X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=filters.c;h=886239a0ee8014d1bf49e2b185934e8deb1b89c0;hb=ad516e4492c7329826c1ff236ce68a2b8609a647;hp=256b0c9dedda4fed5a1ef8a514a51d233d4c773d;hpb=52bd067225c1e12ecf7156e5707161ed7df8e8c4;p=privoxy.git diff --git a/filters.c b/filters.c index 256b0c9d..886239a0 100644 --- a/filters.c +++ b/filters.c @@ -1,4 +1,4 @@ -const char filters_rcs[] = "$Id: filters.c,v 1.45 2002/03/08 16:47:50 oes Exp $"; +const char filters_rcs[] = "$Id: filters.c,v 1.65 2006/09/21 12:54:43 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/filters.c,v $ @@ -9,10 +9,11 @@ const char filters_rcs[] = "$Id: filters.c,v 1.45 2002/03/08 16:47:50 oes Exp $" * `block_url', `url_actions', `domain_split', * `filter_popups', `forward_url', 'redirect_url', * `ij_untrusted_url', `intercept_url', `pcrs_filter_respose', - * 'ijb_send_banner', and `trust_url' + * `ijb_send_banner', `trust_url', `gif_deanimate_response', + * `jpeg_inspect_response' * - * Copyright : Written by and Copyright (C) 2001 the SourceForge - * IJBSWA team. http://ijbswa.sourceforge.net + * Copyright : Written by and Copyright (C) 2001, 2004 the SourceForge + * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -38,6 +39,109 @@ const char filters_rcs[] = "$Id: filters.c,v 1.45 2002/03/08 16:47:50 oes Exp $" * * Revisions : * $Log: filters.c,v $ + * Revision 1.65 2006/09/21 12:54:43 fabiankeil + * Fix +redirect{}. Didn't work with -fast-redirects. + * + * Revision 1.64 2006/08/31 10:55:49 fabiankeil + * Block requests for untrusted URLs with status + * code 403 instead of 200. + * + * Revision 1.63 2006/08/31 10:11:28 fabiankeil + * Don't free p which is still in use and will be later + * freed by free_map(). Don't claim the referrer is unknown + * when the client didn't set one. + * + * Revision 1.62 2006/08/14 00:27:47 david__schmidt + * Feature request 595948: Re-Filter logging in single line + * + * Revision 1.61 2006/08/03 02:46:41 david__schmidt + * Incorporate Fabian Keil's patch work: http://www.fabiankeil.de/sourcecode/privoxy/ + * + * Revision 1.60 2006/07/18 14:48:46 david__schmidt + * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) + * with what was really the latest development (the v_3_0_branch branch) + * + * Revision 1.58.2.9 2006/01/29 23:10:56 david__schmidt + * Multiple filter file support + * + * Revision 1.58.2.8 2005/05/07 21:50:55 david__schmidt + * A few memory leaks plugged (mostly on error paths) + * + * Revision 1.58.2.7 2004/10/03 12:53:32 david__schmidt + * Add the ability to check jpeg images for invalid + * lengths of comment blocks. Defensive strategy + * against the exploit: + * Microsoft Security Bulletin MS04-028 + * Buffer Overrun in JPEG Processing (GDI+) Could + * Allow Code Execution (833987) + * Enabled with +inspect-jpegs in actions files. + * + * Revision 1.58.2.6 2003/12/06 22:18:27 gliptak + * Correcting compile problem with FEATURE_IMAGE_BLOCKING + * + * Revision 1.58.2.5 2003/11/11 13:10:31 oes + * Fixed bug #839859: "See why" link URL now gets url-encoded. + * + * Revision 1.58.2.4 2003/02/28 12:52:45 oes + * Fixed a typo + * + * Revision 1.58.2.3 2002/09/25 14:51:51 oes + * Added basic support for OPTIONS and TRACE HTTP methods: + * New function direct_response which handles OPTIONS and + * TRACE requests whose Max-Forwards header field is zero. + * + * Revision 1.58.2.2 2002/08/01 17:18:28 oes + * Fixed BR 537651 / SR 579724 (MSIE image detect improper for IE/Mac) + * + * Revision 1.58.2.1 2002/07/26 15:18:53 oes + * - Bugfix: Executing a filters without jobs no longer results in + * turing off *all* filters. + * - Security fix: Malicious web servers can't cause a seg fault + * through bogus chunk sizes anymore + * + * Revision 1.58 2002/04/24 02:11:17 oes + * Jon's multiple AF patch: url_actions now evaluates rules + * from all AFs. + * + * Revision 1.57 2002/04/08 20:38:34 swa + * fixed JB spelling + * + * Revision 1.56 2002/04/05 15:51:24 oes + * - bugfix: error-pages now get correct request protocol + * - fix for invalid HTML in trust info + * + * Revision 1.55 2002/04/02 16:13:51 oes + * Fix: No "Go there anyway" for SSL + * + * Revision 1.54 2002/04/02 14:55:56 oes + * Bugfix: is_untrusted_url() now depends on FEATURE_TRUST, not FEATURE_COOKIE_JAR + * + * Revision 1.53 2002/03/26 22:29:54 swa + * we have a new homepage! + * + * Revision 1.52 2002/03/24 16:35:57 jongfoster + * Removing logo + * + * Revision 1.51 2002/03/24 15:23:33 jongfoster + * Name changes + * + * Revision 1.50 2002/03/24 13:25:43 swa + * name change related issues + * + * Revision 1.49 2002/03/16 20:29:14 oes + * Cosmetics + * + * Revision 1.48 2002/03/13 20:25:34 oes + * Better logging for content filters + * + * Revision 1.47 2002/03/13 00:30:52 jongfoster + * Killing warnings + * Added option of always sending redirect for imageblock, + * currently disabled with #if 0. + * + * Revision 1.46 2002/03/12 01:42:49 oes + * Introduced modular filters + * * Revision 1.45 2002/03/08 16:47:50 oes * Added choice beween GIF and PNG built-in images * @@ -334,7 +438,7 @@ const char filters_rcs[] = "$Id: filters.c,v 1.45 2002/03/08 16:47:50 oes Exp $" * a lot! ;-) * * Revision 1.3 2001/05/20 16:44:47 jongfoster - * Removing last hardcoded JunkBusters.com URLs. + * Removing last hardcoded Junkbusters.com URLs. * * Revision 1.2 2001/05/20 01:21:20 jongfoster * Version 2.9.4 checkin. @@ -490,7 +594,7 @@ int acl_addr(char *aspec, struct access_control_addr *aca) masklength = 32; port = 0; - if ((p = strchr(aspec, '/'))) + if ((p = strchr(aspec, '/')) != NULL) { *p++ = '\0'; @@ -506,7 +610,7 @@ int acl_addr(char *aspec, struct access_control_addr *aca) return(-1); } - if ((p = strchr(aspec, ':'))) + if ((p = strchr(aspec, ':')) != NULL) { *p++ = '\0'; @@ -638,10 +742,8 @@ int match_portlist(const char *portlist, int port) *********************************************************************/ struct http_response *block_url(struct client_state *csp) { -#ifdef FEATURE_IMAGE_BLOCKING - char *p; -#endif /* def FEATURE_IMAGE_BLOCKING */ struct http_response *rsp; + const char *new_content_type = NULL; /* * If it's not blocked, don't block it ;-) @@ -650,7 +752,10 @@ struct http_response *block_url(struct client_state *csp) { return NULL; } - + if (csp->action->flags & ACTION_REDIRECT) + { + log_error(LOG_LEVEL_ERROR, "redirect{} overruled by block."); + } /* * Else, prepare a response */ @@ -667,19 +772,32 @@ struct http_response *block_url(struct client_state *csp) if (((csp->action->flags & ACTION_IMAGE_BLOCKER) != 0) && is_imageurl(csp)) { + char *p; /* determine HOW images should be blocked */ p = csp->action->string[ACTION_STRING_IMAGE_BLOCKER]; + if(csp->action->flags & ACTION_HANDLE_AS_EMPTY_DOCUMENT) + { + log_error(LOG_LEVEL_ERROR, "handle-as-empty-document overruled by handle-as-image."); + } +#if 1 /* Two alternative strategies, use this one for now: */ + /* and handle accordingly: */ - if ((p == NULL) || (0 == strcmpic(p, "logo"))) + if ((p == NULL) || (0 == strcmpic(p, "pattern"))) { - rsp->body = bindup(image_logo_data, image_logo_length); + rsp->status = strdup("403 Request blocked by Privoxy"); + if (rsp->status == NULL) + { + free_http_response(rsp); + return cgi_error_memory(); + } + rsp->body = bindup(image_pattern_data, image_pattern_length); if (rsp->body == NULL) { free_http_response(rsp); return cgi_error_memory(); } - rsp->content_length = image_logo_length; + rsp->content_length = image_pattern_length; if (enlist_unique_header(rsp->headers, "Content-Type", BUILTIN_IMAGE_MIMETYPE)) { @@ -690,6 +808,12 @@ struct http_response *block_url(struct client_state *csp) else if (0 == strcmpic(p, "blank")) { + rsp->status = strdup("403 Request blocked by Privoxy"); + if (rsp->status == NULL) + { + free_http_response(rsp); + return cgi_error_memory(); + } rsp->body = bindup(image_blank_data, image_blank_length); if (rsp->body == NULL) { @@ -705,38 +829,74 @@ struct http_response *block_url(struct client_state *csp) } } - else if (0 == strcmpic(p, "pattern")) + else { - rsp->body = bindup(image_pattern_data, image_pattern_length); - if (rsp->body == NULL) + rsp->status = strdup("302 Local Redirect from Privoxy"); + if (rsp->status == NULL) { free_http_response(rsp); return cgi_error_memory(); } - rsp->content_length = image_pattern_length; - if (enlist_unique_header(rsp->headers, "Content-Type", BUILTIN_IMAGE_MIMETYPE)) + if (enlist_unique_header(rsp->headers, "Location", p)) { free_http_response(rsp); return cgi_error_memory(); } } - else +#else /* Following code is disabled for now */ + + /* and handle accordingly: */ + if ((p == NULL) || (0 == strcmpic(p, "pattern"))) { - rsp->status = strdup("302 Local Redirect from Junkbuster"); - if (rsp->status == NULL) - { - free_http_response(rsp); - return cgi_error_memory(); - } + p = CGI_PREFIX "send-banner?type=pattern"; + } + else if (0 == strcmpic(p, "blank")) + { + p = CGI_PREFIX "send-banner?type=blank"; + } + rsp->status = strdup("302 Local Redirect from Privoxy"); + if (rsp->status == NULL) + { + free_http_response(rsp); + return cgi_error_memory(); + } - if (enlist_unique_header(rsp->headers, "Location", p)) + if (enlist_unique_header(rsp->headers, "Location", p)) + { + free_http_response(rsp); + return cgi_error_memory(); + } +#endif /* Preceeding code is disabled for now */ + } + else if(csp->action->flags & ACTION_HANDLE_AS_EMPTY_DOCUMENT) + { + /* + * Send empty document. + */ + new_content_type = csp->action->string[ACTION_STRING_CONTENT_TYPE]; + + freez(rsp->body); + rsp->body = strdup(" "); + rsp->content_length = 1; + + rsp->status = strdup("403 Request blocked by Privoxy"); + if (rsp->status == NULL) + { + free_http_response(rsp); + return cgi_error_memory(); + } + if (new_content_type != 0) + { + log_error(LOG_LEVEL_HEADER, "Overwriting Content-Type with %s", new_content_type); + if (enlist_unique_header(rsp->headers, "Content-Type", new_content_type)) { free_http_response(rsp); return cgi_error_memory(); } } + } else #endif /* def FEATURE_IMAGE_BLOCKING */ @@ -747,6 +907,7 @@ struct http_response *block_url(struct client_state *csp) { jb_err err; struct map * exports; + char *p; /* * Workaround for stupid Netscape bug which prevents @@ -782,12 +943,16 @@ struct http_response *block_url(struct client_state *csp) #ifdef FEATURE_FORCE_LOAD err = map(exports, "force-prefix", 1, FORCE_PREFIX, 1); -#else /* ifndef FEATURE_FORCE_LOAD */ - err = map_block_killer(exports, "force-support"); + if (csp->http->ssl != 0) #endif /* ndef FEATURE_FORCE_LOAD */ + { + err = map_block_killer(exports, "force-support"); + } + if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1); if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0); if (!err) err = map(exports, "path", 1, html_encode(csp->http->path), 0); + if (!err) err = map(exports, "path-ue", 1, url_encode(csp->http->path), 0); if (err) { @@ -815,7 +980,7 @@ struct http_response *block_url(struct client_state *csp) * Function : trust_url FIXME: I should be called distrust_url * * Description : Calls is_untrusted_url to determine if the URL is trusted - * and if not, returns a HTTP 304 response with a reject message. + * and if not, returns a HTTP 403 response with a reject message. * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) @@ -849,17 +1014,19 @@ struct http_response *trust_url(struct client_state *csp) return cgi_error_memory(); } + rsp->status = strdup("403 Request blocked by Privoxy"); exports = default_exports(csp, NULL); - if (exports == NULL) + if (exports == NULL || rsp->status == NULL) { free_http_response(rsp); return cgi_error_memory(); } /* - * Export the host, port, and referrer information + * Export the protocol, host, port, and referrer information */ err = map(exports, "hostport", 1, csp->http->hostport, 1); + if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1); if (!err) err = map(exports, "path", 1, csp->http->path, 1); if (NULL != (p = get_header_value(csp->headers, "Referer:"))) @@ -868,7 +1035,7 @@ struct http_response *trust_url(struct client_state *csp) } else { - if (!err) err = map(exports, "referrer", 1, "unknown", 1); + if (!err) err = map(exports, "referrer", 1, "none set", 1); } if (err) @@ -882,7 +1049,7 @@ struct http_response *trust_url(struct client_state *csp) * Export the trust list */ p = strdup(""); - for (tl = csp->config->trust_list; (t = *tl) ; tl++) + for (tl = csp->config->trust_list; (t = *tl) != NULL ; tl++) { sprintf(buf, "