Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > File::Temp: opening the temp. file in "r+" mode? Also "man in the middle"

Reply
Thread Tools

File::Temp: opening the temp. file in "r+" mode? Also "man in the middle"

 
 
A. Farber
Guest
Posts: n/a
 
      03-02-2004
Hi,

I'm working at a CGI-script which would receive a 20 MB
big file via HTTP-upload, then change few bytes in it,
then calculate an MD5 hash over a region of that file
and save that value into the file as well.

At the moment I do the first task (change few bytes) like
this (the $flash is coming from the CGI.pm's filefield):

my ($fh, $filename) = tempfile(DIR => UPLOADDIR);

while (sysread $flash, $chunk, KEYSIZE) {
$both = $prev . $chunk;
if ($both =~ s/$SEARCH/$REPLACE/o) {
print $fh $both;
undef $prev;
} else {
print $fh $prev;
$prev = $chunk;
}
}
# don't forget to print the last line
print $fh $prev;

Now I need to calculate the MD5 value and store it
in the file. Is there a safe way to reuse the $fh ?
Maybe somehow by using:

open(FILEHANDLE, "<&=$fh")

? But how do I specify the mode above? I need "rb+"
so that I can store the MD5 hash into the temp.file.

Also do I really need the new temp.file or is there
a nice way to work with CGI.pm's temp files?

And also actually the whole task I'm trying to solve
is that the file is being sent by TCP-connection to
a daemon. I'm looking for a way to intercept that
connection and to insert the bytes and the MD5 hash
there (kind of "man in the middle attack", but it's
not an attack I could find the way to do it sofar,
that's why I stick with a CGI-script at the moment.

Regards
Alex
 
Reply With Quote
 
 
 
 
Ben Morrow
Guest
Posts: n/a
 
      03-02-2004

http://www.velocityreviews.com/forums/(E-Mail Removed) (A. Farber) wrote:
>
> I'm working at a CGI-script which would receive a 20 MB
> big file via HTTP-upload, then change few bytes in it,
> then calculate an MD5 hash over a region of that file
> and save that value into the file as well.
>
> At the moment I do the first task (change few bytes) like
> this (the $flash is coming from the CGI.pm's filefield):
>
> my ($fh, $filename) = tempfile(DIR => UPLOADDIR);
>
> while (sysread $flash, $chunk, KEYSIZE) {
> $both = $prev . $chunk;
> if ($both =~ s/$SEARCH/$REPLACE/o) {
> print $fh $both;
> undef $prev;
> } else {
> print $fh $prev;
> $prev = $chunk;
> }
> }
> # don't forget to print the last line
> print $fh $prev;
>
> Now I need to calculate the MD5 value and store it
> in the file. Is there a safe way to reuse the $fh ?
> Maybe somehow by using:
>
> open(FILEHANDLE, "<&=$fh")
>
> ? But how do I specify the mode above? I need "rb+"
> so that I can store the MD5 hash into the temp.file.


Why do you need to dup the filehandle at all? Why can't you just use
$fh?

Anyway, the answer is

open my $NEWFH, '+<&=', $fh;

or, pre-5.8,

open my $NEWFH, '+<&=' . fileno $fh;

> Also do I really need the new temp.file or is there
> a nice way to work with CGI.pm's temp files?


If the $SEARCH and $REPLACE are the same length then you can run through
the file and simply overwrite chunks that change with syswrite. If they
are not then you have to make a copy.

Ben

--
It will be seen that the Erwhonians are a meek and long-suffering people,
easily led by the nose, and quick to offer up common sense at the shrine of
logic, when a philosopher convinces them that their institutions are not based
on the strictest morality. [Samuel Butler, paraphrased] (E-Mail Removed)
 
Reply With Quote
 
 
 
 
A. Farber
Guest
Posts: n/a
 
      03-03-2004
Ben Morrow <(E-Mail Removed)> wrote in message news:<c22ka9$3en$(E-Mail Removed)>...
> (E-Mail Removed) (A. Farber) wrote:
> >
> > I'm working at a CGI-script which would receive a 20 MB
> > big file via HTTP-upload, then change few bytes in it,
> > then calculate an MD5 hash over a region of that file
> > and save that value into the file as well.


> If the $SEARCH and $REPLACE are the same length then you can run through
> the file and simply overwrite chunks that change with syswrite. If they
> are not then you have to make a copy.


Thank you, yes they are equal size. I haven't thought
about just running syswrite. What I still don't know though,
which buffer size to use while copying the uploaded file:

($fh, $filename) = tempfile(DIR => UPLOADDIR);

while (<$upload>) {
print $fh $_;
}

- is bad choice, because it's a binary file.
And if I use sysread/syswrite, then what $buffer
size should I use? Should I use PIPE_BUF?

while (sysread $upload, $buffer, $buf_size) {
die "syswrite failed: $!"
unless length $buffer == syswrite $fh, $buffer;
}
 
Reply With Quote
 
Ben Morrow
Guest
Posts: n/a
 
      03-03-2004

(E-Mail Removed) (A. Farber) wrote:
> Ben Morrow <(E-Mail Removed)> wrote in message news:<c22ka9$3en$(E-Mail Removed)>...
> > (E-Mail Removed) (A. Farber) wrote:
> > >
> > > I'm working at a CGI-script which would receive a 20 MB
> > > big file via HTTP-upload, then change few bytes in it,
> > > then calculate an MD5 hash over a region of that file
> > > and save that value into the file as well.

>
> > If the $SEARCH and $REPLACE are the same length then you can run through
> > the file and simply overwrite chunks that change with syswrite. If they
> > are not then you have to make a copy.

>
> Thank you, yes they are equal size. I haven't thought
> about just running syswrite. What I still don't know though,
> which buffer size to use while copying the uploaded file:
>
> ($fh, $filename) = tempfile(DIR => UPLOADDIR);
>
> while (<$upload>) {
> print $fh $_;
> }


Why are you copying it at all? Can you not simply edit the uploaded file
directly?

> - is bad choice, because it's a binary file.
> And if I use sysread/syswrite, then what $buffer
> size should I use? Should I use PIPE_BUF?


You can make <> read be chunks by setting it to, e.g., \4096. This is
better than using sys{read,write}, as perlio will use the right buffer
size for you.

> while (sysread $upload, $buffer, $buf_size) {
> die "syswrite failed: $!"
> unless length $buffer == syswrite $fh, $buffer;
> }


Ben

--
Musica Dei donum optimi, trahit homines, trahit deos. |
Musica truces molit animos, tristesque mentes erigit. | (E-Mail Removed)
Musica vel ipsas arbores et horridas movet feras. |
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Re: UPDATE: They didn't only pledge allegiance to Mex flag: anchor babies in TX *also* shouted "RAZA! RAZA!" in US school also tedorn44@hotmail.com Digital Photography 9 10-21-2006 11:12 AM
question about .h file and .cpp file,also compiler question key9 C++ 7 09-13-2006 06:45 PM
Anyone resolved links opening blank page? or box opening in Outlook 2000? S.Rodgers Firefox 13 12-16-2005 03:07 PM
Word file not opening from Adm -My recent docs but opening from file menu of Word Thaqalain Computer Support 0 06-30-2005 02:20 AM



Advertisments