Tue, 12 Dec 2017 23:58:54 +0100
fixes infinite loop when trying to overwrite a collection with a regular file
/* * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. * * Copyright 2016 Olaf Wintermann. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. */ #include <time.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <errno.h> #include <ctype.h> #include <ucx/string.h> #include <ucx/buffer.h> #include <ucx/utils.h> #include <libxml/tree.h> #include <curl/curl.h> #ifdef _WIN32 #include <conio.h> #define getpasswordchar() getch() #else #include <termios.h> #define getpasswordchar() getchar() #endif #include <openssl/hmac.h> #include <openssl/evp.h> #include <openssl/bio.h> #include <openssl/buffer.h> #include <openssl/rand.h> #include "webdav.h" #include "utils.h" #include "crypto.h" #include "session.h" static size_t extractval(sstr_t str, char *result, char delim) { size_t n = 0; for(size_t i = 0; i < str.length ; i++) { if(isdigit(str.ptr[i])) { result[n++] = str.ptr[i]; } else if(str.ptr[i] != delim) { return 0; } } result[n] = '\0'; return n; } static time_t parse_iso8601(char *iso8601str) { // safety if(!iso8601str) { return 0; } // local vars struct tm tparts; memset(&tparts, 0, sizeof(struct tm)); long val; char conv[16]; // work on the trimmed string sstr_t date = sstrtrim(sstr(iso8601str)); sstr_t time = sstrchr(date, 'T'); if(time.length == 0) { return 0; } date.length = time.ptr - date.ptr; time.ptr++; time.length--; sstr_t tzinfo; if((tzinfo = sstrchr(time, 'Z')).length > 0 || (tzinfo = sstrchr(time, '+')).length > 0 || (tzinfo = sstrchr(time, '-')).length > 0) { time.length = tzinfo.ptr - time.ptr; } // parse date if((date.length != 8 && date.length != 10) || extractval(date, conv , '-') != 8) { return 0; } val = atol(conv); if(val < 19000000L) { return 0; } tparts.tm_mday = val % 100; tparts.tm_mon = (val % 10000) / 100 - 1; tparts.tm_year = val / 10000 - 1900; // parse time and skip possible fractional seconds sstr_t frac; if((frac = sstrchr(time, '.')).length > 0 || (frac = sstrchr(time, ',')).length > 0) { time.length = frac.ptr - time.ptr; } if((time.length != 6 && time.length != 8) || extractval(time, conv , ':') != 6) { return 0; } val = atol(conv); tparts.tm_sec = val % 100; tparts.tm_min = (val % 10000) / 100; tparts.tm_hour = val / 10000; // parse time zone (if any) if(tzinfo.length == 0) { // local time tparts.tm_isdst = -1; return mktime(&tparts); } else if(!sstrcmp(tzinfo, S("Z"))) { #ifdef __FreeBSD__ return timegm(&tparts); #else return mktime(&tparts) - timezone; #endif } else if(tzinfo.ptr[0] == '+' || tzinfo.ptr[0] == '-') { int sign = (tzinfo.ptr[0] == '+') ? -1 : 1; if(tzinfo.length > 6) { return 0; } else { tzinfo.ptr++; tzinfo.length--; extractval(tzinfo, conv, ':'); val = atol(conv); val = 60 * (val / 100) + (val % 100); #ifdef __FreeBSD__ return timegm(&tparts) + (time_t) (60 * val * sign); #else return mktime(&tparts) - timezone + (time_t) (60 * val * sign); #endif } } else { return 0; } } time_t util_parse_creationdate(char *str) { // parse a ISO-8601 date (rfc-3339) // example: 2012-11-29T21:35:35Z if(!str) { return 0; } return parse_iso8601(str); } time_t util_parse_lastmodified(char *str) { // parse a rfc-1123 date // example: Thu, 29 Nov 2012 21:35:35 GMT if(!str) { return 0; } else { time_t result = curl_getdate(str, NULL); if(result == -1) { // some shit server don't comply with the WebDAV standard and // use ISO-8601 dates for lastmodified (e.g. Microsoft Sharepoint) return util_parse_creationdate(str); } else { return result; } } } int util_getboolean(char *v) { if(v[0] == 'T' || v[0] == 't') { return 1; } return 0; } int util_strtoint(char *str, int64_t *value) { char *end; errno = 0; int64_t val = strtoll(str, &end, 0); if(errno == 0) { *value = val; return 1; } else { return 0; } } char* util_url_base(char *url) { sstr_t u = sstr(url); int len = u.length; int slashcount = 0; int slmax; if(len > 7 && !strncasecmp(url, "http://", 7)) { slmax = 3; } else if(len > 8 && !strncasecmp(url, "https://", 8)) { slmax = 3; } else { slmax = 1; } char c; int i = 0; for(i=0;i<len;i++) { c = url[i]; if(c == '/') { slashcount++; if(slashcount == slmax) { i++; break; } } } sstr_t server = sstrsubsl(u, 0, i); server = sstrdup(server); return server.ptr; } char* util_url_path(char *url) { char *path = NULL; size_t len = strlen(url); int slashcount = 0; int slmax; if(len > 7 && !strncasecmp(url, "http://", 7)) { slmax = 3; } else if(len > 8 && !strncasecmp(url, "https://", 8)) { slmax = 3; } else { slmax = 1; } char c; for(int i=0;i<len;i++) { c = url[i]; if(c == '/') { slashcount++; if(slashcount == slmax) { path = url + i; break; } } } return path; } char* util_url_decode(DavSession *sn, char *url) { char *unesc = curl_easy_unescape(sn->handle, url, strlen(url), NULL); char *ret = strdup(unesc); curl_free(unesc); return ret; } static size_t util_header_callback(char *buffer, size_t size, size_t nitems, void *data) { sstr_t sbuffer = sstrn(buffer, size*nitems); UcxMap *map = (UcxMap*) data; // if we get a status line, clear the map and exit if(sstrprefix(sbuffer, S("HTTP/"))) { ucx_map_free_content(map, free); ucx_map_clear(map); return size*nitems; } // if we get the terminating CRLF, just exit if(!sstrcmp(sbuffer, S("\r\n"))) { return 2; } sstr_t key = sbuffer; sstr_t value = sstrchr(sbuffer, ':'); if(value.length == 0) { return 0; // invalid header line } key.length = value.ptr - key.ptr; value.ptr++; value.length--; key = sstrlower(sstrtrim(key)); value = sstrdup(sstrtrim(value)); ucx_map_sstr_put(map, key, value.ptr); free(key.ptr); return sbuffer.length; } void util_capture_header(CURL *handle, UcxMap* map) { if(map) { curl_easy_setopt(handle, CURLOPT_HEADERFUNCTION, util_header_callback); curl_easy_setopt(handle, CURLOPT_HEADERDATA, map); } else { curl_easy_setopt(handle, CURLOPT_HEADERFUNCTION, NULL); curl_easy_setopt(handle, CURLOPT_HEADERDATA, NULL); } } char* util_resource_name(char *url) { int si = 0; int osi = 0; int i = 0; int p = 0; char c; while((c = url[i]) != 0) { if(c == '/') { osi = si; si = i; p = 1; } i++; } char *name = url + si + p; if(name[0] == 0) { name = url + osi + p; if(name[0] == 0) { return url; } } return name; } int util_mkdir(char *path, mode_t mode) { #ifdef _WIN32 return mkdir(path); #else return mkdir(path, mode); #endif } char* util_concat_path(char *url_base, char *p) { sstr_t base = sstr(url_base); sstr_t path; if(p) { path = sstr(p); } else { path = sstrn("", 0); } int add_separator = 0; if(base.length != 0 && base.ptr[base.length-1] == '/') { if(path.ptr[0] == '/') { base.length--; } } else { if(path.length == 0 || path.ptr[0] != '/') { add_separator = 1; } } sstr_t url; if(add_separator) { url = sstrcat(3, base, sstr("/"), path); } else { url = sstrcat(2, base, path); } return url.ptr; } char* util_get_url(DavSession *sn, char *href) { sstr_t base = sstr(sn->base_url); sstr_t href_str = sstr(href); char *base_path = util_url_path(sn->base_url); base.length -= strlen(base_path); sstr_t url = sstrcat(2, base, href_str); return url.ptr; } void util_set_url(DavSession *sn, char *href) { char *url = util_get_url(sn, href); curl_easy_setopt(sn->handle, CURLOPT_URL, url); free(url); } char* util_path_to_url(DavSession *sn, char *path) { char *space = malloc(256); UcxBuffer *url = ucx_buffer_new(space, 256, UCX_BUFFER_AUTOEXTEND); // add base url ucx_buffer_write(sn->base_url, 1, strlen(sn->base_url), url); // remove trailing slash ucx_buffer_seek(url, -1, SEEK_CUR); sstr_t p = sstr(path); ssize_t ntk = 0; sstr_t *tks = sstrsplit(p, S("/"), &ntk); for(int i=0;i<ntk;i++) { sstr_t node = tks[i]; if(node.length > 0) { char *esc = curl_easy_escape(sn->handle, node.ptr, node.length); ucx_buffer_putc(url, '/'); ucx_buffer_write(esc, 1, strlen(esc), url); curl_free(esc); } free(node.ptr); } free(tks); if(path[p.length-1] == '/') { ucx_buffer_putc(url, '/'); } ucx_buffer_putc(url, 0); space = url->space; ucx_buffer_free(url); return space; } char* util_parent_path(char *path) { char *name = util_resource_name(path); size_t namelen = strlen(name); size_t pathlen = strlen(path); size_t parentlen = pathlen - namelen; char *parent = malloc(parentlen + 1); memcpy(parent, path, parentlen); parent[parentlen] = '\0'; return parent; } char* util_xml_get_text(const xmlNode *elm) { xmlNode *node = elm->children; while(node) { if(node->type == XML_TEXT_NODE) { return (char*)node->content; } node = node->next; } return NULL; } char* util_base64decode(char *in) { int len = 0; return util_base64decode_len(in, &len); } char* util_base64decode_len(char* in, int *outlen) { size_t len = strlen(in); char *out = calloc(1, len); BIO *b = BIO_new_mem_buf(in, len); BIO *d = BIO_new(BIO_f_base64()); BIO_set_flags(d, BIO_FLAGS_BASE64_NO_NL); b = BIO_push(d, b); *outlen = BIO_read(b, out, len); BIO_free_all(b); return out; } char* util_base64encode(char *in, size_t len) { BIO *b; BIO *e; BUF_MEM *mem; e = BIO_new(BIO_f_base64()); b = BIO_new(BIO_s_mem()); BIO_set_flags(e, BIO_FLAGS_BASE64_NO_NL); e = BIO_push(e, b); BIO_write(e, in, len); BIO_flush(e); BIO_get_mem_ptr(e, &mem); char *out = malloc(mem->length + 1); memcpy(out, mem->data, mem->length); out[mem->length] = '\0'; BIO_free_all(e); return out; } char* util_encrypt_str(DavSession *sn, char *str, char *key) { DavKey *k = dav_context_get_key(sn->context, key); if(!k) { sn->error = DAV_ERROR; sstr_t err = ucx_sprintf("Key %s not found", key); dav_session_set_errstr(sn, err.ptr); free(err.ptr); return NULL; } return util_encrypt_str_k(sn, str, k); } char* util_encrypt_str_k(DavSession *sn, char *str, DavKey *key) { char *enc_str = aes_encrypt(str, strlen(str), key); char *ret_str = dav_session_strdup(sn, enc_str); free(enc_str); return ret_str; } char* util_decrypt_str(DavSession *sn, char *str, char *key) { DavKey *k = dav_context_get_key(sn->context, key); if(!k) { sn->error = DAV_ERROR; sstr_t err = ucx_sprintf("Key %s not found", key); dav_session_set_errstr(sn, err.ptr); free(err.ptr); return NULL; } return util_decrypt_str_k(sn, str, k); } char* util_decrypt_str_k(DavSession *sn, char *str, DavKey *key) { size_t len = 0; char *dec_str = aes_decrypt(str, &len, key); char *ret_str = dav_session_strdup(sn, dec_str); free(dec_str); return ret_str; } char* util_random_str() { unsigned char *str = malloc(25); str[24] = '\0'; sstr_t t = S( "01234567890" "abcdefghijklmnopqrstuvwxyz" "ABCDEFGHIJKLMNOPQRSTUVWXYZ"); const unsigned char *table = (const unsigned char*)t.ptr; RAND_pseudo_bytes(str, 24); for(int i=0;i<24;i++) { int c = str[i] % t.length; str[i] = table[c]; } return (char*)str; } /* * gets a substring from 0 to the appearance of the token * tokens are separated by space * sets sub to the substring and returns the remaining string */ sstr_t util_getsubstr_until_token(sstr_t str, sstr_t token, sstr_t *sub) { int i; int token_start = -1; int token_end = -1; for(i=0;i<=str.length;i++) { int c; if(i == str.length) { c = ' '; } else { c = str.ptr[i]; } if(c < 33) { if(token_start != -1) { token_end = i; size_t len = token_end - token_start; sstr_t tk = sstrsubsl(str, token_start, len); //printf("token: {%.*s}\n", token.length, token.ptr); if(!sstrcmp(tk, token)) { *sub = sstrtrim(sstrsubsl(str, 0, token_start)); break; } token_start = -1; token_end = -1; } } else { if(token_start == -1) { token_start = i; } } } if(i < str.length) { return sstrtrim(sstrsubs(str, i)); } else { str.ptr = NULL; str.length = 0; return str; } } sstr_t util_readline(FILE *stream) { UcxBuffer *buf = ucx_buffer_new(NULL, 128, UCX_BUFFER_AUTOEXTEND); int c; while((c = fgetc(stream)) != '\n') { ucx_buffer_putc(buf, c); } sstr_t str = sstrdup(sstrtrim(sstrn(buf->space, buf->size))); ucx_buffer_free(buf); return str; } char* util_password_input(char *prompt) { fprintf(stderr, "%s", prompt); fflush(stderr); #ifndef _WIN32 // hide terminal input struct termios oflags, nflags; tcgetattr(fileno(stdin), &oflags); nflags = oflags; nflags.c_lflag &= ~ECHO; nflags.c_lflag |= ECHONL; if (tcsetattr(fileno(stdin), TCSANOW, &nflags) != 0) { perror("tcsetattr"); } #endif // read password input UcxBuffer *buf = ucx_buffer_new(NULL, 128, UCX_BUFFER_AUTOEXTEND); int c = 0; while((c = getpasswordchar()) != EOF) { if(c == '\n' || c == '\r') { break; } ucx_buffer_putc(buf, c); } ucx_buffer_putc(buf, 0); fflush(stdin); #ifndef _WIN32 // restore terminal settings if (tcsetattr(fileno(stdin), TCSANOW, &oflags) != 0) { perror("tcsetattr"); } #endif char *str = buf->space; free(buf); // only free the UcxBuffer struct return str; } char* util_hexstr(unsigned char *data, size_t len) { size_t buflen = 2*len + 4; UcxBuffer *buf = ucx_buffer_new(malloc(buflen), buflen + 1, 0); for(int i=0;i<len;i++) { ucx_bprintf(buf, "%x", data[i]); } ucx_buffer_putc(buf, 0); char *str = buf->space; ucx_buffer_free(buf); return str; }