diff options
author | Alexander M Pickering <alex@cogarr.net> | 2024-11-21 12:12:33 -0600 |
---|---|---|
committer | Alexander M Pickering <alex@cogarr.net> | 2024-11-21 12:12:33 -0600 |
commit | 1764d1061bd0500cd3466d4e2c3678a855f0739b (patch) | |
tree | 0b62bfce9d95a1b7ef8429019f7c689b9365126d | |
parent | 224a19520d5112aaa44274ac5ab343c685fe6e69 (diff) | |
download | busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.tar.gz busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.tar.bz2 busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.zip |
Properly close connection contexts when downloading
-rw-r--r-- | libressl.patch | 65 |
1 files changed, 48 insertions, 17 deletions
diff --git a/libressl.patch b/libressl.patch index 0406099..19a6b74 100644 --- a/libressl.patch +++ b/libressl.patch | |||
@@ -102,7 +102,7 @@ index 9f1dd67ec..60e1afe99 100644 | |||
102 | static void tls_xwrite(tls_state_t *tls, int len) | 102 | static void tls_xwrite(tls_state_t *tls, int len) |
103 | { | 103 | { |
104 | diff --git a/networking/wget.c b/networking/wget.c | 104 | diff --git a/networking/wget.c b/networking/wget.c |
105 | index 6a64836fb..e09c4bc7d 100644 | 105 | index 6a64836fb..b714d68b5 100644 |
106 | --- a/networking/wget.c | 106 | --- a/networking/wget.c |
107 | +++ b/networking/wget.c | 107 | +++ b/networking/wget.c |
108 | @@ -1,4 +1,3 @@ | 108 | @@ -1,4 +1,3 @@ |
@@ -110,7 +110,17 @@ index 6a64836fb..e09c4bc7d 100644 | |||
110 | /* | 110 | /* |
111 | * wget - retrieve a file using HTTP or FTP | 111 | * wget - retrieve a file using HTTP or FTP |
112 | * | 112 | * |
113 | @@ -460,6 +459,59 @@ static FILE *open_socket(len_and_sockaddr *lsa) | 113 | @@ -271,6 +270,9 @@ struct globals { |
114 | int output_fd; | ||
115 | int log_fd; | ||
116 | int o_flags; | ||
117 | +#if ENABLE_FEATURE_WGET_OPENSSL | ||
118 | + struct tls_config *tlscfg; | ||
119 | +#endif | ||
120 | #if ENABLE_FEATURE_WGET_TIMEOUT | ||
121 | unsigned timeout_seconds; | ||
122 | smallint die_if_timed_out; | ||
123 | @@ -460,6 +462,59 @@ static FILE *open_socket(len_and_sockaddr *lsa) | ||
114 | return fp; | 124 | return fp; |
115 | } | 125 | } |
116 | 126 | ||
@@ -170,7 +180,7 @@ index 6a64836fb..e09c4bc7d 100644 | |||
170 | /* We balk at any control chars in other side's messages. | 180 | /* We balk at any control chars in other side's messages. |
171 | * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs | 181 | * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs |
172 | * and error messages. | 182 | * and error messages. |
173 | @@ -689,6 +741,7 @@ static void reset_beg_range_to_zero(void) | 183 | @@ -689,6 +744,7 @@ static void reset_beg_range_to_zero(void) |
174 | } | 184 | } |
175 | 185 | ||
176 | #if ENABLE_FEATURE_WGET_OPENSSL | 186 | #if ENABLE_FEATURE_WGET_OPENSSL |
@@ -178,7 +188,7 @@ index 6a64836fb..e09c4bc7d 100644 | |||
178 | static int spawn_https_helper_openssl(const char *host, unsigned port) | 188 | static int spawn_https_helper_openssl(const char *host, unsigned port) |
179 | { | 189 | { |
180 | char *allocated = NULL; | 190 | char *allocated = NULL; |
181 | @@ -698,7 +751,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 191 | @@ -698,7 +754,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
182 | IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) | 192 | IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) |
183 | 193 | ||
184 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) | 194 | if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) |
@@ -187,7 +197,7 @@ index 6a64836fb..e09c4bc7d 100644 | |||
187 | bb_simple_perror_msg_and_die("socketpair"); | 197 | bb_simple_perror_msg_and_die("socketpair"); |
188 | 198 | ||
189 | if (!strchr(host, ':')) | 199 | if (!strchr(host, ':')) |
190 | @@ -709,18 +762,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 200 | @@ -709,18 +765,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
191 | fflush_all(); | 201 | fflush_all(); |
192 | pid = xvfork(); | 202 | pid = xvfork(); |
193 | if (pid == 0) { | 203 | if (pid == 0) { |
@@ -212,7 +222,7 @@ index 6a64836fb..e09c4bc7d 100644 | |||
212 | xmove_fd(2, 3); | 222 | xmove_fd(2, 3); |
213 | xopen("/dev/null", O_RDWR); | 223 | xopen("/dev/null", O_RDWR); |
214 | memset(&argv, 0, sizeof(argv)); | 224 | memset(&argv, 0, sizeof(argv)); |
215 | @@ -729,18 +782,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 225 | @@ -729,18 +785,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
216 | argv[2] = (char*)"-quiet"; | 226 | argv[2] = (char*)"-quiet"; |
217 | argv[3] = (char*)"-connect"; | 227 | argv[3] = (char*)"-connect"; |
218 | argv[4] = (char*)host; | 228 | argv[4] = (char*)host; |
@@ -237,7 +247,7 @@ index 6a64836fb..e09c4bc7d 100644 | |||
237 | *argp++ = (char*)"-verify"; //[7] | 247 | *argp++ = (char*)"-verify"; //[7] |
238 | *argp++ = (char*)"100"; //[8] | 248 | *argp++ = (char*)"100"; //[8] |
239 | *argp++ = (char*)"-verify_return_error"; //[9] | 249 | *argp++ = (char*)"-verify_return_error"; //[9] |
240 | @@ -762,10 +815,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 250 | @@ -762,10 +818,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
241 | # else | 251 | # else |
242 | bb_perror_msg_and_die("can't execute '%s'", argv[0]); | 252 | bb_perror_msg_and_die("can't execute '%s'", argv[0]); |
243 | # endif | 253 | # endif |
@@ -250,7 +260,7 @@ index 6a64836fb..e09c4bc7d 100644 | |||
250 | free(servername); | 260 | free(servername); |
251 | free(allocated); | 261 | free(allocated); |
252 | close(sp[1]); | 262 | close(sp[1]); |
253 | @@ -777,6 +830,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) | 263 | @@ -777,6 +833,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) |
254 | # endif | 264 | # endif |
255 | return sp[0]; | 265 | return sp[0]; |
256 | } | 266 | } |
@@ -258,7 +268,7 @@ index 6a64836fb..e09c4bc7d 100644 | |||
258 | #endif | 268 | #endif |
259 | 269 | ||
260 | #if ENABLE_FEATURE_WGET_HTTPS | 270 | #if ENABLE_FEATURE_WGET_HTTPS |
261 | @@ -1230,26 +1284,51 @@ static void download_one_url(const char *url) | 271 | @@ -1230,26 +1287,45 @@ static void download_one_url(const char *url) |
262 | /* Open socket to http(s) server */ | 272 | /* Open socket to http(s) server */ |
263 | #if ENABLE_FEATURE_WGET_OPENSSL | 273 | #if ENABLE_FEATURE_WGET_OPENSSL |
264 | /* openssl (and maybe internal TLS) support is configured */ | 274 | /* openssl (and maybe internal TLS) support is configured */ |
@@ -283,11 +293,7 @@ index 6a64836fb..e09c4bc7d 100644 | |||
283 | + ctx = tls_client(); | 293 | + ctx = tls_client(); |
284 | + if(ctx == NULL) | 294 | + if(ctx == NULL) |
285 | + bb_error_msg_and_die("Out of memory 1"); | 295 | + bb_error_msg_and_die("Out of memory 1"); |
286 | + config = tls_config_new(); | 296 | + if(tls_configure(ctx,G.tlscfg) != 0) |
287 | + if(config == NULL) | ||
288 | + bb_error_msg_and_die("Out of memory 2"); | ||
289 | + pemmem = gather_certificates(config); | ||
290 | + if(tls_configure(ctx,config) != 0) | ||
291 | + bb_error_msg_and_die("Failed to configure client"); | 297 | + bb_error_msg_and_die("Failed to configure client"); |
292 | + sfp = tmpfile(); | 298 | + sfp = tmpfile(); |
293 | + if(sfp == NULL) | 299 | + if(sfp == NULL) |
@@ -297,8 +303,6 @@ index 6a64836fb..e09c4bc7d 100644 | |||
297 | + bb_error_msg_and_die("Failed to open source tempfile %d: %s", errno, strerror(errno)); | 303 | + bb_error_msg_and_die("Failed to open source tempfile %d: %s", errno, strerror(errno)); |
298 | + if(tls_connect(ctx, servername, NULL) != 0) | 304 | + if(tls_connect(ctx, servername, NULL) != 0) |
299 | + bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx)); | 305 | + bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx)); |
300 | + free(pemmem); | ||
301 | + tls_config_free(config); | ||
302 | + free(allocated); | 306 | + free(allocated); |
303 | + free(servername); | 307 | + free(servername); |
304 | + //sfp = fdopen(fd, "r+"); | 308 | + //sfp = fdopen(fd, "r+"); |
@@ -320,7 +324,7 @@ index 6a64836fb..e09c4bc7d 100644 | |||
320 | socket_opened: | 324 | socket_opened: |
321 | #elif ENABLE_FEATURE_WGET_HTTPS | 325 | #elif ENABLE_FEATURE_WGET_HTTPS |
322 | /* Only internal TLS support is configured */ | 326 | /* Only internal TLS support is configured */ |
323 | @@ -1353,7 +1432,39 @@ static void download_one_url(const char *url) | 327 | @@ -1353,7 +1429,39 @@ static void download_one_url(const char *url) |
324 | shutdown(fileno(sfp), SHUT_WR); | 328 | shutdown(fileno(sfp), SHUT_WR); |
325 | } | 329 | } |
326 | #endif | 330 | #endif |
@@ -361,6 +365,33 @@ index 6a64836fb..e09c4bc7d 100644 | |||
361 | /* | 365 | /* |
362 | * Retrieve HTTP response line and check for "200" status code. | 366 | * Retrieve HTTP response line and check for "200" status code. |
363 | */ | 367 | */ |
368 | @@ -1536,6 +1644,8 @@ However, in real world it was observed that some web servers | ||
369 | /* ftpcmd("QUIT", NULL, sfp); - why bother? */ | ||
370 | } | ||
371 | #endif | ||
372 | + if(ctx != NULL) | ||
373 | + tls_close(ctx); | ||
374 | fclose(sfp); | ||
375 | |||
376 | free(server.allocated); | ||
377 | @@ -1691,9 +1801,17 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") | ||
378 | } | ||
379 | } | ||
380 | |||
381 | + G.tlscfg = tls_config_new(); | ||
382 | + if(config == NULL) | ||
383 | + bb_error_msg_and_die("Out of memory 2"); | ||
384 | + char *pemmem = gather_certificates(G.tlscfg); | ||
385 | + | ||
386 | while (*argv) | ||
387 | download_one_url(*argv++); | ||
388 | |||
389 | + free(pemmem); | ||
390 | + tls_config_free(G.tlscfg); | ||
391 | + | ||
392 | if (G.output_fd >= 0) | ||
393 | xclose(G.output_fd); | ||
394 | |||
364 | diff --git a/scripts/trylink b/scripts/trylink | 395 | diff --git a/scripts/trylink b/scripts/trylink |
365 | index 2456252a3..6186284f1 100755 | 396 | index 2456252a3..6186284f1 100755 |
366 | --- a/scripts/trylink | 397 | --- a/scripts/trylink |