From f1f9181f8f4d1c028699c9065064f1bf4f47b703 Mon Sep 17 00:00:00 2001
From: eadler <eadler@FreeBSD.org>
Date: Fri, 14 Sep 2012 12:15:13 +0000
Subject: Adding missing return statements during error conditions.

PR:		kern/171187
Submitted by:	Mark Johnston <markjdb@gmail.com>
Reviewed by:	des
Approved by:	cperciva
MFC after:	2 weeks
---
 lib/libfetch/file.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'lib/libfetch')

diff --git a/lib/libfetch/file.c b/lib/libfetch/file.c
index 8569ff3..8c1d404 100644
--- a/lib/libfetch/file.c
+++ b/lib/libfetch/file.c
@@ -50,12 +50,15 @@ fetchXGetFile(struct url *u, struct url_stat *us, const char *flags)
 
 	f = fopen(u->doc, "r");
 
-	if (f == NULL)
+	if (f == NULL) {
 		fetch_syserr();
+		return (NULL);
+	}
 
 	if (u->offset && fseeko(f, u->offset, SEEK_SET) == -1) {
 		fclose(f);
 		fetch_syserr();
+		return (NULL);
 	}
 
 	fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
@@ -78,12 +81,15 @@ fetchPutFile(struct url *u, const char *flags)
 	else
 		f = fopen(u->doc, "w+");
 
-	if (f == NULL)
+	if (f == NULL) {
 		fetch_syserr();
+		return (NULL);
+	}
 
 	if (u->offset && fseeko(f, u->offset, SEEK_SET) == -1) {
 		fclose(f);
 		fetch_syserr();
+		return (NULL);
 	}
 
 	fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
-- 
cgit v1.1


From d123c9234ae289c7dbbfc08aa606b6210225894c Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Fri, 14 Sep 2012 13:00:43 +0000
Subject: Use libmd if and only if OpenSSL is not available.

PR:		bin/171402
MFC after:	3 days
---
 lib/libfetch/Makefile | 4 ++--
 lib/libfetch/http.c   | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

(limited to 'lib/libfetch')

diff --git a/lib/libfetch/Makefile b/lib/libfetch/Makefile
index 7b29aa2..085aba2 100644
--- a/lib/libfetch/Makefile
+++ b/lib/libfetch/Makefile
@@ -16,8 +16,8 @@ CFLAGS+=	-DINET6
 
 .if ${MK_OPENSSL} != "no"
 CFLAGS+=	-DWITH_SSL
-DPADD=		${LIBSSL} ${LIBCRYPTO} ${LIBMD}
-LDADD=		-lssl -lcrypto -lmd
+DPADD=		${LIBSSL} ${LIBCRYPTO}
+LDADD=		-lssl -lcrypto
 .else
 DPADD=		${LIBMD}
 LDADD=		-lmd
diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c
index f6e063a..97fe47c 100644
--- a/lib/libfetch/http.c
+++ b/lib/libfetch/http.c
@@ -76,7 +76,15 @@ __FBSDID("$FreeBSD$");
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
+
+#ifdef WITH_SSL
+#include <openssl/md5.h>
+#define MD5Init(c) MD5_Init(c)
+#define MD5Update(c, data, len) MD5_Update(c, data, len)
+#define MD5Final(md, c) MD5_Final(md, c)
+#else
 #include <md5.h>
+#endif
 
 #include <netinet/in.h>
 #include <netinet/tcp.h>
-- 
cgit v1.1


From e82cfe8e3006fa9ec6e0f1cf5bfc82b3668f5dda Mon Sep 17 00:00:00 2001
From: eadler <eadler@FreeBSD.org>
Date: Mon, 22 Oct 2012 03:00:04 +0000
Subject: Be a bit more lenient in the maximum number of redirects allowed.
 Chrome and Firefox have a limit of 20. IE has a limit of 8.

Reviewed by:	des
Approved by:	cperciva
MFC after:	3 days
---
 lib/libfetch/http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/libfetch')

diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c
index 97fe47c..d10e644 100644
--- a/lib/libfetch/http.c
+++ b/lib/libfetch/http.c
@@ -94,7 +94,7 @@ __FBSDID("$FreeBSD$");
 #include "httperr.h"
 
 /* Maximum number of redirects to follow */
-#define MAX_REDIRECT 5
+#define MAX_REDIRECT 20
 
 /* Symbolic names for reply codes we care about */
 #define HTTP_OK			200
-- 
cgit v1.1


From f647c87f9c373d56d14471b8600d0151acf7ebb0 Mon Sep 17 00:00:00 2001
From: eadler <eadler@FreeBSD.org>
Date: Mon, 22 Oct 2012 03:00:10 +0000
Subject: Don't deny non-temporary redirects if the -A option is set (per the
 man page) [0]

While here add support for draft-reschke-http-status-308-07

PR:		172451 [0]
Submitted by:	gcooper [0]
Reviewed by:	des
Approved by:	cperciva
MFC after:	1 week
---
 lib/libfetch/http.c      | 14 ++++++++++++--
 lib/libfetch/http.errors |  1 +
 2 files changed, 13 insertions(+), 2 deletions(-)

(limited to 'lib/libfetch')

diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c
index d10e644..a1166bc 100644
--- a/lib/libfetch/http.c
+++ b/lib/libfetch/http.c
@@ -104,6 +104,7 @@ __FBSDID("$FreeBSD$");
 #define HTTP_SEE_OTHER		303
 #define HTTP_NOT_MODIFIED	304
 #define HTTP_TEMP_REDIRECT	307
+#define HTTP_PERM_REDIRECT	308
 #define HTTP_NEED_AUTH		401
 #define HTTP_NEED_PROXY_AUTH	407
 #define HTTP_BAD_RANGE		416
@@ -1524,8 +1525,7 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
 	/* try the provided URL first */
 	url = URL;
 
-	/* if the A flag is set, we only get one try */
-	n = noredirect ? 1 : MAX_REDIRECT;
+	n = MAX_REDIRECT;
 	i = 0;
 
 	e = HTTP_PROTOCOL_ERROR;
@@ -1772,6 +1772,16 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
 			case hdr_location:
 				if (!HTTP_REDIRECT(conn->err))
 					break;
+				/*
+				 * if the A flag is set, we don't follow
+				 * temporary redirects.
+				 */
+				if (noredirect &&
+				    conn->err != HTTP_MOVED_PERM &&
+				    conn->err != HTTP_PERM_REDIRECT) {
+					n = 1;
+					break;
+                                }
 				if (new)
 					free(new);
 				if (verbose)
diff --git a/lib/libfetch/http.errors b/lib/libfetch/http.errors
index 1f38574..e5389fe 100644
--- a/lib/libfetch/http.errors
+++ b/lib/libfetch/http.errors
@@ -18,6 +18,7 @@
 304 OK		Not Modified
 305 INFO	Use Proxy
 307 MOVED	Temporary Redirect
+308 MOVED	Permanent Redirect
 400 PROTO	Bad Request
 401 AUTH	Unauthorized
 402 AUTH	Payment Required
-- 
cgit v1.1


From 106fb1fefe19b26bf51d5f5a28146daa42b7b0c8 Mon Sep 17 00:00:00 2001
From: eadler <eadler@FreeBSD.org>
Date: Mon, 22 Oct 2012 03:00:15 +0000
Subject: Implement HTTP 305 redirect handling.

PR:		172452
Submitted by:	gcooper
Reviewed by:	des
Approved by:	cperciva
MFC after:	1 week
---
 lib/libfetch/http.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'lib/libfetch')

diff --git a/lib/libfetch/http.c b/lib/libfetch/http.c
index a1166bc..00dd887 100644
--- a/lib/libfetch/http.c
+++ b/lib/libfetch/http.c
@@ -103,6 +103,7 @@ __FBSDID("$FreeBSD$");
 #define HTTP_MOVED_TEMP		302
 #define HTTP_SEE_OTHER		303
 #define HTTP_NOT_MODIFIED	304
+#define HTTP_USE_PROXY		305
 #define HTTP_TEMP_REDIRECT	307
 #define HTTP_PERM_REDIRECT	308
 #define HTTP_NEED_AUTH		401
@@ -113,6 +114,7 @@ __FBSDID("$FreeBSD$");
 #define HTTP_REDIRECT(xyz) ((xyz) == HTTP_MOVED_PERM \
 			    || (xyz) == HTTP_MOVED_TEMP \
 			    || (xyz) == HTTP_TEMP_REDIRECT \
+			    || (xyz) == HTTP_USE_PROXY \
 			    || (xyz) == HTTP_SEE_OTHER)
 
 #define HTTP_ERROR(xyz) ((xyz) > 400 && (xyz) < 599)
@@ -1697,6 +1699,7 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
 		case HTTP_MOVED_PERM:
 		case HTTP_MOVED_TEMP:
 		case HTTP_SEE_OTHER:
+		case HTTP_USE_PROXY:
 			/*
 			 * Not so fine, but we still have to read the
 			 * headers to get the new location.
@@ -1778,7 +1781,8 @@ http_request(struct url *URL, const char *op, struct url_stat *us,
 				 */
 				if (noredirect &&
 				    conn->err != HTTP_MOVED_PERM &&
-				    conn->err != HTTP_PERM_REDIRECT) {
+				    conn->err != HTTP_PERM_REDIRECT &&
+				    conn->err != HTTP_USE_PROXY) {
 					n = 1;
 					break;
                                 }
-- 
cgit v1.1