From fcfdcfbb955b4a59096f47535d11ea6d63e2a9de Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Mon, 27 Nov 2017 02:59:43 +0100
Subject: [PATCH] Added sanity checks

---
 remux.c                |  4 ++++
 thumbnail.c            |  2 ++
 transcode.c            |  4 ++++
 util.h                 |  1 +
 util/overwrite_check.c | 14 ++++++++++++++
 5 files changed, 25 insertions(+)
 create mode 100644 util/overwrite_check.c

diff --git a/remux.c b/remux.c
index 9c344cb..4b2950f 100644
--- a/remux.c
+++ b/remux.c
@@ -23,6 +23,7 @@ int main(int argc, char *argv[])
 	jobid = atoi(argv[1]);
 	path = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(argv[4], "path"), ""));
 	tmp = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid);
+	overwrite_check(path);
 	ping_job(jobid, "running", 0);
 
 	demux = 0;
@@ -74,6 +75,9 @@ int main(int argc, char *argv[])
 	if (err = av_write_trailer(mux))
 		job_failed("Error writing trailer to temporary file", av_err2str(err));
 	avio_closep(&mux->pb);
+	if (!filesize(tmp))
+		job_failed("Sanity check failed: Output file is empty");
+	overwrite_check(path);
 	if (rename(tmp, path))
 		job_failed("Overwriting output file failed: %s", strerror(errno));
 	unlink(tmp);
diff --git a/thumbnail.c b/thumbnail.c
index a523c63..bfc0ebc 100644
--- a/thumbnail.c
+++ b/thumbnail.c
@@ -98,6 +98,8 @@ int main(int argc, char *argv[])
 	if (err = av_write_trailer(mux))
 		job_failed("Error writing trailer to temporary file: %s", av_err2str(err));
 	avio_closep(&mux->pb);
+	if (!filesize(tmp))
+		job_failed("Sanity check failed: Output file is empty");
 	if (rename(tmp, dest))
 		job_failed("Overwriting output file failed: %s", strerror(errno));
 	unlink(tmp);
diff --git a/transcode.c b/transcode.c
index 73c999b..175f913 100644
--- a/transcode.c
+++ b/transcode.c
@@ -274,6 +274,7 @@ int main(int argc, char *argv[])
 	output = jlookup(argv[4], "output");
 	outpath = mprintf("%s/%s", getenv(WORKER_RELEASED), jstr(jlookup(output, "path"), ""));
 	tmppath = mprintf("%s/.tmp-%i", getenv(WORKER_TMP), jobid);
+	overwrite_check(outpath);
 
 	demux = 0;
 	opts = 0;
@@ -356,6 +357,9 @@ int main(int argc, char *argv[])
 	if (err = av_write_trailer(mux))
 		job_failed("Error writing trailer to temporary file", av_err2str(err));
 	avio_closep(&mux->pb);
+	if (!filesize(tmppath))
+		job_failed("Sanity check failed: Output file is empty");
+	overwrite_check(outpath);
 	if (rename(tmppath, outpath))
 		job_failed("Overwriting output file \"%s\" failed: %s", outpath, strerror(errno));
 	unlink(tmppath);
diff --git a/util.h b/util.h
index a8585f1..ce56e12 100644
--- a/util.h
+++ b/util.h
@@ -16,6 +16,7 @@ char *hashfile(char *path);
 double fileduration(char *path);
 size_t filesize(char *path);
 char *json_fileinfo(char *path);
+void overwrite_check(char *path);
 
 #define WORKER_APIKEY "WORKER_APIKEY"
 #define WORKER_APIBASE "WORKER_APIBASE"
diff --git a/util/overwrite_check.c b/util/overwrite_check.c
new file mode 100644
index 0000000..9dcbf9f
--- /dev/null
+++ b/util/overwrite_check.c
@@ -0,0 +1,14 @@
+#include <unistd.h>
+#include <sys/stat.h>
+
+#include "../util.h"
+
+void overwrite_check(char *path)
+{
+	struct stat s;
+	if (stat(path, &s) || !s.st_size)
+		return; /* We can overwrite non-existing or empty files */
+	if (s.st_uid != getuid())
+		job_failed("Refusing to overwrite output file \"%s\": File was not created by worker");
+}
+
-- 
GitLab