Commit be4cc756 authored by Julian Rother's avatar Julian Rother
Browse files

Extended overwrite_check to check source file hash

parent b4e10d39
...@@ -7,7 +7,7 @@ int main(int argc, char *argv[]) ...@@ -7,7 +7,7 @@ int main(int argc, char *argv[])
{ {
int i, err; int i, err;
int *idxmap; int *idxmap;
char *p, *path, *tmp; char *p, *path, *srcpath, *tmp;
AVFormatContext *demux, *mux; AVFormatContext *demux, *mux;
AVPacket pkt; AVPacket pkt;
AVStream *stream; AVStream *stream;
...@@ -22,8 +22,9 @@ int main(int argc, char *argv[]) ...@@ -22,8 +22,9 @@ int main(int argc, char *argv[])
jobid = atoi(argv[1]); jobid = atoi(argv[1]);
path = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), "")); path = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), ""));
srcpath = mprintf("%s/%s", getenv(WORKER_RAW), jstr(jlookup(argv[4], "srcpath"), ""));
tmp = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid); tmp = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid);
overwrite_check(path); overwrite_check(path, srcpath, jstr(jlookup(argv[4], "srchash"), ""));
ping_job(jobid, "running", 0); ping_job(jobid, "running", 0);
demux = 0; demux = 0;
...@@ -79,7 +80,7 @@ int main(int argc, char *argv[]) ...@@ -79,7 +80,7 @@ int main(int argc, char *argv[])
avio_closep(&mux->pb); avio_closep(&mux->pb);
if (!filesize(tmp)) if (!filesize(tmp))
job_failed("Sanity check failed: Output file is empty"); job_failed("Sanity check failed: Output file is empty");
overwrite_check(path); overwrite_check(path, srcpath, jstr(jlookup(argv[4], "srchash"), ""));
if (rename(tmp, path)) if (rename(tmp, path))
job_failed("Overwriting output file failed: %s", strerror(errno)); job_failed("Overwriting output file failed: %s", strerror(errno));
unlink(tmp); unlink(tmp);
......
...@@ -274,7 +274,7 @@ int main(int argc, char *argv[]) ...@@ -274,7 +274,7 @@ int main(int argc, char *argv[])
output = jlookup(argv[4], "output"); output = jlookup(argv[4], "output");
outpath = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(output, "path"), "")); outpath = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(output, "path"), ""));
tmppath = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid); tmppath = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid);
overwrite_check(outpath); overwrite_check(outpath, inpath, jstr(jlookup(input, "hash"), ""));
demux = 0; demux = 0;
opts = 0; opts = 0;
...@@ -359,7 +359,7 @@ int main(int argc, char *argv[]) ...@@ -359,7 +359,7 @@ int main(int argc, char *argv[])
avio_closep(&mux->pb); avio_closep(&mux->pb);
if (!filesize(tmppath)) if (!filesize(tmppath))
job_failed("Sanity check failed: Output file is empty"); job_failed("Sanity check failed: Output file is empty");
overwrite_check(outpath); overwrite_check(outpath, 0, 0);
if (rename(tmppath, outpath)) if (rename(tmppath, outpath))
job_failed("Overwriting output file \"%s\" failed: %s", outpath, strerror(errno)); job_failed("Overwriting output file \"%s\" failed: %s", outpath, strerror(errno));
unlink(tmppath); unlink(tmppath);
......
...@@ -16,7 +16,7 @@ char *hashfile(char *path); ...@@ -16,7 +16,7 @@ char *hashfile(char *path);
double fileduration(char *path); double fileduration(char *path);
size_t filesize(char *path); size_t filesize(char *path);
char *json_fileinfo(char *path); char *json_fileinfo(char *path);
void overwrite_check(char *path); void overwrite_check(char *path, char *srcpath, char *srchash);
int checktime(time_t min); int checktime(time_t min);
#define WORKER_APIKEY "WORKER_APIKEY" #define WORKER_APIKEY "WORKER_APIKEY"
......
...@@ -3,11 +3,13 @@ ...@@ -3,11 +3,13 @@
#include "../util.h" #include "../util.h"
void overwrite_check(char *path) void overwrite_check(char *path, char *srcpath, char *srchash)
{ {
struct stat s; struct stat s;
if (stat(path, &s) || !s.st_size) if (stat(path, &s) || !s.st_size)
return; /* We can overwrite non-existing or empty files */ return; /* We can overwrite non-existing or empty files */
if (srcpath && strcmp(hashfile(srcpath), srchash))
job_failed("Refusing to overwrite output file \"%s\": Source file hash mismatch", path);
if (s.st_uid != getuid()) if (s.st_uid != getuid())
job_failed("Refusing to overwrite output file \"%s\": File was not created by worker", path); job_failed("Refusing to overwrite output file \"%s\": File was not created by worker", path);
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment