README.md: Fix CMake build instructions

The previous instructions were simply wrong because `cmake ..` would attempt to configure the project from the parent directory, instead of the build directory.
page.c: Do not get filename on previews
2024-05-05 01:07:01 +02:00 · 2024-03-01 00:06:03 +01:00 · 2024-02-24 08:39:25 +01:00 · 2024-02-20 21:44:53 +01:00 · 2024-02-20 21:24:17 +01:00 · 2024-02-20 08:18:11 +01:00
8 changed files with 297 additions and 102 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,4 +2,4 @@ build/
 slcl
 *.o
 *.d
-Makefile
+./Makefile
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1,5 +1,5 @@
 cmake_minimum_required(VERSION 3.13)
-project(slcl C VERSION 0.1.0)
+project(slcl LANGUAGES C VERSION 0.2.0)
 add_executable(${PROJECT_NAME}
    auth.c
    base64.c
@ -13,7 +13,7 @@ add_executable(${PROJECT_NAME}
 target_compile_options(${PROJECT_NAME} PRIVATE -Wall)
 target_compile_definitions(${PROJECT_NAME} PRIVATE _FILE_OFFSET_BITS=64)
 set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_LIST_DIR}/cmake)
-find_package(web 0.1.0)
+find_package(web 0.3.0)

 if(WEB_FOUND)
    find_package(dynstr 0.1.0)
--- a/README.md
+++ b/README.md
@ -59,13 +59,13 @@ to `slcl`. If required, encryption should be done before uploading e.g.: using
 #### Mandatory packages

 ```sh
-sudo apt install build-essential libcjson-dev libssl-dev
+sudo apt install build-essential libcjson-dev libssl-dev m4 jq
 ```

 #### Optional packages

 ```sh
-sudo apt install cmake xxd jq
+sudo apt install cmake
 ```

 ## How to use
@ -90,9 +90,8 @@ $ make
 #### CMake

 ```sh
-$ mkdir build/
-$ cmake ..
-$ cmake --build .
+$ cmake -B build
+$ cmake --build build/
 ```

 ### Setting up
--- a/4
+++ b/4
@ -6,7 +6,7 @@ default_prefix=/usr/local
 prefix=$default_prefix
 default_CC='c99'
 # FILE_OFFSET_BITS=64 is required for large file support on 32-bit platforms.
-default_CFLAGS='-O1 -g -D_FILE_OFFSET_BITS=64 -Wall -MD -MF $(@:.o=.d)'
+default_CFLAGS='-O1 -g -D_FILE_OFFSET_BITS=64 -Wall -MD'
 default_LDFLAGS="-lcjson -lssl -lm -lcrypto"

 CC=${CC:-$default_CC}
@ -130,7 +130,7 @@ fi
 if [ $in_tree_libweb -ne 0 ]
 then
 cat <<"EOF" >> $F
-LIBWEB = libweb/libslweb.a
+LIBWEB = libweb/libweb.a
 $(PROJECT): $(LIBWEB)
 $(LIBWEB): FORCE
 	+cd libweb && $(MAKE) CC=$(CC)
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit dbdaac757fb9217e4b28afc05f1fe523f68d64d3
+Subproject commit b4930f72bb9026c5a0871f4fa4cabe20cb0e6a9f
--- a/main.c
+++ b/main.c
@ -135,7 +135,8 @@ static int append_form(struct form **const forms, const char **const s,
 {
    int ret = -1;
    const char *end;
-    char *const data = alloc_form_data(*s, &end), *key = NULL, *value = NULL;
+    char *const data = alloc_form_data(*s, &end), *enckey = NULL,
+        *encvalue = NULL, *key = NULL, *value = NULL;
    struct form *f = NULL, *fs = NULL;

    if (!data)
@ -161,14 +162,16 @@ static int append_form(struct form **const forms, const char **const s,

    const size_t keylen = sep - data;

-    if (!(key = strndup(data, keylen)))
+    if (!(enckey = strndup(data, keylen)))
    {
-        fprintf(stderr, "%s: strndup(3) key: %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: strndup(3) enckey: %s\n",
+            __func__, strerror(errno));
        goto end;
    }
-    else if (!(value = strdup(sep + 1)))
+    else if (!(encvalue = strdup(sep + 1)))
    {
-        fprintf(stderr, "%s: strdup(3) value: %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: strdup(3) encvalue: %s\n",
+            __func__, strerror(errno));
        goto end;
    }
    else if (!(fs = realloc(*forms, (*n + 1) * sizeof **forms)))
@ -178,27 +181,39 @@ static int append_form(struct form **const forms, const char **const s,
    }

    *forms = fs;
-    f = &(*forms)[(*n)++];

    /* HTML input forms use '+' for whitespace, rather than %20. */
-    *f = (const struct form)
+    if ((ret = http_decode_url(enckey, true, &key)))
    {
-        .key = http_decode_url(key, true),
-        .value = http_decode_url(value, true)
-    };
-
-    if (!f->key || !f->value)
-    {
-        fprintf(stderr, "%s: http_decode_url key/value failed\n", __func__);
+        fprintf(stderr, "%s: http_decode_url enckey failed\n", __func__);
        goto end;
    }
+    else if ((ret = http_decode_url(encvalue, true, &value)))
+    {
+        fprintf(stderr, "%s: http_decode_url encvalue failed\n", __func__);
+        goto end;
+    }
+
+    f = &(*forms)[(*n)++];
+
+    *f = (const struct form)
+    {
+        .key = key,
+        .value = value
+    };

    *s = end;
    ret = 0;

 end:
-    free(key);
-    free(value);
+    if (ret)
+    {
+        free(key);
+        free(value);
+    }
+
+    free(enckey);
+    free(encvalue);
    free(data);
    return ret;
 }
@ -378,14 +393,24 @@ end:

 static bool path_isrel(const char *const path)
 {
-    if (!strcmp(path, "..") || !strcmp(path, ".") || strstr(path, "/../"))
+    if (!strcmp(path, "..")
+        || !strcmp(path, ".")
+        || !strncmp(path, "./", strlen("./"))
+        || !strncmp(path, "../", strlen("../"))
+        || strstr(path, "/./")
+        || strstr(path, "/../"))
        return true;

-    static const char suffix[] = "/..";
-    const size_t n = strlen(path), sn = strlen(suffix);
+    static const char *const suffixes[] = {"/.", "/.."};

-    if (n >= sn && !strcmp(path + n - sn, suffix))
-        return true;
+    for (size_t i = 0; i < sizeof suffixes / sizeof *suffixes; i++)
+    {
+        const char *const suffix = suffixes[i];
+        const size_t n = strlen(path), sn = strlen(suffix);
+
+        if (n >= sn && !strcmp(path + n - sn, suffix))
+            return true;
+    }

    return false;
 }
@ -410,7 +435,8 @@ static int getpublic(const struct http_payload *const p,
 {
    int ret = -1;
    struct auth *const a = user;
-    const char *const adir = auth_dir(a);
+    const char *const adir = auth_dir(a),
+        *const file = p->resource + strlen("/public/");
    struct dynstr d;

    dynstr_init(&d);
@ -420,6 +446,13 @@ static int getpublic(const struct http_payload *const p,
        fprintf(stderr, "%s: auth_dir failed\n", __func__);
        goto end;
    }
+    else if (!*file || filename_invalid(file))
+    {
+        fprintf(stderr, "%s: invalid filename %s\n",
+            __func__, p->resource);
+        ret = page_forbidden(r);
+        goto end;
+    }
    else if (path_invalid(p->resource))
    {
        fprintf(stderr, "%s: illegal relative path %s\n",
@ -878,7 +911,16 @@ static int check_length(const unsigned long long len,
    bool has_quota;
    unsigned long long quota;

-    if (auth_quota(a, username, &has_quota, &quota))
+    if (auth_cookie(a, c))
+    {
+        fprintf(stderr, "%s: auth_cookie failed\n", __func__);
+
+        if (page_forbidden(r))
+            return -1;
+
+        return 1;
+    }
+    else if (auth_quota(a, username, &has_quota, &quota))
    {
        fprintf(stderr, "%s: auth_quota failed\n", __func__);
        return -1;
@ -1038,23 +1080,23 @@ end:
 static int move_file(const char *const old, const char *const new)
 {
    int ret = -1;
-    FILE *const f = fopen(old, "rb");
-    const int fd = open(new, O_WRONLY | O_CREAT, 0600);
+    const int fd_old = open(old, O_RDONLY),
+        fd_new = open(new, O_WRONLY | O_CREAT, 0600);
    struct stat sb;

-    if (!f)
+    if (fd_old < 0)
    {
-        fprintf(stderr, "%s: fopen(3): %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: open(2) fd_old: %s\n", __func__, strerror(errno));
        goto end;
    }
-    else if (fd < 0)
+    else if (fd_new < 0)
    {
        fprintf(stderr, "%s: open(2): %s\n", __func__, strerror(errno));
        goto end;
    }
-    else if (stat(old, &sb))
+    else if (fstat(fd_old, &sb))
    {
-        fprintf(stderr, "%s: stat(2): %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: fstat(2): %s\n", __func__, strerror(errno));
        goto end;
    }

@ -1063,24 +1105,30 @@ static int move_file(const char *const old, const char *const new)
        char buf[BUFSIZ];
        const off_t left = sb.st_size - i;
        const size_t rem = left > sizeof buf ? sizeof buf : left;
-        ssize_t w;
+        const ssize_t r = read(fd_old, buf, rem);

-        if (!fread(buf, rem, 1, f))
+        if (r < 0)
        {
-            fprintf(stderr, "%s: fread(3) failed, feof=%d, ferror=%d\n",
-                __func__, feof(f), ferror(f));
+            fprintf(stderr, "%s: read(2): %s\n", __func__, strerror(errno));
            goto end;
        }
-        else if ((w = write(fd, buf, rem)) < 0)
+
+        size_t wrem = r;
+        const void *p = buf;
+
+        while (wrem)
        {
-            fprintf(stderr, "%s: write(2): %s\n", __func__, strerror(errno));
-            goto end;
-        }
-        else if (w != rem)
-        {
-            fprintf(stderr, "%s: write(2): expected to write %zu bytes, "
-                "only %ju written\n", __func__, rem, (intmax_t)w);
-            goto end;
+            const ssize_t w = write(fd_new, p, wrem);
+
+            if (w < 0)
+            {
+                fprintf(stderr, "%s: write(2): %s\n",
+                    __func__, strerror(errno));
+                goto end;
+            }
+
+            p = (const char *)p + w;
+            wrem -= w;
        }

        i += rem;
@ -1089,15 +1137,15 @@ static int move_file(const char *const old, const char *const new)
    ret = 0;

 end:
-    if (fd >= 0 && close(fd))
+    if (fd_old >= 0 && close(fd_old))
    {
-        fprintf(stderr, "%s: close(2): %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: close(2) fd_old: %s\n", __func__, strerror(errno));
        ret = -1;
    }

-    if (f && fclose(f))
+    if (fd_new >= 0 && close(fd_new))
    {
-        fprintf(stderr, "%s: fclose(3): %s\n", __func__, strerror(errno));
+        fprintf(stderr, "%s: close(2) fd_new: %s\n", __func__, strerror(errno));
        ret = -1;
    }

@ -1116,12 +1164,43 @@ static int rename_or_move(const char *const old, const char *const new)
    return res;
 }

+static int check_upload_dir(const char *const dir)
+{
+    struct stat sb;
+
+    if (stat(dir, &sb))
+    {
+        switch (errno)
+        {
+            case ENOENT:
+                /* Fall through. */
+            case ENOTDIR:
+                fprintf(stderr, "%s: cannot upload to non-existing dir %s\n",
+                    __func__, dir);
+                return 1;
+
+            default:
+                fprintf(stderr, "%s: stat(2) %s: %s\n",
+                    __func__, dir, strerror(errno));
+                return -1;
+        }
+    }
+    else if (!S_ISDIR(sb.st_mode))
+    {
+        fprintf(stderr, "%s: %s not a dir\n", __func__, dir);
+        return 1;
+    }
+
+    return 0;
+}
+
 static int upload_file(const struct http_post_file *const f,
    const char *const user, const char *const root, const char *const dir)
 {
    int ret = -1;
-    struct dynstr d;
+    struct dynstr dird, d;

+    dynstr_init(&dird);
    dynstr_init(&d);

    if (!root)
@ -1129,9 +1208,21 @@ static int upload_file(const struct http_post_file *const f,
        fprintf(stderr, "%s: auth_dir failed\n", __func__);
        goto end;
    }
-    else if (dynstr_append(&d, "%s/user/%s/%s%s", root, user, dir, f->filename))
+    else if (dynstr_append(&dird, "%s/user/%s/%s", root, user, dir))
    {
-        fprintf(stderr, "%s: dynstr_append failed\n", __func__);
+        fprintf(stderr, "%s: dynstr_append dird failed\n", __func__);
+        goto end;
+    }
+    else if ((ret = check_upload_dir(dird.str)))
+    {
+        if (ret < 0)
+            fprintf(stderr, "%s: check_upload_dir failed\n", __func__);
+
+        goto end;
+    }
+    else if (dynstr_append(&d, "%s%s", dird.str, f->filename))
+    {
+        fprintf(stderr, "%s: dynstr_append d failed\n", __func__);
        goto end;
    }
    else if (rename_or_move(f->tmpname, d.str))
@ -1143,6 +1234,7 @@ static int upload_file(const struct http_post_file *const f,
    ret = 0;

 end:
+    dynstr_free(&dird);
    dynstr_free(&d);
    return ret;
 }
@ -1242,11 +1334,15 @@ static int upload_files(const struct http_payload *const p,

    for (size_t i = 0; i < po->nfiles; i++)
    {
-        if (upload_file(&po->files[i], user, root, dir))
+        const int ret = upload_file(&po->files[i], user, root, dir);
+
+        if (ret < 0)
        {
            fprintf(stderr, "%s: upload_file failed\n", __func__);
            return -1;
        }
+        else if (ret)
+            return page_bad_request(r);
    }

    return redirect_to_dir(dir, r);
@ -1262,7 +1358,7 @@ static int upload(const struct http_payload *const p,
        fprintf(stderr, "%s: auth_cookie failed\n", __func__);
        return page_forbidden(r);
    }
-    else if (p->u.post.expect_continue)
+    else if (p->expect_continue)
    {
        *r = (const struct http_response)
        {
@ -1283,6 +1379,7 @@ static int createdir(const struct http_payload *const p,
    struct dynstr d, userd;
    struct form *forms = NULL;
    size_t n = 0;
+    char *encurl = NULL;

    dynstr_init(&d);
    dynstr_init(&userd);
@ -1309,7 +1406,7 @@ static int createdir(const struct http_payload *const p,
        goto end;
    }

-    char *name = NULL, *dir = NULL;
+    const char *name = NULL, *dir = NULL;

    for (size_t i = 0; i < n; i++)
    {
@ -1396,7 +1493,12 @@ static int createdir(const struct http_payload *const p,
            .status = HTTP_STATUS_SEE_OTHER
        };

-        if (http_response_add_header(r, "Location", userd.str))
+        if (!(encurl = http_encode_url(userd.str)))
+        {
+            fprintf(stderr, "%s: http_encode_url failed\n", __func__);
+            goto end;
+        }
+        else if (http_response_add_header(r, "Location", encurl))
        {
            fprintf(stderr, "%s: http_response_add_header failed\n", __func__);
            goto end;
@ -1409,6 +1511,7 @@ end:
    forms_free(forms, n);
    dynstr_free(&userd);
    dynstr_free(&d);
+    free(encurl);
    return ret;
 }

@ -2023,14 +2126,31 @@ int main(int argc, char *argv[])
    {
        .length = check_length,
        .tmpdir = tmpdir,
-        .user = a
+        .user = a,
+        .post =
+        {
+            /* Arbitrary limit. */
+            .max_files = 10000,
+            /* File upload only requires one pair. */
+            .max_pairs = 1
+        }
    };

+    unsigned short outport;
+
    if (!(h = handler_alloc(&cfg))
        || add_urls(h, a)
-        || handler_listen(h, port))
+        || handler_listen(h, port, &outport))
        goto end;

+    printf("Listening on port %hu\n", outport);
+
+    if (handler_loop(h))
+    {
+        fprintf(stderr, "%s: handler_loop failed\n", __func__);
+        goto end;
+    }
+
    ret = EXIT_SUCCESS;

 end:
--- a/page.c
+++ b/page.c
@ -108,6 +108,7 @@ static int prepare_name(struct html_node *const n, struct stat *const sb,
    struct html_node *a;
    struct dynstr d, dname;
    const char *const sep = S_ISDIR(sb->st_mode) ? "/" : "";
+    char *encurl = NULL;

    dynstr_init(&d);
    dynstr_init(&dname);
@ -122,7 +123,12 @@ static int prepare_name(struct html_node *const n, struct stat *const sb,
        fprintf(stderr, "%s: html_node_add_child failed\n", __func__);
        goto end;
    }
-    else if (html_node_add_attr(a, "href", d.str))
+    else if (!(encurl = http_encode_url(d.str)))
+    {
+        fprintf(stderr, "%s: http_encode_url failed\n", __func__);
+        goto end;
+    }
+    else if (html_node_add_attr(a, "href", encurl))
    {
        fprintf(stderr, "%s: html_node_add_attr href failed\n", __func__);
        goto end;
@ -143,6 +149,7 @@ static int prepare_name(struct html_node *const n, struct stat *const sb,
 end:
    dynstr_free(&d);
    dynstr_free(&dname);
+    free(encurl);
    return ret;
 }

@ -303,6 +310,7 @@ static int prepare_preview(struct html_node *const n,
    const struct stat *const sb, const char *const dir, const char *const name)
 {
    int ret = -1;
+    char *encurl = NULL;
    struct html_node *a;
    struct dynstr d;

@ -315,9 +323,22 @@ static int prepare_preview(struct html_node *const n,
        fprintf(stderr, "%s: html_node_add_child form failed\n", __func__);
        goto end;
    }
-    else if (dynstr_append(&d, "%s%s?preview=1", dir, name))
+    else if (dynstr_append(&d, "%s%s", dir, name))
    {
-        fprintf(stderr, "%s: dynstr_append failed\n", __func__);
+        fprintf(stderr, "%s: dynstr_append d failed\n", __func__);
+        goto end;
+    }
+    else if (!(encurl = http_encode_url(d.str)))
+    {
+        fprintf(stderr, "%s: http_encode_url failed\n", __func__);
+        goto end;
+    }
+
+    dynstr_free(&d);
+
+    if (dynstr_append(&d, "%s?preview=1", encurl))
+    {
+        fprintf(stderr, "%s: dynstr_append encd failed\n", __func__);
        goto end;
    }
    else if (html_node_add_attr(a, "href", d.str))
@ -335,6 +356,7 @@ static int prepare_preview(struct html_node *const n,

 end:
    dynstr_free(&d);
+    free(encurl);
    return ret;
 }

@ -1272,20 +1294,24 @@ end:
 }

 static int serve_file(struct http_response *const r,
-    const struct stat *const sb, const char *const res, const bool preview)
+    const struct stat *const sb, const char *const res, const bool preview,
+    const int fd, bool *const fdopened)
 {
    int ret = -1;
-    FILE *const f = fopen(res, "rb");
+    FILE *f = NULL;
    struct dynstr b, d;
    char *bn;

    dynstr_init(&b);
    dynstr_init(&d);

-    if (!f)
+    if (preview)
    {
-        fprintf(stderr, "%s: fopen(3): %s\n", __func__, strerror(errno));
-        goto end;
+        if (dynstr_append(&d, "inline"))
+        {
+            fprintf(stderr, "%s: dynstr_append inline failed\n", __func__);
+            goto end;
+        }
    }
    else if (dynstr_append(&b, "%s", res))
    {
@ -1297,20 +1323,20 @@ static int serve_file(struct http_response *const r,
        fprintf(stderr, "%s: basename(3) failed\n", __func__);
        goto end;
    }
-    else if (preview)
-    {
-        if (dynstr_append(&d, "inline"))
-        {
-            fprintf(stderr, "%s: dynstr_append inline failed\n", __func__);
-            goto end;
-        }
-    }
    else if (dynstr_append(&d, "attachment; filename=\"%s\"", bn))
    {
        fprintf(stderr, "%s: dynstr_append attachment failed\n", __func__);
        goto end;
    }

+    if (!(f = fdopen(fd, "rb")))
+    {
+        fprintf(stderr, "%s: fdopen(3): %s\n", __func__, strerror(errno));
+        goto end;
+    }
+
+    *fdopened = true;
+
    *r = (const struct http_response)
    {
        .status = HTTP_STATUS_OK,
@ -1380,28 +1406,63 @@ static bool preview(const struct page_resource *const pr)

 int page_resource(const struct page_resource *const pr)
 {
+    int ret = -1;
    struct stat sb;
+    const int fd = open(pr->res, O_RDONLY);
+    bool fdopened = false;

-    if (stat(pr->res, &sb))
+    if (fd < 0)
    {
-        fprintf(stderr, "%s: stat(2) %s: %s\n",
-            __func__, pr->res, strerror(errno));
-
        if (errno == ENOENT || errno == ENOTDIR)
-            return page_not_found(pr->r);
+            ret = page_not_found(pr->r);
        else
-            return -1;
+            fprintf(stderr, "%s: open(2) %s: %s\n",
+                __func__, pr->res, strerror(errno));
+
+        goto end;
+    }
+    else if (fstat(fd, &sb))
+    {
+        fprintf(stderr, "%s: fstat(2) %s: %s\n",
+            __func__, pr->res, strerror(errno));
+        goto end;
    }

    const mode_t m = sb.st_mode;

    if (S_ISDIR(m))
-        return list_dir(pr);
+    {
+        if (list_dir(pr))
+        {
+            fprintf(stderr, "%s: list_dir failed\n", __func__);
+            goto end;
+        }
+    }
    else if (S_ISREG(m))
-        return serve_file(pr->r, &sb, pr->res, preview(pr));
+    {
+        if (serve_file(pr->r, &sb, pr->res, preview(pr), fd, &fdopened))
+        {
+            fprintf(stderr, "%s: serve_file failed\n", __func__);
+            goto end;
+        }
+    }
+    else
+    {
+        fprintf(stderr, "%s: unexpected st_mode %jo\n", __func__, (intmax_t)m);
+        goto end;
+    }

-    fprintf(stderr, "%s: unexpected st_mode %jd\n", __func__, (intmax_t)m);
-    return -1;
+    ret = 0;
+
+end:
+    if (!fdopened && fd >= 0 && close(fd))
+    {
+        fprintf(stderr, "%s: close(2) %s: %s\n",
+            __func__, pr->res, strerror(errno));
+        ret = -1;
+    }
+
+    return ret;
 }

 static char *resolve_link(const char *const res)
@ -1444,18 +1505,26 @@ static char *resolve_link(const char *const res)
 int page_public(struct http_response *const r, const char *const res)
 {
    int ret = -1;
+    const int fd = open(res, O_RDONLY);
    struct stat sb;
    char *path = NULL;
+    bool fdopened = false;

-    if (stat(res, &sb))
+    if (fd < 0)
    {
-        fprintf(stderr, "%s: stat(2) %s: %s\n",
-            __func__, res, strerror(errno));
-
        if (errno == ENOENT)
-            return page_not_found(r);
+            ret = page_not_found(r);
        else
-            goto end;
+            fprintf(stderr, "%s: stat(2) %s: %s\n",
+                __func__, res, strerror(errno));
+
+        goto end;
+    }
+    else if (fstat(fd, &sb))
+    {
+        fprintf(stderr, "%s: fstat(2) %s: %s\n",
+            __func__, res, strerror(errno));
+        goto end;
    }

    const mode_t m = sb.st_mode;
@ -1470,7 +1539,7 @@ int page_public(struct http_response *const r, const char *const res)
        fprintf(stderr, "%s: resolve_link failed\n", __func__);
        goto end;
    }
-    else if (serve_file(r, &sb, path, false))
+    else if (serve_file(r, &sb, path, false, fd, &fdopened))
    {
        fprintf(stderr, "%s: serve_file failed\n", __func__);
        goto end;
@ -1479,6 +1548,13 @@ int page_public(struct http_response *const r, const char *const res)
    ret = 0;

 end:
+    if (!fdopened && fd >= 0 && close(fd))
+    {
+        fprintf(stderr, "%s: close(2) %s: %s\n",
+            __func__, res, strerror(errno));
+        ret = -1;
+    }
+
    free(path);
    return ret;
 }
--- a/4
+++ b/4
@ -9,7 +9,7 @@ usage()

 to_hex()
 {
-    od -An -t x1 | tr -d ' '
+    od -An -t x1 | tr -d ' ' | tr -d '\n'
 }

 to_bin()
@ -93,5 +93,5 @@ jq ".users += [
    \"quota\": \"$QUOTA\"
 }]" "$DB" > $TMP

-mkdir "$DIR/user/$USER"
+mkdir -p "$DIR/user/$USER"
 mv $TMP "$DB"
Author	SHA1	Message	Date
Xavier Del Campo Romero	32af8ddd3d	README.md: Fix CMake build instructions The previous instructions were simply wrong because `cmake ..` would attempt to configure the project from the parent directory, instead of the build directory.	2024-05-05 01:07:01 +02:00
Xavier Del Campo Romero	b4572c6217	page.c: Do not get filename on previews This change should provide the same behaviour, but would avoid unnecessary calls to dynstr_append and basename(3) when a preview is to be served.	2024-03-01 00:06:03 +01:00
Xavier Del Campo Romero	fb8896bccd	README.md: Update dependencies list - jq is required by usergen. - Despite being part of a POSIX.1-2008 environment, m4 is not provided by Debian or Ubuntu by default.	2024-02-24 08:39:25 +01:00
Xavier Del Campo Romero	dd29f9096a	usergen: Do not abort on existing directory Otherwise, it would not be possible to replace user credentials if the directory already exists.	2024-02-20 21:44:53 +01:00
Xavier Del Campo Romero	8bcf0bf855	main.c: Improve relative path detection Otherwise, the following resources would be considered valid: - /user/../test - /user/./test - /user/a/. - /user/a/./test	2024-02-20 21:24:17 +01:00
Xavier Del Campo Romero	afc5cf0dfc	main.c: Reject invalid /public/ requests Otherwise: - slcl would accept /public/ (i.e., without a file name) as a valid resource. This would incorrectly map the public/ directory on the database, making slcl to return -1 because public/ is not a regular file. - slcl would accept directory names (e.g.: /public/dir/), which is never expected since slcl stores all public files into a single directory.	2024-02-20 08:18:11 +01:00
Xavier Del Campo Romero	b7f232366c	main.c: Force valid cookie on check_length Otherwise, a malicious user could send multipart/form-data requests without a valid cookie.	2024-02-20 00:17:40 +01:00
Xavier Del Campo Romero	6c3bfa270b	page.c: Use open(2) fdopen(3) and fstat(2) Now, the same file descriptor can be reused for all of the operations above, instead of calling stat(2) and fopen(3) separately.	2024-02-19 23:35:09 +01:00
Xavier Del Campo Romero	78c8c4dabb	page.c: URL-encode href Otherwise, files with special characters, such as '%', could not be downloaded or previewed.	2024-02-19 23:35:09 +01:00
Xavier Del Campo Romero	55008f2f64	main.c: const-qualify name and dir There was no reason why these should not be const-qualified. It was probably missed during the implementation.	2024-02-19 23:35:08 +01:00
Xavier Del Campo Romero	1f8aa578a4	main.c: URL-encode created directories Otherwise, directories with special characters, such as "%", would not be accessible when performing the redirection.	2024-02-19 23:35:08 +01:00
Xavier Del Campo Romero	a578ad6537	main.c: Use fstat(2) on move_file This allows to reuse the same file descriptor to both open(2) and fstat(2) the file.	2024-02-19 23:35:08 +01:00
Xavier Del Campo Romero	f6b84b765d	Bump libweb to 0.3.0 The following commits fix a couple of security issues on libweb. Because of afe0681c0b26bb64bad55d7e86770f346cfa043e, slcl had to be updated to set up its struct http_cfg_post. commit afe0681c0b26bb64bad55d7e86770f346cfa043e Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Mon Feb 19 23:00:56 2024 +0100 Limit maximum multipart/form-data pairs and files A malicious user could inject an infinite number of empty files or key/value pairs into a request in order to exhaust the device's resources. commit 9d9e0c2979f43297b2ebbf84f14f064f3f9ced0e Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Mon Feb 19 22:49:09 2024 +0100 html.c: Avoid half-init objects on html_node_add_attr The previous implementation would leave half-initialised objects if one of the calls to strdup(3) failed. Now, n->attrs is only modified when all previous memory allocations were successful.	2024-02-19 23:35:08 +01:00
Xavier Del Campo Romero	0f889b409e	main.c: Add missing relative path check	2024-02-19 16:59:54 +01:00
Xavier Del Campo Romero	c198199a81	CMakeLists.txt: Bump version to 0.2.0	2024-02-12 23:15:15 +01:00
Xavier Del Campo Romero	69c9f975ba	Bump libweb to 0.2.0	2024-02-12 23:15:14 +01:00
Xavier Del Campo Romero	6d6c350479	usergen: Fix password generation For longer passwords, od(1) might introduce a newline character, causing printf(1) to interpret its input string incorrectly.	2024-01-26 20:32:28 +01:00
Xavier Del Campo Romero	8ebefdb9ab	Bump libweb The following commits introduced performance improvements and bugfixes: Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Sat Jan 20 01:09:18 2024 +0100 server.c: Fix wrong priority for do_exit Under some specific circumstances, poll(2) would return a positive integer, but do_exit might had been previously set. This caused libweb to ignore SIGTERM, with the potential risk for an endless loop. Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Sat Jan 20 01:05:05 2024 +0100 http.c: Solve performance issues on POST uploads Profiling showed that reading multipart/form POST uploads byte-by-byte was too slow and typically led to maximum CPU usage. Therefore, the older approach (as done up to commit 7efc2b3a) was more efficient, even if the resulting code was a bit uglier.	2024-01-26 20:31:34 +01:00
Xavier Del Campo Romero	974d263b7e	configure: Avoid file extension conversion	2024-01-26 20:31:18 +01:00
Xavier Del Campo Romero	d9d1811f89	configure: Fix typo slweb was renamed to libweb some time ago: commit `28ae865e5e` Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Tue Oct 10 23:43:47 2023 +0200 Apply slweb renaming to libweb	2023-11-24 01:52:52 +01:00
Xavier Del Campo Romero	3062a63e14	.gitignore: Ignore only ./Makefile Future commits might introduce Makefiles on other directories that should not be ignored.	2023-11-24 01:52:00 +01:00
Xavier Del Campo Romero	f0368253d1	Bump libweb The following commit should increase performance for slcl: commit b0accd099fa8c5110d4c3c68830ad6fd810ca3ec Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Fri Nov 24 00:52:50 2023 +0100 http.c: Unify read operations So far, libweb would perform different read operations depending on its state: - For HTTP headers or request bodies, one byte at a time was read. - For multipart/form-data, up to BUFSIZ bytes at a time were read. However, this caused a significant extra number of syscalls for no reason and would increase code complexity, specially when parsing multiform/form-data boundaries. Now, http_read always reads up to BUFSIZ bytes at a time and process them on a loop. Apart from reducing code complexity, this should increase performance due to the (much) lower number of syscalls required.	2023-11-24 01:38:51 +01:00
Xavier Del Campo Romero	c322356670	CMakeLists.txt: Fix wrong parameters for project When VERSION is given, LANGUAGES becomes mandatory.	2023-11-23 00:07:45 +01:00
Xavier Del Campo Romero	1768210ea4	Upgrade to new libweb interface Recent commits from libweb brought a few breaking changes. The one below affected slcl, so it had to be updated according to the new interface: commit 98f5f52461b0c1ab1ee3331722bd32e2db9e1d41 Author: Xavier Del Campo <xavier.delcampo@midokura.com> Date: Thu Nov 16 12:23:08 2023 +0100 Split handler_loop from handler_listen Some applications might set up a struct handler object to listen on any port i.e., 0, but still need a way to determine which port number was eventually selected by the implementation. Therefore, handler_listen has been reduced to the server initialization bit, whereas the main loop has been split into its own function, namely handler_loop. Because of these changes, it no longer made sense for libweb to write the selected port to standard output, as this is something now applications can do on their own.	2023-11-23 00:06:09 +01:00
Xavier Del Campo Romero	daffea4660	main.c: Treat non-existing upload dir as non-fatal When a user attempts to upload a file into a non-existing directory, slcl would not check whether the directory exists. Then, rename(3) would fail and slcl would treat this as a fatal error, effectively closing itself. Since this is an example of ill-formed user input, it must be treated as a non-fatal error, and instead slcl should return a bad request page.	2023-11-23 00:01:41 +01:00
Xavier Del Campo Romero	0854bc0030	Bump libweb More bugfixes related to partial boundary parsing were provided by this commit: commit b71a6174e12b4709acaf8bc151938ba12d2a54f6 Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Sun Nov 12 23:31:57 2023 +0100 http.c: Fix more issues with partial boundaries - http_memmem must not check strlen(a) > n because, in case of a partial boundary, it would wrongfully return NULL. - If one or more characters from a partial boundary are found at the end of a buffer, but the next buffer does not start with the rest of the boundary, the accumulated boundary must be reset, and then look for a new boundary.	2023-11-12 23:36:17 +01:00
Xavier Del Campo Romero	34d00e10af	Bump libweb Several bugfixes related to partial boundary parsing were provided by this commit: commit 7d02b225fe11fb0c7233cd2ea576485ee920f203 Author: Xavier Del Campo Romero <xavi.dcr@tutanota.com> Date: Sun Nov 12 06:16:26 2023 +0100 http.c: Fix several issues with partial boundaries - Writing to m->boundary[len] did not make any sense, as len is not meant to change between calls to read_mf_boundary_byte. - For the same reason, memset(3)ing "len + 1" did not make any sense. - When a partial boundary is found, http_memmem must still return st. - Calling reset_boundary with prev == 0 did not make sense, since that case typically means a partial boundary was found on a previous iteration, so m->blen must not be reset.	2023-11-12 06:54:56 +01:00
Xavier Del Campo Romero	8dff21942e	libweb: Bump new signature for http_decode_url The new signature allows callers to distinguish decoding errors from fatal errors. This is important for slcl to avoid crashing when ill-formed data is received from a client.	2023-11-12 01:30:43 +01:00