-const char parsers_rcs[] = "$Id: parsers.c,v 1.102 2007/05/27 12:39:32 fabiankeil Exp $";
+const char parsers_rcs[] = "$Id: parsers.c,v 1.107 2007/08/28 18:16:32 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/parsers.c,v $
*
* Revisions :
* $Log: parsers.c,v $
+ * Revision 1.107 2007/08/28 18:16:32 fabiankeil
+ * Fix possible memory corruption in server_http, make sure it's not
+ * executed for ordinary server headers and mark some problems for later.
+ *
+ * Revision 1.106 2007/08/18 14:30:32 fabiankeil
+ * Let content-type-overwrite{} honour force-text-mode again.
+ *
+ * Revision 1.105 2007/08/11 14:49:49 fabiankeil
+ * - Add prototpyes for the header parsers and make them static.
+ * - Comment out client_accept_encoding_adder() which isn't used right now.
+ *
+ * Revision 1.104 2007/07/14 07:38:19 fabiankeil
+ * Move the ACTION_FORCE_TEXT_MODE check out of
+ * server_content_type(). Signal other functions
+ * whether or not a content type has been declared.
+ * Part of the fix for BR#1750917.
+ *
+ * Revision 1.103 2007/06/01 16:31:54 fabiankeil
+ * Change sed() to return a jb_err in preparation for forward-override{}.
+ *
* Revision 1.102 2007/05/27 12:39:32 fabiankeil
* Adjust "X-Filter: No" to disable dedicated header filters.
*
#define ijb_isupper(__X) isupper((int)(unsigned char)(__X))
#define ijb_tolower(__X) tolower((int)(unsigned char)(__X))
-jb_err header_tagger(struct client_state *csp, char *header);
-jb_err scan_headers(struct client_state *csp);
+static jb_err scan_headers(struct client_state *csp);
+static jb_err header_tagger(struct client_state *csp, char *header);
+static jb_err parse_header_time(const char *header_time, time_t *result);
+
+static jb_err crumble (struct client_state *csp, char **header);
+static jb_err connection (struct client_state *csp, char **header);
+static jb_err filter_header (struct client_state *csp, char **header);
+static jb_err client_referrer (struct client_state *csp, char **header);
+static jb_err client_uagent (struct client_state *csp, char **header);
+static jb_err client_ua (struct client_state *csp, char **header);
+static jb_err client_from (struct client_state *csp, char **header);
+static jb_err client_send_cookie (struct client_state *csp, char **header);
+static jb_err client_x_forwarded (struct client_state *csp, char **header);
+static jb_err client_accept_encoding (struct client_state *csp, char **header);
+static jb_err client_te (struct client_state *csp, char **header);
+static jb_err client_max_forwards (struct client_state *csp, char **header);
+static jb_err client_host (struct client_state *csp, char **header);
+static jb_err client_if_modified_since (struct client_state *csp, char **header);
+static jb_err client_accept_language (struct client_state *csp, char **header);
+static jb_err client_if_none_match (struct client_state *csp, char **header);
+static jb_err crunch_client_header (struct client_state *csp, char **header);
+static jb_err client_x_filter (struct client_state *csp, char **header);
+static jb_err server_set_cookie (struct client_state *csp, char **header);
+static jb_err server_content_type (struct client_state *csp, char **header);
+static jb_err server_content_length (struct client_state *csp, char **header);
+static jb_err server_content_md5 (struct client_state *csp, char **header);
+static jb_err server_content_encoding (struct client_state *csp, char **header);
+static jb_err server_transfer_coding (struct client_state *csp, char **header);
+static jb_err server_http (struct client_state *csp, char **header);
+static jb_err crunch_server_header (struct client_state *csp, char **header);
+static jb_err server_last_modified (struct client_state *csp, char **header);
+static jb_err server_content_disposition(struct client_state *csp, char **header);
+
+static jb_err client_host_adder (struct client_state *csp);
+static jb_err client_cookie_adder (struct client_state *csp);
+static jb_err client_xtra_adder (struct client_state *csp);
+static jb_err client_x_forwarded_adder(struct client_state *csp);
+static jb_err connection_close_adder (struct client_state *csp);
const struct parsers client_patterns[] = {
{ "referer:", 8, client_referrer },
};
const struct parsers server_patterns[] = {
- { "HTTP", 4, server_http },
+ { "HTTP/", 5, server_http },
{ "set-cookie:", 11, server_set_cookie },
{ "connection:", 11, connection },
{ "Content-Type:", 13, server_content_type },
* This is to protect the parsing of gzipped data,
* but it should(?) be valid for deflated data also.
*/
- log_error (LOG_LEVEL_ERROR, "Buffer too small decompressing iob");
+ log_error(LOG_LEVEL_ERROR, "Buffer too small decompressing iob");
return JB_ERR_COMPRESS;
}
|| (*cur++ != (char)0x8b)
|| (*cur++ != Z_DEFLATED))
{
- log_error (LOG_LEVEL_ERROR, "Invalid gzip header when decompressing");
+ log_error(LOG_LEVEL_ERROR, "Invalid gzip header when decompressing");
return JB_ERR_COMPRESS;
}
else
if (flags & 0xe0)
{
/* The gzip header has reserved bits set; bail out. */
- log_error (LOG_LEVEL_ERROR, "Invalid gzip header flags when decompressing");
+ log_error(LOG_LEVEL_ERROR, "Invalid gzip header flags when decompressing");
return JB_ERR_COMPRESS;
}
cur += 6;
*/
if((skip_bytes < 0) || (skip_bytes >= (csp->iob->eod - cur)))
{
- log_error (LOG_LEVEL_ERROR,
+ log_error(LOG_LEVEL_ERROR,
"Unreasonable amount of bytes to skip (%d). Stopping decompression",
skip_bytes);
return JB_ERR_COMPRESS;
}
- log_error (LOG_LEVEL_INFO,
+ log_error(LOG_LEVEL_INFO,
"Skipping %d bytes for gzip compression. Does this sound right?",
skip_bytes);
cur += skip_bytes;
* the buffer end, we were obviously tricked to skip
* too much.
*/
- log_error (LOG_LEVEL_ERROR,
+ log_error(LOG_LEVEL_ERROR,
"Malformed gzip header detected. Aborting decompression.");
return JB_ERR_COMPRESS;
}
* XXX: The debug level should be lowered
* before the next stable release.
*/
- log_error (LOG_LEVEL_INFO, "Decompressing deflated iob: %d", *cur);
+ log_error(LOG_LEVEL_INFO, "Decompressing deflated iob: %d", *cur);
/*
* In theory (that is, according to RFC 1950), deflate-compressed
* data should begin with a two-byte zlib header and have an
}
else
{
- log_error (LOG_LEVEL_ERROR,
+ log_error(LOG_LEVEL_ERROR,
"Unable to determine compression format for decompression");
return JB_ERR_COMPRESS;
}
*/
if (inflateInit2 (&zstr, -MAX_WBITS) != Z_OK)
{
- log_error (LOG_LEVEL_ERROR, "Error initializing decompression");
+ log_error(LOG_LEVEL_ERROR, "Error initializing decompression");
return JB_ERR_COMPRESS;
}
* We don't modify the existing iob yet, so in case there
* is error in decompression we can recover gracefully.
*/
- buf = zalloc (bufsize);
+ buf = zalloc(bufsize);
if (NULL == buf)
{
- log_error (LOG_LEVEL_ERROR, "Out of memory decompressing iob");
+ log_error(LOG_LEVEL_ERROR, "Out of memory decompressing iob");
return JB_ERR_MEMORY;
}
* Returns : JB_ERR_OK
*
*********************************************************************/
-jb_err scan_headers(struct client_state *csp)
+static jb_err scan_headers(struct client_state *csp)
{
struct list_entry *h; /* Header */
jb_err err = JB_ERR_OK;
* Returns : JB_ERR_OK on success and always succeeds
*
*********************************************************************/
-jb_err header_tagger(struct client_state *csp, char *header)
+static jb_err header_tagger(struct client_state *csp, char *header)
{
int wanted_filter_type;
int multi_action_index;
* Returns : JB_ERR_OK on success and always succeeds
*
*********************************************************************/
-jb_err filter_header(struct client_state *csp, char **header)
+static jb_err filter_header(struct client_state *csp, char **header)
{
int hits=0;
int matches;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err connection(struct client_state *csp, char **header)
+static jb_err connection(struct client_state *csp, char **header)
{
char *old_header = *header;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err crumble(struct client_state *csp, char **header)
+static jb_err crumble(struct client_state *csp, char **header)
{
log_error(LOG_LEVEL_HEADER, "crumble crunched: %s!", *header);
freez(*header);
* Returns : JB_ERR_OK on success and always succeeds
*
*********************************************************************/
-jb_err crunch_server_header(struct client_state *csp, char **header)
+static jb_err crunch_server_header(struct client_state *csp, char **header)
{
const char *crunch_pattern;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err server_content_type(struct client_state *csp, char **header)
+static jb_err server_content_type(struct client_state *csp, char **header)
{
/* Remove header if it isn't the first Content-Type header */
- if(csp->content_type && (csp->content_type != CT_TABOO))
+ if ((csp->content_type & CT_DECLARED))
{
/*
* Another, slightly slower, way to see if
return JB_ERR_OK;
}
+ /*
+ * Signal that the Content-Type has been set.
+ */
+ csp->content_type |= CT_DECLARED;
+
if (!(csp->content_type & CT_TABOO))
{
if ((strstr(*header, " text/") && !strstr(*header, "plain"))
{
csp->content_type |= CT_JPEG;
}
- else
- {
- csp->content_type = 0;
- }
- }
- /*
- * Are we enabling text mode by force?
- */
- if (csp->action->flags & ACTION_FORCE_TEXT_MODE)
- {
- /*
- * Do we really have to?
- */
- if (csp->content_type & CT_TEXT)
- {
- log_error(LOG_LEVEL_HEADER, "Text mode is already enabled.");
- }
- else
- {
- csp->content_type |= CT_TEXT;
- log_error(LOG_LEVEL_HEADER, "Text mode enabled by force. Take cover!");
- }
}
+
/*
* Are we messing with the content type?
*/
* Make sure the user doesn't accidently
* change the content type of binary documents.
*/
- if (csp->content_type & CT_TEXT)
+ if ((csp->content_type & CT_TEXT) || (csp->action->flags & ACTION_FORCE_TEXT_MODE))
{
freez(*header);
*header = strdup("Content-Type: ");
"Enable force-text-mode if you know what you're doing.", *header);
}
}
+
return JB_ERR_OK;
}
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err server_transfer_coding(struct client_state *csp, char **header)
+static jb_err server_transfer_coding(struct client_state *csp, char **header)
{
/*
* Turn off pcrs and gif filtering if body compressed
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err server_content_encoding(struct client_state *csp, char **header)
+static jb_err server_content_encoding(struct client_state *csp, char **header)
{
#ifdef FEATURE_ZLIB
if ((csp->flags & CSP_FLAG_MODIFIED)
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err server_content_length(struct client_state *csp, char **header)
+static jb_err server_content_length(struct client_state *csp, char **header)
{
const size_t max_header_length = 80;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err server_content_md5(struct client_state *csp, char **header)
+static jb_err server_content_md5(struct client_state *csp, char **header)
{
if (csp->flags & CSP_FLAG_MODIFIED)
{
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err server_content_disposition(struct client_state *csp, char **header)
+static jb_err server_content_disposition(struct client_state *csp, char **header)
{
const char *newval;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err server_last_modified(struct client_state *csp, char **header)
+static jb_err server_last_modified(struct client_state *csp, char **header)
{
const char *newval;
char buf[BUFFER_SIZE];
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_accept_encoding(struct client_state *csp, char **header)
+static jb_err client_accept_encoding(struct client_state *csp, char **header)
{
if ((csp->action->flags & ACTION_NO_COMPRESSION) != 0)
{
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_te(struct client_state *csp, char **header)
+static jb_err client_te(struct client_state *csp, char **header)
{
if ((csp->action->flags & ACTION_NO_COMPRESSION) != 0)
{
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_referrer(struct client_state *csp, char **header)
+static jb_err client_referrer(struct client_state *csp, char **header)
{
const char *newval;
const char *host;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_accept_language(struct client_state *csp, char **header)
+static jb_err client_accept_language(struct client_state *csp, char **header)
{
const char *newval;
return (*header == NULL) ? JB_ERR_MEMORY : JB_ERR_OK;
}
+
/*********************************************************************
*
* Function : crunch_client_header
* Returns : JB_ERR_OK on success and always succeeds
*
*********************************************************************/
-jb_err crunch_client_header(struct client_state *csp, char **header)
+static jb_err crunch_client_header(struct client_state *csp, char **header)
{
const char *crunch_pattern;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_uagent(struct client_state *csp, char **header)
+static jb_err client_uagent(struct client_state *csp, char **header)
{
const char *newval;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_ua(struct client_state *csp, char **header)
+static jb_err client_ua(struct client_state *csp, char **header)
{
if ((csp->action->flags & ACTION_HIDE_USER_AGENT) != 0)
{
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_from(struct client_state *csp, char **header)
+static jb_err client_from(struct client_state *csp, char **header)
{
const char *newval;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_send_cookie(struct client_state *csp, char **header)
+static jb_err client_send_cookie(struct client_state *csp, char **header)
{
if (csp->action->flags & ACTION_NO_COOKIE_READ)
{
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_max_forwards(struct client_state *csp, char **header)
+static jb_err client_max_forwards(struct client_state *csp, char **header)
{
int max_forwards;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_host(struct client_state *csp, char **header)
+static jb_err client_host(struct client_state *csp, char **header)
{
char *p, *q;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_if_modified_since(struct client_state *csp, char **header)
+static jb_err client_if_modified_since(struct client_state *csp, char **header)
{
char newheader[50];
#ifdef HAVE_GMTIME_R
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_if_none_match(struct client_state *csp, char **header)
+static jb_err client_if_none_match(struct client_state *csp, char **header)
{
if (csp->action->flags & ACTION_CRUNCH_IF_NONE_MATCH)
{
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_host_adder(struct client_state *csp)
+static jb_err client_host_adder(struct client_state *csp)
{
char *p;
jb_err err;
return err;
}
-
+#if 0
/*********************************************************************
*
* Function : client_accept_encoding_adder
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_accept_encoding_adder(struct client_state *csp)
+static jb_err client_accept_encoding_adder(struct client_state *csp)
{
- assert(0); /* Not in use */
-
if ( ((csp->action->flags & ACTION_NO_COMPRESSION) != 0)
&& (!strcmpic(csp->http->ver, "HTTP/1.1")) )
{
return JB_ERR_OK;
}
-
+#endif
/*********************************************************************
*
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_xtra_adder(struct client_state *csp)
+static jb_err client_xtra_adder(struct client_state *csp)
{
struct list_entry *lst;
jb_err err;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err client_x_forwarded_adder(struct client_state *csp)
+static jb_err client_x_forwarded_adder(struct client_state *csp)
{
char *p = NULL;
jb_err err;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err connection_close_adder(struct client_state *csp)
+static jb_err connection_close_adder(struct client_state *csp)
{
const unsigned int flags = csp->flags;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err server_http(struct client_state *csp, char **header)
+static jb_err server_http(struct client_state *csp, char **header)
{
+ /* XXX: Doesn't belong here. */
sscanf(*header, "HTTP/%*d.%*d %d", &(csp->http->status));
if (csp->http->status == 206)
{
if ((csp->action->flags & ACTION_DOWNGRADE) != 0)
{
- (*header)[7] = '0';
- log_error(LOG_LEVEL_HEADER, "Downgraded answer to HTTP/1.0");
+ /* XXX: Should we do a real validity check here? */
+ if (strlen(*header) > 8)
+ {
+ (*header)[7] = '0';
+ log_error(LOG_LEVEL_HEADER, "Downgraded answer to HTTP/1.0");
+ }
+ else
+ {
+ /*
+ * XXX: Should we block the request or
+ * enlist a valid status code line here?
+ */
+ log_error(LOG_LEVEL_INFO, "Malformed server response detected. "
+ "Downgrading to HTTP/1.0 impossible.");
+ }
}
return JB_ERR_OK;
* JB_ERR_MEMORY on out-of-memory error.
*
*********************************************************************/
-jb_err server_set_cookie(struct client_state *csp, char **header)
+static jb_err server_set_cookie(struct client_state *csp, char **header)
{
time_t now;
time_t cookie_time;
* JB_ERR_PARSE otherwise.
*
*********************************************************************/
-jb_err parse_header_time(const char *header_time, time_t *result)
+static jb_err parse_header_time(const char *header_time, time_t *result)
{
struct tm gmt;