X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=cgi.c;h=e377ad2931899e12434c2784688b50f8afbef874;hb=460cbef0b136baa4ca9d590884503859dac16661;hp=b9863c7b099386c03d2396deed1e63c428a7cf8c;hpb=452c573ab776a7b1947a2647648690c0cef48fde;p=privoxy.git diff --git a/cgi.c b/cgi.c index b9863c7b..e377ad29 100644 --- a/cgi.c +++ b/cgi.c @@ -1,4 +1,4 @@ -const char cgi_rcs[] = "$Id: cgi.c,v 1.85 2007/01/05 14:19:02 fabiankeil Exp $"; +const char cgi_rcs[] = "$Id: cgi.c,v 1.91 2007/01/27 13:09:16 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgi.c,v $ @@ -11,7 +11,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.85 2007/01/05 14:19:02 fabiankeil Exp $"; * Functions declared include: * * - * Copyright : Written by and Copyright (C) 2001-2004, 2006 + * Copyright : Written by and Copyright (C) 2001-2004, 2006-2007 * the SourceForge Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -38,6 +38,36 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.85 2007/01/05 14:19:02 fabiankeil Exp $"; * * Revisions : * $Log: cgi.c,v $ + * Revision 1.91 2007/01/27 13:09:16 fabiankeil + * Add new config option "templdir" to + * change the templates directory. + * + * Revision 1.90 2007/01/25 13:47:26 fabiankeil + * Added "forwarding-failed" template support for error_response(). + * + * Revision 1.89 2007/01/23 15:51:16 fabiankeil + * Add favicon delivery functions. + * + * Revision 1.88 2007/01/23 13:14:32 fabiankeil + * - Map variables that aren't guaranteed to be + * pure ASCII html_encoded. + * - Use CGI_PREFIX to generate URL for user manual + * CGI page to make sure CGI_SITE_2_PATH is included. + * + * Revision 1.87 2007/01/22 15:34:13 fabiankeil + * - "Protect" against a rather lame JavaScript-based + * Privoxy detection "attack" and check the referrer + * before delivering the CGI style sheet. + * - Move referrer check for unsafe CGI pages into + * referrer_is_safe() and log the result. + * - Map @url@ in cgi-error-disabled page. + * It's required for the "go there anyway" link. + * - Mark *csp as immutable for grep_cgi_referrer(). + * + * Revision 1.86 2007/01/09 11:54:26 fabiankeil + * Fix strdup() error handling in cgi_error_unknown() + * and cgi_error_no_template(). Reported by Markus Elfring. + * * Revision 1.85 2007/01/05 14:19:02 fabiankeil * Handle pcrs_execute() errors in template_fill() properly. * @@ -542,6 +572,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.85 2007/01/05 14:19:02 fabiankeil Exp $"; #include "encode.h" #include "ssplit.h" #include "errlog.h" +#include "filters.h" #include "miscutil.h" #include "cgisimple.h" #ifdef FEATURE_CGI_EDIT_ACTIONS @@ -666,6 +697,12 @@ static const struct cgi_dispatcher cgi_dispatchers[] = { cgi_edit_actions_section_swap, NULL, FALSE /* Swap two sections in the actionsfile */ }, #endif /* def FEATURE_CGI_EDIT_ACTIONS */ + { "error-favicon.ico", + cgi_send_error_favicon, + NULL, TRUE /* Sends the favicon image for error pages. */ }, + { "favicon.ico", + cgi_send_default_favicon, + NULL, TRUE /* Sends the default favicon image. */ }, { "robots.txt", cgi_robots_txt, NULL, TRUE /* Sends a robots.txt file to tell robots to go away. */ }, @@ -674,7 +711,7 @@ static const struct cgi_dispatcher cgi_dispatchers[] = { NULL, TRUE /* Send a built-in image */ }, { "send-stylesheet", cgi_send_stylesheet, - NULL, TRUE /* Send templates/cgi-style.css */ }, + NULL, FALSE /* Send templates/cgi-style.css */ }, { "t", cgi_transparent_image, NULL, TRUE /* Send a transparent image (short name) */ }, @@ -841,7 +878,7 @@ struct http_response *dispatch_cgi(struct client_state *csp) * Returns : pointer to value (no copy!), or NULL if none found. * *********************************************************************/ -char *grep_cgi_referrer(struct client_state *csp) +char *grep_cgi_referrer(const struct client_state *csp) { struct list_entry *p; @@ -858,6 +895,54 @@ char *grep_cgi_referrer(struct client_state *csp) } +/********************************************************************* + * + * Function : referrer_is_safe + * + * Description : Decides whether we trust the Referer for + * CGI pages which are only meant to be reachable + * through Privoxy's web interface directly. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * + * Returns : TRUE if the referrer is safe, or + * FALSE if the referrer is unsafe or not set. + * + *********************************************************************/ +int referrer_is_safe (const struct client_state *csp) +{ + char *referrer; + const char alternative_prefix[] = "http://" CGI_SITE_1_HOST "/"; + + referrer = grep_cgi_referrer(csp); + + if (NULL == referrer) + { + /* No referrer, no access */ + log_error(LOG_LEVEL_ERROR, "Denying access to %s. No referrer found.", + csp->http->url); + } + else if ((0 == strncmp(referrer, CGI_PREFIX, sizeof(CGI_PREFIX)-1) + || (0 == strncmp(referrer, alternative_prefix, strlen(alternative_prefix))))) + { + /* Trustworthy referrer */ + log_error(LOG_LEVEL_CGI, "Granting access to %s, referrer %s is trustworthy.", + csp->http->url, referrer); + + return TRUE; + } + else + { + /* Untrustworthy referrer */ + log_error(LOG_LEVEL_ERROR, "Denying access to %s, referrer %s isn't trustworthy.", + csp->http->url, referrer); + } + + return FALSE; + +} + /********************************************************************* * * Function : dispatch_known_cgi @@ -886,7 +971,6 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, struct http_response *rsp; char *query_args_start; char *path_copy; - char *referrer; jb_err err; if (NULL == (path_copy = strdup(path))) @@ -949,10 +1033,7 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, * If the called CGI is either harmless, or referred * from a trusted source, start it. */ - if (d->harmless - || ((NULL != (referrer = grep_cgi_referrer(csp))) - && (0 == strncmp(referrer, CGI_PREFIX, sizeof(CGI_PREFIX)-1))) - ) + if (d->harmless || referrer_is_safe(csp)) { err = (d->handler)(csp, rsp, param_list); } @@ -989,7 +1070,7 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, if (!err) { /* It worked */ - return finish_http_response(rsp); + return finish_http_response(csp, rsp); } else { @@ -1319,6 +1400,46 @@ struct http_response *error_response(struct client_state *csp, return cgi_error_memory(); } } + else if (!strcmp(templatename, "forwarding-failed")) + { + const struct forward_spec * fwd = forward_url(csp->http, csp); + if (fwd == NULL) + { + log_error(LOG_LEVEL_FATAL, "gateway spec is NULL. This shouldn't happen!"); + /* Never get here - LOG_LEVEL_FATAL causes program exit */ + } + + /* + * XXX: While the template is called forwarding-failed, + * it currently only handles socks forwarding failures. + */ + assert(fwd->type != SOCKS_NONE); + + /* + * Map failure reason, forwarding type and forwarder. + */ + if (NULL == csp->error_message) + { + /* + * Either we forgot to record the failure reason, + * or the memory allocation failed. + */ + log_error(LOG_LEVEL_ERROR, "Socks failure reason missing."); + csp->error_message = strdup("Failure reason missing. Check the log file for details."); + } + if (!err) err = map(exports, "gateway", 1, fwd->gateway_host, 1); + if (!err) map(exports, "forwarding-type", 1, (fwd->type == SOCKS_4) ? + "socks4-" : "socks4a-", 1); + if (!err) err = map(exports, "error-message", 1, html_encode(csp->error_message), 0); + + if (!err) rsp->status = strdup("503 Forwarding failure"); + if ((rsp->status == NULL) || (NULL == csp->error_message) || err) + { + free_map(exports); + free_http_response(rsp); + return cgi_error_memory(); + } + } else if (!strcmp(templatename, "connect-failed")) { rsp->status = strdup("503 Connect failed"); @@ -1337,7 +1458,7 @@ struct http_response *error_response(struct client_state *csp, return cgi_error_memory(); } - return finish_http_response(rsp); + return finish_http_response(csp, rsp); } @@ -1348,7 +1469,9 @@ struct http_response *error_response(struct client_state *csp, * Description : CGI function that is called to generate an error * response if the actions editor or toggle CGI are * accessed despite having being disabled at compile- - * or run-time. + * or run-time, or if the user followed an untrusted link + * to access a unsafe CGI feature that is only reachable + * through Privoxy directly. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -1368,10 +1491,15 @@ jb_err cgi_error_disabled(struct client_state *csp, assert(csp); assert(rsp); - if (NULL == (exports = default_exports(csp, NULL))) + if (NULL == (exports = default_exports(csp, "cgi-error-disabled"))) { return JB_ERR_MEMORY; } + if (map(exports, "url", 1, html_encode(csp->http->url), 0)) + { + /* Not important enough to do anything */ + log_error(LOG_LEVEL_ERROR, "Failed to fill in url."); + } return template_fill_for_cgi(csp, "cgi-error-disabled", exports, rsp); } @@ -1398,7 +1526,10 @@ void cgi_init_error_messages(void) "\r\n"; cgi_error_memory_response->body = "\r\n" - "500 Internal Privoxy Error\r\n" + "\r\n" + " 500 Internal Privoxy Error\r\n" + " " + "\r\n" "\r\n" "

500 Internal Privoxy Error

\r\n" "

Privoxy ran out of memory while processing your request.

\r\n" @@ -1462,7 +1593,10 @@ jb_err cgi_error_no_template(struct client_state *csp, "500 Internal Privoxy Error"; static const char body_prefix[] = "\r\n" - "500 Internal Privoxy Error\r\n" + "\r\n" + " 500 Internal Privoxy Error\r\n" + " " + "\r\n" "\r\n" "

500 Internal Privoxy Error

\r\n" "

Privoxy encountered an error while processing your request:

\r\n" @@ -1545,7 +1679,10 @@ jb_err cgi_error_unknown(struct client_state *csp, "500 Internal Privoxy Error"; static const char body_prefix[] = "\r\n" - "500 Internal Privoxy Error\r\n" + "\r\n" + " 500 Internal Privoxy Error\r\n" + " " + "\r\n" "\r\n" "

500 Internal Privoxy Error

\r\n" "

Privoxy encountered an error while processing your request:

\r\n" @@ -1788,6 +1925,8 @@ void get_http_time(int time_offset, char *buf) * * Description : Fill in the missing headers in an http response, * and flatten the headers to an http head. + * For HEAD requests the body is freed once + * the Content-Length header is set. * * Parameters : * 1 : rsp = pointer to http_response to be processed @@ -1796,7 +1935,7 @@ void get_http_time(int time_offset, char *buf) * On error, free()s rsp and returns cgi_error_memory() * *********************************************************************/ -struct http_response *finish_http_response(struct http_response *rsp) +struct http_response *finish_http_response(const struct client_state *csp, struct http_response *rsp) { char buf[BUFFER_SIZE]; jb_err err; @@ -1828,7 +1967,25 @@ struct http_response *finish_http_response(struct http_response *rsp) err = enlist(rsp->headers, buf); } - if (strncmpic(rsp->status, "302", 3)) + if (0 == strcmpic(csp->http->gpc, "head")) + { + /* + * The client only asked for the head. Dispose + * the body and log an offensive message. + * + * While it may seem to be a bit inefficient to + * prepare the body if it isn't needed, it's the + * only way to get the Content-Length right for + * dynamic pages. We could have disposed the body + * earlier, but not without duplicating the + * Content-Length setting code above. + */ + log_error(LOG_LEVEL_CGI, "Preparing to give head to %s.", csp->ip_addr_str); + freez(rsp->body); + rsp->content_length = 0; + } + + if ((rsp->status != NULL) && strncmpic(rsp->status, "302", 3)) { /* * If it's not a redirect without any content, @@ -1988,9 +2145,8 @@ void free_http_response(struct http_response *rsp) * Function : template_load * * Description : CGI support function that loads a given HTML - * template from the confdir, ignoring comment - * lines and following #include statements up to - * a depth of 1. + * template, ignoring comment lines and following + * #include statements up to a depth of 1. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -2037,11 +2193,23 @@ jb_err template_load(struct client_state *csp, char **template_ptr, } } - /* Generate full path */ + /* + * Generate full path using either templdir + * or confdir/templates as base directory. + */ + if (NULL != csp->config->templdir) + { + templates_dir_path = strdup(csp->config->templdir); + } + else + { + templates_dir_path = make_path(csp->config->confdir, "templates"); + } - templates_dir_path = make_path(csp->config->confdir, "templates"); if (templates_dir_path == NULL) { + log_error(LOG_LEVEL_ERROR, "Out of memory while generating template path for %s.", + templatename); return JB_ERR_MEMORY; } @@ -2049,6 +2217,8 @@ jb_err template_load(struct client_state *csp, char **template_ptr, free(templates_dir_path); if (full_path == NULL) { + log_error(LOG_LEVEL_ERROR, "Out of memory while generating full template path for %s.", + templatename); return JB_ERR_MEMORY; } @@ -2057,6 +2227,7 @@ jb_err template_load(struct client_state *csp, char **template_ptr, file_buffer = strdup(""); if (file_buffer == NULL) { + log_error(LOG_LEVEL_ERROR, "Not enough free memory to buffer %s.", full_path); free(full_path); return JB_ERR_MEMORY; } @@ -2338,11 +2509,13 @@ struct map *default_exports(const struct client_state *csp, const char *caller) if (!strncmpic(csp->config->usermanual, "file://", 7) || !strncmpic(csp->config->usermanual, "http", 4)) { - if (!err) err = map(exports, "user-manual", 1, csp->config->usermanual ,1); + /* Manual is located somewhere else, just link to it. */ + if (!err) err = map(exports, "user-manual", 1, html_encode(csp->config->usermanual), 0); } else { - if (!err) err = map(exports, "user-manual", 1, "http://"CGI_SITE_2_HOST"/user-manual/" ,1); + /* Manual is delivered by Privoxy. */ + if (!err) err = map(exports, "user-manual", 1, html_encode(CGI_PREFIX"user-manual/"), 0); } if (!err) err = map(exports, "actions-help-prefix", 1, ACTIONS_HELP_PREFIX ,1); #ifdef FEATURE_TOGGLE @@ -2556,11 +2729,23 @@ char *make_menu(const char *self, const unsigned feature_flags) if (d->description && strcmp(d->name, self)) { - string_append(&result, "
  • name); string_append(&result, "\">"); string_append(&result, d->description); - string_append(&result, "
    • "); + string_append(&result, "\n"); } }