-const char jcc_rcs[] = "$Id: jcc.c,v 1.138 2007/06/03 18:45:18 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.141 2007/08/04 09:56:23 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.141 2007/08/04 09:56:23 fabiankeil
+ * - Log rejected CONNECT requests with LOG_LEVEL_INFO
+ * and explain why they were rejected in the first place.
+ * - Fix the LOG_LEVEL_CLF message for crunches of unallowed
+ * CONNECT requests. The request line was missing.
+ * - Add two more XXX reminders as we don't have enough already.
+ *
+ * Revision 1.140 2007/07/21 11:51:36 fabiankeil
+ * As Hal noticed, checking dispatch_cgi() as the last cruncher
+ * looks like a bug if CGI requests are blocked unintentionally,
+ * so don't do it unless the user enabled the new config option
+ * "allow-cgi-request-crunching".
+ *
+ * Revision 1.139 2007/07/14 07:46:41 fabiankeil
+ * - Allow to rewrite the request destination behind the client's back.
+ * - Turn the weird-looking unconditional for loop that
+ * reads the client request into a conditional while loop.
+ * Move the stuff that only runs once out of the loop.
+ * - Move parts of chat(), server_content_type() and the
+ * necessary stuff to fix BR#1750917 into get_filter_function().
+ *
* Revision 1.138 2007/06/03 18:45:18 fabiankeil
* Temporary workaround for BR#1730105.
*
"(copyright_or_otherwise)_applying_to_any_cookie._";
/* HTTP snipplets. */
-const static char CSUCCEED[] =
+static const char CSUCCEED[] =
"HTTP/1.0 200 Connection established\n"
"Proxy-Agent: Privoxy/" VERSION "\r\n\r\n";
-const static char CHEADER[] =
+static const char CHEADER[] =
"HTTP/1.0 400 Invalid header received from browser\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
"Connection: close\r\n\r\n"
"Invalid header received from browser.\r\n";
-const static char CFORBIDDEN[] =
+static const char CFORBIDDEN[] =
"HTTP/1.0 403 Connection not allowable\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"X-Hint: If you read this message interactively, then you know why this happens ,-)\r\n"
"Connection: close\r\n\r\n";
-const static char FTP_RESPONSE[] =
+static const char FTP_RESPONSE[] =
"HTTP/1.0 400 Invalid request received from browser\r\n"
"Content-Type: text/plain\r\n"
"Connection: close\r\n\r\n"
"Invalid request. Privoxy doesn't support FTP.\r\n";
-const static char GOPHER_RESPONSE[] =
+static const char GOPHER_RESPONSE[] =
"HTTP/1.0 400 Invalid request received from browser\r\n"
"Content-Type: text/plain\r\n"
"Connection: close\r\n\r\n"
"Invalid request. Privoxy doesn't support gopher.\r\n";
/* XXX: should be a template */
-const static char MISSING_DESTINATION_RESPONSE[] =
+static const char MISSING_DESTINATION_RESPONSE[] =
"HTTP/1.0 400 Bad request received from browser\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
"Bad request. Privoxy was unable to extract the destination.\r\n";
/* XXX: should be a template */
-const static char NO_SERVER_DATA_RESPONSE[] =
+static const char NO_SERVER_DATA_RESPONSE[] =
"HTTP/1.0 502 Server or forwarder response empty\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
"The connection was closed without sending any data.\r\n";
/* XXX: should be a template */
-const static char NULL_BYTE_RESPONSE[] =
+static const char NULL_BYTE_RESPONSE[] =
"HTTP/1.0 400 Bad request received from browser\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
"Bad request. Null byte(s) before end of request.\r\n";
/* XXX: should be a template */
-const static char MESSED_UP_REQUEST_RESPONSE[] =
+static const char MESSED_UP_REQUEST_RESPONSE[] =
"HTTP/1.0 400 Malformed request after rewriting\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
};
/* Complete list of cruncher functions */
-const static struct cruncher crunchers_all[] = {
+static const struct cruncher crunchers_all[] = {
{ direct_response, CF_COUNT_AS_REJECT|CF_IGNORE_FORCE},
{ block_url, CF_COUNT_AS_REJECT },
#ifdef FEATURE_TRUST
};
/* Light version, used after tags are applied */
-const static struct cruncher crunchers_light[] = {
+static const struct cruncher crunchers_light[] = {
{ block_url, CF_COUNT_AS_REJECT },
{ redirect_url, CF_NO_FLAGS },
{ NULL, 0 }
* FALSE if the request doesn't look invalid.
*
*********************************************************************/
-int client_protocol_is_unsupported(const struct client_state *csp, char *req)
+static int client_protocol_is_unsupported(const struct client_state *csp, char *req)
{
char buf[BUFFER_SIZE];
* JB_ERR_PARSE if it isn't.
*
*********************************************************************/
-jb_err get_request_destination_elsewhere(struct client_state *csp, struct list *headers)
+static jb_err get_request_destination_elsewhere(struct client_state *csp, struct list *headers)
{
char *req;
* JB_ERR_PARSE if the headers were incomplete.
*
*********************************************************************/
-jb_err get_server_headers(struct client_state *csp)
+static jb_err get_server_headers(struct client_state *csp)
{
int continue_hack_in_da_house = 0;
char * header;
* Returns : A string with the crunch reason or an error description.
*
*********************************************************************/
-const char *crunch_reason(const struct http_response *rsp)
+static const char *crunch_reason(const struct http_response *rsp)
{
char * reason = NULL;
* Returns : Nothing.
*
*********************************************************************/
-void send_crunch_response(struct client_state *csp, struct http_response *rsp)
+static void send_crunch_response(struct client_state *csp, struct http_response *rsp)
{
const struct http_request *http = csp->http;
char status_code[4];
* FALSE otherwise.
*
*********************************************************************/
-int request_contains_null_bytes(const struct client_state *csp, char *buf, int len)
+static int request_contains_null_bytes(const struct client_state *csp, char *buf, int len)
{
size_t c_len; /* Request lenght when treated as C string */
* FALSE otherwise.
*
*********************************************************************/
-int crunch_response_triggered(struct client_state *csp, const struct cruncher crunchers[])
+static int crunch_response_triggered(struct client_state *csp, const struct cruncher crunchers[])
{
struct http_response *rsp = NULL;
const struct cruncher *c;
+ /*
+ * If CGI request crunching is disabled,
+ * check the CGI dispatcher out of order to
+ * prevent unintentional blocks or redirects.
+ */
+ if (!(csp->config->feature_flags & RUNTIME_FEATURE_CGI_CRUNCHING)
+ && (NULL != (rsp = dispatch_cgi(csp))))
+ {
+ /* Deliver, log and free the interception response. */
+ send_crunch_response(csp, rsp);
+ return TRUE;
+ }
+
for (c = crunchers; c->cruncher != NULL; c++)
{
/*
* Returns : Nothing. Terminates in case of memory problems.
*
*********************************************************************/
-void build_request_line(struct client_state *csp, const struct forward_spec *fwd, char **request_line)
+static void build_request_line(struct client_state *csp, const struct forward_spec *fwd, char **request_line)
{
struct http_request *http = csp->http;
* Terminates in case of memory problems.
*
*********************************************************************/
-jb_err change_request_destination(struct client_state *csp)
+static jb_err change_request_destination(struct client_state *csp)
{
struct http_request *http = csp->http;
jb_err err;
* NULL if no content filter is active
*
*********************************************************************/
-filter_function_ptr get_filter_function(struct client_state *csp)
+static filter_function_ptr get_filter_function(struct client_state *csp)
{
filter_function_ptr filter_function = NULL;
/*
* The response may confuse some clients,
* but makes unblocking easier.
+ *
+ * XXX: It seems to work with all major browsers,
+ * so we should consider returning a body by default someday ...
*/
- log_error(LOG_LEVEL_ERROR, "Marking suspicious CONNECT request from %s for blocking.",
- csp->ip_addr_str);
+ log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
+ "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+ csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+ csp->http->port);
csp->action->flags |= ACTION_BLOCK;
http->ssl = 0;
}
else
{
write_socket(csp->cfd, CFORBIDDEN, strlen(CFORBIDDEN));
- log_error(LOG_LEVEL_CONNECT, "Denying suspicious CONNECT request from %s", csp->ip_addr_str);
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \" \" 403 0", csp->ip_addr_str);
+ log_error(LOG_LEVEL_INFO, "Request from %s denied. "
+ "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+ csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+ csp->http->port);
+ assert(NULL != csp->http->ocmd);
+ log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 403 0", csp->ip_addr_str, csp->http->ocmd);
list_remove_all(csp->headers);
-
+ /*
+ * XXX: For consistency we might want to log a crunch message here.
+ */
return;
}
}
* Returns : No. ,-)
*
*********************************************************************/
-void usage(const char *myname)
+static void usage(const char *myname)
{
printf("Privoxy version " VERSION " (" HOME_PAGE_URL ")\n"
"Usage: %s "
* Returns : Void, exits in case of errors.
*
*********************************************************************/
-void initialize_mutexes()
+static void initialize_mutexes(void)
{
int err = 0;
projects / privoxy.git / blobdiff