summaryrefslogtreecommitdiff
path: root/printutils/lpd.c
blob: 49e3fd744eedb228c600c572661c1092f0227513 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
/* vi: set sw=4 ts=4: */
/*
 * micro lpd
 *
 * Copyright (C) 2008 by Vladimir Dronnikov <dronnikov@gmail.com>
 *
 * Licensed under GPLv2, see file LICENSE in this tarball for details.
 */
#include "libbb.h"

// TODO: xmalloc_reads is vulnerable to remote OOM attack!

int lpd_main(int argc, char *argv[]) MAIN_EXTERNALLY_VISIBLE;
int lpd_main(int argc ATTRIBUTE_UNUSED, char *argv[])
{
	int spooling;
	char *s, *queue;

	// read command
	s = xmalloc_reads(STDIN_FILENO, NULL);

	// we understand only "receive job" command
	if (2 != *s) {
 unsupported_cmd:
		printf("Command %02x %s\n",
			(unsigned char)s[0], "is not supported");
		return EXIT_FAILURE;
	}

	// spool directory contains either links to real printer devices or just simple files
	// these links or files are called "queues"
	// OR
	// if a directory named as given queue exists within spool directory
	// then LPD enters spooling mode and just dumps both control and data files to it

	// goto spool directory
	if (argv[1])
		xchdir(argv[1]);

	// parse command: "\x2QUEUE_NAME\n"
	queue = s + 1;
	*strchrnul(s, '\n') = '\0';

	// protect against "/../" attacks
	if (queue[0] == '.' || strstr(queue, "/."))
		return EXIT_FAILURE;

	// queue is a directory -> chdir to it and enter spooling mode
	spooling = chdir(queue) + 1; /* 0: cannot chdir, 1: done */

	xdup2(STDOUT_FILENO, STDERR_FILENO);

	while (1) {
		char *fname;
		int fd;
		// int is easier than ssize_t: can use xatoi_u,
		// and can correctly display error returns (-1)
		int expected_len, real_len;

		// signal OK
		write(STDOUT_FILENO, "", 1);

		// get subcommand
		s = xmalloc_reads(STDIN_FILENO, NULL);
		if (!s)
			return EXIT_SUCCESS; // probably EOF
		// we understand only "control file" or "data file" cmds
		if (2 != s[0] && 3 != s[0])
			goto unsupported_cmd;

		*strchrnul(s, '\n') = '\0';
		// valid s must be of form: SUBCMD | LEN | SP | FNAME
		// N.B. we bail out on any error
		fname = strchr(s, ' ');
		if (!fname) {
			printf("Command %02x %s\n",
				(unsigned char)s[0], "lacks filename");
			return EXIT_FAILURE;
		}
		*fname++ = '\0';
		if (spooling) {
			// spooling mode: dump both files
			// make "/../" attacks in file names ineffective
			xchroot(".");
			// job in flight has mode 0200 "only writable"
			fd = xopen3(fname, O_CREAT | O_WRONLY | O_TRUNC | O_EXCL, 0200);
		} else {
			// non-spooling mode:
			// 2: control file (ignoring), 3: data file
			fd = -1;
			if (3 == s[0])
				fd = xopen(queue, O_RDWR | O_APPEND);
		}
		expected_len = xatoi_u(s + 1);
		real_len = bb_copyfd_size(STDIN_FILENO, fd, expected_len);
		if (spooling && real_len != expected_len) {
			unlink(fname); // don't keep corrupted files
			printf("Expected %d but got %d bytes\n",
				expected_len, real_len);
			return EXIT_FAILURE;
		}
		// get ACK and see whether it is NUL (ok)
		if (read(STDIN_FILENO, s, 1) != 1 || s[0] != 0) {
			// don't send error msg to peer - it obviously
			// don't follow the protocol, so probably
			// it can't understand us either
			return EXIT_FAILURE;
		}
		// chmod completely downloaded job as "readable+writable"
		if (spooling)
			fchmod(fd, 0600);
		close(fd); // NB: can do close(-1). Who cares?
		free(s);
	} /* while (1) */
}