diff options
author | David Crocker <dcrocker@eschertech.com> | 2022-04-21 13:10:53 +0300 |
---|---|---|
committer | David Crocker <dcrocker@eschertech.com> | 2022-04-21 13:14:14 +0300 |
commit | 66949a100fba6411676c8b8405148617770470c5 (patch) | |
tree | 0a4c3fe5b216479a4b27baacf6aefc45284fba65 | |
parent | 6c87d3beb80a6d9a25047ba6732d1c5a8e5feed8 (diff) |
Removed possible virus attack warning from http server
Also made Platform::GetWebDir() etc. static functions
-rw-r--r-- | src/GCodes/GCodes.cpp | 4 | ||||
-rw-r--r-- | src/GCodes/GCodes2.cpp | 8 | ||||
-rw-r--r-- | src/GCodes/GCodes4.cpp | 10 | ||||
-rw-r--r-- | src/Networking/HttpResponder.cpp | 28 | ||||
-rw-r--r-- | src/Platform/Platform.h | 12 | ||||
-rw-r--r-- | src/Platform/RepRap.cpp | 10 | ||||
-rw-r--r-- | src/PrintMonitor/PrintMonitor.cpp | 2 |
7 files changed, 33 insertions, 41 deletions
diff --git a/src/GCodes/GCodes.cpp b/src/GCodes/GCodes.cpp index 29fa55d2..871985f8 100644 --- a/src/GCodes/GCodes.cpp +++ b/src/GCodes/GCodes.cpp @@ -3118,7 +3118,7 @@ void GCodes::GetCurrentCoordinates(const StringRef& s) const noexcept // If successful return true, else write an error message to reply and return false bool GCodes::QueueFileToPrint(const char* fileName, const StringRef& reply) noexcept { - FileStore * const f = platform.OpenFile(platform.GetGCodeDir(), fileName, OpenMode::read); + FileStore * const f = platform.OpenFile(Platform::GetGCodeDir(), fileName, OpenMode::read); if (f != nullptr) { fileToPrint.Set(f); @@ -4793,7 +4793,7 @@ GCodeResult GCodes::StartSDTiming(GCodeBuffer& gb, const StringRef& reply) noexc const float bytesReq = (gb.Seen('S')) ? gb.GetFValue() : 10.0; const bool useCrc = (gb.Seen('C') && gb.GetUIValue() != 0); timingBytesRequested = (uint32_t)(bytesReq * (float)(1024 * 1024)); - FileStore * const f = platform.OpenFile(platform.GetGCodeDir(), TimingFileName, (useCrc) ? OpenMode::writeWithCrc : OpenMode::write, timingBytesRequested); + FileStore * const f = platform.OpenFile(Platform::GetGCodeDir(), TimingFileName, (useCrc) ? OpenMode::writeWithCrc : OpenMode::write, timingBytesRequested); if (f == nullptr) { reply.copy("Failed to create file"); diff --git a/src/GCodes/GCodes2.cpp b/src/GCodes/GCodes2.cpp index bd9f8d55..3a9406b5 100644 --- a/src/GCodes/GCodes2.cpp +++ b/src/GCodes/GCodes2.cpp @@ -752,7 +752,7 @@ bool GCodes::HandleMcode(GCodeBuffer& gb, const StringRef& reply) THROWS(GCodeEx } else { - dir.copy(platform.GetGCodeDir()); + dir.copy(Platform::GetGCodeDir()); } if (sparam == 2) @@ -1085,7 +1085,7 @@ bool GCodes::HandleMcode(GCodeBuffer& gb, const StringRef& reply) THROWS(GCodeEx { String<MaxFilenameLength> filename; gb.GetUnprecedentedString(filename.GetRef()); - const bool ok = gb.OpenFileToWrite(platform.GetGCodeDir(), filename.c_str(), 0, false, 0); + const bool ok = gb.OpenFileToWrite(Platform::GetGCodeDir(), filename.c_str(), 0, false, 0); if (ok) { reply.printf("Writing to file: %s", filename.c_str()); @@ -1106,7 +1106,7 @@ bool GCodes::HandleMcode(GCodeBuffer& gb, const StringRef& reply) THROWS(GCodeEx { String<MaxFilenameLength> filename; gb.GetUnprecedentedString(filename.GetRef()); - result = (platform.Delete(platform.GetGCodeDir(), filename.c_str())) ? GCodeResult::ok : GCodeResult::warning; + result = (platform.Delete(Platform::GetGCodeDir(), filename.c_str())) ? GCodeResult::ok : GCodeResult::warning; } break; #endif @@ -3303,7 +3303,7 @@ bool GCodes::HandleMcode(GCodeBuffer& gb, const StringRef& reply) THROWS(GCodeEx String<MaxFilenameLength> defaultFolder; if (code == 560) { - defaultFolder.copy(platform.GetWebDir()); + defaultFolder.copy(Platform::GetWebDir()); } else { diff --git a/src/GCodes/GCodes4.cpp b/src/GCodes/GCodes4.cpp index 01f718c9..dc227171 100644 --- a/src/GCodes/GCodes4.cpp +++ b/src/GCodes/GCodes4.cpp @@ -1424,10 +1424,10 @@ void GCodes::RunStateMachine(GCodeBuffer& gb, const StringRef& reply) noexcept platform.MessageF(gb.GetResponseMessageType(), "SD write speed for %.1fMbyte file was %.2fMbytes/sec\n", (double)fileMbytes, (double)mbPerSec); sdTimingFile->Close(); - sdTimingFile = platform.OpenFile(platform.GetGCodeDir(), TimingFileName, OpenMode::read); + sdTimingFile = platform.OpenFile(Platform::GetGCodeDir(), TimingFileName, OpenMode::read); if (sdTimingFile == nullptr) { - platform.Delete(platform.GetGCodeDir(), TimingFileName); + platform.Delete(Platform::GetGCodeDir(), TimingFileName); gb.LatestMachineState().SetError("Failed to re-open timing file"); gb.SetState(GCodeState::normal); break; @@ -1444,7 +1444,7 @@ void GCodes::RunStateMachine(GCodeBuffer& gb, const StringRef& reply) noexcept if (!sdTimingFile->Write(reply.c_str(), bytesToWrite)) { sdTimingFile->Close(); - platform.Delete(platform.GetGCodeDir(), TimingFileName); + platform.Delete(Platform::GetGCodeDir(), TimingFileName); gb.LatestMachineState().SetError("Failed to write to timing file"); gb.SetState(GCodeState::normal); break; @@ -1464,7 +1464,7 @@ void GCodes::RunStateMachine(GCodeBuffer& gb, const StringRef& reply) noexcept const float mbPerSec = (fileMbytes * 1000.0)/(float)ms; sdTimingFile->Close(); reply.printf("SD read speed for %.1fMbyte file was %.2fMbytes/sec", (double)fileMbytes, (double)mbPerSec); - platform.Delete(platform.GetGCodeDir(), TimingFileName); + platform.Delete(Platform::GetGCodeDir(), TimingFileName); gb.SetState(GCodeState::normal); break; } @@ -1473,7 +1473,7 @@ void GCodes::RunStateMachine(GCodeBuffer& gb, const StringRef& reply) noexcept if (sdTimingFile->Read(reply.Pointer(), bytesToRead) != (int)bytesToRead) { sdTimingFile->Close(); - platform.Delete(platform.GetGCodeDir(), TimingFileName); + platform.Delete(Platform::GetGCodeDir(), TimingFileName); gb.LatestMachineState().SetError("Failed to read from timing file"); gb.SetState(GCodeState::normal); break; diff --git a/src/Networking/HttpResponder.cpp b/src/Networking/HttpResponder.cpp index c176d0c8..d910ef9f 100644 --- a/src/Networking/HttpResponder.cpp +++ b/src/Networking/HttpResponder.cpp @@ -558,7 +558,7 @@ bool HttpResponder::GetJsonResponse(const char *_ecv_array request, OutputBuffer const char* dir = GetKeyValue("dir"); if (dir == nullptr) { - dir = GetPlatform().GetGCodeDir(); + dir = Platform::GetGCodeDir(); } const char* const firstVal = GetKeyValue("first"); const unsigned int startAt = (firstVal == nullptr) ? 0 : StrToU32(firstVal); @@ -787,29 +787,21 @@ void HttpResponder::SendFile(const char *_ecv_array nameOfFileToSend, bool isWeb nameOfFileToSend = INDEX_PAGE_FILE; } - if (strlen(nameOfFileToSend) > MaxExpectedWebDirFilenameLength) - { - // We have been asked for a file with a very long name. Don't try to open it, because that may lead to MassStorage::CombineName generating an error message. - // Instead, report a possible virus attack from the sending IP address. - // Exception: it if is an OCSP request, just return 404. - if (!StringStartsWith(nameOfFileToSend, "/ocsp") && !StringStartsWith(nameOfFileToSend, "ocsp")) - { - GetPlatform().MessageF(WarningMessage, - "IP %s requested file with very long name '%.20s...' from HTTP server, possibly a virus attack\n", - IP4String(GetRemoteIP()).c_str(), nameOfFileToSend); - } - } - else + // Check that the length of the filename requested is short enough for CombineName not to generate an error message before we try to open it. + // We used to report a possible virus attack in this case, but that sometimes leads to false warnings because of OCSP requests from AV programs, + // or file download requests after IP address changes + if (strlen(nameOfFileToSend) <= MaxExpectedWebDirFilenameLength) { for (;;) { // Try to open a gzipped version of the file first - if (!StringEndsWithIgnoreCase(nameOfFileToSend, ".gz") && strlen(nameOfFileToSend) + 3 <= MaxFilenameLength) + if (!StringEndsWithIgnoreCase(nameOfFileToSend, ".gz")) { + static_assert(MaxExpectedWebDirFilenameLength + 3 <= MaxFilenameLength); // this ensures that we can append '.gz' to the filename without overflow String<MaxFilenameLength> nameBuf; nameBuf.copy(nameOfFileToSend); nameBuf.cat(".gz"); - fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameBuf.c_str(), OpenMode::read); + fileToSend = GetPlatform().OpenFile(Platform::GetWebDir(), nameBuf.c_str(), OpenMode::read); if (fileToSend != nullptr) { zip = true; @@ -818,7 +810,7 @@ void HttpResponder::SendFile(const char *_ecv_array nameOfFileToSend, bool isWeb } // That failed, so try to open the normal version of the file - fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameOfFileToSend, OpenMode::read); + fileToSend = GetPlatform().OpenFile(Platform::GetWebDir(), nameOfFileToSend, OpenMode::read); if (fileToSend != nullptr) { break; @@ -843,7 +835,7 @@ void HttpResponder::SendFile(const char *_ecv_array nameOfFileToSend, bool isWeb if (fileToSend == nullptr && (StringEndsWithIgnoreCase(nameOfFileToSend, ".html") || StringEndsWithIgnoreCase(nameOfFileToSend, ".htm"))) { nameOfFileToSend = FOUR04_PAGE_FILE; - fileToSend = GetPlatform().OpenFile(GetPlatform().GetWebDir(), nameOfFileToSend, OpenMode::read); + fileToSend = GetPlatform().OpenFile(Platform::GetWebDir(), nameOfFileToSend, OpenMode::read); } if (fileToSend == nullptr) diff --git a/src/Platform/Platform.h b/src/Platform/Platform.h index b6c0226d..b27a626c 100644 --- a/src/Platform/Platform.h +++ b/src/Platform/Platform.h @@ -417,9 +417,9 @@ public: bool Delete(const char *_ecv_array folder, const char *_ecv_array filename) const noexcept; #endif - const char *_ecv_array GetWebDir() const noexcept; // Where the html etc files are - const char *_ecv_array GetGCodeDir() const noexcept; // Where the gcodes are - const char *_ecv_array GetMacroDir() const noexcept; // Where the user-defined macros are + static const char *_ecv_array GetWebDir() noexcept; // Where the html etc files are + static const char *_ecv_array GetGCodeDir() noexcept; // Where the gcodes are + static const char *_ecv_array GetMacroDir() noexcept; // Where the user-defined macros are // Functions to work with the system files folder GCodeResult SetSysDir(const char *_ecv_array dir, const StringRef& reply) noexcept; // Set the system files path @@ -945,18 +945,18 @@ private: #if HAS_MASS_STORAGE || HAS_SBC_INTERFACE || HAS_EMBEDDED_FILES // Where the htm etc files are -inline const char *_ecv_array Platform::GetWebDir() const noexcept +inline const char *_ecv_array Platform::GetWebDir() noexcept { return WEB_DIR; } // Where the gcodes are -inline const char *_ecv_array Platform::GetGCodeDir() const noexcept +inline const char *_ecv_array Platform::GetGCodeDir() noexcept { return GCODE_DIR; } -inline const char *_ecv_array Platform::GetMacroDir() const noexcept +inline const char *_ecv_array Platform::GetMacroDir() noexcept { return MACRO_DIR; } diff --git a/src/Platform/RepRap.cpp b/src/Platform/RepRap.cpp index 3d0ea399..10f21723 100644 --- a/src/Platform/RepRap.cpp +++ b/src/Platform/RepRap.cpp @@ -275,12 +275,12 @@ constexpr ObjectModelTableEntry RepRap::objectModelTable[] = #if HAS_MASS_STORAGE || HAS_EMBEDDED_FILES || HAS_SBC_INTERFACE { "filaments", OBJECT_MODEL_FUNC_NOSELF(FILAMENTS_DIRECTORY), ObjectModelEntryFlags::verbose }, { "firmware", OBJECT_MODEL_FUNC_NOSELF(FIRMWARE_DIRECTORY), ObjectModelEntryFlags::verbose }, - { "gCodes", OBJECT_MODEL_FUNC(self->platform->GetGCodeDir()), ObjectModelEntryFlags::verbose }, - { "macros", OBJECT_MODEL_FUNC(self->platform->GetMacroDir()), ObjectModelEntryFlags::verbose }, + { "gCodes", OBJECT_MODEL_FUNC_NOSELF(Platform::GetGCodeDir()), ObjectModelEntryFlags::verbose }, + { "macros", OBJECT_MODEL_FUNC_NOSELF(Platform::GetMacroDir()), ObjectModelEntryFlags::verbose }, { "menu", OBJECT_MODEL_FUNC_NOSELF(MENU_DIR), ObjectModelEntryFlags::verbose }, { "scans", OBJECT_MODEL_FUNC_NOSELF(SCANS_DIRECTORY), ObjectModelEntryFlags::verbose }, { "system", OBJECT_MODEL_FUNC_NOSELF(ExpressionValue::SpecialType::sysDir, 0), ObjectModelEntryFlags::none }, - { "web", OBJECT_MODEL_FUNC(self->platform->GetWebDir()), ObjectModelEntryFlags::verbose }, + { "web", OBJECT_MODEL_FUNC_NOSELF(Platform::GetWebDir()), ObjectModelEntryFlags::verbose }, #endif // 2. MachineModel.limits @@ -2288,7 +2288,7 @@ OutputBuffer *RepRap::GetThumbnailResponse(const char *filename, FilePosition of } response->catf("{\"fileName\":\"%.s\",\"offset\":%" PRIu32 ",", filename, offset); - FileStore *const f = platform->OpenFile(platform->GetGCodeDir(), filename, OpenMode::read); + FileStore *const f = platform->OpenFile(Platform::GetGCodeDir(), filename, OpenMode::read); unsigned int err = 0; if (f != nullptr) { @@ -2382,7 +2382,7 @@ GCodeResult RepRap::GetFileInfoResponse(const char *filename, OutputBuffer *&res #if HAS_MASS_STORAGE || HAS_EMBEDDED_FILES // Poll file info for a specific file String<MaxFilenameLength> filePath; - if (!MassStorage::CombineName(filePath.GetRef(), platform->GetGCodeDir(), filename)) + if (!MassStorage::CombineName(filePath.GetRef(), Platform::GetGCodeDir(), filename)) { info.isValid = false; } diff --git a/src/PrintMonitor/PrintMonitor.cpp b/src/PrintMonitor/PrintMonitor.cpp index 2c937cf8..9a45b65e 100644 --- a/src/PrintMonitor/PrintMonitor.cpp +++ b/src/PrintMonitor/PrintMonitor.cpp @@ -315,7 +315,7 @@ void PrintMonitor::StartingPrint(const char* filename) noexcept { #if HAS_MASS_STORAGE || HAS_EMBEDDED_FILES WriteLocker locker(printMonitorLock); - MassStorage::CombineName(filenameBeingPrinted.GetRef(), platform.GetGCodeDir(), filename); + MassStorage::CombineName(filenameBeingPrinted.GetRef(), Platform::GetGCodeDir(), filename); # if HAS_SBC_INTERFACE if (!reprap.UsingSbcInterface()) # endif |