/**
* mds — A micro-display server
* Copyright © 2014, 2015, 2016, 2017 Mattias Andrée (maandree@kth.se)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include "util.h"
#include "config.h"
#include "macros.h"
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
/**
* The content of `/proc/self/exe`, when
* `prepare_reexec` was invoked.
*/
static char self_exe[PATH_MAX] = {0};
/**
* Convert a client ID string into a client ID integer
*
* @param str The client ID string
* @return The client ID integer
*/
uint64_t
parse_client_id(const char *str)
{
char client_words[22];
char *client_high;
char *client_low;
uint64_t client;
strcpy(client_high = client_words, str);
client_low = rawmemchr(client_words, ':');
*client_low++ = '\0';
client = atou64(client_high) << 32;
client |= atou64(client_low);
return client;
}
/**
* Read an environment variable, but handle it as undefined if empty
*
* @param var The environment variable's name
* @return The environment variable's value, `NULL` if empty or not defined
*/
char *
getenv_nonempty(const char *var)
{
char *rc = getenv(var);
return (rc && *rc) ? rc : NULL;
}
/**
* Prepare the server so that it can reexec into
* a newer version of the executed file.
*
* This is required for two reasons:
* 1: We cannot use argv[0] as PATH-resolution may
* cause it to reexec into another pathname, and
* maybe to wrong program. Additionally argv[0]
* may not even refer to the program, and chdir
* could also hinter its use.
* 2: The kernel appends ` (deleted)` to
* `/proc/self/exe` once it has been removed,
* so it cannot be replaced.
*
* @return Zero on success, -1 on error
*/
int
prepare_reexec(void)
{
ssize_t len;
len = readlink(SELF_EXE, self_exe, (sizeof(self_exe) / sizeof(char)) - 1);
fail_if (len < 0);
/* ‘readlink() does not append a null byte to buf.’ */
self_exe[len] = '\0';
/* Handle possible race condition: file was removed. */
if (access(self_exe, F_OK) < 0)
if (!strcmp(self_exe + (len - 10), " (deleted)"))
self_exe[len - 10] = '\0';
return 0;
fail:
return -1;
}
/**
* Re-exec the server.
* This function only returns on failure.
*
* If `prepare_reexec` failed or has not been called,
* `argv[0]` will be used as a fallback.
*
* @param argc The number of elements in `argv`
* @param argv The command line arguments
* @param reexeced Whether the server has previously been re-exec:ed
*/
void
reexec_server(int argc, char **argv, int reexeced)
{
char **reexec_args;
char **reexec_args_;
int i;
/* Re-exec the server. */
reexec_args = alloca(((size_t)argc + 2) * sizeof(char*));
reexec_args_ = reexec_args;
if (!reexeced) {
*reexec_args_++ = *argv;
fail_if (xstrdup(*reexec_args_, "--re-exec"));
for (i = 1; i < argc; i++)
reexec_args_[i] = argv[i];
} else { /* Don't let the --re-exec:s accumulate. */
*reexec_args_ = *argv;
}
for (i = 1; i < argc; i++)
reexec_args_[i] = argv[i];
reexec_args_[argc] = NULL;
execv(self_exe[0] ? self_exe : argv[0], reexec_args);
fail:
return;
}
/**
* Set up a signal trap.
* This function should only be used for common mds
* signals and signals that does not require and
* special settings. This function may choose to add
* additional behaviour depending on the signal, such
* as blocking other signals.
*
* @param signo The signal to trap
* @param function The function to run when the signal is caught
* @return Zero on success, -1 on error
*/
int
xsigaction(int signo, void (*function)(int signo))
{
struct sigaction action;
sigset_t sigset;
sigemptyset(&sigset);
action.sa_handler = function;
action.sa_mask = sigset;
action.sa_flags = 0;
return sigaction(signo, &action, NULL);
}
/**
* Send a message over a socket
*
* @param socket The file descriptor of the socket
* @param message The message to send
* @param length The length of the message
* @return The number of bytes that have been sent (even on error)
*/
size_t
send_message(int socket, const char *message, size_t length)
{
size_t block_size = length;
size_t sent = 0;
ssize_t just_sent;
errno = 0;
while (length > 0) {
if ((just_sent = send(socket, message + sent, min(block_size, length), MSG_NOSIGNAL)) < 0) {
if (errno == EPIPE)
errno = ECONNRESET;
if (errno == EMSGSIZE) {
block_size >>= 1;
if (!block_size)
return sent;
} else {
return sent;
}
} else {
sent += (size_t)just_sent;
length -= (size_t)just_sent;
}
}
return sent;
}
/**
* A version of `atoi` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
int
strict_atoi(const char *str, int *value, int min, int max)
{
long long int r;
char *endptr;
r = strtoll(str, &endptr, 10);
if (!*str || isspace(*str) ||
endptr - str != (ssize_t)strlen(str) ||
r < (long long int)min ||
r > (long long int)max)
return -1;
*value = (int)r;
return 0;
}
/**
* A version of `atoj` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
int
strict_atoj(const char *str, intmax_t *value, intmax_t min, intmax_t max)
{
static char minstr[3 * sizeof(intmax_t) + 2] = { '\0' };
intmax_t r = 0;
char c;
int neg = 0;
if (*str == '-') {
if (!*minstr)
sprintf(minstr, "%j", INTMAX_MIN);
if (!strcmp(str, minstr)) {
r = INTMAX_MIN;
goto done;
}
neg = 1, str++;
}
if (!*str)
return -1;
while ((c = *str)) {
if ('0' <= c && c <= '9') {
if (r > INTMAX_MAX / 10) {
return -1;
} else if (r == INTMAX_MAX / 10) {
if ((c & 15) > INTMAX_MAX % 10)
return -1;
}
r = r * 10 + (c & 15);
} else {
return -1;
}
}
if (neg)
r = -r;
done:
if (r < min || r > max)
return -1;
*value = r;
return 0;
}
#if defined(__GNUC__)
/* GCC says strict_atouj is a candidate for the attribute ‘pure’,
* however the line `*value = r` means that it is not, at least
* if you only consider what GCC's manuals says about the attribute. */
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wsuggest-attribute=pure"
#endif
/**
* A version of `atouj` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
int
strict_atouj(const char *str, uintmax_t *value, uintmax_t min, uintmax_t max)
{
uintmax_t r = 0;
char c;
if (!*str)
return -1;
while ((c = *str)) {
if ('0' <= c && c <= '9') {
if (r > INTMAX_MAX / 10) {
return -1;
} else if (r == INTMAX_MAX / 10) {
if ((c & 15) > INTMAX_MAX % 10)
return -1;
}
r = r * 10 + (c & 15);
} else {
return -1;
}
}
if (r < min || r > max)
return -1;
*value = r;
return 0;
}
#if defined(__GNUC__)
# pragma GCC diagnostic pop
#endif
#define __strict_y(Y, TYPE, PARA_TYPE, HYPER_Y, HYPER_TYPE)\
int\
strict_##Y(const char *str, TYPE *value, PARA_TYPE min, PARA_TYPE max)\
{\
HYPER_TYPE intermediate_value;\
if (strict_##HYPER_Y(str, &intermediate_value, (HYPER_TYPE)min, (HYPER_TYPE)max) < 0)\
return -1;\
return *value = (TYPE)intermediate_value, 0;\
}
#define __strict_x(X, TYPE, HYPER_X, HYPER_TYPE)\
__strict_y(X, TYPE, TYPE, HYPER_X, HYPER_TYPE)
/**
* A version of `atoh` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_y(atoh, short int, int, atoi, int)
/**
* A version of `atouh` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_y(atouh, unsigned short int, unsigned int, atouj, uintmax_t)
/**
* A version of `atou` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(atou, unsigned int, atouj, uintmax_t)
/**
* A version of `atol` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(atol, long int, atoj, intmax_t)
/**
* A version of `atoul` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(atoul, unsigned long int, atouj, uintmax_t)
/**
* A version of `atoll` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(atoll, long long int, atoj, intmax_t)
/**
* A version of `atoull` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(atoull, unsigned long long int, atouj, uintmax_t)
/**
* A version of `atoz` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(atoz, size_t, atouj, uintmax_t)
/**
* A version of `atosz` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(atosz, ssize_t, atoj, intmax_t)
/**
* A version of `ato8` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_y(ato8, int8_t, int, atoi, int)
/**
* A version of `atou8` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_y(atou8, uint8_t, int, atoi, int)
/**
* A version of `ato16` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_y(ato16, int16_t, int, atoi, int)
/**
* A version of `atou16` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_y(atou16, uint16_t, unsigned int, atouj, uintmax_t)
/**
* A version of `ato32` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(ato32, int32_t, atoj, intmax_t)
/**
* A version of `atou32` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(atou32, uint32_t, atouj, uintmax_t)
/**
* A version of `ato64` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(ato64, int64_t, atoj, intmax_t)
/**
* A version of `atou64` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
__strict_x(atou64, uint64_t, atouj, uintmax_t)
#undef __strict_x
/**
* Send a buffer into a file and ignore interruptions
*
* @param fd The file descriptor
* @param buffer The buffer
* @param length The length of the buffer
* @return Zero on success, -1 on error
*/
int
full_write(int fd, const char *buffer, size_t length)
{
ssize_t wrote;
while (length > 0) {
errno = 0;
wrote = write(fd, buffer, length);
fail_if (errno && errno != EINTR);
length -= (size_t)max(wrote, 0);
buffer += (size_t)max(wrote, 0);
}
return 0;
fail:
return -1;
}
/**
* Read a file completely and ignore interruptions
*
* @param fd The file descriptor
* @param length Output parameter for the length of the file, may be `NULL`
* @return The content of the file, you will need to free it. `NULL` on error.
*/
char *
full_read(int fd, size_t *length)
{
char *old_buf = NULL;
size_t buffer_size = 8 << 10;
size_t buffer_ptr = 0;
char *buffer;
ssize_t got;
int saved_errno;
if (length)
*length = 0;
/* Allocate buffer for data. */
fail_if (xmalloc(buffer, buffer_size, char));
/* Read the file. */
for (;;) {
/* Grow buffer if it is too small. */
if (buffer_size == buffer_ptr)
fail_if (xxrealloc(old_buf, buffer, buffer_size <<= 1, char));
/* Read from the file into the buffer. */
got = read(fd, buffer + buffer_ptr, buffer_size - buffer_ptr);
fail_if (got < 0 && errno != EINTR);
if (!got)
break;
buffer_ptr += (size_t)got;
}
if (length)
*length = buffer_ptr;
return buffer;
fail:
saved_errno = errno;
free(old_buf);
free(buffer);
return errno = saved_errno, NULL;
}
/**
* Send a full message even if interrupted
*
* @param socket The file descriptor for the socket to use
* @param message The message to send
* @param length The length of the message
* @return Zero on success, -1 on error
*/
int
full_send(int socket, const char *message, size_t length)
{
size_t sent;
while (length > 0) {
sent = send_message(socket, message, length);
fail_if (sent < length && errno != EINTR);
message += sent;
length -= sent;
}
return 0;
fail:
return -1;
}
/**
* Check whether a string begins with a specific string,
* where neither of the strings are necessarily NUL-terminated
*
* @param haystack The string that should start with the other string
* @param needle The string the first string should start with
* @param haystack_n The length of `haystack`
* @param needle_n The length of `needle`
* @return Whether the `haystack` begins with `needle`
*/
int
startswith_n(const char *haystack, const char *needle, size_t haystack_n, size_t needle_n)
{
size_t i;
if (haystack_n < needle_n)
return 0;
for (i = 0; i < needle_n; i++)
if (haystack[i] != needle[i])
return 0;
return 1;
}
/**
* Wrapper around `waitpid` that never returns on an interruption unless
* it is interrupted 100 times within the same second
*
* @param pid See description of `pid` in the documentation for `waitpid`
* @param status See description of `status` in the documentation for `waitpid`
* @param options See description of `options` in the documentation for `waitpid`
* @return See the documentation for `waitpid`
*/
pid_t
uninterruptable_waitpid(pid_t pid, int *restrict status, int options)
{
struct timespec time_start;
struct timespec time_intr;
int intr_count = 0, have_time;
pid_t rc;
have_time = (monotone(&time_start) >= 0);
rewait:
rc = waitpid(pid, status, options);
if (rc == (pid_t)-1) {
fail_if (errno != EINTR);
if (have_time && monotone(&time_intr) >= 0)
if (time_start.tv_sec != time_intr.tv_sec)
intr_count = 0;
if (intr_count++ < 100)
goto rewait;
/* Don't let the CPU catch fire! */
errno = EINTR;
}
fail:
return rc;
}
/**
* Check whether a NUL-terminated string is encoded in UTF-8
*
* @param string The string
* @param allow_modified_nul Whether Modified UTF-8 is allowed, which allows a two-byte encoding for NUL
* @return Zero if good, -1 on encoding error
*/
int
verify_utf8(const char *string, int allow_modified_nul)
{
static long BYTES_TO_MIN_BITS[] = {0, 0, 8, 12, 17, 22, 37};
static long BYTES_TO_MAX_BITS[] = {0, 7, 11, 16, 21, 26, 31};
long bytes = 0, read_bytes = 0, bits = 0, c, character;
/* min bits max bits
0....... 0 7
110..... 10...... 8 11
1110.... 10...... 10...... 12 16
11110... 10...... 10...... 10...... 17 21
111110.. 10...... 10...... 10...... 10...... 22 26
1111110. 10...... 10...... 10...... 10...... 10...... 27 31
*/
while ((c = (long)(*string++))) {
if (read_bytes == 0) {
/* First byte of the character. */
if (!(c & 0x80))
/* Single-byte character. */
continue;
if ((c & 0xC0) == 0x80)
/* Single-byte character marked as multibyte, or
a non-first byte in a multibyte character. */
return -1;
/* Multibyte character. */
while ((c & 0x80))
bytes++, c <<= 1;
read_bytes = 1;
character = c & 0x7F;
if (bytes > 6)
/* 31-bit characters can be encoded with 6-bytes,
and UTF-8 does not cover higher code points. */
return -1;
} else {
/* Not first byte of the character. */
if ((c & 0xC0) != 0x80)
/* Beginning of new character before a
multibyte character has ended. */
return -1;
character = (character << 6) | (c & 0x7F);
if (++read_bytes < bytes)
/* Not at last byte yet. */
continue;
/* Check that the character is not unnecessarily long. */
while (character)
character >>= 1, bits++;
bits = ((bits == 0) && (bytes == 2) && allow_modified_nul) ? 8 : bits;
if ((bits < BYTES_TO_MIN_BITS[bytes]) || (BYTES_TO_MAX_BITS[bytes] < bits))
return -1;
read_bytes = bytes = bits = 0;
}
}
/* Make sure we did not stop at the middle of a multibyte character. */
return read_bytes == 0 ? 0 : -1;
}
/**
* Construct an error message to be sent to a client
*
* @param recv_client_id The client ID attached on the message that was received, must not be `NULL`
* @param recv_message_id The message ID attached on the message that was received, must not be `NULL`
* @param recv_command The value of the `Command`-header on the message that was received,
* must not be `NULL`
* @param custom Non-zero if the error is a custom error
* @param errnum The error number, `errno` should be used if the error
* is not a custom error, zero should be used on success,
* a negative integer, such as -1, indicates that the error
* message should not include an error number,
* it is not allowed to have this value be negative and
* `custom` be zero at the same time
* @param message The description of the error, the line feed at the end
* is added automatically, `NULL` if the description should
* be omitted
* @param send_buffer Pointer to the buffer where the message should be stored,
* it should contain the current send buffer, must not be `NULL`
* @param send_buffer_size Pointer to the allocation size of `*send_buffer`, it should
* contain the current size of `*send_buffer` and will be updated
* with the new size, must not be `NULL`
* @param message_id The message ID of this message
* @return The length of the message, zero on error
*/
size_t
construct_error_message(const char *restrict recv_client_id, const char *restrict recv_message_id,
const char *restrict recv_command, int custom, int errnum,
const char *restrict message, char **restrict send_buffer,
size_t *restrict send_buffer_size, uint32_t message_id)
{
ssize_t part_length;
size_t length;
char *temp;
/* Measure the maximum length of message, including NUL-termination.. */
length = sizeof("Command: error\n"
"To: 4294967296:4294967296\n"
"In response to: 4294967296\n"
"Origin command: \n"
"Message ID: 4294967296\n"
"Error: custom \n"
"Length: \n"
"\n") / sizeof(char) + 3 * (sizeof(int)) + strlen(recv_command);
if (message)
length += (sizeof("Length: \n") / sizeof(char) - 1) + 3 * sizeof(char) + strlen(message) + 1;
/* Ensure that the send buffer is large enough. */
if (length > *send_buffer_size) {
fail_if (yrealloc(temp, *send_buffer, length, char));
*send_buffer_size = length;
}
/* Reset `length` to indicate that the currently written
message has zero in length. */
length = 0;
/* Start writting the error message, begin with required
headers, but exclude the error number. */
sprintf((*send_buffer) + length,
"Command: error\n"
"To: %s\n"
"In response to: %s\n"
"Origin command: %s\n"
"Message ID: %"PRIu32"\n"
"Error: %s%zn",
recv_client_id, recv_message_id, recv_command,
message_id, custom ? "custom" : "",
&part_length);
length += (size_t)part_length;
/* If the error is custom and has a number we need
blank space before we write the error number. */
if (custom && errnum >= 0)
(*send_buffer)[length++] = ' ';
/* Add the error number of there is one. */
if (errnum >= 0)
sprintf((*send_buffer) + length, "%i%zn", errnum, &part_length),
length += (size_t)part_length;
/* End the `Error`-header line. */
(*send_buffer)[length++] = '\n';
/* Add the `Length`-header if there is a description. */
if (message) {
sprintf((*send_buffer) + length, "Length: %zu\n%zn",
strlen(message) + 1, &part_length);
length += (size_t)part_length + strlen(message) + 1;
}
/* Add an empty line to mark the end of headers. */
(*send_buffer)[length++] = '\n';
/* Write the description if there is one. */
if (message) {
memcpy((*send_buffer) + length, message, strlen(message) * sizeof(char));
length += strlen(message);
(*send_buffer)[length++] = '\n';
}
return length;
fail:
return 0;
}
/**
* Send an error message
*
* @param recv_client_id The client ID attached on the message that was received, must not be `NULL`
* @param recv_message_id The message ID attached on the message that was received, must not be `NULL`
* @param recv_command The value of the `Command`-header on the message that was received,
* must not be `NULL`
* @param custom Non-zero if the error is a custom error
* @param errnum The error number, `errno` should be used if the error
* is not a custom error, zero should be used on success,
* a negative integer, such as -1, indicates that the error
* message should not include an error number,
* it is not allowed to have this value be negative and
* `custom` be zero at the same time
* @param message The description of the error, the line feed at the end
* is added automatically, `NULL` if the description should
* be omitted
* @param send_buffer Pointer to the buffer where the message should be stored,
* it should contain the current send buffer, must not be `NULL`
* @param send_buffer_size Pointer to the allocation size of `*send_buffer`, it should
* contain the current size of `*send_buffer` and will be updated
* with the new size, must not be `NULL`
* @param socket_fd The file descriptor of the socket
* @param message_id The message ID of this message
* @return Zero on success, -1 on error
*/
int
send_error(const char *restrict recv_client_id, const char *restrict recv_message_id,
const char *restrict recv_command, int custom, int errnum, const char *restrict message,
char **restrict send_buffer, size_t *restrict send_buffer_size, uint32_t message_id,
int socket_fd)
{
size_t length;
fail_if (!(length = construct_error_message(recv_client_id, recv_message_id, recv_command, custom, errnum,
message, send_buffer, send_buffer_size, message_id)));
fail_if (full_send(socket_fd, *send_buffer, length));
return 0;
fail:
return -1;
}