tftp.c 7.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384
  1. /**
  2. * nmrpflash - Netgear Unbrick Utility
  3. * Copyright (C) 2016 Joseph Lehner <joseph.c.lehner@gmail.com>
  4. *
  5. * nmrpflash is free software: you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License as published by
  7. * the Free Software Foundation, either version 3 of the License, or
  8. * (at your option) any later version.
  9. *
  10. * nmrpflash is distributed in the hope that it will be useful,
  11. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13. * GNU General Public License for more details.
  14. *
  15. * You should have received a copy of the GNU General Public License
  16. * along with nmrpflash. If not, see <http://www.gnu.org/licenses/>.
  17. *
  18. */
  19. #include <string.h>
  20. #include <unistd.h>
  21. #include <stdlib.h>
  22. #include <stdio.h>
  23. #include <errno.h>
  24. #include <fcntl.h>
  25. #include <ctype.h>
  26. #include "nmrpd.h"
  27. #ifndef O_BINARY
  28. #define O_BINARY 0
  29. #endif
  30. #define TFTP_PKT_SIZE 516
  31. static const char *opcode_names[] = {
  32. "RRQ", "WRQ", "DATA", "ACK", "ERR"
  33. };
  34. enum tftp_opcode {
  35. RRQ = 1,
  36. WRQ = 2,
  37. DATA = 3,
  38. ACK = 4,
  39. ERR = 5
  40. };
  41. static bool is_netascii(const char *str)
  42. {
  43. uint8_t *p = (uint8_t*)str;
  44. for (; *p; ++p) {
  45. if (*p < 0x20 || *p > 0x7f) {
  46. return false;
  47. }
  48. }
  49. return true;
  50. }
  51. static inline void pkt_mknum(char *pkt, uint16_t n)
  52. {
  53. *(uint16_t*)pkt = htons(n);
  54. }
  55. static inline uint16_t pkt_num(char *pkt)
  56. {
  57. return ntohs(*(uint16_t*)pkt);
  58. }
  59. static void pkt_mkwrq(char *pkt, const char *filename)
  60. {
  61. size_t len = 2;
  62. filename = leafname(filename);
  63. if (!tftp_is_valid_filename(filename)) {
  64. fprintf(stderr, "Overlong/illegal filename; using 'firmware'.\n");
  65. filename = "firmware";
  66. } else if (!strcmp(filename, "-")) {
  67. filename = "firmware";
  68. }
  69. pkt_mknum(pkt, WRQ);
  70. strcpy(pkt + len, filename);
  71. len += strlen(filename) + 1;
  72. strcpy(pkt + len, "octet");
  73. }
  74. static inline void pkt_print(char *pkt, FILE *fp)
  75. {
  76. uint16_t opcode = pkt_num(pkt);
  77. if (!opcode || opcode > ERR) {
  78. fprintf(fp, "(%d)", opcode);
  79. } else {
  80. fprintf(fp, "%s", opcode_names[opcode - 1]);
  81. if (opcode == ACK || opcode == DATA) {
  82. fprintf(fp, "(%d)", pkt_num(pkt + 2));
  83. } else if (opcode == WRQ || opcode == RRQ) {
  84. fprintf(fp, "(%s, %s)", pkt + 2, pkt + 2 + strlen(pkt + 2) + 1);
  85. }
  86. }
  87. }
  88. static ssize_t tftp_recvfrom(int sock, char *pkt, uint16_t* port,
  89. unsigned timeout)
  90. {
  91. ssize_t len;
  92. struct sockaddr_in src;
  93. #ifndef NMRPFLASH_WINDOWS
  94. socklen_t alen;
  95. #else
  96. int alen;
  97. #endif
  98. len = select_fd(sock, timeout);
  99. if (len < 0) {
  100. return -1;
  101. } else if (!len) {
  102. return 0;
  103. }
  104. alen = sizeof(src);
  105. len = recvfrom(sock, pkt, TFTP_PKT_SIZE, 0, (struct sockaddr*)&src, &alen);
  106. if (len < 0) {
  107. sock_perror("recvfrom");
  108. return -1;
  109. }
  110. *port = ntohs(src.sin_port);
  111. uint16_t opcode = pkt_num(pkt);
  112. if (opcode == ERR) {
  113. fprintf(stderr, "Error (%d): %.511s\n", pkt_num(pkt + 2), pkt + 4);
  114. return -1;
  115. } else if (isprint(pkt[0])) {
  116. /* In case of a firmware checksum error, the EX2700 I've tested this
  117. * on sends a raw UDP packet containing just an error message starting
  118. * at offset 0. The limit of 32 chars is arbitrary.
  119. */
  120. fprintf(stderr, "Error: %.32s\n", pkt);
  121. return -2;
  122. } else if (!opcode || opcode > ERR) {
  123. fprintf(stderr, "Received invalid packet: ");
  124. pkt_print(pkt, stderr);
  125. fprintf(stderr, ".\n");
  126. return -1;
  127. }
  128. if (verbosity > 2) {
  129. printf(">> ");
  130. pkt_print(pkt, stdout);
  131. printf("\n");
  132. }
  133. return len;
  134. }
  135. static ssize_t tftp_sendto(int sock, char *pkt, size_t len,
  136. struct sockaddr_in *dst)
  137. {
  138. ssize_t sent;
  139. switch (pkt_num(pkt)) {
  140. case RRQ:
  141. case WRQ:
  142. len = 2 + strlen(pkt + 2) + 1;
  143. len += strlen(pkt + len) + 1;
  144. break;
  145. case DATA:
  146. len += 4;
  147. break;
  148. case ACK:
  149. len = 4;
  150. break;
  151. case ERR:
  152. len = 4 + strlen(pkt + 4);
  153. break;
  154. default:
  155. fprintf(stderr, "Attempted to send invalid packet ");
  156. pkt_print(pkt, stderr);
  157. fprintf(stderr, "; this is a bug!\n");
  158. return -1;
  159. }
  160. if (verbosity > 2) {
  161. printf("<< ");
  162. pkt_print(pkt, stdout);
  163. printf("\n");
  164. }
  165. sent = sendto(sock, pkt, len, 0, (struct sockaddr*)dst, sizeof(*dst));
  166. if (sent < 0) {
  167. sock_perror("sendto");
  168. }
  169. return sent;
  170. }
  171. const char *leafname(const char *path)
  172. {
  173. const char *slash, *bslash;
  174. slash = strrchr(path, '/');
  175. bslash = strrchr(path, '\\');
  176. if (slash && bslash) {
  177. path = 1 + (slash > bslash ? slash : bslash);
  178. } else if (slash) {
  179. path = 1 + slash;
  180. } else if (bslash) {
  181. path = 1 + bslash;
  182. }
  183. return path;
  184. }
  185. #ifdef NMRPFLASH_WINDOWS
  186. void sock_perror(const char *msg)
  187. {
  188. win_perror2(msg, WSAGetLastError());
  189. }
  190. #endif
  191. inline bool tftp_is_valid_filename(const char *filename)
  192. {
  193. return strlen(filename) <= 500 && is_netascii(filename);
  194. }
  195. int tftp_put(struct nmrpd_args *args)
  196. {
  197. struct sockaddr_in addr;
  198. uint16_t block, port;
  199. ssize_t len, last_len;
  200. int fd, sock, ret, timeout, errors, ackblock;
  201. char rx[TFTP_PKT_SIZE], tx[TFTP_PKT_SIZE];
  202. const char *file_remote = args->file_remote;
  203. sock = -1;
  204. ret = -1;
  205. if (!strcmp(args->file_local, "-")) {
  206. fd = STDIN_FILENO;
  207. if (!file_remote) {
  208. file_remote = "firmware";
  209. }
  210. } else {
  211. fd = open(args->file_local, O_RDONLY | O_BINARY);
  212. if (fd < 0) {
  213. perror("open");
  214. ret = fd;
  215. goto cleanup;
  216. } else if (!file_remote) {
  217. file_remote = args->file_local;
  218. }
  219. }
  220. sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
  221. if (sock < 0) {
  222. sock_perror("socket");
  223. ret = sock;
  224. goto cleanup;
  225. }
  226. memset(&addr, 0, sizeof(addr));
  227. addr.sin_family = AF_INET;
  228. if (args->ipaddr_intf) {
  229. if ((addr.sin_addr.s_addr = inet_addr(args->ipaddr_intf)) == INADDR_NONE) {
  230. perror("inet_addr");
  231. goto cleanup;
  232. }
  233. if (bind(sock, (struct sockaddr*)&addr, sizeof(addr)) != 0) {
  234. sock_perror("bind");
  235. goto cleanup;
  236. }
  237. }
  238. if ((addr.sin_addr.s_addr = inet_addr(args->ipaddr)) == INADDR_NONE) {
  239. perror("inet_addr");
  240. goto cleanup;
  241. }
  242. addr.sin_port = htons(args->port);
  243. block = 0;
  244. last_len = -1;
  245. len = 0;
  246. errors = 0;
  247. /* Not really, but this way the loop sends our WRQ before receiving */
  248. timeout = 1;
  249. pkt_mkwrq(tx, file_remote);
  250. do {
  251. if (!timeout && pkt_num(rx) == ACK) {
  252. ackblock = pkt_num(rx + 2);
  253. } else {
  254. ackblock = -1;
  255. }
  256. if (timeout || ackblock == block) {
  257. if (!timeout) {
  258. ++block;
  259. pkt_mknum(tx, DATA);
  260. pkt_mknum(tx + 2, block);
  261. len = read(fd, tx + 4, 512);
  262. if (len < 0) {
  263. perror("read");
  264. ret = len;
  265. goto cleanup;
  266. } else if (!len) {
  267. if (last_len != 512 && last_len != -1) {
  268. break;
  269. }
  270. }
  271. last_len = len;
  272. }
  273. ret = tftp_sendto(sock, tx, len, &addr);
  274. if (ret < 0) {
  275. goto cleanup;
  276. }
  277. } else if (pkt_num(rx) != ACK || ackblock > block) {
  278. if (verbosity) {
  279. fprintf(stderr, "Expected ACK(%d), got ", block);
  280. pkt_print(rx, stderr);
  281. fprintf(stderr, ".\n");
  282. }
  283. if (ackblock != -1 && ++errors > 5) {
  284. fprintf(stderr, "Protocol error; bailing out.\n");
  285. ret = -1;
  286. goto cleanup;
  287. }
  288. }
  289. ret = tftp_recvfrom(sock, rx, &port, args->rx_timeout);
  290. if (ret < 0) {
  291. goto cleanup;
  292. } else if (!ret) {
  293. if (++timeout < 5 || (!block && timeout < 10)) {
  294. continue;
  295. } else if (block) {
  296. fprintf(stderr, "Timeout while waiting for ACK(%d).\n", block);
  297. } else {
  298. fprintf(stderr, "Timeout while waiting for initial reply.\n");
  299. }
  300. ret = -1;
  301. goto cleanup;
  302. } else {
  303. timeout = 0;
  304. ret = 0;
  305. if (!block && port != args->port) {
  306. if (verbosity > 1) {
  307. printf("Switching to port %d\n", port);
  308. }
  309. addr.sin_port = htons(port);
  310. }
  311. }
  312. } while(1);
  313. ret = 0;
  314. cleanup:
  315. if (fd >= 0) {
  316. close(fd);
  317. }
  318. if (sock >= 0) {
  319. #ifndef NMRPFLASH_WINDOWS
  320. shutdown(sock, SHUT_RDWR);
  321. close(sock);
  322. #else
  323. shutdown(sock, SD_BOTH);
  324. closesocket(sock);
  325. #endif
  326. }
  327. return ret;
  328. }