 0, indotseq = 0;
|
|
|
|
|
|
|
|
|
|
while(*path) {
|
|
|
|
|
if(*path == '/' || *path == '\\') {
|
|
|
|
|
if(indotseq)
|
|
|
|
|
return 0;
|
|
|
|
|
if(dir)
|
|
|
|
|
return 0;
|
|
|
|
|
dir = 1;
|
|
|
|
|
path++;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(dir || indotseq) {
|
|
|
|
|
if(*path == '.')
|
|
|
|
|
indotseq = 1;
|
|
|
|
|
else
|
|
|
|
|
indotseq = 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dir = 0;
|
|
|
|
|
path++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-11 14:23:39 +00:00
|
|
|
char *util_get_path_from_uri(char *uri) {
|
|
|
|
|
char *path = util_normalise_uri(uri);
|
|
|
|
|
char *fullpath;
|
|
|
|
|
|
|
|
|
|
if(!path)
|
|
|
|
|
return NULL;
|
|
|
|
|
else {
|
|
|
|
|
fullpath = util_get_path_from_normalised_uri(path);
|
|
|
|
|
free(path);
|
|
|
|
|
return fullpath;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
char *util_get_path_from_normalised_uri(char *uri) {
|
|
|
|
|
char *fullpath;
|
|
|
|
|
|
|
|
|
|
fullpath = malloc(strlen(uri) + strlen(config_get_config()->webroot_dir) + 1);
|
|
|
|
|
strcpy(fullpath, config_get_config()->webroot_dir);
|
|
|
|
|
|
|
|
|
|
strcat(fullpath, uri);
|
|
|
|
|
|
|
|
|
|
return fullpath;
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-11 14:00:56 +00:00
|
|
|
/* Get an absolute path (from the webroot dir) from a URI. Return NULL if the
|
|
|
|
|
* path contains 'disallowed' sequences like foo/../ (which could be used to
|
|
|
|
|
* escape from the webroot) or if it cannot be URI-decoded.
|
|
|
|
|
* Caller should free the path.
|
|
|
|
|
*/
|
2002-08-11 14:23:39 +00:00
|
|
|
char *util_normalise_uri(char *uri) {
|
2002-08-11 14:00:56 +00:00
|
|
|
int urilen = strlen(uri);
|
|
|
|
|
unsigned char *path;
|
|
|
|
|
char *dst;
|
|
|
|
|
int i;
|
|
|
|
|
int done = 0;
|
|
|
|
|
|
|
|
|
|
if(uri[0] != '/')
|
|
|
|
|
return NULL;
|
|
|
|
|
|
2002-08-11 14:23:39 +00:00
|
|
|
path = calloc(1, urilen + 1);
|
2002-08-11 14:00:56 +00:00
|
|
|
|
2002-08-11 14:23:39 +00:00
|
|
|
dst = path;
|
2002-08-11 14:00:56 +00:00
|
|
|
|
|
|
|
|
for(i=0; i < urilen; i++) {
|
|
|
|
|
switch(uri[i]) {
|
|
|
|
|
case '%':
|
|
|
|
|
if(i+2 >= urilen) {
|
|
|
|
|
free(path);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
if(hex(uri[i+1]) == -1 || hex(uri[i+2]) == -1 ) {
|
|
|
|
|
free(path);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*dst++ = hex(uri[i+1]) * 16 + hex(uri[i+2]);
|
|
|
|
|
i+= 2;
|
|
|
|
|
break;
|
|
|
|
|
case '#':
|
|
|
|
|
done = 1;
|
|
|
|
|
break;
|
|
|
|
|
case 0:
|
|
|
|
|
ERROR0("Fatal internal logic error in util_get_path_from_uri()");
|
|
|
|
|
free(path);
|
|
|
|
|
return NULL;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
*dst++ = uri[i];
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if(done)
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*dst = 0; /* null terminator */
|
|
|
|
|
|
|
|
|
|
/* We now have a full URI-decoded path. Check it for allowability */
|
|
|
|
|
if(verify_path(path))
|
|
|
|
|
return (char *)path;
|
|
|
|
|
else {
|
|
|
|
|
WARN1("Rejecting invalid path \"%s\"", path);
|
|
|
|
|
free(path);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-09-10 02:21:46 +00:00
|
|
|
|
2002-08-16 14:26:48 +00:00
|
|
|
static char base64table[64] = {
|
|
|
|
|
'A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P',
|
|
|
|
|
'Q','R','S','T','U','V','W','X','Y','Z','a','b','c','d','e','f',
|
|
|
|
|
'g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v',
|
|
|
|
|
'w','x','y','z','0','1','2','3','4','5','6','7','8','9','+','/'
|
|
|
|
|
};
|
|
|
|
|
|
2002-08-18 08:49:25 +00:00
|
|
|
static signed char base64decode[256] = {
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, 62, -2, -2, -2, 63,
|
|
|
|
|
52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -2, -2, -2, -1, -2, -2,
|
|
|
|
|
-2, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
|
|
|
|
|
15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
|
|
|
|
|
41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2,
|
|
|
|
|
-2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2, -2
|
|
|
|
|
};
|
|
|
|
|
|
2002-08-16 14:26:48 +00:00
|
|
|
/* This isn't efficient, but it doesn't need to be */
|
|
|
|
|
char *util_base64_encode(char *data)
|
|
|
|
|
{
|
|
|
|
|
int len = strlen(data);
|
|
|
|
|
char *out = malloc(len*4/3 + 4);
|
|
|
|
|
char *result = out;
|
|
|
|
|
int chunk;
|
|
|
|
|
|
|
|
|
|
while(len > 0) {
|
|
|
|
|
chunk = (len >3)?3:len;
|
|
|
|
|
*out++ = base64table[(*data & 0xFC)>>2];
|
|
|
|
|
*out++ = base64table[((*data & 0x03)<<4) | ((*(data+1) & 0xF0) >> 4)];
|
|
|
|
|
switch(chunk) {
|
|
|
|
|
case 3:
|
|
|
|
|
*out++ = base64table[((*(data+1) & 0x0F)<<2) | ((*(data+2) & 0xC0)>>6)];
|
|
|
|
|
*out++ = base64table[(*(data+2)) & 0x3F];
|
|
|
|
|
break;
|
|
|
|
|
case 2:
|
|
|
|
|
*out++ = base64table[((*(data+1) & 0x0F)<<2)];
|
|
|
|
|
*out++ = '=';
|
|
|
|
|
break;
|
|
|
|
|
case 1:
|
|
|
|
|
*out++ = '=';
|
|
|
|
|
*out++ = '=';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
data += chunk;
|
|
|
|
|
len -= chunk;
|
|
|
|
|
}
|
2002-08-17 04:48:07 +00:00
|
|
|
*out = 0;
|
2002-08-16 14:26:48 +00:00
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-18 08:49:25 +00:00
|
|
|
char *util_base64_decode(unsigned char *input)
|
2002-08-16 14:26:48 +00:00
|
|
|
{
|
|
|
|
|
int len = strlen(input);
|
|
|
|
|
char *out = malloc(len*3/4 + 5);
|
|
|
|
|
char *result = out;
|
|
|
|
|
signed char vals[4];
|
|
|
|
|
|
|
|
|
|
while(len > 0) {
|
|
|
|
|
if(len < 4)
|
|
|
|
|
{
|
|
|
|
|
free(result);
|
|
|
|
|
return NULL; /* Invalid Base64 data */
|
|
|
|
|
}
|
|
|
|
|
|
2002-08-18 08:49:25 +00:00
|
|
|
vals[0] = base64decode[*input++];
|
|
|
|
|
vals[1] = base64decode[*input++];
|
|
|
|
|
vals[2] = base64decode[*input++];
|
|
|
|
|
vals[3] = base64decode[*input++];
|
2002-08-16 14:26:48 +00:00
|
|
|
|
|
|
|
|
if(vals[0] < 0 || vals[1] < 0 || vals[2] < -1 || vals[3] < -1) {
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*out++ = vals[0]<<2 | vals[1]>>4;
|
|
|
|
|
if(vals[2] >= 0)
|
|
|
|
|
*out++ = ((vals[1]&0x0F)<<4) | (vals[2]>>2);
|
|
|
|
|
else
|
|
|
|
|
*out++ = 0;
|
|
|
|
|
|
|
|
|
|
if(vals[3] >= 0)
|
|
|
|
|
*out++ = ((vals[2]&0x03)<<6) | (vals[3]);
|
|
|
|
|
else
|
|
|
|
|
*out++ = 0;
|
|
|
|
|
|
|
|
|
|
len -= 4;
|
|
|
|
|
}
|
|
|
|
|
*out = 0;
|
|
|
|
|
|
|
|
|
|
return result;
|
|
|
|
|
}
|
|
|
|
|
|
