From 2a8416eaa85af6348fe34859859a7fb39db2003d Mon Sep 17 00:00:00 2001 From: Louis Burda Date: Mon, 10 May 2021 15:05:25 +0200 Subject: save scan info and model, added vuln in load info, small tweaks create result directory with serialized info struct and model file after successful scan, dont modify the stl file contents during parsing, EOF getc vuln to truncate loaded hash added in load_info --- service/src/printdoc.c | 91 ++++++++++++++++++++++++++------------------------ 1 file changed, 48 insertions(+), 43 deletions(-) (limited to 'service/src/printdoc.c') diff --git a/service/src/printdoc.c b/service/src/printdoc.c index d7a4131..951f40b 100644 --- a/service/src/printdoc.c +++ b/service/src/printdoc.c @@ -3,6 +3,9 @@ #include #include #include +#include +#include +#include #include "stlfile.h" #include "util.h" @@ -12,9 +15,6 @@ struct command { void (*func)(char *); }; -const char* ask(const char *fmtstr, ...); -void dump(const char *filepath); - void search_cmd(char *arg); void submit_cmd(char *arg); void list_cmd(char *arg); @@ -30,39 +30,6 @@ struct command commands[] = { struct parseinfo lastrun; const char *resultdir; -const char* -ask(const char *fmtstr, ...) -{ - static char linebuf[256]; - va_list ap; - int fail; - - va_start(ap, fmtstr); - vprintf(fmtstr, ap); - va_end(ap); - - fail = !fgets(linebuf, sizeof(linebuf), stdin); - - if (!fail) linebuf[strlen(linebuf) - 1] = '\0'; - - return fail ? "" : linebuf; -} - -void -dump(const char *filename) -{ - char buf[256]; - FILE *f; - int nb; - - if (!(f = fopen(filename, "r"))) return; - - while ((nb = fread(buf, 1, sizeof(buf), f))) - printf("%.*s\n", nb, buf); - - fclose(f); -} - void search_cmd(char *arg) { @@ -82,14 +49,14 @@ search_cmd(char *arg) i = 0; while ((de = readdir(d))) { - if (de->d_type != DT_DIR && !strncmp(hash, de->d_name, strlen(hash))) { + if (de->d_type != DT_DIR && !strpfcmp(hash, de->d_name)) { printf("%i : %s\n", i, de->d_name); i++; } } if (i == 0) { - fprintf(stderr, "Sorry, couldnt find any matching scan result!\n"); + fprintf(stderr, "Sorry, couldnt find a matching scan result!\n"); goto cleanup; } else { which = strtoul(ask("Which of these results?\n"), &end, 10); @@ -100,7 +67,7 @@ search_cmd(char *arg) } while ((de = readdir(d))) { - if (de->d_type != DT_DIR && !strncmp(hash, de->d_name, strlen(hash))) { + if (de->d_type != DT_DIR && !strpfcmp(hash, de->d_name)) { if (i == which) { resultfile = aprintf("scans/%s/info", strdup(de->d_name)); break; @@ -117,6 +84,44 @@ cleanup: closedir(d); } +int +save_submission(char *stldata, int stlsize) +{ + DIR *d; + FILE *f; + char *dirpath = NULL, *infopath = NULL, *modelpath = NULL; + + dirpath = aprintf("%s/%s-%i", resultdir, lastrun.hash, time(NULL)); + if (mkdir(dirpath, S_IRWXU | S_IRWXG | S_IRWXO)) goto fail; + + modelpath = aprintf("%s/%s", dirpath, "model"); + if (!(f = fopen(modelpath, "w+"))) goto fail; + if (fwrite(stldata, 1, stlsize, f) != stlsize) goto fail; + fclose(f); + + infopath = aprintf("%s/%s", dirpath, "info"); + if (!(f = fopen(infopath, "w+"))) goto fail; + if (save_info(&lastrun, f) != OK) goto fail; + fclose(f); + + free(dirpath); + free(modelpath); + free(infopath); + + return OK; + +fail: + remove(infopath); + remove(modelpath); + remove(dirpath); + + free(dirpath); + free(modelpath); + free(infopath); + + return FAIL; +} + void submit_cmd(char *arg) { @@ -139,10 +144,10 @@ submit_cmd(char *arg) lastrun.valid = parse_file(&lastrun, contents, len); if (lastrun.valid) { - print_info(&lastrun); - save_info(&lastrun, resultdir); - printf("Your file was saved with ID %s!\n", lastrun.hash); - printf("You may retrieve your results via the 'search' function\n"); + if (save_submission(contents, len) != OK) + fprintf(stderr, "Failed to save your submission!\n"); + else + printf(">> Your file was saved with ID %s!\n", lastrun.hash); } free(contents); -- cgit v1.2.3-71-gd317