Build and send post body data via a file on disk in order to support …

…data with null-bytes
acmesh-official · Apr 5, 2024 · 90a91a2 · 90a91a2
1 parent 0bb7b3d
commit 90a91a2
Show file tree

Hide file tree

Showing 2 changed files with 49 additions and 36 deletions.
diff --git a/acme.sh b/acme.sh
@@ -1901,13 +1901,14 @@ _inithttp() {
 
 }
 
-# body  url [needbase64] [POST|PUT|DELETE] [ContentType]
+# body  url [needbase64] [POST|PUT|DELETE] [ContentType] [ReadBodyFromFile]
 _post() {
   body="$1"
   _post_url="$2"
   needbase64="$3"
   httpmethod="$4"
   _postContentType="$5"
+  readBodyFromFile="${6:-0}"
 
   if [ -z "$httpmethod" ]; then
     httpmethod="POST"
@@ -1916,6 +1917,7 @@ _post() {
   _debug "_post_url" "$_post_url"
   _debug2 "body" "$body"
   _debug2 "_postContentType" "$_postContentType"
+  _debug2 "readBodyFromFile" "$readBodyFromFile"
 
   _inithttp
 
@@ -1928,12 +1930,21 @@ _post() {
       _CURL="$_CURL -I  "
     fi
     _debug "_CURL" "$_CURL"
+
+    if [ "$readBodyFromFile" = "0" ]; then
+      _CURL_DATA_ARG="--data"
+      _CURL_FILE_PREFIX=''
+    else
+      _CURL_DATA_ARG="--data-binary"
+      _CURL_FILE_PREFIX='@'
+    fi
+
     if [ "$needbase64" ]; then
       if [ "$body" ]; then
         if [ "$_postContentType" ]; then
-          response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
+          response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $_CURL_DATA_ARG "${_CURL_FILE_PREFIX}$body" "$_post_url" | _base64)"
         else
-          response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url" | _base64)"
+          response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $_CURL_DATA_ARG "${_CURL_FILE_PREFIX}$body" "$_post_url" | _base64)"
         fi
       else
         if [ "$_postContentType" ]; then
@@ -1945,9 +1956,9 @@ _post() {
     else
       if [ "$body" ]; then
         if [ "$_postContentType" ]; then
-          response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
+          response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "Content-Type: $_postContentType" -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $_CURL_DATA_ARG "${_CURL_FILE_PREFIX}$body" "$_post_url")"
         else
-          response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" --data "$body" "$_post_url")"
+          response="$($_CURL --user-agent "$USER_AGENT" -X $httpmethod -H "$_H1" -H "$_H2" -H "$_H3" -H "$_H4" -H "$_H5" $_CURL_DATA_ARG "${_CURL_FILE_PREFIX}$body" "$_post_url")"
         fi
       else
         if [ "$_postContentType" ]; then
@@ -1974,38 +1985,45 @@ _post() {
       _WGET="$_WGET --read-timeout=3.0  --tries=2  "
     fi
     _debug "_WGET" "$_WGET"
+
+    if [ "$readBodyFromFile" = "0" ]; then
+      _WGET_DATA_ARG_POSTFIX='data'
+    else
+      _WGET_DATA_ARG_POSTFIX='file'
+    fi
+
     if [ "$needbase64" ]; then
       if [ "$httpmethod" = "POST" ]; then
         if [ "$_postContentType" ]; then
-          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
+          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
         else
-          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
+          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
         fi
       else
         if [ "$_postContentType" ]; then
-          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
+          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --method $httpmethod --body-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
         else
-          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
+          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER" | _base64)"
         fi
       fi
     else
       if [ "$httpmethod" = "POST" ]; then
         if [ "$_postContentType" ]; then
-          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
+          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER")"
         else
-          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
+          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER")"
         fi
       elif [ "$httpmethod" = "HEAD" ]; then
         if [ "$_postContentType" ]; then
-          response="$($_WGET --spider -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
+          response="$($_WGET --spider -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --post-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER")"
         else
-          response="$($_WGET --spider -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
+          response="$($_WGET --spider -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --post-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER")"
         fi
       else
         if [ "$_postContentType" ]; then
-          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
+          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --header "Content-Type: $_postContentType" --method $httpmethod --body-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER")"
         else
-          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-data="$body" "$_post_url" 2>"$HTTP_HEADER")"
+          response="$($_WGET -S -O - --user-agent="$USER_AGENT" --header "$_H5" --header "$_H4" --header "$_H3" --header "$_H2" --header "$_H1" --method $httpmethod --body-${_WGET_DATA_ARG_POSTFIX}="$body" "$_post_url" 2>"$HTTP_HEADER")"
         fi
       fi
     fi

diff --git a/deploy/zyxel_gs1900.sh b/deploy/zyxel_gs1900.sh
@@ -247,7 +247,8 @@ _zyxel_gs1900_upload_certificate() {
   # Generate a PKCS12 certificate with a temporary password since the web interface
   # requires a password be present. Then upload that certificate.
   temp_cert_password=$(head /dev/urandom | tr -dc 'A-Za-z0-9' | head -c 64)
-  _secure_debug2 "tmp_cert_password" "$temp_cert_password"
+  temp_cert_password="password"
+  _secure_debug2 "temp_cert_password" "$temp_cert_password"
 
   temp_pkcs12="$(_mktemp)"
   _debug2 "temp_pkcs12" "$temp_pkcs12"
@@ -278,37 +279,31 @@ _zyxel_gs1900_upload_certificate() {
   _info "Generating the certificate upload request"
   upload_post_request="$(_mktemp)"
   upload_post_boundary="---------------------------$(date +%Y%m%d%H%M%S)"
+
   {
-    printf -- "--"
-    printf -- "%s\r\n" "${upload_post_boundary}"
+    printf -- "--%s\r\n" "${upload_post_boundary}"
     printf "Content-Disposition: form-data; name=\"XSSID\"\r\n\r\n%s\r\n" "${form_xss_value}"
-    printf -- "--"
-    printf -- "%s\r\n" "${upload_post_boundary}"
-    printf "Content-Disposition: form-data; name=\"pwd\"\r\n\r\n%s\r\n" "${tmp_cert_password}"
-    printf -- "--"
-    printf -- "%s\r\n" "${upload_post_boundary}"
-    printf "Content-Disposition: form-data; name=\"cmd\"\r\n\r\n%s\r\n" "31"
-    printf -- "--"
-    printf -- "%s\r\n" "${upload_post_boundary}"
-    printf "Content-Disposition: form-data; name=\"sysSubmit\"\r\n\r\n%s\r\n" "Import"
-    printf -- "--"
-    printf -- "%s\r\n" "${upload_post_boundary}"
-    printf "Content-Disposition: form-data; name=\"http_file\"; filename=\"cert.pfx\"\r\n"
-    printf "Content-Type: application/octet-stream\r\n\r\n"
+    printf -- "--%s\r\n" "${upload_post_boundary}"
+    printf "Content-Disposition: form-data; name=\"http_file\"; filename=\"temp_pkcs12.pfx\"\r\n"
+    printf "Content-Type: application/pkcs12\r\n\r\n"
     cat "${temp_pkcs12}"
     printf "\r\n"
-    printf -- "--"
-    printf -- "%s--" "${upload_post_boundary}"
-  } >>"${upload_post_request}"
+    printf -- "--%s\r\n" "${upload_post_boundary}"
+    printf "Content-Disposition: form-data; name=\"pwd\"\r\n\r\n%s\r\n" "${temp_cert_password}"
+    printf -- "--%s\r\n" "${upload_post_boundary}"
+    printf "Content-Disposition: form-data; name=\"cmd\"\r\n\r\n%s\r\n" "31"
+    printf -- "--%s\r\n" "${upload_post_boundary}"
+    printf "Content-Disposition: form-data; name=\"sysSubmit\"\r\n\r\n%s\r\n" "Import"
+    printf -- "--%s--\r\n" "${upload_post_boundary}"
+  } > "${upload_post_request}"
 
   _info "Upload certificate to the switch"
 
   # Unfortunately we cannot rely upon the switch response across switch models
   # to return a consistent body return - so we cannot inspect the result of this
   # upload to determine success. We will need to re-query the certificates page
   # and compare the validity dates to try and identify if they have changed.
-  export _H2="Content-type: multipart/form-data boundary=${upload_post_boundary}"
-  _post "$(cat "${upload_post_request}")" "${_zyxel_switch_base_uri}/cgi-bin/httpuploadcert.cgi"
+  _post "${upload_post_request}" "${_zyxel_switch_base_uri}/cgi-bin/httpuploadcert.cgi" '' "POST" "multipart/form-data; boundary=${upload_post_boundary}" '1'
   rm "${upload_post_request}"
 
   # Pause for a few seconds to give the switch a chance to process the certificate