From: Fabian Keil Date: Thu, 25 Mar 2021 10:06:54 +0000 (+0100) Subject: receive_client_request(): Reject https URLs without CONNECT request X-Git-Tag: v_3_0_34~141 X-Git-Url: http://www.privoxy.org/gitweb/%22https:/faq/developer-manual/man-page/static/easr?a=commitdiff_plain;h=358601f7ad1aa1ad97dce91261e584c65296ab64;p=privoxy.git receive_client_request(): Reject https URLs without CONNECT request --- diff --git a/jcc.c b/jcc.c index 36ac4f06..17aa0392 100644 --- a/jcc.c +++ b/jcc.c @@ -1813,6 +1813,19 @@ static jb_err receive_client_request(struct client_state *csp) free_http_request(http); return JB_ERR_PARSE; } + if (http->ssl && strcmpic(http->gpc, "CONNECT")) + { + write_socket_delayed(csp->cfd, CHEADER, strlen(CHEADER), + get_write_delay(csp)); + /* XXX: Use correct size */ + log_error(LOG_LEVEL_CLF, "%s - - [%T] \"Invalid request\" 400 0", + csp->ip_addr_str); + log_error(LOG_LEVEL_ERROR, "Client %s tried to send a https " + "URL without sending a CONNECT request first", + csp->ip_addr_str); + free_http_request(http); + return JB_ERR_PARSE; + } /* grab the rest of the client's headers */ init_list(headers);