728 lines
32 KiB
C
728 lines
32 KiB
C
|
|
/* WARNING: Heritage AFTER dead removal. Example location: r0x00484044 : 0x00405fe2 */
|
|
/* WARNING: Type propagation algorithm not settling */
|
|
/* WARNING: Globals starting with '_' overlap smaller symbols at the same address */
|
|
/* WARNING: Restarted to delay deadcode elimination for space: ram */
|
|
|
|
undefined4 webcfg_main(void)
|
|
|
|
{
|
|
undefined3 extraout_var;
|
|
int iVar1;
|
|
uint uVar2;
|
|
undefined *puVar3;
|
|
code *pcVar4;
|
|
size_t sVar5;
|
|
bool bVar10;
|
|
undefined **ppuVar6;
|
|
time_t tVar7;
|
|
char *pcVar8;
|
|
ssize_t sVar9;
|
|
char *pcVar11;
|
|
undefined4 uVar21;
|
|
int iVar22;
|
|
char *pcVar23;
|
|
undefined1 *puVar24;
|
|
char local_4c00 [16384];
|
|
undefined4 uStack_c00;
|
|
char local_bfc [1020];
|
|
char acStack_800 [1024];
|
|
char acStack_400 [256];
|
|
undefined *apuStack_300 [64];
|
|
char acStack_200 [80];
|
|
undefined *local_1b0;
|
|
char *local_1ac;
|
|
char *local_1a4;
|
|
undefined4 local_1a0;
|
|
undefined *apuStack_164 [16];
|
|
undefined *apuStack_124 [2];
|
|
undefined **local_11c;
|
|
char *local_118;
|
|
char acStack_ec [36];
|
|
char acStack_c8 [32];
|
|
undefined *local_a8;
|
|
undefined4 local_a4;
|
|
undefined4 local_a0;
|
|
undefined4 local_9c;
|
|
undefined4 local_98;
|
|
undefined4 local_94;
|
|
undefined4 local_90;
|
|
undefined4 local_8c;
|
|
char local_88 [16];
|
|
undefined *local_78;
|
|
undefined4 local_74;
|
|
undefined4 local_70;
|
|
undefined4 local_6c;
|
|
undefined **local_68;
|
|
undefined **cgi_func;
|
|
undefined1 *local_60;
|
|
undefined **local_5c;
|
|
undefined **local_58;
|
|
char *local_54;
|
|
char *local_50;
|
|
undefined **local_4c;
|
|
uint session_valid;
|
|
char *local_44;
|
|
FILE *local_40;
|
|
FILE *local_3c;
|
|
FILE *local_38;
|
|
FILE *local_34;
|
|
FILE *local_30;
|
|
undefined4 local_2c;
|
|
char *local_28;
|
|
FILE *local_24;
|
|
undefined **local_20;
|
|
char *local_1c;
|
|
char *local_18;
|
|
|
|
local_60 = &stack0xffefb400;
|
|
memset(acStack_200,0,0x50);
|
|
local_78 = (undefined *)0x0;
|
|
local_74 = 0;
|
|
local_70 = 0;
|
|
local_6c = 0;
|
|
local_88[0] = '\0';
|
|
local_88[1] = '\0';
|
|
local_88[2] = '\0';
|
|
local_88[3] = '\0';
|
|
local_88[4] = '\0';
|
|
local_88[5] = '\0';
|
|
local_88[6] = '\0';
|
|
local_88[7] = '\0';
|
|
local_88[8] = '\0';
|
|
local_88[9] = '\0';
|
|
local_88[10] = '\0';
|
|
local_88[0xb] = '\0';
|
|
local_88[0xc] = '\0';
|
|
local_88[0xd] = '\0';
|
|
local_88[0xe] = '\0';
|
|
local_88[0xf] = '\0';
|
|
memset(apuStack_164,0,0x40);
|
|
memset(acStack_c8,0,0x20);
|
|
local_4c00[0] = '{';
|
|
local_4c00[1] = '}';
|
|
local_4c00[2] = 0;
|
|
memset(local_4c00 + 3,0,0x3ffd);
|
|
memset(apuStack_300,0,0x100);
|
|
memset(acStack_ec,0,0x21);
|
|
memset(&stack0xffefb400,0,0x100000);
|
|
local_40 = _stderr;
|
|
local_68 = (undefined **)0x44d110;
|
|
cgi_func = (undefined **)0x44869c;
|
|
fprintf(_stderr,"[%s,%s,%d]: Starting web-management CGI server...","cgi_main.c","webcfg_main");
|
|
fputc(10,_stderr);
|
|
syslog(6,"Starting web-management CGI server...",&_mips_gp0_value);
|
|
pcVar11 = "/tmp/sysinfo/unregister";
|
|
uVar21 = 0;
|
|
/* This file does exist on the device, contains two characters "ef"
|
|
So the below block will always eexcute it seems, "however
|
|
/www-comfast/unregistered" does not seem to exist
|
|
So, I don't expect this really does anything */
|
|
iVar1 = access("/tmp/sysinfo/unregister",0);
|
|
if (iVar1 == 0) {
|
|
registered_flag = 0;
|
|
pcVar11 = "cp /www-comfast/unregistered/* /www-comfast/ -r";
|
|
system("cp /www-comfast/unregistered/* /www-comfast/ -r");
|
|
}
|
|
uci_start(pcVar11,uVar21);
|
|
iVar1 = uci_config_get_single_int("mbox.management.config_done");
|
|
config_done = iVar1 != 0;
|
|
uci_end();
|
|
/* PGM_INIT: explicitly ZERO out session ID */
|
|
cgi_func = (undefined **)&authenticated_COMFAST_session_id;
|
|
memset(&authenticated_COMFAST_session_id,0,0x90);
|
|
iVar1 = FCGX_Init();
|
|
if (iVar1 < 0) {
|
|
local_3c = _stderr;
|
|
fprintf(_stderr,"[%s,%s,%d]: fcgi initialization fail, can not continue!","cgi_main.c",
|
|
"webcfg_main");
|
|
fputc(10,_stderr);
|
|
pcVar11 = "[%s,%s,%d]: fcgi initialization fail, can not continue!";
|
|
}
|
|
else {
|
|
/* First block of code that runs after successful fcgi init */
|
|
cgi_func = (undefined **)acStack_200;
|
|
/* Listen on localhost:9002
|
|
NGINX proxies all requests to /cgi-bin/* to this process
|
|
This is why you'll get 502 for trying to request endpoints that don't exist
|
|
*/
|
|
sprintf((char *)cgi_func,"127.0.0.1:%d",9002);
|
|
local_38 = _stderr;
|
|
fprintf(_stderr,"[%s,%s,%d]: fcgi listening to %s","cgi_main.c","webcfg_main");
|
|
fputc(10,_stderr);
|
|
syslog(6,"fcgi listening to %s",cgi_func);
|
|
cgi_func = (undefined **)FCGX_OpenSocket(cgi_func,0xffffffff,&_mips_gp0_value);
|
|
/* FCGI_OpenSocket() returns -1 on error so
|
|
IF SOCKET OPENED { ... } */
|
|
if (-1 < (int)cgi_func) {
|
|
uVar2 = fcntl((int)cgi_func,1);
|
|
fcntl((int)cgi_func,2,uVar2 | 1);
|
|
FCGX_InitRequest(apuStack_124,cgi_func,0);
|
|
/* Beginning of web request handler loop */
|
|
session_valid = 0;
|
|
do {
|
|
local_98 = 0;
|
|
local_94 = 0;
|
|
local_90 = 0;
|
|
local_8c = 0;
|
|
blob_buf_init(&local_98,0);
|
|
local_5c = &local_a8;
|
|
local_a8 = (undefined *)0x0;
|
|
local_a4 = 0;
|
|
local_a0 = 0;
|
|
local_9c = 0;
|
|
blob_buf_init(local_5c,0,&_mips_gp0_value);
|
|
local_58 = apuStack_124;
|
|
iVar1 = FCGX_Accept_r(local_58,local_58,&_mips_gp0_value);
|
|
if (iVar1 < 0) {
|
|
return 0;
|
|
}
|
|
cgi_func = &local_1b0;
|
|
local_68 = (undefined **)local_58[5];
|
|
memset(cgi_func,0,0x4c);
|
|
puVar3 = (undefined *)FCGX_GetParam("QUERY_STRING",local_68);
|
|
cgi_func[1] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("REQUEST_METHOD",local_68,&_mips_gp0_value);
|
|
cgi_func[2] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("CONTENT_TYPE",local_68);
|
|
cgi_func[3] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("CONTENT_LENGTH",local_68,&_mips_gp0_value);
|
|
cgi_func[4] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("SCRIPT_NAME",local_68);
|
|
cgi_func[5] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("REQUEST_URI",local_68,&_mips_gp0_value);
|
|
cgi_func[6] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("DOCUMENT_URI",local_68);
|
|
cgi_func[7] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("DOCUMENT_ROOT",local_68,&_mips_gp0_value);
|
|
cgi_func[8] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("SERVER_PROTOCOL",local_68);
|
|
cgi_func[9] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("HTTPS",local_68,&_mips_gp0_value);
|
|
cgi_func[10] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("REMOTE_ADDR",local_68);
|
|
cgi_func[11] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("REMOTE_PORT",local_68,&_mips_gp0_value);
|
|
cgi_func[12] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("SERVER_ADDR",local_68);
|
|
cgi_func[13] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("SERVER_PORT",local_68,&_mips_gp0_value);
|
|
cgi_func[14] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("SERVER_NAME",local_68);
|
|
cgi_func[15] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("HTTP_HOST",local_68,&_mips_gp0_value);
|
|
cgi_func[16] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("USER_AGENT",local_68);
|
|
cgi_func[17] = puVar3;
|
|
puVar3 = (undefined *)FCGX_GetParam("HTTP_COOKIE",local_68,&_mips_gp0_value);
|
|
cgi_func[18] = puVar3;
|
|
pcVar11 = local_118;
|
|
/* element 11 = "REMOTE_ADDR"
|
|
element 7 = "DOCUMENT_URI"
|
|
|
|
This is checking
|
|
IF the IP address of the requester = NULL/empty string
|
|
-- OR -- if the DOCUMENT URI = NULL/empty string */
|
|
if ((((cgi_func[11] == (char *)0x0) || (*cgi_func[11] == '\0')) ||
|
|
(local_50 = cgi_func[7], local_50 == (char *)0x0)) || (*local_50 == '\0')) {
|
|
LAB_0040654a:
|
|
/* Loads a pointer to the response_400() function and then executes it */
|
|
pcVar4 = (code *)0x4055b5;
|
|
LAB_0040654e:
|
|
/* This branch is for explicit handling of the "/cgi-bin/iswifi" path which so
|
|
far I haven't recorded any use of in this environment. In any case it seems
|
|
to simply return a 200 response with the COMFAST_SESSION set as a cookie.
|
|
It's worth noting that it does conditionally set the cookie value to
|
|
"DELETED" based on the state of local_48 which apears to be a boolean, likely
|
|
something like "is_logged_in" */
|
|
(*pcVar4)(pcVar11);
|
|
}
|
|
else {
|
|
*cgi_func = (undefined *)local_58;
|
|
iVar1 = strncmp(local_50,"/cgi-bin/iswifi",0xf);
|
|
if (iVar1 == 0) {
|
|
local_68 = (undefined **)acStack_ec;
|
|
iVar1 = deal_iswifi(cgi_func[1],(char *)apuStack_300,(char *)local_68);
|
|
if (iVar1 == 0) {
|
|
iswifi_output(local_5c,(char *)local_68);
|
|
local_5c = (undefined **)blobmsg_format_json_with_cb(*local_5c,1,0,0);
|
|
local_50 = local_58[3];
|
|
if (session_valid == 0) {
|
|
local_68 = (undefined **)0x44881c;
|
|
pcVar11 = "Expires=Thu, 01-Jan-1970 00:00:01 GMT; Path=/; Version=1";
|
|
}
|
|
else {
|
|
local_68 = (undefined **)&authenticated_COMFAST_session_id;
|
|
pcVar11 = "Path=/; Version=1";
|
|
}
|
|
cgi_func = (undefined **)pcVar11;
|
|
local_54 = (char *)strlen((char *)local_5c);
|
|
local_58 = apuStack_300;
|
|
strlen((char *)local_58);
|
|
FCGX_FPrintF(local_50,
|
|
"Status: 200 OK\r\nSet-Cookie: %s=%s; %s\r\nContent-Length: %d\r\nContent-Type: text/javascript; charset=utf-8\r\n\r\n%s(%s);\r\n"
|
|
,"COMFAST_SESSIONID",local_68);
|
|
free(local_5c);
|
|
}
|
|
}
|
|
else {
|
|
iVar1 = strncmp(local_50,"/cgi-bin/",9);
|
|
if (iVar1 != 0) {
|
|
pcVar11 = local_58[3];
|
|
LAB_00407552:
|
|
pcVar4 = (code *)0x405589;
|
|
goto LAB_0040654e;
|
|
}
|
|
local_68 = (undefined **)cgi_func[2];
|
|
iVar1 = strcmp((char *)local_68,"GET");
|
|
if (iVar1 == 0) {
|
|
local_5c = (undefined **)cgi_func[6];
|
|
cgi_func = (undefined **)0x448b28;
|
|
pcVar11 = strstr((char *)local_5c,"height=");
|
|
if (pcVar11 == (char *)0x0) {
|
|
local_4c = (undefined **)&DAT_00000001;
|
|
}
|
|
else {
|
|
cgi_func = (undefined **)0x448b30;
|
|
pcVar11 = strstr((char *)local_5c,"width=");
|
|
if (pcVar11 != (char *)0x0) {
|
|
cgi_func = (undefined **)(local_88 + 0x10);
|
|
local_68 = (undefined **)local_88;
|
|
local_88[0] = '\0';
|
|
local_88[1] = '\0';
|
|
local_88[2] = '\0';
|
|
local_88[3] = '\0';
|
|
local_88[4] = '\0';
|
|
local_88[5] = '\0';
|
|
local_88[6] = '\0';
|
|
local_88[7] = '\0';
|
|
local_88[8] = '\0';
|
|
local_88[9] = '\0';
|
|
local_88[10] = '\0';
|
|
local_88[0xb] = '\0';
|
|
local_88[0xc] = '\0';
|
|
local_88[0xd] = '\0';
|
|
local_88[0xe] = '\0';
|
|
local_88[0xf] = '\0';
|
|
local_58 = apuStack_164;
|
|
local_78 = (undefined *)0x0;
|
|
local_74 = 0;
|
|
local_70 = 0;
|
|
local_6c = 0;
|
|
memset(local_58,0,0x40);
|
|
local_50 = acStack_c8;
|
|
memset(local_50,0,0x20);
|
|
pcVar11 = strstr((char *)local_5c,"height=");
|
|
get_para_from_uri(pcVar11,(int)cgi_func);
|
|
pcVar11 = strstr((char *)local_5c,"width=");
|
|
get_para_from_uri(pcVar11,(int)local_68);
|
|
get_css_path_from_uri((char *)((int)local_5c + 9),(int)local_50);
|
|
sprintf((char *)local_58,"/www-comfast/%s",local_50);
|
|
memset(&stack0xffefb400,0,0x100000);
|
|
local_68 = (undefined **)atoi((char *)local_68);
|
|
iVar1 = atoi((char *)cgi_func);
|
|
modify_css(local_68,iVar1,&stack0xffefb400,(char *)local_58);
|
|
sVar5 = strlen(&stack0xffefb400);
|
|
FCGX_FPrintF(local_118,
|
|
"HTTP/1.1 200 OK\r\nServer: nginx/1.4.7\r\nDate: Mon, 17 Jun 2019 10:42:35 GMT\r\nContent-Type: text/css\r\nContent-Length: %d\r\nLast-Modified: Thu, 01-Jan-1970 00:00:01 GMT\r\nConnection: keep-alive\r\nETag: \"5c666a67-1acd\"\r\nAccept-Ranges: bytes\r\n\r\n%s"
|
|
,sVar5,&stack0xffefb400);
|
|
goto LAB_00406556;
|
|
}
|
|
local_4c = (undefined **)&DAT_00000001;
|
|
}
|
|
}
|
|
else {
|
|
iVar1 = strcmp((char *)local_68,"POST");
|
|
if (iVar1 != 0) {
|
|
pcVar11 = local_58[3];
|
|
goto LAB_00407552;
|
|
}
|
|
cgi_func = (undefined **)strtoul(cgi_func[4],(char **)0x0,0);
|
|
if ((char *)0xffffff < (char *)((int)cgi_func + -1)) {
|
|
local_30 = _stderr;
|
|
local_68 = &local_1b0;
|
|
local_2c = local_1a0;
|
|
fprintf(_stderr,"[%s,%s,%d]: Invalid request of content length: %s cl=%d",
|
|
"cgi_main.c","webcfg_main");
|
|
fputc(10,_stderr);
|
|
syslog(3,"Invalid request of content length: %s cl=%d",local_68[4],cgi_func);
|
|
}
|
|
local_68 = (undefined **)local_1ac;
|
|
pcVar11 = strstr(local_1ac,"section=system_");
|
|
if (pcVar11 == (char *)0x0) {
|
|
system_state = (char *)0x0;
|
|
}
|
|
else {
|
|
pcVar11 = strstr((char *)local_68,"system_config_backup");
|
|
if (((pcVar11 == (char *)0x0) &&
|
|
(pcVar11 = strstr((char *)local_68,"system_account_download"),
|
|
pcVar11 == (char *)0x0)) &&
|
|
(pcVar11 = strstr((char *)local_68,"system_passwd_download"),
|
|
pcVar11 == (char *)0x0)) {
|
|
pcVar11 = strstr((char *)local_68,"system_load_config");
|
|
if (pcVar11 == (char *)0x0) {
|
|
pcVar11 = strstr((char *)local_68,"system_upgrade");
|
|
if ((pcVar11 == (char *)0x0) &&
|
|
(pcVar11 = strstr((char *)local_68,"system_upgrade_keep"),
|
|
pcVar11 == (char *)0x0)) {
|
|
pcVar11 = strstr((char *)local_68,"system_upload_file");
|
|
if (((((pcVar11 == (char *)0x0) &&
|
|
(pcVar11 = strstr((char *)local_68,"system_upload_account"),
|
|
pcVar11 == (char *)0x0)) &&
|
|
(pcVar11 = strstr((char *)local_68,"system_upload_passwd"),
|
|
pcVar11 == (char *)0x0)) &&
|
|
((pcVar11 = strstr((char *)local_68,"system_upload_wxpay_cert_pem"),
|
|
pcVar11 == (char *)0x0 &&
|
|
(pcVar11 = strstr((char *)local_68,"system_upload_wxpay_key_pem"),
|
|
pcVar11 == (char *)0x0)))) &&
|
|
((pcVar11 = strstr((char *)local_68,"system_upload_radius_template"),
|
|
pcVar11 == (char *)0x0 &&
|
|
(pcVar11 = strstr((char *)local_68,"system_cluster_upgrade_file"),
|
|
pcVar11 == (char *)0x0)))) {
|
|
pcVar11 = strstr((char *)local_68,"system_wl_upload_pic_file");
|
|
if (pcVar11 == (char *)0x0) {
|
|
system_state = strstr((char *)local_68,"system_suite_upgrade_file_upload")
|
|
;
|
|
if (system_state != (char *)0x0) {
|
|
system_state = (char *)0x6;
|
|
}
|
|
}
|
|
else {
|
|
system_state = (char *)0x5;
|
|
}
|
|
}
|
|
else {
|
|
system_state = (char *)0x4;
|
|
}
|
|
}
|
|
else {
|
|
system_state = (char *)0x3;
|
|
}
|
|
}
|
|
else {
|
|
system_state = &DAT_00000002;
|
|
}
|
|
}
|
|
else {
|
|
system_state = &DAT_00000001;
|
|
}
|
|
if (((local_1a4 != (char *)0x0) &&
|
|
(pcVar11 = strstr(local_1a4,"multipart/form-data"), pcVar11 != (char *)0x0)) &&
|
|
(local_28 = system_state, 1 < (int)system_state)) {
|
|
local_58 = local_11c;
|
|
memset(acStack_800,0,0x400);
|
|
memset(acStack_400,0,0x100);
|
|
do {
|
|
if ((int)cgi_func < 1) goto LAB_00406fa2;
|
|
local_68 = (undefined **)acStack_800;
|
|
memset(local_68,0,0x400);
|
|
pcVar11 = (char *)((int)cgi_func + 1);
|
|
if (0x400 < (int)pcVar11) {
|
|
pcVar11 = (char *)0x400;
|
|
}
|
|
iVar1 = FCGX_GetLine(local_68,pcVar11,local_58);
|
|
if (iVar1 == 0) goto LAB_00407400;
|
|
local_68 = (undefined **)acStack_800;
|
|
sVar5 = strlen((char *)local_68);
|
|
cgi_func = (undefined **)((int)cgi_func - sVar5);
|
|
iVar1 = strncasecmp((char *)local_68,"Content-Disposition:",0x14);
|
|
} while (iVar1 != 0);
|
|
local_68 = (undefined **)strstr((char *)local_68,"filename=");
|
|
if (local_68 != (undefined **)0x0) {
|
|
local_5c = (undefined **)((int)local_68 + 10);
|
|
local_54 = strchr((char *)local_5c,0x22);
|
|
if (local_54 != (char *)0x0) {
|
|
memset(upload_filename,0,0x100);
|
|
strncpy(upload_filename,(char *)local_5c,
|
|
(size_t)(local_54 + (-10 - (int)local_68)));
|
|
}
|
|
}
|
|
for (; 0 < (int)cgi_func; cgi_func = (undefined **)((int)cgi_func - sVar5)) {
|
|
local_68 = (undefined **)acStack_800;
|
|
iVar1 = strcmp((char *)local_68,"\n");
|
|
if ((iVar1 == 0) || (iVar1 = strcmp((char *)local_68,"\r\n"), iVar1 == 0))
|
|
break;
|
|
memset(local_68,0,0x400);
|
|
pcVar11 = (char *)((int)cgi_func + 1);
|
|
if (0x400 < (int)pcVar11) {
|
|
pcVar11 = (char *)0x400;
|
|
}
|
|
iVar1 = FCGX_GetLine(local_68,pcVar11,local_58);
|
|
if (iVar1 == 0) goto LAB_00407400;
|
|
sVar5 = strlen(acStack_800);
|
|
}
|
|
LAB_00406fa2:
|
|
pcVar11 = strstr(upload_filename,".png");
|
|
if ((((pcVar11 == (char *)0x0) &&
|
|
(pcVar11 = strstr(upload_filename,".PNG"), pcVar11 == (char *)0x0)) &&
|
|
(pcVar11 = strstr(upload_filename,".jpg"), pcVar11 == (char *)0x0)) &&
|
|
(((pcVar11 = strstr(upload_filename,".JPG"), pcVar11 == (char *)0x0 &&
|
|
(pcVar11 = strstr(upload_filename,".jpeg"), pcVar11 == (char *)0x0)) &&
|
|
(pcVar11 = strstr(upload_filename,".JPEG"), pcVar11 == (char *)0x0)))) {
|
|
puVar24 = (undefined1 *)0x104800;
|
|
pcVar11 = "/tmp/bakup.file";
|
|
strcpy(acStack_400,"/tmp/bakup.file");
|
|
}
|
|
else {
|
|
local_68 = (undefined **)0x448e6c;
|
|
iVar1 = access("/tmp/img",0);
|
|
if ((iVar1 != 0) && (iVar1 = mkdir("/tmp/img",0x1ff), iVar1 != 0))
|
|
goto LAB_00407400;
|
|
puVar24 = upload_filename;
|
|
pcVar11 = "%s/%s";
|
|
sprintf(acStack_400,"%s/%s","/tmp/img");
|
|
}
|
|
local_5c = (undefined **)0x448e80;
|
|
bVar10 = file_exists("/tmp/bakup.file",pcVar11,&_mips_gp0_value,puVar24);
|
|
if (CONCAT31(extraout_var,bVar10) == 0) {
|
|
memset(&uStack_c00,0,0x400);
|
|
local_54 = (char *)open(acStack_400,0x302,0x1ff);
|
|
if (-1 < (int)local_54) {
|
|
local_68 = (undefined **)0x0;
|
|
for (; 0 < (int)cgi_func;
|
|
cgi_func = (undefined **)((int)cgi_func - (int)ppuVar6)) {
|
|
local_4c = cgi_func;
|
|
if (0x400 < (int)cgi_func) {
|
|
local_4c = (undefined **)0x400;
|
|
}
|
|
local_5c = (undefined **)FCGX_GetStr(&uStack_c00,local_4c,local_58);
|
|
if (local_5c != local_4c) break;
|
|
if ((int)cgi_func < 0x400) {
|
|
for (; (int)local_68 < (int)(cgi_func + -1);
|
|
local_68 = (undefined **)((int)local_68 + 1)) {
|
|
if ((((*(char *)((int)&uStack_c00 + (int)local_68) == '\r') &&
|
|
(*(char *)((int)&uStack_c00 + 1 + (int)local_68) == '\n')) &&
|
|
(*(char *)((int)&uStack_c00 + 2 + (int)local_68) == '-')) &&
|
|
((*(char *)((int)&uStack_c00 + 3 + (int)local_68) == '-' &&
|
|
(local_bfc[(int)local_68] == '-')))) {
|
|
*(char *)((int)&uStack_c00 + (int)local_68) = '\0';
|
|
cgi_func = (undefined **)
|
|
((int)cgi_func + ((int)local_68 - (int)local_5c));
|
|
local_5c = local_68;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
ppuVar6 = (undefined **)write((int)local_54,&uStack_c00,(size_t)local_5c);
|
|
if (ppuVar6 != local_5c) break;
|
|
}
|
|
close((int)local_54);
|
|
}
|
|
}
|
|
else {
|
|
local_58 = (undefined **)&uStack_c00;
|
|
memset(local_58,0,0x80);
|
|
local_68 = (undefined **)open("/tmp/bakup.file",2);
|
|
if ((int)local_68 < 0) {
|
|
unlink((char *)local_5c);
|
|
}
|
|
else {
|
|
local_5c = (undefined **)lseek((int)local_68,0,2);
|
|
lseek((int)local_68,(__off_t)((int)local_5c + -0x7f),0);
|
|
read((int)local_68,local_58,0x7f);
|
|
iVar1 = 0;
|
|
do {
|
|
iVar22 = iVar1;
|
|
if (iVar22 == 0x7c) {
|
|
iVar22 = 0x7c;
|
|
break;
|
|
}
|
|
iVar1 = iVar22 + 1;
|
|
} while (((*(char *)((int)&uStack_c00 + iVar22 + 1) != '\r') ||
|
|
(*(char *)((int)&uStack_c00 + iVar22 + 2) != '\n')) ||
|
|
((*(char *)((int)&uStack_c00 + iVar22 + 3) != '-' ||
|
|
(local_bfc[iVar22] != '-'))));
|
|
ftruncate((int)local_68,(__off_t)((int)local_5c + iVar22 + -0x7e));
|
|
close((int)local_68);
|
|
local_68 = (undefined **)acStack_400;
|
|
iVar1 = strcmp("/tmp/bakup.file",(char *)local_68);
|
|
if (iVar1 != 0) {
|
|
rename("/tmp/bakup.file",(char *)local_68);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
LAB_00407400:
|
|
if ((undefined **)0x4000 < cgi_func) {
|
|
cgi_func = (undefined **)0x3fff;
|
|
}
|
|
local_68 = (undefined **)local_4c00;
|
|
memset(local_68,0,0x4000);
|
|
local_5c = apuStack_124;
|
|
FCGX_GetStr(local_68,cgi_func,local_11c);
|
|
*(char *)((int)local_68 + (int)cgi_func) = '\0';
|
|
if ((system_state == (char *)0x0) &&
|
|
(iVar1 = blobmsg_add_json_from_string(&local_98,local_68), iVar1 == 0)) {
|
|
local_24 = _stderr;
|
|
fprintf(_stderr,"[%s,%s,%d]: Fail to parse JSON from post data: %s","cgi_main.c",
|
|
"webcfg_main");
|
|
fputc(10,_stderr);
|
|
syslog(3,"Fail to parse JSON from post data: %s",local_68);
|
|
pcVar11 = local_5c[3];
|
|
goto LAB_0040654a;
|
|
}
|
|
local_4c = (undefined **)&DAT_00000002;
|
|
}
|
|
cgi_func = (undefined **)authenticated_session_expiration_time;
|
|
tVar7 = time((time_t *)0x0);
|
|
cgi_func = (undefined **)((int)cgi_func - tVar7);
|
|
if ((int)cgi_func < 0) {
|
|
iVar1 = uptime_timeout();
|
|
if (iVar1 == 0) {
|
|
memset(&authenticated_COMFAST_session_id,0,0x90);
|
|
}
|
|
else {
|
|
tVar7 = time((time_t *)0x0);
|
|
authenticated_session_expiration_time = tVar7 + 600;
|
|
}
|
|
}
|
|
else {
|
|
tVar7 = time((time_t *)0x0);
|
|
authenticated_session_expiration_time = tVar7 + 600;
|
|
}
|
|
session_valid = 0;
|
|
if (is_logged_in != '\0') {
|
|
session_valid = (int)cgi_func < 1 ^ 1;
|
|
}
|
|
/* Figure out how to dispatch incoming request
|
|
Loops over cgi_functions in &cgi_functions which is itself an array of data
|
|
structures */
|
|
for (cgi_func = &cgi_functions; cgi_func != (undefined **)&DAT_00464bf4;
|
|
cgi_func = cgi_func + 5) {
|
|
local_20 = (undefined **)cgi_func[1];
|
|
if ((local_20 == local_4c) && (iVar1 = strcmp(*cgi_func,local_50 + 9), iVar1 == 0)) {
|
|
/* Here's the auth check
|
|
Every CGI entry in cgi_functions[] has a one-byte “needs-auth” flag
|
|
(offset +2).
|
|
If that flag is zero or the session is valid */
|
|
if ((*(char *)(cgi_func + 2) == '\0') || (session_valid != 0)) {
|
|
local_68 = &local_1b0;
|
|
pcVar23 = "ac_list_get";
|
|
pcVar11 = local_1ac;
|
|
pcVar8 = strstr(local_1ac,"ac_list_get");
|
|
if (pcVar8 == (char *)0x0) {
|
|
uci_start(pcVar11,pcVar23);
|
|
local_68 = (undefined **)(*(code *)cgi_func[3])(local_68,&local_98,&local_a8);
|
|
uci_end();
|
|
}
|
|
else {
|
|
ac_list_get(&local_98,&local_a8);
|
|
local_68 = (undefined **)0x0;
|
|
}
|
|
local_1c = system_state;
|
|
if (system_state != &DAT_00000001) {
|
|
ppuVar6 = local_68;
|
|
if ((int)local_68 < 0) {
|
|
ppuVar6 = (undefined **)-(int)local_68;
|
|
}
|
|
goto LAB_004077ae;
|
|
}
|
|
}
|
|
else {
|
|
ppuVar6 = (undefined **)(char *)0x4;
|
|
LAB_004077ae:
|
|
cgi_gen_error(&local_a8,(int)ppuVar6);
|
|
}
|
|
local_18 = system_state;
|
|
if (system_state == &DAT_00000001) {
|
|
local_68 = (undefined **)local_118;
|
|
memset(&uStack_c00,0,0x400);
|
|
if (download_filename == '\0') {
|
|
strcpy(&download_filename,"bakup.file");
|
|
}
|
|
FCGX_FPrintF(local_68,"Content-Disposition: attachment; filename=\"%s\"\r\n",
|
|
&download_filename);
|
|
FCGX_FPrintF(local_68,"Content-Type: application/x-targz\r\n");
|
|
FCGX_FPrintF(local_68,"Cache-Control: no-cache\r\n",&_mips_gp0_value);
|
|
FCGX_FPrintF(local_68,"Expires: 0\r\n",&_mips_gp0_value);
|
|
FCGX_FPrintF(local_68,"\r\n",&_mips_gp0_value);
|
|
local_54 = (char *)0x3;
|
|
while( true ) {
|
|
local_58 = (undefined **)0x448e80;
|
|
local_5c = (undefined **)open("/tmp/bakup.file",2);
|
|
if (local_5c != (undefined **)0xffffffff) break;
|
|
local_54 = local_54 + -1;
|
|
if (local_54 == (char *)0x0) goto LAB_00407956;
|
|
sleep(1);
|
|
}
|
|
ppuVar6 = (undefined **)&uStack_c00;
|
|
while( true ) {
|
|
memset(ppuVar6,0,0x400);
|
|
local_58 = (undefined **)&uStack_c00;
|
|
sVar9 = read((int)local_5c,local_58,0x3ff);
|
|
if (sVar9 < 1) break;
|
|
*(char *)((int)local_58 + sVar9) = '\0';
|
|
FCGX_PutStr(local_58,sVar9,local_68);
|
|
ppuVar6 = local_58;
|
|
}
|
|
LAB_00407956:
|
|
memset(&download_filename,0,0x100);
|
|
if (-1 < (int)local_5c) {
|
|
close((int)local_5c);
|
|
}
|
|
unlink("/tmp/bakup.file");
|
|
}
|
|
else {
|
|
if (*(char *)(cgi_func + 4) != '\0') break;
|
|
local_5c = (undefined **)blobmsg_format_json_with_cb(local_a8,1,0,0);
|
|
local_54 = "COMFAST_SESSIONID";
|
|
if ((int)system_state < 2) {
|
|
local_44 = local_118;
|
|
if (session_valid == 0) {
|
|
local_58 = (undefined **)0x44881c;
|
|
local_68 = (undefined **)0x448824;
|
|
}
|
|
else {
|
|
local_58 = (undefined **)&authenticated_COMFAST_session_id;
|
|
local_68 = (undefined **)0x448808;
|
|
}
|
|
strlen((char *)local_5c);
|
|
pcVar11 =
|
|
"Status: 200 OK\r\nSet-Cookie: %s=%s; %s\r\nContent-Length: %d\r\nContent-Type: application/json\r\n\r\n%s\r\n"
|
|
;
|
|
}
|
|
else {
|
|
local_44 = local_118;
|
|
if (session_valid == 0) {
|
|
local_58 = (undefined **)0x44881c;
|
|
local_68 = (undefined **)0x448824;
|
|
}
|
|
else {
|
|
local_58 = (undefined **)&authenticated_COMFAST_session_id;
|
|
local_68 = (undefined **)0x448808;
|
|
}
|
|
strlen((char *)local_5c);
|
|
pcVar11 =
|
|
"Status: 200 OK\r\nSet-Cookie: %s=%s; %s\r\nContent-Length: %d\r\nContent-Type: text/html\r\n\r\n%s\r\n"
|
|
;
|
|
}
|
|
FCGX_FPrintF(local_44,pcVar11,local_54,local_58);
|
|
free(local_5c);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
LAB_00406556:
|
|
blob_buf_free(&local_98);
|
|
blob_buf_free(&local_a8);
|
|
FCGX_Finish_r(apuStack_124);
|
|
iVar1 = config_action_get();
|
|
if (iVar1 != 0) {
|
|
apply_settings();
|
|
}
|
|
} while( true );
|
|
}
|
|
/* This is the end of the IF FCGI_OPEN_SOCKET() succeeded block */
|
|
local_34 = _stderr;
|
|
fprintf(_stderr,"[%s,%s,%d]: Fail to open fcgi socket, can not continue!","cgi_main.c",
|
|
"webcfg_main");
|
|
fputc(10,_stderr);
|
|
pcVar11 = "[%s,%s,%d]: Fail to open fcgi socket, can not continue!";
|
|
}
|
|
syslog(3,pcVar11 + 0xc,&_mips_gp0_value);
|
|
return 0xffffffff;
|
|
}
|
|
|