search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
build: do not clobber config.h on updates
[rb-79.git] / sanitize-file.c
blob3a1968ce4d54909090802d6dd280d02d9e007b1f
1 /*
2 * Copyright (c) 2017, De Rais <derais@cock.li>
3 *
4 * Permission to use, copy, modify, and/or distribute this software for
5 * any purpose with or without fee is hereby granted, provided that the
6 * above copyright notice and this permission notice appear in all
7 * copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18 #include <errno.h>
19 #include <stdint.h>
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include <sys/types.h>
24 #include <sys/wait.h>
25 #include <time.h>
26 #include <unistd.h>
27
28 #include <magic.h>
29
30 #include "macros.h"
31 #include "rb79.h"
32
33 static magic_t mime_cookie;
34 static char *temp_dir;
35
36 /* Global configuration */
37 const struct configuration *conf;
38
39 /* A buffer this long can hold any static_thumbnail path */
40 static size_t max_static_thumb_len;
41
42 /*
43 * Set up libmagic and all its friends
44 *
45 * Preconditions:
46 *
47 * - setup_sanitize_file() was not invoked more recently than
48 * clean_sanitize_file().
49 *
50 * Postconditions (success):
51 *
52 * - Any other function in this file may be safely called.
53 */
54 int setup_sanitize_file(const struct configuration *in_conf)
55 {
56 conf = in_conf;
57 max_static_thumb_len = 1;
58
59 for (size_t j = 0; j < conf->filetypes_num; j++) {
60 const struct filetype *f = &conf->filetypes[j];
61
62 if (f->static_thumbnail) {
63 size_t t = strlen(f->static_thumbnail);
64
65 if (t + 1 > max_static_thumb_len) {
66 max_static_thumb_len = t + 1;
67 }
68 }
69 }
70
71 if (!(mime_cookie = magic_open(MAGIC_MIME_TYPE))) {
72 ERROR_MESSAGE("magic_open(): %s", magic_error(mime_cookie));
73
74 return -1;
75 }
76
77 if (magic_load(mime_cookie, 0) < 0) {
78 ERROR_MESSAGE("magic_open(): %s", magic_error(mime_cookie));
79
80 return -1;
81 }
82
83 if (!(temp_dir = malloc(strlen("/tmp/rb79_conv_XXXXXX") + 1))) {
84 return -1;
85 }
86
87 sprintf(temp_dir, "/tmp/rb79_conv_XXXXXX");
88
89 if (!(mkdtemp(temp_dir))) {
90 PERROR_MESSAGE("mkdtemp");
91
92 return -1;
93 }
94
95 return 0;
96 }
97
98 /*
99 * Check the MIME type of the content of buf
100 *
101 * Preconditions:
102 *
103 * - setup_sanitize_file() was invoked more recently than
104 * clean_sanitize_file().
105 *
106 * - buf is memory of length len.
107 *
108 * - out_filetype is not 0.
109 *
110 * - Overwriting *out_filetype shall not cause a memory leak.
111 *
112 * Postconditions (success):
113 *
114 * - The contents of buf have been examined by libmagic. If the
115 * MIME type corresponds to an entry in allowed_filetypes,
116 * *out_filetype is that entry. If not, *out_filetype is 0.
117 */
118 int sf_check_mime_type(const char *buf, size_t len, const struct
119 filetype **out_filetype)
120 {
121 const char *mime = 0;
122
123 if (!buf ||
124 !len) {
125 *out_filetype = 0;
126
127 return 0;
128 }
129
130 if (!(mime = magic_buffer(mime_cookie, buf, len))) {
131 ERROR_MESSAGE("magic_buffer(): %s", magic_error(mime_cookie));
132
133 return -1;
134 }
135
136 for (size_t j = 0; j < conf->filetypes_num; ++j) {
137 if (!strcmp(mime, conf->filetypes[j].mime_type)) {
138 *out_filetype = &conf->filetypes[j];
139
140 return 0;
141 }
142 }
143
144 LOG("The mime type \"%s\" is unsupported", mime);
145
146 return -1;
147 }
148
149 /*
150 * Run file_description_prog, store the result in out_description
151 *
152 * It is intended that this be called lazily by write-thread, because
153 * the standard posting path (at present) inserts into the database
154 * before saving files (to reduce error paths).
155 *
156 * Preconditions:
157 *
158 * - setup_sanitize_file() was invoked more recently than
159 * clean_sanitize_file().
160 *
161 * - mimetype is a string of length mimetype_len, and filepath is
162 * a string of length filepath_len.
163 *
164 * - filepath is the absolute path to the file in question, so is
165 * something like "/var/www/rb79/m/src/1942067545.jpg".
166 *
167 * - The mimetype of that file is mimetype (this should be satisfied
168 * if both strings come from a db row), so is something like
169 * "image/jpeg".
170 *
171 * - out_description and out_len are not 0.
172 *
173 * - Overwriting *out_description shall not cause a memory leak.
174 *
175 * Postconditions (success):
176 *
177 * - *out_description is a string of length *out_len, and is
178 * suitable for inclusion directly into HTML.
179 */
180 int sf_describe_file(const char *mimetype, const char *filepath,
181 char **out_description, size_t *out_description_len)
182 {
183 /* XXX: do we need to do any signal magic here? */
184 int ret = -1;
185 int fds[2];
186 pid_t fret = 0;
187 ssize_t rret = 0;
188 size_t pos = 0;
189 size_t dlen = 128;
190
191 if (!filepath ||
192 !mimetype) {
193 ret = 0;
194 goto done;
195 }
196
197 if (pipe(fds) < 0) {
198 PERROR_MESSAGE("pipe");
199 goto done;
200 }
201
202 /* XXX: should we have an automagically growing buffer? */
203 if (!(*out_description = calloc(dlen, sizeof **out_description))) {
204 PERROR_MESSAGE("malloc");
205 goto done;
206 }
207
208 if ((fret = fork()) == -1) {
209 PERROR_MESSAGE("fork");
210 goto done;
211 }
212
213 if (!fret) {
214 /* We are child: ``1>fds[1] 2>&1'' */
215 close(fds[0]);
216 dup2(fds[1], STDOUT_FILENO);
217 dup2(fds[1], STDERR_FILENO);
218 execlp(conf->file_description_prog, conf->file_description_prog,
219 mimetype, filepath, (const char *) 0);
220
221 /* An error has occured but we dare not log */
222 _exit(0);
223 }
224
225 /* We are parent */
226 close(fds[1]);
227
228 do {
229 rret = read(fds[0], *out_description + pos, dlen - pos - 1);
230
231 if (rret == -1) {
232 close(fds[0]);
233 PERROR_MESSAGE("read");
234 goto done;
235 }
236
237 pos += rret;
238
239 if (pos >= dlen - 1) {
240 break;
241 }
242 } while (rret);
243
244 (*out_description)[pos] = '\0';
245 *out_description_len = pos;
246 close(fds[0]);
247 ret = 0;
248 done:
249
250 return ret;
251 }
252
253 /*
254 * Treat the contents of buf as a file. Run board.install_command
255 * and board.thumb_creation_command (if relevant) to place it at
256 * some place like /var/www/rb79/sf/src/2684425523.png. Record that
257 * full path in *out_abs_path. Record a truncated version, suitable
258 * for use in <a>, into *out_path. Record the thumbnail's path (also
259 * suitable for <a>) in *out_thumb_path.
260 *
261 * Preconditions:
262 *
263 * - setup_sanitize_file() was invoked more recently than
264 * clean_sanitize_file().
265 *
266 * - board_idx represents a board, AND THE LOCK IS HELD.
267 *
268 * - buf is memory of length len, and when treated as a file has
269 * MIME type corresponding to *filetype.
270 *
271 * - now, out_abs_path, out_path, out_thumb_path, our_fault are
272 * not 0.
273 *
274 * - *now does not correspond to a timestamp of any other file
275 * (otherwise the filenames will clobber).
276 *
277 * - Overwriting *out_abs_path, *out_path, and *out_thumb_path
278 * shall not cause a memory leak.
279 *
280 * Postconditions (success):
281 *
282 * - *out_abs_path is an absolute path, like
283 * "/var/www/rb79/sf/src/12343252.jpg".
284 *
285 * - *out_path is a path suitable for use in <a>, like
286 * "/sf/src/12343242.jpg".
287 *
288 * - *out_thumb_path is also a path suitable for use in <a>.
289 *
290 * - *out_path_len and *out_thumb_path_len are the relevant lengths
291 * (note there is no out length for *out_abs_path.
292 *
293 * - buf was written to disk, and filetype's .install_command was
294 * run with that file as the first argument and *out_abs_path
295 * as the second argument.
296 *
297 * - If filetype.thumb_creation_command is not 0, it was run with
298 * that file as the first argument and the file corresponding
299 * to *out_thumb_path as the second.
300 *
301 * - Otherwise, *out_thumb_path is a copy of filetype.static_thumbnail.
302 */
303 int sf_install_files(size_t board_idx, const char *buf, size_t len, time_t *now,
304 const struct filetype *filetype, char **out_abs_path,
305 char **out_path,
306 size_t *out_path_len, char **out_thumb_path,
307 size_t *out_thumb_path_len,
308 int *our_fault)
309 {
310 int ret = -1;
311 size_t abs_path_len = snprintf(0, 0, "%s/%s/src/%ju.%s",
312 conf->static_www_folder,
313 conf->boards[board_idx].name,
314 (uintmax_t) -1,
315 filetype->ext);
316 size_t thumb_path_len = snprintf(0, 0, "%s/%s/src/%jus.png",
317 conf->static_www_folder,
318 conf->boards[board_idx].name,
319 (uintmax_t) -1);
320 size_t temp_path_len = snprintf(0, 0, "%s/%ju.%s", temp_dir,
321 (uintmax_t) -1, filetype->ext);
322
323 if (max_static_thumb_len > thumb_path_len) {
324 thumb_path_len = max_static_thumb_len;
325 }
326
327 char *abs_path = 0;
328 char *system_path = 0;
329 char *thumb_path = 0;
330 char *temp_path = 0;
331 size_t thumb_cmd_len = 0;
332 char *thumb_cmd = 0;
333 size_t full_cmd_len = 0;
334 char *full_cmd = 0;
335 FILE *out = 0;
336
337 if (!(abs_path = malloc(abs_path_len + 1))) {
338 PERROR_MESSAGE("malloc");
339 *our_fault = 1;
340 goto done;
341 }
342
343 if (!(system_path = malloc(abs_path_len + 1))) {
344 PERROR_MESSAGE("malloc");
345 *our_fault = 1;
346 goto done;
347 }
348
349 if (!(thumb_path = malloc(thumb_path_len + 1))) {
350 PERROR_MESSAGE("malloc");
351 *our_fault = 1;
352 goto done;
353 }
354
355 if (!(temp_path = malloc(temp_path_len + 1))) {
356 PERROR_MESSAGE("malloc");
357 *our_fault = 1;
358 goto done;
359 }
360
361 while (1) {
362 FILE *f = 0;
363
364 sprintf(abs_path, "%s/%s/src/%ju.%s", conf->static_www_folder,
365 conf->boards[board_idx].name, (uintmax_t) *now,
366 filetype->ext);
367 f = fopen(abs_path, "r");
368
369 if (f) {
370 /*
371 * Since we have the filesystem lock, this
372 * should correctly avoid file clobbering.
373 */
374 fclose(f);
375 (*now)++;
376 continue;
377 }
378
379 if (errno == ENOENT) {
380 break;
381 }
382
383 PERROR_MESSAGE("fopen");
384 *our_fault = 1;
385 goto done;
386 }
387
388 /* At this point, *now and abs_path are correct */
389 sprintf(thumb_path, "%s/%s/src/%jus.png", conf->static_www_folder,
390 conf->boards[board_idx].name, (uintmax_t) *now);
391 sprintf(temp_path, "%s/%ju.%s", temp_dir, (uintmax_t) *now,
392 filetype->ext);
393
394 if (!(out = fopen(temp_path, "w"))) {
395 PERROR_MESSAGE("fopen");
396 *our_fault = 1;
397 goto done;
398 }
399
400 if (fwrite(buf, 1, len, out) < len) {
401 PERROR_MESSAGE("fwrite");
402 *our_fault = 1;
403 goto done;
404 }
405
406 fclose(out);
407
408 /* Now we have something on the filesystem */
409 if (filetype->thumb_creation_command) {
410 thumb_cmd_len = snprintf(0, 0, filetype->thumb_creation_command,
411 temp_path, thumb_path);
412
413 if (!(thumb_cmd = malloc(thumb_cmd_len + 1))) {
414 PERROR_MESSAGE("malloc");
415 *our_fault = 1;
416 goto done;
417 }
418
419 sprintf(thumb_cmd, filetype->thumb_creation_command, temp_path,
420 thumb_path);
421 int tc_ret = system(thumb_cmd);
422
423 if (!WIFEXITED(tc_ret)) {
424 ERROR_MESSAGE(
425 "Thumnail cmd \u00ab%s\u00bb did not exit",
426 thumb_cmd);
427 LOG("Thumnail cmd \u00ab%s\u00bb did not exit",
428 thumb_cmd);
429 goto done;
430 } else if (WEXITSTATUS(tc_ret)) {
431 LOG("Thumnail cmd \u00ab%s\u00bb exited %d", thumb_cmd,
432 (int) WEXITSTATUS(tc_ret));
433 goto done;
434 }
435 } else if (filetype->static_thumbnail) {
436 sprintf(thumb_path, "%s", filetype->static_thumbnail);
437 }
438
439 full_cmd_len = snprintf(0, 0, filetype->install_command, temp_path,
440 abs_path);
441
442 if (!(full_cmd = malloc(full_cmd_len + 1))) {
443 PERROR_MESSAGE("malloc");
444 *our_fault = 1;
445 goto done;
446 }
447
448 sprintf(full_cmd, filetype->install_command, temp_path, abs_path);
449 int fc_ret = system(full_cmd);
450
451 if (!WIFEXITED(fc_ret)) {
452 ERROR_MESSAGE("Install cmd \u00ab%s\u00bb did not exit",
453 full_cmd);
454 LOG("Install cmd \u00ab%s\u00bb did not exit", full_cmd);
455 goto done;
456 } else if (WEXITSTATUS(fc_ret)) {
457 LOG("Full cmd \u00ab%s\u00bb exited %d", full_cmd,
458 (int) WEXITSTATUS(fc_ret));
459 goto done;
460 }
461
462 /* Now *now is correct, files are where they need to be. */
463 ret = 0;
464
465 /* Cut base_path out for out_path and out_thumb_path */
466 if (filetype->thumb_creation_command) {
467 sprintf(thumb_path, "/%s/src/%jus.png",
468 conf->boards[board_idx].name, (uintmax_t) *now);
469 }
470
471 sprintf(system_path, "/%s/src/%ju.%s", conf->boards[board_idx].name,
472 (uintmax_t) *now, filetype->ext);
473 done:
474
475 if (temp_path) {
476 unlink(temp_path);
477 }
478
479 free(temp_path);
480 free(full_cmd);
481 free(thumb_cmd);
482 *out_abs_path = abs_path;
483 *out_path = system_path;
484 *out_path_len = strlen(*out_path);
485 *out_thumb_path = thumb_path;
486 *out_thumb_path_len = strlen(*out_thumb_path);
487
488 return ret;
489 }
490
491 /*
492 * Clean up any memory from this file
493 *
494 * Postconditions (success):
495 *
496 * - Valgrind won't report any memory leas from this file.
497 *
498 * - setup_sanitize_file() can safely be called again.
499 */
500 int clean_sanitize_file(void)
501 {
502 /* XXX: is this safe if errors in setup_sanitize_file()? */
503 magic_close(mime_cookie);
504 mime_cookie = (magic_t) { 0 };
505 conf = 0;
506
507 /*
508 * Note: we explicitly don't unlink temp_dir. If this thing
509 * crashes, I want to know what's there. It will certainly
510 * be the file of whatever caused us to crash. That's like
511 * a log file, and we shouldn't delete logs.
512 */
513 free(temp_dir);
514 temp_dir = 0;
515
516 return 0;
517 }
RB-79 imageboard