+
+ if (err == JB_ERR_CGI_PARAMS)
+ {
+ err = cgi_error_bad_param(csp, rsp);
+ }
+ if (err && (err != JB_ERR_MEMORY))
+ {
+ /* Unexpected error! Shouldn't get here */
+ log_error(LOG_LEVEL_ERROR, "Unexpected CGI error %d in top-level handler. Please file a bug report!", err);
+ err = cgi_error_unknown(csp, rsp, err);
+ }
+ if (!err)
+ {
+ /* It worked */
+ rsp->reason = RSP_REASON_CGI_CALL;
+ return finish_http_response(csp, rsp);
+ }
+ else
+ {
+ /* Error in handler, probably out-of-memory */
+ free_http_response(rsp);
+ return cgi_error_memory();
+ }
+ }
+ d++;
+ }
+}
+
+
+/*********************************************************************
+ *
+ * Function : parse_cgi_parameters
+ *
+ * Description : Parse a URL-encoded argument string into name/value
+ * pairs and store them in a struct map list.
+ *
+ * Parameters :
+ * 1 : argstring = string to be parsed. Will be trashed.
+ *
+ * Returns : pointer to param list, or NULL if out of memory.
+ *
+ *********************************************************************/
+static struct map *parse_cgi_parameters(char *argstring)
+{
+ char *p;
+ char *vector[BUFFER_SIZE];
+ int pairs, i;
+ struct map *cgi_params;
+
+ if (NULL == (cgi_params = new_map()))
+ {
+ return NULL;
+ }
+
+ /*
+ * IE 5 does, of course, violate RFC 2316 Sect 4.1 and sends
+ * the fragment identifier along with the request, so we must
+ * cut it off here, so it won't pollute the CGI params:
+ */
+ if (NULL != (p = strchr(argstring, '#')))
+ {
+ *p = '\0';
+ }
+
+ pairs = ssplit(argstring, "&", vector, SZ(vector), 1, 1);
+
+ for (i = 0; i < pairs; i++)
+ {
+ if ((NULL != (p = strchr(vector[i], '='))) && (*(p+1) != '\0'))
+ {
+ *p = '\0';
+ if (map(cgi_params, url_decode(vector[i]), 0, url_decode(++p), 0))
+ {
+ free_map(cgi_params);
+ return NULL;
+ }
+ }
+ }
+
+ return cgi_params;
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : get_char_param
+ *
+ * Description : Get a single-character parameter passed to a CGI
+ * function.
+ *
+ * Parameters :
+ * 1 : parameters = map of cgi parameters
+ * 2 : param_name = The name of the parameter to read
+ *
+ * Returns : Uppercase character on success, '\0' on error.
+ *
+ *********************************************************************/
+char get_char_param(const struct map *parameters,
+ const char *param_name)
+{
+ char ch;
+
+ assert(parameters);
+ assert(param_name);
+
+ ch = *(lookup(parameters, param_name));
+ if ((ch >= 'a') && (ch <= 'z'))
+ {
+ ch = (char)(ch - 'a' + 'A');
+ }
+
+ return ch;
+}
+
+
+/*********************************************************************
+ *
+ * Function : get_string_param
+ *
+ * Description : Get a string paramater, to be used as an
+ * ACTION_STRING or ACTION_MULTI paramater.
+ * Validates the input to prevent stupid/malicious
+ * users from corrupting their action file.
+ *
+ * Parameters :
+ * 1 : parameters = map of cgi parameters
+ * 2 : param_name = The name of the parameter to read
+ * 3 : pparam = destination for paramater. Allocated as
+ * part of the map "parameters", so don't free it.
+ * Set to NULL if not specified.
+ *
+ * Returns : JB_ERR_OK on success, or if the paramater
+ * was not specified.
+ * JB_ERR_MEMORY on out-of-memory.
+ * JB_ERR_CGI_PARAMS if the paramater is not valid.
+ *
+ *********************************************************************/
+jb_err get_string_param(const struct map *parameters,
+ const char *param_name,
+ const char **pparam)
+{
+ const char *param;
+ const char *s;
+ char ch;
+
+ assert(parameters);
+ assert(param_name);
+ assert(pparam);
+
+ *pparam = NULL;
+
+ param = lookup(parameters, param_name);
+ if (!*param)
+ {
+ return JB_ERR_OK;
+ }
+
+ if (strlen(param) >= CGI_PARAM_LEN_MAX)
+ {
+ /*
+ * Too long.
+ *
+ * Note that the length limit is arbitrary, it just seems
+ * sensible to limit it to *something*. There's no
+ * technical reason for any limit at all.
+ */
+ return JB_ERR_CGI_PARAMS;
+ }
+
+ /* Check every character to see if it's legal */
+ s = param;
+ while ((ch = *s++) != '\0')
+ {
+ if ( ((unsigned char)ch < (unsigned char)' ')
+ || (ch == '}') )
+ {
+ /* Probable hack attempt, or user accidentally used '}'. */
+ return JB_ERR_CGI_PARAMS;
+ }
+ }
+
+ /* Success */
+ *pparam = param;
+
+ return JB_ERR_OK;
+}
+
+
+/*********************************************************************
+ *
+ * Function : get_number_param
+ *
+ * Description : Get a non-negative integer from the parameters
+ * passed to a CGI function.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : parameters = map of cgi parameters
+ * 3 : name = Name of CGI parameter to read
+ * 4 : pvalue = destination for value.
+ * Set to -1 on error.
+ *
+ * Returns : JB_ERR_OK on success
+ * JB_ERR_MEMORY on out-of-memory
+ * JB_ERR_CGI_PARAMS if the parameter was not specified
+ * or is not valid.
+ *
+ *********************************************************************/
+jb_err get_number_param(struct client_state *csp,
+ const struct map *parameters,
+ char *name,
+ unsigned *pvalue)
+{
+ const char *param;
+ char ch;
+ unsigned value;
+
+ assert(csp);
+ assert(parameters);
+ assert(name);
+ assert(pvalue);
+
+ *pvalue = 0;
+
+ param = lookup(parameters, name);
+ if (!*param)
+ {
+ return JB_ERR_CGI_PARAMS;
+ }
+
+ /* We don't use atoi because I want to check this carefully... */
+
+ value = 0;
+ while ((ch = *param++) != '\0')
+ {
+ if ((ch < '0') || (ch > '9'))
+ {
+ return JB_ERR_CGI_PARAMS;
+ }
+
+ ch = (char)(ch - '0');
+
+ /* Note:
+ *
+ * <limits.h> defines UINT_MAX
+ *
+ * (UINT_MAX - ch) / 10 is the largest number that
+ * can be safely multiplied by 10 then have ch added.
+ */
+ if (value > ((UINT_MAX - (unsigned)ch) / 10U))
+ {
+ return JB_ERR_CGI_PARAMS;
+ }
+
+ value = value * 10 + (unsigned)ch;
+ }
+
+ /* Success */
+ *pvalue = value;
+
+ return JB_ERR_OK;
+
+}
+
+
+/*********************************************************************
+ *
+ * Function : error_response
+ *
+ * Description : returns an http_response that explains the reason
+ * why a request failed.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : templatename = Which template should be used for the answer
+ *
+ * Returns : A http_response. If we run out of memory, this
+ * will be cgi_error_memory().
+ *
+ *********************************************************************/
+struct http_response *error_response(struct client_state *csp,
+ const char *templatename)
+{
+ jb_err err;
+ struct http_response *rsp;
+ struct map *exports = default_exports(csp, NULL);
+ char *path = NULL;
+
+ if (exports == NULL)
+ {
+ return cgi_error_memory();
+ }
+
+ if (NULL == (rsp = alloc_http_response()))
+ {
+ free_map(exports);
+ return cgi_error_memory();
+ }
+
+#ifdef FEATURE_FORCE_LOAD
+ if (csp->flags & CSP_FLAG_FORCED)
+ {
+ path = strdup(FORCE_PREFIX);
+ }
+ else
+#endif /* def FEATURE_FORCE_LOAD */
+ {
+ path = strdup("");
+ }
+ err = string_append(&path, csp->http->path);
+
+ if (!err) err = map(exports, "host", 1, html_encode(csp->http->host), 0);
+ if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0);
+ if (!err) err = map(exports, "path", 1, html_encode_and_free_original(path), 0);
+ if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1);
+ if (!err)
+ {
+ err = map(exports, "host-ip", 1, html_encode(csp->http->host_ip_addr_str), 0);
+ if (err)
+ {
+ /* Some failures, like "404 no such domain", don't have an IP address. */
+ err = map(exports, "host-ip", 1, html_encode(csp->http->host), 0);
+ }
+ }
+
+
+ if (err)
+ {
+ free_map(exports);
+ free_http_response(rsp);
+ return cgi_error_memory();
+ }
+
+ if (!strcmp(templatename, "no-such-domain"))
+ {
+ rsp->status = strdup("404 No such domain");
+ rsp->reason = RSP_REASON_NO_SUCH_DOMAIN;
+ }
+ else if (!strcmp(templatename, "forwarding-failed"))
+ {
+ const struct forward_spec *fwd = forward_url(csp, csp->http);
+ char *socks_type = NULL;
+ if (fwd == NULL)
+ {
+ log_error(LOG_LEVEL_FATAL, "gateway spec is NULL. This shouldn't happen!");
+ /* Never get here - LOG_LEVEL_FATAL causes program exit */
+ }
+
+ /*
+ * XXX: While the template is called forwarding-failed,
+ * it currently only handles socks forwarding failures.
+ */
+ assert(fwd != NULL);
+ assert(fwd->type != SOCKS_NONE);
+
+ /*
+ * Map failure reason, forwarding type and forwarder.
+ */
+ if (NULL == csp->error_message)
+ {
+ /*
+ * Either we forgot to record the failure reason,
+ * or the memory allocation failed.
+ */
+ log_error(LOG_LEVEL_ERROR, "Socks failure reason missing.");
+ csp->error_message = strdup("Failure reason missing. Check the log file for details.");
+ }
+ if (!err) err = map(exports, "gateway", 1, fwd->gateway_host, 1);
+
+ /*
+ * XXX: this is almost the same code as in cgi_show_url_info()
+ * and thus should be factored out and shared.
+ */
+ switch (fwd->type)
+ {
+ case SOCKS_4:
+ socks_type = "socks4-";
+ break;
+ case SOCKS_4A:
+ socks_type = "socks4a-";
+ break;
+ case SOCKS_5:
+ socks_type = "socks5-";
+ break;
+ default:
+ log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type);
+ }
+
+ if (!err) err = map(exports, "forwarding-type", 1, socks_type, 1);
+ if (!err) err = map(exports, "error-message", 1, html_encode(csp->error_message), 0);
+ if ((NULL == csp->error_message) || err)
+ {
+ free_map(exports);
+ free_http_response(rsp);
+ return cgi_error_memory();