summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander M Pickering <alex@cogarr.net>2024-11-21 12:12:33 -0600
committerAlexander M Pickering <alex@cogarr.net>2024-11-21 12:12:33 -0600
commit1764d1061bd0500cd3466d4e2c3678a855f0739b (patch)
tree0b62bfce9d95a1b7ef8429019f7c689b9365126d
parent224a19520d5112aaa44274ac5ab343c685fe6e69 (diff)
downloadbusybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.tar.gz
busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.tar.bz2
busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.zip
Properly close connection contexts when downloading
-rw-r--r--libressl.patch65
1 files changed, 48 insertions, 17 deletions
diff --git a/libressl.patch b/libressl.patch
index 0406099..19a6b74 100644
--- a/libressl.patch
+++ b/libressl.patch
@@ -102,7 +102,7 @@ index 9f1dd67ec..60e1afe99 100644
102 static void tls_xwrite(tls_state_t *tls, int len) 102 static void tls_xwrite(tls_state_t *tls, int len)
103 { 103 {
104diff --git a/networking/wget.c b/networking/wget.c 104diff --git a/networking/wget.c b/networking/wget.c
105index 6a64836fb..e09c4bc7d 100644 105index 6a64836fb..b714d68b5 100644
106--- a/networking/wget.c 106--- a/networking/wget.c
107+++ b/networking/wget.c 107+++ b/networking/wget.c
108@@ -1,4 +1,3 @@ 108@@ -1,4 +1,3 @@
@@ -110,7 +110,17 @@ index 6a64836fb..e09c4bc7d 100644
110 /* 110 /*
111 * wget - retrieve a file using HTTP or FTP 111 * wget - retrieve a file using HTTP or FTP
112 * 112 *
113@@ -460,6 +459,59 @@ static FILE *open_socket(len_and_sockaddr *lsa) 113@@ -271,6 +270,9 @@ struct globals {
114 int output_fd;
115 int log_fd;
116 int o_flags;
117+#if ENABLE_FEATURE_WGET_OPENSSL
118+ struct tls_config *tlscfg;
119+#endif
120 #if ENABLE_FEATURE_WGET_TIMEOUT
121 unsigned timeout_seconds;
122 smallint die_if_timed_out;
123@@ -460,6 +462,59 @@ static FILE *open_socket(len_and_sockaddr *lsa)
114 return fp; 124 return fp;
115 } 125 }
116 126
@@ -170,7 +180,7 @@ index 6a64836fb..e09c4bc7d 100644
170 /* We balk at any control chars in other side's messages. 180 /* We balk at any control chars in other side's messages.
171 * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs 181 * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs
172 * and error messages. 182 * and error messages.
173@@ -689,6 +741,7 @@ static void reset_beg_range_to_zero(void) 183@@ -689,6 +744,7 @@ static void reset_beg_range_to_zero(void)
174 } 184 }
175 185
176 #if ENABLE_FEATURE_WGET_OPENSSL 186 #if ENABLE_FEATURE_WGET_OPENSSL
@@ -178,7 +188,7 @@ index 6a64836fb..e09c4bc7d 100644
178 static int spawn_https_helper_openssl(const char *host, unsigned port) 188 static int spawn_https_helper_openssl(const char *host, unsigned port)
179 { 189 {
180 char *allocated = NULL; 190 char *allocated = NULL;
181@@ -698,7 +751,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 191@@ -698,7 +754,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
182 IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) 192 IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;)
183 193
184 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) 194 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
@@ -187,7 +197,7 @@ index 6a64836fb..e09c4bc7d 100644
187 bb_simple_perror_msg_and_die("socketpair"); 197 bb_simple_perror_msg_and_die("socketpair");
188 198
189 if (!strchr(host, ':')) 199 if (!strchr(host, ':'))
190@@ -709,18 +762,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 200@@ -709,18 +765,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
191 fflush_all(); 201 fflush_all();
192 pid = xvfork(); 202 pid = xvfork();
193 if (pid == 0) { 203 if (pid == 0) {
@@ -212,7 +222,7 @@ index 6a64836fb..e09c4bc7d 100644
212 xmove_fd(2, 3); 222 xmove_fd(2, 3);
213 xopen("/dev/null", O_RDWR); 223 xopen("/dev/null", O_RDWR);
214 memset(&argv, 0, sizeof(argv)); 224 memset(&argv, 0, sizeof(argv));
215@@ -729,18 +782,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 225@@ -729,18 +785,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
216 argv[2] = (char*)"-quiet"; 226 argv[2] = (char*)"-quiet";
217 argv[3] = (char*)"-connect"; 227 argv[3] = (char*)"-connect";
218 argv[4] = (char*)host; 228 argv[4] = (char*)host;
@@ -237,7 +247,7 @@ index 6a64836fb..e09c4bc7d 100644
237 *argp++ = (char*)"-verify"; //[7] 247 *argp++ = (char*)"-verify"; //[7]
238 *argp++ = (char*)"100"; //[8] 248 *argp++ = (char*)"100"; //[8]
239 *argp++ = (char*)"-verify_return_error"; //[9] 249 *argp++ = (char*)"-verify_return_error"; //[9]
240@@ -762,10 +815,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 250@@ -762,10 +818,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
241 # else 251 # else
242 bb_perror_msg_and_die("can't execute '%s'", argv[0]); 252 bb_perror_msg_and_die("can't execute '%s'", argv[0]);
243 # endif 253 # endif
@@ -250,7 +260,7 @@ index 6a64836fb..e09c4bc7d 100644
250 free(servername); 260 free(servername);
251 free(allocated); 261 free(allocated);
252 close(sp[1]); 262 close(sp[1]);
253@@ -777,6 +830,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 263@@ -777,6 +833,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
254 # endif 264 # endif
255 return sp[0]; 265 return sp[0];
256 } 266 }
@@ -258,7 +268,7 @@ index 6a64836fb..e09c4bc7d 100644
258 #endif 268 #endif
259 269
260 #if ENABLE_FEATURE_WGET_HTTPS 270 #if ENABLE_FEATURE_WGET_HTTPS
261@@ -1230,26 +1284,51 @@ static void download_one_url(const char *url) 271@@ -1230,26 +1287,45 @@ static void download_one_url(const char *url)
262 /* Open socket to http(s) server */ 272 /* Open socket to http(s) server */
263 #if ENABLE_FEATURE_WGET_OPENSSL 273 #if ENABLE_FEATURE_WGET_OPENSSL
264 /* openssl (and maybe internal TLS) support is configured */ 274 /* openssl (and maybe internal TLS) support is configured */
@@ -283,11 +293,7 @@ index 6a64836fb..e09c4bc7d 100644
283+ ctx = tls_client(); 293+ ctx = tls_client();
284+ if(ctx == NULL) 294+ if(ctx == NULL)
285+ bb_error_msg_and_die("Out of memory 1"); 295+ bb_error_msg_and_die("Out of memory 1");
286+ config = tls_config_new(); 296+ if(tls_configure(ctx,G.tlscfg) != 0)
287+ if(config == NULL)
288+ bb_error_msg_and_die("Out of memory 2");
289+ pemmem = gather_certificates(config);
290+ if(tls_configure(ctx,config) != 0)
291+ bb_error_msg_and_die("Failed to configure client"); 297+ bb_error_msg_and_die("Failed to configure client");
292+ sfp = tmpfile(); 298+ sfp = tmpfile();
293+ if(sfp == NULL) 299+ if(sfp == NULL)
@@ -297,8 +303,6 @@ index 6a64836fb..e09c4bc7d 100644
297+ bb_error_msg_and_die("Failed to open source tempfile %d: %s", errno, strerror(errno)); 303+ bb_error_msg_and_die("Failed to open source tempfile %d: %s", errno, strerror(errno));
298+ if(tls_connect(ctx, servername, NULL) != 0) 304+ if(tls_connect(ctx, servername, NULL) != 0)
299+ bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx)); 305+ bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx));
300+ free(pemmem);
301+ tls_config_free(config);
302+ free(allocated); 306+ free(allocated);
303+ free(servername); 307+ free(servername);
304+ //sfp = fdopen(fd, "r+"); 308+ //sfp = fdopen(fd, "r+");
@@ -320,7 +324,7 @@ index 6a64836fb..e09c4bc7d 100644
320 socket_opened: 324 socket_opened:
321 #elif ENABLE_FEATURE_WGET_HTTPS 325 #elif ENABLE_FEATURE_WGET_HTTPS
322 /* Only internal TLS support is configured */ 326 /* Only internal TLS support is configured */
323@@ -1353,7 +1432,39 @@ static void download_one_url(const char *url) 327@@ -1353,7 +1429,39 @@ static void download_one_url(const char *url)
324 shutdown(fileno(sfp), SHUT_WR); 328 shutdown(fileno(sfp), SHUT_WR);
325 } 329 }
326 #endif 330 #endif
@@ -361,6 +365,33 @@ index 6a64836fb..e09c4bc7d 100644
361 /* 365 /*
362 * Retrieve HTTP response line and check for "200" status code. 366 * Retrieve HTTP response line and check for "200" status code.
363 */ 367 */
368@@ -1536,6 +1644,8 @@ However, in real world it was observed that some web servers
369 /* ftpcmd("QUIT", NULL, sfp); - why bother? */
370 }
371 #endif
372+ if(ctx != NULL)
373+ tls_close(ctx);
374 fclose(sfp);
375
376 free(server.allocated);
377@@ -1691,9 +1801,17 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
378 }
379 }
380
381+ G.tlscfg = tls_config_new();
382+ if(config == NULL)
383+ bb_error_msg_and_die("Out of memory 2");
384+ char *pemmem = gather_certificates(G.tlscfg);
385+
386 while (*argv)
387 download_one_url(*argv++);
388
389+ free(pemmem);
390+ tls_config_free(G.tlscfg);
391+
392 if (G.output_fd >= 0)
393 xclose(G.output_fd);
394
364diff --git a/scripts/trylink b/scripts/trylink 395diff --git a/scripts/trylink b/scripts/trylink
365index 2456252a3..6186284f1 100755 396index 2456252a3..6186284f1 100755
366--- a/scripts/trylink 397--- a/scripts/trylink