X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=urlmatch.c;h=84eb90a8e7760c0f4509251cd6013c975b0d9322;hb=f1509beb2fa10e04be0cb69cf52c57c699b649b7;hp=1b2aee86f89733797c03cb35383e3daeceee1291;hpb=d0c1f6261a9773bd2271117cdde20d734d320a93;p=privoxy.git diff --git a/urlmatch.c b/urlmatch.c index 1b2aee86..84eb90a8 100644 --- a/urlmatch.c +++ b/urlmatch.c @@ -1,7 +1,7 @@ -const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.9 2002/04/04 00:36:36 gliptak Exp $"; +const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.10.2.7 2003/05/17 15:57:24 oes Exp $"; /********************************************************************* * - * File : $Source: /cvsroot/ijbswa/current/urlmatch.c,v $ + * File : $Source: /cvsroot/ijbswa/current/Attic/urlmatch.c,v $ * * Purpose : Declares functions to match URLs against URL * patterns. @@ -33,6 +33,39 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.9 2002/04/04 00:36:36 gliptak E * * Revisions : * $Log: urlmatch.c,v $ + * Revision 1.10.2.7 2003/05/17 15:57:24 oes + * - parse_http_url now checks memory allocation failure for + * duplication of "*" URL and rejects "*something" URLs + * Closes bug #736344 + * - Added a comment to what might look like a bug in + * create_url_spec (see !bug #736931) + * - Comment cosmetics + * + * Revision 1.10.2.6 2003/05/07 12:39:48 oes + * Fix typo: Default port for https URLs is 443, not 143. + * Thanks to Scott Tregear for spotting this one. + * + * Revision 1.10.2.5 2003/02/28 13:09:29 oes + * Fixed a rare double free condition as per Bug #694713 + * + * Revision 1.10.2.4 2003/02/28 12:57:44 oes + * Moved freeing of http request structure to its owner + * as per Dan Price's observations in Bug #694713 + * + * Revision 1.10.2.3 2002/11/12 16:50:40 oes + * Fixed memory leak in parse_http_request() reported by Oliver Stoeneberg. Fixes bug #637073 + * + * Revision 1.10.2.2 2002/09/25 14:53:15 oes + * Added basic support for OPTIONS and TRACE HTTP methods: + * parse_http_url now recognizes the "*" URI as well as + * the OPTIONS and TRACE method keywords. + * + * Revision 1.10.2.1 2002/06/06 19:06:44 jongfoster + * Adding support for proprietary Microsoft WebDAV extensions + * + * Revision 1.10 2002/05/12 21:40:37 jongfoster + * - Removing some unused code + * * Revision 1.9 2002/04/04 00:36:36 gliptak * always use pcre for matching * @@ -152,8 +185,8 @@ void free_http_request(struct http_request *http) * * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out of memory - * JB_ERR_CGI_PARAMS on malformed command/URL - * or >100 domains deep. + * JB_ERR_PARSE on malformed command/URL + * or >100 domains deep. * *********************************************************************/ jb_err parse_http_url(const char * url, @@ -176,6 +209,24 @@ jb_err parse_http_url(const char * url, } + /* + * Check for * URI. If found, we're done. + */ + if (*http->url == '*') + { + if ( NULL == (http->path = strdup("*")) + || NULL == (http->hostport = strdup("")) ) + { + return JB_ERR_MEMORY; + } + if (http->url[1] != '\0') + { + return JB_ERR_PARSE; + } + return JB_ERR_OK; + } + + /* * Split URL into protocol,hostport,path. */ @@ -232,13 +283,11 @@ jb_err parse_http_url(const char * url, http->hostport = strdup(url_noproto); } - free(buf); + freez(buf); if ( (http->path == NULL) || (http->hostport == NULL)) { - free(buf); - free_http_request(http); return JB_ERR_MEMORY; } } @@ -255,7 +304,6 @@ jb_err parse_http_url(const char * url, buf = strdup(http->hostport); if (buf == NULL) { - free_http_request(http); return JB_ERR_MEMORY; } @@ -284,7 +332,7 @@ jb_err parse_http_url(const char * url, else { /* No port specified. */ - http->port = (http->ssl ? 143 : 80); + http->port = (http->ssl ? 443 : 80); } http->host = strdup(host); @@ -293,15 +341,14 @@ jb_err parse_http_url(const char * url, if (http->host == NULL) { - free_http_request(http); return JB_ERR_MEMORY; } } - /* * Split domain name so we can compare it against wildcards */ + { char *vec[BUFFER_SIZE]; size_t size; @@ -310,7 +357,6 @@ jb_err parse_http_url(const char * url, http->dbuffer = strdup(http->host); if (NULL == http->dbuffer) { - free_http_request(http); return JB_ERR_MEMORY; } @@ -329,7 +375,6 @@ jb_err parse_http_url(const char * url, * Error: More than SZ(vec) components in domain * or: no components in domain */ - free_http_request(http); return JB_ERR_PARSE; } @@ -339,15 +384,14 @@ jb_err parse_http_url(const char * url, http->dvec = (char **)malloc(size); if (NULL == http->dvec) { - free_http_request(http); return JB_ERR_MEMORY; } memcpy(http->dvec, vec, size); } - return JB_ERR_OK; + } @@ -406,6 +450,8 @@ jb_err parse_http_request(const char *req, || (0 == strcmpic(v[0], "post")) || (0 == strcmpic(v[0], "put")) || (0 == strcmpic(v[0], "delete")) + || (0 == strcmpic(v[0], "options")) + || (0 == strcmpic(v[0], "trace")) /* or a webDAV extension (RFC2518) */ || (0 == strcmpic(v[0], "propfind")) @@ -415,6 +461,24 @@ jb_err parse_http_request(const char *req, || (0 == strcmpic(v[0], "mkcol")) || (0 == strcmpic(v[0], "lock")) || (0 == strcmpic(v[0], "unlock")) + + /* Or a Microsoft webDAV extension for Exchange 2000. See: */ + /* http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html */ + /* http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp */ + || (0 == strcmpic(v[0], "bcopy")) + || (0 == strcmpic(v[0], "bmove")) + || (0 == strcmpic(v[0], "bdelete")) + || (0 == strcmpic(v[0], "bpropfind")) + || (0 == strcmpic(v[0], "bproppatch")) + + /* Or another Microsoft webDAV extension for Exchange 2000. See: */ + /* http://systems.cs.colorado.edu/grunwald/MobileComputing/Papers/draft-cohen-gena-p-base-00.txt */ + /* http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html */ + /* http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp */ + || (0 == strcmpic(v[0], "subscribe")) + || (0 == strcmpic(v[0], "unsubscribe")) + || (0 == strcmpic(v[0], "notify")) + || (0 == strcmpic(v[0], "poll")) ) { /* Normal */ @@ -447,11 +511,12 @@ jb_err parse_http_request(const char *req, || (http->ver == NULL) ) { free(buf); - free_http_request(http); return JB_ERR_MEMORY; } + free(buf); return JB_ERR_OK; + } @@ -579,7 +644,7 @@ static int domain_match(const struct url_spec *pattern, const struct http_reques * Function : create_url_spec * * Description : Creates a "url_spec" structure from a string. - * When finished, free with unload_url(). + * When finished, free with free_url_spec(). * * Parameters : * 1 : url = Target url_spec to be filled in. Will be @@ -604,10 +669,14 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) assert(url); assert(buf); - /* Zero memory */ + /* + * Zero memory + */ memset(url, '\0', sizeof(*url)); - /* save a copy of the orignal specification */ + /* + * Save a copy of the orignal specification + */ if ((url->spec = strdup(buf)) == NULL) { return JB_ERR_MEMORY; @@ -681,7 +750,9 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) char *v[150]; size_t size; - /* Parse domain part */ + /* + * Parse domain part + */ if (buf[strlen(buf) - 1] == '.') { url->unanchored |= ANCHOR_RIGHT; @@ -691,8 +762,9 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) url->unanchored |= ANCHOR_LEFT; } - /* split domain into components */ - + /* + * Split domain into components + */ url->dbuffer = strdup(buf); if (NULL == url->dbuffer) { @@ -703,13 +775,17 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) return JB_ERR_MEMORY; } - /* map to lower case */ + /* + * Map to lower case + */ for (p = url->dbuffer; *p ; p++) { *p = tolower((int)(unsigned char)*p); } - /* split the domain name into components */ + /* + * Split the domain name into components + */ url->dcount = ssplit(url->dbuffer, ".", v, SZ(v), 1, 1); if (url->dcount < 0) @@ -725,7 +801,9 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) else if (url->dcount != 0) { - /* save a copy of the pointers in dvec */ + /* + * Save a copy of the pointers in dvec + */ size = url->dcount * sizeof(*url->dvec); url->dvec = (char **)malloc(size); @@ -742,6 +820,11 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) memcpy(url->dvec, v, size); } + /* + * else dcount == 0 in which case we needn't do anything, + * since dvec will never be accessed and the pattern will + * match all domains. + */ } return JB_ERR_OK;