summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander M Pickering <alex@cogarr.net>2024-11-22 12:38:38 -0600
committerAlexander M Pickering <alex@cogarr.net>2024-11-22 12:38:38 -0600
commit46ed78ee83dc5f26d13ae77ceafd9951cf33b38c (patch)
tree42846f50333cdd908997db9b86afd913cf740c3c
parentd7ede5ff6b9454a819a89aa05d7fe49a5e21549b (diff)
downloadbusybox-w32-packaging-46ed78ee83dc5f26d13ae77ceafd9951cf33b38c.tar.gz
busybox-w32-packaging-46ed78ee83dc5f26d13ae77ceafd9951cf33b38c.tar.bz2
busybox-w32-packaging-46ed78ee83dc5f26d13ae77ceafd9951cf33b38c.zip
Fix tempfiles
Change tempfile to use window's tmpname(), originally tempfiles were made in the root of the directory, causing permission denied for non-admin users (e.g. when installing a rock in user-local tree).
-rw-r--r--libressl.patch146
1 files changed, 71 insertions, 75 deletions
diff --git a/libressl.patch b/libressl.patch
index 4602a27..e46d190 100644
--- a/libressl.patch
+++ b/libressl.patch
@@ -102,7 +102,7 @@ index 9f1dd67ec..60e1afe99 100644
102 static void tls_xwrite(tls_state_t *tls, int len) 102 static void tls_xwrite(tls_state_t *tls, int len)
103 { 103 {
104diff --git a/networking/wget.c b/networking/wget.c 104diff --git a/networking/wget.c b/networking/wget.c
105index 6a64836fb..40e1f0ad4 100644 105index 6a64836fb..2f3ff4017 100644
106--- a/networking/wget.c 106--- a/networking/wget.c
107+++ b/networking/wget.c 107+++ b/networking/wget.c
108@@ -1,4 +1,3 @@ 108@@ -1,4 +1,3 @@
@@ -120,7 +120,7 @@ index 6a64836fb..40e1f0ad4 100644
120 #if ENABLE_FEATURE_WGET_TIMEOUT 120 #if ENABLE_FEATURE_WGET_TIMEOUT
121 unsigned timeout_seconds; 121 unsigned timeout_seconds;
122 smallint die_if_timed_out; 122 smallint die_if_timed_out;
123@@ -460,6 +462,79 @@ static FILE *open_socket(len_and_sockaddr *lsa) 123@@ -460,6 +462,61 @@ static FILE *open_socket(len_and_sockaddr *lsa)
124 return fp; 124 return fp;
125 } 125 }
126 126
@@ -134,73 +134,55 @@ index 6a64836fb..40e1f0ad4 100644
134+#include <windows.h> 134+#include <windows.h>
135+#include <fileapi.h> 135+#include <fileapi.h>
136+#include <openssl/bio.h> 136+#include <openssl/bio.h>
137+char* gather_certificates(struct tls_config *cfg) 137+BIO* gather_certificates(struct tls_config *cfg);
138+BIO* gather_certificates(struct tls_config *cfg)
138+{ 139+{
139+ BIO *pemfile = BIO_new(BIO_s_mem()); 140+ SSL_library_init();
140+ /* 141+ SSL_load_error_strings();
141+ FILE *pemfile; 142+ BIO *pemfile;
142+ pemfile = tmpfile();
143+ char *tmpfilename = tmpnam(NULL);
144+ if(tmpfilename == NULL)
145+ bb_error_msg_and_die("Failed to get a temp file name.");
146+ printf("Useing tmpfile %s\n",tmpfilename);
147+ pemfile = fopen(tmpfilename, "w+");
148+ */
149+ if(pemfile == NULL)
150+ bb_error_msg_and_die("Failed to open pem tempfile: %s", strerror(errno));
151+ HCERTSTORE dstore; 143+ HCERTSTORE dstore;
144+ PCCERT_CONTEXT ctx;
145+ char *pemmem;
146+ long data_size;
147+
148+ pemfile = BIO_new(BIO_s_mem());
152+ dstore = CertOpenSystemStore(0,"ROOT"); 149+ dstore = CertOpenSystemStore(0,"ROOT");
153+ if(dstore == NULL) 150+ if(dstore == NULL)
154+ bb_error_msg_and_die("Failed to open system store: %s", GetLastError()); 151+ bb_error_msg_and_die("Failed to open system store");
155+ size_t numcerts;
156+ if(!dstore) 152+ if(!dstore)
157+ bb_error_msg_and_die("Error opening 'CA' cert store"); 153+ bb_error_msg_and_die("Error opening 'CA' cert store");
158+ PCCERT_CONTEXT ctx = NULL; 154+ ctx = NULL;
159+ size_t certs_len;
160+ for(;;) 155+ for(;;)
161+ { 156+ {
157+ char *dcert;
158+ size_t dcert_len;
159+ X509 *x509cert;
160+
162+ ctx = CertEnumCertificatesInStore(dstore,ctx); 161+ ctx = CertEnumCertificatesInStore(dstore,ctx);
163+ if(!ctx) 162+ if(!ctx)
164+ break; 163+ break;
165+ char *dcert = ctx->pbCertEncoded; 164+ dcert = ctx->pbCertEncoded;
166+ size_t dcert_len = ctx->cbCertEncoded; 165+ dcert_len = ctx->cbCertEncoded;
167+ X509 *x509cert;
168+ x509cert = d2i_X509(NULL,&dcert,dcert_len); 166+ x509cert = d2i_X509(NULL,&dcert,dcert_len);
169+ if(x509cert == NULL) 167+ if(x509cert == NULL)
170+ bb_error_msg_and_die("Failed to convert dcert to x509"); 168+ bb_error_msg_and_die("Failed to convert dcert to x509");
171+ if(x509cert == NULL) 169+ if(x509cert == NULL)
172+ bb_error_msg_and_die("Failed to convert cert"); 170+ bb_error_msg_and_die("Failed to convert cert");
173+ //if(!PEM_write_X509(pemfile, x509cert))
174+ if(!PEM_write_bio_X509(pemfile, x509cert)) 171+ if(!PEM_write_bio_X509(pemfile, x509cert))
175+ bb_error_msg_and_die("Failed to write cert"); 172+ bb_error_msg_and_die("Failed to write cert");
176+ X509_free(x509cert); 173+ X509_free(x509cert);
177+ } 174+ }
178+ CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG); 175+ CertCloseStore(dstore, CERT_CLOSE_STORE_CHECK_FLAG);
179+ //size_t pemsize = ftell(pemfile); 176+ data_size = BIO_get_mem_data(pemfile, &pemmem);
180+ size_t pemsize = BIO_tell(pemfile); 177+ tls_config_set_ca_mem(cfg, pemmem, data_size);
181+ char *pemmem = (char*)malloc(pemsize); 178+ return pemfile;
182+ if(pemmem == NULL)
183+ bb_error_msg_and_die("out of memory");
184+ //rewind(pemfile);
185+ BIO_seek(pemfile, 0);
186+ if(BIO_read(pemfile, pemmem, pemsize) == 0)
187+ bb_error_msg_and_die("Failed to read ssl bio in memory file");
188+ /*
189+ if(fread(pemmem, sizeof(char), pemsize, pemfile) != pemsize)
190+ bb_error_msg_and_die("Failed to read temp ca pem file");
191+ */
192+ tls_config_set_ca_mem(cfg, pemmem, pemsize);
193+ //fclose(pemfile);
194+ BIO_free(pemfile);
195+ //DeleteFileA(tmpfilename);
196+ return pemmem;
197+} 179+}
198+#endif 180+#endif
199+ 181+
200 /* We balk at any control chars in other side's messages. 182 /* We balk at any control chars in other side's messages.
201 * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs 183 * This prevents nasty surprises (e.g. ESC sequences) in "Location:" URLs
202 * and error messages. 184 * and error messages.
203@@ -689,6 +764,7 @@ static void reset_beg_range_to_zero(void) 185@@ -689,6 +746,7 @@ static void reset_beg_range_to_zero(void)
204 } 186 }
205 187
206 #if ENABLE_FEATURE_WGET_OPENSSL 188 #if ENABLE_FEATURE_WGET_OPENSSL
@@ -208,7 +190,7 @@ index 6a64836fb..40e1f0ad4 100644
208 static int spawn_https_helper_openssl(const char *host, unsigned port) 190 static int spawn_https_helper_openssl(const char *host, unsigned port)
209 { 191 {
210 char *allocated = NULL; 192 char *allocated = NULL;
211@@ -698,7 +774,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 193@@ -698,7 +756,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
212 IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;) 194 IF_FEATURE_WGET_HTTPS(volatile int child_failed = 0;)
213 195
214 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0) 196 if (socketpair(AF_UNIX, SOCK_STREAM, 0, sp) != 0)
@@ -217,7 +199,7 @@ index 6a64836fb..40e1f0ad4 100644
217 bb_simple_perror_msg_and_die("socketpair"); 199 bb_simple_perror_msg_and_die("socketpair");
218 200
219 if (!strchr(host, ':')) 201 if (!strchr(host, ':'))
220@@ -709,18 +785,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 202@@ -709,18 +767,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
221 fflush_all(); 203 fflush_all();
222 pid = xvfork(); 204 pid = xvfork();
223 if (pid == 0) { 205 if (pid == 0) {
@@ -242,7 +224,7 @@ index 6a64836fb..40e1f0ad4 100644
242 xmove_fd(2, 3); 224 xmove_fd(2, 3);
243 xopen("/dev/null", O_RDWR); 225 xopen("/dev/null", O_RDWR);
244 memset(&argv, 0, sizeof(argv)); 226 memset(&argv, 0, sizeof(argv));
245@@ -729,18 +805,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 227@@ -729,18 +787,18 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
246 argv[2] = (char*)"-quiet"; 228 argv[2] = (char*)"-quiet";
247 argv[3] = (char*)"-connect"; 229 argv[3] = (char*)"-connect";
248 argv[4] = (char*)host; 230 argv[4] = (char*)host;
@@ -267,7 +249,7 @@ index 6a64836fb..40e1f0ad4 100644
267 *argp++ = (char*)"-verify"; //[7] 249 *argp++ = (char*)"-verify"; //[7]
268 *argp++ = (char*)"100"; //[8] 250 *argp++ = (char*)"100"; //[8]
269 *argp++ = (char*)"-verify_return_error"; //[9] 251 *argp++ = (char*)"-verify_return_error"; //[9]
270@@ -762,10 +838,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 252@@ -762,10 +820,10 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
271 # else 253 # else
272 bb_perror_msg_and_die("can't execute '%s'", argv[0]); 254 bb_perror_msg_and_die("can't execute '%s'", argv[0]);
273 # endif 255 # endif
@@ -280,7 +262,7 @@ index 6a64836fb..40e1f0ad4 100644
280 free(servername); 262 free(servername);
281 free(allocated); 263 free(allocated);
282 close(sp[1]); 264 close(sp[1]);
283@@ -777,6 +853,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port) 265@@ -777,6 +835,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
284 # endif 266 # endif
285 return sp[0]; 267 return sp[0];
286 } 268 }
@@ -288,7 +270,15 @@ index 6a64836fb..40e1f0ad4 100644
288 #endif 270 #endif
289 271
290 #if ENABLE_FEATURE_WGET_HTTPS 272 #if ENABLE_FEATURE_WGET_HTTPS
291@@ -1151,6 +1228,9 @@ static void download_one_url(const char *url) 273@@ -1139,6 +1198,7 @@ static void download_one_url(const char *url)
274 bool use_proxy; /* Use proxies if env vars are set */
275 int redir_limit;
276 len_and_sockaddr *lsa;
277+ char *sfp_name, *dfp_name;
278 FILE *sfp; /* socket to web/ftp server */
279 FILE *dfp; /* socket to ftp server (data) */
280 char *fname_out_alloc;
281@@ -1151,6 +1211,9 @@ static void download_one_url(const char *url)
292 server.user = NULL; 282 server.user = NULL;
293 target.user = NULL; 283 target.user = NULL;
294 284
@@ -298,19 +288,17 @@ index 6a64836fb..40e1f0ad4 100644
298 parse_url(url, &target); 288 parse_url(url, &target);
299 289
300 /* Use the proxy if necessary */ 290 /* Use the proxy if necessary */
301@@ -1234,22 +1314,41 @@ static void download_one_url(const char *url) 291@@ -1234,22 +1297,38 @@ static void download_one_url(const char *url)
302 /* openssl-based helper 292 /* openssl-based helper
303 * Inconvenient API since we can't give it an open fd 293 * Inconvenient API since we can't give it an open fd
304 */ 294 */
305- int fd = spawn_https_helper_openssl(server.host, server.port); 295- int fd = spawn_https_helper_openssl(server.host, server.port);
306+ //int fd = spawn_https_helper_openssl(server.host, server.port);
307 # if ENABLE_FEATURE_WGET_HTTPS 296 # if ENABLE_FEATURE_WGET_HTTPS
308- if (fd < 0) { /* no openssl? try internal */ 297- if (fd < 0) { /* no openssl? try internal */
309- sfp = open_socket(lsa); 298- sfp = open_socket(lsa);
310- spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0); 299- spawn_ssl_client(server.host, fileno(sfp), /*flags*/ 0);
311- goto socket_opened; 300- goto socket_opened;
312- } 301- }
313+ printf("Into section where we config everything\n");
314+ char *allocated, *servername, *host; 302+ char *allocated, *servername, *host;
315+ if(!strchr(server.host, ':')) 303+ if(!strchr(server.host, ':'))
316+ host = allocated = xasprintf("%s:%u", server.host, server.port); 304+ host = allocated = xasprintf("%s:%u", server.host, server.port);
@@ -320,29 +308,28 @@ index 6a64836fb..40e1f0ad4 100644
320+ bb_error_msg_and_die("Out of memory 1"); 308+ bb_error_msg_and_die("Out of memory 1");
321+ if(tls_configure(ctx,G.tlscfg) != 0) 309+ if(tls_configure(ctx,G.tlscfg) != 0)
322+ bb_error_msg_and_die("Failed to configure client"); 310+ bb_error_msg_and_die("Failed to configure client");
323+ sfp = tmpfile(); 311+ sfp_name = _tempnam(NULL,"l4w");
312+ if(sfp_name == NULL)
313+ bb_error_msg_and_die("Failed to generate tmpfile name for sfp");
314+ sfp = fopen(sfp_name, "w+");
324+ if(sfp == NULL) 315+ if(sfp == NULL)
325+ bb_error_msg_and_die("Failed to open source tempfile %d: %s", errno, strerror(errno)); 316+ bb_error_msg_and_die("Failed to open source tempfile %d: %s", errno, strerror(errno));
326+ dfp = tmpfile(); 317+ dfp_name = _tempnam(NULL,"l4w");
318+ if(dfp_name == NULL)
319+ bb_error_msg_and_die("Failed to generate tmpfile name for dfp");
320+ dfp = fopen(dfp_name, "w+");
327+ if(dfp == NULL) 321+ if(dfp == NULL)
328+ bb_error_msg_and_die("Failed to open source tempfile %d: %s", errno, strerror(errno)); 322+ bb_error_msg_and_die("Failed to open source tempfile %d: %s", errno, strerror(errno));
329+ if(tls_connect(ctx, servername, NULL) != 0) 323+ if(tls_connect(ctx, servername, NULL) != 0)
330+ bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx)); 324+ bb_error_msg_and_die("Failed to connect: %s", tls_error(ctx));
331+ free(allocated); 325+ free(allocated);
332+ free(servername); 326+ free(servername);
333+ //sfp = fdopen(fd, "r+");
334+ if (!sfp)
335+ bb_error_msg_and_die("Error opening fd: %s",strerror(errno));
336 # else 327 # else
337 /* We don't check for exec("openssl") failure in this case */ 328 /* We don't check for exec("openssl") failure in this case */
338 # endif 329 # endif
339- sfp = fdopen(fd, "r+"); 330- sfp = fdopen(fd, "r+");
340- if (!sfp) 331- if (!sfp)
341- bb_die_memory_exhausted(); 332- bb_die_memory_exhausted();
342+ //sfp = fdopen(fd, "r+");
343+ //if (!sfp)
344+ // bb_die_memory_exhausted();
345+ printf("Got socket!\n");
346 goto socket_opened; 333 goto socket_opened;
347 } 334 }
348- sfp = open_socket(lsa); 335- sfp = open_socket(lsa);
@@ -350,13 +337,12 @@ index 6a64836fb..40e1f0ad4 100644
350 socket_opened: 337 socket_opened:
351 #elif ENABLE_FEATURE_WGET_HTTPS 338 #elif ENABLE_FEATURE_WGET_HTTPS
352 /* Only internal TLS support is configured */ 339 /* Only internal TLS support is configured */
353@@ -1353,7 +1452,41 @@ static void download_one_url(const char *url) 340@@ -1353,7 +1432,42 @@ static void download_one_url(const char *url)
354 shutdown(fileno(sfp), SHUT_WR); 341 shutdown(fileno(sfp), SHUT_WR);
355 } 342 }
356 #endif 343 #endif
357- 344-
358+ //How much data did we actually get? 345+ //How much data did we actually get?
359+ printf("Got to in/out exchange\n");
360+ size_t wlen, bufsize; 346+ size_t wlen, bufsize;
361+ wlen = ftell(sfp); 347+ wlen = ftell(sfp);
362+ if(wlen < 0) 348+ if(wlen < 0)
@@ -388,48 +374,58 @@ index 6a64836fb..40e1f0ad4 100644
388+ if(len == -1) 374+ if(len == -1)
389+ bb_error_msg_and_die("tls read error: %s", tls_error(ctx)); 375+ bb_error_msg_and_die("tls read error: %s", tls_error(ctx));
390+ rewind(dfp); 376+ rewind(dfp);
377+ fclose(sfp);
378+ DeleteFile(sfp_name);
379+ free(sfp_name);
391+ sfp = dfp; 380+ sfp = dfp;
392+ printf("finished in/out exchange\n");
393 /* 381 /*
394 * Retrieve HTTP response line and check for "200" status code. 382 * Retrieve HTTP response line and check for "200" status code.
395 */ 383 */
396@@ -1536,6 +1669,10 @@ However, in real world it was observed that some web servers 384@@ -1475,6 +1589,11 @@ However, in real world it was observed that some web servers
385 if (--redir_limit == 0)
386 bb_simple_error_msg_and_die("too many redirections");
387 fclose(sfp);
388+ fclose(dfp);
389+ DeleteFile(sfp_name);
390+ DeleteFile(dfp_name);
391+ free(sfp_name);
392+ free(dfp_name);
393 if (str[0] == '/') {
394 free(redirected_path);
395 target.path = redirected_path = xstrdup(str + 1);
396@@ -1536,7 +1655,11 @@ However, in real world it was observed that some web servers
397 /* ftpcmd("QUIT", NULL, sfp); - why bother? */ 397 /* ftpcmd("QUIT", NULL, sfp); - why bother? */
398 } 398 }
399 #endif 399 #endif
400+ printf("About to clean up connection\n");
401+ if(ctx != NULL) 400+ if(ctx != NULL)
402+ tls_close(ctx); 401+ tls_close(ctx);
403+ printf("Cleaned up connection\n");
404 fclose(sfp); 402 fclose(sfp);
403+ DeleteFile(dfp_name);
404+ free(dfp_name);
405 405
406 free(server.allocated); 406 free(server.allocated);
407@@ -1690,9 +1827,18 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") 407 free(target.allocated);
408@@ -1690,9 +1813,14 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
408 xdup2(G.log_fd, STDERR_FILENO); 409 xdup2(G.log_fd, STDERR_FILENO);
409 } 410 }
410 } 411 }
411- 412-
412+ printf("About to config certificates\n");
413+ G.tlscfg = tls_config_new(); 413+ G.tlscfg = tls_config_new();
414+ if(G.tlscfg == NULL) 414+ if(G.tlscfg == NULL)
415+ bb_error_msg_and_die("Out of memory 2"); 415+ bb_error_msg_and_die("Out of memory 2");
416+ char *pemmem = gather_certificates(G.tlscfg); 416+ BIO *pemmem = gather_certificates(G.tlscfg);
417+ printf("Got to downloading section\n");
418 while (*argv) 417 while (*argv)
419 download_one_url(*argv++); 418 download_one_url(*argv++);
420+ printf("Finished downloading section\n"); 419+ BIO_free(pemmem);
421+ free(pemmem);
422+ tls_config_free(G.tlscfg); 420+ tls_config_free(G.tlscfg);
423+ printf("Freed everythign\n");
424 421
425 if (G.output_fd >= 0) 422 if (G.output_fd >= 0)
426 xclose(G.output_fd); 423 xclose(G.output_fd);
427@@ -1704,6 +1850,6 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0") 424@@ -1704,6 +1832,5 @@ IF_DESKTOP( "no-parent\0" No_argument "\xf0")
428 free(G.extra_headers); 425 free(G.extra_headers);
429 #endif 426 #endif
430 FINI_G(); 427 FINI_G();
431- 428-
432+ printf("Exiting normally\n");
433 return EXIT_SUCCESS; 429 return EXIT_SUCCESS;
434 } 430 }
435diff --git a/scripts/trylink b/scripts/trylink 431diff --git a/scripts/trylink b/scripts/trylink