X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=parsers.c;h=cfe9307fd30a43e653c88b51102d925e2618e394;hb=b0504683766bba406e9cbc2edcf3998559141a54;hp=96729a491bb16e5d9039439153b90d03d3c9467d;hpb=909bd0b16ad6ac032e2aad505c4271c4161a6190;p=privoxy.git

diff --git a/parsers.c b/parsers.c
index 96729a49..cfe9307f 100644
--- a/parsers.c
+++ b/parsers.c
@@ -1,4 +1,4 @@
-const char parsers_rcs[] = "$Id: parsers.c,v 1.149 2008/11/21 18:39:53 fabiankeil Exp $";
+const char parsers_rcs[] = "$Id: parsers.c,v 1.153 2009/03/07 13:09:17 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/parsers.c,v $
@@ -17,7 +17,7 @@ const char parsers_rcs[] = "$Id: parsers.c,v 1.149 2008/11/21 18:39:53 fabiankei
  *                   `client_if_none_match', `get_destination_from_headers',
  *                   `parse_header_time', `decompress_iob' and `server_set_cookie'.
  *
- * Copyright   :  Written by and Copyright (C) 2001-2008 the SourceForge
+ * Copyright   :  Written by and Copyright (C) 2001-2009 the
  *                Privoxy team. http://www.privoxy.org/
  *
  *                Based on the Internet Junkbuster originally written
@@ -44,6 +44,23 @@ const char parsers_rcs[] = "$Id: parsers.c,v 1.149 2008/11/21 18:39:53 fabiankei
  *
  * Revisions   :
  *    $Log: parsers.c,v $
+ *    Revision 1.153  2009/03/07 13:09:17  fabiankeil
+ *    Change csp->expected_content and_csp->expected_content_length from
+ *    size_t to unsigned long long to reduce the likelihood of integer
+ *    overflows that would let us close the connection prematurely.
+ *    Bug found while investigating #2669131, reported by cyberpatrol.
+ *
+ *    Revision 1.152  2009/03/01 18:43:48  fabiankeil
+ *    Help clang understand that we aren't dereferencing
+ *    NULL pointers here.
+ *
+ *    Revision 1.151  2009/02/15 14:46:35  fabiankeil
+ *    Don't let hide-referrer{conditional-*}} pass
+ *    Referer headers without http URLs.
+ *
+ *    Revision 1.150  2008/12/04 18:12:19  fabiankeil
+ *    Fix some cparser warnings.
+ *
  *    Revision 1.149  2008/11/21 18:39:53  fabiankeil
  *    In case of CONNECT requests there's no point
  *    in trying to keep the connection alive.
@@ -1072,9 +1089,9 @@ static const add_header_func_ptr add_server_headers[] = {
  *                file, the results are not portable.
  *
  *********************************************************************/
-int flush_socket(jb_socket fd, struct iob *iob)
+long flush_socket(jb_socket fd, struct iob *iob)
 {
-   int len = iob->eod - iob->cur;
+   long len = iob->eod - iob->cur;
 
    if (len <= 0)
    {
@@ -1107,7 +1124,7 @@ int flush_socket(jb_socket fd, struct iob *iob)
  *                or buffer limit reached.
  *
  *********************************************************************/
-jb_err add_to_iob(struct client_state *csp, char *buf, int n)
+jb_err add_to_iob(struct client_state *csp, char *buf, long n)
 {
    struct iob *iob = csp->iob;
    size_t used, offset, need, want;
@@ -1748,6 +1765,7 @@ static char *get_header_line(struct iob *iob)
       /* FIXME No way to handle error properly */
       log_error(LOG_LEVEL_FATAL, "Out of memory in get_header_line()");
    }
+   assert(ret != NULL);
 
    iob->cur = p+1;
 
@@ -2095,6 +2113,7 @@ static jb_err header_tagger(struct client_state *csp, char *header)
                      if (0 > hits)
                      {
                         /* Regex failure, log it but continue anyway. */
+                        assert(NULL != header);
                         log_error(LOG_LEVEL_ERROR,
                            "Problems with tagger \'%s\' and header \'%s\': %s",
                            b->name, *header, pcrs_strerror(hits));
@@ -2817,11 +2836,11 @@ static jb_err server_adjust_content_length(struct client_state *csp, char **head
  *********************************************************************/
 static jb_err server_save_content_length(struct client_state *csp, char **header)
 {
-   unsigned int content_length = 0;
+   unsigned long long content_length = 0;
 
    assert(*(*header+14) == ':');
 
-   if (1 != sscanf(*header+14, ": %u", &content_length))
+   if (1 != sscanf(*header+14, ": %llu", &content_length))
    {
       log_error(LOG_LEVEL_ERROR, "Crunching invalid header: %s", *header);
       freez(*header);
@@ -4644,6 +4663,7 @@ static jb_err handle_conditional_hide_referrer_parameter(char **header,
 {
    char *referer = strdup(*header);
    const size_t hostlenght = strlen(host);
+   const char *referer_url = NULL;
 
    if (NULL == referer)
    {
@@ -4652,7 +4672,7 @@ static jb_err handle_conditional_hide_referrer_parameter(char **header,
    }
 
    /* referer begins with 'Referer: http[s]://' */
-   if (hostlenght < (strlen(referer)-17))
+   if ((hostlenght+17) < strlen(referer))
    {
       /*
        * Shorten referer to make sure the referer is blocked
@@ -4661,9 +4681,10 @@ static jb_err handle_conditional_hide_referrer_parameter(char **header,
        */
       referer[hostlenght+17] = '\0';
    }
-   if (NULL == strstr(referer, host))
+   referer_url = strstr(referer, "http://");
+   if ((NULL == referer_url) || (NULL == strstr(referer_url, host)))
    {
-      /* Host has changed */
+      /* Host has changed, Referer is invalid or a https URL. */
       if (parameter_conditional_block)
       {
          log_error(LOG_LEVEL_HEADER, "New host is: %s. Crunching %s!", host, *header);