+ if (!http->ssl) /* We talk plaintext */
+ {
+ buffer_and_filter_content = content_requires_filtering(csp);
+ }
+ /*
+ * Only write if we're not buffering for content modification
+ */
+ if (!buffer_and_filter_content)
+ {
+ /*
+ * Write the server's (modified) header to
+ * the client (along with anything else that
+ * may be in the buffer)
+ */
+
+ if (write_socket(csp->cfd, hdr, strlen(hdr))
+ || ((len = flush_socket(csp->cfd, csp->iob)) < 0))
+ {
+ log_error(LOG_LEVEL_CONNECT, "write header to client failed: %E");
+
+ /*
+ * The write failed, so don't bother mentioning it
+ * to the client... it probably can't hear us anyway.
+ */
+ freez(hdr);
+ mark_server_socket_tainted(csp);
+ freez(receive_buffer);
+ return;
+ }
+ }
+
+ /* we're finished with the server's header */
+
+ freez(hdr);
+ server_body = 1;
+
+ /*
+ * If this was a MS IIS/5 hack then it means the server
+ * has already closed the connection. Nothing more to read.
+ * Time to bail.
+ */
+ if (ms_iis5_hack)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Closed server connection detected. "
+ "Applying the MS IIS5 hack didn't help.");
+ log_error(LOG_LEVEL_CLF,
+ "%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
+ write_socket(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE,
+ strlen(INVALID_SERVER_HEADERS_RESPONSE));
+ mark_server_socket_tainted(csp);
+ freez(receive_buffer);
+ return;
+ }
+ }
+ continue;
+ }
+ mark_server_socket_tainted(csp);
+ freez(receive_buffer);
+ return; /* huh? we should never get here */
+ }
+ freez(receive_buffer);
+
+ if (csp->content_length == 0)
+ {
+ /*
+ * If Privoxy didn't recalculate the Content-Length,
+ * byte_count is still correct.
+ */
+ csp->content_length = byte_count;
+ }
+
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ if ((csp->flags & CSP_FLAG_CONTENT_LENGTH_SET)
+ && (csp->expected_content_length != byte_count))
+ {
+ log_error(LOG_LEVEL_CONNECT,
+ "Received %llu bytes while expecting %llu.",
+ byte_count, csp->expected_content_length);
+ mark_server_socket_tainted(csp);
+ }
+#endif
+
+ log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 200 %llu",
+ csp->ip_addr_str, http->ocmd, csp->content_length);
+
+ csp->server_connection.timestamp = time(NULL);
+}
+
+
+/*********************************************************************
+ *
+ * Function : chat
+ *
+ * Description : Once a connection from the client has been accepted,
+ * this function is called (via serve()) to handle the
+ * main business of the communication. This function
+ * returns after dealing with a single request. It can
+ * be called multiple times with the same client socket
+ * if the client is keeping the connection alive.
+ *
+ * The decision whether or not a client connection will
+ * be kept alive is up to the caller which also must
+ * close the client socket when done.
+ *
+ * FIXME: chat is nearly thousand lines long.
+ * Ridiculous.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : Nothing.
+ *
+ *********************************************************************/
+static void chat(struct client_state *csp)
+{
+ const struct forward_spec *fwd;
+ struct http_request *http;
+ /* Skeleton for HTTP response, if we should intercept the request */
+ struct http_response *rsp;
+
+ http = csp->http;
+
+ if (receive_client_request(csp) != JB_ERR_OK)
+ {
+ return;
+ }
+ if (parse_client_request(csp) != JB_ERR_OK)
+ {
+ return;
+ }
+
+ /* decide how to route the HTTP request */
+ fwd = forward_url(csp, http);
+ if (NULL == fwd)
+ {
+ log_error(LOG_LEVEL_FATAL, "gateway spec is NULL!?!? This can't happen!");
+ /* Never get here - LOG_LEVEL_FATAL causes program exit */
+ return;
+ }
+
+ /*
+ * build the http request to send to the server
+ * we have to do one of the following:
+ *
+ * create = use the original HTTP request to create a new
+ * HTTP request that has either the path component
+ * without the http://domainspec (w/path) or the
+ * full orininal URL (w/url)
+ * Note that the path and/or the HTTP version may
+ * have been altered by now.
+ *
+ * connect = Open a socket to the host:port of the server
+ * and short-circuit server and client socket.
+ *
+ * pass = Pass the request unchanged if forwarding a CONNECT
+ * request to a parent proxy. Note that we'll be sending
+ * the CFAIL message ourselves if connecting to the parent
+ * fails, but we won't send a CSUCCEED message if it works,
+ * since that would result in a double message (ours and the
+ * parent's). After sending the request to the parent, we simply
+ * tunnel.
+ *
+ * here's the matrix:
+ * SSL
+ * 0 1
+ * +--------+--------+
+ * | | |
+ * 0 | create | connect|
+ * | w/path | |
+ * Forwarding +--------+--------+
+ * | | |
+ * 1 | create | pass |
+ * | w/url | |
+ * +--------+--------+
+ *
+ */
+
+ if (http->ssl && connect_port_is_forbidden(csp))
+ {
+ const char *acceptable_connect_ports =
+ csp->action->string[ACTION_STRING_LIMIT_CONNECT];
+ assert(NULL != acceptable_connect_ports);
+ log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
+ "limit-connect{%s} doesn't allow CONNECT requests to %s",
+ csp->ip_addr_str, acceptable_connect_ports, csp->http->hostport);
+ csp->action->flags |= ACTION_BLOCK;
+ http->ssl = 0;
+ }
+
+ if (http->ssl == 0)
+ {
+ freez(csp->headers->first->str);
+ build_request_line(csp, fwd, &csp->headers->first->str);
+ }
+
+ /*
+ * We have a request. Check if one of the crunchers wants it.
+ */
+ if (crunch_response_triggered(csp, crunchers_all))
+ {
+ /*
+ * Yes. The client got the crunch response and we're done here.
+ */
+ return;
+ }
+
+ log_applied_actions(csp->action);
+ log_error(LOG_LEVEL_GPC, "%s%s", http->hostport, http->path);
+
+ if (fwd->forward_host)
+ {
+ log_error(LOG_LEVEL_CONNECT, "via [%s]:%d to: %s",
+ fwd->forward_host, fwd->forward_port, http->hostport);
+ }
+ else
+ {
+ log_error(LOG_LEVEL_CONNECT, "to %s", http->hostport);
+ }
+
+ /* here we connect to the server, gateway, or the forwarder */
+
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+ if ((csp->server_connection.sfd != JB_INVALID_SOCKET)
+ && socket_is_still_alive(csp->server_connection.sfd)
+ && connection_destination_matches(&csp->server_connection, http, fwd))
+ {
+ log_error(LOG_LEVEL_CONNECT,
+ "Reusing server socket %d connected to %s. Total requests: %u.",
+ csp->server_connection.sfd, csp->server_connection.host,
+ csp->server_connection.requests_sent_total);
+ }
+ else
+ {
+ if (csp->server_connection.sfd != JB_INVALID_SOCKET)
+ {
+#ifdef FEATURE_CONNECTION_SHARING
+ if (csp->config->feature_flags & RUNTIME_FEATURE_CONNECTION_SHARING)
+ {
+ remember_connection(&csp->server_connection);
+ }
+ else
+#endif /* def FEATURE_CONNECTION_SHARING */
+ {
+ log_error(LOG_LEVEL_CONNECT,
+ "Closing server socket %d connected to %s. Total requests: %u.",
+ csp->server_connection.sfd, csp->server_connection.host,
+ csp->server_connection.requests_sent_total);
+ close_socket(csp->server_connection.sfd);
+ }
+ mark_connection_closed(&csp->server_connection);
+ }
+#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
+
+ csp->server_connection.sfd = forwarded_connect(fwd, http, csp);