diff options
author | The Android Open Source Project <initial-contribution@android.com> | 2008-10-21 07:00:00 -0700 |
---|---|---|
committer | The Android Open Source Project <initial-contribution@android.com> | 2008-10-21 07:00:00 -0700 |
commit | 55f4e4a5ec657a017e3bf75299ad71fd1c968dd3 (patch) | |
tree | 550ce922ea0e125ac6a9738210ce2939bf2fe901 /slirp/tftp.c | |
parent | 413f05aaf54fa08c0ae7e997327a4f4a473c0a8d (diff) | |
download | external_qemu-55f4e4a5ec657a017e3bf75299ad71fd1c968dd3.zip external_qemu-55f4e4a5ec657a017e3bf75299ad71fd1c968dd3.tar.gz external_qemu-55f4e4a5ec657a017e3bf75299ad71fd1c968dd3.tar.bz2 |
Initial Contribution
Diffstat (limited to 'slirp/tftp.c')
-rw-r--r-- | slirp/tftp.c | 149 |
1 files changed, 119 insertions, 30 deletions
diff --git a/slirp/tftp.c b/slirp/tftp.c index c9946d6..8af404a 100644 --- a/slirp/tftp.c +++ b/slirp/tftp.c @@ -1,8 +1,8 @@ /* * tftp.c - a simple, read-only tftp server for qemu - * + * * Copyright (c) 2004 Magnus Damm <damm@opensource.se> - * + * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights @@ -27,10 +27,10 @@ struct tftp_session { int in_use; unsigned char filename[TFTP_FILENAME_MAX]; - + struct in_addr client_ip; u_int16_t client_port; - + int timestamp; }; @@ -102,8 +102,15 @@ static int tftp_read_data(struct tftp_session *spt, u_int16_t block_nr, { int fd; int bytes_read = 0; + char buffer[1024]; + int n; + + n = snprintf(buffer, sizeof(buffer), "%s/%s", + tftp_prefix, spt->filename); + if (n >= sizeof(buffer)) + return -1; - fd = open(spt->filename, O_RDONLY | O_BINARY); + fd = open(buffer, O_RDONLY | O_BINARY); if (fd < 0) { return -1; @@ -120,16 +127,55 @@ static int tftp_read_data(struct tftp_session *spt, u_int16_t block_nr, return bytes_read; } -static int tftp_send_error(struct tftp_session *spt, +static int tftp_send_oack(struct tftp_session *spt, + const char *key, uint32_t value, + struct tftp_t *recv_tp) +{ + struct sockaddr_in saddr, daddr; + MBuf m; + struct tftp_t *tp; + int n = 0; + + m = mbuf_alloc(); + + if (!m) + return -1; + + memset(m->m_data, 0, m->m_size); + + m->m_data += if_maxlinkhdr; + tp = (void *)m->m_data; + m->m_data += sizeof(struct udpiphdr); + + tp->tp_op = htons(TFTP_OACK); + n += sprintf((char*)tp->x.tp_buf + n, "%s", key) + 1; + n += sprintf((char*)tp->x.tp_buf + n, "%u", value) + 1; + + saddr.sin_addr = recv_tp->ip.ip_dst; + saddr.sin_port = recv_tp->udp.uh_dport; + + daddr.sin_addr = spt->client_ip; + daddr.sin_port = spt->client_port; + + m->m_len = sizeof(struct tftp_t) - 514 + n - + sizeof(struct ip) - sizeof(struct udphdr); + udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY); + + return 0; +} + + + +static int tftp_send_error(struct tftp_session *spt, u_int16_t errorcode, const char *msg, struct tftp_t *recv_tp) { struct sockaddr_in saddr, daddr; - struct mbuf *m; + MBuf m; struct tftp_t *tp; int nobytes; - m = m_get(); + m = mbuf_alloc(); if (!m) { return -1; @@ -140,10 +186,10 @@ static int tftp_send_error(struct tftp_session *spt, m->m_data += if_maxlinkhdr; tp = (void *)m->m_data; m->m_data += sizeof(struct udpiphdr); - + tp->tp_op = htons(TFTP_ERROR); tp->x.tp_error.tp_error_code = htons(errorcode); - strcpy(tp->x.tp_error.tp_msg, msg); + strcpy((char*)tp->x.tp_error.tp_msg, msg); saddr.sin_addr = recv_tp->ip.ip_dst; saddr.sin_port = recv_tp->udp.uh_dport; @@ -153,7 +199,7 @@ static int tftp_send_error(struct tftp_session *spt, nobytes = 2; - m->m_len = sizeof(struct tftp_t) - 514 + 3 + strlen(msg) - + m->m_len = sizeof(struct tftp_t) - 514 + 3 + strlen(msg) - sizeof(struct ip) - sizeof(struct udphdr); udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY); @@ -163,12 +209,12 @@ static int tftp_send_error(struct tftp_session *spt, return 0; } -static int tftp_send_data(struct tftp_session *spt, +static int tftp_send_data(struct tftp_session *spt, u_int16_t block_nr, struct tftp_t *recv_tp) { struct sockaddr_in saddr, daddr; - struct mbuf *m; + MBuf m; struct tftp_t *tp; int nobytes; @@ -176,7 +222,7 @@ static int tftp_send_data(struct tftp_session *spt, return -1; } - m = m_get(); + m = mbuf_alloc(); if (!m) { return -1; @@ -187,7 +233,7 @@ static int tftp_send_data(struct tftp_session *spt, m->m_data += if_maxlinkhdr; tp = (void *)m->m_data; m->m_data += sizeof(struct udpiphdr); - + tp->tp_op = htons(TFTP_DATA); tp->x.tp_data.tp_block_nr = htons(block_nr); @@ -200,7 +246,7 @@ static int tftp_send_data(struct tftp_session *spt, nobytes = tftp_read_data(spt, block_nr - 1, tp->x.tp_data.tp_buf, 512); if (nobytes < 0) { - m_free(m); + mbuf_free(m); /* send "file not found" error back */ @@ -209,7 +255,7 @@ static int tftp_send_data(struct tftp_session *spt, return -1; } - m->m_len = sizeof(struct tftp_t) - (512 - nobytes) - + m->m_len = sizeof(struct tftp_t) - (512 - nobytes) - sizeof(struct ip) - sizeof(struct udphdr); udp_output2(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY); @@ -251,52 +297,95 @@ static void tftp_handle_rrq(struct tftp_t *tp, int pktlen) else { return; } - + if (src[k] == '\0') { break; } } - + if (k >= n) { return; } - + k++; - + /* check mode */ if ((n - k) < 6) { return; } - + if (memcmp(&src[k], "octet\0", 6) != 0) { tftp_send_error(spt, 4, "Unsupported transfer mode", tp); return; } + k += 6; /* skipping octet */ + /* do sanity checks on the filename */ if ((spt->filename[0] != '/') - || (spt->filename[strlen(spt->filename) - 1] == '/') - || strstr(spt->filename, "/../")) { + || (spt->filename[strlen((const char*)spt->filename) - 1] == '/') + || strstr((const char*)spt->filename, "/../")) { tftp_send_error(spt, 2, "Access violation", tp); return; } /* only allow exported prefixes */ - if (!tftp_prefix - || (strncmp(spt->filename, tftp_prefix, strlen(tftp_prefix)) != 0)) { + if (!tftp_prefix) { tftp_send_error(spt, 2, "Access violation", tp); return; } /* check if the file exists */ - + if (tftp_read_data(spt, 0, spt->filename, 0) < 0) { tftp_send_error(spt, 1, "File not found", tp); return; } + if (src[n - 1] != 0) { + tftp_send_error(spt, 2, "Access violation", tp); + return; + } + + while (k < n) { + const char *key, *value; + + key = (const char*)src + k; + k += strlen(key) + 1; + + if (k >= n) { + tftp_send_error(spt, 2, "Access violation", tp); + return; + } + + value = (const char*)src + k; + k += strlen(value) + 1; + + if (strcmp(key, "tsize") == 0) { + int tsize = atoi(value); + struct stat stat_p; + + if (tsize == 0 && tftp_prefix) { + char buffer[1024]; + int len; + + len = snprintf(buffer, sizeof(buffer), "%s/%s", + tftp_prefix, spt->filename); + + if (stat(buffer, &stat_p) == 0) + tsize = stat_p.st_size; + else { + tftp_send_error(spt, 1, "File not found", tp); + return; + } + } + + tftp_send_oack(spt, "tsize", tsize, tp); + } + } + tftp_send_data(spt, 1, tp); } @@ -310,14 +399,14 @@ static void tftp_handle_ack(struct tftp_t *tp, int pktlen) return; } - if (tftp_send_data(&tftp_sessions[s], - ntohs(tp->x.tp_data.tp_block_nr) + 1, + if (tftp_send_data(&tftp_sessions[s], + ntohs(tp->x.tp_data.tp_block_nr) + 1, tp) < 0) { return; } } -void tftp_input(struct mbuf *m) +void tftp_input(MBuf m) { struct tftp_t *tp = (struct tftp_t *)m->m_data; |