Fix a subtle leak.

[oweals/opkg-lede.git] / libopkg / opkg_download.c

diff --git a/libopkg/opkg_download.c b/libopkg/opkg_download.c
index 2ee97bf2f9a2d58455acb684b7f2c5f206a2a146..ab21ae9e182cce47a0205ab1f83fb4a6145aaac1 100644 (file)
--- a/libopkg/opkg_download.c
+++ b/libopkg/opkg_download.c
@@ -26,6 +26,7 @@
 #include <openssl/conf.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/ssl.h>
 #endif
 
 #if defined(HAVE_GPGME)
@@ -47,6 +48,11 @@
 #include "file_util.h"
 #include "str_util.h"
 #include "opkg_defines.h"
+#include "libbb/libbb.h"
+
+#ifdef HAVE_PATHFINDER
+#include "opkg_pathfinder.h"
+#endif
 
 #if defined(HAVE_OPENSSL) || defined(HAVE_SSLCURL)
 static void openssl_init(void);
@@ -71,7 +77,7 @@ int opkg_download(opkg_conf_t *conf, const char *src,
 {
     int err = 0;
 
-    char *src_basec = strdup(src);
+    char *src_basec = xstrdup(src);
     char *src_base = basename(src_basec);
     char *tmp_file_location;
 
@@ -111,7 +117,6 @@ int opkg_download(opkg_conf_t *conf, const char *src,
     }
 
 #ifdef HAVE_CURL
-    CURL *curl;
     CURLcode res;
     FILE * file = fopen (tmp_file_location, "w");
 
@@ -177,7 +182,7 @@ int opkg_download(opkg_conf_t *conf, const char *src,
 static int opkg_download_cache(opkg_conf_t *conf, const char *src,
   const char *dest_file_name, curl_progress_func cb, void *data)
 {
-    char *cache_name = strdup(src);
+    char *cache_name = xstrdup(src);
     char *cache_location, *p;
     int err = 0;
 
@@ -253,14 +258,13 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name
 {
      int err = 0;
      pkg_t *pkg;
+
      pkg = pkg_new();
-     if (pkg == NULL)
-         return ENOMEM;
 
      if (str_starts_with(url, "http://")
         || str_starts_with(url, "ftp://")) {
          char *tmp_file;
-         char *file_basec = strdup(url);
+         char *file_basec = xstrdup(url);
          char *file_base = basename(file_basec);
 
          sprintf_alloc(&tmp_file, "%s/%s", conf->tmp_dir, file_base);
@@ -300,12 +304,9 @@ int opkg_prepare_url_for_install(opkg_conf_t *conf, const char *url, char **name
      pkg->state_want = SW_INSTALL;
      pkg->state_flag |= SF_PREFER;
      pkg = hash_insert_pkg(&conf->pkg_hash, pkg, 1,conf);  
-     if ( pkg == NULL ){
-        fprintf(stderr, "%s : This should never happen. Report this Bug in bugzilla please \n ",__FUNCTION__);
-        return 0;
-     }
+
      if (namep) {
-         *namep = strdup(pkg->name);
+         *namep = pkg->name;
      }
      return 0;
 }
@@ -412,6 +413,15 @@ opkg_verify_file (opkg_conf_t *conf, char *text_file, char *sig_file)
                 "Can't read signature file (Corrupted ?)\n");
         goto verify_file_end;
     }
+#if defined(HAVE_PATHFINDER)
+    if(conf->check_x509_path){
+       if(!pkcs7_pathfinder_verify_signers(p7)){
+           opkg_message(conf,  OPKG_ERROR, "pkcs7_pathfinder_verify_signers: "
+                   "Path verification failed\n");
+           goto verify_file_end;
+       }
+    }
+#endif
 
     // Open the Package file to authenticate
     if (!(indata = BIO_new_file(text_file, "rb"))){
@@ -594,6 +604,16 @@ static CURL *opkg_curl_init(opkg_conf_t *conf, curl_progress_func cb, void *data
             * CURLOPT_SSL_VERIFYPEER default is nonzero (curl => 7.10)
             */
            curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0);
+       }else{
+#ifdef HAVE_PATHFINDER
+           if(conf->check_x509_path){
+               if (curl_easy_setopt(curl, CURLOPT_SSL_CTX_FUNCTION, curl_ssl_ctx_function) != CURLE_OK){
+                   opkg_message(conf, OPKG_DEBUG, "Failed to set ssl path verification callback\n");
+               }else{
+                   curl_easy_setopt(curl, CURLOPT_SSL_CTX_DATA, NULL);
+               }
+           }
+#endif
        }
 
        /* certification authority file and/or path */