X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;ds=sidebyside;f=urlmatch.c;h=ce12ecc81ccc6d217de86f29b1588b455415ccd6;hb=d059d19124deae8d7f1bf43150b6009064504f9a;hp=98cecf2cb155370240e18d1c0725aed5f06643cf;hpb=9479f812fb0202cdfcdf0d5d98cbefafa4a8186d;p=privoxy.git

diff --git a/urlmatch.c b/urlmatch.c
index 98cecf2c..ce12ecc8 100644
--- a/urlmatch.c
+++ b/urlmatch.c
@@ -1,4 +1,4 @@
-const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.43 2008/05/04 13:30:55 fabiankeil Exp $";
+const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.46 2009/02/11 19:31:32 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/urlmatch.c,v $
@@ -6,8 +6,8 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.43 2008/05/04 13:30:55 fabianke
  * Purpose     :  Declares functions to match URLs against URL
  *                patterns.
  *
- * Copyright   :  Written by and Copyright (C) 2001-2003, 2006-2008 the SourceForge
- *                Privoxy team. http://www.privoxy.org/
+ * Copyright   :  Written by and Copyright (C) 2001-2009
+ *                the Privoxy team. http://www.privoxy.org/
  *
  *                Based on the Internet Junkbuster originally written
  *                by and Copyright (C) 1997 Anonymous Coders and
@@ -33,6 +33,16 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.43 2008/05/04 13:30:55 fabianke
  *
  * Revisions   :
  *    $Log: urlmatch.c,v $
+ *    Revision 1.46  2009/02/11 19:31:32  fabiankeil
+ *    Reject request lines that end with neither HTTP/1.0 nor HTTP/1.1.
+ *
+ *    Revision 1.45  2008/06/21 21:19:18  fabiankeil
+ *    Silence bogus compiler warning.
+ *
+ *    Revision 1.44  2008/05/04 16:18:32  fabiankeil
+ *    Provide parse_http_url() with a third parameter to specify
+ *    whether or not URLs without protocol are acceptable.
+ *
  *    Revision 1.43  2008/05/04 13:30:55  fabiankeil
  *    Streamline parse_http_url()'s prototype.
  *
@@ -623,7 +633,6 @@ static int unknown_method(const char *method)
  * Parameters  :
  *          1  :  req = HTTP request line to break down
  *          2  :  http = pointer to the http structure to hold elements
- *          3  :  csp = Current client state (buffers, headers, etc...)
  *
  * Returns     :  JB_ERR_OK on success
  *                JB_ERR_MEMORY on out of memory
@@ -631,9 +640,7 @@ static int unknown_method(const char *method)
  *                                  or >100 domains deep.
  *
  *********************************************************************/
-jb_err parse_http_request(const char *req,
-                          struct http_request *http,
-                          const struct client_state *csp)
+jb_err parse_http_request(const char *req, struct http_request *http)
 {
    char *buf;
    char *v[10]; /* XXX: Why 10? We should only need three. */
@@ -671,6 +678,14 @@ jb_err parse_http_request(const char *req,
       return JB_ERR_PARSE;
    }
 
+   if (strcmpic(v[2], "HTTP/1.1") && strcmpic(v[2], "HTTP/1.0"))
+   {
+      log_error(LOG_LEVEL_ERROR, "The only supported HTTP "
+         "versions are 1.0 and 1.1. This rules out: %s", v[2]);
+      freez(buf);
+      return JB_ERR_PARSE;
+   }
+
    http->ssl = !strcmpic(v[0], "CONNECT");
 
    err = parse_http_url(v[1], http, !http->ssl);
@@ -726,7 +741,7 @@ static jb_err compile_pattern(const char *pattern, enum regex_anchoring anchorin
 {
    int errcode;
    char rebuf[BUFFER_SIZE];
-   const char *fmt;
+   const char *fmt = NULL;
 
    assert(pattern);
    assert(strlen(pattern) < sizeof(rebuf) - 2);