Merge branch busybox (up to "ash: comment out free(p) just before...")

author: Ron Yorston <rmy@pobox.com> 2016-10-19 17:01:55 +0100
committer: Ron Yorston <rmy@pobox.com> 2016-10-19 17:01:55 +0100
commit: 075814c60a316cfd088c88f26f75ab21b5850b98 (patch)
tree: f6e33ac693630827deb309faa5fa4931588db57d /networking/wget.c
parent: 977d65c1bbc57f5cdd0c8bfd67c8b5bb1cd390dd (diff)
parent: f37e1155aabde6bd95d267a8aec347cedccb8bc3 (diff)
download: busybox-w32-075814c60a316cfd088c88f26f75ab21b5850b98.tar.gz
busybox-w32-075814c60a316cfd088c88f26f75ab21b5850b98.tar.bz2
busybox-w32-075814c60a316cfd088c88f26f75ab21b5850b98.zip
1 files changed, 100 insertions, 30 deletions
diff --git a/networking/wget.c b/networking/wget.c
index c886dd391..460b4b833 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -62,9 +62,10 @@
 //config:         a helper program to talk over HTTPS.
 //config:
 //config:         OpenSSL has a simple SSL client for debug purposes.
-//config:         If you select "openssl" helper, wget will effectively call
+//config:         If you select "openssl" helper, wget will effectively run:
-//config:         "openssl s_client -quiet -connect IP:443 2>/dev/null"
+//config:         "openssl s_client -quiet -connect hostname:443
-//config:         and pipe its data through it.
+//config:         -servername hostname 2>/dev/null" and pipe its data
+//config:         through it. -servername is not used if hostname is numeric.
 //config:         Note inconvenient API: host resolution is done twice,
 //config:         and there is no guarantee openssl's idea of IPv6 address
 //config:         format is the same as ours.
@@ -99,7 +100,7 @@
 //usage:#define wget_trivial_usage
 //usage:        IF_FEATURE_WGET_LONG_OPTIONS(
-//usage:       "[-c|--continue] [-s|--spider] [-q|--quiet] [-O|--output-document FILE]\n"
+//usage:       "[-c|--continue] [--spider] [-q|--quiet] [-O|--output-document FILE]\n"
 //usage:       "        [--header 'header: value'] [-Y|--proxy on/off] [-P DIR]\n"
 /* Since we ignore these opts, we don't show them in --help */
 /* //usage:    "        [--no-check-certificate] [--no-cache] [--passive-ftp] [-t TRIES]" */
@@ -107,21 +108,23 @@
 //usage:       "        [-U|--user-agent AGENT]" IF_FEATURE_WGET_TIMEOUT(" [-T SEC]") " URL..."
 //usage:        )
 //usage:        IF_NOT_FEATURE_WGET_LONG_OPTIONS(
-//usage:       "[-csq] [-O FILE] [-Y on/off] [-P DIR] [-U AGENT]"
+//usage:       "[-cq] [-O FILE] [-Y on/off] [-P DIR] [-U AGENT]"
 //usage:                        IF_FEATURE_WGET_TIMEOUT(" [-T SEC]") " URL..."
 //usage:        )
 //usage:#define wget_full_usage "\n\n"
 //usage:       "Retrieve files via HTTP or FTP\n"
-//usage:     "\n        -s      Spider mode - only check file existence"
+//usage:        IF_FEATURE_WGET_LONG_OPTIONS(
-//usage:     "\n        -c      Continue retrieval of aborted transfer"
+//usage:     "\n        --spider        Spider mode - only check file existence"
-//usage:     "\n        -q      Quiet"
+//usage:        )
-//usage:     "\n        -P DIR  Save to DIR (default .)"
+//usage:     "\n        -c              Continue retrieval of aborted transfer"
+//usage:     "\n        -q              Quiet"
+//usage:     "\n        -P DIR          Save to DIR (default .)"
 //usage:        IF_FEATURE_WGET_TIMEOUT(
-//usage:     "\n        -T SEC  Network read timeout is SEC seconds"
+//usage:     "\n        -T SEC          Network read timeout is SEC seconds"
 //usage:        )
-//usage:     "\n        -O FILE Save to FILE ('-' for stdout)"
+//usage:     "\n        -O FILE         Save to FILE ('-' for stdout)"
-//usage:     "\n        -U STR  Use STR for User-Agent header"
+//usage:     "\n        -U STR          Use STR for User-Agent header"
-//usage:     "\n        -Y      Use proxy ('on' or 'off')"
+//usage:     "\n        -Y on/off       Use proxy"
 #include "libbb.h"
@@ -228,17 +231,17 @@ struct globals {
 /* Must match option string! */
 enum {
        WGET_OPT_CONTINUE   = (1 << 0),
-        WGET_OPT_SPIDER     = (1 << 1),
+        WGET_OPT_QUIET      = (1 << 1),
-        WGET_OPT_QUIET      = (1 << 2),
+        WGET_OPT_OUTNAME    = (1 << 2),
-        WGET_OPT_OUTNAME    = (1 << 3),
+        WGET_OPT_PREFIX     = (1 << 3),
-        WGET_OPT_PREFIX     = (1 << 4),
+        WGET_OPT_PROXY      = (1 << 4),
-        WGET_OPT_PROXY      = (1 << 5),
+        WGET_OPT_USER_AGENT = (1 << 5),
-        WGET_OPT_USER_AGENT = (1 << 6),
+        WGET_OPT_NETWORK_READ_TIMEOUT = (1 << 6),
-        WGET_OPT_NETWORK_READ_TIMEOUT = (1 << 7),
+        WGET_OPT_RETRIES    = (1 << 7),
-        WGET_OPT_RETRIES    = (1 << 8),
+        WGET_OPT_nsomething = (1 << 8),
-        WGET_OPT_PASSIVE    = (1 << 9),
+        WGET_OPT_HEADER     = (1 << 9) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
-        WGET_OPT_HEADER     = (1 << 10) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+        WGET_OPT_POST_DATA  = (1 << 10) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
-        WGET_OPT_POST_DATA  = (1 << 11) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+        WGET_OPT_SPIDER     = (1 << 11) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
 };
 enum {
@@ -349,6 +352,30 @@ static void set_alarm(void)
 # define clear_alarm() ((void)0)
 #endif
+#if ENABLE_FEATURE_WGET_OPENSSL
+/*
+ * is_ip_address() attempts to verify whether or not a string
+ * contains an IPv4 or IPv6 address (vs. an FQDN).  The result
+ * of inet_pton() can be used to determine this.
+ *
+ * TODO add proper error checking when inet_pton() returns -1
+ * (some form of system error has occurred, and errno is set)
+ */
+static int is_ip_address(const char *string)
+{
+        struct sockaddr_in sa;
+        int result = inet_pton(AF_INET, string, &(sa.sin_addr));
+# if ENABLE_FEATURE_IPV6
+        if (result == 0) {
+                struct sockaddr_in6 sa6;
+                result = inet_pton(AF_INET6, string, &(sa6.sin6_addr));
+        }
+# endif
+        return (result == 1);
+}
+#endif
 static FILE *open_socket(len_and_sockaddr *lsa)
 {
        int fd;
@@ -635,6 +662,7 @@ static FILE* prepare_ftp_session(FILE **dfpp, struct host_info *target, len_and_
 static int spawn_https_helper_openssl(const char *host, unsigned port)
 {
        char *allocated = NULL;
+        char *servername;
        int sp[2];
        int pid;
        IF_FEATURE_WGET_SSL_HELPER(volatile int child_failed = 0;)
@@ -645,12 +673,14 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
        if (!strchr(host, ':'))
                host = allocated = xasprintf("%s:%u", host, port);
+        servername = xstrdup(host);
+        strrchr(servername, ':')[0] = '\0';
        fflush_all();
        pid = xvfork();
        if (pid == 0) {
                /* Child */
-                char *argv[6];
+                char *argv[8];
                close(sp[0]);
                xmove_fd(sp[1], 0);
@@ -662,12 +692,22 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
                 */
                xmove_fd(2, 3);
                xopen("/dev/null", O_RDWR);
+                memset(&argv, 0, sizeof(argv));
                argv[0] = (char*)"openssl";
                argv[1] = (char*)"s_client";
                argv[2] = (char*)"-quiet";
                argv[3] = (char*)"-connect";
                argv[4] = (char*)host;
-                argv[5] = NULL;
+                /*
+                 * Per RFC 6066 Section 3, the only permitted values in the
+                 * TLS server_name (SNI) field are FQDNs (DNS hostnames).
+                 * IPv4 and IPv6 addresses, port numbers are not allowed.
+                 */
+                if (!is_ip_address(servername)) {
+                        argv[5] = (char*)"-servername";
+                        argv[6] = (char*)servername;
+                }
                BB_EXECVP(argv[0], argv);
                xmove_fd(3, 2);
 # if ENABLE_FEATURE_WGET_SSL_HELPER
@@ -680,6 +720,7 @@ static int spawn_https_helper_openssl(const char *host, unsigned port)
        }
        /* Parent */
+        free(servername);
        free(allocated);
        close(sp[1]);
 # if ENABLE_FEATURE_WGET_SSL_HELPER
@@ -1058,6 +1099,12 @@ static void download_one_url(const char *url)
                }
                fflush(sfp);
+                /* If we use SSL helper, keeping our end of the socket open for writing
+                 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
+                 * even after child closes its copy of the fd.
+                 * This helps:
+                 */
+                shutdown(fileno(sfp), SHUT_WR);
                /*
                 * Retrieve HTTP response line and check for "200" status code.
@@ -1077,7 +1124,21 @@ static void download_one_url(const char *url)
                        while (gethdr(sfp) != NULL)
                                /* eat all remaining headers */;
                        goto read_response;
+                /* Success responses */
                case 200:
+                        /* fall through */
+                case 201: /* 201 Created */
+/* "The request has been fulfilled and resulted in a new resource being created" */
+                        /* Standard wget is reported to treat this as success */
+                        /* fall through */
+                case 202: /* 202 Accepted */
+/* "The request has been accepted for processing, but the processing has not been completed" */
+                        /* Treat as success: fall through */
+                case 203: /* 203 Non-Authoritative Information */
+/* "Use of this response code is not required and is only appropriate when the response would otherwise be 200 (OK)" */
+                        /* fall through */
+                case 204: /* 204 No Content */
 /*
 Response 204 doesn't say "null file", it says "metadata
 has changed but data didn't":
@@ -1102,7 +1163,6 @@ is always terminated by the first empty line after the header fields."
 However, in real world it was observed that some web servers
 (e.g. Boa/0.94.14rc21) simply use code 204 when file size is zero.
 */
-                case 204:
                        if (G.beg_range != 0) {
                                /* "Range:..." was not honored by the server.
                                 * Restart download from the beginning.
@@ -1110,11 +1170,14 @@ However, in real world it was observed that some web servers
                                reset_beg_range_to_zero();
                        }
                        break;
+                /* 205 Reset Content ?? what to do on this ??   */
                case 300:  /* redirection */
                case 301:
                case 302:
                case 303:
                        break;
                case 206: /* Partial Content */
                        if (G.beg_range != 0)
                                /* "Range:..." worked. Good. */
@@ -1231,8 +1294,6 @@ int wget_main(int argc UNUSED_PARAM, char **argv)
        static const char wget_longopts[] ALIGN1 =
                /* name, has_arg, val */
                "continue\0"         No_argument       "c"
-//FIXME: -s isn't --spider, it's --save-headers!
-                "spider\0"           No_argument       "s"
                "quiet\0"            No_argument       "q"
                "output-document\0"  Required_argument "O"
                "directory-prefix\0" Required_argument "P"
@@ -1244,6 +1305,7 @@ IF_FEATURE_WGET_TIMEOUT(
 IF_DESKTOP(     "tries\0"            Required_argument "t")
                "header\0"           Required_argument "\xff"
                "post-data\0"        Required_argument "\xfe"
+                "spider\0"           No_argument       "\xfd"
                /* Ignored (we always use PASV): */
 IF_DESKTOP(     "passive-ftp\0"      No_argument       "\xf0")
                /* Ignored (we don't do ssl) */
@@ -1275,7 +1337,7 @@ IF_DESKTOP(	"no-parent\0"        No_argument       "\xf0")
 #endif
        opt_complementary = "-1" /* at least one URL */
                IF_FEATURE_WGET_LONG_OPTIONS(":\xff::"); /* --header is a list */
-        getopt32(argv, "csqO:P:Y:U:T:+"
+        getopt32(argv, "cqO:P:Y:U:T:+"
                /*ignored:*/ "t:"
                /*ignored:*/ "n::"
                /* wget has exactly four -n<letter> opts, all of which we can ignore:
@@ -1294,6 +1356,14 @@ IF_DESKTOP(	"no-parent\0"        No_argument       "\xf0")
                IF_FEATURE_WGET_LONG_OPTIONS(, &headers_llist)
                IF_FEATURE_WGET_LONG_OPTIONS(, &G.post_data)
        );
+#if 0 /* option bits debug */
+        if (option_mask32 & WGET_OPT_RETRIES) bb_error_msg("-t NUM");
+        if (option_mask32 & WGET_OPT_nsomething) bb_error_msg("-nsomething");
+        if (option_mask32 & WGET_OPT_HEADER) bb_error_msg("--header");
+        if (option_mask32 & WGET_OPT_POST_DATA) bb_error_msg("--post-data");
+        if (option_mask32 & WGET_OPT_SPIDER) bb_error_msg("--spider");
+        exit(0);
+#endif
        argv += optind;
 #if ENABLE_FEATURE_WGET_LONG_OPTIONS
author	Ron Yorston <rmy@pobox.com>	2016-10-19 17:01:55 +0100
committer	Ron Yorston <rmy@pobox.com>	2016-10-19 17:01:55 +0100
commit	075814c60a316cfd088c88f26f75ab21b5850b98 (patch)
tree	f6e33ac693630827deb309faa5fa4931588db57d /networking/wget.c
parent	977d65c1bbc57f5cdd0c8bfd67c8b5bb1cd390dd (diff)
parent	f37e1155aabde6bd95d267a8aec347cedccb8bc3 (diff)
download	busybox-w32-075814c60a316cfd088c88f26f75ab21b5850b98.tar.gz busybox-w32-075814c60a316cfd088c88f26f75ab21b5850b98.tar.bz2 busybox-w32-075814c60a316cfd088c88f26f75ab21b5850b98.zip