X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=jcc.c;h=53d325e255ee7e7a6316361784bf99055bc8b7af;hb=e6b3ab33f6caca1a1f3554c4118978d6884b1812;hp=cccc49bb17b9e5ca5a47235402051d11a693ef6a;hpb=4a779f536d5ae6e099d42f4b4a405b6df0a0d9c5;p=privoxy.git diff --git a/jcc.c b/jcc.c index cccc49bb..53d325e2 100644 --- a/jcc.c +++ b/jcc.c @@ -1,4 +1,4 @@ -const char jcc_rcs[] = "$Id: jcc.c,v 1.138 2007/06/03 18:45:18 fabiankeil Exp $"; +const char jcc_rcs[] = "$Id: jcc.c,v 1.141 2007/08/04 09:56:23 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/jcc.c,v $ @@ -33,6 +33,27 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.138 2007/06/03 18:45:18 fabiankeil Exp $" * * Revisions : * $Log: jcc.c,v $ + * Revision 1.141 2007/08/04 09:56:23 fabiankeil + * - Log rejected CONNECT requests with LOG_LEVEL_INFO + * and explain why they were rejected in the first place. + * - Fix the LOG_LEVEL_CLF message for crunches of unallowed + * CONNECT requests. The request line was missing. + * - Add two more XXX reminders as we don't have enough already. + * + * Revision 1.140 2007/07/21 11:51:36 fabiankeil + * As Hal noticed, checking dispatch_cgi() as the last cruncher + * looks like a bug if CGI requests are blocked unintentionally, + * so don't do it unless the user enabled the new config option + * "allow-cgi-request-crunching". + * + * Revision 1.139 2007/07/14 07:46:41 fabiankeil + * - Allow to rewrite the request destination behind the client's back. + * - Turn the weird-looking unconditional for loop that + * reads the client request into a conditional while loop. + * Move the stuff that only runs once out of the loop. + * - Move parts of chat(), server_content_type() and the + * necessary stuff to fix BR#1750917 into get_filter_function(). + * * Revision 1.138 2007/06/03 18:45:18 fabiankeil * Temporary workaround for BR#1730105. * @@ -995,37 +1016,37 @@ static const char VANILLA_WAFER[] = "(copyright_or_otherwise)_applying_to_any_cookie._"; /* HTTP snipplets. */ -const static char CSUCCEED[] = +static const char CSUCCEED[] = "HTTP/1.0 200 Connection established\n" "Proxy-Agent: Privoxy/" VERSION "\r\n\r\n"; -const static char CHEADER[] = +static const char CHEADER[] = "HTTP/1.0 400 Invalid header received from browser\r\n" "Proxy-Agent: Privoxy " VERSION "\r\n" "Content-Type: text/plain\r\n" "Connection: close\r\n\r\n" "Invalid header received from browser.\r\n"; -const static char CFORBIDDEN[] = +static const char CFORBIDDEN[] = "HTTP/1.0 403 Connection not allowable\r\n" "Proxy-Agent: Privoxy " VERSION "\r\n" "X-Hint: If you read this message interactively, then you know why this happens ,-)\r\n" "Connection: close\r\n\r\n"; -const static char FTP_RESPONSE[] = +static const char FTP_RESPONSE[] = "HTTP/1.0 400 Invalid request received from browser\r\n" "Content-Type: text/plain\r\n" "Connection: close\r\n\r\n" "Invalid request. Privoxy doesn't support FTP.\r\n"; -const static char GOPHER_RESPONSE[] = +static const char GOPHER_RESPONSE[] = "HTTP/1.0 400 Invalid request received from browser\r\n" "Content-Type: text/plain\r\n" "Connection: close\r\n\r\n" "Invalid request. Privoxy doesn't support gopher.\r\n"; /* XXX: should be a template */ -const static char MISSING_DESTINATION_RESPONSE[] = +static const char MISSING_DESTINATION_RESPONSE[] = "HTTP/1.0 400 Bad request received from browser\r\n" "Proxy-Agent: Privoxy " VERSION "\r\n" "Content-Type: text/plain\r\n" @@ -1033,7 +1054,7 @@ const static char MISSING_DESTINATION_RESPONSE[] = "Bad request. Privoxy was unable to extract the destination.\r\n"; /* XXX: should be a template */ -const static char NO_SERVER_DATA_RESPONSE[] = +static const char NO_SERVER_DATA_RESPONSE[] = "HTTP/1.0 502 Server or forwarder response empty\r\n" "Proxy-Agent: Privoxy " VERSION "\r\n" "Content-Type: text/plain\r\n" @@ -1042,7 +1063,7 @@ const static char NO_SERVER_DATA_RESPONSE[] = "The connection was closed without sending any data.\r\n"; /* XXX: should be a template */ -const static char NULL_BYTE_RESPONSE[] = +static const char NULL_BYTE_RESPONSE[] = "HTTP/1.0 400 Bad request received from browser\r\n" "Proxy-Agent: Privoxy " VERSION "\r\n" "Content-Type: text/plain\r\n" @@ -1050,7 +1071,7 @@ const static char NULL_BYTE_RESPONSE[] = "Bad request. Null byte(s) before end of request.\r\n"; /* XXX: should be a template */ -const static char MESSED_UP_REQUEST_RESPONSE[] = +static const char MESSED_UP_REQUEST_RESPONSE[] = "HTTP/1.0 400 Malformed request after rewriting\r\n" "Proxy-Agent: Privoxy " VERSION "\r\n" "Content-Type: text/plain\r\n" @@ -1077,7 +1098,7 @@ struct cruncher }; /* Complete list of cruncher functions */ -const static struct cruncher crunchers_all[] = { +static const struct cruncher crunchers_all[] = { { direct_response, CF_COUNT_AS_REJECT|CF_IGNORE_FORCE}, { block_url, CF_COUNT_AS_REJECT }, #ifdef FEATURE_TRUST @@ -1089,7 +1110,7 @@ const static struct cruncher crunchers_all[] = { }; /* Light version, used after tags are applied */ -const static struct cruncher crunchers_light[] = { +static const struct cruncher crunchers_light[] = { { block_url, CF_COUNT_AS_REJECT }, { redirect_url, CF_NO_FLAGS }, { NULL, 0 } @@ -1161,7 +1182,7 @@ static void sig_handler(int the_signal) * FALSE if the request doesn't look invalid. * *********************************************************************/ -int client_protocol_is_unsupported(const struct client_state *csp, char *req) +static int client_protocol_is_unsupported(const struct client_state *csp, char *req) { char buf[BUFFER_SIZE]; @@ -1230,7 +1251,7 @@ int client_protocol_is_unsupported(const struct client_state *csp, char *req) * JB_ERR_PARSE if it isn't. * *********************************************************************/ -jb_err get_request_destination_elsewhere(struct client_state *csp, struct list *headers) +static jb_err get_request_destination_elsewhere(struct client_state *csp, struct list *headers) { char *req; @@ -1297,7 +1318,7 @@ jb_err get_request_destination_elsewhere(struct client_state *csp, struct list * * JB_ERR_PARSE if the headers were incomplete. * *********************************************************************/ -jb_err get_server_headers(struct client_state *csp) +static jb_err get_server_headers(struct client_state *csp) { int continue_hack_in_da_house = 0; char * header; @@ -1383,7 +1404,7 @@ jb_err get_server_headers(struct client_state *csp) * Returns : A string with the crunch reason or an error description. * *********************************************************************/ -const char *crunch_reason(const struct http_response *rsp) +static const char *crunch_reason(const struct http_response *rsp) { char * reason = NULL; @@ -1446,7 +1467,7 @@ const char *crunch_reason(const struct http_response *rsp) * Returns : Nothing. * *********************************************************************/ -void send_crunch_response(struct client_state *csp, struct http_response *rsp) +static void send_crunch_response(struct client_state *csp, struct http_response *rsp) { const struct http_request *http = csp->http; char status_code[4]; @@ -1525,7 +1546,7 @@ void send_crunch_response(struct client_state *csp, struct http_response *rsp) * FALSE otherwise. * *********************************************************************/ -int request_contains_null_bytes(const struct client_state *csp, char *buf, int len) +static int request_contains_null_bytes(const struct client_state *csp, char *buf, int len) { size_t c_len; /* Request lenght when treated as C string */ @@ -1582,11 +1603,24 @@ int request_contains_null_bytes(const struct client_state *csp, char *buf, int l * FALSE otherwise. * *********************************************************************/ -int crunch_response_triggered(struct client_state *csp, const struct cruncher crunchers[]) +static int crunch_response_triggered(struct client_state *csp, const struct cruncher crunchers[]) { struct http_response *rsp = NULL; const struct cruncher *c; + /* + * If CGI request crunching is disabled, + * check the CGI dispatcher out of order to + * prevent unintentional blocks or redirects. + */ + if (!(csp->config->feature_flags & RUNTIME_FEATURE_CGI_CRUNCHING) + && (NULL != (rsp = dispatch_cgi(csp)))) + { + /* Deliver, log and free the interception response. */ + send_crunch_response(csp, rsp); + return TRUE; + } + for (c = crunchers; c->cruncher != NULL; c++) { /* @@ -1637,7 +1671,7 @@ int crunch_response_triggered(struct client_state *csp, const struct cruncher cr * Returns : Nothing. Terminates in case of memory problems. * *********************************************************************/ -void build_request_line(struct client_state *csp, const struct forward_spec *fwd, char **request_line) +static void build_request_line(struct client_state *csp, const struct forward_spec *fwd, char **request_line) { struct http_request *http = csp->http; @@ -1699,7 +1733,7 @@ void build_request_line(struct client_state *csp, const struct forward_spec *fwd * Terminates in case of memory problems. * *********************************************************************/ -jb_err change_request_destination(struct client_state *csp) +static jb_err change_request_destination(struct client_state *csp) { struct http_request *http = csp->http; jb_err err; @@ -1742,7 +1776,7 @@ jb_err change_request_destination(struct client_state *csp) * NULL if no content filter is active * *********************************************************************/ -filter_function_ptr get_filter_function(struct client_state *csp) +static filter_function_ptr get_filter_function(struct client_state *csp) { filter_function_ptr filter_function = NULL; @@ -2140,20 +2174,31 @@ static void chat(struct client_state *csp) /* * The response may confuse some clients, * but makes unblocking easier. + * + * XXX: It seems to work with all major browsers, + * so we should consider returning a body by default someday ... */ - log_error(LOG_LEVEL_ERROR, "Marking suspicious CONNECT request from %s for blocking.", - csp->ip_addr_str); + log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. " + "limit-connect{%s} doesn't allow CONNECT requests to port %d.", + csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT], + csp->http->port); csp->action->flags |= ACTION_BLOCK; http->ssl = 0; } else { write_socket(csp->cfd, CFORBIDDEN, strlen(CFORBIDDEN)); - log_error(LOG_LEVEL_CONNECT, "Denying suspicious CONNECT request from %s", csp->ip_addr_str); - log_error(LOG_LEVEL_CLF, "%s - - [%T] \" \" 403 0", csp->ip_addr_str); + log_error(LOG_LEVEL_INFO, "Request from %s denied. " + "limit-connect{%s} doesn't allow CONNECT requests to port %d.", + csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT], + csp->http->port); + assert(NULL != csp->http->ocmd); + log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 403 0", csp->ip_addr_str, csp->http->ocmd); list_remove_all(csp->headers); - + /* + * XXX: For consistency we might want to log a crunch message here. + */ return; } } @@ -2789,7 +2834,7 @@ static int32 server_thread(void *data) * Returns : No. ,-) * *********************************************************************/ -void usage(const char *myname) +static void usage(const char *myname) { printf("Privoxy version " VERSION " (" HOME_PAGE_URL ")\n" "Usage: %s " @@ -2819,7 +2864,7 @@ void usage(const char *myname) * Returns : Void, exits in case of errors. * *********************************************************************/ -void initialize_mutexes() +static void initialize_mutexes(void) { int err = 0;