X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=urlmatch.c;h=ce12ecc81ccc6d217de86f29b1588b455415ccd6;hb=b0504683766bba406e9cbc2edcf3998559141a54;hp=2f7ee451bc44b4161777efc3a8246c69afbbf895;hpb=b0829aefd612a2211ac727294f36efa256a1beb3;p=privoxy.git

diff --git a/urlmatch.c b/urlmatch.c
index 2f7ee451..ce12ecc8 100644
--- a/urlmatch.c
+++ b/urlmatch.c
@@ -1,4 +1,4 @@
-const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.40 2008/04/23 16:12:28 fabiankeil Exp $";
+const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.46 2009/02/11 19:31:32 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/urlmatch.c,v $
@@ -6,8 +6,8 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.40 2008/04/23 16:12:28 fabianke
  * Purpose     :  Declares functions to match URLs against URL
  *                patterns.
  *
- * Copyright   :  Written by and Copyright (C) 2001-2003, 2006-2008 the SourceForge
- *                Privoxy team. http://www.privoxy.org/
+ * Copyright   :  Written by and Copyright (C) 2001-2009
+ *                the Privoxy team. http://www.privoxy.org/
  *
  *                Based on the Internet Junkbuster originally written
  *                by and Copyright (C) 1997 Anonymous Coders and
@@ -33,6 +33,27 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.40 2008/04/23 16:12:28 fabianke
  *
  * Revisions   :
  *    $Log: urlmatch.c,v $
+ *    Revision 1.46  2009/02/11 19:31:32  fabiankeil
+ *    Reject request lines that end with neither HTTP/1.0 nor HTTP/1.1.
+ *
+ *    Revision 1.45  2008/06/21 21:19:18  fabiankeil
+ *    Silence bogus compiler warning.
+ *
+ *    Revision 1.44  2008/05/04 16:18:32  fabiankeil
+ *    Provide parse_http_url() with a third parameter to specify
+ *    whether or not URLs without protocol are acceptable.
+ *
+ *    Revision 1.43  2008/05/04 13:30:55  fabiankeil
+ *    Streamline parse_http_url()'s prototype.
+ *
+ *    Revision 1.42  2008/05/04 13:24:16  fabiankeil
+ *    If the method isn't CONNECT, reject URLs without protocol.
+ *
+ *    Revision 1.41  2008/05/02 09:51:34  fabiankeil
+ *    In parse_http_url(), don't muck around with values
+ *    that are none of its business: require an initialized
+ *    http structure and never unset http->ssl.
+ *
  *    Revision 1.40  2008/04/23 16:12:28  fabiankeil
  *    Free with freez().
  *
@@ -363,7 +384,8 @@ jb_err init_domain_components(struct http_request *http)
  *          1  :  url = URL (or is it URI?) to break down
  *          2  :  http = pointer to the http structure to hold elements.
  *                       Must be initialized with valid values (like NULLs).
- *          3  :  csp = Current client state (buffers, headers, etc...)
+ *          3  :  require_protocol = Whether or not URLs without
+ *                                   protocol are acceptable.
  *
  * Returns     :  JB_ERR_OK on success
  *                JB_ERR_MEMORY on out of memory
@@ -371,9 +393,7 @@ jb_err init_domain_components(struct http_request *http)
  *                             or >100 domains deep.
  *
  *********************************************************************/
-jb_err parse_http_url(const char * url,
-                      struct http_request *http,
-                      const struct client_state *csp)
+jb_err parse_http_url(const char *url, struct http_request *http, int require_protocol)
 {
    int host_available = 1; /* A proxy can dream. */
 
@@ -443,6 +463,11 @@ jb_err parse_http_url(const char * url,
          http->host = NULL;
          host_available = 0;
       }
+      else if (require_protocol)
+      {
+         freez(buf);
+         return JB_ERR_PARSE;
+      }
 
       url_path = strchr(url_noproto, '/');
       if (url_path != NULL)
@@ -608,7 +633,6 @@ static int unknown_method(const char *method)
  * Parameters  :
  *          1  :  req = HTTP request line to break down
  *          2  :  http = pointer to the http structure to hold elements
- *          3  :  csp = Current client state (buffers, headers, etc...)
  *
  * Returns     :  JB_ERR_OK on success
  *                JB_ERR_MEMORY on out of memory
@@ -616,9 +640,7 @@ static int unknown_method(const char *method)
  *                                  or >100 domains deep.
  *
  *********************************************************************/
-jb_err parse_http_request(const char *req,
-                          struct http_request *http,
-                          const struct client_state *csp)
+jb_err parse_http_request(const char *req, struct http_request *http)
 {
    char *buf;
    char *v[10]; /* XXX: Why 10? We should only need three. */
@@ -656,7 +678,17 @@ jb_err parse_http_request(const char *req,
       return JB_ERR_PARSE;
    }
 
-   err = parse_http_url(v[1], http, csp);
+   if (strcmpic(v[2], "HTTP/1.1") && strcmpic(v[2], "HTTP/1.0"))
+   {
+      log_error(LOG_LEVEL_ERROR, "The only supported HTTP "
+         "versions are 1.0 and 1.1. This rules out: %s", v[2]);
+      freez(buf);
+      return JB_ERR_PARSE;
+   }
+
+   http->ssl = !strcmpic(v[0], "CONNECT");
+
+   err = parse_http_url(v[1], http, !http->ssl);
    if (err)
    {
       freez(buf);
@@ -666,7 +698,6 @@ jb_err parse_http_request(const char *req,
    /*
     * Copy the details into the structure
     */
-   http->ssl = !strcmpic(v[0], "CONNECT");
    http->cmd = strdup(req);
    http->gpc = strdup(v[0]);
    http->ver = strdup(v[2]);
@@ -710,7 +741,7 @@ static jb_err compile_pattern(const char *pattern, enum regex_anchoring anchorin
 {
    int errcode;
    char rebuf[BUFFER_SIZE];
-   const char *fmt;
+   const char *fmt = NULL;
 
    assert(pattern);
    assert(strlen(pattern) < sizeof(rebuf) - 2);