author | Michael Krelin <hacker@klever.net> | 2009-04-05 13:32:38 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2009-04-05 13:32:38 (UTC) |
commit | 702c6bc69bb9bf511f6f5639d90d49139674339c (patch) (side-by-side diff) | |
tree | 9672670cc28f5e743f372a82fd1aefb2bb87479e /src/eyefiservice.cc | |
parent | 878315238f71307b5b62ed314096f4a7c465bf3e (diff) | |
download | iii-702c6bc69bb9bf511f6f5639d90d49139674339c.zip iii-702c6bc69bb9bf511f6f5639d90d49139674339c.tar.gz iii-702c6bc69bb9bf511f6f5639d90d49139674339c.tar.bz2 |
check uploaded file integrity
Signed-off-by: Michael Krelin <hacker@klever.net>
-rw-r--r-- | src/eyefiservice.cc | 75 |
1 files changed, 46 insertions, 29 deletions
diff --git a/src/eyefiservice.cc b/src/eyefiservice.cc index 153a7c4..d233a07 100644 --- a/src/eyefiservice.cc +++ b/src/eyefiservice.cc @@ -101,85 +101,102 @@ int eyefiService::MarkLastPhotoInRoll( } } return SOAP_OK; } int eyefiService::UploadPhoto( int fileid, std::string macaddress, std::string filename, long filesize, std::string filesignature, std::string encryption, int flags, struct rns__UploadPhotoResponse& r ) { #ifndef NDEBUG syslog(LOG_DEBUG, "UploadPhoto request from %s with fileid=%d, filename=%s, filesize=%ld," " filesignature=%s, encryption=%s, flags=%04X", macaddress.c_str(), fileid, filename.c_str(), filesize, filesignature.c_str(), encryption.c_str(), flags ); #endif eyekinfig_t eyekinfig(macaddress); umask(eyekinfig.get_umask()); std::string td = eyekinfig.get_targetdir(); tmpdir_t indir(td+"/.incoming.XXXXXX"); + std::string jf; + binary_t digest, idigest; + for(soap_multipart::iterator i=mime.begin(),ie=mime.end();i!=ie;++i) { #ifndef NDEBUG syslog(LOG_DEBUG, " MIME attachment with id=%s, type=%s, size=%ld", (*i).id, (*i).type, (long)(*i).size ); #endif -#ifndef NDEBUG if((*i).id && !strcmp((*i).id,"INTEGRITYDIGEST")) { - std::string idigest((*i).ptr,(*i).size); - syslog(LOG_DEBUG, " INTEGRITYDIGEST=%s", idigest.c_str()); - } + std::string idigestr((*i).ptr,(*i).size); +#ifndef NDEBUG + syslog(LOG_DEBUG, " INTEGRITYDIGEST=%s", idigestr.c_str()); #endif + idigest.from_hex(idigestr); + } if( (*i).id && !strcmp((*i).id,"FILENAME") ) { assert( (*i).type && !strcmp((*i).type,"application/x-tar") ); #ifdef III_SAVE_TARS std::string tarfile = indir.get_file(filename); { std::ofstream(tarfile.c_str(),std::ios::out|std::ios::binary).write((*i).ptr,(*i).size); } #endif + + if(!jf.empty()) throw std::runtime_error("already seen tarball"); + if(!digest.empty()) throw std::runtime_error("already have integrity digest"); + digest = integrity_digest((*i).ptr,(*i).size,eyekinfig.get_upload_key()); +#ifndef NDEBUG + syslog(LOG_DEBUG," computed integrity digest=%s", digest.hex().c_str()); +#endif + tarchive_t a((*i).ptr,(*i).size); if(!a.read_next_header()) throw std::runtime_error("failed to tarchive_t::read_next_header())"); - std::string jf = indir.get_file(a.entry_pathname()); - std::string::size_type ls = jf.rfind('/'); - std::string jbn = (ls==std::string::npos)?jf:jf.substr(ls+1); + jf = indir.get_file(a.entry_pathname()); int fd=open(jf.c_str(),O_CREAT|O_WRONLY,0666); assert(fd>0); a.read_data_into_fd(fd); close(fd); - std::string tf = td+'/'+jbn; - bool success = false; + } + } + + if(jf.empty()) throw std::runtime_error("haven't seen jpeg file"); + if(digest!=idigest) throw std::runtime_error("integrity digest verification failed"); + + std::string::size_type ls = jf.rfind('/'); + std::string jbn = (ls==std::string::npos)?jf:jf.substr(ls+1); + std::string tf = td+'/'+jbn; + bool success = false; + if(!link(jf.c_str(), tf.c_str())) { + unlink(jf.c_str()); success = true; + }else{ + for(int i=1;i<32767;++i) { + tf = (const char*)gnu::autosprintf( "%s/(%05d)%s", + td.c_str(), i, jbn.c_str() ); if(!link(jf.c_str(), tf.c_str())) { unlink(jf.c_str()); success = true; - }else{ - for(int i=1;i<32767;++i) { - tf = (const char*)gnu::autosprintf( "%s/(%05d)%s", - td.c_str(), i, jbn.c_str() ); - if(!link(jf.c_str(), tf.c_str())) { - unlink(jf.c_str()); success = true; - break; - } - } - } - std::string cmd = eyekinfig.get_on_upload_photo(); - if(success && !cmd.empty()) { - if(detached_child()) { - putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) ); - putenv( gnu::autosprintf("EYEFI_UPLOADED=%s",tf.c_str()) ); - char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 }; - execv("/bin/sh",argv); - syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str()); - _exit(-1); - } + break; } } } + std::string cmd = eyekinfig.get_on_upload_photo(); + if(success && !cmd.empty()) { + if(detached_child()) { + putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) ); + putenv( gnu::autosprintf("EYEFI_UPLOADED=%s",tf.c_str()) ); + char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 }; + execv("/bin/sh",argv); + syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str()); + _exit(-1); + } + } + r.success = true; return SOAP_OK; } |