-const char cgi_rcs[] = "$Id: cgi.c,v 1.92 2007/01/28 13:41:17 fabiankeil Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.104 2008/03/26 18:07:06 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
*
* Revisions :
* $Log: cgi.c,v $
+ * Revision 1.104 2008/03/26 18:07:06 fabiankeil
+ * Add hostname directive. Closes PR#1918189.
+ *
+ * Revision 1.103 2008/03/21 11:13:57 fabiankeil
+ * Only gather host information if it's actually needed.
+ * Also move the code out of accept_connection() so it's less likely
+ * to delay other incoming connections if the host is misconfigured.
+ *
+ * Revision 1.102 2008/02/23 16:33:43 fabiankeil
+ * Let forward_url() use the standard parameter ordering
+ * and mark its second parameter immutable.
+ *
+ * Revision 1.101 2008/02/03 15:45:06 fabiankeil
+ * Add SOCKS5 support for "Forwarding failure" CGI page.
+ *
+ * Revision 1.100 2007/10/17 18:40:53 fabiankeil
+ * - Send CGI pages as HTTP/1.1 unless the client asked for HTTP/1.0.
+ * - White space fix.
+ *
+ * Revision 1.99 2007/08/05 13:42:22 fabiankeil
+ * #1763173 from Stefan Huehner: declare some more functions static.
+ *
+ * Revision 1.98 2007/05/14 10:33:51 fabiankeil
+ * - Use strlcpy() and strlcat() instead of strcpy() and strcat().
+ *
+ * Revision 1.97 2007/04/09 18:11:35 fabiankeil
+ * Don't mistake VC++'s _snprintf() for a snprintf() replacement.
+ *
+ * Revision 1.96 2007/03/08 17:41:05 fabiankeil
+ * Use sizeof() more often.
+ *
+ * Revision 1.95 2007/02/10 17:01:37 fabiankeil
+ * Don't overlook map result for the forwarding-type.
+ *
+ * Revision 1.94 2007/02/08 19:44:49 fabiankeil
+ * Use a transparent background for the PNG replacement pattern.
+ *
+ * Revision 1.93 2007/02/07 10:45:22 fabiankeil
+ * - Save the reason for generating http_responses.
+ * - Fix --disable-toggle (again).
+ * - Use TBL birthday hack for 403 responses as well.
+ * - Uglify the @menu@ again to fix JavaScript
+ * errors on the "blocked" template.
+ * - Escape an ampersand in cgi_error_unknown().
+ *
* Revision 1.92 2007/01/28 13:41:17 fabiankeil
* - Add HEAD support to finish_http_response.
* - Add error favicon to internal HTML error messages.
#include <limits.h>
#include <assert.h>
-#ifdef _WIN32
-#define snprintf _snprintf
-#endif /* def _WIN32 */
-
#include "project.h"
#include "cgi.h"
#include "list.h"
#include "filters.h"
#include "miscutil.h"
#include "cgisimple.h"
+#include "jbsockets.h"
#ifdef FEATURE_CGI_EDIT_ACTIONS
#include "cgiedit.h"
#endif /* def FEATURE_CGI_EDIT_ACTIONS */
*/
const char image_pattern_data[] =
"\211\120\116\107\015\012\032\012\000\000\000\015\111\110\104"
- "\122\000\000\000\004\000\000\000\004\010\002\000\000\000\046"
- "\223\011\051\000\000\000\006\142\113\107\104\000\310\000\310"
- "\000\310\052\045\225\037\000\000\000\032\111\104\101\124\170"
- "\332\143\070\161\342\304\377\377\377\041\044\003\234\165\342"
- "\304\011\006\234\062\000\125\200\052\251\125\174\360\223\000"
- "\000\000\000\111\105\116\104\256\102\140\202";
+ "\122\000\000\000\004\000\000\000\004\010\006\000\000\000\251"
+ "\361\236\176\000\000\000\006\142\113\107\104\000\000\000\000"
+ "\000\000\371\103\273\177\000\000\000\033\111\104\101\124\010"
+ "\327\143\140\140\140\060\377\377\377\077\003\234\106\341\060"
+ "\060\230\063\020\124\001\000\161\021\031\241\034\364\030\143"
+ "\000\000\000\000\111\105\116\104\256\102\140\202";
/*
* 1x1 transparant PNG.
* Returns : pointer to value (no copy!), or NULL if none found.
*
*********************************************************************/
-char *grep_cgi_referrer(const struct client_state *csp)
+static char *grep_cgi_referrer(const struct client_state *csp)
{
struct list_entry *p;
* FALSE if the referrer is unsafe or not set.
*
*********************************************************************/
-int referrer_is_safe (const struct client_state *csp)
+static int referrer_is_safe(const struct client_state *csp)
{
char *referrer;
const char alternative_prefix[] = "http://" CGI_SITE_1_HOST "/";
}
else if (!strcmp(templatename, "forwarding-failed"))
{
- const struct forward_spec * fwd = forward_url(csp->http, csp);
+ const struct forward_spec *fwd = forward_url(csp, csp->http);
+ char *socks_type = NULL;
if (fwd == NULL)
{
log_error(LOG_LEVEL_FATAL, "gateway spec is NULL. This shouldn't happen!");
csp->error_message = strdup("Failure reason missing. Check the log file for details.");
}
if (!err) err = map(exports, "gateway", 1, fwd->gateway_host, 1);
- if (!err) map(exports, "forwarding-type", 1, (fwd->type == SOCKS_4) ?
- "socks4-" : "socks4a-", 1);
+
+ /*
+ * XXX: this is almost the same code as in cgi_show_url_info()
+ * and thus should be factored out and shared.
+ */
+ switch (fwd->type)
+ {
+ case SOCKS_4:
+ socks_type = "socks4-";
+ break;
+ case SOCKS_4A:
+ socks_type = "socks4a-";
+ break;
+ case SOCKS_5:
+ socks_type = "socks5-";
+ break;
+ default:
+ log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type);
+ }
+
+ if (!err) err = map(exports, "forwarding-type", 1, socks_type, 1);
if (!err) err = map(exports, "error-message", 1, html_encode(csp->error_message), 0);
if (!err) rsp->status = strdup("503 Forwarding failure");
").</p>\r\n"
"</body>\r\n"
"</html>\r\n";
+ const size_t body_size = strlen(body_prefix) + strlen(template_name) + strlen(body_suffix) + 1;
assert(csp);
assert(rsp);
rsp->head_length = 0;
rsp->is_static = 0;
- rsp->body = malloc(strlen(body_prefix) + strlen(template_name) + strlen(body_suffix) + 1);
+ rsp->body = malloc(body_size);
if (rsp->body == NULL)
{
return JB_ERR_MEMORY;
}
- strcpy(rsp->body, body_prefix);
- strcat(rsp->body, template_name);
- strcat(rsp->body, body_suffix);
+ strlcpy(rsp->body, body_prefix, body_size);
+ strlcat(rsp->body, template_name, body_size);
+ strlcat(rsp->body, body_suffix, body_size);
rsp->status = strdup(status);
if (rsp->status == NULL)
"</body>\r\n"
"</html>\r\n";
char errnumbuf[30];
+ /*
+ * Due to sizeof(errnumbuf), body_size will be slightly
+ * bigger than necessary but it doesn't really matter.
+ */
+ const size_t body_size = strlen(body_prefix) + sizeof(errnumbuf) + strlen(body_suffix) + 1;
assert(csp);
assert(rsp);
snprintf(errnumbuf, sizeof(errnumbuf), "%d", error_to_report);
- rsp->body = malloc(strlen(body_prefix) + strlen(errnumbuf) + strlen(body_suffix) + 1);
+ rsp->body = malloc(body_size);
if (rsp->body == NULL)
{
return JB_ERR_MEMORY;
}
- strcpy(rsp->body, body_prefix);
- strcat(rsp->body, errnumbuf);
- strcat(rsp->body, body_suffix);
+ strlcpy(rsp->body, body_prefix, body_size);
+ strlcat(rsp->body, errnumbuf, body_size);
+ strlcat(rsp->body, body_suffix, body_size);
rsp->status = strdup(status);
if (rsp->status == NULL)
* Parameters :
* 1 : time_offset = Time returned will be current time
* plus this number of seconds.
- * 2 : buf = Destination for result. Must be long enough
- * to hold 29 characters plus a trailing zero.
+ * 2 : buf = Destination for result.
+ * 3 : buffer_size = Size of the buffer above. Must be big
+ * enough to hold 29 characters plus a
+ * trailing zero.
*
* Returns : N/A
*
*********************************************************************/
-void get_http_time(int time_offset, char *buf)
+void get_http_time(int time_offset, char *buf, size_t buffer_size)
{
static const char day_names[7][4] =
{ "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" };
#endif
assert(buf);
+ assert(buffer_size > 29);
time(¤t_time); /* get current time */
}
/* Format: "Sun, 06 Nov 1994 08:49:37 GMT" */
- snprintf(buf, 30,
+ snprintf(buf, buffer_size,
"%s, %02d %s %4d %02d:%02d:%02d GMT",
day_names[t->tm_wday],
t->tm_mday,
}
/*
- * Fill in the HTTP Status
+ * Fill in the HTTP Status, using HTTP/1.1
+ * unless the client asked for HTTP/1.0.
*/
- snprintf(buf, sizeof(buf), "HTTP/1.0 %s", rsp->status ? rsp->status : "200 OK");
+ snprintf(buf, sizeof(buf), "%s %s",
+ strcmpic(csp->http->ver, "HTTP/1.0") ? "HTTP/1.1" : "HTTP/1.0",
+ rsp->status ? rsp->status : "200 OK");
err = enlist_first(rsp->headers, buf);
/*
if (strncmpic(rsp->status, "302", 3))
{
- /*
- * If it's not a redirect without any content,
- * set the Content-Type to text/html if it's
- * not already specified.
- */
- if (!err) err = enlist_unique(rsp->headers, "Content-Type: text/html", 13);
+ /*
+ * If it's not a redirect without any content,
+ * set the Content-Type to text/html if it's
+ * not already specified.
+ */
+ if (!err) err = enlist_unique(rsp->headers, "Content-Type: text/html", 13);
}
/*
if (!err)
{
- get_http_time(0, buf);
+ get_http_time(0, buf, sizeof(buf));
err = enlist_unique_header(rsp->headers, "Date", buf);
}
if (!err)
{
- get_http_time(10 * 60, buf); /* 10 * 60sec = 10 minutes */
+ get_http_time(10 * 60, buf, sizeof(buf)); /* 10 * 60sec = 10 minutes */
err = enlist_unique_header(rsp->headers, "Expires", buf);
}
}
else if (!strncmpic(rsp->status, "302", 3))
{
- get_http_time(0, buf);
+ get_http_time(0, buf, sizeof(buf));
if (!err) err = enlist_unique_header(rsp->headers, "Date", buf);
}
else
*/
if (!err) err = enlist_unique_header(rsp->headers, "Cache-Control", "no-cache");
- get_http_time(0, buf);
+ get_http_time(0, buf, sizeof(buf));
if (!err) err = enlist_unique_header(rsp->headers, "Date", buf);
if (!strncmpic(rsp->status, "403", 3)
|| !strncmpic(rsp->status, "404", 3)
jb_err err;
struct map * exports;
int local_help_exists = 0;
+ char *ip_address = NULL;
+ char *hostname = NULL;
assert(csp);
return NULL;
}
+ if (csp->config->hostname)
+ {
+ get_host_information(csp->cfd, &ip_address, NULL);
+ hostname = strdup(csp->config->hostname);
+ }
+ else
+ {
+ get_host_information(csp->cfd, &ip_address, &hostname);
+ }
+
err = map(exports, "version", 1, html_encode(VERSION), 0);
- if (!err) err = map(exports, "my-ip-address", 1, html_encode(csp->my_ip_addr_str ? csp->my_ip_addr_str : "unknown"), 0);
- if (!err) err = map(exports, "my-hostname", 1, html_encode(csp->my_hostname ? csp->my_hostname : "unknown"), 0);
+ if (!err) err = map(exports, "my-ip-address", 1, html_encode(ip_address ? ip_address : "unknown"), 0);
+ freez(ip_address);
+ if (!err) err = map(exports, "my-hostname", 1, html_encode(hostname ? hostname : "unknown"), 0);
+ freez(hostname);
if (!err) err = map(exports, "homepage", 1, html_encode(HOME_PAGE_URL), 0);
if (!err) err = map(exports, "default-cgi", 1, html_encode(CGI_PREFIX), 0);
if (!err) err = map(exports, "menu", 1, make_menu(caller, csp->config->feature_flags), 0);
if (!err) err = map_block_killer(exports, "can-toggle");
#endif
- snprintf(buf, 20, "%d", csp->config->hport);
+ snprintf(buf, sizeof(buf), "%d", csp->config->hport);
if (!err) err = map(exports, "my-port", 1, buf, 1);
if(!strcmp(CODE_STATUS, "stable"))
assert(name);
assert(strlen(name) < 490);
- snprintf(buf, 1000, "if-%s-start.*if-%s-end", name, name);
+ snprintf(buf, sizeof(buf), "if-%s-start.*if-%s-end", name, name);
return map(exports, buf, 1, "", 1);
}
assert(name);
assert(strlen(name) < 490);
- snprintf(buf, 500, "if-%s-start", name);
+ snprintf(buf, sizeof(buf), "if-%s-start", name);
err = map(exports, buf, 1, "", 1);
if (err)
return err;
}
- snprintf(buf, 500, "if-%s-end", name);
+ snprintf(buf, sizeof(buf), "if-%s-end", name);
return map(exports, buf, 1, "", 1);
}
assert(name);
assert(strlen(name) < 480);
- snprintf(buf, 1000, (choose_first
+ snprintf(buf, sizeof(buf), (choose_first
? "else-not-%s@.*@endif-%s"
: "if-%s-then@.*@else-not-%s"),
name, name);
return err;
}
- snprintf(buf, 1000, (choose_first ? "if-%s-then" : "endif-%s"), name);
+ snprintf(buf, sizeof(buf), (choose_first ? "if-%s-then" : "endif-%s"), name);
return map(exports, buf, 1, "", 1);
}