| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
Missing ones were: --no-proxy, --quiet, --continue / -c
Also improved readability of several options.
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently wolfSSL doesn't validate any certificates, quoting from
README:
wolfSSL takes a different approach to certificate verification than
OpenSSL does. The default policy for the client is to verify the server,
this means that if you don't load CAs to verify the server you'll get a
connect error, no signer error to confirm failure (-188).
If you want to mimic OpenSSL behavior of having SSL_connect succeed even if
verifying the server fails and reducing security you can do this by calling:
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
before calling wolfSSL_new();. Though it's not recommended.
wolfSSL simply behaves differently then OpenSSL so once you set
SSL_VERIFY_NONE wolfSSL doesn't care about the certificates anymore so
every call to SSL_get_verify_result() is going to succeed (returns
X509_V_OK) even for invalid certificates and current OpenSSL based post
connection verification logic thus doesn't work.
So in order to get the validation working we need to use SSL_VERIFY_PEER
for wolfSSL by default and allow disabling it explicitly by new
`context_set_require_validation()` call.
Fixes: FS#3465
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following memory leak:
$ valgrind --quiet --leak-check=full uclient-fetch -q http://127.0.0.1:1922/does-not-exist
51 (16 direct, 35 indirect) bytes in 1 blocks are definitely lost in loss record 4 of 9
at 0x4C31A3F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x4C33D84: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
by 0x553C7DF: glob_in_dir (glob.c:1410)
by 0x553D5E8: glob@@GLIBC_2.27 (glob.c:1097)
by 0x401D62: init_ca_cert (uclient-fetch.c:503)
by 0x401D62: main (uclient-fetch.c:741)
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following issue reported by clang-12 static analyzer:
uclient-fetch.c:612:25: warning: Potential leak of memory pointed to by 'username' [unix.Malloc]
memset(optarg, '*', strlen(optarg));
^~~~~~~~~~~~~~
uclient-fetch.c:618:25: warning: Potential leak of memory pointed to by 'password' [unix.Malloc]
memset(optarg, '*', strlen(optarg));
^~~~~~~~~~~~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following issue reported by clang-12 static analyzer:
uclient-fetch.c:228:6: error: this statement may fall through [-Werror=implicit-fallthrough=]
if (sscanf(blobmsg_get_string(tb[H_RANGE]),
^
uclient-fetch.c:236:2: note: here
case 204:
^~~~
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes following -Wextra compiler warnings:
uclient.c:195:16: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(backends); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~
uclient-http.c:619:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-http.c:619:2: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-http.c:993:16: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(request_types); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~
uclient.c:195:16: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(backends); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~
uclient-http.c:619:2: error: comparison of integers of different signs: 'size_t' (aka 'unsigned long') and 'int' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-http.c:619:2: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
blobmsg_for_each_attr(cur, uh->headers.head, rem)
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-http.c:993:16: error: comparison of integers of different signs: 'int' and 'unsigned long' [-Werror,-Wsign-compare]
for (i = 0; i < ARRAY_SIZE(request_types); i++) {
~ ^ ~~~~~~~~~~~~~~~~~~~~~~~~~
uclient-fetch.c:551:67: error: missing field 'flag' initializer [-Werror,-Wmissing-field-initializers]
[L_NO_CHECK_CERTIFICATE] = { "no-check-certificate", no_argument },
Signed-off-by: Petr Štetiar <ynezz@true.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Passing post data in command line is convenient but has limited size,
and may become tricky to correctly escape passed data especially in
scripts.
This patch add the option --post-file so the data to post can be read
from a file.
Tested on x86/64.
Acked-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Gioacchino Mazzurco <gio@eigenlab.org>
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new `--ciphers` option which allows specifying a colon separated
list of usable TLS ciphers.
Depending on the underlying ustream-ssl provider, the list either follows
OpenSSL's cipher string format or, in case of mbedTLS, is a simple colon
separated cipher whitelist.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
|
|
|
| |
uclient_get_url_filename may return a null ptr resulting in a null
ptr dereference by fprintf and open
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When faced with this error message, I did not directly know what
package(s) to install. I first grepped the package list for packages
named libustream-ssl... found nothing, and finally realized, that here
only the library name was mentioned.
But when we mention the certificate packages, why not also directly
mention the SSL/TLS packages with a pattern. That will save one step
next time when stumbling here - at least for me ;-)
Signed-off-by: Michael Heimpold <mhei@heimpold.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When uclient-fetch is called with multiple URL's, it derives the
first filename from the URL. It then sets the global output_file
variable, causing a use-after-free bug on an attempt to use it as output
file for the next file.
Fix this by avoiding the overwrite entirely by only setting a local
variable
Reported-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
|
|
|
|
| |
When a backend->read() is not implement or returns -1,
This -1 is interpreted as unsigned int resulting
in an access far behind the buffer.
Signed-off-by: Alexander Couzens <lynxis@fe80.eu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
uclient-http.c:385:8: error: ignoring return value of 'fread', declared with attribute warn_unused_result [-Werror=unused-result]
fread(&val, sizeof(val), 1, f);
^
uclient-fetch.c: In function 'main':
uclient-fetch.c:664:12: error: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Werror=unused-result]
asprintf(&auth_str, "%s:%s", username, password);
^
uclient-fetch.c: In function 'read_data_cb':
uclient-fetch.c:269:9: error: ignoring return value of 'write', declared with attribute warn_unused_result [-Werror=unused-result]
write(output_fd, buf, len);
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
|
|
| |
and verify was requested
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
|
|
|
|
| |
Signed-off-by: Luka Perkov <luka@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
|
|
| |
specified
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|
|
|
|
| |
Signed-off-by: Felix Fietkau <nbd@openwrt.org>
|