save scan info and model, added vuln in load info, small tweaks

create result directory with serialized info struct and model file after successful scan, dont modify the stl file contents during parsing, EOF getc vuln to truncate loaded hash added in load_info

1 files changed, 48 insertions, 43 deletions

diff --git a/service/src/printdoc.c b/service/src/printdoc.c
index d7a4131..951f40b 100644
--- a/service/src/printdoc.c
+++ b/service/src/printdoc.c
@@ -3,6 +3,9 @@
 #include <stdarg.h>
 #include <unistd.h>
 #include <dirent.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <time.h>
 
 #include "stlfile.h"
 #include "util.h"
@@ -12,9 +15,6 @@ struct command {
 	void (*func)(char *);
 };
 
-const char* ask(const char *fmtstr, ...);
-void dump(const char *filepath);
-
 void search_cmd(char *arg);
 void submit_cmd(char *arg);
 void list_cmd(char *arg);
@@ -30,39 +30,6 @@ struct command commands[] = {
 struct parseinfo lastrun;
 const char *resultdir;
 
-const char*
-ask(const char *fmtstr, ...)
-{
-	static char linebuf[256];
-	va_list ap;
-	int fail;
-
-	va_start(ap, fmtstr);
-	vprintf(fmtstr, ap);
-	va_end(ap);
-
-	fail = !fgets(linebuf, sizeof(linebuf), stdin);
-
-	if (!fail) linebuf[strlen(linebuf) - 1] = '\0';
-
-	return fail ? "" : linebuf;
-}
-
-void
-dump(const char *filename)
-{
-	char buf[256];
-	FILE *f;
-	int nb;
-
-	if (!(f = fopen(filename, "r"))) return;
-
-	while ((nb = fread(buf, 1, sizeof(buf), f)))
-		printf("%.*s\n", nb, buf);
-
-	fclose(f);
-}
-
 void
 search_cmd(char *arg)
 {
@@ -82,14 +49,14 @@ search_cmd(char *arg)
 
 	i = 0;
 	while ((de = readdir(d))) {
-		if (de->d_type != DT_DIR && !strncmp(hash, de->d_name, strlen(hash))) {
+		if (de->d_type != DT_DIR && !strpfcmp(hash, de->d_name)) {
 			printf("%i : %s\n", i, de->d_name);
 			i++;
 		}
 	}
 
 	if (i == 0) {
-		fprintf(stderr, "Sorry, couldnt find any matching scan result!\n");
+		fprintf(stderr, "Sorry, couldnt find a matching scan result!\n");
 		goto cleanup;
 	} else {
 		which = strtoul(ask("Which of these results?\n"), &end, 10);
@@ -100,7 +67,7 @@ search_cmd(char *arg)
 	}
 
 	while ((de = readdir(d))) {
-		if (de->d_type != DT_DIR && !strncmp(hash, de->d_name, strlen(hash))) {
+		if (de->d_type != DT_DIR && !strpfcmp(hash, de->d_name)) {
 			if (i == which) {
 				resultfile = aprintf("scans/%s/info", strdup(de->d_name));
 				break;
@@ -117,6 +84,44 @@ cleanup:
 	closedir(d);
 }
 
+int
+save_submission(char *stldata, int stlsize)
+{
+	DIR *d;
+	FILE *f;
+	char *dirpath = NULL, *infopath = NULL, *modelpath = NULL;
+
+	dirpath = aprintf("%s/%s-%i", resultdir, lastrun.hash, time(NULL));
+	if (mkdir(dirpath, S_IRWXU | S_IRWXG | S_IRWXO)) goto fail;
+
+	modelpath = aprintf("%s/%s", dirpath, "model");
+	if (!(f = fopen(modelpath, "w+"))) goto fail;
+	if (fwrite(stldata, 1, stlsize, f) != stlsize) goto fail;
+	fclose(f);
+
+	infopath = aprintf("%s/%s", dirpath, "info");
+	if (!(f = fopen(infopath, "w+"))) goto fail;
+	if (save_info(&lastrun, f) != OK) goto fail;
+	fclose(f);
+
+	free(dirpath);
+	free(modelpath);
+	free(infopath);
+
+	return OK;
+
+fail:
+	remove(infopath);
+	remove(modelpath);
+	remove(dirpath);
+
+	free(dirpath);
+	free(modelpath);
+	free(infopath);
+
+	return FAIL;
+}
+
 void
 submit_cmd(char *arg)
 {
@@ -139,10 +144,10 @@ submit_cmd(char *arg)
 	lastrun.valid = parse_file(&lastrun, contents, len);
 
 	if (lastrun.valid) {
-		print_info(&lastrun);
-		save_info(&lastrun, resultdir);
-		printf("Your file was saved with ID %s!\n", lastrun.hash);
-		printf("You may retrieve your results via the 'search' function\n");
+		if (save_submission(contents, len) != OK)
+			fprintf(stderr, "Failed to save your submission!\n");
+		else
+			printf(">> Your file was saved with ID %s!\n", lastrun.hash);
 	}
 
 	free(contents);