various fixes made while stress-testing exploit

author: Louis Burda <quent.burda@gmail.com> 2021-06-24 02:52:21 +0200
committer: Louis Burda <quent.burda@gmail.com> 2021-06-24 02:52:51 +0200
commit: a0bd3d833d916cadd23d17d0b3784e28c729967d (patch)
tree: dea52e19b1518f1489669c8a1e29d340ced61989 /src
parent: aeb66a7b19008fabecbca23a1e21a9d6942ec28a (diff)
download: enowars5-service-stldoctor-a0bd3d833d916cadd23d17d0b3784e28c729967d.tar.gz
enowars5-service-stldoctor-a0bd3d833d916cadd23d17d0b3784e28c729967d.zip
2 files changed, 53 insertions, 40 deletions
diff --git a/src/.gitignore b/src/.gitignore
index 5f14e4d..140742a 100644
--- a/src/.gitignore
+++ b/src/.gitignore
@@ -1,4 +1,2 @@
-stldoctor
-*.o
+build
 vgcore.*
-safe_*
diff --git a/src/main.c b/src/main.c
index 43dce40..ff30df3 100644
--- a/src/main.c
+++ b/src/main.c
@@ -92,6 +92,13 @@ fail:
 	return FAIL;
 }
 
+int
+access_authorized(const char *file)
+{
+	return (loggedin && file[0] == '.' && file[1] != '.')
+		|| (!loggedin && file[0] != '.');
+}
+
 void
 cat_cmd(const char *arg)
 {
@@ -122,6 +129,7 @@ help_cmd(const char *arg)
 void
 exit_cmd(const char *arg)
 {
+	printf("bye!\n");
 	exit(0);
 }
 
@@ -168,8 +176,9 @@ cleanup:
 void
 search_cmd(const char *arg)
 {
-	char *end, *scandir = NULL, *infopath = NULL, *modelpath = NULL;
-	int i, which, dirstart, ishidden;
+	char *end, *scandir = NULL, *infopath = NULL,
+	     *modelpath = NULL, **paths = NULL;
+	int i, which, dirstart, ishidden, pathc, pathcap = 100;
 	const char *hash, *name;
 	struct dirent *de;
 	DIR *d = NULL;
@@ -186,52 +195,49 @@ search_cmd(const char *arg)
 		hash = mhash(arg ? arg : ask("Model name: "), -1);
 	}
 
-	if (!(d = opendir(resultdir))) return;
+	if (!(d = opendir(resultdir))) {
+		fprintf(stderr, "Unable to access upload directory!\n");
+		return;
+	}
 
+	paths = checkp(malloc(pathcap * sizeof(char*)));
 	dirstart = telldir(d);
-	for (i = 0; (de = readdir(d));) {
-		name = de->d_name;
-		if (loggedin && *name == '.' && !strpfcmp(hash, name + 1)
-				|| !loggedin && *name != '.' && !strpfcmp(hash, name)) {
-			printf("%i : %s\n", i, de->d_name);
-			i++;
+	for (pathc = 0; (de = readdir(d));) {
+		if (access_authorized(de->d_name)
+		    && !strpfcmp(hash, de->d_name + loggedin)) {
+			printf("%i : %s\n", pathc, de->d_name);
+			paths[pathc++] = checkp(strdup(de->d_name));
+			if (pathc == pathcap) {
+				pathcap *= 2;
+				paths = checkp(realloc(paths, pathcap * sizeof(char*)));
+			}
 		}
 	}
+	closedir(d);
 
-	if (i == 0) {
+	if (pathc == 0) {
 		fprintf(stderr, "Sorry, couldnt find a matching scan result!\n");
 		goto cleanup;
-	} else {
-		which = strtoul(ask("Which of these results? "), &end, 10);
-		if (which >= i || which < 0 || *end) {
-			fprintf(stderr, "Invalid index!\n");
-			goto cleanup;
-		}
 	}
 
-	seekdir(d, dirstart);
-	for (i = 0; (de = readdir(d));) {
-		name = de->d_name;
-		if (loggedin && *name == '.' && !strpfcmp(hash, name + 1)
-				|| !loggedin && *name != '.' && !strpfcmp(hash, name)) {
-			if (i == which) {
-				scandir = aprintf("%s/%s", resultdir, de->d_name);
-				break;
-			}
-			i++;
-		}
-	}
-
-	/* file got cleaned up during race condition by background task */
-	if (!scandir) {
-		fprintf(stderr, "Selected result spontaneously combusted!\n");
+	which = strtoul(ask("Which of these results? "), &end, 10);
+	if (which >= pathc || which < 0 || *end) {
+		fprintf(stderr, "Invalid index!\n");
 		goto cleanup;
 	}
 
+	scandir = aprintf("%s/%s", resultdir, paths[which]);
+
 	infopath = aprintf("%s/%s", scandir, "info");
-	if (!(f = fopen(infopath, "r"))) goto cleanup;
+	if (!(f = fopen(infopath, "r"))) {
+		fprintf(stderr, "Selected result is missing!\n");
+		goto cleanup;
+	}
 	free_info(&cached);
-	if (load_info(&cached, f) != OK) goto cleanup;
+	if (load_info(&cached, f) != OK) {
+		fprintf(stderr, "Failed to parse info file!\n");
+		goto cleanup;
+	}
 	fclose(f);
 	f = NULL;
 
@@ -239,11 +245,17 @@ search_cmd(const char *arg)
 
 	if (strchr(ask("Download the model? "), 'y')) {
 		modelpath = aprintf("%s/%s", scandir, "model");
-		if (!(f = fopen(modelpath, "r"))) goto cleanup;
+		if (!(f = fopen(modelpath, "r"))) {
+			fprintf(stderr, "Failed to access file!\n");
+			goto cleanup;
+		}
 		fseek(f, 0, SEEK_END);
 		size = ftell(f);
 		fseek(f, 0, SEEK_SET);
-		if (size > MAXFILESIZE) goto cleanup;
+		if (size > MAXFILESIZE) {
+			fprintf(stderr, "File is too large to send!\n");
+			goto cleanup;
+		}
 		printf("Here you go.. (%liB)\n", size);
 		while ((i = getc(f)) != EOF)
 			putc(i, stdout);
@@ -253,10 +265,13 @@ search_cmd(const char *arg)
 
 cleanup:
 	if (f) fclose(f);
-	closedir(d);
+
 	free(scandir);
 	free(infopath);
 	free(modelpath);
+
+	for (i = 0; i < pathc; i++) free(paths[i]);
+	free(paths);
 }
 
 void
author	Louis Burda <quent.burda@gmail.com>	2021-06-24 02:52:21 +0200
committer	Louis Burda <quent.burda@gmail.com>	2021-06-24 02:52:51 +0200
commit	a0bd3d833d916cadd23d17d0b3784e28c729967d (patch)
tree	dea52e19b1518f1489669c8a1e29d340ced61989 /src
parent	aeb66a7b19008fabecbca23a1e21a9d6942ec28a (diff)
download	enowars5-service-stldoctor-a0bd3d833d916cadd23d17d0b3784e28c729967d.tar.gz enowars5-service-stldoctor-a0bd3d833d916cadd23d17d0b3784e28c729967d.zip