projects / project / ubus.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ubusd: protect against too-short messages
[project/ubus.git] / ubusd_main.c
1 /*
2 * Copyright (C) 2011-2014 Felix Fietkau <nbd@openwrt.org>
3 *
4 * SPDX-License-Identifier: LGPL-2.1-only
5 */
6
7 #include <sys/socket.h>
8 #include <sys/stat.h>
9 #include <sys/types.h>
10 #ifdef FreeBSD
11 #include <sys/param.h>
12 #endif
13 #include <string.h>
14 #include <syslog.h>
15
16 #include <libubox/usock.h>
17
18 #include "ubusd.h"
19
20 static void handle_client_disconnect(struct ubus_client *cl)
21 {
22 struct ubus_msg_buf_list *ubl, *ubl2;
23 list_for_each_entry_safe(ubl, ubl2, &cl->tx_queue, list)
24 ubus_msg_list_free(ubl);
25
26 ubusd_monitor_disconnect(cl);
27 ubusd_proto_free_client(cl);
28 if (cl->pending_msg_fd >= 0)
29 close(cl->pending_msg_fd);
30 uloop_fd_delete(&cl->sock);
31 close(cl->sock.fd);
32 free(cl);
33 }
34
35 static void client_cb(struct uloop_fd *sock, unsigned int events)
36 {
37 struct ubus_client *cl = container_of(sock, struct ubus_client, sock);
38 uint8_t fd_buf[CMSG_SPACE(sizeof(int))] = { 0 };
39 struct msghdr msghdr = { 0 };
40 struct ubus_msg_buf *ub;
41 struct ubus_msg_buf_list *ubl, *ubl2;
42 static struct iovec iov;
43 struct cmsghdr *cmsg;
44 int *pfd;
45
46 msghdr.msg_iov = &iov,
47 msghdr.msg_iovlen = 1,
48 msghdr.msg_control = fd_buf;
49 msghdr.msg_controllen = sizeof(fd_buf);
50
51 cmsg = CMSG_FIRSTHDR(&msghdr);
52 cmsg->cmsg_type = SCM_RIGHTS;
53 cmsg->cmsg_level = SOL_SOCKET;
54 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
55
56 pfd = (int *) CMSG_DATA(cmsg);
57 msghdr.msg_controllen = cmsg->cmsg_len;
58
59 /* first try to tx more pending data */
60 list_for_each_entry_safe(ubl, ubl2, &cl->tx_queue, list) {
61 ssize_t written;
62
63 ub = ubl->msg;
64 written = ubus_msg_writev(sock->fd, ub, cl->txq_ofs);
65 if (written < 0) {
66 switch(errno) {
67 case EINTR:
68 case EAGAIN:
69 break;
70 default:
71 goto disconnect;
72 }
73 break;
74 }
75
76 cl->txq_ofs += written;
77 cl->txq_len -= written;
78 if (cl->txq_ofs < ub->len + sizeof(ub->hdr))
79 break;
80
81 ubus_msg_list_free(ubl);
82 }
83
84 /* prevent further ULOOP_WRITE events if we don't have data
85 * to send anymore */
86 if (list_empty(&cl->tx_queue) && (events & ULOOP_WRITE))
87 uloop_fd_add(sock, ULOOP_READ | ULOOP_EDGE_TRIGGER);
88
89 retry:
90 if (!sock->eof && cl->pending_msg_offset < (int) sizeof(cl->hdrbuf)) {
91 int offset = cl->pending_msg_offset;
92 int bytes;
93
94 *pfd = -1;
95
96 iov.iov_base = ((char *) &cl->hdrbuf) + offset;
97 iov.iov_len = sizeof(cl->hdrbuf) - offset;
98
99 if (cl->pending_msg_fd < 0) {
100 msghdr.msg_control = fd_buf;
101 msghdr.msg_controllen = cmsg->cmsg_len;
102 } else {
103 msghdr.msg_control = NULL;
104 msghdr.msg_controllen = 0;
105 }
106
107 bytes = recvmsg(sock->fd, &msghdr, 0);
108 if (bytes < 0)
109 goto out;
110
111 if (*pfd >= 0)
112 cl->pending_msg_fd = *pfd;
113
114 cl->pending_msg_offset += bytes;
115 if (cl->pending_msg_offset < (int) sizeof(cl->hdrbuf))
116 goto out;
117
118 if (blob_raw_len(&cl->hdrbuf.data) < sizeof(struct blob_attr))
119 goto disconnect;
120 if (blob_pad_len(&cl->hdrbuf.data) > UBUS_MAX_MSGLEN)
121 goto disconnect;
122
123 cl->pending_msg = ubus_msg_new(NULL, blob_raw_len(&cl->hdrbuf.data), false);
124 if (!cl->pending_msg)
125 goto disconnect;
126
127 cl->hdrbuf.hdr.seq = be16_to_cpu(cl->hdrbuf.hdr.seq);
128 cl->hdrbuf.hdr.peer = be32_to_cpu(cl->hdrbuf.hdr.peer);
129
130 memcpy(&cl->pending_msg->hdr, &cl->hdrbuf.hdr, sizeof(cl->hdrbuf.hdr));
131 memcpy(cl->pending_msg->data, &cl->hdrbuf.data, sizeof(cl->hdrbuf.data));
132 }
133
134 ub = cl->pending_msg;
135 if (ub) {
136 int offset = cl->pending_msg_offset - sizeof(ub->hdr);
137 int len = blob_raw_len(ub->data) - offset;
138 int bytes = 0;
139
140 if (len > 0) {
141 bytes = read(sock->fd, (char *) ub->data + offset, len);
142 if (bytes <= 0)
143 goto out;
144 }
145
146 if (bytes < len) {
147 cl->pending_msg_offset += bytes;
148 goto out;
149 }
150
151 /* accept message */
152 ub->fd = cl->pending_msg_fd;
153 cl->pending_msg_fd = -1;
154 cl->pending_msg_offset = 0;
155 cl->pending_msg = NULL;
156 ubusd_monitor_message(cl, ub, false);
157 ubusd_proto_receive_message(cl, ub);
158 goto retry;
159 }
160
161 out:
162 if (!sock->eof || !list_empty(&cl->tx_queue))
163 return;
164
165 disconnect:
166 handle_client_disconnect(cl);
167 }
168
169 static bool get_next_connection(int fd)
170 {
171 struct ubus_client *cl;
172 int client_fd;
173
174 client_fd = accept(fd, NULL, 0);
175 if (client_fd < 0) {
176 switch (errno) {
177 case ECONNABORTED:
178 case EINTR:
179 return true;
180 default:
181 return false;
182 }
183 }
184
185 cl = ubusd_proto_new_client(client_fd, client_cb);
186 if (cl)
187 uloop_fd_add(&cl->sock, ULOOP_READ | ULOOP_EDGE_TRIGGER);
188 else
189 close(client_fd);
190
191 return true;
192 }
193
194 static void server_cb(struct uloop_fd *fd, unsigned int events)
195 {
196 bool next;
197
198 do {
199 next = get_next_connection(fd->fd);
200 } while (next);
201 }
202
203 static struct uloop_fd server_fd = {
204 .cb = server_cb,
205 };
206
207 static int usage(const char *progname)
208 {
209 fprintf(stderr, "Usage: %s [<options>]\n"
210 "Options: \n"
211 " -A <path>: Set the path to ACL files\n"
212 " -s <socket>: Set the unix domain socket to listen on\n"
213 "\n", progname);
214 return 1;
215 }
216
217 static void sighup_handler(int sig)
218 {
219 ubusd_acl_load();
220 }
221
222 static void mkdir_sockdir()
223 {
224 char *ubus_sock_dir, *tmp;
225
226 ubus_sock_dir = strdup(UBUS_UNIX_SOCKET);
227 tmp = strrchr(ubus_sock_dir, '/');
228 if (tmp) {
229 *tmp = '\0';
230 mkdir(ubus_sock_dir, 0755);
231 }
232 free(ubus_sock_dir);
233 }
234
235 int main(int argc, char **argv)
236 {
237 const char *ubus_socket = UBUS_UNIX_SOCKET;
238 int ret = 0;
239 int ch;
240
241 signal(SIGPIPE, SIG_IGN);
242 signal(SIGHUP, sighup_handler);
243
244 openlog("ubusd", LOG_PID, LOG_DAEMON);
245 uloop_init();
246
247 while ((ch = getopt(argc, argv, "A:s:")) != -1) {
248 switch (ch) {
249 case 's':
250 ubus_socket = optarg;
251 break;
252 case 'A':
253 ubusd_acl_dir = optarg;
254 break;
255 default:
256 return usage(argv[0]);
257 }
258 }
259
260 mkdir_sockdir();
261 unlink(ubus_socket);
262 umask(0111);
263 server_fd.fd = usock(USOCK_UNIX | USOCK_SERVER | USOCK_NONBLOCK, ubus_socket, NULL);
264 if (server_fd.fd < 0) {
265 perror("usock");
266 ret = -1;
267 goto out;
268 }
269 uloop_fd_add(&server_fd, ULOOP_READ | ULOOP_EDGE_TRIGGER);
270 ubusd_acl_load();
271
272 uloop_run();
273 unlink(ubus_socket);
274
275 out:
276 uloop_done();
277 return ret;
278 }
OpenWrt system message/RPC bus