X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=filters.c;h=1a1da409823f7a6ed0df34740e5f3da4222b71b4;hb=8b112119d316cae9a66f1a02644312ec1a5ce461;hp=065a2f9b90726bfa1466e9845e7d1a40d15e9352;hpb=3fae4c0f831bf0d681a20ab55e1d082d24cf5522;p=privoxy.git diff --git a/filters.c b/filters.c index 065a2f9b..1a1da409 100644 --- a/filters.c +++ b/filters.c @@ -1,4 +1,4 @@ -const char filters_rcs[] = "$Id: filters.c,v 1.41 2001/11/13 00:14:07 jongfoster Exp $"; +const char filters_rcs[] = "$Id: filters.c,v 1.63 2006/08/31 10:11:28 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/filters.c,v $ @@ -9,10 +9,11 @@ const char filters_rcs[] = "$Id: filters.c,v 1.41 2001/11/13 00:14:07 jongfoster * `block_url', `url_actions', `domain_split', * `filter_popups', `forward_url', 'redirect_url', * `ij_untrusted_url', `intercept_url', `pcrs_filter_respose', - * 'ijb_send_banner', and `trust_url' + * `ijb_send_banner', `trust_url', `gif_deanimate_response', + * `jpeg_inspect_response' * - * Copyright : Written by and Copyright (C) 2001 the SourceForge - * IJBSWA team. http://ijbswa.sourceforge.net + * Copyright : Written by and Copyright (C) 2001, 2004 the SourceForge + * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -38,6 +39,130 @@ const char filters_rcs[] = "$Id: filters.c,v 1.41 2001/11/13 00:14:07 jongfoster * * Revisions : * $Log: filters.c,v $ + * Revision 1.63 2006/08/31 10:11:28 fabiankeil + * Don't free p which is still in use and will be later + * freed by free_map(). Don't claim the referrer is unknown + * when the client didn't set one. + * + * Revision 1.62 2006/08/14 00:27:47 david__schmidt + * Feature request 595948: Re-Filter logging in single line + * + * Revision 1.61 2006/08/03 02:46:41 david__schmidt + * Incorporate Fabian Keil's patch work: http://www.fabiankeil.de/sourcecode/privoxy/ + * + * Revision 1.60 2006/07/18 14:48:46 david__schmidt + * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) + * with what was really the latest development (the v_3_0_branch branch) + * + * Revision 1.58.2.9 2006/01/29 23:10:56 david__schmidt + * Multiple filter file support + * + * Revision 1.58.2.8 2005/05/07 21:50:55 david__schmidt + * A few memory leaks plugged (mostly on error paths) + * + * Revision 1.58.2.7 2004/10/03 12:53:32 david__schmidt + * Add the ability to check jpeg images for invalid + * lengths of comment blocks. Defensive strategy + * against the exploit: + * Microsoft Security Bulletin MS04-028 + * Buffer Overrun in JPEG Processing (GDI+) Could + * Allow Code Execution (833987) + * Enabled with +inspect-jpegs in actions files. + * + * Revision 1.58.2.6 2003/12/06 22:18:27 gliptak + * Correcting compile problem with FEATURE_IMAGE_BLOCKING + * + * Revision 1.58.2.5 2003/11/11 13:10:31 oes + * Fixed bug #839859: "See why" link URL now gets url-encoded. + * + * Revision 1.58.2.4 2003/02/28 12:52:45 oes + * Fixed a typo + * + * Revision 1.58.2.3 2002/09/25 14:51:51 oes + * Added basic support for OPTIONS and TRACE HTTP methods: + * New function direct_response which handles OPTIONS and + * TRACE requests whose Max-Forwards header field is zero. + * + * Revision 1.58.2.2 2002/08/01 17:18:28 oes + * Fixed BR 537651 / SR 579724 (MSIE image detect improper for IE/Mac) + * + * Revision 1.58.2.1 2002/07/26 15:18:53 oes + * - Bugfix: Executing a filters without jobs no longer results in + * turing off *all* filters. + * - Security fix: Malicious web servers can't cause a seg fault + * through bogus chunk sizes anymore + * + * Revision 1.58 2002/04/24 02:11:17 oes + * Jon's multiple AF patch: url_actions now evaluates rules + * from all AFs. + * + * Revision 1.57 2002/04/08 20:38:34 swa + * fixed JB spelling + * + * Revision 1.56 2002/04/05 15:51:24 oes + * - bugfix: error-pages now get correct request protocol + * - fix for invalid HTML in trust info + * + * Revision 1.55 2002/04/02 16:13:51 oes + * Fix: No "Go there anyway" for SSL + * + * Revision 1.54 2002/04/02 14:55:56 oes + * Bugfix: is_untrusted_url() now depends on FEATURE_TRUST, not FEATURE_COOKIE_JAR + * + * Revision 1.53 2002/03/26 22:29:54 swa + * we have a new homepage! + * + * Revision 1.52 2002/03/24 16:35:57 jongfoster + * Removing logo + * + * Revision 1.51 2002/03/24 15:23:33 jongfoster + * Name changes + * + * Revision 1.50 2002/03/24 13:25:43 swa + * name change related issues + * + * Revision 1.49 2002/03/16 20:29:14 oes + * Cosmetics + * + * Revision 1.48 2002/03/13 20:25:34 oes + * Better logging for content filters + * + * Revision 1.47 2002/03/13 00:30:52 jongfoster + * Killing warnings + * Added option of always sending redirect for imageblock, + * currently disabled with #if 0. + * + * Revision 1.46 2002/03/12 01:42:49 oes + * Introduced modular filters + * + * Revision 1.45 2002/03/08 16:47:50 oes + * Added choice beween GIF and PNG built-in images + * + * Revision 1.44 2002/03/07 03:49:31 oes + * - Fixed compiler warnings etc + * - Changed built-in images from GIF to PNG + * (with regard to Unisys patent issue) + * - Added a 4x4 pattern PNG which is less intrusive + * than the logo but also clearly marks the deleted banners + * + * Revision 1.43 2002/01/22 23:51:59 jongfoster + * Replacing strsav() with the safer string_append(). + * + * Adding missing html_encode() to error message generators. Where encoded + * and unencoded versions of a string were provided, removing the unencoded + * one. + * + * Revision 1.42 2002/01/17 21:00:32 jongfoster + * Moving all our URL and URL pattern parsing code to urlmatch.c. + * + * Using a single, simple url_match(pattern,url) function - rather than + * the 3-line match routine which was repeated all over the place. + * + * Renaming free_url to free_url_spec, since it frees a struct url_spec. + * + * Using parse_http_url() to parse URLs without faking a HTTP + * request line for parse_http_request(). + * * Revision 1.41 2001/11/13 00:14:07 jongfoster * Fixing stupid bug now I've figured out what || means. * (It always returns 0 or 1, not one of it's paramaters.) @@ -306,7 +431,7 @@ const char filters_rcs[] = "$Id: filters.c,v 1.41 2001/11/13 00:14:07 jongfoster * a lot! ;-) * * Revision 1.3 2001/05/20 16:44:47 jongfoster - * Removing last hardcoded JunkBusters.com URLs. + * Removing last hardcoded Junkbusters.com URLs. * * Revision 1.2 2001/05/20 01:21:20 jongfoster * Version 2.9.4 checkin. @@ -445,7 +570,7 @@ int block_acl(struct access_control_addr *dst, struct client_state *csp) * * Function : acl_addr * - * Description : Called from `load_aclfile' to parse an ACL address. + * Description : Called from `load_config' to parse an ACL address. * * Parameters : * 1 : aspec = String specifying ACL address. @@ -462,7 +587,7 @@ int acl_addr(char *aspec, struct access_control_addr *aca) masklength = 32; port = 0; - if ((p = strchr(aspec, '/'))) + if ((p = strchr(aspec, '/')) != NULL) { *p++ = '\0'; @@ -478,7 +603,7 @@ int acl_addr(char *aspec, struct access_control_addr *aca) return(-1); } - if ((p = strchr(aspec, ':'))) + if ((p = strchr(aspec, ':')) != NULL) { *p++ = '\0'; @@ -493,9 +618,8 @@ int acl_addr(char *aspec, struct access_control_addr *aca) aca->addr = ntohl(resolve_hostname_to_ip(aspec)); - if (aca->addr == -1) + if (aca->addr == INADDR_NONE) { - log_error(LOG_LEVEL_ERROR, "can't resolve address for %s", aspec); return(-1); } @@ -611,10 +735,8 @@ int match_portlist(const char *portlist, int port) *********************************************************************/ struct http_response *block_url(struct client_state *csp) { -#ifdef FEATURE_IMAGE_BLOCKING - char *p; -#endif /* def FEATURE_IMAGE_BLOCKING */ struct http_response *rsp; + const char *new_content_type = NULL; /* * If it's not blocked, don't block it ;-) @@ -623,7 +745,10 @@ struct http_response *block_url(struct client_state *csp) { return NULL; } - + if (csp->action->flags & ACTION_REDIRECT) + { + log_error(LOG_LEVEL_ERROR, "redirect{} overruled by block."); + } /* * Else, prepare a response */ @@ -640,21 +765,34 @@ struct http_response *block_url(struct client_state *csp) if (((csp->action->flags & ACTION_IMAGE_BLOCKER) != 0) && is_imageurl(csp)) { + char *p; /* determine HOW images should be blocked */ p = csp->action->string[ACTION_STRING_IMAGE_BLOCKER]; + if(csp->action->flags & ACTION_HANDLE_AS_EMPTY_DOCUMENT) + { + log_error(LOG_LEVEL_ERROR, "handle-as-empty-document overruled by handle-as-image."); + } +#if 1 /* Two alternative strategies, use this one for now: */ + /* and handle accordingly: */ - if ((p == NULL) || (0 == strcmpic(p, "logo"))) + if ((p == NULL) || (0 == strcmpic(p, "pattern"))) { - rsp->body = bindup(image_junkbuster_gif_data, image_junkbuster_gif_length); + rsp->status = strdup("403 Request blocked by Privoxy"); + if (rsp->status == NULL) + { + free_http_response(rsp); + return cgi_error_memory(); + } + rsp->body = bindup(image_pattern_data, image_pattern_length); if (rsp->body == NULL) { free_http_response(rsp); return cgi_error_memory(); } - rsp->content_length = image_junkbuster_gif_length; + rsp->content_length = image_pattern_length; - if (enlist_unique_header(rsp->headers, "Content-Type", "image/gif")) + if (enlist_unique_header(rsp->headers, "Content-Type", BUILTIN_IMAGE_MIMETYPE)) { free_http_response(rsp); return cgi_error_memory(); @@ -663,15 +801,21 @@ struct http_response *block_url(struct client_state *csp) else if (0 == strcmpic(p, "blank")) { - rsp->body = bindup(image_blank_gif_data, image_blank_gif_length); + rsp->status = strdup("403 Request blocked by Privoxy"); + if (rsp->status == NULL) + { + free_http_response(rsp); + return cgi_error_memory(); + } + rsp->body = bindup(image_blank_data, image_blank_length); if (rsp->body == NULL) { free_http_response(rsp); return cgi_error_memory(); } - rsp->content_length = image_blank_gif_length; + rsp->content_length = image_blank_length; - if (enlist_unique_header(rsp->headers, "Content-Type", "image/gif")) + if (enlist_unique_header(rsp->headers, "Content-Type", BUILTIN_IMAGE_MIMETYPE)) { free_http_response(rsp); return cgi_error_memory(); @@ -680,7 +824,7 @@ struct http_response *block_url(struct client_state *csp) else { - rsp->status = strdup("302 Local Redirect from Junkbuster"); + rsp->status = strdup("302 Local Redirect from Privoxy"); if (rsp->status == NULL) { free_http_response(rsp); @@ -693,6 +837,59 @@ struct http_response *block_url(struct client_state *csp) return cgi_error_memory(); } } + +#else /* Following code is disabled for now */ + + /* and handle accordingly: */ + if ((p == NULL) || (0 == strcmpic(p, "pattern"))) + { + p = CGI_PREFIX "send-banner?type=pattern"; + } + else if (0 == strcmpic(p, "blank")) + { + p = CGI_PREFIX "send-banner?type=blank"; + } + rsp->status = strdup("302 Local Redirect from Privoxy"); + if (rsp->status == NULL) + { + free_http_response(rsp); + return cgi_error_memory(); + } + + if (enlist_unique_header(rsp->headers, "Location", p)) + { + free_http_response(rsp); + return cgi_error_memory(); + } +#endif /* Preceeding code is disabled for now */ + } + else if(csp->action->flags & ACTION_HANDLE_AS_EMPTY_DOCUMENT) + { + /* + * Send empty document. + */ + new_content_type = csp->action->string[ACTION_STRING_CONTENT_TYPE]; + + freez(rsp->body); + rsp->body = strdup(" "); + rsp->content_length = 1; + + rsp->status = strdup("403 Request blocked by Privoxy"); + if (rsp->status == NULL) + { + free_http_response(rsp); + return cgi_error_memory(); + } + if (new_content_type != 0) + { + log_error(LOG_LEVEL_HEADER, "Overwriting Content-Type with %s", new_content_type); + if (enlist_unique_header(rsp->headers, "Content-Type", new_content_type)) + { + free_http_response(rsp); + return cgi_error_memory(); + } + } + } else #endif /* def FEATURE_IMAGE_BLOCKING */ @@ -703,6 +900,7 @@ struct http_response *block_url(struct client_state *csp) { jb_err err; struct map * exports; + char *p; /* * Workaround for stupid Netscape bug which prevents @@ -738,12 +936,16 @@ struct http_response *block_url(struct client_state *csp) #ifdef FEATURE_FORCE_LOAD err = map(exports, "force-prefix", 1, FORCE_PREFIX, 1); -#else /* ifndef FEATURE_FORCE_LOAD */ - err = map_block_killer(exports, "force-support"); + if (csp->http->ssl != 0) #endif /* ndef FEATURE_FORCE_LOAD */ + { + err = map_block_killer(exports, "force-support"); + } + if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1); if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0); if (!err) err = map(exports, "path", 1, html_encode(csp->http->path), 0); + if (!err) err = map(exports, "path-ue", 1, url_encode(csp->http->path), 0); if (err) { @@ -771,7 +973,7 @@ struct http_response *block_url(struct client_state *csp) * Function : trust_url FIXME: I should be called distrust_url * * Description : Calls is_untrusted_url to determine if the URL is trusted - * and if not, returns a HTTP 304 response with a reject message. + * and if not, returns a HTTP 403 response with a reject message. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -805,30 +1007,28 @@ struct http_response *trust_url(struct client_state *csp) return cgi_error_memory(); } + rsp->status = strdup("403 Request blocked by Privoxy"); exports = default_exports(csp, NULL); - if (exports == NULL) + if (exports == NULL || rsp->status == NULL) { free_http_response(rsp); return cgi_error_memory(); } /* - * Export the host, port, and referrer information + * Export the protocol, host, port, and referrer information */ err = map(exports, "hostport", 1, csp->http->hostport, 1); + if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1); if (!err) err = map(exports, "path", 1, csp->http->path, 1); - if (!err) err = map(exports, "hostport-html", 1, html_encode(csp->http->hostport), 0); - if (!err) err = map(exports, "path-html", 1, html_encode(csp->http->path), 0); if (NULL != (p = get_header_value(csp->headers, "Referer:"))) { - if (!err) err = map(exports, "referrer", 1, p, 1); - if (!err) err = map(exports, "referrer-html", 1, html_encode(p), 0); + if (!err) err = map(exports, "referrer", 1, html_encode(p), 0); } else { - if (!err) err = map(exports, "referrer", 1, "unknown", 1); - if (!err) err = map(exports, "referrer-html", 1, "unknown", 1); + if (!err) err = map(exports, "referrer", 1, "none set", 1); } if (err) @@ -842,7 +1042,7 @@ struct http_response *trust_url(struct client_state *csp) * Export the trust list */ p = strdup(""); - for (tl = csp->config->trust_list; (t = *tl) ; tl++) + for (tl = csp->config->trust_list; (t = *tl) != NULL ; tl++) { sprintf(buf, "