[PATCH] wget: don't silently ignore certificate validation

Jakub Jirutka jakub at jirutka.cz
Thu May 24 16:50:18 UTC 2018


Internal TLS code (FEATURE_WGET_HTTPS) does not implement validation
of the server's certificate.  It is documented in the code, but not
even mentioned in the --help message, so users typically don't know
about this behaviour.  That's a crime against security!

This patch changes this behaviour for the case when both
FEATURE_WGET_LONG_OPTIONS and FEATURE_WGET_HTTPS are enabled - any
attempt to open a TLS connection using internal TLS code (i.e. without
certificate validation) ends with error, unless the user specified
option "--no-check-certificate".
---
 networking/wget.c | 30 +++++++++++++++++++-----------
 1 file changed, 19 insertions(+), 11 deletions(-)

diff --git a/networking/wget.c b/networking/wget.c
index 30c339244..074de9184 100644
--- a/networking/wget.c
+++ b/networking/wget.c
@@ -136,18 +136,21 @@
 //usage:#define wget_full_usage "\n\n"
 //usage:       "Retrieve files via HTTP or FTP\n"
 //usage:	IF_FEATURE_WGET_LONG_OPTIONS(
-//usage:     "\n	--spider	Only check URL existence: $? is 0 if exists"
+//usage:     "\n	--spider		Only check URL existence: $? is 0 if exists"
+//usage:		IF_FEATURE_WGET_HTTPS(
+//usage:     "\n	--no-check-certificate	Don't validate the server's certificate"
+//usage:		)
 //usage:	)
-//usage:     "\n	-c		Continue retrieval of aborted transfer"
-//usage:     "\n	-q		Quiet"
-//usage:     "\n	-P DIR		Save to DIR (default .)"
-//usage:     "\n	-S    		Show server response"
+//usage:     "\n	-c			Continue retrieval of aborted transfer"
+//usage:     "\n	-q			Quiet"
+//usage:     "\n	-P DIR			Save to DIR (default .)"
+//usage:     "\n	-S    			Show server response"
 //usage:	IF_FEATURE_WGET_TIMEOUT(
-//usage:     "\n	-T SEC		Network read timeout is SEC seconds"
+//usage:     "\n	-T SEC			Network read timeout is SEC seconds"
 //usage:	)
-//usage:     "\n	-O FILE		Save to FILE ('-' for stdout)"
-//usage:     "\n	-U STR		Use STR for User-Agent header"
-//usage:     "\n	-Y on/off	Use proxy"
+//usage:     "\n	-O FILE			Save to FILE ('-' for stdout)"
+//usage:     "\n	-U STR			Use STR for User-Agent header"
+//usage:     "\n	-Y on/off		Use proxy"
 
 #include "libbb.h"
 
@@ -271,6 +274,7 @@ enum {
 	WGET_OPT_HEADER     = (1 << 10) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
 	WGET_OPT_POST_DATA  = (1 << 11) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
 	WGET_OPT_SPIDER     = (1 << 12) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
+	WGET_OPT_NO_CHECK_CERT = (1 << 13) * ENABLE_FEATURE_WGET_LONG_OPTIONS,
 };
 
 enum {
@@ -714,6 +718,11 @@ static void spawn_ssl_client(const char *host, int network_fd, int flags)
 	int pid;
 	char *servername, *p;
 
+#if ENABLE_FEATURE_WGET_LONG_OPTIONS
+	if (!(option_mask32 & WGET_OPT_NO_CHECK_CERT))
+		bb_error_msg_and_die("unable to validate the server's certificate");
+#endif
+
 	servername = xstrdup(host);
 	p = strrchr(servername, ':');
 	if (p) *p = '\0';
@@ -1402,10 +1411,9 @@ IF_DESKTOP(	"tries\0"            Required_argument "t")
 		"header\0"           Required_argument "\xff"
 		"post-data\0"        Required_argument "\xfe"
 		"spider\0"           No_argument       "\xfd"
+		"no-check-certificate\0" No_argument   "\xfc"
 		/* Ignored (we always use PASV): */
 IF_DESKTOP(	"passive-ftp\0"      No_argument       "\xf0")
-		/* Ignored (we don't do ssl) */
-IF_DESKTOP(	"no-check-certificate\0" No_argument   "\xf0")
 		/* Ignored (we don't support caching) */
 IF_DESKTOP(	"no-cache\0"         No_argument       "\xf0")
 IF_DESKTOP(	"no-verbose\0"       No_argument       "\xf0")
-- 
2.17.0



More information about the busybox mailing list