-const char jcc_rcs[] = "$Id: jcc.c,v 1.167 2008/02/23 16:57:12 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.173 2008/05/06 15:09:00 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
* Purpose : Main file. Contains main() method, main loop, and
* the main connection-handling function.
*
- * Copyright : Written by and Copyright (C) 2001-2007 the SourceForge
+ * Copyright : Written by and Copyright (C) 2001-2008 the SourceForge
* Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.173 2008/05/06 15:09:00 fabiankeil
+ * Least-effort fix for bug #1821930 (reported by Lee):
+ * If the response doesn't look like HTTP,
+ * tell the client and log the problem.
+ *
+ * Revision 1.172 2008/04/16 16:38:21 fabiankeil
+ * Don't pass the whole csp structure to flush_socket()
+ * when it only needs a file descriptor and a buffer.
+ *
+ * Revision 1.171 2008/03/27 18:27:25 fabiankeil
+ * Remove kill-popups action.
+ *
+ * Revision 1.170 2008/03/06 16:33:46 fabiankeil
+ * If limit-connect isn't used, don't limit CONNECT requests to port 443.
+ *
+ * Revision 1.169 2008/03/04 18:30:39 fabiankeil
+ * Remove the treat-forbidden-connects-like-blocks action. We now
+ * use the "blocked" page for forbidden CONNECT requests by default.
+ *
+ * Revision 1.168 2008/03/02 12:25:25 fabiankeil
+ * Also use shiny new connect_port_is_forbidden() in jcc.c.
+ *
* Revision 1.167 2008/02/23 16:57:12 fabiankeil
* Rename url_actions() to get_url_actions() and let it
* use the standard parameter ordering.
#include "filters.h"
#include "loaders.h"
#include "parsers.h"
-#include "killpopup.h"
#include "miscutil.h"
#include "errlog.h"
#include "jbsockets.h"
"Connection: close\r\n\r\n"
"Invalid header received from client.\r\n";
-static const char CFORBIDDEN[] =
- "HTTP/1.0 403 Connection not allowable\r\n"
- "Proxy-Agent: Privoxy " VERSION "\r\n"
- "X-Hint: If you read this message interactively, then you know why this happens ,-)\r\n"
- "Connection: close\r\n\r\n";
-
static const char FTP_RESPONSE[] =
"HTTP/1.0 400 Invalid request received from client\r\n"
"Content-Type: text/plain\r\n"
"Empty server or forwarder response.\r\n"
"The connection has been closed but Privoxy didn't receive any data.\r\n";
+/* XXX: should be a template */
+static const char INVALID_SERVER_HEADERS_RESPONSE[] =
+ "HTTP/1.0 502 Server or forwarder response invalid\r\n"
+ "Proxy-Agent: Privoxy " VERSION "\r\n"
+ "Content-Type: text/plain\r\n"
+ "Connection: close\r\n\r\n"
+ "Bad response. The server or forwarder response doesn't look like HTTP.\r\n";
+
#if 0
/* XXX: should be a template */
static const char NULL_BYTE_RESPONSE[] =
*********************************************************************/
static int client_protocol_is_unsupported(const struct client_state *csp, char *req)
{
- char buf[BUFFER_SIZE];
-
/*
* If it's a FTP or gopher request, we don't support it.
*
*/
if (!strncmpic(req, "GET ftp://", 10) || !strncmpic(req, "GET gopher://", 13))
{
+ const char *response = NULL;
+ const char *protocol = NULL;
+
if (!strncmpic(req, "GET ftp://", 10))
{
- strlcpy(buf, FTP_RESPONSE, sizeof(buf));
- log_error(LOG_LEVEL_ERROR, "%s tried to use Privoxy as FTP proxy: %s",
- csp->ip_addr_str, req);
+ response = FTP_RESPONSE;
+ protocol = "FTP";
}
else
{
- strlcpy(buf, GOPHER_RESPONSE, sizeof(buf));
- log_error(LOG_LEVEL_ERROR, "%s tried to use Privoxy as gopher proxy: %s",
- csp->ip_addr_str, req);
+ response = GOPHER_RESPONSE;
+ protocol = "GOPHER";
}
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 400 0", csp->ip_addr_str, req);
+ log_error(LOG_LEVEL_ERROR,
+ "%s tried to use Privoxy as %s proxy: %s",
+ csp->ip_addr_str, protocol, req);
+ log_error(LOG_LEVEL_CLF,
+ "%s - - [%T] \"%s\" 400 0", csp->ip_addr_str, req);
freez(req);
- write_socket(csp->cfd, buf, strlen(buf));
+ write_socket(csp->cfd, response, strlen(response));
return TRUE;
}
struct http_request *http;
int len; /* for buffer sizes (and negative error codes) */
jb_err err;
-#ifdef FEATURE_KILL_POPUPS
- int block_popups_now = 0; /* bool, 1==currently blocking popups */
-#endif /* def FEATURE_KILL_POPUPS */
/* Function that does the content filtering for the current request */
filter_function_ptr content_filter = NULL;
*
*/
- if (http->ssl)
+ if (http->ssl && connect_port_is_forbidden(csp))
{
- if (connect_port_is_forbidden(csp))
- {
- const char *acceptable_connect_ports =
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] ?
- csp->action->string[ACTION_STRING_LIMIT_CONNECT] :
- "443 (implied default)";
- if (csp->action->flags & ACTION_TREAT_FORBIDDEN_CONNECTS_LIKE_BLOCKS)
- {
- /*
- * The response may confuse some clients,
- * but makes unblocking easier.
- *
- * XXX: It seems to work with all major browsers,
- * so we should consider returning a body by default someday ...
- */
- log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
- "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
- csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
- csp->action->flags |= ACTION_BLOCK;
- http->ssl = 0;
- }
- else
- {
- write_socket(csp->cfd, CFORBIDDEN, strlen(CFORBIDDEN));
- log_error(LOG_LEVEL_INFO, "Request from %s denied. "
- "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
- csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
- assert(NULL != csp->http->ocmd);
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 403 0", csp->ip_addr_str, csp->http->ocmd);
-
- list_remove_all(csp->headers);
- /*
- * XXX: For consistency we might want to log a crunch message here.
- */
- return;
- }
- }
+ const char *acceptable_connect_ports =
+ csp->action->string[ACTION_STRING_LIMIT_CONNECT];
+ assert(NULL != acceptable_connect_ports);
+ log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
+ "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+ csp->ip_addr_str, acceptable_connect_ports, csp->http->port);
+ csp->action->flags |= ACTION_BLOCK;
+ http->ssl = 0;
}
if (http->ssl == 0)
*/
if (write_socket(csp->sfd, hdr, strlen(hdr))
- || (flush_socket(csp->sfd, csp) < 0))
+ || (flush_socket(csp->sfd, csp->iob) < 0))
{
log_error(LOG_LEVEL_CONNECT, "write header to: %s failed: %E",
http->hostport);
*/
buf[len] = '\0';
-#ifdef FEATURE_KILL_POPUPS
- /* Filter the popups on this read. */
- if (block_popups_now)
- {
- filter_popups(buf, csp);
- }
-#endif /* def FEATURE_KILL_POPUPS */
-
/* Normally, this would indicate that we've read
* as much as the server has sent us and we can
* close the client connection. However, Microsoft
hdrlen = strlen(hdr);
if (write_socket(csp->cfd, hdr, hdrlen)
- || ((flushed = flush_socket(csp->cfd, csp)) < 0)
+ || ((flushed = flush_socket(csp->cfd, csp->iob)) < 0)
|| (write_socket(csp->cfd, buf, (size_t)len)))
{
log_error(LOG_LEVEL_CONNECT, "Flush header and buffers to client failed: %E");
return;
}
+ assert(csp->headers->first->str);
+ assert(!http->ssl);
+ if (strncmpic(csp->headers->first->str, "HTTP", 4))
+ {
+ /*
+ * It doesn't look like a HTTP response:
+ * tell the client and log the problem.
+ */
+ if (strlen(csp->headers->first->str) > 30)
+ {
+ csp->headers->first->str[30] = '\0';
+ }
+ log_error(LOG_LEVEL_ERROR,
+ "Invalid server or forwarder response. Starts with: %s",
+ csp->headers->first->str);
+ log_error(LOG_LEVEL_CLF,
+ "%s - - [%T] \"%s\" 502 0", csp->ip_addr_str, http->cmd);
+ write_socket(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE,
+ strlen(INVALID_SERVER_HEADERS_RESPONSE));
+ free_http_request(http);
+ return;
+ }
+
/* we have now received the entire header.
* filter it and send the result to the client
*/
if (!http->ssl) /* We talk plaintext */
{
-
-#ifdef FEATURE_KILL_POPUPS
- /* Start blocking popups if appropriate. */
- if ((csp->content_type & CT_TEXT) && /* It's a text / * MIME-Type */
- (csp->action->flags & ACTION_NO_POPUPS) != 0) /* Policy allows */
- {
- block_popups_now = 1;
- /*
- * Filter the part of the body that came in the same read
- * as the last headers:
- */
- filter_popups(csp->iob->cur, csp);
- }
-#endif /* def FEATURE_KILL_POPUPS */
content_filter = get_filter_function(csp);
}
/*
*/
if (write_socket(csp->cfd, hdr, strlen(hdr))
- || ((len = flush_socket(csp->cfd, csp)) < 0))
+ || ((len = flush_socket(csp->cfd, csp->iob)) < 0))
{
log_error(LOG_LEVEL_CONNECT, "write header to client failed: %E");
projects / privoxy.git / blobdiff