Properly close connection contexts when downloading

author: Alexander M Pickering <alex@cogarr.net> 2024-11-21 12:12:33 -0600
committer: Alexander M Pickering <alex@cogarr.net> 2024-11-21 12:12:33 -0600
commit: 1764d1061bd0500cd3466d4e2c3678a855f0739b (patch)
tree: 0b62bfce9d95a1b7ef8429019f7c689b9365126d
parent: 224a19520d5112aaa44274ac5ab343c685fe6e69 (diff)
download: busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.tar.gz
busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.tar.bz2
busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.zip
1 files changed, 48 insertions, 17 deletions
diff --git a/libressl.patch b/libressl.patch
index 0406099..19a6b74 100644
--- a/libressl.patch
+++ b/libressl.patch
@@ -102,7 +102,7 @@ index 9f1dd67ec..60e1afe99 100644
 static void tls_xwrite(tls_state_t *tls, int len)
 {
 diff --git a/networking/wget.c b/networking/wget.c
-index 6a64836fb..e09c4bc7d 100644
+index 6a64836fb..b714d68b5 100644
 --- a/networking/wget.c
 +++ b/networking/wget.c
 @@ -1,4 +1,3 @@
@@ -110,7 +110,17 @@ index 6a64836fb..e09c4bc7d 100644
 /*
  * wget - retrieve a file using HTTP or FTP
  *
-@@ -460,6 +459,59 @@ static FILE *open_socket(len_and_sockaddr *lsa)
+@@ -271,6 +270,9 @@ struct globals {
+        int output_fd;
+        int log_fd;
+        int o_flags;
+#if ENABLE_FEATURE_WGET_OPENSSL
+       struct tls_config *tlscfg;
+#endif
+ #if ENABLE_FEATURE_WGET_TIMEOUT
+        unsigned timeout_seconds;
+        smallint die_if_timed_out;
+@@ -460,6 +462,59 @@ static FILE *open_socket(len_and_sockaddr *lsa)
        return fp;
 }
 
@@ -170,7 +180,7 @@ index 6a64836fb..e09c4bc7d 100644
 /* We balk at any control chars in other side's messages.
  * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs
  * and error messages.
-@@ -689,6 +741,7 @@ static void reset_beg_range_to_zero(void)
+@@ -689,6 +744,7 @@ static void reset_beg_range_to_zero(void)
 }
 
 #if ENABLE_FEATURE_WGET_OPENSSL
@@ -178,7 +188,7 @@ index 6a64836fb..e09c4bc7d 100644
 static int spawn_https_helper_openssl(const char *host, unsigned port)
 {
        char *allocated = NULL;
-@@ -698,7 +751,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -698,7 +754,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
        IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;)
 
        if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
@@ -187,7 +197,7 @@ index 6a64836fb..e09c4bc7d 100644
                bb_simple_perror_msg_and_die("socketpair");
 
        if (!strchr(host, ':'))
-@@ -709,18 +762,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -709,18 +765,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
        fflush_all();
        pid = xvfork();
        if (pid == 0) {
@@ -212,7 +222,7 @@ index 6a64836fb..e09c4bc7d 100644
                xmove_fd(2, 3);
                xopen("/dev/null", O_RDWR);
                memset(&argv, 0, sizeof(argv));
-@@ -729,18 +782,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -729,18 +785,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
                argv[2] = (char*)"-quiet";
                argv[3] = (char*)"-connect";
                argv[4] = (char*)host;
@@ -237,7 +247,7 @@ index 6a64836fb..e09c4bc7d 100644
                        *argp++ = (char*)"-verify";              //[7]
                        *argp++ = (char*)"100";                  //[8]
                        *argp++ = (char*)"-verify_return_error"; //[9]
-@@ -762,10 +815,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -762,10 +818,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
 # else
                bb_perror_msg_and_die("can't execute '%s'", argv[0]);
 # endif
@@ -250,7 +260,7 @@ index 6a64836fb..e09c4bc7d 100644
        free(servername);
        free(allocated);
        close(sp[1]);
-@@ -777,6 +830,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
+@@ -777,6 +833,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
 # endif
        return sp[0];
 }
@@ -258,7 +268,7 @@ index 6a64836fb..e09c4bc7d 100644
 #endif
 
 #if ENABLE_FEATURE_WGET_HTTPS
-@@ -1230,26 +1284,51 @@ static void download_one_url(const char *url)
+@@ -1230,26 +1287,45 @@ static void download_one_url(const char *url)
                /* Open socket to http(s) server */
 #if ENABLE_FEATURE_WGET_OPENSSL
                /* openssl (and maybe internal TLS) support is configured */
@@ -283,11 +293,7 @@ index 6a64836fb..e09c4bc7d 100644
 +                       ctx = tls_client();
 +                       if(ctx == NULL)
 +                               bb_error_msg_and_die("Out of memory 1");
-+                       config = tls_config_new();
+                       if(tls_configure(ctx,G.tlscfg) != 0)
-+                       if(config == NULL)
-+                               bb_error_msg_and_die("Out of memory 2");
-+                       pemmem = gather_certificates(config);
-+                       if(tls_configure(ctx,config) != 0)
 +                               bb_error_msg_and_die("Failed to configure client");
 +                       sfp = tmpfile();
 +                       if(sfp == NULL)
@@ -297,8 +303,6 @@ index 6a64836fb..e09c4bc7d 100644
 +                               bb_error_msg_and_die("Failed to open source tempfile %d: %s", errno, strerror(errno));
 +                       if(tls_connect(ctx, servername, NULL) != 0)
 +                               bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx));
-+                       free(pemmem);
-+                       tls_config_free(config);
 +                       free(allocated);
 +                       free(servername);
 +                       //sfp = fdopen(fd, "r+");
@@ -320,7 +324,7 @@ index 6a64836fb..e09c4bc7d 100644
  socket_opened:
 #elif ENABLE_FEATURE_WGET_HTTPS
                /* Only internal TLS support is configured */
-@@ -1353,7 +1432,39 @@ static void download_one_url(const char *url)
+@@ -1353,7 +1429,39 @@ static void download_one_url(const char *url)
                        shutdown(fileno(sfp), SHUT_WR);
                }
 #endif
@@ -361,6 +365,33 @@ index 6a64836fb..e09c4bc7d 100644
                /*
                 * Retrieve HTTP response line and check for "200" status code.
                 */
+@@ -1536,6 +1644,8 @@ However, in real world it was observed that some web servers
+                /* ftpcmd("QUIT", NULL, sfp); - why bother? */
+        }
+ #endif
+       if(ctx != NULL)
+               tls_close(ctx);
+        fclose(sfp);
+ 
+        free(server.allocated);
+@@ -1691,9 +1801,17 @@ IF_DESKTOP(      "no-parent\0"        No_argument       "\xf0")
+                }
+        }
+ 
+       G.tlscfg = tls_config_new();
+       if(config == NULL)
+               bb_error_msg_and_die("Out of memory 2");
+       char *pemmem = gather_certificates(G.tlscfg);
+
+        while (*argv)
+                download_one_url(*argv++);
+ 
+       free(pemmem);
+       tls_config_free(G.tlscfg);
+
+        if (G.output_fd >= 0)
+                xclose(G.output_fd);
+ 
 diff --git a/scripts/trylink b/scripts/trylink
 index 2456252a3..6186284f1 100755
 --- a/scripts/trylink
author	Alexander M Pickering <alex@cogarr.net>	2024-11-21 12:12:33 -0600
committer	Alexander M Pickering <alex@cogarr.net>	2024-11-21 12:12:33 -0600
commit	1764d1061bd0500cd3466d4e2c3678a855f0739b (patch)
tree	0b62bfce9d95a1b7ef8429019f7c689b9365126d
parent	224a19520d5112aaa44274ac5ab343c685fe6e69 (diff)
download	busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.tar.gz busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.tar.bz2 busybox-w32-packaging-1764d1061bd0500cd3466d4e2c3678a855f0739b.zip