[Toybox] [PATCH] IPv6 routing table for netstat
I've added the reading of IPv6 routing table is not yet implemented in netstat. I added new function, not merged in display_route() because IPv4 routing table's format is different from IPv6's one. And net-tools is referred for its flag symbol. 0001-IPv6-routing-table-for-netstat.patch Description: Binary data ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
Re: [Toybox] [FIX] build error fix in pending/sulogin.c
sorry I missed patch file. On Mon, Sep 26, 2016 at 9:18 AM, Lipi C. H. Lee wrote: > The sulogin.c has had link error. > So xopen_stdin() has changed to open_stdio(). > 0001-Changed-xopen_stdin-to-xopen_stdio.patch Description: Binary data ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
[Toybox] [FIX] build error fix in pending/sulogin.c
The sulogin.c has had link error. So xopen_stdin() has changed to open_stdio(). ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
[Toybox] [PATCH] wget: change the option 'f' to 'O' for saving file
This patch change the option 'f' to 'O' for saving a file like wget or curl. wget.patch Description: Binary data ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
[Toybox] [PATCH] wget: support HTTPS using openssl
wget supports HTTPS with openssl and is changed option '-f' to '-o' just like curl and uses xconnect(). And one change happens in /lib. A parameter is added to xpopen_both() in lib/xwrap.c to decide whether child process pass stderr to stdout or not. If openssl's stderr and downloaded stream is mixed, code is more complicated and its size is bigger. 0001-wget-support-https-with-openssl.patch Description: Binary data ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
Re: [Toybox] Implement wget
Thanks for your comments, Rich Felker.
I think 'get_info' function checked path length from url before calling
strcpy as belows,
if (strlen(url+i) < 1024) strcpy(path, url+i);
else error_exit("too long path in URL");
Do you think it is not enough?
And you commented whole string operations is unsafe in the code.
Could you kindly tell me any test case it is unsafe?
It will be very helpful to me.
On Sat, Feb 27, 2016 at 8:28 AM, Rich Felker wrote:
> On Thu, Feb 25, 2016 at 05:28:20PM +0900, Lipi C. H. Lee wrote:
> > Thanks for your comment, Felix.
> >
> > I am sorry my response is so late.
> > As your comments, I modified some code.
> >
> > wget: clean up
> >
> > - shorten error messages
> > - replace mk_rq with sprintf
>
> This is almost surely unsafe.
>
> > - remove struct and defines
> > - change unsigned int to unsigned
> >
> >
> > [...]
> > void wget_main(void)
> > {
> >int sock;
> > - struct httpinfo hi;
> >FILE *fp;
> > - size_t len, body_len;
> > - char *body, *result, *rc, *r_str, ua[18] = "toybox wget/", ver[6];
> > + ssize_t len, body_len;
> > + char *body, *result, *rc, *r_str;
> > + char ua[18] = "toybox wget/", ver[6], hostname[1024], port[6],
> path[1024];
> >
> >// TODO extract filename to be saved from URL
> > - if (!(toys.optflags & FLAG_f))
> > -help_exit("The filename to be saved should be needed.");
> > - if (fopen(TT.filename, "r"))
> > -error_exit("The file(%s) you specified already exists.",
> TT.filename);
> > + if (!(toys.optflags & FLAG_f)) help_exit("no filename");
> > + if (fopen(TT.filename, "r")) perror_exit("file already exists");
> >
> > - if(!toys.optargs[0]) help_exit("The URL should be specified.");
> > - get_info(&hi, toys.optargs[0]);
> > + if(!toys.optargs[0]) help_exit("no URL");
> > + get_info(toys.optargs[0], hostname, port, path);
> >
> > - sock = conn_svr(hi.hostname, hi.port);
> > + sock = conn_svr(hostname, port);
> >
> >// compose HTTP request
> > - mk_rq(hi.path);
> > - mk_fld("Host", hi.hostname);
> > + sprintf(toybuf, "GET %s HTTP/1.1\r\n", path);
>
> Depending on the size of toybuf, it might be safe, but the above
> get_info is almost certainly unsafe already; it strcpy's into path[]
> with no limits on size.
>
> Right now this whole utility looks extremely unsafe to me -- all sorts
> of unbounded string operations. Even if you want to say you're only
> going to be passing 'safe' urls to it, it's likely vulnerable to
> malicous HTTP redirects and other similar issues. I think it needs
> some major overhaul with attention to safe string handling.
>
> Rich
>
___
Toybox mailing list
Toybox@lists.landley.net
http://lists.landley.net/listinfo.cgi/toybox-landley.net
Re: [Toybox] Implement wget
Thanks for your comment, Felix.
I am sorry my response is so late.
As your comments, I modified some code.
wget: clean up
- shorten error messages
- replace mk_rq with sprintf
- remove struct and defines
- change unsigned int to unsigned
On Fri, Feb 19, 2016 at 8:44 PM, Felix Janda wrote:
> Lipi C. H. Lee wrote:
> > implement simple 'wget' and port name can be specified in URL if default
> > port 80 is not used.
> > It may be added to toys/pending directory.
>
> Thanks for your submission!
>
> Some comments below.
>
> In general, try simplifying the error messages:
>
>
> http://lists.landley.net/pipermail/toybox-landley.net/2013-April/000850.html
>
>
I changed them shortly.
> Also, generally functions are only added when they can be called at
> least twice. See
>
>
> http://lists.landley.net/pipermail/toybox-landley.net/2013-April/000919.html
>
>
I will check it later.
> (URLs taken from http://landley.net/toybox/cleanup.html)
>
> > /* wget.c - Simple downloader to get the resource file in HTTP server
> > *
> > * Copyright 2016 Lipi C.H. Lee
> > *
> >
> > USE_WGET(NEWTOY(wget, "f:", TOYFLAG_USR|TOYFLAG_BIN))
> >
> > config WGET
> > bool "wget"
> > default n
> > help
> > usage: wget -f filename URL
> > -f filename: specify the filename to be saved
> > URL: HTTP uniform resource location and only HTTP, not HTTPS
> >
> > examples:
> > wget -f index.html http://www.example.com
> > wget -f sample.jpg http://www.example.com:8080/sample.jpg
> > */
> >
> > #define FOR_wget
> > #include "toys.h"
> >
> > GLOBALS(
> > char *filename;
> > )
> >
> > #define HN_LEN 128 // HOSTNAME MAX LENGTH
> > #define PATH_LEN 256 // PATH MAX LENGTH
> >
> > struct httpinfo {
> > char hostname[HN_LEN];
> > char port[6]; // MAX port value: 65535
> > char path[PATH_LEN];
> > };
>
> In the code base, global defines are usually avoided. If the functions
> were inlined, this struct would actually be unecessary and HN_LEN
> could be sizeof hostname.
>
>
I removed defines and struct.
>
> > // extract hostname from url
> > static unsigned int get_hn(char *url, char *hn) {
> > unsigned int i;
> >
> > for (i = 0; url[i] != '\0' && url[i] != ':' && url[i] != '/'; i++) {
> > if(i >= HN_LEN)
> > error_exit("The hostname's length is lower than %d.", HN_LEN);
>
> You mean "larger"
>
I shortened it.
>
> > hn[i] = url[i];
> > }
> > hn[i] = '\0';
> >
> > return i;
> > }
> >
> > // extract port number
> > static void get_port(char *url, char *port, unsigned int *url_i) {
> > unsigned int i;
> >
> > for (i = 0; url[i] != '\0' && url[i] != '/'; i++, (*url_i)++) {
> > if('0' <= url[i] && url[i] <= '9') port[i] = url[i];
> > else error_exit("Port is invalid");
> > }
> > if(i <= 6) port[i] = '\0';
> > else error_exit("Port number is too long");
> > }
> >
> > // get http infos in URL
> > static void get_info(struct httpinfo *hi, char *url) {
> > unsigned int i = 7, len;
> >
> > if (strncmp(url, "http://";, i)) error_exit("Only HTTP can be
> supported.");
> > len = get_hn(url+i, hi->hostname);
> > i += len;
> >
> > // get port if exists
> > if (url[i] == ':') {
> > i++;
> > get_port(url+i, hi->port, &i);
> > } else strcpy(hi->port, "80");
> >
> > // get uri in URL
> > if (url[i] == '\0') strcpy(hi->path, "/");
> > else if (url[i] == '/') {
> > if (strlen(url+i) < PATH_LEN) strcpy(hi->path, url+i);
> > else error_exit("The URL path's length is less than %d.", PATH_LEN);
> > } else error_exit("The URL is NOT valid.");
> > }
> >
> > // connect to any IPv4 or IPv6 server
> > static int conn_svr(const char *hostname, const char *port) {
> > struct addrinfo hints, *result, *rp;
> > int sock;
> >
> > memset(&hints, 0, sizeof(struct addrinfo));
> > hints.ai_family = AF_UNSPEC;
> > hints.ai_socktype = SOCK_STREAM;
> > hints.ai_flags = 0;
> > hints.ai_protocol = 0;
> >
> > if ((errno
[Toybox] Implement wget
implement simple 'wget' and port name can be specified in URL if default
port 80 is not used.
It may be added to toys/pending directory.
/* wget.c - Simple downloader to get the resource file in HTTP server
*
* Copyright 2016 Lipi C.H. Lee
*
USE_WGET(NEWTOY(wget, "f:", TOYFLAG_USR|TOYFLAG_BIN))
config WGET
bool "wget"
default n
help
usage: wget -f filename URL
-f filename: specify the filename to be saved
URL: HTTP uniform resource location and only HTTP, not HTTPS
examples:
wget -f index.html http://www.example.com
wget -f sample.jpg http://www.example.com:8080/sample.jpg
*/
#define FOR_wget
#include "toys.h"
GLOBALS(
char *filename;
)
#define HN_LEN 128 // HOSTNAME MAX LENGTH
#define PATH_LEN 256 // PATH MAX LENGTH
struct httpinfo {
char hostname[HN_LEN];
char port[6]; // MAX port value: 65535
char path[PATH_LEN];
};
// extract hostname from url
static unsigned int get_hn(char *url, char *hn) {
unsigned int i;
for (i = 0; url[i] != '\0' && url[i] != ':' && url[i] != '/'; i++) {
if(i >= HN_LEN)
error_exit("The hostname's length is lower than %d.", HN_LEN);
hn[i] = url[i];
}
hn[i] = '\0';
return i;
}
// extract port number
static void get_port(char *url, char *port, unsigned int *url_i) {
unsigned int i;
for (i = 0; url[i] != '\0' && url[i] != '/'; i++, (*url_i)++) {
if('0' <= url[i] && url[i] <= '9') port[i] = url[i];
else error_exit("Port is invalid");
}
if(i <= 6) port[i] = '\0';
else error_exit("Port number is too long");
}
// get http infos in URL
static void get_info(struct httpinfo *hi, char *url) {
unsigned int i = 7, len;
if (strncmp(url, "http://";, i)) error_exit("Only HTTP can be supported.");
len = get_hn(url+i, hi->hostname);
i += len;
// get port if exists
if (url[i] == ':') {
i++;
get_port(url+i, hi->port, &i);
} else strcpy(hi->port, "80");
// get uri in URL
if (url[i] == '\0') strcpy(hi->path, "/");
else if (url[i] == '/') {
if (strlen(url+i) < PATH_LEN) strcpy(hi->path, url+i);
else error_exit("The URL path's length is less than %d.", PATH_LEN);
} else error_exit("The URL is NOT valid.");
}
// connect to any IPv4 or IPv6 server
static int conn_svr(const char *hostname, const char *port) {
struct addrinfo hints, *result, *rp;
int sock;
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = 0;
hints.ai_protocol = 0;
if ((errno = getaddrinfo(hostname, port, &hints, &result)))
error_exit("getaddrinfo: %s", gai_strerror(errno));
// try all address list(IPv4 or IPv6) until success
for (rp = result; rp; rp = rp->ai_next) {
if ((sock = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol))
== -1) {
perror_msg("Socket Error");
continue;
}
if (connect(sock, rp->ai_addr, rp->ai_addrlen) != -1)
break; // succeed in connecting to any server IP
else perror_msg("Connect Error");
close(sock);
}
freeaddrinfo(result);
if(!rp) error_exit("Can not connect to HTTP server");
return sock;
}
// make HTTP request header field
static void mk_fld(char *name, char *value) {
strcat(toybuf, name);
strcat(toybuf, ": ");
strcat(toybuf, value);
strcat(toybuf, "\r\n");
}
// make http request
static void mk_rq(char *path) {
strcpy(toybuf, "GET ");
strcat(toybuf, path);
strcat(toybuf, " HTTP/1.1\r\n");
}
// get http response body starting address and its length
static char *get_body(size_t len, size_t *body_len) {
unsigned int i;
for (i = 0; i < len-4; i++)
if (!strncmp(toybuf+i, "\r\n\r\n", 4)) break;
*body_len = len-i-4;
return toybuf+i+4;
}
void wget_main(void)
{
int sock;
struct httpinfo hi;
FILE *fp;
size_t len, body_len;
char *body, *result, *rc, *r_str, ua[18] = "toybox wget/", ver[6];
// TODO extract filename to be saved from URL
if (!(toys.optflags & FLAG_f))
help_exit("The filename to be saved should be needed.");
if (fopen(TT.filename, "r"))
error_exit("The file(%s) you specified already exists.", TT.filename);
if(!toys.optargs[0]) help_exit("The URL should be specified.");
get_info(&hi, toys.optargs[0]);
sock = conn_svr(hi.hostname, hi.port);
// compose HTTP request
mk_rq(hi.path);
mk_fld("Host", hi.hostname);
strncpy(ver, TOYBOX_VERSION, 5);
strcat(ua, ver);
mk_fld("User-Agent", ua);
mk_fld("Connection", "close");
strcat(toybuf, "\r\n");
// send the HTTP request
len = strlen(toybuf);
if (write(sock, toybuf, len) != len) perror_exit("HTTP GET failed.");
// read HTTP response
if ((len = read(sock, toybuf, 4096)) == -1)
perror_exit("HTTP response failed.");
if (!strstr(toybuf, "\r\n\r\n"))
error_exit("HTTP response header is too long.");
body = get_body(len, &body_len);
result = strtok(toybuf, "\r");
strtok(result, " ");
rc = strtok(NULL, " ");
r_str = strtok(NULL, " ");
// HTTP res code check
// TO
[Toybox] [toybox] cleanup in 'netstat.c'
Hi, Rob. I cleaned up the code in 'netstat.c' as belows. - Adjust to 80 columns - remove a useless function(strchr_nul), variable, type casting and compile warnings(fgets) - clean up netstat command option condition - change useless double pointer to single point and dynamic memory allocation to static one - fix a ambiguous return type and typo Can you review it? Thanks Lipi netstat.patch Description: Binary data ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
[Toybox] Fix build error after 'make allyesconfig'
Hi, Rob. Some source files in 'pending' directory have link error when xfork() is called after 'make allyesconfig'. Lipi fix_build_bootchard.patch Description: Binary data fix_build_crontab.patch Description: Binary data fix_build_openvt.patch Description: Binary data fix_build_tcpsvd.patch Description: Binary data ___ Toybox mailing list Toybox@lists.landley.net http://lists.landley.net/listinfo.cgi/toybox-landley.net
