blob: ea1113e18b113b4a407a2021a4a13170bcfcf5af [file] [log] [blame]
Jerome Forissier359d4ed2024-10-16 12:04:09 +02001// SPDX-License-Identifier: GPL-2.0+
2/* Copyright (C) 2024 Linaro Ltd. */
3
4#include <command.h>
5#include <console.h>
6#include <display_options.h>
7#include <efi_loader.h>
8#include <image.h>
Jerome Forissierc21e4e32025-04-17 15:26:59 +02009#include <linux/kconfig.h>
Jerome Forissier359d4ed2024-10-16 12:04:09 +020010#include <lwip/apps/http_client.h>
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020011#include "lwip/altcp_tls.h"
Jerome Forissier95b10352025-04-17 15:26:58 +020012#include <lwip/errno.h>
Jerome Forissier359d4ed2024-10-16 12:04:09 +020013#include <lwip/timeouts.h>
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020014#include <rng.h>
Jerome Forissier359d4ed2024-10-16 12:04:09 +020015#include <mapmem.h>
16#include <net.h>
17#include <time.h>
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020018#include <dm/uclass.h>
Jerome Forissier359d4ed2024-10-16 12:04:09 +020019
Heinrich Schuchardtd064fc92024-11-08 18:45:26 +010020#define SERVER_NAME_SIZE 254
Jerome Forissier359d4ed2024-10-16 12:04:09 +020021#define HTTP_PORT_DEFAULT 80
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020022#define HTTPS_PORT_DEFAULT 443
Jerome Forissier359d4ed2024-10-16 12:04:09 +020023#define PROGRESS_PRINT_STEP_BYTES (100 * 1024)
24
25enum done_state {
Jerome Forissier97083502024-11-07 12:27:57 +010026 NOT_DONE = 0,
27 SUCCESS = 1,
28 FAILURE = 2
Jerome Forissier359d4ed2024-10-16 12:04:09 +020029};
30
31struct wget_ctx {
Adriano Cordovaa8a8d5c62024-11-11 18:09:00 -030032 char server_name[SERVER_NAME_SIZE];
33 u16 port;
Jerome Forissier359d4ed2024-10-16 12:04:09 +020034 char *path;
35 ulong daddr;
36 ulong saved_daddr;
37 ulong size;
38 ulong prevsize;
39 ulong start_time;
40 enum done_state done;
41};
42
Adriano Cordova25e88412024-11-11 18:09:01 -030043static void wget_lwip_fill_info(struct pbuf *hdr, u16_t hdr_len, u32_t hdr_cont_len)
44{
Adriano Cordova50a2a0b2024-11-26 13:19:21 -030045 if (wget_info->headers) {
46 if (hdr_len < MAX_HTTP_HEADERS_SIZE)
47 pbuf_copy_partial(hdr, (void *)wget_info->headers, hdr_len, 0);
48 else
49 hdr_len = 0;
50 wget_info->headers[hdr_len] = 0;
51 }
Adriano Cordova25e88412024-11-11 18:09:01 -030052 wget_info->hdr_cont_len = (u32)hdr_cont_len;
53}
54
55static void wget_lwip_set_file_size(u32_t rx_content_len)
56{
57 wget_info->file_size = (ulong)rx_content_len;
58}
59
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020060bool wget_validate_uri(char *uri);
61
62int mbedtls_hardware_poll(void *data, unsigned char *output, size_t len,
63 size_t *olen)
64{
65 struct udevice *dev;
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020066 int ret;
67
68 *olen = 0;
69
70 ret = uclass_get_device(UCLASS_RNG, 0, &dev);
71 if (ret) {
72 log_err("Failed to get an rng: %d\n", ret);
73 return ret;
74 }
Ilias Apalodimas4276a3c2024-11-14 16:29:15 +020075 ret = dm_rng_read(dev, output, len);
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020076 if (ret)
77 return ret;
78
Ilias Apalodimas4276a3c2024-11-14 16:29:15 +020079 *olen = len;
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020080
81 return 0;
82}
83
84static int parse_url(char *url, char *host, u16 *port, char **path,
85 bool *is_https)
Jerome Forissier359d4ed2024-10-16 12:04:09 +020086{
87 char *p, *pp;
88 long lport;
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020089 size_t prefix_len = 0;
Jerome Forissier359d4ed2024-10-16 12:04:09 +020090
Ilias Apalodimas99618ca2024-11-10 10:28:40 +020091 if (!wget_validate_uri(url)) {
92 log_err("Invalid URL. Use http(s)://\n");
93 return -EINVAL;
94 }
95
96 *is_https = false;
97 *port = HTTP_PORT_DEFAULT;
98 prefix_len = strlen("http://");
Jerome Forissier359d4ed2024-10-16 12:04:09 +020099 p = strstr(url, "http://");
100 if (!p) {
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200101 p = strstr(url, "https://");
102 prefix_len = strlen("https://");
103 *port = HTTPS_PORT_DEFAULT;
104 *is_https = true;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200105 }
106
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200107 p += prefix_len;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200108
109 /* Parse hostname */
110 pp = strchr(p, ':');
111 if (!pp)
112 pp = strchr(p, '/');
113 if (!pp)
114 return -EINVAL;
115
116 if (p + SERVER_NAME_SIZE <= pp)
117 return -EINVAL;
118
119 memcpy(host, p, pp - p);
120 host[pp - p] = '\0';
121
122 if (*pp == ':') {
123 /* Parse port number */
124 p = pp + 1;
125 lport = simple_strtol(p, &pp, 10);
126 if (pp && *pp != '/')
127 return -EINVAL;
128 if (lport > 65535)
129 return -EINVAL;
130 *port = (u16)lport;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200131 }
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200132
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200133 if (*pp != '/')
134 return -EINVAL;
135 *path = pp;
136
137 return 0;
138}
139
140/*
141 * Legacy syntax support
142 * Convert [<server_name_or_ip>:]filename into a URL if needed
143 */
144static int parse_legacy_arg(char *arg, char *nurl, size_t rem)
145{
146 char *p = nurl;
147 size_t n;
148 char *col = strchr(arg, ':');
149 char *env;
150 char *server;
151 char *path;
152
153 if (strstr(arg, "http") == arg) {
154 n = snprintf(nurl, rem, "%s", arg);
155 if (n < 0 || n > rem)
156 return -1;
157 return 0;
158 }
159
160 n = snprintf(p, rem, "%s", "http://");
161 if (n < 0 || n > rem)
162 return -1;
163 p += n;
164 rem -= n;
165
166 if (col) {
167 n = col - arg;
168 server = arg;
169 path = col + 1;
170 } else {
171 env = env_get("httpserverip");
172 if (!env)
173 env = env_get("serverip");
174 if (!env) {
175 log_err("error: httpserver/serverip has to be set\n");
176 return -1;
177 }
178 n = strlen(env);
179 server = env;
180 path = arg;
181 }
182
183 if (rem < n)
184 return -1;
Jerome Forissierc7157322024-11-26 15:45:06 +0100185 strncpy(p, server, n);
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200186 p += n;
187 rem -= n;
188 if (rem < 1)
189 return -1;
190 *p = '/';
191 p++;
192 rem--;
193 n = strlen(path);
194 if (rem < n)
195 return -1;
Jerome Forissierc7157322024-11-26 15:45:06 +0100196 strncpy(p, path, n);
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200197 p += n;
198 rem -= n;
199 if (rem < 1)
200 return -1;
201 *p = '\0';
202
203 return 0;
204}
205
Jerome Forissierc21e4e32025-04-17 15:26:59 +0200206/**
207 * store_block() - copy received data
208 *
209 * This function is called by the receive callback to copy a block of data
210 * into its final location (ctx->daddr). Before doing so, it checks if the copy
211 * is allowed.
212 *
213 * @ctx: the context for the current transfer
214 * @src: the data received from the TCP stack
215 * @len: the length of the data
216 */
217static int store_block(struct wget_ctx *ctx, void *src, u16_t len)
218{
219 ulong store_addr = ctx->daddr;
220 uchar *ptr;
221
222 /* Avoid overflow */
223 if (wget_info->buffer_size && wget_info->buffer_size < ctx->size + len)
224 return -1;
225
226 if (CONFIG_IS_ENABLED(LMB) && wget_info->set_bootdev) {
227 if (store_addr + len < store_addr ||
228 lmb_read_check(store_addr, len)) {
229 if (!wget_info->silent) {
230 printf("\nwget error: ");
231 printf("trying to overwrite reserved memory\n");
232 }
233 return -1;
234 }
235 }
236
237 ptr = map_sysmem(store_addr, len);
238 memcpy(ptr, src, len);
239 unmap_sysmem(ptr);
240
241 ctx->daddr += len;
242 ctx->size += len;
243 if (ctx->size - ctx->prevsize > PROGRESS_PRINT_STEP_BYTES) {
244 if (!wget_info->silent)
245 printf("#");
246 ctx->prevsize = ctx->size;
247 }
248
249 return 0;
250}
251
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200252static err_t httpc_recv_cb(void *arg, struct altcp_pcb *pcb, struct pbuf *pbuf,
253 err_t err)
254{
255 struct wget_ctx *ctx = arg;
256 struct pbuf *buf;
Jerome Forissierc21e4e32025-04-17 15:26:59 +0200257 err_t ret;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200258
259 if (!pbuf)
260 return ERR_BUF;
261
262 if (!ctx->start_time)
263 ctx->start_time = get_timer(0);
264
265 for (buf = pbuf; buf; buf = buf->next) {
Jerome Forissierc21e4e32025-04-17 15:26:59 +0200266 if (store_block(ctx, buf->payload, buf->len) < 0) {
267 altcp_abort(pcb);
268 ret = ERR_BUF;
269 goto out;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200270 }
271 }
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200272 altcp_recved(pcb, pbuf->tot_len);
Jerome Forissierc21e4e32025-04-17 15:26:59 +0200273 ret = ERR_OK;
274out:
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200275 pbuf_free(pbuf);
Jerome Forissierc21e4e32025-04-17 15:26:59 +0200276 return ret;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200277}
278
279static void httpc_result_cb(void *arg, httpc_result_t httpc_result,
280 u32_t rx_content_len, u32_t srv_res, err_t err)
281{
282 struct wget_ctx *ctx = arg;
283 ulong elapsed;
284
Adriano Cordova25e88412024-11-11 18:09:01 -0300285 wget_info->status_code = (u32)srv_res;
286
287 if (err == ERR_BUF) {
288 ctx->done = FAILURE;
289 return;
290 }
291
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200292 if (httpc_result != HTTPC_RESULT_OK) {
293 log_err("\nHTTP client error %d\n", httpc_result);
294 ctx->done = FAILURE;
295 return;
296 }
297 if (srv_res != 200) {
298 log_err("\nHTTP server error %d\n", srv_res);
299 ctx->done = FAILURE;
300 return;
301 }
302
303 elapsed = get_timer(ctx->start_time);
304 if (!elapsed)
305 elapsed = 1;
Jerome Forissier95b10352025-04-17 15:26:58 +0200306 if (!wget_info->silent) {
307 if (rx_content_len > PROGRESS_PRINT_STEP_BYTES)
308 printf("\n");
309 printf("%u bytes transferred in %lu ms (", rx_content_len,
310 elapsed);
311 print_size(rx_content_len / elapsed * 1000, "/s)\n");
312 printf("Bytes transferred = %lu (%lx hex)\n", ctx->size,
313 ctx->size);
314 }
Adriano Cordova93cba0f2024-12-04 00:05:23 -0300315 if (wget_info->set_bootdev)
316 efi_set_bootdev("Http", ctx->server_name, ctx->path, map_sysmem(ctx->saved_daddr, 0),
Adriano Cordova25e88412024-11-11 18:09:01 -0300317 rx_content_len);
Adriano Cordova25e88412024-11-11 18:09:01 -0300318 wget_lwip_set_file_size(rx_content_len);
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200319 if (env_set_hex("filesize", rx_content_len) ||
320 env_set_hex("fileaddr", ctx->saved_daddr)) {
321 log_err("Could not set filesize or fileaddr\n");
322 ctx->done = FAILURE;
323 return;
324 }
325
326 ctx->done = SUCCESS;
327}
328
Adriano Cordova25e88412024-11-11 18:09:01 -0300329static err_t httpc_headers_done_cb(httpc_state_t *connection, void *arg, struct pbuf *hdr,
330 u16_t hdr_len, u32_t content_len)
331{
332 wget_lwip_fill_info(hdr, hdr_len, content_len);
333
334 if (wget_info->check_buffer_size && (ulong)content_len > wget_info->buffer_size)
335 return ERR_BUF;
336
337 return ERR_OK;
338}
339
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100340#if CONFIG_IS_ENABLED(WGET_HTTPS)
341enum auth_mode {
342 AUTH_NONE,
343 AUTH_OPTIONAL,
344 AUTH_REQUIRED,
345};
346
347static char *cacert;
348static size_t cacert_size;
349static enum auth_mode cacert_auth_mode = AUTH_OPTIONAL;
350#endif
351
352#if CONFIG_IS_ENABLED(WGET_CACERT)
353static int set_auth(enum auth_mode auth)
354{
355 cacert_auth_mode = auth;
356
357 return CMD_RET_SUCCESS;
358}
Jerome Forissier7231a692025-03-05 15:26:45 +0100359#endif
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100360
Jerome Forissier7231a692025-03-05 15:26:45 +0100361#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
362extern const char builtin_cacert[];
363extern const size_t builtin_cacert_size;
364static bool cacert_initialized;
365#endif
366
367#if CONFIG_IS_ENABLED(WGET_CACERT) || CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
368static int _set_cacert(const void *addr, size_t sz)
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100369{
370 mbedtls_x509_crt crt;
Jerome Forissier7231a692025-03-05 15:26:45 +0100371 void *p;
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100372 int ret;
373
374 if (cacert)
375 free(cacert);
376
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100377 if (!addr) {
378 cacert = NULL;
379 cacert_size = 0;
380 return CMD_RET_SUCCESS;
381 }
382
Jerome Forissier7231a692025-03-05 15:26:45 +0100383 p = malloc(sz);
384 if (!p)
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100385 return CMD_RET_FAILURE;
Jerome Forissier7231a692025-03-05 15:26:45 +0100386 cacert = p;
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100387 cacert_size = sz;
388
389 memcpy(cacert, (void *)addr, sz);
390
391 mbedtls_x509_crt_init(&crt);
392 ret = mbedtls_x509_crt_parse(&crt, cacert, cacert_size);
393 if (ret) {
Jerome Forissier95b10352025-04-17 15:26:58 +0200394 if (!wget_info->silent)
395 printf("Could not parse certificates (%d)\n", ret);
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100396 free(cacert);
397 cacert = NULL;
398 cacert_size = 0;
399 return CMD_RET_FAILURE;
400 }
401
Jerome Forissier7231a692025-03-05 15:26:45 +0100402#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
403 cacert_initialized = true;
404#endif
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100405 return CMD_RET_SUCCESS;
406}
Jerome Forissier7231a692025-03-05 15:26:45 +0100407
408#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
409static int set_cacert_builtin(void)
410{
411 return _set_cacert(builtin_cacert, builtin_cacert_size);
412}
413#endif
414
415#if CONFIG_IS_ENABLED(WGET_CACERT)
416static int set_cacert(char * const saddr, char * const ssz)
417{
418 ulong addr, sz;
419
420 addr = hextoul(saddr, NULL);
421 sz = hextoul(ssz, NULL);
422
423 return _set_cacert((void *)addr, sz);
424}
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100425#endif
Jerome Forissier7231a692025-03-05 15:26:45 +0100426#endif /* CONFIG_WGET_CACERT || CONFIG_WGET_BUILTIN_CACERT */
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100427
Jerome Forissier1187b4e2025-04-17 15:26:57 +0200428int wget_do_request(ulong dst_addr, char *uri)
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200429{
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100430#if CONFIG_IS_ENABLED(WGET_HTTPS)
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200431 altcp_allocator_t tls_allocator;
432#endif
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200433 httpc_connection_t conn;
434 httpc_state_t *state;
Jerome Forissier1187b4e2025-04-17 15:26:57 +0200435 struct udevice *udev;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200436 struct netif *netif;
437 struct wget_ctx ctx;
438 char *path;
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200439 bool is_https;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200440
441 ctx.daddr = dst_addr;
442 ctx.saved_daddr = dst_addr;
443 ctx.done = NOT_DONE;
444 ctx.size = 0;
445 ctx.prevsize = 0;
446 ctx.start_time = 0;
447
Adriano Cordova484ade32024-12-03 09:55:34 -0300448 if (parse_url(uri, ctx.server_name, &ctx.port, &path, &is_https))
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200449 return CMD_RET_USAGE;
450
Jerome Forissier1187b4e2025-04-17 15:26:57 +0200451 if (net_lwip_eth_start() < 0)
452 return CMD_RET_FAILURE;
453
454 if (!wget_info)
455 wget_info = &default_wget_info;
456
457 udev = eth_get_dev();
458
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200459 netif = net_lwip_new_netif(udev);
460 if (!netif)
461 return -1;
462
463 memset(&conn, 0, sizeof(conn));
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100464#if CONFIG_IS_ENABLED(WGET_HTTPS)
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200465 if (is_https) {
Jerome Forissier7231a692025-03-05 15:26:45 +0100466 char *ca;
467 size_t ca_sz;
468
469#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
470 if (!cacert_initialized)
471 set_cacert_builtin();
472#endif
473 ca = cacert;
474 ca_sz = cacert_size;
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100475
476 if (cacert_auth_mode == AUTH_REQUIRED) {
477 if (!ca || !ca_sz) {
Jerome Forissier95b10352025-04-17 15:26:58 +0200478 if (!wget_info->silent)
479 printf("Error: cacert authentication "
480 "mode is 'required' but no CA "
481 "certificates given\n");
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100482 return CMD_RET_FAILURE;
483 }
484 } else if (cacert_auth_mode == AUTH_NONE) {
485 ca = NULL;
486 ca_sz = 0;
487 } else if (cacert_auth_mode == AUTH_OPTIONAL) {
488 /*
489 * Nothing to do, this is the default behavior of
490 * altcp_tls to check server certificates against CA
491 * certificates when the latter are provided and proceed
492 * with no verification if not.
493 */
494 }
495
Jerome Forissier95b10352025-04-17 15:26:58 +0200496 if (!ca && !wget_info->silent) {
497 printf("WARNING: no CA certificates, ");
498 printf("HTTPS connections not authenticated\n");
499 }
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200500 tls_allocator.alloc = &altcp_tls_alloc;
501 tls_allocator.arg =
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100502 altcp_tls_create_config_client(ca, ca_sz,
503 ctx.server_name);
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200504
505 if (!tls_allocator.arg) {
506 log_err("error: Cannot create a TLS connection\n");
507 net_lwip_remove_netif(netif);
508 return -1;
509 }
510
511 conn.altcp_allocator = &tls_allocator;
512 }
513#endif
514
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200515 conn.result_fn = httpc_result_cb;
Adriano Cordova25e88412024-11-11 18:09:01 -0300516 conn.headers_done_fn = httpc_headers_done_cb;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200517 ctx.path = path;
Adriano Cordovaa8a8d5c62024-11-11 18:09:00 -0300518 if (httpc_get_file_dns(ctx.server_name, ctx.port, path, &conn, httpc_recv_cb,
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200519 &ctx, &state)) {
520 net_lwip_remove_netif(netif);
521 return CMD_RET_FAILURE;
522 }
523
Jerome Forissier95b10352025-04-17 15:26:58 +0200524 errno = 0;
525
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200526 while (!ctx.done) {
527 net_lwip_rx(udev, netif);
528 sys_check_timeouts();
529 if (ctrlc())
530 break;
531 }
532
533 net_lwip_remove_netif(netif);
534
535 if (ctx.done == SUCCESS)
536 return 0;
537
Jerome Forissier95b10352025-04-17 15:26:58 +0200538 if (errno == EPERM && !wget_info->silent)
539 printf("Certificate verification failed\n");
540
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200541 return -1;
542}
543
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200544int do_wget(struct cmd_tbl *cmdtp, int flag, int argc, char * const argv[])
545{
546 char *end;
547 char *url;
548 ulong dst_addr;
549 char nurl[1024];
550
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100551#if CONFIG_IS_ENABLED(WGET_CACERT)
552 if (argc == 4 && !strncmp(argv[1], "cacert", strlen("cacert")))
553 return set_cacert(argv[2], argv[3]);
554 if (argc == 3 && !strncmp(argv[1], "cacert", strlen("cacert"))) {
Jerome Forissier7231a692025-03-05 15:26:45 +0100555#if CONFIG_IS_ENABLED(WGET_BUILTIN_CACERT)
556 if (!strncmp(argv[2], "builtin", strlen("builtin")))
557 return set_cacert_builtin();
558#endif
Jerome Forissier8fa383d2025-03-05 15:26:42 +0100559 if (!strncmp(argv[2], "none", strlen("none")))
560 return set_auth(AUTH_NONE);
561 if (!strncmp(argv[2], "optional", strlen("optional")))
562 return set_auth(AUTH_OPTIONAL);
563 if (!strncmp(argv[2], "required", strlen("required")))
564 return set_auth(AUTH_REQUIRED);
565 return CMD_RET_USAGE;
566 }
567#endif
568
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200569 if (argc < 2 || argc > 3)
570 return CMD_RET_USAGE;
571
572 dst_addr = hextoul(argv[1], &end);
Jerome Forissier97083502024-11-07 12:27:57 +0100573 if (end == (argv[1] + strlen(argv[1]))) {
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200574 if (argc < 3)
575 return CMD_RET_USAGE;
576 url = argv[2];
577 } else {
578 dst_addr = image_load_addr;
579 url = argv[1];
580 }
581
582 if (parse_legacy_arg(url, nurl, sizeof(nurl)))
Jerome Forissier97083502024-11-07 12:27:57 +0100583 return CMD_RET_FAILURE;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200584
Adriano Cordova25e88412024-11-11 18:09:01 -0300585 wget_info = &default_wget_info;
Adriano Cordovab479fc42024-12-04 00:05:16 -0300586 if (wget_do_request(dst_addr, nurl))
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200587 return CMD_RET_FAILURE;
588
589 return CMD_RET_SUCCESS;
590}
591
592/**
593 * wget_validate_uri() - validate the uri for wget
594 *
595 * @uri: uri string
596 *
597 * This function follows the current U-Boot wget implementation.
598 * scheme: only "http:" is supported
599 * authority:
600 * - user information: not supported
601 * - host: supported
602 * - port: not supported(always use the default port)
603 *
604 * Uri is expected to be correctly percent encoded.
605 * This is the minimum check, control codes(0x1-0x19, 0x7F, except '\0')
606 * and space character(0x20) are not allowed.
607 *
608 * TODO: stricter uri conformance check
609 *
610 * Return: true on success, false on failure
611 */
612bool wget_validate_uri(char *uri)
613{
614 char c;
615 bool ret = true;
616 char *str_copy, *s, *authority;
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200617 size_t prefix_len = 0;
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200618
619 for (c = 0x1; c < 0x21; c++) {
620 if (strchr(uri, c)) {
621 log_err("invalid character is used\n");
622 return false;
623 }
624 }
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200625
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200626 if (strchr(uri, 0x7f)) {
627 log_err("invalid character is used\n");
628 return false;
629 }
630
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200631 if (!strncmp(uri, "http://", strlen("http://"))) {
632 prefix_len = strlen("http://");
Jerome Forissier42129542025-02-04 17:00:49 +0100633 } else if (CONFIG_IS_ENABLED(WGET_HTTPS)) {
634 if (!strncmp(uri, "https://", strlen("https://"))) {
635 prefix_len = strlen("https://");
636 } else {
637 log_err("only http(s):// is supported\n");
638 return false;
639 }
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200640 } else {
Jerome Forissier42129542025-02-04 17:00:49 +0100641 log_err("only http:// is supported\n");
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200642 return false;
643 }
Ilias Apalodimas99618ca2024-11-10 10:28:40 +0200644
Jerome Forissier359d4ed2024-10-16 12:04:09 +0200645 str_copy = strdup(uri);
646 if (!str_copy)
647 return false;
648
649 s = str_copy + strlen("http://");
650 authority = strsep(&s, "/");
651 if (!s) {
652 log_err("invalid uri, no file path\n");
653 ret = false;
654 goto out;
655 }
656 s = strchr(authority, '@');
657 if (s) {
658 log_err("user information is not supported\n");
659 ret = false;
660 goto out;
661 }
662
663out:
664 free(str_copy);
665
666 return ret;
667}