| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the uloop is ended right after the state change timeout has been
armed, the timeout will never be cancelled, without a way for the
libuclient user to clean up. When uclient_free() is then called on the
uclient context while the uloop is still live, the entry in uloop's timeout
list will be dangling, often resulting in a segfault when new timeouts are
added or the timeout list is cleaned up in uloop_done().
Fix this by cancelling the timeout in uclient_disconnect().
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
|
|
|
|
|
|
|
|
|
|
| |
In order to prevent regressions like #9283, lets add build and runtime
testing of wolfSSL master and release branches into daily scheduled
pipeline.
References: https://github.com/openwrt/openwrt/issues/9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
| |
In order to prevent regressions like #9283, lets add runtime check
against letsencrypt.org.
References: https://github.com/openwrt/openwrt/issues/9283
References: https://github.com/wolfSSL/wolfssl/issues/4879
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
| |
or uclient-fetch will stall until timeout for 2XX (except 204) response
with content-length of 0
Signed-off-by: Youfu Zhang <zhangyoufu@gmail.com>
|
|
|
|
|
|
|
|
| |
Commit 64e00d6db4c3 ("uclient-fetch: document missing options") has
changed output of usage help so adjust test accordingly.
Fixes: 64e00d6db4c3 ("uclient-fetch: document missing options")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
| |
Commit 64e00d6db4c3 ("uclient-fetch: document missing options") has
changed output of usage help so adjust test accordingly.
Fixes: 64e00d6db4c3 ("uclient-fetch: document missing options")
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
| |
Missing ones were: --no-proxy, --quiet, --continue / -c
Also improved readability of several options.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
|
|
|
|
|
|
|
|
| |
Seems like sometimes it can take some time to start HTTP server so let's
wait for the server becoming operating before executing test cases.
References: https://gitlab.com/openwrt/project/uclient/-/jobs/1118330555#L984
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uses currently proof-of-concept openwrt-ci[1] in order to:
* improve the quality of the codebase in various areas
* decrease code review time and help merging contributions faster
* get automagic feedback loop on various platforms and tools
- out of tree build with OpenWrt SDK on following targets:
* ath79-generic
* imx6-generic
* malta-be
* mvebu-cortexa53
- out of tree native build on x86/64 with GCC (versions 8, 9, 10) and Clang 10
- out of tree native x86/64 static code analysis with cppcheck and
scan-build from Clang 10
1. https://gitlab.com/ynezz/openwrt-ci/
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently wolfSSL doesn't validate any certificates, quoting from
README:
wolfSSL takes a different approach to certificate verification than
OpenSSL does. The default policy for the client is to verify the server,
this means that if you don't load CAs to verify the server you'll get a
connect error, no signer error to confirm failure (-188).
If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
verifying the server fails and reducing security you can do this by calling:
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new();. Though it's not recommended.
wolfSSL simply behaves differently then OpenSSL so once you set
SSL_VERIFY_NONE wolfSSL doesn't care about the certificates anymore so
every call to SSL_get_verify_result() is going to succeed (returns
X509_V_OK) even for invalid certificates and current OpenSSL based post
connection verification logic thus doesn't work.
So in order to get the validation working we need to use SSL_VERIFY_PEER
for wolfSSL by default and allow disabling it explicitly by new
`context_set_require_validation()` call.
Fixes: FS#3465
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following memory leak:
$ valgrind --quiet --leak-check=full uclient-fetch -q http://127.0.0.1:1922/does-not-exist
51 (16 direct, 35 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 9
at 0x4C31A3F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4C33D84: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x553C7DF: glob_in_dir (glob.c:1410)
by 0x553D5E8: glob@@GLIBC_2.27 (glob.c:1097)
by 0x401D62: init_ca_cert (uclient-fetch.c:503)
by 0x401D62: main (uclient-fetch.c:741)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
| |
Let's enforce additional automatic checks enforced by the compiler in
order to catch possible errors during compilation.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following warnings as reported on 32-bit platforms
toolchain-mips_24kc_gcc-8.4.0_musl and toolchain-arm_cortex-a9+neon_gcc-8.4.0_musl_eabi:
uclient-http.c:1111:10: error: comparison of integer expressions of different signedness: 'unsigned int' and 'int' [-Werror=sign-compare]
if (len > data_end - data)
^
uclient-http.c:1115:11: error: comparison of integer expressions of different signedness: 'unsigned int' and 'long int' [-Werror=sign-compare]
if (len > uh->read_chunked)
^
uclient-http.c:1120:11: error: comparison of integer expressions of different signedness: 'unsigned int' and 'long int' [-Werror=sign-compare]
if (len > uh->content_length)
^
References: https://gitlab.com/ynezz/openwrt-uclient/-/pipelines/226912126
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following issue reported by clang-12 static analyzer:
uclient-fetch.c:612:25: warning: Potential leak of memory pointed to by 'username' [unix.Malloc]
memset(optarg, '*', strlen(optarg));
^~~~~~~~~~~~~~
uclient-fetch.c:618:25: warning: Potential leak of memory pointed to by 'password' [unix.Malloc]
memset(optarg, '*', strlen(optarg));
^~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
| |
Fixes following issue reported by clang-12 static analyzer:
uclient.c:290:22: warning: Value stored to 'url' during its initialization is never read [deadcode.DeadStores]
struct uclient_url *url = cl->url;
^~~ ~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following issue reported by clang-12 static analyzer:
uclient-fetch.c:228:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
if (sscanf(blobmsg_get_string(tb[H_RANGE]),
^
uclient-fetch.c:236:2: note: here
case 204:
^~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
| |
Fixes following issue reported by clang-12 static analyzer:
uclient-http.c:568:2: warning: Memory allocated by alloca() should not be deallocated [unix.Malloc]
free(buf_orig);
^~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following -Wextra compiler warnings:
uclient.c:195:16: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(backends); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~
uclient-http.c:619:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-http.c:619:2: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-http.c:993:16: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(request_types); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~
uclient.c:195:16: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(backends); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~
uclient-http.c:619:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-http.c:619:2: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-http.c:993:16: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(request_types); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-fetch.c:551:67: error: missing field 'flag' initializer [-Werror,-Wmissing-field-initializers]
[L_NO_CHECK_CERTIFICATE] = { "no-check-certificate", no_argument },
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
| |
For the start just basic uclient-fetch functionality coverage.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
| |
When building out of the tree, linker is unable to find the ubox library
so fix it by using find_library CMake command.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Passing post data in command line is convenient but has limited size,
and may become tricky to correctly escape passed data especially in
scripts.
This patch add the option --post-file so the data to post can be read
from a file.
Tested on x86/64.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Gioacchino Mazzurco <gio@eigenlab.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new `--ciphers` option which allows specifying a colon separated
list of usable TLS ciphers.
Depending on the underlying ustream-ssl provider, the list either follows
OpenSSL's cipher string format or, in case of mbedTLS, is a simple colon
separated cipher whitelist.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
This add's the uclient_strerror function, which resolves and error code
to a string message.
Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
|
|
|
|
|
|
|
|
|
| |
Otherwise uclient-fetch can report "Connection reset prematurely"
Fixes FS#2222
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
Acked-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When uclient connects via an HTTP proxy connection we need to swap the
contexts .proxy_url and not the .url property (which is the connection
URL to the proxy server itself).
This fixes uclient erroring out in a redirect loop when connecting via
a proxy connection.
Ref: https://forum.openwrt.org/t/opkg-update-fails/25813
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
Since the connection setup in uclient_do_connect can fail before
ustream_init_fd is called we must check the fd was actually allocated
before closing it, else we would close STDIN.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
|
|
|
|
|
|
| |
Add null pointer check to allocation of url filename
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
|
|
|
|
|
|
|
| |
Add some error handling for errors during assembly of headers
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
| |
Check ptr to url after allocation to prevent null pointer
dereference
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
|
|
|
|
|
|
| |
Add null pointer check to allocation of uclient_http struct
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
|
|
|
|
|
|
| |
Add null pointer checks to allocation of buffers for authentication parameters
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
|
|
|
|
|
|
|
| |
Allocation of the base64 buffer might fail, resulting in a null
ptr being passed to base64_encode as a target buffer
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
|
|
|
|
|
|
|
| |
uclient_get_url_filename may return a null ptr resulting in a null
ptr dereference by fprintf and open
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When faced with this error message, I did not directly know what
package(s) to install. I first grepped the package list for packages
named libustream-ssl... found nothing, and finally realized, that here
only the library name was mentioned.
But when we mention the certificate packages, why not also directly
mention the SSL/TLS packages with a pattern. That will save one step
next time when stumbling here - at least for me ;-)
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When uclient-fetch is called with multiple URL's, it derives the
first filename from the URL. It then sets the global output_file
variable, causing a use-after-free bug on an attempt to use it as output
file for the next file.
Fix this by avoiding the overwrite entirely by only setting a local
variable
Reported-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
For literal IPv6 addresses, the host header must have the form
Host: [...]
including the square brackets, as it may also contain a port. Some
webservers ignore the missing brackets, while others will return error 400.
IPv6 addresses are determined by searching for ':' characters in the host,
as neither IPv4 addresses nor DNS names can contain colons. An alternative
would be to add a flag to the uclient_url struct; but as this struct is
exposed in public headers, such a change could be considered an ABI change,
making a backport difficult.
Signed-off-by: Matthias Schiffer <mschiffer@universe-factory.net>
Acked-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
|
| |
When a backend->read() is not implement or returns -1,
This -1 is interpreted as unsigned int resulting
in an access far behind the buffer.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
| |
Where necessary, this can easily be provided through CFLAGS/LDFLAGS
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
uclient-http.c:385:8: error: ignoring return value of 'fread', declared with attribute warn_unused_result [-Werror=unused-result]
fread(&val, sizeof(val), 1, f);
^
uclient-fetch.c: In function 'main':
uclient-fetch.c:664:12: error: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&auth_str, "%s:%s", username, password);
^
uclient-fetch.c: In function 'read_data_cb':
uclient-fetch.c:269:9: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(output_fd, buf, len);
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
|
|
|
|
| |
When connecting to a website with a special port, uclient-fetch connects
to the correct port, but is sending an incorrect Host: header without
the corresponding port.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
Add a CMake FIND_PATH and INCLUDE_DIRECTORIES searching for
libubox/ustream-ssl.h. Some external toolchains which do not include
standard locations would fail to find the header otherwise.
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
|
|
|
|
|
|
| |
Sending entity within DELETE is not forbidden by RFC 7231, see section
4.3.5. DELETE:
> A payload within a DELETE request message has no defined semantics;
> sending a payload body on a DELETE request might cause some existing
> implementations to reject the request.
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|