API tools faq
paste
Advertisement
Guest User

Sample1

a guest
Mar 3rd, 2019
150
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.29 KB | None | 0 0
raw download clone embed print report
  1.  
  2. #include <stdio.h>
  3. #include <string.h>
  4. #include <unistd.h>
  5. #include <stdlib.h>
  6. #include <stdarg.h>
  7. #include <signal.h>
  8. #include <sys/wait.h>
  9.  
  10. #include <netinet/in.h>
  11. #include <arpa/inet.h>
  12. #include <sys/socket.h>
  13. #include <sys/types.h>
  14. #include <netdb.h>
  15.  
  16. #define PORT 9090
  17. #define USERNAME 0x01
  18. #define PASSWORD 0x02
  19. #define BADUSER "\x33\x44 BAD USERNAME!"
  20. #define BADPASS "\x33\x45 BAD PASSWORD!"
  21. #define READY "\x41\x41 READY!"
  22. #define USERPATH "./users/"
  23. #define ARTICLEPATH "./articles/"
  24. #define LISTCOMMAND "ls ./articles/ > list.txt"
  25. #define FILENOTAVAIL "\x33\x31 FILE NOT AVAILABLE!"
  26. #define BEGINFILE "\x41\x41 BEGIN FILE: END WITH '!!!'"
  27. #define ARTICLEWROTE "\x41\x42 ARTICLE HAS BEEN WRITTEN!"
  28. #define LIST_ARTICLES 0x22
  29. #define READ_ARTICLE 0x23
  30. #define WRITE_ARTICLE 0x24
  31. #define COMMAND 0x25
  32. #define ADD_USER 0x26
  33.  
  34. void logData(FILE *logfile, char *format, ...);
  35. int setupSock(FILE *logf, unsigned short port);
  36. int writeSock(int sock, char *buf, size_t len);
  37. int readSock(int sock, char *buf, size_t len);
  38. void mainLoop(FILE *logf, int sock);
  39. void handleConnection(FILE *logfile, int sock);
  40. int userFunctions(FILE *logfile, int sock, char *user);
  41. char *findarg(char *argbuf, char argtype);
  42. int authenticate(FILE *logfile, char *user, char *pass);
  43.  
  44. int writeSock(int sock, char *buf, size_t len)
  45. {
  46. ssize_t byteswrote = 0;
  47. ssize_t ret = 0;
  48.  
  49. while (byteswrote < len)
  50. {
  51. ret = send(sock, buf + byteswrote, len - byteswrote, 0);
  52.  
  53. if (ret < 0)
  54. {
  55. return -1;
  56. }
  57.  
  58. if (ret == 0)
  59. {
  60. break;
  61. }
  62.  
  63. byteswrote += ret;
  64. }
  65.  
  66. return byteswrote; //ssize_t is not assigned but int is assigned and so if they are unassigned variables then
  67. }
  68.  
  69. int readSock(int sock, char *buf, size_t len) //ssize_t is not int
  70. {
  71. ssize_t ret = 0;
  72. ssize_t bytesread = 0;
  73.  
  74. while (bytesread < len)
  75. {
  76. ret = recv(sock, buf + bytesread, len - bytesread, 0);
  77.  
  78. if (ret == 0)
  79. {
  80. break;
  81. }
  82.  
  83. if (ret < 0)
  84. {
  85. return -1;
  86. }
  87.  
  88. bytesread += ret;
  89. }
  90.  
  91. return bytesread;
  92. }
  93.  
  94. void writeArticle(int sock, FILE *logfile, char *action)
  95. {
  96. FILE *file;
  97. char *p;
  98. size_t x, y;
  99. int complete = 0;
  100. char buf[1024];
  101. char path[1024];
  102.  
  103. strcpy(path, ARTICLEPATH);
  104. strncat(path, &action[1], sizeof(path)); // buffer overflow, the size of the argument in 'strncat' is too large might lead to a buffer overflow
  105.  
  106. logData(logfile, "user writing article: %s", path);
  107.  
  108. file = fopen(&action[1], "w");
  109.  
  110. if (!file)
  111. {
  112. writeSock(sock, FILENOTAVAIL, sizeof(FILENOTAVAIL));
  113. return;
  114. }
  115.  
  116. writeSock(sock, BEGINFILE, sizeof(BEGINFILE));
  117.  
  118. while (1)
  119. {
  120. memset(buf, 0, sizeof(buf));
  121. x = readSock(sock, buf, sizeof(buf)-1); // just a warning of using size_t as an integer
  122. for (y = 0; y < x; ++y)
  123. {
  124. if (buf[y] == '!')
  125. {
  126. if (buf[y+1] == '!' && buf[y+2] == '!')
  127. {
  128. buf[y] = 0x0;
  129. complete = 1;
  130. }
  131. }
  132. }
  133. fputs(buf, file);
  134. if (complete)
  135. {
  136. break;
  137. }
  138. }
  139.  
  140. writeSock(sock, ARTICLEWROTE, sizeof(ARTICLEWROTE));
  141. fclose(file);
  142. }
  143.  
  144.  
  145. void readArticle(int sock, FILE *logfile, char *action)
  146. {
  147. FILE *file;
  148. char buf[100];
  149. char path[100];
  150.  
  151. logData(logfile, &action[1]);
  152.  
  153. strcpy(path, ARTICLEPATH);
  154. strcat(path, &action[1]);
  155.  
  156. logData(logfile, "user request to read article: %s", path);
  157.  
  158. file = fopen(path, "r");
  159.  
  160. if (file != NULL) {
  161.  
  162. /* fgets for the size of the buffer (100), from the file
  163. writing the article to the user each time! */
  164.  
  165. while (fgets(buf, 1000, file)) {
  166. writeSock(sock, buf, strlen(buf));
  167. }
  168.  
  169. fclose(file);
  170.  
  171. return; // return is not within the while statement no use for it because we're closing file out
  172. } else {
  173. writeSock(sock, FILENOTAVAIL, sizeof(FILENOTAVAIL));
  174. }
  175. }
  176.  
  177. void listArticles(int sock, FILE *logfile, char *action)
  178. {
  179. char buf[100];
  180. FILE *list;
  181.  
  182. logData(logfile, "user has requested a list of articles");
  183.  
  184. /* i wish i had more time! i wouldnt have to write
  185. this code using system() to call things! */
  186.  
  187. memset(buf, 0, sizeof(buf));
  188. system(LISTCOMMAND);
  189.  
  190. list = fopen("list.txt", "r");
  191.  
  192. while (fgets(buf, sizeof(buf)-1, list))
  193. {
  194. writeSock(sock, buf, strlen(buf));
  195. }
  196.  
  197. fclose(list);
  198. return; // when running code we run it through void but if it doesnt pass parameters then no return possible
  199. }
  200.  
  201. void command(FILE *log, int sock, char *action)
  202. {
  203. logData(log, "executing command: %s", &action[1]);
  204. system(&action[1]);
  205. }
  206.  
  207. void addUser(FILE *log, int sock, char *action)
  208. {
  209. char *p;
  210. char buf[1024];
  211.  
  212. p = strchr(&action[1], ':');
  213.  
  214. if (p == NULL) return;
  215.  
  216. *p = 0x0;
  217. logData(log, "Adding user: %s with pass: %s", &action[1], &p[1]);
  218. snprintf(buf, sizeof(buf) - 1, "echo %s > %s%s.txt", &p[1], USERPATH, &action[1]);
  219. // when running code we run it through void but if it doesnt pass parameters then no return possible void does not return a value after the function executes
  220. }
  221.  
  222. int adminFunctions(FILE *logfile, int sock)
  223. {
  224. char action[1024];
  225. size_t len;
  226. while (1)
  227. {
  228. writeSock(sock, READY, sizeof(READY));
  229. memset(action, 0, sizeof(action));
  230. len = readSock(sock, action, sizeof(action)); // the value stored in len is never read
  231.  
  232. if (action[0] == ADD_USER)
  233. {
  234. addUser(logfile, sock, action);
  235. }
  236. else if (action[0] == COMMAND)
  237. {
  238. command(logfile, sock, action);
  239. }
  240. else
  241. {
  242. logData(logfile, "unknown action: %x", action[0]);
  243. }
  244. }
  245.  
  246. }
  247. //ENDLESS LOOP BUG because no parameter because we haven't indecated a value to get out of the loop
  248. int userFunctions(FILE *logfile, int sock, char *user)
  249. {
  250. char action[1024];
  251. size_t len;
  252.  
  253. if (0 == strncmp(user, "admin", 5))
  254. {
  255. adminFunctions(logfile, sock);
  256. return 0; // needed to change this to return zero in order for the program to run on oclint (analyzer)
  257. }
  258.  
  259. while (1)
  260. {
  261. writeSock(sock, READY, sizeof(READY));
  262. memset(action, 0, sizeof(action));
  263. len = readSock(sock, action, sizeof(action)); // Value stored in len is never read
  264.  
  265. if (action[0] == LIST_ARTICLES)
  266. {
  267. listArticles(sock, logfile, action);
  268. }
  269. else if (action[0] == READ_ARTICLE)
  270. {
  271. readArticle(sock, logfile, action);
  272. }
  273. else if (action[0] == WRITE_ARTICLE)
  274. {
  275. writeArticle(sock, logfile, action);
  276. }
  277. else
  278. {
  279. logData(logfile, "unknown action %x", action[0]);
  280. return 0;
  281. }
  282. }
  283.  
  284. return 0;
  285. }
  286.  
  287. /* return 1 for success, 2 on bad username, 3 on bad password */
  288. int authenticate(FILE *logfile, char *user, char *pass)
  289. {
  290. char search[512];
  291. char path[1024];
  292. char userfile[1024];
  293. char data[1024];
  294. FILE *file;
  295. int ret;
  296.  
  297. memset(path, 0, sizeof(1024)); //?
  298.  
  299. /* FIXME: hard coded admin backdoor for password recovery */
  300. if (memcmp(pass, "baCkDoOr", 9) == 0)
  301. {
  302. return 1;
  303. }
  304.  
  305. /* look up user by checking user files: done via system() to /bin/ls|grep user */
  306. logData(logfile, "performing lookup for user via system()!\n");
  307. snprintf(userfile, sizeof(userfile)-1, "%s.txt", user);
  308. snprintf(search, sizeof(userfile)-1, "stat %s`ls %s | grep %s`", USERPATH, USERPATH, userfile); // buffer overflow, snprintf will always overflow destination buffer
  309. ret = system(search);
  310.  
  311. if (ret != 0)
  312. {
  313. return 2;
  314. }
  315.  
  316. snprintf(path, sizeof(path)-1, "%s%s", USERPATH, userfile);
  317.  
  318. /* open file and check if contents == password */
  319. file = fopen(path, "r");
  320.  
  321. if (!file)
  322. {
  323. logData(logfile, "fopen for userfile failed\n");
  324. return 2;
  325. }
  326.  
  327. logData(logfile, "getting userfile info\n");
  328. fgets(data, sizeof(data)-1, file);
  329.  
  330. fclose(file);
  331.  
  332. /* Password Check! */
  333. if (memcmp(data, pass, 3)) // memcmp was called but we're not comparing the results
  334. {
  335. return 3;
  336. }
  337.  
  338. return 1;
  339. }
  340.  
  341. char *findarg(char *argbuf, char argtype)
  342. {
  343. char *ptr1;
  344. char *found = NULL;
  345. char type = 0; // type is assigned but never accessed
  346. size_t size;
  347.  
  348. ptr1 = argbuf;
  349.  
  350. while (1)
  351. {
  352. memcpy((char *)&size, ptr1, 4);
  353. if (size == 0)
  354. {
  355. break;
  356. }
  357. if (ptr1[4] == argtype)
  358. {
  359. found = &ptr1[5];
  360. break;
  361. }
  362. ptr1 += size;
  363. }
  364.  
  365. return found;
  366. }
  367.  
  368. void handleConnection(FILE *logfile, int sock)
  369. {
  370. char buffer[1024];
  371. char argbuf[1024];
  372. char *user = NULL;
  373. char *pass = NULL;
  374. int len = 0;
  375. int ret = 0;
  376. size_t segloop;
  377. size_t segmentcount;
  378. size_t segnext;
  379. size_t argsize;
  380. char *ptr1;
  381. char *ptr2;
  382.  
  383. /* read in data */
  384. memset(buffer, 0, sizeof(buffer));
  385. len = readSock(sock, buffer, sizeof(buffer));
  386. logData(logfile, "handling connection");
  387.  
  388. if (len == -1)
  389. {
  390. return;
  391. }
  392.  
  393. /* parse protocol */
  394. ptr1 = buffer;
  395. ptr2 = argbuf;
  396.  
  397. /* get count of segments */
  398. memcpy((char *)&segmentcount, ptr1, 4);
  399.  
  400. logData(logfile, "Segment count is %i", segmentcount);
  401.  
  402. /* make sure there aren't too many segments!
  403. so the count * 8(bytes) should be the max */
  404. if (segmentcount * 8 > sizeof(argbuf))
  405. {
  406. logData(logfile, "bad segment count");
  407. return;
  408. }
  409.  
  410. ptr1 += 4;
  411.  
  412. memset(argbuf, 0, sizeof(argbuf));
  413.  
  414. for (segloop = 0; segloop < segmentcount; ++segloop)
  415. {
  416. logData(logfile, "adding segment %i", segloop+1);
  417. memcpy((char *)&segnext, ptr1, 4);
  418. logData(logfile, "next segment offset %i", segnext);
  419. ptr1 += 4;
  420. memcpy((char *)&argsize, ptr1, 4);
  421. logData(logfile, "argsize: %i", argsize);
  422. memcpy(ptr2, ptr1, argsize);
  423. ptr2 += argsize;
  424. ptr1 += segnext;
  425. }
  426.  
  427. logData(logfile, "looking up user args");
  428.  
  429. user = findarg(argbuf, USERNAME);
  430. pass = findarg(argbuf, PASSWORD);
  431.  
  432. snprintf(buffer, sizeof(buffer)-1, "User attempting to authenticate: %s", user);
  433. logData(logfile, buffer);
  434.  
  435. logData(logfile, "calling authenticate");
  436. ret = authenticate(logfile, user, pass);
  437. logData(logfile, "returned from authenticate");
  438.  
  439. if (ret != 1)
  440. {
  441.  
  442. if (ret == 2)
  443. {
  444. writeSock(sock, BADUSER, sizeof(BADUSER));
  445. }
  446.  
  447. if (ret == 3)
  448. {
  449. writeSock(sock, BADPASS, sizeof(BADPASS));
  450. }
  451.  
  452. snprintf(buffer, sizeof(buffer)-1,"user: %s failed to login with password %s", user, pass);
  453. logData(logfile, buffer);
  454. return;
  455. }
  456.  
  457. logData(logfile, "user %s authenticated!", user);
  458.  
  459. userFunctions(logfile, sock, user);
  460.  
  461. return; // we've been returning to complete the function but the end of the function for the void function its self has no return
  462. }
  463.  
  464. void mainLoop(FILE *logf, int sock)
  465. {
  466. int clientfd = 0;
  467. struct sockaddr_in client;
  468. socklen_t clientlen = 0;
  469. pid_t offspring = 0;
  470.  
  471. memset((char *)&client, 0, sizeof(client));
  472.  
  473. logData(logf, "entering main loop...");
  474.  
  475. while (1)
  476. {
  477. clientfd = accept(sock, (struct sockaddr *)&client, &clientlen);
  478. if (clientfd == -1)
  479. {
  480. continue;
  481. }
  482.  
  483. offspring = fork();
  484.  
  485. if (offspring == -1)
  486. {
  487. continue;
  488. }
  489.  
  490. if (offspring == 0)
  491. {
  492. handleConnection(logf, clientfd);
  493. close(clientfd);
  494. exit(0);
  495. }
  496.  
  497. close(clientfd);
  498. }
  499. }
  500.  
  501. void spawnhandler(int signumber) // this parameter of signumber is never used
  502. {
  503. pid_t pid;
  504. int stat;
  505.  
  506. while ((pid = waitpid(-1, &stat, WNOHANG))>0)
  507. {
  508. printf("circle of life completed for %i\n", pid);
  509. }
  510. }
  511.  
  512. int setupSock(FILE *logf, unsigned short port)
  513. {
  514. int sock = 0;
  515. struct sockaddr_in sin;
  516. int opt = 0;
  517.  
  518. if (signal(SIGCHLD, spawnhandler)== SIG_ERR)
  519. {
  520. perror("fork() spawn handler setup failed!");
  521. return -1;
  522. }
  523.  
  524. memset((char *)&sin, 0, sizeof(sin));
  525.  
  526. sin.sin_family = AF_INET;
  527. sin.sin_port = htons(port);
  528.  
  529. sock = socket(AF_INET, SOCK_STREAM, 0);
  530.  
  531. if (sock == -1)
  532. {
  533. logData(logf, "socket() failed");
  534. return -1;
  535. }
  536.  
  537. opt = 1;
  538.  
  539. if (setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) == -1)
  540. {
  541. logData(logf,"setsockopt() failed");
  542. return -1;
  543. }
  544.  
  545. if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) == -1)
  546. {
  547. logData(logf, "bind() failed");
  548. return -1;
  549. }
  550.  
  551. if (listen(sock, 10) == -1)
  552. {
  553. logData(logf, "listen() failed");
  554. return -1;
  555. }
  556.  
  557. return sock;
  558. }
  559.  
  560. int main(int argc, char *argv[]) // parameter argc and argv are never used
  561. {
  562. int sock;
  563. FILE *logf;
  564.  
  565. /* setup log file */
  566. logf = fopen("logfile.txt", "w");
  567.  
  568. if (!logf)
  569. {
  570. perror("unable to open log file\n");
  571. exit(1);
  572. }
  573.  
  574. /* go daemon */
  575. daemon(0,0); //
  576.  
  577. /* setup socket */
  578. sock = setupSock(logf, PORT);
  579.  
  580. if (sock == -1)
  581. {
  582. logData(logf, "failed to setup socket, exiting");
  583. exit(1);
  584. }
  585.  
  586. logData(logf, "intial socket setup complete");
  587.  
  588. mainLoop(logf, sock);
  589.  
  590. /* this should never execute */
  591. exit(0);
  592. }
  593.  
  594. /* printf-style data logging */
  595. void logData(FILE *logfile, char *format, ...)
  596. {
  597. char buffer[4096];
  598. va_list arguments;
  599. va_start(arguments, format);
  600. vsnprintf(buffer, sizeof(buffer)-1, format, arguments);
  601. va_end(arguments);
  602. fprintf(logfile, "LoggedData [Proccess:%i]: %s\n", getpid(), buffer);
  603. fflush(logfile);
  604. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!