| author | Michael Krelin <hacker@klever.net> | 2009-04-05 13:32:38 (UTC) |
|---|---|---|
| committer | Michael Krelin <hacker@klever.net> | 2009-04-05 13:32:38 (UTC) |
| commit | 702c6bc69bb9bf511f6f5639d90d49139674339c (patch) (side-by-side diff) | |
| tree | 9672670cc28f5e743f372a82fd1aefb2bb87479e /src | |
| parent | 878315238f71307b5b62ed314096f4a7c465bf3e (diff) | |
| download | iii-702c6bc69bb9bf511f6f5639d90d49139674339c.zip iii-702c6bc69bb9bf511f6f5639d90d49139674339c.tar.gz iii-702c6bc69bb9bf511f6f5639d90d49139674339c.tar.bz2 | |
check uploaded file integrity
Signed-off-by: Michael Krelin <hacker@klever.net>
| -rw-r--r-- | src/eyefiservice.cc | 35 |
1 files changed, 26 insertions, 9 deletions
diff --git a/src/eyefiservice.cc b/src/eyefiservice.cc index 153a7c4..d233a07 100644 --- a/src/eyefiservice.cc +++ b/src/eyefiservice.cc @@ -113,55 +113,73 @@ int eyefiService::UploadPhoto( "UploadPhoto request from %s with fileid=%d, filename=%s, filesize=%ld," " filesignature=%s, encryption=%s, flags=%04X", macaddress.c_str(), fileid, filename.c_str(), filesize, filesignature.c_str(), encryption.c_str(), flags ); #endif eyekinfig_t eyekinfig(macaddress); umask(eyekinfig.get_umask()); std::string td = eyekinfig.get_targetdir(); tmpdir_t indir(td+"/.incoming.XXXXXX"); + std::string jf; + binary_t digest, idigest; + for(soap_multipart::iterator i=mime.begin(),ie=mime.end();i!=ie;++i) { #ifndef NDEBUG syslog(LOG_DEBUG, " MIME attachment with id=%s, type=%s, size=%ld", (*i).id, (*i).type, (long)(*i).size ); #endif -#ifndef NDEBUG if((*i).id && !strcmp((*i).id,"INTEGRITYDIGEST")) { - std::string idigest((*i).ptr,(*i).size); - syslog(LOG_DEBUG, " INTEGRITYDIGEST=%s", idigest.c_str()); - } + std::string idigestr((*i).ptr,(*i).size); +#ifndef NDEBUG + syslog(LOG_DEBUG, " INTEGRITYDIGEST=%s", idigestr.c_str()); #endif + idigest.from_hex(idigestr); + } if( (*i).id && !strcmp((*i).id,"FILENAME") ) { assert( (*i).type && !strcmp((*i).type,"application/x-tar") ); #ifdef III_SAVE_TARS std::string tarfile = indir.get_file(filename); { std::ofstream(tarfile.c_str(),std::ios::out|std::ios::binary).write((*i).ptr,(*i).size); } #endif + + if(!jf.empty()) throw std::runtime_error("already seen tarball"); + if(!digest.empty()) throw std::runtime_error("already have integrity digest"); + digest = integrity_digest((*i).ptr,(*i).size,eyekinfig.get_upload_key()); +#ifndef NDEBUG + syslog(LOG_DEBUG," computed integrity digest=%s", digest.hex().c_str()); +#endif + tarchive_t a((*i).ptr,(*i).size); if(!a.read_next_header()) throw std::runtime_error("failed to tarchive_t::read_next_header())"); - std::string jf = indir.get_file(a.entry_pathname()); - std::string::size_type ls = jf.rfind('/'); - std::string jbn = (ls==std::string::npos)?jf:jf.substr(ls+1); + jf = indir.get_file(a.entry_pathname()); int fd=open(jf.c_str(),O_CREAT|O_WRONLY,0666); assert(fd>0); a.read_data_into_fd(fd); close(fd); + } + } + + if(jf.empty()) throw std::runtime_error("haven't seen jpeg file"); + if(digest!=idigest) throw std::runtime_error("integrity digest verification failed"); + + std::string::size_type ls = jf.rfind('/'); + std::string jbn = (ls==std::string::npos)?jf:jf.substr(ls+1); std::string tf = td+'/'+jbn; bool success = false; if(!link(jf.c_str(), tf.c_str())) { unlink(jf.c_str()); success = true; }else{ for(int i=1;i<32767;++i) { tf = (const char*)gnu::autosprintf( "%s/(%05d)%s", td.c_str(), i, jbn.c_str() ); if(!link(jf.c_str(), tf.c_str())) { unlink(jf.c_str()); success = true; break; } @@ -169,17 +187,16 @@ int eyefiService::UploadPhoto( } std::string cmd = eyekinfig.get_on_upload_photo(); if(success && !cmd.empty()) { if(detached_child()) { putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) ); putenv( gnu::autosprintf("EYEFI_UPLOADED=%s",tf.c_str()) ); char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 }; execv("/bin/sh",argv); syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str()); _exit(-1); } } - } - } + r.success = true; return SOAP_OK; } |