-const char parsers_rcs[] = "$Id: parsers.c,v 1.252 2012/09/18 17:39:29 fabiankeil Exp $";
+const char parsers_rcs[] = "$Id: parsers.c,v 1.276 2013/03/20 11:31:20 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/parsers.c,v $
static jb_err server_proxy_connection(struct client_state *csp, char **header);
static jb_err client_keep_alive(struct client_state *csp, char **header);
static jb_err client_save_content_length(struct client_state *csp, char **header);
+static jb_err client_proxy_connection(struct client_state *csp, char **header);
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
static jb_err client_host_adder (struct client_state *csp);
#ifdef FEATURE_CONNECTION_KEEP_ALIVE
static jb_err server_proxy_connection_adder(struct client_state *csp);
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
+static jb_err proxy_authentication(struct client_state *csp, char **header);
static jb_err create_forged_referrer(char **header, const char *hostport);
static jb_err create_fake_referrer(char **header, const char *fake_referrer);
#ifdef FEATURE_CONNECTION_KEEP_ALIVE
{ "Keep-Alive:", 11, client_keep_alive },
{ "Content-Length:", 15, client_save_content_length },
+ { "Proxy-Connection:", 17, client_proxy_connection },
#else
{ "Keep-Alive:", 11, crumble },
+ { "Proxy-Connection:", 17, crumble },
#endif
{ "connection:", 11, client_connection },
- { "proxy-connection:", 17, crumble },
{ "max-forwards:", 13, client_max_forwards },
{ "Accept-Language:", 16, client_accept_language },
{ "if-none-match:", 14, client_if_none_match },
{ "Request-Range:", 14, client_range },
{ "If-Range:", 9, client_range },
{ "X-Filter:", 9, client_x_filter },
+ { "Proxy-Authorization:", 20, proxy_authentication },
+#if 0
+ { "Transfer-Encoding:", 18, client_transfer_encoding },
+#endif
{ "*", 0, crunch_client_header },
{ "*", 0, filter_header },
{ NULL, 0, NULL }
{ "Transfer-Encoding:", 18, server_transfer_coding },
{ "content-disposition:", 20, server_content_disposition },
{ "Last-Modified:", 14, server_last_modified },
+ { "Proxy-Authenticate:", 19, proxy_authentication },
{ "*", 0, crunch_server_header },
{ "*", 0, filter_header },
{ NULL, 0, NULL }
*
* Function : add_to_iob
*
- * Description : Add content to the buffered page, expanding the
+ * Description : Add content to the buffer, expanding the
* buffer if necessary.
*
* Parameters :
- * 1 : csp = Current client state (buffers, headers, etc...)
- * 2 : buf = holds the content to be added to the page
- * 3 : n = number of bytes to be added
+ * 1 : iob = Destination buffer.
+ * 2 : buffer_limit = Limit to which the destination may grow
+ * 3 : src = holds the content to be added
+ * 4 : n = number of bytes to be added
*
* Returns : JB_ERR_OK on success, JB_ERR_MEMORY if out-of-memory
* or buffer limit reached.
*
*********************************************************************/
-jb_err add_to_iob(struct client_state *csp, char *buf, long n)
+jb_err add_to_iob(struct iob *iob, const size_t buffer_limit, char *src, long n)
{
- struct iob *iob = csp->iob;
size_t used, offset, need;
char *p;
* If the buffer can't hold the new data, extend it first.
* Use the next power of two if possible, else use the actual need.
*/
- if (need > csp->config->buffer_limit)
+ if (need > buffer_limit)
{
log_error(LOG_LEVEL_INFO,
"Buffer limit reached while extending the buffer (iob). Needed: %d. Limit: %d",
- need, csp->config->buffer_limit);
+ need, buffer_limit);
return JB_ERR_MEMORY;
}
if (need > iob->size)
{
- size_t want = csp->iob->size ? csp->iob->size : 512;
+ size_t want = iob->size ? iob->size : 512;
while (want <= need)
{
want *= 2;
}
- if (want <= csp->config->buffer_limit && NULL != (p = (char *)realloc(iob->buf, want)))
+ if (want <= buffer_limit && NULL != (p = (char *)realloc(iob->buf, want)))
{
iob->size = want;
}
}
/* copy the new data into the iob buffer */
- memcpy(iob->eod, buf, (size_t)n);
+ memcpy(iob->eod, src, (size_t)n);
/* point to the end of the data */
iob->eod += n;
}
+/*********************************************************************
+ *
+ * Function : clear_iob
+ *
+ * Description : Frees the memory allocated for an I/O buffer and
+ * resets the structure.
+ *
+ * Parameters :
+ * 1 : iob = I/O buffer to clear.
+ *
+ * Returns : JB_ERR_OK on success, JB_ERR_MEMORY if out-of-memory
+ * or buffer limit reached.
+ *
+ *********************************************************************/
+void clear_iob(struct iob *iob)
+{
+ free(iob->buf);
+ memset(iob, '\0', sizeof(*iob));;
+}
+
+
#ifdef FEATURE_ZLIB
/*********************************************************************
*
}
else if (csp->content_type & CT_DEFLATE)
{
- /*
- * XXX: The debug level should be lowered
- * before the next stable release.
- */
- log_error(LOG_LEVEL_INFO, "Decompressing deflated iob: %d", *cur);
/*
* In theory (that is, according to RFC 1950), deflate-compressed
* data should begin with a two-byte zlib header and have an
#endif /* defined(FEATURE_ZLIB) */
-/*********************************************************************
- *
- * Function : string_move
- *
- * Description : memmove wrapper to move the last part of a string
- * towards the beginning, overwriting the part in
- * the middle. strlcpy() can't be used here as the
- * strings overlap.
- *
- * Parameters :
- * 1 : dst = Destination to overwrite
- * 2 : src = Source to move.
- *
- * Returns : N/A
- *
- *********************************************************************/
-static void string_move(char *dst, char *src)
-{
- assert(dst < src);
-
- /* +1 to copy the terminating nul as well. */
- memmove(dst, src, strlen(src)+1);
-}
-
-
/*********************************************************************
*
* Function : normalize_lws
log_error(LOG_LEVEL_HEADER,
"Content modified with no Content-Length header set. "
"Created: %s.", header);
+ csp->flags |= CSP_FLAG_SERVER_CONTENT_LENGTH_SET;
}
}
#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
if (0 == size)
{
/*
- * There is to technical limitation which makes
+ * There is no technical limitation which makes
* it impossible to use empty tags, but I assume
* no one would do it intentionally.
*/
}
+/*********************************************************************
+ *
+ * Function : proxy_authentication
+ *
+ * Description : Removes headers that are relevant for proxy
+ * authentication unless forwarding them has
+ * been explicitly requested.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : header = On input, pointer to header to modify.
+ * On output, pointer to the modified header, or NULL
+ * to remove the header. This function frees the
+ * original string if necessary.
+ *
+ * Returns : JB_ERR_OK.
+ *
+ *********************************************************************/
+static jb_err proxy_authentication(struct client_state *csp, char **header)
+{
+ if ((csp->config->feature_flags &
+ RUNTIME_FEATURE_FORWARD_PROXY_AUTHENTICATION_HEADERS) == 0) {
+ log_error(LOG_LEVEL_HEADER,
+ "Forwarding proxy authentication headers is disabled. Crunching: %s", *header);
+ freez(*header);
+ }
+ return JB_ERR_OK;
+}
+
+
/*********************************************************************
*
* Function : client_keep_alive
}
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
+/*********************************************************************
+ *
+ * Function : client_proxy_connection
+ *
+ * Description : Sets the CLIENT_CONNECTION_KEEP_ALIVE flag when
+ * appropriate and removes the Proxy-Connection
+ * header.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : header = On input, pointer to header to modify.
+ * On output, pointer to the modified header, or NULL
+ * to remove the header. This function frees the
+ * original string if necessary.
+ *
+ * Returns : JB_ERR_OK
+ *
+ *********************************************************************/
+static jb_err client_proxy_connection(struct client_state *csp, char **header)
+{
+ if (0 == (csp->flags & CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE)
+ && (csp->http->ssl == 0)
+ && (NULL == strstr(*header, "close")))
+ {
+ log_error(LOG_LEVEL_HEADER,
+ "The client connection can be kept alive due to: %s", *header);
+ csp->flags |= CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE;
+ }
+ crumble(csp, header);
+
+ return JB_ERR_OK;
+}
+#endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
+
+
+/*********************************************************************
+ *
+ * Function : client_transfer_encoding
+ *
+ * Description : Raise the CSP_FLAG_CHUNKED_CLIENT_BODY flag if
+ * the request body is "chunked"
+ *
+ * XXX: Currently not called through sed() as we
+ * need the flag earlier on. Should be fixed.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : header = On input, pointer to header to modify.
+ * On output, pointer to the modified header, or NULL
+ * to remove the header. This function frees the
+ * original string if necessary.
+ *
+ * Returns : JB_ERR_OK on success, or
+ *
+ *********************************************************************/
+jb_err client_transfer_encoding(struct client_state *csp, char **header)
+{
+ if (strstr(*header, "chunked"))
+ {
+ csp->flags |= CSP_FLAG_CHUNKED_CLIENT_BODY;
+ log_error(LOG_LEVEL_HEADER, "Expecting chunked client body");
+ }
+
+ return JB_ERR_OK;
+}
+
+
/*********************************************************************
*
* Function : crumble
/* Remove header if it isn't the first Content-Type header */
if ((csp->content_type & CT_DECLARED))
{
- /*
- * Another, slightly slower, way to see if
- * we already parsed another Content-Type header.
- */
- assert(NULL != get_header_value(csp->headers, "Content-Type:"));
-
- log_error(LOG_LEVEL_ERROR,
- "Multiple Content-Type headers. Removing and ignoring: \'%s\'",
- *header);
- freez(*header);
-
+ if (content_filters_enabled(csp->action))
+ {
+ /*
+ * Making sure the client interprets the content the same way
+ * Privoxy did is only relevant if Privoxy modified it.
+ *
+ * Checking for this is "hard" as it's not yet known when
+ * this function is called, thus go shopping and and just
+ * check if Privoxy could filter it.
+ *
+ * The main thing is that we don't mess with the headers
+ * unless the user signalled that it's acceptable.
+ */
+ log_error(LOG_LEVEL_HEADER,
+ "Multiple Content-Type headers detected. "
+ "Removing and ignoring: %s",
+ *header);
+ freez(*header);
+ }
return JB_ERR_OK;
}
*********************************************************************/
static jb_err client_send_cookie(struct client_state *csp, char **header)
{
- if (csp->action->flags & ACTION_NO_COOKIE_READ)
+ if (csp->action->flags & ACTION_CRUNCH_OUTGOING_COOKIES)
{
log_error(LOG_LEVEL_HEADER, "Crunched outgoing cookie: %s", *header);
freez(*header);
* port information, parse and evaluate the Host
* header field.
*
- * Also, kill ill-formed HOST: headers as sent by
- * Apple's iTunes software when used with a proxy.
- *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : header = On input, pointer to header to modify.
{
char *p, *q;
- /*
- * If the header field name is all upper-case, chances are that it's
- * an ill-formed one from iTunes. BTW, killing innocent headers here is
- * not a problem -- they are regenerated later.
- */
- if ((*header)[1] == 'O')
- {
- log_error(LOG_LEVEL_HEADER, "Killed all-caps Host header line: %s", *header);
- freez(*header);
- return JB_ERR_OK;
- }
-
if (!csp->http->hostport || (*csp->http->hostport == '*') ||
*csp->http->hostport == ' ' || *csp->http->hostport == '\0')
{
if ((csp->flags & CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE)
&& !(csp->flags & CSP_FLAG_SERVER_SOCKET_TAINTED)
- && !(csp->flags & CSP_FLAG_SERVER_PROXY_CONNECTION_HEADER_SET))
+ && !(csp->flags & CSP_FLAG_SERVER_PROXY_CONNECTION_HEADER_SET)
+ && ((csp->flags & CSP_FLAG_SERVER_CONTENT_LENGTH_SET)
+ || (csp->flags & CSP_FLAG_CHUNKED)))
{
log_error(LOG_LEVEL_HEADER, "Adding: %s", proxy_connection_header);
err = enlist(csp->headers, proxy_connection_header);
return JB_ERR_OK;
}
+/*********************************************************************
+ *
+ * Function : add_cooky_expiry_date
+ *
+ * Description : Adds a cookie expiry date to a string.
+ *
+ * Parameters :
+ * 1 : cookie = On input, pointer to cookie to modify.
+ * On output, pointer to the modified header.
+ * The original string is freed.
+ * 2 : lifetime = Seconds the cookie should be valid
+ *
+ * Returns : N/A
+ *
+ *********************************************************************/
+static void add_cookie_expiry_date(char **cookie, time_t lifetime)
+{
+ char tmp[50];
+ struct tm *timeptr = NULL;
+ time_t expiry_date = time(NULL) + lifetime;
+#ifdef HAVE_GMTIME_R
+ struct tm gmt;
+
+ timeptr = gmtime_r(&expiry_date, &gmt);
+#elif defined(MUTEX_LOCKS_AVAILABLE)
+ privoxy_mutex_lock(&gmtime_mutex);
+ timeptr = gmtime(&expiry_date);
+ privoxy_mutex_unlock(&gmtime_mutex);
+#else
+ timeptr = gmtime(&expiry_date);
+#endif
+
+ if (NULL == timeptr)
+ {
+ log_error(LOG_LEVEL_FATAL,
+ "Failed to get the time in add_cooky_expiry_date()");
+ }
+ strftime(tmp, sizeof(tmp), "; expires=%a, %d-%b-%Y %H:%M:%S GMT", timeptr);
+ if (JB_ERR_OK != string_append(cookie, tmp))
+ {
+ log_error(LOG_LEVEL_FATAL, "Out of memory in add_cooky_expiry()");
+ }
+}
+
/*********************************************************************
*
* Crunch, accept or rewrite it to a session cookie.
* Called from `sed'.
*
- * TODO: Allow the user to specify a new expiration
- * time to cause the cookie to expire even before the
- * browser is closed.
- *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : header = On input, pointer to header to modify.
*********************************************************************/
static jb_err server_set_cookie(struct client_state *csp, char **header)
{
- time_t now;
- time_t cookie_time;
-
- time(&now);
-
- if ((csp->action->flags & ACTION_NO_COOKIE_SET) != 0)
+ if ((csp->action->flags & ACTION_CRUNCH_INCOMING_COOKIES) != 0)
{
log_error(LOG_LEVEL_HEADER, "Crunching incoming cookie: %s", *header);
freez(*header);
}
- else if ((csp->action->flags & ACTION_NO_COOKIE_KEEP) != 0)
+ else if ((0 != (csp->action->flags & ACTION_SESSION_COOKIES_ONLY))
+ || (0 != (csp->action->flags & ACTION_LIMIT_COOKIE_LIFETIME)))
{
- /* Flag whether or not to log a message */
- int changed = 0;
+ time_t now;
+ time_t cookie_time;
+ long cookie_lifetime = 0;
+ enum
+ {
+ NO_EXPIRY_DATE_SPECIFIED,
+ EXPIRY_DATE_ACCEPTABLE,
+ EXPIRY_DATE_UNACCEPTABLE
+ } expiry_date_status = NO_EXPIRY_DATE_SPECIFIED;
/* A variable to store the tag we're working on */
char *cur_tag;
cur_tag++;
}
+ time(&now);
+
+ if ((csp->action->flags & ACTION_LIMIT_COOKIE_LIFETIME) != 0)
+ {
+ const char *param = csp->action->string[ACTION_STRING_LIMIT_COOKIE_LIFETIME];
+
+ cookie_lifetime = strtol(param, NULL, 0);
+ if (cookie_lifetime < 0)
+ {
+ log_error(LOG_LEVEL_FATAL, "Invalid cookie lifetime limit: %s", param);
+ }
+ cookie_lifetime *= 60;
+ }
+
/* Loop through each tag in the cookie */
while (*cur_tag)
{
log_error(LOG_LEVEL_ERROR,
"Can't parse \'%s\', send by %s. Unsupported time format?", cur_tag, csp->http->url);
string_move(cur_tag, next_tag);
- changed = 1;
+ expiry_date_status = EXPIRY_DATE_UNACCEPTABLE;
}
else
{
* anyway, which in many cases will be shorter
* than a browser session.
*/
- if (cookie_time - now < 0)
+ if (cookie_time < now)
{
log_error(LOG_LEVEL_HEADER,
"Cookie \'%s\' is already expired and can pass unmodified.", *header);
/* Just in case some clown sets more then one expiration date */
cur_tag = next_tag;
+ expiry_date_status = EXPIRY_DATE_ACCEPTABLE;
+ }
+ else if ((cookie_lifetime != 0) && (cookie_time < (now + cookie_lifetime)))
+ {
+ log_error(LOG_LEVEL_HEADER, "Cookie \'%s\' can pass unmodified. "
+ "Its lifetime is below the limit.", *header);
+ /* Just in case some clown sets more then one expiration date */
+ cur_tag = next_tag;
+ expiry_date_status = EXPIRY_DATE_ACCEPTABLE;
}
else
{
string_move(cur_tag, next_tag);
/* That changed the header, need to issue a log message */
- changed = 1;
+ expiry_date_status = EXPIRY_DATE_UNACCEPTABLE;
/*
* Note that the next tag has now been moved to *cur_tag,
}
}
- if (changed)
+ if (expiry_date_status != EXPIRY_DATE_ACCEPTABLE)
{
assert(NULL != *header);
- log_error(LOG_LEVEL_HEADER, "Cookie rewritten to a temporary one: %s",
- *header);
+ if (cookie_lifetime != 0)
+ {
+ add_cookie_expiry_date(header, cookie_lifetime);
+ log_error(LOG_LEVEL_HEADER, "Cookie rewritten to: %s", *header);
+ }
+ else if (expiry_date_status != NO_EXPIRY_DATE_SPECIFIED)
+ {
+ log_error(LOG_LEVEL_HEADER,
+ "Cookie rewritten to a temporary one: %s", *header);
+ }
}
}
* attempt to work around GNU libc's strptime()
* reporting negative year values when using %Y.
*/
- static const char * const time_formats[] = {
+ static const char time_formats[][22] = {
/* Tue, 02-Jun-37 20:00:00 */
"%a, %d-%b-%y %H:%M:%S",
/* Tue, 02 Jun 2037 20:00:00 */
continue;
}
*result = timegm(&gmt);
+
+#ifdef FEATURE_STRPTIME_SANITY_CHECKS
+ /*
+ * Verify that parsing the date recreated from the first
+ * parse operation gets the previous result. If it doesn't,
+ * either strptime() or strftime() are malfunctioning.
+ *
+ * We could string-compare the recreated date with the original
+ * header date, but this leads to false positives as strptime()
+ * may let %a accept all day formats while strftime() will only
+ * create one.
+ */
+ {
+ char recreated_date[100];
+ struct tm *tm;
+ time_t result2;
+
+ tm = gmtime(result);
+ strftime(recreated_date, sizeof(recreated_date), time_formats[i], tm);
+ memset(&gmt, 0, sizeof(gmt));
+ if (NULL == strptime(recreated_date, time_formats[i], &gmt))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Failed to parse '%s' generated with '%s' to recreate '%s'.",
+ recreated_date, time_formats[i], header_time);
+ continue;
+ }
+ result2 = timegm(&gmt);
+ if (*result != result2)
+ {
+ log_error(LOG_LEVEL_ERROR, "strftime() and strptime() disagree. "
+ "Format: '%s'. In: '%s', out: '%s'. %d != %d. Rejecting.",
+ time_formats[i], header_time, recreated_date, *result, result2);
+ continue;
+ }
+ }
+#endif
+
return JB_ERR_OK;
}
}
}
+#ifdef FEATURE_CONNECTION_KEEP_ALIVE
/*********************************************************************
*
* Function : get_expected_content_length
return content_length;
}
-
+#endif
/*
Local Variables:
projects / privoxy.git / blobdiff