int Upload_file(Connection *conn, Handler *handler, int content_len) { int rc = 0; int tmpfd = 0; bstring tmp_name = NULL; bstring result = NULL; if(UPLOAD_STORE == NULL) { UPLOAD_STORE = Setting_get_str("upload.temp_store", NULL); error_unless(UPLOAD_STORE, conn, 413, "Request entity is too large: %d, and no upload.temp_store setting for where to put the big files.", content_len); UPLOAD_STORE = bstrcpy(UPLOAD_STORE); } if(UPLOAD_MODE == 0) { bstring mode = Setting_get_str("upload.temp_store_mode", &UPLOAD_MODE_DEFAULT); log_info("Will set mode for upload temp store to: %s", bdata(mode)); check(bdata(mode) != NULL, "Mode data is NULL") UPLOAD_MODE = strtoul((const char *)bdata(mode), NULL, 0); check(UPLOAD_MODE > 0, "Failed to convert upload.temp_store_mode to a number."); check(UPLOAD_MODE < 066666, "Invalid mode that's way too big: %s.", bdata(mode)); } tmp_name = bstrcpy(UPLOAD_STORE); tmpfd = mkstemp((char *)tmp_name->data); check(tmpfd != -1, "Failed to create secure tempfile, did you end it with XXXXXX?"); log_info("Writing tempfile %s for large upload.", bdata(tmp_name)); rc = chmod((char *)tmp_name->data, UPLOAD_MODE); check(rc == 0, "Failed to chmod."); rc = Upload_notify(conn, handler, "start", tmp_name); check(rc == 0, "Failed to notify of the start of upload."); rc = stream_to_disk(conn->iob, content_len, tmpfd); check(rc == 0, "Failed to stream to disk."); rc = Upload_notify(conn, handler, "done", tmp_name); check(rc == 0, "Failed to notify the end of the upload."); bdestroy(result); bdestroy(tmp_name); fdclose(tmpfd); return 0; error: if(result) bdestroy(result); fdclose(tmpfd); if(tmp_name != NULL) { unlink((char *)tmp_name->data); bdestroy(tmp_name); } return -1; }
static int Server_init_ssl(Server *srv) { int rc = 0; bstring certdir = NULL; bstring certpath = NULL; bstring keypath = NULL; bstring certdir_setting = Setting_get_str("certdir", NULL); check(certdir_setting != NULL, "to use ssl, you must specify a certdir"); if(srv->chroot != NULL && !Unixy_in_chroot()) { certdir = bformat("%s%s", bdata(srv->chroot), bdata(certdir_setting)); } else { certdir = bstrcpy(certdir_setting); } certpath = bformat("%s%s.crt", bdata(certdir), bdata(srv->uuid)); check_mem(certpath); keypath = bformat("%s%s.key", bdata(certdir), bdata(srv->uuid)); check_mem(keypath); rc = mbedtls_x509_crt_parse_file(&srv->own_cert, bdata(certpath)); check(rc == 0, "Failed to load cert from %s", bdata(certpath)); rc = mbedtls_pk_parse_keyfile(&srv->pk_key, bdata(keypath), NULL); check(rc == 0, "Failed to load key from %s", bdata(keypath)); bstring ssl_ciphers_val = Setting_get_str("ssl_ciphers", NULL); bstring ca_chain = Setting_get_str("ssl.ca_chain", NULL); if ( ca_chain != NULL ) { rc = mbedtls_x509_crt_parse_file(&srv->ca_chain, bdata(ca_chain)); check(rc == 0, "Failed to load cert from %s", bdata(ca_chain)); } else { //to indicate no ca_chain was loaded srv->ca_chain.version=-1; } if(ssl_ciphers_val != NULL) { rc = Server_load_ciphers(srv, ssl_ciphers_val); check(rc == 0, "Failed to load requested SSL ciphers."); } else { srv->ciphers = mbedtls_ssl_list_ciphersuites(); } srv->dhm_P = MBEDTLS_DHM_RFC5114_MODP_2048_P; srv->dhm_G = MBEDTLS_DHM_RFC5114_MODP_2048_G; bdestroy(certdir); bdestroy(certpath); bdestroy(keypath); return 0; error: // Do not free certdir_setting, as we're pulling it from Settings if(certdir != NULL) bdestroy(certdir); if(certpath != NULL) bdestroy(certpath); if(keypath != NULL) bdestroy(keypath); return -1; }