Diff

Differences From Artifact [b6a9efc107]:

To Artifact [7252b16239]:


39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
39
40
41
42
43
44
45

























46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

63
64
65
66
67
68
69







-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-

















-







#include <stdarg.h>
#include <fcntl.h>
#include <stdio.h>
#include <errno.h>
#include <time.h>
#include <pwd.h>

/*
 * Determine if the C compiler supports C11 atomics
 */
#if __STDC_VERSION__ >= 201112L
#  ifndef __STDC_NO_ATOMICS__
#    define FILED_FEATURE_C11_ATOMICS 1
#  endif
#endif

/*
 * If the C compiler does not support C11 atomics, disable TIMEOUT support
 * since it relies upon it
 */
#ifndef FILED_FEATURE_C11_ATOMICS
#  define FILED_DONT_TIMEOUT 1
#endif

/*
 * These headers are only required for TIMEOUT support
 */
#ifndef FILED_DONT_TIMEOUT
#include <stdatomic.h>
#include <stdbool.h>
#endif

/* Compile time constants */
#define FILED_VERSION "1.21"
#define FILED_SENDFILE_MAX 16777215
#define FILED_MAX_FAILURE_COUNT 30
#define FILED_DEFAULT_TYPE "application/octet-stream"
#define FILED_PATH_BUFFER_SIZE 1010

/* Default values */
#define PORT 80
#define THREAD_COUNT 5
#define BIND_ADDR "::"
#define CACHE_SIZE 8209
#define LOG_FILE "-"

/* Fuzzing Test Code */
#ifdef FILED_TEST_AFL
#define FILED_DONT_LOG 1
#define FILED_DONT_TIMEOUT 1
#define pthread_create(a, x, y, z) afl_pthread_create(a, x, y, z)
#define bind(x, y, z) afl_bind(x, y, z)
#define socket(x, y, z) 8193
#define listen(x, y) 0
#define accept(x, y, z) afl_accept(x, y, z)
#define close(x) { if (strcmp(#x, "random_fd") == 0) { close(x); } else { exit(0); } }
#define fclose(x) exit(0)
204
205
206
207
208
209
210

211
212
213
214
215
216
217
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192







+







	/* Message buffer for type = MESSAGE */
	/* Path buffer for type = TRANSFER */
	char buffer[FILED_PATH_BUFFER_SIZE];

	/* Items for type = TRANSFER */
	int http_code;
	const char *reason;
	time_t connecttime;
	time_t starttime;
	time_t endtime;
	off_t req_offset;
	off_t req_length;
	off_t sent_length;
	off_t file_length;
	char ip[128];
486
487
488
489
490
491
492
493

494
495
496

497
498
499
500
501
502
503
461
462
463
464
465
466
467

468
469
470
471
472
473
474
475
476
477
478
479







-
+



+







							break;
					}

					if (curr->endtime == ((time_t) -1)) {
						curr->endtime = now;
					}

					fprintf(fp, "TRANSFER METHOD=%s PATH=%s SRC=%s:%i TIME.START=%llu TIME.END=%llu CODE.VALUE=%u CODE.REASON=%s REQUEST.OFFSET=%llu REQUEST.LENGTH=%llu FILE.LENGTH=%llu TRANSFER.LENGTH=%llu",
					fprintf(fp, "TRANSFER METHOD=%s PATH=%s SRC=%s:%i CLIENT.TIME.CONNECT=%llu REQUEST.TIME.START=%llu REQUEST.TIME.END=%llu CODE.VALUE=%u CODE.REASON=%s REQUEST.OFFSET=%llu REQUEST.LENGTH=%llu FILE.LENGTH=%llu TRANSFER.LENGTH=%llu",
						method,
						curr->buffer,
						curr->ip, curr->port,
						(unsigned long long) curr->connecttime,
						(unsigned long long) curr->starttime,
						(unsigned long long) curr->endtime,
						curr->http_code, curr->reason,
						(unsigned long long) curr->req_offset,
						(unsigned long long) curr->req_length,
						(unsigned long long) curr->file_length,
						(unsigned long long) curr->sent_length
540
541
542
543
544
545
546

547
548
549
550
551
552
553
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530







+







	struct filed_log_entry *retval;

	retval = malloc(sizeof(*retval));

	if (initialize) {
		retval->buffer[0] = '\0';
		retval->http_code = -1;
		retval->connecttime = 0;
		retval->starttime = 0;
		retval->endtime = 0;
		retval->req_offset = 0;
		retval->req_length = 0;
		retval->sent_length = 0;
		retval->file_length = 0;
		retval->ip[0] = '\0';
633
634
635
636
637
638
639
640

641
642

643
644
645
646
647







648
649

650
651
652
653
654
655
656
657
658
659
660
661
662
663

664
665




666

667
668
669
670





671
672
673
674
675
676
677
678
679


680

681
682

683
684



685
686
687
688
689
690
691
692
693
694

695
696
697
698
699
700
701
702
703
704

705
706
707
708
709

710
711
712
713




714





715
716
717
718
719
720
721
722
723
724
725



726
727
728
729


730
731
732


733
734
735
736
737







738
739

740
741

742
743
744
745

746
747

748
749
750
751
752
753

754
755
756
757
758


759
760
761
762
763
764
765
610
611
612
613
614
615
616

617
618

619
620




621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643

644
645
646
647
648
649
650

651
652
653
654

655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670

671
672

673
674

675
676
677
678
679
680
681
682
683
684
685
686

687
688
689
690
691
692
693
694
695
696

697
698
699
700
701

702
703
704
705
706
707
708
709
710

711
712
713
714
715
716
717
718
719
720
721
722
723
724
725

726
727
728
729
730


731
732
733
734
735
736
737
738
739



740
741
742
743
744
745
746
747

748
749

750
751
752
753

754
755

756
757
758
759
760
761

762
763
764
765
766
767
768
769
770
771
772
773
774
775
776







-
+

-
+

-
-
-
-
+
+
+
+
+
+
+


+













-
+


+
+
+
+
-
+



-
+
+
+
+
+









+
+
-
+

-
+

-
+
+
+









-
+









-
+




-
+




+
+
+
+
-
+
+
+
+
+










-
+
+
+


-
-
+
+



+
+


-
-
-
+
+
+
+
+
+
+

-
+

-
+



-
+

-
+





-
+





+
+








#ifdef FILED_DONT_TIMEOUT
#define filed_sockettimeout_thread_init() 0
#define filed_sockettimeout_init() 0
#define filed_sockettimeout_accept(x) /**/
#define filed_sockettimeout_processing_start(x) /**/
#define filed_sockettimeout_processing_end(x) /**/
#define filed_sockettimeout_close(x) /**/
#define filed_sockettimeout_close(x, y) /**/
#else
_Atomic time_t filed_sockettimeout_time;
time_t filed_sockettimeout_time;
struct {
	_Atomic time_t expiration_time;
	_Atomic pthread_t thread_id;
	bool valid;
}* filed_sockettimeout_sockstatus;
	time_t expiration_time;
	pthread_t thread_id;
	enum {
		filed_sockettimeout_valid,
		filed_sockettimeout_invalid,
	} valid;
} *filed_sockettimeout_sockstatus;
long filed_sockettimeout_sockstatus_length;
int filed_sockettimeout_devnull_fd;
pthread_mutex_t filed_sockettimeout_mutex = PTHREAD_MUTEX_INITIALIZER;

static int filed_sockettimeout_sockfd_in_range(int sockfd) {
	if (sockfd < 3) {
		return(0);
	}

	if (sockfd > filed_sockettimeout_sockstatus_length) {
		return(0);
	}

	return(1);
}

static void filed_sockettimeout_expire(int sockfd, int length) {
static void filed_sockettimeout_expire(int sockfd, int length, int lockheld) {
	time_t now, expire;

	if (!lockheld) {
		pthread_mutex_lock(&filed_sockettimeout_mutex);
	}

	now = atomic_load(&filed_sockettimeout_time);
	now = filed_sockettimeout_time;

	expire = now + length;

	atomic_store(&filed_sockettimeout_sockstatus[sockfd].expiration_time, expire);
	filed_sockettimeout_sockstatus[sockfd].expiration_time = expire;

	if (!lockheld) {
		pthread_mutex_unlock(&filed_sockettimeout_mutex);
	}

	return;
}

static void filed_sockettimeout_accept(int sockfd) {
	if (!filed_sockettimeout_sockfd_in_range(sockfd)) {
		return;
	}

	pthread_mutex_lock(&filed_sockettimeout_mutex);

	filed_sockettimeout_expire(sockfd, 60);
	filed_sockettimeout_expire(sockfd, 60, 1);

	atomic_store(&filed_sockettimeout_sockstatus[sockfd].thread_id, pthread_self());
	filed_sockettimeout_sockstatus[sockfd].thread_id = pthread_self();

	atomic_store(&filed_sockettimeout_sockstatus[sockfd].valid, true);
	filed_sockettimeout_sockstatus[sockfd].valid = filed_sockettimeout_valid;

	pthread_mutex_unlock(&filed_sockettimeout_mutex);

	return;
}

static void filed_sockettimeout_processing_start(int sockfd) {
	if (!filed_sockettimeout_sockfd_in_range(sockfd)) {
		return;
	}

	filed_sockettimeout_expire(sockfd, 86400);
	filed_sockettimeout_expire(sockfd, 86400, 0);

	return;
}

static void filed_sockettimeout_processing_end(int sockfd) {
	if (!filed_sockettimeout_sockfd_in_range(sockfd)) {
		return;
	}

	filed_sockettimeout_expire(sockfd, 60);
	filed_sockettimeout_expire(sockfd, 60, 0);

	return;
}

static void filed_sockettimeout_close(int sockfd) {
static void filed_sockettimeout_close(int sockfd, int lockheld) {
	if (!filed_sockettimeout_sockfd_in_range(sockfd)) {
		return;
	}

	if (!lockheld) {
		pthread_mutex_lock(&filed_sockettimeout_mutex);
	}

	atomic_store(&filed_sockettimeout_sockstatus[sockfd].valid, false);
	filed_sockettimeout_sockstatus[sockfd].valid = filed_sockettimeout_invalid;

	if (!lockheld) {
		pthread_mutex_unlock(&filed_sockettimeout_mutex);
	}

	return;
}

static void *filed_sockettimeout_thread(void *arg) {
	struct timespec sleep_time;
	time_t now, expiration_time;
	pthread_t thread_id;
	long idx;
	int count;
	bool valid;
	int valid;
	int time_interval = 30;
	int check_period = 90;

	while (1) {
		for (count = 0; count < 10; count++) {
			sleep_time.tv_sec = 30;
		for (count = 0; count < (check_period / time_interval); count++) {
			sleep_time.tv_sec = time_interval;
			sleep_time.tv_nsec = 0;
			nanosleep(&sleep_time, NULL);

			pthread_mutex_lock(&filed_sockettimeout_mutex);

			now = time(NULL);

			atomic_store(&filed_sockettimeout_time, now);
		}

			filed_sockettimeout_time = now;

			pthread_mutex_unlock(&filed_sockettimeout_mutex);
		}

		pthread_mutex_lock(&filed_sockettimeout_mutex);

		for (idx = 0; idx < filed_sockettimeout_sockstatus_length; idx++) {
			valid = atomic_load(&filed_sockettimeout_sockstatus[idx].valid);
			valid = filed_sockettimeout_sockstatus[idx].valid;

			if (!valid) {
			if (valid != filed_sockettimeout_valid) {
				continue;
			}

			expiration_time = atomic_load(&filed_sockettimeout_sockstatus[idx].expiration_time);
			expiration_time = filed_sockettimeout_sockstatus[idx].expiration_time;

			thread_id = atomic_load(&filed_sockettimeout_sockstatus[idx].thread_id);
			thread_id = filed_sockettimeout_sockstatus[idx].thread_id;

			if (expiration_time > now) {
				continue;
			}

			filed_sockettimeout_close(idx);
			filed_sockettimeout_close(idx, 1);

			dup2(filed_sockettimeout_devnull_fd, idx);

			pthread_kill(thread_id, SIGPIPE);
		}

		pthread_mutex_unlock(&filed_sockettimeout_mutex);
	}

	return(NULL);

	/* NOTREACH: We don't actually take any arguments */
	arg = arg;
}
776
777
778
779
780
781
782

783

784
785
786
787
788
789

790
791
792
793
794
795
796
797
798
799
787
788
789
790
791
792
793
794

795
796
797
798
799
800

801
802
803

804
805
806
807
808
809
810







+
-
+





-
+


-







	long maxfd, idx;

	maxfd = sysconf(_SC_OPEN_MAX);
	if (maxfd <= 0) {
		maxfd = 4096;
	}

	filed_sockettimeout_sockstatus_length = maxfd;
	filed_sockettimeout_sockstatus = malloc(sizeof(*filed_sockettimeout_sockstatus) * maxfd);
	filed_sockettimeout_sockstatus = malloc(sizeof(*filed_sockettimeout_sockstatus) * filed_sockettimeout_sockstatus_length);
	if (filed_sockettimeout_sockstatus == NULL) {
		return(-1);
	}

	for (idx = 0; idx < maxfd; idx++) {
		filed_sockettimeout_sockstatus[idx].valid = false;
		filed_sockettimeout_sockstatus[idx].valid = filed_sockettimeout_invalid;
	}

	filed_sockettimeout_sockstatus_length = maxfd;
	filed_sockettimeout_devnull_fd = open("/dev/null", O_RDWR);
	if (filed_sockettimeout_devnull_fd < 0) {
		return(-1);
	}

	return(0);
}
1199
1200
1201
1202
1203
1204
1205
1206

1207
1208
1209
1210
1211
1212
1213
1210
1211
1212
1213
1214
1215
1216

1217
1218
1219
1220
1221
1222
1223
1224







-
+







	/** reason must point to a globally allocated value **/
	log->reason = reason;
	log->http_code = error_number;

	filed_log_entry(log);

	/* Close connection */
	filed_sockettimeout_close(fileno(fp));
	filed_sockettimeout_close(fileno(fp), 0);

	fclose(fp);

	return;
}

/* Return a redirect to index.html */
1224
1225
1226
1227
1228
1229
1230
1231

1232
1233
1234
1235
1236
1237
1238
1235
1236
1237
1238
1239
1240
1241

1242
1243
1244
1245
1246
1247
1248
1249







-
+







	/* Log redirect */
	log->reason = "redirect";
	log->http_code = http_code;

	filed_log_entry(log);

	/* Close connection */
	filed_sockettimeout_close(fileno(fp));
	filed_sockettimeout_close(fileno(fp), 0);

	fclose(fp);

	return;

	/* Currently unused: path */
	path = path;
1258
1259
1260
1261
1262
1263
1264



1265
1266
1267
1268
1269
1270
1271

1272
1273
1274
1275
1276
1277
1278
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284

1285
1286
1287
1288
1289
1290
1291
1292







+
+
+






-
+







	size_t sendfile_size;
	off_t sendfile_offset, sendfile_sent, sendfile_len;
	char *path;
	char *date_current, date_current_b[64];
	int http_code;
	FILE *fp;

	/* Indicate the connection start time */
	log->connecttime = time(NULL);

	/* Determine current time */
	date_current = filed_format_time(date_current_b, sizeof(date_current_b), time(NULL));

	/* Open socket as ANSI I/O for ease of use */
	fp = fdopen(fd, "w+b");
	if (fp == NULL) {
		filed_sockettimeout_close(fd);
		filed_sockettimeout_close(fd, 0);

		close(fd);

		log->buffer[0] = '\0';
		log->http_code = -1;
		log->reason = "fdopen_failed";

1457
1458
1459
1460
1461
1462
1463
1464

1465
1466
1467
1468
1469
1470
1471
1471
1472
1473
1474
1475
1476
1477

1478
1479
1480
1481
1482
1483
1484
1485







-
+







	log->sent_length = sendfile_sent;

	filed_log_entry(log);

	close(fileinfo->fd);

	if (request->headers.connection != FILED_CONNECTION_KEEP_ALIVE) {
		filed_sockettimeout_close(fd);
		filed_sockettimeout_close(fd, 0);

		fclose(fp);

		return(FILED_CONNECTION_CLOSE);
	}

	filed_sockettimeout_processing_end(fd);