X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=cgi.c;h=6c788064c7657533608e5866345be1c7657839da;hb=34635bf163b1b2860bbb0b6c9550b40196e5acd3;hp=dedef2f6cc7178e4be8d16942ef3de2f6e7b96cc;hpb=7e8f1ca649cdd799f9867f682ab45d97af5e33ef;p=privoxy.git diff --git a/cgi.c b/cgi.c index dedef2f6..6c788064 100644 --- a/cgi.c +++ b/cgi.c @@ -1,15 +1,14 @@ -const char cgi_rcs[] = "$Id: cgi.c,v 1.172 2017/03/08 13:10:33 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgi.c,v $ * * Purpose : Declares functions to intercept request, generate - * html or gif answers, and to compose HTTP resonses. + * html or gif answers, and to compose HTTP responses. * This only contains the framework functions, the * actual handler functions are declared elsewhere. * - * Copyright : Written by and Copyright (C) 2001-2017 - * members of the Privoxy team. http://www.privoxy.org/ + * Copyright : Written by and Copyright (C) 2001-2020 + * members of the Privoxy team. https://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -63,13 +62,16 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.172 2017/03/08 13:10:33 fabiankeil Exp $" #if defined(FEATURE_CGI_EDIT_ACTIONS) || defined(FEATURE_TOGGLE) #include "cgiedit.h" #endif /* defined(FEATURE_CGI_EDIT_ACTIONS) || defined (FEATURE_TOGGLE) */ +#ifdef FEATURE_HTTPS_INSPECTION +#include "ssl.h" +#endif /* loadcfg.h is for global_toggle_state only */ #include "loadcfg.h" /* jcc.h is for mutex semaphore globals only */ #include "jcc.h" -const char cgi_h_rcs[] = CGI_H_VERSION; +static char *make_menu(const struct client_state *csp, const char *self); /* * List of CGI functions: name, handler, description @@ -96,10 +98,6 @@ static const struct cgi_dispatcher cgi_dispatchers[] = { "View the current configuration", #endif TRUE }, - { "show-version", - cgi_show_version, - NULL, /* Not considered important enought to include in the menu */ - TRUE }, #ifdef FEATURE_CLIENT_TAGS /* * This is marked as harmless because despite the description @@ -108,7 +106,7 @@ static const struct cgi_dispatcher cgi_dispatchers[] = { */ { "client-tags", cgi_show_client_tags, - "View or toggle the tags that can be set based on the clients address", + "View or toggle the tags that can be set based on the client's address", TRUE }, #endif { "show-request", @@ -251,7 +249,7 @@ const char image_pattern_data[] = "\000\000\000\000\111\105\116\104\256\102\140\202"; /* - * 1x1 transparant PNG. + * 1x1 transparent PNG. */ const char image_blank_data[] = "\211\120\116\107\015\012\032\012\000\000\000\015\111\110\104\122" @@ -274,7 +272,7 @@ const char image_pattern_data[] = "\270\005\000\073"; /* - * 1x1 transparant GIF. + * 1x1 transparent GIF. */ const char image_blank_data[] = "GIF89a\001\000\001\000\200\000\000\377\377\377\000\000" @@ -408,8 +406,13 @@ struct http_response *dispatch_cgi(struct client_state *csp) static char *grep_cgi_referrer(const struct client_state *csp) { struct list_entry *p; + struct list_entry *first_header = +#ifdef FEATURE_HTTPS_INSPECTION + client_use_ssl(csp) ? csp->https_headers->first : +#endif + csp->headers->first; - for (p = csp->headers->first; p != NULL; p = p->next) + for (p = first_header; p != NULL; p = p->next) { if (p->str == NULL) continue; if (strncmpic(p->str, "Referer: ", 9) == 0) @@ -441,6 +444,9 @@ static int referrer_is_safe(const struct client_state *csp) { char *referrer; static const char alternative_prefix[] = "http://" CGI_SITE_1_HOST "/"; +#ifdef FEATURE_HTTPS_INSPECTION + static const char alt_prefix_https[] = "https://" CGI_SITE_1_HOST "/"; +#endif const char *trusted_cgi_referrer = csp->config->trusted_cgi_referrer; referrer = grep_cgi_referrer(csp); @@ -451,8 +457,12 @@ static int referrer_is_safe(const struct client_state *csp) log_error(LOG_LEVEL_ERROR, "Denying access to %s. No referrer found.", csp->http->url); } - else if ((0 == strncmp(referrer, CGI_PREFIX, sizeof(CGI_PREFIX)-1) - || (0 == strncmp(referrer, alternative_prefix, strlen(alternative_prefix))))) + else if ((0 == strncmp(referrer, CGI_PREFIX_HTTP, sizeof(CGI_PREFIX_HTTP)-1)) +#ifdef FEATURE_HTTPS_INSPECTION + || (0 == strncmp(referrer, CGI_PREFIX_HTTPS, sizeof(CGI_PREFIX_HTTPS)-1)) + || (0 == strncmp(referrer, alt_prefix_https, strlen(alt_prefix_https))) +#endif + || (0 == strncmp(referrer, alternative_prefix, strlen(alternative_prefix)))) { /* Trustworthy referrer */ log_error(LOG_LEVEL_CGI, "Granting access to %s, referrer %s is trustworthy.", @@ -527,7 +537,8 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, *query_args_start++ = '\0'; param_list = new_map(); err = map(param_list, "file", 1, url_decode(query_args_start), 0); - if (JB_ERR_OK != err) { + if (JB_ERR_OK != err) + { free(param_list); free(path_copy); return cgi_error_memory(); @@ -652,16 +663,7 @@ static struct map *parse_cgi_parameters(char *argstring) * The same hack is used in get_last_url() so it looks like * a real solution is needed. */ - size_t max_segments = strlen(argstring) / 2; - if (max_segments == 0) - { - /* - * XXX: If the argstring is empty, there's really - * no point in creating a param list, but currently - * other parts of Privoxy depend on the list's existence. - */ - max_segments = 1; - } + size_t max_segments = strlen(argstring) / 2 + 1; vector = malloc_or_die(max_segments * sizeof(char *)); cgi_params = new_map(); @@ -742,22 +744,22 @@ char get_char_param(const struct map *parameters, * * Function : get_string_param * - * Description : Get a string paramater, to be used as an - * ACTION_STRING or ACTION_MULTI paramater. + * Description : Get a string parameter, to be used as an + * ACTION_STRING or ACTION_MULTI parameter. * Validates the input to prevent stupid/malicious * users from corrupting their action file. * * Parameters : * 1 : parameters = map of cgi parameters * 2 : param_name = The name of the parameter to read - * 3 : pparam = destination for paramater. Allocated as + * 3 : pparam = destination for parameter. Allocated as * part of the map "parameters", so don't free it. * Set to NULL if not specified. * - * Returns : JB_ERR_OK on success, or if the paramater + * Returns : JB_ERR_OK on success, or if the parameter * was not specified. * JB_ERR_MEMORY on out-of-memory. - * JB_ERR_CGI_PARAMS if the paramater is not valid. + * JB_ERR_CGI_PARAMS if the parameter is not valid. * *********************************************************************/ jb_err get_string_param(const struct map *parameters, @@ -985,6 +987,9 @@ struct http_response *error_response(struct client_state *csp, case SOCKS_5T: socks_type = "socks5t-"; break; + case FORWARD_WEBSERVER: + socks_type = "webserver-"; + break; default: log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type); } @@ -1229,7 +1234,7 @@ jb_err cgi_error_no_template(const struct client_state *csp, * In this context, "unexpected" means "anything other * than JB_ERR_MEMORY or JB_ERR_CGI_PARAMS" - CGIs are * expected to handle all other errors internally, - * since they can give more relavent error messages + * since they can give more relevant error messages * that way. * * Note this is not a true CGI, it takes an error @@ -1263,7 +1268,7 @@ jb_err cgi_error_unknown(const struct client_state *csp, static const char body_suffix[] = "
\n" "Please " - "" + "" "file a bug report.
\n" "