Handle loading various invalid files

https://github.com/halfgaar/FlashMQ/issues/2

Handle loading various invalid files
https://github.com/halfgaar/FlashMQ/issues/2
Wiebe Cazemier
1 parent 421a666b
Showing 4 changed files with 45 additions and 4 deletions
configfileparser.cpp
configfileparser.h
utils.cpp
utils.h
@@ -22,6 +22,7 @@ License along with FlashMQ. If not, see &lt;https://www.gnu.org/licenses/&gt;.
 #include <sstream>
 #include "fstream"
 #include <regex>
+#include "sys/stat.h"
  
 #include "openssl/ssl.h"
 #include "openssl/err.h"
@@ -42,7 +43,7 @@ void ConfigFileParser::testKeyValidity(const std::string &amp;key, const std::set&lt;st
     }
 }
  
-void ConfigFileParser::checkFileExistsAndReadable(const std::string &key, const std::string &pathToCheck) const
+void ConfigFileParser::checkFileExistsAndReadable(const std::string &key, const std::string &pathToCheck, ssize_t max_size) const
 {
     if (access(pathToCheck.c_str(), R_OK) != 0)
     {
@@ -50,6 +51,21 @@ void ConfigFileParser::checkFileExistsAndReadable(const std::string &amp;key, const 
         oss << "Error for '" << key << "': " << pathToCheck << " is not there or not readable";
         throw ConfigFileException(oss.str());
     }
+
+    struct stat statbuf;
+    memset(&statbuf, 0, sizeof(struct stat));
+    if (stat(path.c_str(), &statbuf) < 0)
+        throw ConfigFileException(formatString("Reading stat of '%s' failed.", pathToCheck.c_str()));
+
+    if (!S_ISREG(statbuf.st_mode))
+    {
+        throw ConfigFileException(formatString("Error for '%s': '%s' is not a regular file.", key.c_str(), pathToCheck.c_str()));
+    }
+
+    if (statbuf.st_size > max_size)
+    {
+        throw ConfigFileException(formatString("Error for '%s': '%s' is bigger than %ld bytes.", key.c_str(), pathToCheck.c_str(), max_size));
+    }
 }
  
 void ConfigFileParser::checkFileOrItsDirWritable(const std::string &filepath) const
@@ -105,7 +121,7 @@ void ConfigFileParser::loadFile(bool test)
     if (path.empty())
         return;
  
-    checkFileExistsAndReadable("application config file", path);
+    checkFileExistsAndReadable("application config file", path, 1024*1024*10);
  
     std::ifstream infile(path, std::ios::in);
  
@@ -236,10 +252,12 @@ void ConfigFileParser::loadFile(bool test)
                 }
                 else if (key == "fullchain")
                 {
+                    checkFileExistsAndReadable("SSL fullchain", value, 1024*1024);
                     curListener->sslFullchain = value;
                 }
                 if (key == "privkey")
                 {
+                    checkFileExistsAndReadable("SSL privkey", value, 1024*1024);
                     curListener->sslPrivkey = value;
                 }
                 if (key == "inet_protocol")
@@ -278,7 +296,7 @@ void ConfigFileParser::loadFile(bool test)
  
                 if (key == "auth_plugin")
                 {
-                    checkFileExistsAndReadable(key, value);
+                    checkFileExistsAndReadable(key, value, 1024*1024*100);
                     tmpSettings->authPluginPath = value;
                 }
  
@@ -346,11 +364,13 @@ void ConfigFileParser::loadFile(bool test)
  
                 if (key == "mosquitto_password_file")
                 {
+                    checkFileExistsAndReadable("mosquitto_password_file", value, 1024*1024*1024);
                     tmpSettings->mosquittoPasswordFile = value;
                 }
  
                 if (key == "mosquitto_acl_file")
                 {
+                    checkFileExistsAndReadable("mosquitto_acl_file", value, 1024*1024*1024);
                     tmpSettings->mosquittoAclFile = value;
                 }
  
@@ -24,6 +24,7 @@ License along with FlashMQ. If not, see &lt;https://www.gnu.org/licenses/&gt;.
 #include <vector>
 #include <memory>
 #include <list>
+#include <limits>
  
 #include "sslctxmanager.h"
 #include "listener.h"
@@ -44,7 +45,7 @@ class ConfigFileParser
     std::set<std::string> validListenKeys;
  
     void testKeyValidity(const std::string &key, const std::set<std::string> &validKeys) const;
-    void checkFileExistsAndReadable(const std::string &key, const std::string &pathToCheck) const;
+    void checkFileExistsAndReadable(const std::string &key, const std::string &pathToCheck, ssize_t max_size = std::numeric_limits<ssize_t>::max()) const;
     void checkFileOrItsDirWritable(const std::string &filepath) const;
 public:
     ConfigFileParser(const std::string &path);
@@ -15,6 +15,8 @@ You should have received a copy of the GNU Affero General Public
 License along with FlashMQ. If not, see <https://www.gnu.org/licenses/>.
 */
  
+#include "sys/stat.h"
+
 #include "utils.h"
  
 #include "sys/time.h"
@@ -465,6 +467,12 @@ void testSsl(const std::string &amp;fullchain, const std::string &amp;privkey)
     if (privkey.empty())
         throw ConfigFileException("No fullchain specified for private key");
  
+    if (getFileSize(fullchain) == 0)
+        throw ConfigFileException(formatString("SSL 'fullchain' file '%s' is empty or invalid", fullchain.c_str()));
+
+    if (getFileSize(privkey) == 0)
+        throw ConfigFileException(formatString("SSL 'privkey' file '%s' is empty or invalid", privkey.c_str()));
+
     SslCtxManager sslCtx;
     if (SSL_CTX_use_certificate_file(sslCtx.get(), fullchain.c_str(), SSL_FILETYPE_PEM) != 1)
     {
@@ -541,3 +549,13 @@ BindAddr getBindAddr(int family, const std::string &amp;bindAddress,  int port)
  
     return result;
 }
+
+ssize_t getFileSize(const std::string &path)
+{
+    struct stat statbuf;
+    memset(&statbuf, 0, sizeof(struct stat));
+    if (stat(path.c_str(), &statbuf) < 0)
+        return -1;
+
+    return statbuf.st_size;
+}
@@ -86,5 +86,7 @@ std::string dirnameOf(const std::string&amp; fname);
  
 BindAddr getBindAddr(int family, const std::string &bindAddress, int port);
  
+ssize_t getFileSize(const std::string &path);
+
  
 #endif // UTILS_H