1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
|
/**
* mds — A micro-display server
* Copyright © 2014, 2015 Mattias Andrée (maandree@member.fsf.org)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "util.h"
#include "config.h"
#include "macros.h"
#include <alloca.h>
#include <stdlib.h>
#include <unistd.h>
#include <limits.h>
#include <string.h>
#include <signal.h>
#include <sys/socket.h>
#include <errno.h>
#include <ctype.h>
#include <time.h>
#include <sys/wait.h>
#include <stdint.h>
/**
* The content of `/proc/self/exe`, when
* `prepare_reexec` was invoked.
*/
static char self_exe[PATH_MAX] = {0};
/**
* Convert a client ID string into a client ID integer
*
* @param str The client ID string
* @return The client ID integer
*/
uint64_t parse_client_id(const char* str)
{
char client_words[22];
char* client_high;
char* client_low;
uint64_t client;
strcpy(client_high = client_words, str);
client_low = rawmemchr(client_words, ':');
*client_low++ = '\0';
client = atou64(client_high) << 32;
client |= atou64(client_low);
return client;
}
/**
* Read an environment variable, but handle it as undefined if empty
*
* @param var The environment variable's name
* @return The environment variable's value, `NULL` if empty or not defined
*/
char* getenv_nonempty(const char* var)
{
char* rc = getenv(var);
if ((rc == NULL) || (*rc == '\0'))
return NULL;
return rc;
}
/**
* Prepare the server so that it can reexec into
* a newer version of the executed file.
*
* This is required for two reasons:
* 1: We cannot use argv[0] as PATH-resolution may
* cause it to reexec into another pathname, and
* maybe to wrong program. Additionally argv[0]
* may not even refer to the program, and chdir
* could also hinter its use.
* 2: The kernel appends ` (deleted)` to
* `/proc/self/exe` once it has been removed,
* so it cannot be replaced.
*
* The function will should be called immediately, it
* will store the content of `/proc/self/exe`.
*
* @return Zero on success, -1 on error
*/
int prepare_reexec(void)
{
ssize_t len;
len = readlink(SELF_EXE, self_exe, (sizeof(self_exe) / sizeof(char)) - 1);
fail_if (len < 0);
/* ‘readlink() does not append a null byte to buf.’ */
self_exe[len] = '\0';
return 0;
fail:
return -1;
}
/**
* Re-exec the server.
* This function only returns on failure.
*
* If `prepare_reexec` failed or has not been called,
* `argv[0]` will be used as a fallback.
*
* @param argc The number of elements in `argv`
* @param argv The command line arguments
* @param reexeced Whether the server has previously been re-exec:ed
*/
void reexec_server(int argc, char** argv, int reexeced)
{
char** reexec_args;
char** reexec_args_;
int i;
/* Re-exec the server. */
reexec_args = alloca(((size_t)argc + 2) * sizeof(char*));
reexec_args_ = reexec_args;
if (reexeced == 0)
{
*reexec_args_++ = *argv;
fail_if (xstrdup(*reexec_args_, "--re-exec"));
for (i = 1; i < argc; i++)
reexec_args_[i] = argv[i];
}
else /* Don't let the --re-exec:s accumulate. */
*reexec_args_ = *argv;
for (i = 1; i < argc; i++)
reexec_args_[i] = argv[i];
reexec_args_[argc] = NULL;
execv(self_exe[0] ? self_exe : argv[0], reexec_args);
fail:
return;
}
/**
* Set up a signal trap.
* This function should only be used for common mds
* signals and signals that does not require and
* special settings. This function may choose to add
* additional behaviour depending on the signal, such
* as blocking other signals.
*
* @param signo The signal to trap
* @param function The function to run when the signal is caught
* @return Zero on success, -1 on error
*/
int xsigaction(int signo, void (*function)(int signo))
{
struct sigaction action;
sigset_t sigset;
sigemptyset(&sigset);
action.sa_handler = function;
action.sa_mask = sigset;
action.sa_flags = 0;
return sigaction(signo, &action, NULL);
}
/**
* Send a message over a socket
*
* @param socket The file descriptor of the socket
* @param message The message to send
* @param length The length of the message
* @return The number of bytes that have been sent (even on error)
*/
size_t send_message(int socket, const char* message, size_t length)
{
size_t block_size = length;
size_t sent = 0;
ssize_t just_sent;
errno = 0;
while (length > 0)
if ((just_sent = send(socket, message + sent, min(block_size, length), MSG_NOSIGNAL)) < 0)
{
if (errno == EMSGSIZE)
{
block_size >>= 1;
if (block_size == 0)
return sent;
}
else
return sent;
}
else
{
sent += (size_t)just_sent;
length -= (size_t)just_sent;
}
return sent;
}
/**
* A version of `atoi` that is strict about the syntax and bounds
*
* @param str The text to parse
* @param value Slot in which to store the value
* @param min The minimum accepted value
* @param max The maximum accepted value
* @return Zero on success, -1 on syntax error
*/
int strict_atoi(const char* str, int* value, int min, int max)
{
long long int r;
char* endptr;
r = strtoll(str, &endptr, 10);
if ((*str == '\0') || isspace(*str) ||
(endptr - str != (ssize_t)strlen(str)) ||
(r < (long long int)min) ||
(r > (long long int)max))
return -1;
*value = (int)r;
return 0;
}
/**
* Send a buffer into a file and ignore interruptions
*
* @param fd The file descriptor
* @param buffer The buffer
* @param length The length of the buffer
* @return Zero on success, -1 on error
*/
int full_write(int fd, const char* buffer, size_t length)
{
ssize_t wrote;
while (length > 0)
{
errno = 0;
wrote = write(fd, buffer, length);
fail_if (errno && (errno != EINTR));
length -= (size_t)max(wrote, 0);
buffer += (size_t)max(wrote, 0);
}
return 0;
fail:
return -1;
}
/**
* Read a file completely and ignore interruptions
*
* @param fd The file descriptor
* @param length Output parameter for the length of the file, may be `NULL`
* @return The content of the file, you will need to free it. `NULL` on error.
*/
char* full_read(int fd, size_t* length)
{
char* old_buf = NULL;
size_t buffer_size = 8 << 10;
size_t buffer_ptr = 0;
char* buffer;
ssize_t got;
int saved_errno;
if (length != NULL)
*length = 0;
/* Allocate buffer for data. */
fail_if (xmalloc(buffer, buffer_size, char));
/* Read the file. */
for (;;)
{
/* Grow buffer if it is too small. */
if (buffer_size == buffer_ptr)
fail_if (xxrealloc(old_buf, buffer, buffer_size <<= 1, char));
/* Read from the file into the buffer. */
got = read(fd, buffer + buffer_ptr, buffer_size - buffer_ptr);
fail_if ((got < 0) && (errno != EINTR));
if (got == 0)
break;
buffer_ptr += (size_t)got;
}
if (length != NULL)
*length = buffer_ptr;
return buffer;
fail:
saved_errno = errno;
free(old_buf);
free(buffer);
return errno = saved_errno, NULL;
}
/**
* Check whether a string begins with a specific string,
* where neither of the strings are necessarily NUL-terminated
*
* @param haystack The string that should start with the other string
* @param needle The string the first string should start with
* @param haystack_n The length of `haystack`
* @param needle_n The length of `needle`
* @return Whether the `haystack` begins with `needle`
*/
int startswith_n(const char* haystack, const char* needle, size_t haystack_n, size_t needle_n)
{
size_t i;
if (haystack_n < needle_n)
return 0;
for (i = 0; i < needle_n; i++)
if (haystack[i] != needle[i])
return 0;
return 1;
}
/**
* Wrapper around `waitpid` that never returns on an interruption unless
* it is interrupted 100 times within the same second
*
* @param pid See description of `pid` in the documentation for `waitpid`
* @param status See description of `status` in the documentation for `waitpid`
* @param options See description of `options` in the documentation for `waitpid`
* @return See the documentation for `waitpid`
*/
pid_t uninterruptable_waitpid(pid_t pid, int* restrict status, int options)
{
struct timespec time_start;
struct timespec time_intr;
int intr_count = 0, have_time;
pid_t rc;
have_time = (monotone(&time_start) >= 0);
rewait:
rc = waitpid(pid, status, options);
if (rc == (pid_t)-1)
{
fail_if (errno != EINTR);
if (have_time && (monotone(&time_intr) >= 0))
if (time_start.tv_sec != time_intr.tv_sec)
intr_count = 0;
if (intr_count++ < 100)
goto rewait;
/* Don't let the CPU catch fire! */
errno = EINTR;
}
fail:
return rc;
}
/**
* Check whether a NUL-terminated string is encoded in UTF-8
*
* @param string The string
* @param allow_modified_nul Whether Modified UTF-8 is allowed, which allows a two-byte encoding for NUL
* @return Zero if good, -1 on encoding error
*/
int verify_utf8(const char* string, int allow_modified_nul)
{
static long BYTES_TO_MIN_BITS[] = {0, 0, 8, 12, 17, 22, 37};
static long BYTES_TO_MAX_BITS[] = {0, 7, 11, 16, 21, 26, 31};
long bytes = 0, read_bytes = 0, bits = 0, c, character;
/* min bits max bits
0....... 0 7
110..... 10...... 8 11
1110.... 10...... 10...... 12 16
11110... 10...... 10...... 10...... 17 21
111110.. 10...... 10...... 10...... 10...... 22 26
1111110. 10...... 10...... 10...... 10...... 10...... 27 31
*/
while ((c = (long)(*string++)))
if (read_bytes == 0)
{
/* First byte of the character. */
if ((c & 0x80) == 0x00)
/* Single-byte character. */
continue;
if ((c & 0xC0) == 0x80)
/* Single-byte character marked as multibyte, or
a non-first byte in a multibyte character. */
return -1;
/* Multibyte character. */
while ((c & 0x80))
bytes++, c <<= 1;
read_bytes = 1;
character = c & 0x7F;
if (bytes > 6)
/* 31-bit characters can be encoded with 6-bytes,
and UTF-8 does not cover higher code points. */
return -1;
}
else
{
/* Not first byte of the character. */
if ((c & 0xC0) != 0x80)
/* Beginning of new character before a
multibyte character has ended. */
return -1;
character = (character << 6) | (c & 0x7F);
if (++read_bytes < bytes)
/* Not at last byte yet. */
continue;
/* Check that the character is not unnecessarily long. */
while (character)
character >>= 1, bits++;
bits = ((bits == 0) && (bytes == 2) && allow_modified_nul) ? 8 : bits;
if ((bits < BYTES_TO_MIN_BITS[bytes]) || (BYTES_TO_MAX_BITS[bytes] < bits))
return -1;
read_bytes = bytes = bits = 0;
}
/* Make sure we did not stop at the middle of a multibyte character. */
return read_bytes == 0 ? 0 : -1;
}
|