-const char filters_rcs[] = "$Id: filters.c,v 1.200 2016/02/26 12:29:38 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/filters.c,v $
* Purpose : Declares functions to parse/crunch headers and pages.
*
* Copyright : Written by and Copyright (C) 2001-2016 the
- * Privoxy team. http://www.privoxy.org/
+ * Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
* by and Copyright (C) 1997 Anonymous Coders and
#include "win32.h"
#endif
-const char filters_h_rcs[] = FILTERS_H_VERSION;
-
typedef char *(*filter_function_ptr)();
static filter_function_ptr get_filter_function(const struct client_state *csp);
-static jb_err remove_chunked_transfer_coding(char *buffer, size_t *size);
static jb_err prepare_for_filtering(struct client_state *csp);
static void apply_url_actions(struct current_action_spec *action,
struct http_request *http,
* 3 : len = length of IP address in octets
* 4 : port = port number in network order;
*
- * Returns : 0 = no errror; -1 otherwise.
+ * Returns : void
*
*********************************************************************/
-static int sockaddr_storage_to_ip(const struct sockaddr_storage *addr,
- uint8_t **ip, unsigned int *len,
- in_port_t **port)
+static void sockaddr_storage_to_ip(const struct sockaddr_storage *addr,
+ uint8_t **ip, unsigned int *len,
+ in_port_t **port)
{
- if (NULL == addr)
- {
- return(-1);
- }
+ assert(NULL != addr);
+ assert(addr->ss_family == AF_INET || addr->ss_family == AF_INET6);
switch (addr->ss_family)
{
}
break;
- default:
- /* Unsupported address family */
- return(-1);
}
-
- return(0);
}
return 0;
}
- /* TODO: Optimize by checking by words insted of octets */
+ /* TODO: Optimize by checking by words instead of octets */
for (i = 0; (i < addr_len) && netmask_addr[i]; i++)
{
if ((network_addr[i] & netmask_addr[i]) !=
}
aca->mask.ss_family = aca->addr.ss_family;
- if (sockaddr_storage_to_ip(&aca->mask, &mask_data, &addr_len, &mask_port))
- {
- return(-1);
- }
+ sockaddr_storage_to_ip(&aca->mask, &mask_data, &addr_len, &mask_port);
if (p)
{
*
* Description : Check to see if CONNECT requests to the destination
* port of this request are forbidden. The check is
- * independend of the actual request method.
+ * independent of the actual request method.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
{"path", csp->http->path, 1},
{"host", csp->http->host, 1},
{"origin", csp->ip_addr_str, 1},
+ {"listen-address", csp->listen_addr_str, 1},
{NULL, NULL, 1}
};
}
if (0 == strcmpic(redirect_mode, "check-decoded-url") && strchr(subject, '%'))
- {
+ {
char *url_segment = NULL;
char **url_segments;
size_t max_segments;
*
* Function : is_imageurl
*
- * Description : Given a URL, decide whether it is an image or not,
- * using either the info from a previous +image action
- * or, #ifdef FEATURE_IMAGE_DETECT_MSIE, and the browser
- * is MSIE and not on a Mac, tell from the browser's accept
- * header.
+ * Description : Given a URL, decide whether it should be treated
+ * as image URL or not.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
*
- * Returns : True (nonzero) if URL is an image, false (0)
+ * Returns : True (nonzero) if URL is an image URL, false (0)
* otherwise
*
*********************************************************************/
int is_imageurl(const struct client_state *csp)
{
-#ifdef FEATURE_IMAGE_DETECT_MSIE
- char *tmp;
-
- tmp = get_header_value(csp->headers, "User-Agent:");
- if (tmp && strstr(tmp, "MSIE") && !strstr(tmp, "Mac_"))
- {
- tmp = get_header_value(csp->headers, "Accept:");
- if (tmp && strstr(tmp, "image/gif"))
- {
- /* Client will accept HTML. If this seems counterintuitive,
- * blame Microsoft.
- */
- return(0);
- }
- else
- {
- return(1);
- }
- }
-#endif /* def FEATURE_IMAGE_DETECT_MSIE */
-
return ((csp->action->flags & ACTION_IMAGE) != 0);
}
{ "PRIVOXY_PATH", csp->http->path },
{ "PRIVOXY_HOST", csp->http->host },
{ "PRIVOXY_ORIGIN", csp->ip_addr_str },
+ { "PRIVOXY_LISTEN_ADDRESS", csp->listen_addr_str },
};
for (i = 0; i < SZ(env); i++)
* or NULL in case something went wrong.
*
*********************************************************************/
+#ifdef FUZZ
+char *gif_deanimate_response(struct client_state *csp)
+#else
static char *gif_deanimate_response(struct client_state *csp)
+#endif
{
struct binbuffer *in, *out;
char *p;
* JB_ERR_PARSE otherwise
*
*********************************************************************/
+#ifdef FUZZ
+extern jb_err remove_chunked_transfer_coding(char *buffer, size_t *size)
+#else
static jb_err remove_chunked_transfer_coding(char *buffer, size_t *size)
+#endif
{
size_t newsize = 0;
unsigned int chunksize = 0;
char *from_p, *to_p;
const char *end_of_buffer = buffer + *size;
+ if (*size == 0)
+ {
+ log_error(LOG_LEVEL_FATAL, "Invalid chunked input. Buffer is empty.");
+ return JB_ERR_PARSE;
+ }
+
assert(buffer);
from_p = to_p = buffer;
struct url_actions *b;
int i;
- init_current_action(csp->action);
+#ifdef FEATURE_HTTPS_INSPECTION
+ if (!csp->http->client_ssl)
+#endif
+ {
+ /*
+ * When filtering TLS traffic this function gets called a
+ * second time after the encrypted headers have been received.
+ *
+ * Only initialize the first time. The second time we apply
+ * the newly set actions on top of the ones that were set
+ * the first time.
+ */
+ init_current_action(csp->action);
+ }
for (i = 0; i < MAX_AF_FILES; i++)
{
if (NULL != socks_proxy)
{
- /* Parse the SOCKS proxy host[:port] */
+ /* Parse the SOCKS proxy [user:pass@]host[:port] */
fwd->gateway_port = 1080;
parse_forwarder_address(socks_proxy,
- &fwd->gateway_host, &fwd->gateway_port);
+ &fwd->gateway_host, &fwd->gateway_port,
+ &fwd->auth_username, &fwd->auth_password);
http_parent = vec[2];
}
{
fwd->forward_port = 8000;
parse_forwarder_address(http_parent,
- &fwd->forward_host, &fwd->forward_port);
+ &fwd->forward_host, &fwd->forward_port,
+ NULL, NULL);
}
assert (NULL != fwd);