X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=cgi.c;h=96ce16f36b9e8d1501ce2464cc24f81ba2013488;hb=3c2accf011811db47139a0bc13168fddca1b1c87;hp=55ef1e9b2f990e8e17cde1e3b9c1c6a677d34305;hpb=fc95f97a7020e56f373bf744715d73afe58b773a;p=privoxy.git
diff --git a/cgi.c b/cgi.c
index 55ef1e9b..96ce16f3 100644
--- a/cgi.c
+++ b/cgi.c
@@ -1,24 +1,20 @@
-const char cgi_rcs[] = "$Id: cgi.c,v 1.138 2011/07/08 13:27:31 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
*
* Purpose : Declares functions to intercept request, generate
- * html or gif answers, and to compose HTTP resonses.
+ * html or gif answers, and to compose HTTP responses.
* This only contains the framework functions, the
* actual handler functions are declared elsewhere.
- *
- * Functions declared include:
- *
*
- * Copyright : Written by and Copyright (C) 2001-2004, 2006-2008
- * the SourceForge Privoxy team. http://www.privoxy.org/
+ * Copyright : Written by and Copyright (C) 2001-2017
+ * members of the Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
- * by and Copyright (C) 1997 Anonymous Coders and
+ * by and Copyright (C) 1997 Anonymous Coders and
* Junkbusters Corporation. http://www.junkbusters.com
*
- * This program is free software; you can redistribute it
+ * This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
* Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at
@@ -72,8 +68,6 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.138 2011/07/08 13:27:31 fabiankeil Exp $"
/* jcc.h is for mutex semaphore globals only */
#include "jcc.h"
-const char cgi_h_rcs[] = CGI_H_VERSION;
-
/*
* List of CGI functions: name, handler, description
* Note: Do NOT use single quotes in the description;
@@ -85,126 +79,139 @@ static const struct cgi_dispatcher cgi_dispatchers[] = {
"Privoxy main page",
TRUE },
#ifdef FEATURE_GRACEFUL_TERMINATION
- { "die",
- cgi_die,
+ { "die",
+ cgi_die,
"Shut down - Do not deploy this build in a production environment, "
"this is a one click Denial Of Service attack!!!",
- FALSE },
+ FALSE },
#endif
- { "show-status",
- cgi_show_status,
+ { "show-status",
+ cgi_show_status,
#ifdef FEATURE_CGI_EDIT_ACTIONS
"View & change the current configuration",
#else
"View the current configuration",
#endif
- TRUE },
- { "show-version",
- cgi_show_version,
- "View the source code version numbers",
- TRUE },
- { "show-request",
- cgi_show_request,
+ TRUE },
+#ifdef FEATURE_CLIENT_TAGS
+ /*
+ * This is marked as harmless because despite the description
+ * used in the menu the actual toggling is done through another
+ * path ("/toggle-client-tag").
+ */
+ { "client-tags",
+ cgi_show_client_tags,
+ "View or toggle the tags that can be set based on the clients address",
+ TRUE },
+#endif
+ { "show-request",
+ cgi_show_request,
"View the request headers",
- TRUE },
+ TRUE },
{ "show-url-info",
- cgi_show_url_info,
+ cgi_show_url_info,
"Look up which actions apply to a URL and why",
TRUE },
#ifdef FEATURE_TOGGLE
{ "toggle",
- cgi_toggle,
+ cgi_toggle,
"Toggle Privoxy on or off",
FALSE },
#endif /* def FEATURE_TOGGLE */
+#ifdef FEATURE_CLIENT_TAGS
+ { "toggle-client-tag",
+ cgi_toggle_client_tag,
+ NULL,
+ FALSE },
+#endif
#ifdef FEATURE_CGI_EDIT_ACTIONS
{ "edit-actions", /* Edit the actions list */
- cgi_edit_actions,
+ cgi_edit_actions,
NULL, FALSE },
{ "eaa", /* Shortcut for edit-actions-add-url-form */
- cgi_edit_actions_add_url_form,
+ cgi_edit_actions_add_url_form,
NULL, FALSE },
{ "eau", /* Shortcut for edit-actions-url-form */
- cgi_edit_actions_url_form,
+ cgi_edit_actions_url_form,
NULL, FALSE },
{ "ear", /* Shortcut for edit-actions-remove-url-form */
- cgi_edit_actions_remove_url_form,
+ cgi_edit_actions_remove_url_form,
NULL, FALSE },
{ "eal", /* Shortcut for edit-actions-list */
- cgi_edit_actions_list,
+ cgi_edit_actions_list,
NULL, FALSE },
{ "eafu", /* Shortcut for edit-actions-for-url */
- cgi_edit_actions_for_url,
+ cgi_edit_actions_for_url,
NULL, FALSE },
{ "eas", /* Shortcut for edit-actions-submit */
- cgi_edit_actions_submit,
+ cgi_edit_actions_submit,
NULL, FALSE },
{ "easa", /* Shortcut for edit-actions-section-add */
- cgi_edit_actions_section_add,
+ cgi_edit_actions_section_add,
NULL, FALSE },
{ "easr", /* Shortcut for edit-actions-section-remove */
- cgi_edit_actions_section_remove,
+ cgi_edit_actions_section_remove,
NULL, FALSE },
{ "eass", /* Shortcut for edit-actions-section-swap */
- cgi_edit_actions_section_swap,
+ cgi_edit_actions_section_swap,
NULL, FALSE },
{ "edit-actions-for-url",
- cgi_edit_actions_for_url,
+ cgi_edit_actions_for_url,
NULL, FALSE /* Edit the actions for (a) specified URL(s) */ },
{ "edit-actions-list",
- cgi_edit_actions_list,
+ cgi_edit_actions_list,
NULL, TRUE /* Edit the actions list */ },
{ "edit-actions-submit",
- cgi_edit_actions_submit,
+ cgi_edit_actions_submit,
NULL, FALSE /* Change the actions for (a) specified URL(s) */ },
{ "edit-actions-url",
- cgi_edit_actions_url,
+ cgi_edit_actions_url,
NULL, FALSE /* Change a URL pattern in the actionsfile */ },
{ "edit-actions-url-form",
- cgi_edit_actions_url_form,
+ cgi_edit_actions_url_form,
NULL, FALSE /* Form to change a URL pattern in the actionsfile */ },
{ "edit-actions-add-url",
- cgi_edit_actions_add_url,
+ cgi_edit_actions_add_url,
NULL, FALSE /* Add a URL pattern to the actionsfile */ },
{ "edit-actions-add-url-form",
- cgi_edit_actions_add_url_form,
+ cgi_edit_actions_add_url_form,
NULL, FALSE /* Form to add a URL pattern to the actionsfile */ },
{ "edit-actions-remove-url",
- cgi_edit_actions_remove_url,
+ cgi_edit_actions_remove_url,
NULL, FALSE /* Remove a URL pattern from the actionsfile */ },
{ "edit-actions-remove-url-form",
- cgi_edit_actions_remove_url_form,
+ cgi_edit_actions_remove_url_form,
NULL, FALSE /* Form to remove a URL pattern from the actionsfile */ },
{ "edit-actions-section-add",
- cgi_edit_actions_section_add,
+ cgi_edit_actions_section_add,
NULL, FALSE /* Remove a section from the actionsfile */ },
{ "edit-actions-section-remove",
- cgi_edit_actions_section_remove,
+ cgi_edit_actions_section_remove,
NULL, FALSE /* Remove a section from the actionsfile */ },
{ "edit-actions-section-swap",
- cgi_edit_actions_section_swap,
+ cgi_edit_actions_section_swap,
NULL, FALSE /* Swap two sections in the actionsfile */ },
#endif /* def FEATURE_CGI_EDIT_ACTIONS */
- { "error-favicon.ico",
- cgi_send_error_favicon,
+ { "error-favicon.ico",
+ cgi_send_error_favicon,
NULL, TRUE /* Sends the favicon image for error pages. */ },
- { "favicon.ico",
- cgi_send_default_favicon,
+ { "favicon.ico",
+ cgi_send_default_favicon,
NULL, TRUE /* Sends the default favicon image. */ },
- { "robots.txt",
- cgi_robots_txt,
- NULL, TRUE /* Sends a robots.txt file to tell robots to go away. */ },
+ { "robots.txt",
+ cgi_robots_txt,
+ NULL, TRUE /* Sends a robots.txt file to tell robots to go away. */ },
{ "send-banner",
- cgi_send_banner,
+ cgi_send_banner,
NULL, TRUE /* Send a built-in image */ },
{ "send-stylesheet",
- cgi_send_stylesheet,
+ cgi_send_stylesheet,
NULL, FALSE /* Send templates/cgi-style.css */ },
{ "t",
- cgi_transparent_image,
+ cgi_transparent_image,
NULL, TRUE /* Send a transparent image (short name) */ },
{ "url-info-osd.xml",
- cgi_send_url_info_osd,
+ cgi_send_url_info_osd,
NULL, TRUE /* Send templates/url-info-osd.xml */ },
{ "user-manual",
cgi_send_user_manual,
@@ -237,7 +244,7 @@ const char image_pattern_data[] =
"\000\000\000\000\111\105\116\104\256\102\140\202";
/*
- * 1x1 transparant PNG.
+ * 1x1 transparent PNG.
*/
const char image_blank_data[] =
"\211\120\116\107\015\012\032\012\000\000\000\015\111\110\104\122"
@@ -260,7 +267,7 @@ const char image_pattern_data[] =
"\270\005\000\073";
/*
- * 1x1 transparant GIF.
+ * 1x1 transparent GIF.
*/
const char image_blank_data[] =
"GIF89a\001\000\001\000\200\000\000\377\377\377\000\000"
@@ -287,7 +294,7 @@ static struct map *parse_cgi_parameters(char *argstring);
/*********************************************************************
- *
+ *
* Function : dispatch_cgi
*
* Description : Checks if a request URL has either the magical
@@ -317,15 +324,15 @@ struct http_response *dispatch_cgi(struct client_state *csp)
/* Either the host matches CGI_SITE_1_HOST ..*/
if ( ( (0 == strcmpic(host, CGI_SITE_1_HOST))
|| (0 == strcmpic(host, CGI_SITE_1_HOST ".")))
- && (path[0] == '/') )
+ && (path[0] == '/'))
{
/* ..then the path will all be for us. Remove leading '/' */
path++;
}
/* Or it's the host part CGI_SITE_2_HOST, and the path CGI_SITE_2_PATH */
- else if ( ( (0 == strcmpic(host, CGI_SITE_2_HOST ))
- || (0 == strcmpic(host, CGI_SITE_2_HOST ".")) )
- && (0 == strncmpic(path, CGI_SITE_2_PATH, strlen(CGI_SITE_2_PATH))) )
+ else if (( (0 == strcmpic(host, CGI_SITE_2_HOST))
+ || (0 == strcmpic(host, CGI_SITE_2_HOST ".")))
+ && (0 == strncmpic(path, CGI_SITE_2_PATH, strlen(CGI_SITE_2_PATH))))
{
/* take everything following CGI_SITE_2_PATH */
path += strlen(CGI_SITE_2_PATH);
@@ -349,7 +356,22 @@ struct http_response *dispatch_cgi(struct client_state *csp)
return NULL;
}
- /*
+ if (strcmpic(csp->http->gpc, "GET")
+ && strcmpic(csp->http->gpc, "HEAD"))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "CGI request with unsupported method received: %s", csp->http->gpc);
+ /*
+ * The CGI pages currently only support GET and HEAD requests.
+ *
+ * If the client used a different method, ditch any data following
+ * the current headers to reduce the likelihood of parse errors
+ * with the following request.
+ */
+ csp->client_iob->eod = csp->client_iob->cur;
+ }
+
+ /*
* This is a CGI call.
*/
@@ -394,7 +416,7 @@ static char *grep_cgi_referrer(const struct client_state *csp)
/*********************************************************************
- *
+ *
* Function : referrer_is_safe
*
* Description : Decides whether we trust the Referer for
@@ -412,6 +434,7 @@ static int referrer_is_safe(const struct client_state *csp)
{
char *referrer;
static const char alternative_prefix[] = "http://" CGI_SITE_1_HOST "/";
+ const char *trusted_cgi_referrer = csp->config->trusted_cgi_referrer;
referrer = grep_cgi_referrer(csp);
@@ -430,6 +453,18 @@ static int referrer_is_safe(const struct client_state *csp)
return TRUE;
}
+ else if ((trusted_cgi_referrer != NULL) && (0 == strncmp(referrer,
+ trusted_cgi_referrer, strlen(trusted_cgi_referrer))))
+ {
+ /*
+ * After some more testing this block should be merged with
+ * the previous one or the log level should bedowngraded.
+ */
+ log_error(LOG_LEVEL_INFO, "Granting access to %s based on trusted referrer %s",
+ csp->http->url, referrer);
+
+ return TRUE;
+ }
else
{
/* Untrustworthy referrer */
@@ -442,7 +477,7 @@ static int referrer_is_safe(const struct client_state *csp)
}
/*********************************************************************
- *
+ *
* Function : dispatch_known_cgi
*
* Description : Processes a CGI once dispatch_cgi has determined that
@@ -480,12 +515,15 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp,
{
query_args_start++;
}
- if (*query_args_start == '/')
+ if (*query_args_start == '/')
{
*query_args_start++ = '\0';
- if ((param_list = new_map()))
- {
- map(param_list, "file", 1, url_decode(query_args_start), 0);
+ param_list = new_map();
+ err = map(param_list, "file", 1, url_decode(query_args_start), 0);
+ if (JB_ERR_OK != err) {
+ free(param_list);
+ free(path_copy);
+ return cgi_error_memory();
}
}
else
@@ -515,7 +553,7 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp,
return cgi_error_memory();
}
- /*
+ /*
* Find and start the right CGI function
*/
d = cgi_dispatchers;
@@ -579,8 +617,8 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp,
d++;
}
}
-
-
+
+
/*********************************************************************
*
* Function : parse_cgi_parameters
@@ -597,16 +635,31 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp,
static struct map *parse_cgi_parameters(char *argstring)
{
char *p;
- char *vector[BUFFER_SIZE];
+ char **vector;
int pairs, i;
struct map *cgi_params;
- if (NULL == (cgi_params = new_map()))
+ /*
+ * XXX: This estimate is guaranteed to be high enough as we
+ * let ssplit() ignore empty fields, but also a bit wasteful.
+ * The same hack is used in get_last_url() so it looks like
+ * a real solution is needed.
+ */
+ size_t max_segments = strlen(argstring) / 2;
+ if (max_segments == 0)
{
- return NULL;
+ /*
+ * XXX: If the argstring is empty, there's really
+ * no point in creating a param list, but currently
+ * other parts of Privoxy depend on the list's existence.
+ */
+ max_segments = 1;
}
+ vector = malloc_or_die(max_segments * sizeof(char *));
- /*
+ cgi_params = new_map();
+
+ /*
* IE 5 does, of course, violate RFC 2316 Sect 4.1 and sends
* the fragment identifier along with the request, so we must
* cut it off here, so it won't pollute the CGI params:
@@ -616,7 +669,14 @@ static struct map *parse_cgi_parameters(char *argstring)
*p = '\0';
}
- pairs = ssplit(argstring, "&", vector, SZ(vector), 1, 1);
+ pairs = ssplit(argstring, "&", vector, max_segments);
+ assert(pairs != -1);
+ if (pairs == -1)
+ {
+ freez(vector);
+ free_map(cgi_params);
+ return NULL;
+ }
for (i = 0; i < pairs; i++)
{
@@ -625,12 +685,15 @@ static struct map *parse_cgi_parameters(char *argstring)
*p = '\0';
if (map(cgi_params, url_decode(vector[i]), 0, url_decode(++p), 0))
{
+ freez(vector);
free_map(cgi_params);
return NULL;
}
}
}
+ freez(vector);
+
return cgi_params;
}
@@ -672,22 +735,22 @@ char get_char_param(const struct map *parameters,
*
* Function : get_string_param
*
- * Description : Get a string paramater, to be used as an
- * ACTION_STRING or ACTION_MULTI paramater.
+ * Description : Get a string parameter, to be used as an
+ * ACTION_STRING or ACTION_MULTI parameter.
* Validates the input to prevent stupid/malicious
* users from corrupting their action file.
*
* Parameters :
* 1 : parameters = map of cgi parameters
* 2 : param_name = The name of the parameter to read
- * 3 : pparam = destination for paramater. Allocated as
+ * 3 : pparam = destination for parameter. Allocated as
* part of the map "parameters", so don't free it.
* Set to NULL if not specified.
*
- * Returns : JB_ERR_OK on success, or if the paramater
+ * Returns : JB_ERR_OK on success, or if the parameter
* was not specified.
* JB_ERR_MEMORY on out-of-memory.
- * JB_ERR_CGI_PARAMS if the paramater is not valid.
+ * JB_ERR_CGI_PARAMS if the parameter is not valid.
*
*********************************************************************/
jb_err get_string_param(const struct map *parameters,
@@ -726,8 +789,8 @@ jb_err get_string_param(const struct map *parameters,
s = param;
while ((ch = *s++) != '\0')
{
- if ( ((unsigned char)ch < (unsigned char)' ')
- || (ch == '}') )
+ if (((unsigned char)ch < (unsigned char)' ')
+ || (ch == '}'))
{
/* Probable hack attempt, or user accidentally used '}'. */
return JB_ERR_CGI_PARAMS;
@@ -767,15 +830,14 @@ jb_err get_number_param(struct client_state *csp,
unsigned *pvalue)
{
const char *param;
- char ch;
- unsigned value;
+ char *endptr;
assert(csp);
assert(parameters);
assert(name);
assert(pvalue);
- *pvalue = 0;
+ *pvalue = 0;
param = lookup(parameters, name);
if (!*param)
@@ -783,36 +845,12 @@ jb_err get_number_param(struct client_state *csp,
return JB_ERR_CGI_PARAMS;
}
- /* We don't use atoi because I want to check this carefully... */
-
- value = 0;
- while ((ch = *param++) != '\0')
+ *pvalue = (unsigned int)strtol(param, &endptr, 0);
+ if (*endptr != '\0')
{
- if ((ch < '0') || (ch > '9'))
- {
- return JB_ERR_CGI_PARAMS;
- }
-
- ch = (char)(ch - '0');
-
- /* Note:
- *
- * defines UINT_MAX
- *
- * (UINT_MAX - ch) / 10 is the largest number that
- * can be safely multiplied by 10 then have ch added.
- */
- if (value > ((UINT_MAX - (unsigned)ch) / 10U))
- {
- return JB_ERR_CGI_PARAMS;
- }
-
- value = value * 10 + (unsigned)ch;
+ return JB_ERR_CGI_PARAMS;
}
- /* Success */
- *pvalue = value;
-
return JB_ERR_OK;
}
@@ -867,7 +905,7 @@ struct http_response *error_response(struct client_state *csp,
if (!err) err = map(exports, "host", 1, html_encode(csp->http->host), 0);
if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0);
if (!err) err = map(exports, "path", 1, html_encode_and_free_original(path), 0);
- if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1);
+ if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1);
if (!err)
{
err = map(exports, "host-ip", 1, html_encode(csp->http->host_ip_addr_str), 0);
@@ -937,6 +975,12 @@ struct http_response *error_response(struct client_state *csp,
case SOCKS_5:
socks_type = "socks5-";
break;
+ case SOCKS_5T:
+ socks_type = "socks5t-";
+ break;
+ case FORWARD_WEBSERVER:
+ socks_type = "webserver-";
+ break;
default:
log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type);
}
@@ -1016,6 +1060,8 @@ jb_err cgi_error_disabled(const struct client_state *csp,
assert(csp);
assert(rsp);
+ rsp->status = strdup_or_die("403 Request not trusted or feature disabled");
+
if (NULL == (exports = default_exports(csp, "cgi-error-disabled")))
{
return JB_ERR_MEMORY;
@@ -1098,7 +1144,7 @@ struct http_response *cgi_error_memory(void)
*
* Description : Almost-CGI function that is called if a template
* cannot be loaded. Note this is not a true CGI,
- * it takes a template name rather than a map of
+ * it takes a template name rather than a map of
* parameters.
*
* Parameters :
@@ -1108,7 +1154,7 @@ struct http_response *cgi_error_memory(void)
* be loaded.
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_error_no_template(const struct client_state *csp,
@@ -1155,11 +1201,7 @@ jb_err cgi_error_no_template(const struct client_state *csp,
rsp->head_length = 0;
rsp->is_static = 0;
- rsp->body = malloc(body_size);
- if (rsp->body == NULL)
- {
- return JB_ERR_MEMORY;
- }
+ rsp->body = malloc_or_die(body_size);
strlcpy(rsp->body, body_prefix, body_size);
strlcat(rsp->body, template_name, body_size);
strlcat(rsp->body, body_suffix, body_size);
@@ -1183,7 +1225,7 @@ jb_err cgi_error_no_template(const struct client_state *csp,
* In this context, "unexpected" means "anything other
* than JB_ERR_MEMORY or JB_ERR_CGI_PARAMS" - CGIs are
* expected to handle all other errors internally,
- * since they can give more relavent error messages
+ * since they can give more relevant error messages
* that way.
*
* Note this is not a true CGI, it takes an error
@@ -1195,7 +1237,7 @@ jb_err cgi_error_no_template(const struct client_state *csp,
* 3 : error_to_report = Error code to report.
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_error_unknown(const struct client_state *csp,
@@ -1235,11 +1277,7 @@ jb_err cgi_error_unknown(const struct client_state *csp,
rsp->is_static = 0;
rsp->crunch_reason = INTERNAL_ERROR;
- rsp->body = malloc(body_size);
- if (rsp->body == NULL)
- {
- return JB_ERR_MEMORY;
- }
+ rsp->body = malloc_or_die(body_size);
snprintf(rsp->body, body_size, "%s%d%s", body_prefix, error_to_report, body_suffix);
@@ -1259,7 +1297,7 @@ jb_err cgi_error_unknown(const struct client_state *csp,
*
* Description : CGI function that is called if the parameters
* (query string) for a CGI were wrong.
- *
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : rsp = http_response data structure for output
@@ -1267,7 +1305,7 @@ jb_err cgi_error_unknown(const struct client_state *csp,
* CGI Parameters : none
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_error_bad_param(const struct client_state *csp,
@@ -1289,7 +1327,7 @@ jb_err cgi_error_bad_param(const struct client_state *csp,
/*********************************************************************
*
- * Function : cgi_redirect
+ * Function : cgi_redirect
*
* Description : CGI support function to generate a HTTP redirect
* message
@@ -1301,7 +1339,7 @@ jb_err cgi_error_bad_param(const struct client_state *csp,
* CGI Parameters : None
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err cgi_redirect (struct http_response * rsp, const char *target)
@@ -1336,8 +1374,8 @@ jb_err cgi_redirect (struct http_response * rsp, const char *target)
* FIXME: I currently only work for actions, and would
* like to be generalized for other topics.
*
- * Parameters :
- * 1 : item = item (will NOT be free()d.)
+ * Parameters :
+ * 1 : item = item (will NOT be free()d.)
* It is assumed to be HTML-safe.
* 2 : config = The current configuration.
*
@@ -1382,7 +1420,7 @@ char *add_help_link(const char *item,
* HTTP header - e.g.:
* "Sun, 06 Nov 1994 08:49:37 GMT"
*
- * Parameters :
+ * Parameters :
* 1 : time_offset = Time returned will be current time
* plus this number of seconds.
* 2 : buf = Destination for result.
@@ -1395,12 +1433,6 @@ char *add_help_link(const char *item,
*********************************************************************/
void get_http_time(int time_offset, char *buf, size_t buffer_size)
{
- static const char day_names[7][4] =
- { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" };
- static const char month_names[12][4] =
- { "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
-
struct tm *t;
time_t current_time;
#if defined(HAVE_GMTIME_R)
@@ -1425,17 +1457,7 @@ void get_http_time(int time_offset, char *buf, size_t buffer_size)
t = gmtime(¤t_time);
#endif
- /* Format: "Sun, 06 Nov 1994 08:49:37 GMT" */
- snprintf(buf, buffer_size,
- "%s, %02d %s %4d %02d:%02d:%02d GMT",
- day_names[t->tm_wday],
- t->tm_mday,
- month_names[t->tm_mon],
- t->tm_year + 1900,
- t->tm_hour,
- t->tm_min,
- t->tm_sec
- );
+ strftime(buf, buffer_size, "%a, %d %b %Y %H:%M:%S GMT", t);
}
@@ -1507,31 +1529,20 @@ static void get_locale_time(char *buf, size_t buffer_size)
char *compress_buffer(char *buffer, size_t *buffer_length, int compression_level)
{
char *compressed_buffer;
- size_t new_length;
+ uLongf new_length;
assert(-1 <= compression_level && compression_level <= 9);
- /*
- * If the compression level is 0 or if the entropy
- * is high, the "compressing" data will take more
- * room then the uncompressed data due to the zlib
- * overhead.
- *
- * XXX: The overhead isn't constant and 30 bytes
- * may not be enough for everybody
- */
- new_length = *buffer_length + 30;
+ /* Let zlib figure out the maximum length of the compressed data */
+ new_length = compressBound((uLongf)*buffer_length);
- compressed_buffer = malloc(new_length);
- if (NULL == compressed_buffer)
- {
- log_error(LOG_LEVEL_FATAL,
- "Out of memory allocation compression buffer.");
- }
+ compressed_buffer = malloc_or_die(new_length);
if (Z_OK != compress2((Bytef *)compressed_buffer, &new_length,
(Bytef *)buffer, *buffer_length, compression_level))
{
- log_error(LOG_LEVEL_ERROR, "Error in compress2()");
+ log_error(LOG_LEVEL_ERROR,
+ "compress2() failed. Buffer size: %d, compression level: %d.",
+ new_length, compression_level);
freez(compressed_buffer);
return NULL;
}
@@ -1540,7 +1551,7 @@ char *compress_buffer(char *buffer, size_t *buffer_length, int compression_level
"Compressed content from %d to %d bytes. Compression level: %d",
*buffer_length, new_length, compression_level);
- *buffer_length = new_length;
+ *buffer_length = (size_t)new_length;
return compressed_buffer;
@@ -1564,7 +1575,7 @@ char *compress_buffer(char *buffer, size_t *buffer_length, int compression_level
* On error, free()s rsp and returns cgi_error_memory()
*
*********************************************************************/
-struct http_response *finish_http_response(const struct client_state *csp, struct http_response *rsp)
+struct http_response *finish_http_response(struct client_state *csp, struct http_response *rsp)
{
char buf[BUFFER_SIZE];
jb_err err;
@@ -1577,16 +1588,28 @@ struct http_response *finish_http_response(const struct client_state *csp, struc
return rsp;
}
- /*
+ /*
+ * Add "Cross-origin resource sharing" (CORS) headers if enabled
+ */
+ if (NULL != csp->config->cors_allowed_origin)
+ {
+ enlist_unique_header(rsp->headers, "Access-Control-Allow-Origin",
+ csp->config->cors_allowed_origin);
+ enlist_unique_header(rsp->headers, "Access-Control-Allow-Methods", "GET,POST");
+ enlist_unique_header(rsp->headers, "Access-Control-Allow-Headers", "X-Requested-With");
+ enlist_unique_header(rsp->headers, "Access-Control-Max-Age", "86400");
+ }
+
+ /*
* Fill in the HTTP Status, using HTTP/1.1
* unless the client asked for HTTP/1.0.
*/
snprintf(buf, sizeof(buf), "%s %s",
- strcmpic(csp->http->ver, "HTTP/1.0") ? "HTTP/1.1" : "HTTP/1.0",
+ strcmpic(csp->http->version, "HTTP/1.0") ? "HTTP/1.1" : "HTTP/1.0",
rsp->status ? rsp->status : "200 OK");
err = enlist_first(rsp->headers, buf);
- /*
+ /*
* Set the Content-Length
*/
if (rsp->content_length == 0)
@@ -1614,6 +1637,11 @@ struct http_response *finish_http_response(const struct client_state *csp, struc
if (!err)
{
snprintf(buf, sizeof(buf), "Content-Length: %d", (int)rsp->content_length);
+ /*
+ * Signal serve() that the client will be able to figure out
+ * the end of the response without having to close the connection.
+ */
+ csp->flags |= CSP_FLAG_SERVER_CONTENT_LENGTH_SET;
err = enlist(rsp->headers, buf);
}
@@ -1652,7 +1680,7 @@ struct http_response *finish_http_response(const struct client_state *csp, struc
* Last-Modified: set to date/time the page was last changed.
* Expires: set to date/time page next needs reloading.
* Cache-Control: set to "no-cache" if applicable.
- *
+ *
* See http://www.w3.org/Protocols/rfc2068/rfc2068
*/
if (rsp->is_static)
@@ -1723,12 +1751,13 @@ struct http_response *finish_http_response(const struct client_state *csp, struc
if (!err) err = enlist_unique_header(rsp->headers, "Pragma", "no-cache");
}
- if (!err && !(csp->flags & CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE))
+ if (!err && (!(csp->flags & CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE)
+ || (csp->flags & CSP_FLAG_SERVER_SOCKET_TAINTED)))
{
err = enlist_unique_header(rsp->headers, "Connection", "close");
}
- /*
+ /*
* Write the head
*/
if (err || (NULL == (rsp->head = list_to_text(rsp->headers))))
@@ -1808,11 +1837,11 @@ void free_http_response(struct http_response *rsp)
* following an #include statament
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
* JB_ERR_FILE if the template file cannot be read
*
*********************************************************************/
-jb_err template_load(const struct client_state *csp, char **template_ptr,
+jb_err template_load(const struct client_state *csp, char **template_ptr,
const char *templatename, int recursive)
{
jb_err err;
@@ -1894,7 +1923,7 @@ jb_err template_load(const struct client_state *csp, char **template_ptr,
}
free(full_path);
- /*
+ /*
* Read the file, ignoring comments, and honoring #include
* statements, unless we're already called recursively.
*
@@ -1982,7 +2011,7 @@ jb_err template_fill(char **template_ptr, const struct map *exports)
file_buffer = *template_ptr;
size = strlen(file_buffer) + 1;
- /*
+ /*
* Assemble pcrs joblist from exports map
*/
for (m = exports->first; m != NULL; m = m->next)
@@ -2000,7 +2029,7 @@ jb_err template_fill(char **template_ptr, const struct map *exports)
else
{
/*
- * Treat the "replace with" text as a literal string -
+ * Treat the "replace with" text as a literal string -
* no quoting needed, no backreferences allowed.
* ("Trivial" ['T'] flag).
*/
@@ -2014,7 +2043,7 @@ jb_err template_fill(char **template_ptr, const struct map *exports)
/* Make and run job. */
job = pcrs_compile(buf, m->value, flags, &error);
- if (job == NULL)
+ if (job == NULL)
{
if (error == PCRS_ERR_NOMEM)
{
@@ -2041,10 +2070,10 @@ jb_err template_fill(char **template_ptr, const struct map *exports)
if (error < 0)
{
- /*
+ /*
* Substitution failed, keep the original buffer,
* log the problem and ignore it.
- *
+ *
* The user might see some unresolved @CGI_VARIABLES@,
* but returning a special CGI error page seems unreasonable
* and could mask more important error messages.
@@ -2096,7 +2125,7 @@ jb_err template_fill_for_cgi(const struct client_state *csp,
struct http_response *rsp)
{
jb_err err;
-
+
assert(csp);
assert(templatename);
assert(exports);
@@ -2105,15 +2134,12 @@ jb_err template_fill_for_cgi(const struct client_state *csp,
err = template_load(csp, &rsp->body, templatename, 0);
if (err == JB_ERR_FILE)
{
- free_map(exports);
- return cgi_error_no_template(csp, rsp, templatename);
+ err = cgi_error_no_template(csp, rsp, templatename);
}
- else if (err)
+ else if (err == JB_ERR_OK)
{
- free_map(exports);
- return err; /* JB_ERR_MEMORY */
+ err = template_fill(&rsp->body, exports);
}
- err = template_fill(&rsp->body, exports);
free_map(exports);
return err;
}
@@ -2141,24 +2167,21 @@ struct map *default_exports(const struct client_state *csp, const char *caller)
struct map * exports;
int local_help_exists = 0;
char *ip_address = NULL;
+ char *port = NULL;
char *hostname = NULL;
assert(csp);
exports = new_map();
- if (exports == NULL)
- {
- return NULL;
- }
if (csp->config->hostname)
{
- get_host_information(csp->cfd, &ip_address, NULL);
+ get_host_information(csp->cfd, &ip_address, &port, NULL);
hostname = strdup(csp->config->hostname);
}
else
{
- get_host_information(csp->cfd, &ip_address, &hostname);
+ get_host_information(csp->cfd, &ip_address, &port, &hostname);
}
err = map(exports, "version", 1, html_encode(VERSION), 0);
@@ -2166,6 +2189,8 @@ struct map *default_exports(const struct client_state *csp, const char *caller)
if (!err) err = map(exports, "time", 1, html_encode(buf), 0);
if (!err) err = map(exports, "my-ip-address", 1, html_encode(ip_address ? ip_address : "unknown"), 0);
freez(ip_address);
+ if (!err) err = map(exports, "my-port", 1, html_encode(port ? port : "unknown"), 0);
+ freez(port);
if (!err) err = map(exports, "my-hostname", 1, html_encode(hostname ? hostname : "unknown"), 0);
freez(hostname);
if (!err) err = map(exports, "homepage", 1, html_encode(HOME_PAGE_URL), 0);
@@ -2190,10 +2215,7 @@ struct map *default_exports(const struct client_state *csp, const char *caller)
if (!err) err = map_block_killer(exports, "can-toggle");
#endif
- snprintf(buf, sizeof(buf), "%d", csp->config->hport);
- if (!err) err = map(exports, "my-port", 1, buf, 1);
-
- if(!strcmp(CODE_STATUS, "stable"))
+ if (!strcmp(CODE_STATUS, "stable"))
{
if (!err) err = map_block_killer(exports, "unstable");
}
@@ -2243,12 +2265,12 @@ struct map *default_exports(const struct client_state *csp, const char *caller)
* "if--start.*if--end" to the given
* export list.
*
- * Parameters :
+ * Parameters :
* 1 : exports = map to extend
* 2 : name = name of conditional block
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err map_block_killer(struct map *exports, const char *name)
@@ -2272,12 +2294,12 @@ jb_err map_block_killer(struct map *exports, const char *name)
* by map-block-killer, to save a few bytes.
* i.e. removes "@if--start@" and "@if--end@"
*
- * Parameters :
+ * Parameters :
* 1 : exports = map to extend
* 2 : name = name of conditional block
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err map_block_keep(struct map *exports, const char *name)
@@ -2318,13 +2340,13 @@ jb_err map_block_keep(struct map *exports, const char *name)
* The control structure and one of the alternatives
* will be hidden.
*
- * Parameters :
+ * Parameters :
* 1 : exports = map to extend
* 2 : name = name of conditional block
* 3 : choose_first = nonzero for first, zero for second.
*
* Returns : JB_ERR_OK on success
- * JB_ERR_MEMORY on out-of-memory error.
+ * JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
jb_err map_conditional(struct map *exports, const char *name, int choose_first)
@@ -2356,7 +2378,7 @@ jb_err map_conditional(struct map *exports, const char *name, int choose_first)
*
* Function : make_menu
*
- * Description : Returns an HTML-formatted menu of the available
+ * Description : Returns an HTML-formatted menu of the available
* unhidden CGIs, excluding the one given in
* and the toggle CGI if toggling is disabled.
*
@@ -2364,7 +2386,7 @@ jb_err map_conditional(struct map *exports, const char *name, int choose_first)
* 1 : self = name of CGI to leave out, can be NULL for
* complete listing.
* 2 : feature_flags = feature bitmap from csp->config
- *
+ *
*
* Returns : menu string, or NULL on out-of-memory error.
*
@@ -2405,7 +2427,7 @@ char *make_menu(const char *self, const unsigned feature_flags)
html_encoded_prefix = html_encode(CGI_PREFIX);
if (html_encoded_prefix == NULL)
{
- return NULL;
+ return NULL;
}
else
{