projects / project / ubus.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
ubusd: protect against too-short messages
[project/ubus.git] / ubusd_main.c
1 /*
2 * Copyright (C) 2011-2014 Felix Fietkau <nbd@openwrt.org>
3 *
4 * SPDX-License-Identifier: LGPL-2.1-only
5 */
6
7 #include <sys/socket.h>
8 #include <sys/stat.h>
9 #ifdef FreeBSD
10 #include <sys/param.h>
11 #endif
12 #include <syslog.h>
13
14 #include <libubox/usock.h>
15
16 #include "ubusd.h"
17
18 static void handle_client_disconnect(struct ubus_client *cl)
19 {
20 struct ubus_msg_buf_list *ubl, *ubl2;
21 list_for_each_entry_safe(ubl, ubl2, &cl->tx_queue, list)
22 ubus_msg_list_free(ubl);
23
24 ubusd_monitor_disconnect(cl);
25 ubusd_proto_free_client(cl);
26 if (cl->pending_msg_fd >= 0)
27 close(cl->pending_msg_fd);
28 uloop_fd_delete(&cl->sock);
29 close(cl->sock.fd);
30 free(cl);
31 }
32
33 static void client_cb(struct uloop_fd *sock, unsigned int events)
34 {
35 struct ubus_client *cl = container_of(sock, struct ubus_client, sock);
36 uint8_t fd_buf[CMSG_SPACE(sizeof(int))] = { 0 };
37 struct msghdr msghdr = { 0 };
38 struct ubus_msg_buf *ub;
39 struct ubus_msg_buf_list *ubl, *ubl2;
40 static struct iovec iov;
41 struct cmsghdr *cmsg;
42 int *pfd;
43
44 msghdr.msg_iov = &iov,
45 msghdr.msg_iovlen = 1,
46 msghdr.msg_control = fd_buf;
47 msghdr.msg_controllen = sizeof(fd_buf);
48
49 cmsg = CMSG_FIRSTHDR(&msghdr);
50 cmsg->cmsg_type = SCM_RIGHTS;
51 cmsg->cmsg_level = SOL_SOCKET;
52 cmsg->cmsg_len = CMSG_LEN(sizeof(int));
53
54 pfd = (int *) CMSG_DATA(cmsg);
55 msghdr.msg_controllen = cmsg->cmsg_len;
56
57 /* first try to tx more pending data */
58 list_for_each_entry_safe(ubl, ubl2, &cl->tx_queue, list) {
59 ssize_t written;
60
61 ub = ubl->msg;
62 written = ubus_msg_writev(sock->fd, ub, cl->txq_ofs);
63 if (written < 0) {
64 switch(errno) {
65 case EINTR:
66 case EAGAIN:
67 break;
68 default:
69 goto disconnect;
70 }
71 break;
72 }
73
74 cl->txq_ofs += written;
75 cl->txq_len -= written;
76 if (cl->txq_ofs < ub->len + sizeof(ub->hdr))
77 break;
78
79 ubus_msg_list_free(ubl);
80 }
81
82 /* prevent further ULOOP_WRITE events if we don't have data
83 * to send anymore */
84 if (list_empty(&cl->tx_queue) && (events & ULOOP_WRITE))
85 uloop_fd_add(sock, ULOOP_READ | ULOOP_EDGE_TRIGGER);
86
87 retry:
88 if (!sock->eof && cl->pending_msg_offset < (int) sizeof(cl->hdrbuf)) {
89 int offset = cl->pending_msg_offset;
90 int bytes;
91
92 *pfd = -1;
93
94 iov.iov_base = ((char *) &cl->hdrbuf) + offset;
95 iov.iov_len = sizeof(cl->hdrbuf) - offset;
96
97 if (cl->pending_msg_fd < 0) {
98 msghdr.msg_control = fd_buf;
99 msghdr.msg_controllen = cmsg->cmsg_len;
100 } else {
101 msghdr.msg_control = NULL;
102 msghdr.msg_controllen = 0;
103 }
104
105 bytes = recvmsg(sock->fd, &msghdr, 0);
106 if (bytes < 0)
107 goto out;
108
109 if (*pfd >= 0)
110 cl->pending_msg_fd = *pfd;
111
112 cl->pending_msg_offset += bytes;
113 if (cl->pending_msg_offset < (int) sizeof(cl->hdrbuf))
114 goto out;
115
116 if (blob_raw_len(&cl->hdrbuf.data) < sizeof(struct blob_attr))
117 goto disconnect;
118 if (blob_pad_len(&cl->hdrbuf.data) > UBUS_MAX_MSGLEN)
119 goto disconnect;
120
121 cl->pending_msg = ubus_msg_new(NULL, blob_raw_len(&cl->hdrbuf.data), false);
122 if (!cl->pending_msg)
123 goto disconnect;
124
125 cl->hdrbuf.hdr.seq = be16_to_cpu(cl->hdrbuf.hdr.seq);
126 cl->hdrbuf.hdr.peer = be32_to_cpu(cl->hdrbuf.hdr.peer);
127
128 memcpy(&cl->pending_msg->hdr, &cl->hdrbuf.hdr, sizeof(cl->hdrbuf.hdr));
129 memcpy(cl->pending_msg->data, &cl->hdrbuf.data, sizeof(cl->hdrbuf.data));
130 }
131
132 ub = cl->pending_msg;
133 if (ub) {
134 int offset = cl->pending_msg_offset - sizeof(ub->hdr);
135 int len = blob_raw_len(ub->data) - offset;
136 int bytes = 0;
137
138 if (len > 0) {
139 bytes = read(sock->fd, (char *) ub->data + offset, len);
140 if (bytes <= 0)
141 goto out;
142 }
143
144 if (bytes < len) {
145 cl->pending_msg_offset += bytes;
146 goto out;
147 }
148
149 /* accept message */
150 ub->fd = cl->pending_msg_fd;
151 cl->pending_msg_fd = -1;
152 cl->pending_msg_offset = 0;
153 cl->pending_msg = NULL;
154 ubusd_monitor_message(cl, ub, false);
155 ubusd_proto_receive_message(cl, ub);
156 goto retry;
157 }
158
159 out:
160 if (!sock->eof || !list_empty(&cl->tx_queue))
161 return;
162
163 disconnect:
164 handle_client_disconnect(cl);
165 }
166
167 static bool get_next_connection(int fd)
168 {
169 struct ubus_client *cl;
170 int client_fd;
171
172 client_fd = accept(fd, NULL, 0);
173 if (client_fd < 0) {
174 switch (errno) {
175 case ECONNABORTED:
176 case EINTR:
177 return true;
178 default:
179 return false;
180 }
181 }
182
183 cl = ubusd_proto_new_client(client_fd, client_cb);
184 if (cl)
185 uloop_fd_add(&cl->sock, ULOOP_READ | ULOOP_EDGE_TRIGGER);
186 else
187 close(client_fd);
188
189 return true;
190 }
191
192 static void server_cb(struct uloop_fd *fd, unsigned int events)
193 {
194 bool next;
195
196 do {
197 next = get_next_connection(fd->fd);
198 } while (next);
199 }
200
201 static struct uloop_fd server_fd = {
202 .cb = server_cb,
203 };
204
205 static int usage(const char *progname)
206 {
207 fprintf(stderr, "Usage: %s [<options>]\n"
208 "Options: \n"
209 " -A <path>: Set the path to ACL files\n"
210 " -s <socket>: Set the unix domain socket to listen on\n"
211 "\n", progname);
212 return 1;
213 }
214
215 static void sighup_handler(int sig)
216 {
217 ubusd_acl_load();
218 }
219
220 int main(int argc, char **argv)
221 {
222 const char *ubus_socket = UBUS_UNIX_SOCKET;
223 int ret = 0;
224 int ch;
225
226 signal(SIGPIPE, SIG_IGN);
227 signal(SIGHUP, sighup_handler);
228
229 openlog("ubusd", LOG_PID, LOG_DAEMON);
230 uloop_init();
231
232 while ((ch = getopt(argc, argv, "A:s:")) != -1) {
233 switch (ch) {
234 case 's':
235 ubus_socket = optarg;
236 break;
237 case 'A':
238 ubusd_acl_dir = optarg;
239 break;
240 default:
241 return usage(argv[0]);
242 }
243 }
244
245 unlink(ubus_socket);
246 umask(0111);
247 server_fd.fd = usock(USOCK_UNIX | USOCK_SERVER | USOCK_NONBLOCK, ubus_socket, NULL);
248 if (server_fd.fd < 0) {
249 perror("usock");
250 ret = -1;
251 goto out;
252 }
253 uloop_fd_add(&server_fd, ULOOP_READ | ULOOP_EDGE_TRIGGER);
254 ubusd_acl_load();
255
256 uloop_run();
257 unlink(ubus_socket);
258
259 out:
260 uloop_done();
261 return ret;
262 }
OpenWrt system message/RPC bus