/* * Send a file. It is implemented as a state machine using a while loop * and a switch statement. Function flow is as follow: * - sanity check * - check client's request * - enter state machine * * 1) send a DATA or OACK * 2) wait replay * - if ACK, goto 3 * - if ERROR abort * - if TIMEOUT goto previous state * 3) send data, goto 2 */ int tftpd_send_file(struct thread_data *data) { int state = S_BEGIN; int timeout_state = state; int result; int block_number = 0; int last_block = -1; int data_size; struct sockaddr_storage *sa = &data->client_info->client; struct sockaddr_storage from; char addr_str[SOCKADDR_PRINT_ADDR_LEN]; int sockfd = data->sockfd; struct tftphdr *tftphdr = (struct tftphdr *)data->data_buffer; FILE *fp; char filename[MAXLEN]; char string[MAXLEN]; int timeout = data->timeout; int number_of_timeout = 0; int mcast_switch = data->mcast_switch_client; struct stat file_stat; int convert = 0; /* if true, do netascii conversion */ struct thread_data *thread = NULL; /* used when looking for a multicast thread */ int multicast = 0; /* set to 1 if multicast */ struct client_info *client_info = data->client_info; struct client_info *client_old = NULL; struct tftp_opt options[OPT_NUMBER]; int prev_block_number = 0; /* needed to support netascii convertion */ int prev_file_pos = 0; int temp = 0; /* look for mode option */ if (strcasecmp(data->tftp_options[OPT_MODE].value, "netascii") == 0) { convert = 1; logger(LOG_DEBUG, "will do netascii convertion"); } /* file name verification */ Strncpy(filename, data->tftp_options[OPT_FILENAME].value, MAXLEN); if (tftpd_rules_check(filename) != OK) { tftp_send_error(sockfd, sa, EACCESS, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EACCESS, tftp_errmsg[EACCESS]); return ERR; } /* verify that the requested file exist */ fp = fopen(filename, "r"); #ifdef HAVE_PCRE if (fp == NULL) { /* Verify if this file have a working subsitution */ if (pcre_top != NULL) { if (tftpd_pcre_sub(pcre_top, string, MAXLEN, data->tftp_options[OPT_FILENAME].value) < 0) { logger(LOG_DEBUG, "PCRE failed to match"); } else { logger(LOG_INFO, "PCRE mapped %s -> %s", data->tftp_options[OPT_FILENAME].value, string); Strncpy(filename, string, MAXLEN); /* recheck those rules */ if (tftpd_rules_check(filename) != OK) { tftp_send_error(sockfd, sa, EACCESS, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EACCESS, tftp_errmsg[EACCESS]); return ERR; } /* write back the new file name to the option structure */ opt_set_options(data->tftp_options, "filename", filename); /* try to open this new file */ fp = fopen(filename, "r"); } } } #endif if (fp == NULL) { tftp_send_error(sockfd, sa, ENOTFOUND, data->data_buffer, data->data_buffer_size); logger(LOG_INFO, "File %s not found", filename); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", ENOTFOUND, tftp_errmsg[ENOTFOUND]); return ERR; } /* To return the size of the file with tsize argument */ fstat(fileno(fp), &file_stat); /* tsize option */ if ((opt_get_tsize(data->tftp_options) > -1) && !convert) { opt_set_tsize(file_stat.st_size, data->tftp_options); logger(LOG_INFO, "tsize option -> %d", file_stat.st_size); } /* timeout option */ if ((result = opt_get_timeout(data->tftp_options)) > -1) { if ((result < 1) || (result > 255)) { tftp_send_error(sockfd, sa, EOPTNEG, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EOPTNEG, tftp_errmsg[EOPTNEG]); fclose(fp); return ERR; } timeout = result; opt_set_timeout(timeout, data->tftp_options); logger(LOG_INFO, "timeout option -> %d", timeout); } /* blksize options */ if ((result = opt_get_blksize(data->tftp_options)) > -1) { if ((result < 8) || (result > 65464)) { tftp_send_error(sockfd, sa, EOPTNEG, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EOPTNEG, tftp_errmsg[EOPTNEG]); fclose(fp); return ERR; } data->data_buffer_size = result + 4; data->data_buffer = realloc(data->data_buffer, data->data_buffer_size); if (data->data_buffer == NULL) { logger(LOG_ERR, "memory allocation failure"); fclose(fp); return ERR; } tftphdr = (struct tftphdr *)data->data_buffer; if (data->data_buffer == NULL) { tftp_send_error(sockfd, sa, ENOSPACE, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", ENOSPACE, tftp_errmsg[ENOSPACE]); fclose(fp); return ERR; } opt_set_blksize(result, data->tftp_options); logger(LOG_INFO, "blksize option -> %d", result); } /* Verify that the file can be sent in 2^16 block of BLKSIZE octets */ if ((file_stat.st_size / (data->data_buffer_size - 4)) > 65535) { tftp_send_error(sockfd, sa, EUNDEF, data->data_buffer, data->data_buffer_size); logger(LOG_NOTICE, "Requested file to big, increase BLKSIZE"); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EUNDEF, tftp_errmsg[EUNDEF]); fclose(fp); return ERR; } /* multicast option */ if (data->tftp_options[OPT_MULTICAST].specified && data->tftp_options[OPT_MULTICAST].enabled && !convert) { /* * Find a server with the same options to give up the client. */ logger(LOG_DEBUG, "Searching a server thread to give up this client"); result = tftpd_list_find_multicast_server_and_add(&thread, data, data->client_info); if ( result > 0) { /* add this client to its list of client */ if (result == 1) logger(LOG_DEBUG, "Added client %p to thread %p", data->client_info, thread); else logger(LOG_DEBUG, "Client (%p) is already in list of thread %p", data->client_info, thread); /* NULL our own pointer so we don't free memory */ if (result == 1) data->client_info = NULL; /* Look at needed information to oack that client */ opt_set_multicast(data->tftp_options, thread->mc_addr, thread->mc_port, 0); logger(LOG_INFO, "multicast option -> %s,%d,%d", thread->mc_addr, thread->mc_port, 0); /* Send an OACK to that client. There is a possible race condition here where the new server thread OACK this client before us. This should not be a problem: the client thread will receive a second OACK and fall back to non master mode. Then the server will timeout and either resend OACK or continu with the next client */ opt_options_to_string(data->tftp_options, string, MAXLEN); if (data->trace) logger(LOG_DEBUG, "sent OACK <%s>", string); tftp_send_oack(thread->sockfd, sa, data->tftp_options, data->data_buffer, data->data_buffer_size); /* We are done */ logger(LOG_INFO, "Client transfered to %p", thread); fclose(fp); return OK; } else { struct addrinfo hints, *result; /* configure socket, get an IP address */ if (tftpd_mcast_get_tid(&data->mc_addr, &data->mc_port) != OK) { logger(LOG_ERR, "No multicast address/port available"); fclose(fp); return ERR; } logger(LOG_DEBUG, "mcast_addr: %s, mcast_port: %d", data->mc_addr, data->mc_port); /* convert address */ memset(&hints, 0, sizeof(hints)); hints.ai_socktype = SOCK_DGRAM; hints.ai_flags = AI_NUMERICHOST; if (getaddrinfo(data->mc_addr, NULL, &hints, &result) || sockaddr_set_addrinfo(&data->sa_mcast, result)) { logger(LOG_ERR, "bad address %s\n",data->mc_addr); fclose(fp); return ERR; } freeaddrinfo(result); sockaddr_set_port(&data->sa_mcast, data->mc_port); /* verify address is multicast */ if (!sockaddr_is_multicast(&data->sa_mcast)) { logger(LOG_ERR, "bad multicast address %s\n", sockaddr_print_addr(&data->sa_mcast, addr_str, sizeof(addr_str))); fclose(fp); return ERR; } /* initialise multicast address structure */ sockaddr_get_mreq(&data->sa_mcast, &data->mcastaddr); if (data->sa_mcast.ss_family == AF_INET) setsockopt(data->sockfd, IPPROTO_IP, IP_MULTICAST_TTL, &data->mcast_ttl, sizeof(data->mcast_ttl)); else setsockopt(data->sockfd, IPPROTO_IPV6, IPV6_MULTICAST_HOPS, &data->mcast_ttl, sizeof(data->mcast_ttl)); /* set options data for OACK */ opt_set_multicast(data->tftp_options, data->mc_addr, data->mc_port, 1); logger(LOG_INFO, "multicast option -> %s,%d,%d", data->mc_addr, data->mc_port, 1); /* the socket must be unconnected for multicast */ sa->ss_family = AF_UNSPEC; connect(sockfd, (struct sockaddr *)sa, sizeof(*sa)); /* set multicast flag */ multicast = 1; /* Now ready to receive new clients */ tftpd_clientlist_ready(data); } } /* copy options to local structure, used when falling back a client to slave */ memcpy(options, data->tftp_options, sizeof(options)); opt_set_multicast(options, data->mc_addr, data->mc_port, 0); /* That's it, ready to send the file */ while (1) { if (tftpd_cancel) { /* Send error to all client */ logger(LOG_DEBUG, "thread cancelled"); do { tftpd_clientlist_done(data, client_info, NULL); tftp_send_error(sockfd, &client_info->client, EUNDEF, data->data_buffer, data->data_buffer_size); if (data->trace) { logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s> to %s", EUNDEF, tftp_errmsg[EUNDEF], sockaddr_print_addr(&client_info->client, addr_str, sizeof(addr_str))); } } while (tftpd_clientlist_next(data, &client_info) == 1); state = S_ABORT; } switch (state) { case S_BEGIN: if (opt_support_options(data->tftp_options)) state = S_SEND_OACK; else state = S_SEND_DATA; break; case S_SEND_OACK: timeout_state = state; opt_options_to_string(data->tftp_options, string, MAXLEN); if (data->trace) logger(LOG_DEBUG, "sent OACK <%s>", string); tftp_send_oack(sockfd, sa, data->tftp_options, data->data_buffer, data->data_buffer_size); state = S_WAIT_PACKET; break; case S_SEND_DATA: timeout_state = state; data_size = tftp_file_read(fp, tftphdr->th_data, data->data_buffer_size - 4, block_number, convert, &prev_block_number, &prev_file_pos, &temp); data_size += 4; /* need to consider tftp header */ /* record the last block number */ if (feof(fp)) last_block = block_number; if (multicast) { tftp_send_data(sockfd, &data->sa_mcast, block_number + 1, data_size, data->data_buffer); } else { tftp_send_data(sockfd, sa, block_number + 1, data_size, data->data_buffer); } if (data->trace) logger(LOG_DEBUG, "sent DATA <block: %d, size %d>", block_number + 1, data_size - 4); state = S_WAIT_PACKET; break; case S_WAIT_PACKET: data_size = data->data_buffer_size; result = tftp_get_packet(sockfd, -1, NULL, sa, &from, NULL, timeout, &data_size, data->data_buffer); switch (result) { case GET_TIMEOUT: number_of_timeout++; if (number_of_timeout > NB_OF_RETRY) { logger(LOG_INFO, "client (%s) not responding", sockaddr_print_addr(&client_info->client, addr_str, sizeof(addr_str))); state = S_END; } else { /* The client failed to ACK our last packet. Send an OACK with mc=0 to it, fetch the next client in the list and continu with this new one */ if (multicast && mcast_switch) { client_old = client_info; tftpd_clientlist_next(data, &client_info); if (client_info && (client_info != client_old)) { /* Send an OACK to the old client remove is master client status */ opt_options_to_string(options, string, MAXLEN); if (data->trace) logger(LOG_DEBUG, "sent OACK <%s>", string); tftp_send_oack(sockfd, sa, options, data->data_buffer, data->data_buffer_size); /* Proceed normally with the next client, going to OACK state */ logger(LOG_INFO, "Serving next client: %s:%d", sockaddr_print_addr( &client_info->client, addr_str, sizeof(addr_str)), sockaddr_get_port( &client_info->client)); sa = &client_info->client; state = S_SEND_OACK; break; } else if (client_info == NULL) { /* we got a big problem if this happend */ logger(LOG_ERR, "%s: %d: abnormal condition", __FILE__, __LINE__); state = S_ABORT; break; } } logger(LOG_WARNING, "timeout: retrying..."); state = timeout_state; } break; case GET_ACK: /* handle case where packet come from un unexpected client */ if (multicast) { if (!sockaddr_equal(sa, &from)) { /* We got an ACK from a client that is not the master client. * If this is an ACK for the last block, mark this client as * done */ if ((last_block != -1) && (block_number > last_block)) { if (tftpd_clientlist_done(data, NULL, &from) == 1) logger(LOG_DEBUG, "client done <%s>", sockaddr_print_addr( &from, addr_str, sizeof(addr_str))); else logger(LOG_WARNING, "packet discarded <%s:%d>", sockaddr_print_addr( &from, addr_str, sizeof(addr_str)), sockaddr_get_port(&from)); } else /* If not, send and OACK with mc=0 to shut it up. */ { opt_options_to_string(options, string, MAXLEN); if (data->trace) logger(LOG_DEBUG, "sent OACK <%s>", string); tftp_send_oack(sockfd, &from, options, data->data_buffer, data->data_buffer_size); } break; } } else { /* check that the packet is from the current client */ if (sockaddr_get_port(sa) != sockaddr_get_port(&from)) { if (data->checkport) { logger(LOG_WARNING, "packet discarded <%s:%d>", sockaddr_print_addr(&from, addr_str, sizeof(addr_str)), sockaddr_get_port(&from)); break; } else logger(LOG_WARNING, "source port mismatch, check bypassed"); } } /* The ACK is from the current client */ number_of_timeout = 0; block_number = ntohs(tftphdr->th_block); if (data->trace) logger(LOG_DEBUG, "received ACK <block: %d>", block_number); if ((last_block != -1) && (block_number > last_block)) { state = S_END; break; } state = S_SEND_DATA; break; case GET_ERROR: /* handle case where packet come from un unexpected client */ if (multicast) { /* if packet is not from the current master client */ if (!sockaddr_equal(sa, &from)) { /* mark this client done */ if (tftpd_clientlist_done(data, NULL, &from) == 1) { if (data->trace) logger(LOG_DEBUG, "client sent ERROR, mark as done <%s>", sockaddr_print_addr( &from, addr_str, sizeof(addr_str))); } else logger(LOG_WARNING, "packet discarded <%s>", sockaddr_print_addr(&from, addr_str, sizeof(addr_str))); /* current state is unchanged */ break; } } else { /* check that the packet is from the current client */ if (sockaddr_get_port(sa) != sockaddr_get_port(&from)) { if (data->checkport) { logger(LOG_WARNING, "packet discarded <%s>", sockaddr_print_addr(&from, addr_str, sizeof(addr_str))); break; } else logger(LOG_WARNING, "source port mismatch, check bypassed"); } } /* Got an ERROR from the current master client */ Strncpy(string, tftphdr->th_msg, (((data_size - 4) > MAXLEN) ? MAXLEN : (data_size - 4))); if (data->trace) logger(LOG_DEBUG, "received ERROR <code: %d, msg: %s>", ntohs(tftphdr->th_code), string); if (multicast) { logger(LOG_DEBUG, "Marking client as done"); state = S_END; } else state = S_ABORT; break; case GET_DISCARD: /* FIXME: should we increment number_of_timeout */ logger(LOG_WARNING, "packet discarded <%s>", sockaddr_print_addr(&from, addr_str, sizeof(addr_str))); break; case ERR: logger(LOG_ERR, "%s: %d: recvfrom: %s", __FILE__, __LINE__, strerror(errno)); state = S_ABORT; break; default: logger(LOG_ERR, "%s: %d: abnormal return value %d", __FILE__, __LINE__, result); } break; case S_END: if (multicast) { logger(LOG_DEBUG, "End of multicast transfer"); /* mark the current client done */ tftpd_clientlist_done(data, client_info, NULL); /* Look if there is another client to serve. We lock list of client to make sure no other thread try to add clients in our back */ if (tftpd_clientlist_next(data, &client_info) == 1) { logger(LOG_INFO, "Serving next client: %s:%d", sockaddr_print_addr(&client_info->client, addr_str, sizeof(addr_str)), sockaddr_get_port(&client_info->client)); /* client is a new client structure */ sa = &client_info->client; /* nedd to send an oack to that client */ state = S_SEND_OACK; fseek(fp, 0, SEEK_SET); } else { logger(LOG_INFO, "No more client, end of tranfers"); fclose(fp); return OK; } } else { logger(LOG_DEBUG, "End of transfer"); fclose(fp); return OK; } break; case S_ABORT: logger(LOG_DEBUG, "Aborting transfer"); fclose(fp); return ERR; default: fclose(fp); logger(LOG_ERR, "%s: %d: abnormal condition", __FILE__, __LINE__); return ERR; } } }
/* * Receive a file. It is implemented as a state machine using a while loop * and a switch statement. Function flow is as follow: * - sanity check * - check client's request * - enter state machine * * 1) send a ACK or OACK * 2) wait replay * - if DATA packet, read it, send an acknoledge, goto 2 * - if ERROR abort * - if TIMEOUT goto previous state */ int tftpd_receive_file(struct thread_data *data) { int state = S_BEGIN; int timeout_state = state; int result; int block_number = 0; int data_size; int sockfd = data->sockfd; struct sockaddr_storage *sa = &data->client_info->client; struct sockaddr_storage from; char addr_str[SOCKADDR_PRINT_ADDR_LEN]; struct tftphdr *tftphdr = (struct tftphdr *)data->data_buffer; FILE *fp; char filename[MAXLEN]; char string[MAXLEN]; int timeout = data->timeout; int number_of_timeout = 0; int all_blocks_received = 0; /* temporary kludge */ int convert = 0; /* if true, do netascii convertion */ int prev_block_number = 0; /* needed to support netascii convertion */ int temp = 0; /* look for mode option */ if (strcasecmp(data->tftp_options[OPT_MODE].value, "netascii") == 0) { convert = 1; logger(LOG_DEBUG, "will do netascii convertion"); } /* file name verification */ Strncpy(filename, data->tftp_options[OPT_FILENAME].value, MAXLEN); if (tftpd_rules_check(filename) != OK) { tftp_send_error(sockfd, sa, EACCESS, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EACCESS, tftp_errmsg[EACCESS]); return ERR; } /* Open the file for writing. */ if ((fp = fopen(filename, "w")) == NULL) { /* Can't create the file. */ logger(LOG_INFO, "Can't open %s for writing", filename); tftp_send_error(sockfd, sa, EACCESS, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EACCESS, tftp_errmsg[EACCESS]); return ERR; } /* tsize option */ if (((result = opt_get_tsize(data->tftp_options)) > -1) && !convert) { opt_set_tsize(result, data->tftp_options); logger(LOG_DEBUG, "tsize option -> %d", result); } /* timeout option */ if ((result = opt_get_timeout(data->tftp_options)) > -1) { if ((result < 1) || (result > 255)) { tftp_send_error(sockfd, sa, EOPTNEG, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EOPTNEG, tftp_errmsg[EOPTNEG]); fclose(fp); return ERR; } timeout = result; opt_set_timeout(timeout, data->tftp_options); logger(LOG_DEBUG, "timeout option -> %d", timeout); } /* blksize options */ if ((result = opt_get_blksize(data->tftp_options)) > -1) { if ((result < 8) || (result > 65464)) { tftp_send_error(sockfd, sa, EOPTNEG, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EOPTNEG, tftp_errmsg[EOPTNEG]); fclose(fp); return ERR; } data->data_buffer_size = result + 4; data->data_buffer = realloc(data->data_buffer, data->data_buffer_size); if (data->data_buffer == NULL) { logger(LOG_ERR, "memory allocation failure"); fclose(fp); return ERR; } tftphdr = (struct tftphdr *)data->data_buffer; if (data->data_buffer == NULL) { tftp_send_error(sockfd, sa, ENOSPACE, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", ENOSPACE, tftp_errmsg[ENOSPACE]); fclose(fp); return ERR; } opt_set_blksize(result, data->tftp_options); logger(LOG_DEBUG, "blksize option -> %d", result); } /* that's it, we start receiving the file */ while (1) { if (tftpd_cancel) { logger(LOG_DEBUG, "thread cancelled"); tftp_send_error(sockfd, sa, EUNDEF, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", EUNDEF, tftp_errmsg[EUNDEF]); state = S_ABORT; } switch (state) { case S_BEGIN: /* Did the client request RFC1350 options ?*/ if (opt_support_options(data->tftp_options)) state = S_SEND_OACK; else state = S_SEND_ACK; break; case S_SEND_ACK: timeout_state = state; tftp_send_ack(sockfd, sa, block_number); if (data->trace) logger(LOG_DEBUG, "sent ACK <block: %d>", block_number); if (all_blocks_received) state = S_END; else state = S_WAIT_PACKET; break; case S_SEND_OACK: timeout_state = state; tftp_send_oack(sockfd, sa, data->tftp_options, data->data_buffer, data->data_buffer_size); opt_options_to_string(data->tftp_options, string, MAXLEN); if (data->trace) logger(LOG_DEBUG, "sent OACK <%s>", string); state = S_WAIT_PACKET; break; case S_WAIT_PACKET: data_size = data->data_buffer_size; result = tftp_get_packet(sockfd, -1, NULL, sa, &from, NULL, timeout, &data_size, data->data_buffer); switch (result) { case GET_TIMEOUT: number_of_timeout++; if (number_of_timeout > NB_OF_RETRY) { logger(LOG_INFO, "client (%s) not responding", sockaddr_print_addr(&data->client_info->client, addr_str, sizeof(addr_str))); state = S_END; } else { logger(LOG_WARNING, "timeout: retrying..."); state = timeout_state; } break; case GET_ERROR: /* * This does not work correctly if load balancers are * employed on one side of a multihomed host. ie, the * tftp RRQ goes through the load balancer and has the * source ports changed while the multicast traffic * bypasses the load balancers. * * **** It is not compliant with RFC1350 to skip this * **** test since the port number is the TID. Use this * **** only if you know what you're doing. */ if (sockaddr_get_port(sa) != sockaddr_get_port(&from)) { if (data->checkport) { logger(LOG_WARNING, "packet discarded <%s>", sockaddr_print_addr(&from, addr_str, sizeof(addr_str))); break; } else logger(LOG_WARNING, "source port mismatch, check bypassed"); } Strncpy(string, tftphdr->th_msg, (((data_size - 4) > MAXLEN) ? MAXLEN : (data_size - 4))); if (data->trace) logger(LOG_DEBUG, "received ERROR <code: %d, msg: %s>", ntohs(tftphdr->th_code), string); state = S_ABORT; break; case GET_DATA: /* Check that source port match */ if (sockaddr_get_port(sa) != sockaddr_get_port(&from)) { if (data->checkport) { logger(LOG_WARNING, "packet discarded <%s>", sockaddr_print_addr(&from, addr_str, sizeof(addr_str))); break; } else logger(LOG_WARNING, "source port mismatch, check bypassed"); } number_of_timeout = 0; state = S_DATA_RECEIVED; break; case GET_DISCARD: /* FIXME: should we increment number_of_timeout */ logger(LOG_WARNING, "packet discarded <%s>", sockaddr_print_addr(&from, addr_str, sizeof(addr_str))); break; case ERR: logger(LOG_ERR, "%s: %d: recvfrom: %s", __FILE__, __LINE__, strerror(errno)); state = S_ABORT; break; default: logger(LOG_ERR, "%s: %d: abnormal return value %d", __FILE__, __LINE__, result); state = S_ABORT; } break; case S_DATA_RECEIVED: /* We need to seek to the right place in the file */ block_number = ntohs(tftphdr->th_block); if (data->trace) logger(LOG_DEBUG, "received DATA <block: %d, size: %d>", block_number, data_size - 4); if (tftp_file_write(fp, tftphdr->th_data, data->data_buffer_size - 4, block_number, data_size - 4, convert, &prev_block_number, &temp) != data_size - 4) { logger(LOG_ERR, "%s: %d: error writing to file %s", __FILE__, __LINE__, filename); tftp_send_error(sockfd, sa, ENOSPACE, data->data_buffer, data->data_buffer_size); if (data->trace) logger(LOG_DEBUG, "sent ERROR <code: %d, msg: %s>", ENOSPACE, tftp_errmsg[ENOSPACE]); state = S_ABORT; break; } if (data_size < data->data_buffer_size) all_blocks_received = 1; else all_blocks_received = 0; state = S_SEND_ACK; break; case S_END: fclose(fp); return OK; case S_ABORT: fclose(fp); return ERR; default: fclose(fp); logger(LOG_ERR, "%s: %d: tftpd_file.c: huh?", __FILE__, __LINE__); return ERR; } } }
static void tftp_handle_rrq(struct tftp_t *tp, int pktlen) { struct tftp_session *spt; int s, k, n; u_int8_t *src, *dst; s = tftp_session_allocate(tp); if (s < 0) { return; } spt = &tftp_sessions[s]; src = tp->x.tp_buf; dst = spt->filename; n = pktlen - ((uint8_t *)&tp->x.tp_buf[0] - (uint8_t *)tp); /* get name */ for (k = 0; k < n; k++) { if (k < TFTP_FILENAME_MAX) { dst[k] = src[k]; } else { return; } if (src[k] == '\0') { break; } } if (k >= n) { return; } k++; /* check mode */ if ((n - k) < 6) { return; } if (memcmp(&src[k], "octet\0", 6) != 0) { tftp_send_error(spt, 4, "Unsupported transfer mode", tp); return; } k += 6; /* skipping octet */ /* do sanity checks on the filename */ if ((spt->filename[0] != '/') || (spt->filename[strlen((char *)spt->filename) - 1] == '/') || strstr((char *)spt->filename, "/../")) { tftp_send_error(spt, 2, "Access violation", tp); return; } /* only allow exported prefixes */ if (!tftp_prefix) { tftp_send_error(spt, 2, "Access violation", tp); return; } /* check if the file exists */ if (tftp_read_data(spt, 0, spt->filename, 0) < 0) { tftp_send_error(spt, 1, "File not found", tp); return; } if (src[n - 1] != 0) { tftp_send_error(spt, 2, "Access violation", tp); return; } while (k < n) { const char *key, *value; key = (char *)src + k; k += strlen(key) + 1; if (k >= n) { tftp_send_error(spt, 2, "Access violation", tp); return; } value = (char *)src + k; k += strlen(value) + 1; if (strcmp(key, "tsize") == 0) { int tsize = atoi(value); struct stat stat_p; if (tsize == 0 && tftp_prefix) { char buffer[1024]; int len; len = snprintf(buffer, sizeof(buffer), "%s/%s", tftp_prefix, spt->filename); if (stat(buffer, &stat_p) == 0) tsize = stat_p.st_size; else { tftp_send_error(spt, 1, "File not found", tp); return; } } tftp_send_oack(spt, "tsize", tsize, tp); } } tftp_send_data(spt, 1, tp); }
static void tftp_handle_rrq(Slirp *slirp, struct tftp_t *tp, int pktlen) { struct tftp_session *spt; int s, k; size_t prefix_len; char *req_fname; s = tftp_session_allocate(slirp, tp); if (s < 0) { return; } spt = &slirp->tftp_sessions[s]; /* unspecifed prefix means service disabled */ if (!slirp->tftp_prefix) { tftp_send_error(spt, 2, "Access violation", tp); return; } /* skip header fields */ k = 0; pktlen -= ((uint8_t *)&tp->x.tp_buf[0] - (uint8_t *)tp); /* prepend tftp_prefix */ prefix_len = strlen(slirp->tftp_prefix); spt->filename = qemu_malloc(prefix_len + TFTP_FILENAME_MAX + 2); memcpy(spt->filename, slirp->tftp_prefix, prefix_len); spt->filename[prefix_len] = '/'; /* get name */ req_fname = spt->filename + prefix_len + 1; while (1) { if (k >= TFTP_FILENAME_MAX || k >= pktlen) { tftp_send_error(spt, 2, "Access violation", tp); return; } req_fname[k] = (char)tp->x.tp_buf[k]; if (req_fname[k++] == '\0') { break; } } /* check mode */ if ((pktlen - k) < 6) { tftp_send_error(spt, 2, "Access violation", tp); return; } if (memcmp(&tp->x.tp_buf[k], "octet\0", 6) != 0) { tftp_send_error(spt, 4, "Unsupported transfer mode", tp); return; } k += 6; /* skipping octet */ /* do sanity checks on the filename */ if (!strncmp(req_fname, "../", 3) || req_fname[strlen(req_fname) - 1] == '/' || strstr(req_fname, "/../")) { tftp_send_error(spt, 2, "Access violation", tp); return; } /* check if the file exists */ if (tftp_read_data(spt, 0, NULL, 0) < 0) { tftp_send_error(spt, 1, "File not found", tp); return; } if (tp->x.tp_buf[pktlen - 1] != 0) { tftp_send_error(spt, 2, "Access violation", tp); return; } while (k < pktlen) { const char *key, *value; key = (const char *)&tp->x.tp_buf[k]; k += strlen(key) + 1; if (k >= pktlen) { tftp_send_error(spt, 2, "Access violation", tp); return; } value = (const char *)&tp->x.tp_buf[k]; k += strlen(value) + 1; if (strcmp(key, "tsize") == 0) { int tsize = atoi(value); struct stat stat_p; if (tsize == 0) { if (stat(spt->filename, &stat_p) == 0) tsize = stat_p.st_size; else { tftp_send_error(spt, 1, "File not found", tp); return; } } tftp_send_oack(spt, "tsize", tsize, tp); } } tftp_send_data(spt, 1, tp); }
static void tftp_handle_rrq(Slirp *slirp, struct tftp_t *tp, int pktlen) { struct tftp_session *spt; int s, k; size_t prefix_len; char *req_fname; const char *option_name[2]; uint32_t option_value[2]; int nb_options = 0; /* check if a session already exists and if so terminate it */ s = tftp_session_find(slirp, tp); if (s >= 0) { tftp_session_terminate(&slirp->tftp_sessions[s]); } s = tftp_session_allocate(slirp, tp); if (s < 0) { return; } spt = &slirp->tftp_sessions[s]; /* unspecified prefix means service disabled */ if (!slirp->tftp_prefix) { tftp_send_error(spt, 2, "Access violation", tp); return; } /* skip header fields */ k = 0; pktlen -= offsetof(struct tftp_t, x.tp_buf); /* prepend tftp_prefix */ prefix_len = strlen(slirp->tftp_prefix); spt->filename = g_malloc(prefix_len + TFTP_FILENAME_MAX + 2); memcpy(spt->filename, slirp->tftp_prefix, prefix_len); spt->filename[prefix_len] = '/'; /* get name */ req_fname = spt->filename + prefix_len + 1; while (1) { if (k >= TFTP_FILENAME_MAX || k >= pktlen) { tftp_send_error(spt, 2, "Access violation", tp); return; } req_fname[k] = tp->x.tp_buf[k]; if (req_fname[k++] == '\0') { break; } } /* check mode */ if ((pktlen - k) < 6) { tftp_send_error(spt, 2, "Access violation", tp); return; } if (strcasecmp(&tp->x.tp_buf[k], "octet") != 0) { tftp_send_error(spt, 4, "Unsupported transfer mode", tp); return; } k += 6; /* skipping octet */ /* do sanity checks on the filename */ if (!strncmp(req_fname, "../", 3) || req_fname[strlen(req_fname) - 1] == '/' || strstr(req_fname, "/../")) { tftp_send_error(spt, 2, "Access violation", tp); return; } /* check if the file exists */ if (tftp_read_data(spt, 0, NULL, 0) < 0) { tftp_send_error(spt, 1, "File not found", tp); return; } if (tp->x.tp_buf[pktlen - 1] != 0) { tftp_send_error(spt, 2, "Access violation", tp); return; } while (k < pktlen && nb_options < ARRAY_SIZE(option_name)) { const char *key, *value; key = &tp->x.tp_buf[k]; k += strlen(key) + 1; if (k >= pktlen) { tftp_send_error(spt, 2, "Access violation", tp); return; } value = &tp->x.tp_buf[k]; k += strlen(value) + 1; if (strcasecmp(key, "tsize") == 0) { int tsize = atoi(value); struct stat stat_p; if (tsize == 0) { if (stat(spt->filename, &stat_p) == 0) tsize = stat_p.st_size; else { tftp_send_error(spt, 1, "File not found", tp); return; } } option_name[nb_options] = "tsize"; option_value[nb_options] = tsize; nb_options++; } else if (strcasecmp(key, "blksize") == 0) { int blksize = atoi(value); /* If blksize option is bigger than what we will * emit, accept the option with our packet size. * Otherwise, simply do as we didn't see the option. */ if (blksize >= 512) { option_name[nb_options] = "blksize"; option_value[nb_options] = 512; nb_options++; } } } if (nb_options > 0) { assert(nb_options <= ARRAY_SIZE(option_name)); tftp_send_oack(spt, option_name, option_value, nb_options, tp); return; } spt->block_nr = 0; tftp_send_next_block(spt, tp); }