-const char jcc_rcs[] = "$Id: jcc.c,v 1.139 2007/07/14 07:46:41 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.147 2007/08/25 14:42:40 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/jcc.c,v $
*
* Revisions :
* $Log: jcc.c,v $
+ * Revision 1.147 2007/08/25 14:42:40 fabiankeil
+ * Don't crash if a broken header filter wiped out the request line.
+ *
+ * Revision 1.146 2007/08/20 17:09:32 fabiankeil
+ * Fix byte_count calculation in case of flushes
+ * and don't parse the server headers a second time.
+ *
+ * Revision 1.145 2007/08/19 13:13:31 fabiankeil
+ * - If there's a connection problem after we already forwarded
+ * parts of the original content, just hang up. Fixes BR#1776724.
+ * - Fix warnings about unused code on mingw32.
+ * - In case of flushes, calculate the byte count
+ * less incorrectly (I think).
+ *
+ * Revision 1.144 2007/08/11 14:43:22 fabiankeil
+ * Add some more prototypes for static functions.
+ *
+ * Revision 1.143 2007/08/05 13:58:19 fabiankeil
+ * Comment out request_contains_null_bytes() until it's used again.
+ *
+ * Revision 1.142 2007/08/05 13:50:26 fabiankeil
+ * #1763173 from Stefan Huehner: s@const static@static const@
+ * and declare some more functions static.
+ *
+ * Revision 1.141 2007/08/04 09:56:23 fabiankeil
+ * - Log rejected CONNECT requests with LOG_LEVEL_INFO
+ * and explain why they were rejected in the first place.
+ * - Fix the LOG_LEVEL_CLF message for crunches of unallowed
+ * CONNECT requests. The request line was missing.
+ * - Add two more XXX reminders as we don't have enough already.
+ *
+ * Revision 1.140 2007/07/21 11:51:36 fabiankeil
+ * As Hal noticed, checking dispatch_cgi() as the last cruncher
+ * looks like a bug if CGI requests are blocked unintentionally,
+ * so don't do it unless the user enabled the new config option
+ * "allow-cgi-request-crunching".
+ *
* Revision 1.139 2007/07/14 07:46:41 fabiankeil
* - Allow to rewrite the request destination behind the client's back.
* - Turn the weird-looking unconditional for loop that
int g_terminate = 0;
#endif
-static void listen_loop(void);
+#if !defined(_WIN32) && !defined(__OS2__) && !defined(AMIGA)
+static void sig_handler(int the_signal);
+#endif
+static int client_protocol_is_unsupported(const struct client_state *csp, char *req);
+static jb_err get_request_destination_elsewhere(struct client_state *csp, struct list *headers);
+static jb_err get_server_headers(struct client_state *csp);
+static const char *crunch_reason(const struct http_response *rsp);
+static void send_crunch_response(struct client_state *csp, struct http_response *rsp);
+/*
+ * static int request_contains_null_bytes(const struct client_state *csp, char *buf, int len);
+ */
+static void build_request_line(struct client_state *csp, const struct forward_spec *fwd, char **request_line);
+static jb_err change_request_destination(struct client_state *csp);
static void chat(struct client_state *csp);
+static void serve(struct client_state *csp);
+#if defined(unix)
+static void usage(const char *myname);
+#endif
+static void initialize_mutexes(void);
+static jb_socket bind_port_helper(struct configuration_spec *config);
+static void listen_loop(void);
+
#ifdef AMIGA
void serve(struct client_state *csp);
#else /* ifndef AMIGA */
"(copyright_or_otherwise)_applying_to_any_cookie._";
/* HTTP snipplets. */
-const static char CSUCCEED[] =
+static const char CSUCCEED[] =
"HTTP/1.0 200 Connection established\n"
"Proxy-Agent: Privoxy/" VERSION "\r\n\r\n";
-const static char CHEADER[] =
+static const char CHEADER[] =
"HTTP/1.0 400 Invalid header received from browser\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
"Connection: close\r\n\r\n"
"Invalid header received from browser.\r\n";
-const static char CFORBIDDEN[] =
+static const char CFORBIDDEN[] =
"HTTP/1.0 403 Connection not allowable\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"X-Hint: If you read this message interactively, then you know why this happens ,-)\r\n"
"Connection: close\r\n\r\n";
-const static char FTP_RESPONSE[] =
+static const char FTP_RESPONSE[] =
"HTTP/1.0 400 Invalid request received from browser\r\n"
"Content-Type: text/plain\r\n"
"Connection: close\r\n\r\n"
"Invalid request. Privoxy doesn't support FTP.\r\n";
-const static char GOPHER_RESPONSE[] =
+static const char GOPHER_RESPONSE[] =
"HTTP/1.0 400 Invalid request received from browser\r\n"
"Content-Type: text/plain\r\n"
"Connection: close\r\n\r\n"
"Invalid request. Privoxy doesn't support gopher.\r\n";
/* XXX: should be a template */
-const static char MISSING_DESTINATION_RESPONSE[] =
+static const char MISSING_DESTINATION_RESPONSE[] =
"HTTP/1.0 400 Bad request received from browser\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
"Bad request. Privoxy was unable to extract the destination.\r\n";
/* XXX: should be a template */
-const static char NO_SERVER_DATA_RESPONSE[] =
+static const char NO_SERVER_DATA_RESPONSE[] =
"HTTP/1.0 502 Server or forwarder response empty\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
"The connection was closed without sending any data.\r\n";
/* XXX: should be a template */
-const static char NULL_BYTE_RESPONSE[] =
+static const char NULL_BYTE_RESPONSE[] =
"HTTP/1.0 400 Bad request received from browser\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
"Bad request. Null byte(s) before end of request.\r\n";
/* XXX: should be a template */
-const static char MESSED_UP_REQUEST_RESPONSE[] =
+static const char MESSED_UP_REQUEST_RESPONSE[] =
"HTTP/1.0 400 Malformed request after rewriting\r\n"
"Proxy-Agent: Privoxy " VERSION "\r\n"
"Content-Type: text/plain\r\n"
const int flags;
};
+static int crunch_response_triggered(struct client_state *csp, const struct cruncher crunchers[]);
+static filter_function_ptr get_filter_function(struct client_state *csp);
+
/* Complete list of cruncher functions */
-const static struct cruncher crunchers_all[] = {
+static const struct cruncher crunchers_all[] = {
{ direct_response, CF_COUNT_AS_REJECT|CF_IGNORE_FORCE},
{ block_url, CF_COUNT_AS_REJECT },
#ifdef FEATURE_TRUST
};
/* Light version, used after tags are applied */
-const static struct cruncher crunchers_light[] = {
+static const struct cruncher crunchers_light[] = {
{ block_url, CF_COUNT_AS_REJECT },
{ redirect_url, CF_NO_FLAGS },
{ NULL, 0 }
* FALSE if the request doesn't look invalid.
*
*********************************************************************/
-int client_protocol_is_unsupported(const struct client_state *csp, char *req)
+static int client_protocol_is_unsupported(const struct client_state *csp, char *req)
{
char buf[BUFFER_SIZE];
* JB_ERR_PARSE if it isn't.
*
*********************************************************************/
-jb_err get_request_destination_elsewhere(struct client_state *csp, struct list *headers)
+static jb_err get_request_destination_elsewhere(struct client_state *csp, struct list *headers)
{
char *req;
* JB_ERR_PARSE if the headers were incomplete.
*
*********************************************************************/
-jb_err get_server_headers(struct client_state *csp)
+static jb_err get_server_headers(struct client_state *csp)
{
int continue_hack_in_da_house = 0;
char * header;
* Returns : A string with the crunch reason or an error description.
*
*********************************************************************/
-const char *crunch_reason(const struct http_response *rsp)
+static const char *crunch_reason(const struct http_response *rsp)
{
char * reason = NULL;
* Returns : Nothing.
*
*********************************************************************/
-void send_crunch_response(struct client_state *csp, struct http_response *rsp)
+static void send_crunch_response(struct client_state *csp, struct http_response *rsp)
{
const struct http_request *http = csp->http;
char status_code[4];
}
+#if 0
/*********************************************************************
*
* Function : request_contains_null_bytes
* Description : Checks for NULL bytes in the request and sends
* an error message to the client if any were found.
*
+ * XXX: currently not used, see comment in chat().
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : buf = Data from the client's request to check.
* FALSE otherwise.
*
*********************************************************************/
-int request_contains_null_bytes(const struct client_state *csp, char *buf, int len)
+static int request_contains_null_bytes(const struct client_state *csp, char *buf, int len)
{
size_t c_len; /* Request lenght when treated as C string */
return FALSE;
}
+#endif
/*********************************************************************
* FALSE otherwise.
*
*********************************************************************/
-int crunch_response_triggered(struct client_state *csp, const struct cruncher crunchers[])
+static int crunch_response_triggered(struct client_state *csp, const struct cruncher crunchers[])
{
struct http_response *rsp = NULL;
const struct cruncher *c;
* Returns : Nothing. Terminates in case of memory problems.
*
*********************************************************************/
-void build_request_line(struct client_state *csp, const struct forward_spec *fwd, char **request_line)
+static void build_request_line(struct client_state *csp, const struct forward_spec *fwd, char **request_line)
{
struct http_request *http = csp->http;
* Terminates in case of memory problems.
*
*********************************************************************/
-jb_err change_request_destination(struct client_state *csp)
+static jb_err change_request_destination(struct client_state *csp)
{
struct http_request *http = csp->http;
jb_err err;
* NULL if no content filter is active
*
*********************************************************************/
-filter_function_ptr get_filter_function(struct client_state *csp)
+static filter_function_ptr get_filter_function(struct client_state *csp)
{
filter_function_ptr filter_function = NULL;
}
csp->flags |= CSP_FLAG_CLIENT_HEADER_PARSING_DONE;
- if (strcmp(http->cmd, csp->headers->first->str))
+ /* Check request line for rewrites. */
+ if ((NULL == csp->headers->first->str)
+ || (strcmp(http->cmd, csp->headers->first->str) &&
+ (JB_ERR_OK != change_request_destination(csp))))
{
/*
- * A header filter rewrote the request line,
- * modify the http request accordingly.
+ * A header filter broke the request line - bail out.
*/
- if (JB_ERR_OK != change_request_destination(csp))
- {
- write_socket(csp->cfd, MESSED_UP_REQUEST_RESPONSE, strlen(MESSED_UP_REQUEST_RESPONSE));
- /* XXX: Use correct size */
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \"Invalid request generated\" 500 0", csp->ip_addr_str);
- log_error(LOG_LEVEL_ERROR, "Invalid request line after applying header filters.");
+ write_socket(csp->cfd, MESSED_UP_REQUEST_RESPONSE, strlen(MESSED_UP_REQUEST_RESPONSE));
+ /* XXX: Use correct size */
+ log_error(LOG_LEVEL_CLF, "%s - - [%T] \"Invalid request generated\" 500 0", csp->ip_addr_str);
+ log_error(LOG_LEVEL_ERROR, "Invalid request line after applying header filters.");
- free_http_request(http);
- return;
- }
+ free_http_request(http);
+ return;
}
/* decide how to route the HTTP request */
/*
* The response may confuse some clients,
* but makes unblocking easier.
+ *
+ * XXX: It seems to work with all major browsers,
+ * so we should consider returning a body by default someday ...
*/
- log_error(LOG_LEVEL_ERROR, "Marking suspicious CONNECT request from %s for blocking.",
- csp->ip_addr_str);
+ log_error(LOG_LEVEL_INFO, "Request from %s marked for blocking. "
+ "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+ csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+ csp->http->port);
csp->action->flags |= ACTION_BLOCK;
http->ssl = 0;
}
else
{
write_socket(csp->cfd, CFORBIDDEN, strlen(CFORBIDDEN));
- log_error(LOG_LEVEL_CONNECT, "Denying suspicious CONNECT request from %s", csp->ip_addr_str);
- log_error(LOG_LEVEL_CLF, "%s - - [%T] \" \" 403 0", csp->ip_addr_str);
+ log_error(LOG_LEVEL_INFO, "Request from %s denied. "
+ "limit-connect{%s} doesn't allow CONNECT requests to port %d.",
+ csp->ip_addr_str, csp->action->string[ACTION_STRING_LIMIT_CONNECT],
+ csp->http->port);
+ assert(NULL != csp->http->ocmd);
+ log_error(LOG_LEVEL_CLF, "%s - - [%T] \"%s\" 403 0", csp->ip_addr_str, csp->http->ocmd);
list_remove_all(csp->headers);
-
+ /*
+ * XXX: For consistency we might want to log a crunch message here.
+ */
return;
}
}
"CONNECT already confirmed. Unable to tell the client about the problem.");
return;
}
+ else if (byte_count)
+ {
+ /*
+ * Just hang up. We already transmitted the original headers
+ * and parts of the original content and therefore missed the
+ * chance to send an error message (without risking data corruption).
+ *
+ * XXX: we could retry with a fancy range request here.
+ */
+ log_error(LOG_LEVEL_ERROR, "Already forwarded the original headers. "
+ "Unable to tell the client about the problem.");
+ return;
+ }
rsp = error_response(csp, "connect-failed", errno);
- if(rsp)
+ if (rsp)
{
send_crunch_response(csp, rsp);
}
int flushed;
log_error(LOG_LEVEL_ERROR, "Flushing header and buffers. Stepping back from filtering.");
- if (JB_ERR_OK != sed(server_patterns, add_server_headers, csp))
- {
- log_error(LOG_LEVEL_FATAL, "Failed to parse server headers.");
- }
+
hdr = list_to_text(csp->headers);
if (hdr == NULL)
{
return;
}
-
- if (crunch_response_triggered(csp, crunchers_light))
- {
- /*
- * One of the tags created by a server-header
- * tagger triggered a crunch. We already
- * delivered the crunch response to the client
- * and are done here after cleaning up.
- */
- freez(hdr);
- return;
- }
-
hdrlen = strlen(hdr);
if (write_socket(csp->cfd, hdr, hdrlen)
return;
}
- byte_count += hdrlen + (size_t)flushed + (size_t)len;
+ /*
+ * Reset the byte_count to the amount of bytes
+ * we just flushed. len will be added a few lines below,
+ * hdrlen doesn't matter for LOG_LEVEL_CLF.
+ */
+ byte_count = (size_t)flushed;
freez(hdr);
content_filter = NULL;
server_body = 1;
-
}
}
else
#endif
+#if defined(unix)
/*********************************************************************
*
* Function : usage
* Returns : No. ,-)
*
*********************************************************************/
-void usage(const char *myname)
+static void usage(const char *myname)
{
printf("Privoxy version " VERSION " (" HOME_PAGE_URL ")\n"
"Usage: %s "
#endif /* defined(unix) */
"[--help] "
#if defined(unix)
- "[--no-daemon] [--pidfile pidfile] [--user user[.group]] "
+ "[--no-daemon] [--pidfile pidfile] [--pre-chroot-nslookup hostname] [--user user[.group]] "
#endif /* defined(unix) */
"[--version] [configfile]\n"
"Aborting\n", myname);
exit(2);
}
+#endif /* defined(unix) */
/*********************************************************************
* Returns : Void, exits in case of errors.
*
*********************************************************************/
-void initialize_mutexes()
+static void initialize_mutexes(void)
{
int err = 0;
struct group *grp = NULL;
char *p;
int do_chroot = 0;
+ char *pre_chroot_nslookup_to_load_resolver = NULL;
#endif
Argc = argc;
if (p != NULL) *--p = '\0';
}
+ else if (strcmp(argv[argc_pos], "--pre-chroot-nslookup" ) == 0)
+ {
+ if (++argc_pos == argc) usage(argv[0]);
+ pre_chroot_nslookup_to_load_resolver = strdup(argv[argc_pos]);
+ }
+
else if (strcmp(argv[argc_pos], "--chroot" ) == 0)
{
do_chroot = 1;
{
log_error(LOG_LEVEL_FATAL, "Home directory for %s undefined", pw->pw_name);
}
+ /* Read the time zone file from /etc before doing chroot. */
+ tzset();
+ if (NULL != pre_chroot_nslookup_to_load_resolver
+ && '\0' != pre_chroot_nslookup_to_load_resolver[0])
+ {
+ /* Initialize resolver library. */
+ (void) resolve_hostname_to_ip(pre_chroot_nslookup_to_load_resolver);
+ }
if (chroot(pw->pw_dir) < 0)
{
log_error(LOG_LEVEL_FATAL, "Cannot chroot to %s", pw->pw_dir);
projects / privoxy.git / blobdiff