X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=cgi.c;h=f81443ee199173a335e9593731f716c00cea6989;hp=20f2fc422639e311e4838d723d48c577232ee44b;hb=c88024b1f6a64ecc2d923ff875e10f15b64daff3;hpb=effa99e4df3dbc95aafd3dd940c0454ca0a2ce44 diff --git a/cgi.c b/cgi.c index 20f2fc42..f81443ee 100644 --- a/cgi.c +++ b/cgi.c @@ -1,4 +1,4 @@ -const char cgi_rcs[] = "$Id: cgi.c,v 1.122 2009/06/11 11:47:16 fabiankeil Exp $"; +const char cgi_rcs[] = "$Id: cgi.c,v 1.157 2012/11/09 10:47:42 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgi.c,v $ @@ -7,18 +7,15 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.122 2009/06/11 11:47:16 fabiankeil Exp $" * html or gif answers, and to compose HTTP resonses. * This only contains the framework functions, the * actual handler functions are declared elsewhere. - * - * Functions declared include: - * * * Copyright : Written by and Copyright (C) 2001-2004, 2006-2008 * the SourceForge Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written - * by and Copyright (C) 1997 Anonymous Coders and + * by and Copyright (C) 1997 Anonymous Coders and * Junkbusters Corporation. http://www.junkbusters.com * - * This program is free software; you can redistribute it + * This program is free software; you can redistribute it * and/or modify it under the terms of the GNU General * Public License as published by the Free Software * Foundation; either version 2 of the License, or (at @@ -49,6 +46,10 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.122 2009/06/11 11:47:16 fabiankeil Exp $" #include #include +#ifdef FEATURE_COMPRESSION +#include +#endif + #include "project.h" #include "cgi.h" #include "list.h" @@ -81,126 +82,126 @@ static const struct cgi_dispatcher cgi_dispatchers[] = { "Privoxy main page", TRUE }, #ifdef FEATURE_GRACEFUL_TERMINATION - { "die", - cgi_die, + { "die", + cgi_die, "Shut down - Do not deploy this build in a production environment, " "this is a one click Denial Of Service attack!!!", - FALSE }, + FALSE }, #endif - { "show-status", - cgi_show_status, + { "show-status", + cgi_show_status, #ifdef FEATURE_CGI_EDIT_ACTIONS "View & change the current configuration", #else "View the current configuration", #endif - TRUE }, - { "show-version", - cgi_show_version, + TRUE }, + { "show-version", + cgi_show_version, "View the source code version numbers", - TRUE }, - { "show-request", - cgi_show_request, + TRUE }, + { "show-request", + cgi_show_request, "View the request headers", - TRUE }, + TRUE }, { "show-url-info", - cgi_show_url_info, + cgi_show_url_info, "Look up which actions apply to a URL and why", TRUE }, #ifdef FEATURE_TOGGLE { "toggle", - cgi_toggle, + cgi_toggle, "Toggle Privoxy on or off", FALSE }, #endif /* def FEATURE_TOGGLE */ #ifdef FEATURE_CGI_EDIT_ACTIONS { "edit-actions", /* Edit the actions list */ - cgi_edit_actions, + cgi_edit_actions, NULL, FALSE }, { "eaa", /* Shortcut for edit-actions-add-url-form */ - cgi_edit_actions_add_url_form, + cgi_edit_actions_add_url_form, NULL, FALSE }, { "eau", /* Shortcut for edit-actions-url-form */ - cgi_edit_actions_url_form, + cgi_edit_actions_url_form, NULL, FALSE }, { "ear", /* Shortcut for edit-actions-remove-url-form */ - cgi_edit_actions_remove_url_form, + cgi_edit_actions_remove_url_form, NULL, FALSE }, { "eal", /* Shortcut for edit-actions-list */ - cgi_edit_actions_list, + cgi_edit_actions_list, NULL, FALSE }, { "eafu", /* Shortcut for edit-actions-for-url */ - cgi_edit_actions_for_url, + cgi_edit_actions_for_url, NULL, FALSE }, { "eas", /* Shortcut for edit-actions-submit */ - cgi_edit_actions_submit, + cgi_edit_actions_submit, NULL, FALSE }, { "easa", /* Shortcut for edit-actions-section-add */ - cgi_edit_actions_section_add, + cgi_edit_actions_section_add, NULL, FALSE }, { "easr", /* Shortcut for edit-actions-section-remove */ - cgi_edit_actions_section_remove, + cgi_edit_actions_section_remove, NULL, FALSE }, { "eass", /* Shortcut for edit-actions-section-swap */ - cgi_edit_actions_section_swap, + cgi_edit_actions_section_swap, NULL, FALSE }, { "edit-actions-for-url", - cgi_edit_actions_for_url, + cgi_edit_actions_for_url, NULL, FALSE /* Edit the actions for (a) specified URL(s) */ }, { "edit-actions-list", - cgi_edit_actions_list, + cgi_edit_actions_list, NULL, TRUE /* Edit the actions list */ }, { "edit-actions-submit", - cgi_edit_actions_submit, + cgi_edit_actions_submit, NULL, FALSE /* Change the actions for (a) specified URL(s) */ }, { "edit-actions-url", - cgi_edit_actions_url, + cgi_edit_actions_url, NULL, FALSE /* Change a URL pattern in the actionsfile */ }, { "edit-actions-url-form", - cgi_edit_actions_url_form, + cgi_edit_actions_url_form, NULL, FALSE /* Form to change a URL pattern in the actionsfile */ }, { "edit-actions-add-url", - cgi_edit_actions_add_url, + cgi_edit_actions_add_url, NULL, FALSE /* Add a URL pattern to the actionsfile */ }, { "edit-actions-add-url-form", - cgi_edit_actions_add_url_form, + cgi_edit_actions_add_url_form, NULL, FALSE /* Form to add a URL pattern to the actionsfile */ }, { "edit-actions-remove-url", - cgi_edit_actions_remove_url, + cgi_edit_actions_remove_url, NULL, FALSE /* Remove a URL pattern from the actionsfile */ }, { "edit-actions-remove-url-form", - cgi_edit_actions_remove_url_form, + cgi_edit_actions_remove_url_form, NULL, FALSE /* Form to remove a URL pattern from the actionsfile */ }, { "edit-actions-section-add", - cgi_edit_actions_section_add, + cgi_edit_actions_section_add, NULL, FALSE /* Remove a section from the actionsfile */ }, { "edit-actions-section-remove", - cgi_edit_actions_section_remove, + cgi_edit_actions_section_remove, NULL, FALSE /* Remove a section from the actionsfile */ }, { "edit-actions-section-swap", - cgi_edit_actions_section_swap, + cgi_edit_actions_section_swap, NULL, FALSE /* Swap two sections in the actionsfile */ }, #endif /* def FEATURE_CGI_EDIT_ACTIONS */ - { "error-favicon.ico", - cgi_send_error_favicon, + { "error-favicon.ico", + cgi_send_error_favicon, NULL, TRUE /* Sends the favicon image for error pages. */ }, - { "favicon.ico", - cgi_send_default_favicon, + { "favicon.ico", + cgi_send_default_favicon, NULL, TRUE /* Sends the default favicon image. */ }, - { "robots.txt", - cgi_robots_txt, - NULL, TRUE /* Sends a robots.txt file to tell robots to go away. */ }, + { "robots.txt", + cgi_robots_txt, + NULL, TRUE /* Sends a robots.txt file to tell robots to go away. */ }, { "send-banner", - cgi_send_banner, + cgi_send_banner, NULL, TRUE /* Send a built-in image */ }, { "send-stylesheet", - cgi_send_stylesheet, + cgi_send_stylesheet, NULL, FALSE /* Send templates/cgi-style.css */ }, { "t", - cgi_transparent_image, + cgi_transparent_image, NULL, TRUE /* Send a transparent image (short name) */ }, { "url-info-osd.xml", - cgi_send_url_info_osd, + cgi_send_url_info_osd, NULL, TRUE /* Send templates/url-info-osd.xml */ }, { "user-manual", cgi_send_user_manual, @@ -267,6 +268,13 @@ const char image_blank_data[] = const size_t image_pattern_length = sizeof(image_pattern_data) - 1; const size_t image_blank_length = sizeof(image_blank_data) - 1; +#ifdef FEATURE_COMPRESSION +/* + * Minimum length which a buffer has to reach before + * we bother to (re-)compress it. Completely arbitrary. + */ +const size_t LOWER_LENGTH_LIMIT_FOR_COMPRESSION = 1024U; +#endif static struct http_response cgi_error_memory_response[1]; @@ -276,7 +284,7 @@ static struct map *parse_cgi_parameters(char *argstring); /********************************************************************* - * + * * Function : dispatch_cgi * * Description : Checks if a request URL has either the magical @@ -306,15 +314,15 @@ struct http_response *dispatch_cgi(struct client_state *csp) /* Either the host matches CGI_SITE_1_HOST ..*/ if ( ( (0 == strcmpic(host, CGI_SITE_1_HOST)) || (0 == strcmpic(host, CGI_SITE_1_HOST "."))) - && (path[0] == '/') ) + && (path[0] == '/')) { /* ..then the path will all be for us. Remove leading '/' */ path++; } /* Or it's the host part CGI_SITE_2_HOST, and the path CGI_SITE_2_PATH */ - else if ( ( (0 == strcmpic(host, CGI_SITE_2_HOST )) - || (0 == strcmpic(host, CGI_SITE_2_HOST ".")) ) - && (0 == strncmpic(path, CGI_SITE_2_PATH, strlen(CGI_SITE_2_PATH))) ) + else if (( (0 == strcmpic(host, CGI_SITE_2_HOST)) + || (0 == strcmpic(host, CGI_SITE_2_HOST "."))) + && (0 == strncmpic(path, CGI_SITE_2_PATH, strlen(CGI_SITE_2_PATH)))) { /* take everything following CGI_SITE_2_PATH */ path += strlen(CGI_SITE_2_PATH); @@ -338,7 +346,22 @@ struct http_response *dispatch_cgi(struct client_state *csp) return NULL; } - /* + if (strcmpic(csp->http->gpc, "GET") + && strcmpic(csp->http->gpc, "HEAD")) + { + log_error(LOG_LEVEL_ERROR, + "CGI request with unsupported method received: %s", csp->http->gpc); + /* + * The CGI pages currently only support GET and HEAD requests. + * + * If the client used a different method, ditch any data following + * the current headers to reduce the likelihood of parse errors + * with the following request. + */ + csp->client_iob->eod = csp->client_iob->cur; + } + + /* * This is a CGI call. */ @@ -383,7 +406,7 @@ static char *grep_cgi_referrer(const struct client_state *csp) /********************************************************************* - * + * * Function : referrer_is_safe * * Description : Decides whether we trust the Referer for @@ -431,7 +454,7 @@ static int referrer_is_safe(const struct client_state *csp) } /********************************************************************* - * + * * Function : dispatch_known_cgi * * Description : Processes a CGI once dispatch_cgi has determined that @@ -469,7 +492,7 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, { query_args_start++; } - if (*query_args_start == '/') + if (*query_args_start == '/') { *query_args_start++ = '\0'; if ((param_list = new_map())) @@ -504,7 +527,7 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, return cgi_error_memory(); } - /* + /* * Find and start the right CGI function */ d = cgi_dispatchers; @@ -547,13 +570,15 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, if (err && (err != JB_ERR_MEMORY)) { /* Unexpected error! Shouldn't get here */ - log_error(LOG_LEVEL_ERROR, "Unexpected CGI error %d in top-level handler. Please file a bug report!", err); + log_error(LOG_LEVEL_ERROR, + "Unexpected CGI error %d in top-level handler. " + "Please file a bug report!", err); err = cgi_error_unknown(csp, rsp, err); } if (!err) { /* It worked */ - rsp->reason = RSP_REASON_CGI_CALL; + rsp->crunch_reason = CGI_CALL; return finish_http_response(csp, rsp); } else @@ -566,8 +591,8 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, d++; } } - - + + /********************************************************************* * * Function : parse_cgi_parameters @@ -584,16 +609,35 @@ static struct http_response *dispatch_known_cgi(struct client_state * csp, static struct map *parse_cgi_parameters(char *argstring) { char *p; - char *vector[BUFFER_SIZE]; + char **vector; int pairs, i; struct map *cgi_params; + /* + * XXX: This estimate is guaranteed to be high enough as we + * let ssplit() ignore empty fields, but also a bit wasteful. + * The same hack is used in get_last_url() so it looks like + * a real solution is needed. + */ + size_t max_segments = strlen(argstring) / 2; + if (max_segments == 0) + { + /* + * XXX: If the argstring is empty, there's really + * no point in creating a param list, but currently + * other parts of Privoxy depend on the list's existence. + */ + max_segments = 1; + } + vector = malloc_or_die(max_segments * sizeof(char *)); + if (NULL == (cgi_params = new_map())) { + freez(vector); return NULL; } - /* + /* * IE 5 does, of course, violate RFC 2316 Sect 4.1 and sends * the fragment identifier along with the request, so we must * cut it off here, so it won't pollute the CGI params: @@ -603,7 +647,14 @@ static struct map *parse_cgi_parameters(char *argstring) *p = '\0'; } - pairs = ssplit(argstring, "&", vector, SZ(vector), 1, 1); + pairs = ssplit(argstring, "&", vector, max_segments); + assert(pairs != -1); + if (pairs == -1) + { + freez(vector); + free_map(cgi_params); + return NULL; + } for (i = 0; i < pairs; i++) { @@ -612,12 +663,15 @@ static struct map *parse_cgi_parameters(char *argstring) *p = '\0'; if (map(cgi_params, url_decode(vector[i]), 0, url_decode(++p), 0)) { + freez(vector); free_map(cgi_params); return NULL; } } } + freez(vector); + return cgi_params; } @@ -713,8 +767,8 @@ jb_err get_string_param(const struct map *parameters, s = param; while ((ch = *s++) != '\0') { - if ( ((unsigned char)ch < (unsigned char)' ') - || (ch == '}') ) + if (((unsigned char)ch < (unsigned char)' ') + || (ch == '}')) { /* Probable hack attempt, or user accidentally used '}'. */ return JB_ERR_CGI_PARAMS; @@ -762,7 +816,7 @@ jb_err get_number_param(struct client_state *csp, assert(name); assert(pvalue); - *pvalue = 0; + *pvalue = 0; param = lookup(parameters, name); if (!*param) @@ -854,7 +908,7 @@ struct http_response *error_response(struct client_state *csp, if (!err) err = map(exports, "host", 1, html_encode(csp->http->host), 0); if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0); if (!err) err = map(exports, "path", 1, html_encode_and_free_original(path), 0); - if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1); + if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1); if (!err) { err = map(exports, "host-ip", 1, html_encode(csp->http->host_ip_addr_str), 0); @@ -876,7 +930,7 @@ struct http_response *error_response(struct client_state *csp, if (!strcmp(templatename, "no-such-domain")) { rsp->status = strdup("404 No such domain"); - rsp->reason = RSP_REASON_NO_SUCH_DOMAIN; + rsp->crunch_reason = NO_SUCH_DOMAIN; } else if (!strcmp(templatename, "forwarding-failed")) { @@ -924,36 +978,39 @@ struct http_response *error_response(struct client_state *csp, case SOCKS_5: socks_type = "socks5-"; break; + case SOCKS_5T: + socks_type = "socks5t-"; + break; default: log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type); } if (!err) err = map(exports, "forwarding-type", 1, socks_type, 1); if (!err) err = map(exports, "error-message", 1, html_encode(csp->error_message), 0); - if ((NULL == csp->error_message) || err) { free_map(exports); free_http_response(rsp); return cgi_error_memory(); } - if (!err) rsp->status = strdup("503 Forwarding failure"); - rsp->reason = RSP_REASON_FORWARDING_FAILED; + + rsp->status = strdup("503 Forwarding failure"); + rsp->crunch_reason = FORWARDING_FAILED; } else if (!strcmp(templatename, "connect-failed")) { rsp->status = strdup("503 Connect failed"); - rsp->reason = RSP_REASON_CONNECT_FAILED; + rsp->crunch_reason = CONNECT_FAILED; } else if (!strcmp(templatename, "connection-timeout")) { rsp->status = strdup("504 Connection timeout"); - rsp->reason = RSP_REASON_CONNECTION_TIMEOUT; + rsp->crunch_reason = CONNECTION_TIMEOUT; } else if (!strcmp(templatename, "no-server-data")) { rsp->status = strdup("502 No data received from server or forwarder"); - rsp->reason = RSP_REASON_NO_SERVER_DATA; + rsp->crunch_reason = NO_SERVER_DATA; } if (rsp->status == NULL) @@ -1037,23 +1094,23 @@ void cgi_init_error_messages(void) "Content-Type: text/html\r\n" "\r\n"; cgi_error_memory_response->body = - "\r\n" - "\r\n" - " 500 Internal Privoxy Error\r\n" + "\n" + "\n" + " 500 Internal Privoxy Error\n" " " - "\r\n" - "\r\n" - "

500 Internal Privoxy Error

\r\n" - "

Privoxy ran out of memory while processing your request.

\r\n" - "

Please contact your proxy administrator, or try again later

\r\n" - "\r\n" - "\r\n"; + "\n" + "\n" + "

500 Internal Privoxy Error

\n" + "

Privoxy ran out of memory while processing your request.

\n" + "

Please contact your proxy administrator, or try again later

\n" + "\n" + "\n"; cgi_error_memory_response->head_length = strlen(cgi_error_memory_response->head); cgi_error_memory_response->content_length = strlen(cgi_error_memory_response->body); - cgi_error_memory_response->reason = RSP_REASON_OUT_OF_MEMORY; + cgi_error_memory_response->crunch_reason = OUT_OF_MEMORY; } @@ -1085,7 +1142,7 @@ struct http_response *cgi_error_memory(void) * * Description : Almost-CGI function that is called if a template * cannot be loaded. Note this is not a true CGI, - * it takes a template name rather than a map of + * it takes a template name rather than a map of * parameters. * * Parameters : @@ -1095,7 +1152,7 @@ struct http_response *cgi_error_memory(void) * be loaded. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_error_no_template(const struct client_state *csp, @@ -1105,18 +1162,18 @@ jb_err cgi_error_no_template(const struct client_state *csp, static const char status[] = "500 Internal Privoxy Error"; static const char body_prefix[] = - "\r\n" - "\r\n" - " 500 Internal Privoxy Error\r\n" + "\n" + "\n" + " 500 Internal Privoxy Error\n" " " - "\r\n" - "\r\n" - "

500 Internal Privoxy Error

\r\n" - "

Privoxy encountered an error while processing your request:

\r\n" + "\n" + "\n" + "

500 Internal Privoxy Error

\n" + "

Privoxy encountered an error while processing your request:

\n" "

Could not load template file "; static const char body_suffix[] = - " or one of its included components.

\r\n" - "

Please contact your proxy administrator.

\r\n" + " or one of its included components.

\n" + "

Please contact your proxy administrator.

\n" "

If you are the proxy administrator, please put the required file(s)" "in the (confdir)/templates directory. The " "location of the (confdir) directory " @@ -1125,9 +1182,9 @@ jb_err cgi_error_no_template(const struct client_state *csp, #ifndef _WIN32 ", or /etc/privoxy/" #endif /* ndef _WIN32 */ - ").

\r\n" - "\r\n" - "\r\n"; + ").

\n" + "\n" + "\n"; const size_t body_size = strlen(body_prefix) + strlen(template_name) + strlen(body_suffix) + 1; assert(csp); @@ -1142,11 +1199,7 @@ jb_err cgi_error_no_template(const struct client_state *csp, rsp->head_length = 0; rsp->is_static = 0; - rsp->body = malloc(body_size); - if (rsp->body == NULL) - { - return JB_ERR_MEMORY; - } + rsp->body = malloc_or_die(body_size); strlcpy(rsp->body, body_prefix, body_size); strlcat(rsp->body, template_name, body_size); strlcat(rsp->body, body_suffix, body_size); @@ -1182,7 +1235,7 @@ jb_err cgi_error_no_template(const struct client_state *csp, * 3 : error_to_report = Error code to report. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_error_unknown(const struct client_state *csp, @@ -1192,28 +1245,24 @@ jb_err cgi_error_unknown(const struct client_state *csp, static const char status[] = "500 Internal Privoxy Error"; static const char body_prefix[] = - "\r\n" - "\r\n" - " 500 Internal Privoxy Error\r\n" + "\n" + "\n" + " 500 Internal Privoxy Error\n" " " - "\r\n" - "\r\n" - "

500 Internal Privoxy Error

\r\n" - "

Privoxy encountered an error while processing your request:

\r\n" + "\n" + "\n" + "

500 Internal Privoxy Error

\n" + "

Privoxy encountered an error while processing your request:

\n" "

Unexpected internal error: "; static const char body_suffix[] = - "

\r\n" + "

\n" "

Please " "" - "file a bug report.

\r\n" - "\r\n" - "\r\n"; - char errnumbuf[30]; - /* - * Due to sizeof(errnumbuf), body_size will be slightly - * bigger than necessary but it doesn't really matter. - */ - const size_t body_size = strlen(body_prefix) + sizeof(errnumbuf) + strlen(body_suffix) + 1; + "file a bug report.

\n" + "\n" + "\n"; + /* Includes room for larger error numbers in the future. */ + const size_t body_size = sizeof(body_prefix) + sizeof(body_suffix) + 5; assert(csp); assert(rsp); @@ -1224,18 +1273,11 @@ jb_err cgi_error_unknown(const struct client_state *csp, rsp->content_length = 0; rsp->head_length = 0; rsp->is_static = 0; - rsp->reason = RSP_REASON_INTERNAL_ERROR; + rsp->crunch_reason = INTERNAL_ERROR; - snprintf(errnumbuf, sizeof(errnumbuf), "%d", error_to_report); + rsp->body = malloc_or_die(body_size); - rsp->body = malloc(body_size); - if (rsp->body == NULL) - { - return JB_ERR_MEMORY; - } - strlcpy(rsp->body, body_prefix, body_size); - strlcat(rsp->body, errnumbuf, body_size); - strlcat(rsp->body, body_suffix, body_size); + snprintf(rsp->body, body_size, "%s%d%s", body_prefix, error_to_report, body_suffix); rsp->status = strdup(status); if (rsp->status == NULL) @@ -1253,7 +1295,7 @@ jb_err cgi_error_unknown(const struct client_state *csp, * * Description : CGI function that is called if the parameters * (query string) for a CGI were wrong. - * + * * Parameters : * 1 : csp = Current client state (buffers, headers, etc...) * 2 : rsp = http_response data structure for output @@ -1261,7 +1303,7 @@ jb_err cgi_error_unknown(const struct client_state *csp, * CGI Parameters : none * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_error_bad_param(const struct client_state *csp, @@ -1283,7 +1325,7 @@ jb_err cgi_error_bad_param(const struct client_state *csp, /********************************************************************* * - * Function : cgi_redirect + * Function : cgi_redirect * * Description : CGI support function to generate a HTTP redirect * message @@ -1295,7 +1337,7 @@ jb_err cgi_error_bad_param(const struct client_state *csp, * CGI Parameters : None * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err cgi_redirect (struct http_response * rsp, const char *target) @@ -1330,8 +1372,8 @@ jb_err cgi_redirect (struct http_response * rsp, const char *target) * FIXME: I currently only work for actions, and would * like to be generalized for other topics. * - * Parameters : - * 1 : item = item (will NOT be free()d.) + * Parameters : + * 1 : item = item (will NOT be free()d.) * It is assumed to be HTML-safe. * 2 : config = The current configuration. * @@ -1362,7 +1404,7 @@ char *add_help_link(const char *item, string_join (&result, string_toupper(item)); string_append(&result, "\">"); string_append(&result, item); - string_append(&result, " "); + string_append(&result, ""); return result; } @@ -1376,7 +1418,7 @@ char *add_help_link(const char *item, * HTTP header - e.g.: * "Sun, 06 Nov 1994 08:49:37 GMT" * - * Parameters : + * Parameters : * 1 : time_offset = Time returned will be current time * plus this number of seconds. * 2 : buf = Destination for result. @@ -1389,12 +1431,6 @@ char *add_help_link(const char *item, *********************************************************************/ void get_http_time(int time_offset, char *buf, size_t buffer_size) { - static const char day_names[7][4] = - { "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat" }; - static const char month_names[12][4] = - { "Jan", "Feb", "Mar", "Apr", "May", "Jun", - "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; - struct tm *t; time_t current_time; #if defined(HAVE_GMTIME_R) @@ -1419,17 +1455,7 @@ void get_http_time(int time_offset, char *buf, size_t buffer_size) t = gmtime(¤t_time); #endif - /* Format: "Sun, 06 Nov 1994 08:49:37 GMT" */ - snprintf(buf, buffer_size, - "%s, %02d %s %4d %02d:%02d:%02d GMT", - day_names[t->tm_wday], - t->tm_mday, - month_names[t->tm_mon], - t->tm_year + 1900, - t->tm_hour, - t->tm_min, - t->tm_sec - ); + strftime(buf, buffer_size, "%a, %d %b %Y %H:%M:%S GMT", t); } @@ -1479,6 +1505,58 @@ static void get_locale_time(char *buf, size_t buffer_size) } + +#ifdef FEATURE_COMPRESSION +/********************************************************************* + * + * Function : compress_buffer + * + * Description : Compresses the content of a buffer with zlib's deflate + * Allocates a new buffer for the result, free'ing it is + * up to the caller. + * + * Parameters : + * 1 : buffer = buffer whose content should be compressed + * 2 : buffer_length = length of the buffer + * 3 : compression_level = compression level for compress2() + * + * Returns : NULL on error, otherwise a pointer to the compressed + * content of the input buffer. + * + *********************************************************************/ +char *compress_buffer(char *buffer, size_t *buffer_length, int compression_level) +{ + char *compressed_buffer; + uLongf new_length; + assert(-1 <= compression_level && compression_level <= 9); + + /* Let zlib figure out the maximum length of the compressed data */ + new_length = compressBound((uLongf)*buffer_length); + + compressed_buffer = malloc_or_die(new_length); + + if (Z_OK != compress2((Bytef *)compressed_buffer, &new_length, + (Bytef *)buffer, *buffer_length, compression_level)) + { + log_error(LOG_LEVEL_ERROR, + "compress2() failed. Buffer size: %d, compression level: %d.", + new_length, compression_level); + freez(compressed_buffer); + return NULL; + } + + log_error(LOG_LEVEL_RE_FILTER, + "Compressed content from %d to %d bytes. Compression level: %d", + *buffer_length, new_length, compression_level); + + *buffer_length = (size_t)new_length; + + return compressed_buffer; + +} +#endif + + /********************************************************************* * * Function : finish_http_response @@ -1495,7 +1573,7 @@ static void get_locale_time(char *buf, size_t buffer_size) * On error, free()s rsp and returns cgi_error_memory() * *********************************************************************/ -struct http_response *finish_http_response(const struct client_state *csp, struct http_response *rsp) +struct http_response *finish_http_response(struct client_state *csp, struct http_response *rsp) { char buf[BUFFER_SIZE]; jb_err err; @@ -1508,7 +1586,7 @@ struct http_response *finish_http_response(const struct client_state *csp, struc return rsp; } - /* + /* * Fill in the HTTP Status, using HTTP/1.1 * unless the client asked for HTTP/1.0. */ @@ -1517,16 +1595,39 @@ struct http_response *finish_http_response(const struct client_state *csp, struc rsp->status ? rsp->status : "200 OK"); err = enlist_first(rsp->headers, buf); - /* + /* * Set the Content-Length */ if (rsp->content_length == 0) { rsp->content_length = rsp->body ? strlen(rsp->body) : 0; } + +#ifdef FEATURE_COMPRESSION + if (!err && (csp->flags & CSP_FLAG_CLIENT_SUPPORTS_DEFLATE) + && (rsp->content_length > LOWER_LENGTH_LIMIT_FOR_COMPRESSION)) + { + char *compressed_content; + + compressed_content = compress_buffer(rsp->body, &rsp->content_length, + csp->config->compression_level); + if (NULL != compressed_content) + { + freez(rsp->body); + rsp->body = compressed_content; + err = enlist_unique_header(rsp->headers, "Content-Encoding", "deflate"); + } + } +#endif + if (!err) { snprintf(buf, sizeof(buf), "Content-Length: %d", (int)rsp->content_length); + /* + * Signal serve() that the client will be able to figure out + * the end of the response without having to close the connection. + */ + csp->flags |= CSP_FLAG_SERVER_CONTENT_LENGTH_SET; err = enlist(rsp->headers, buf); } @@ -1565,7 +1666,7 @@ struct http_response *finish_http_response(const struct client_state *csp, struc * Last-Modified: set to date/time the page was last changed. * Expires: set to date/time page next needs reloading. * Cache-Control: set to "no-cache" if applicable. - * + * * See http://www.w3.org/Protocols/rfc2068/rfc2068 */ if (rsp->is_static) @@ -1622,7 +1723,9 @@ struct http_response *finish_http_response(const struct client_state *csp, struc if (!err) err = enlist_unique_header(rsp->headers, "Date", buf); if (!strncmpic(rsp->status, "403", 3) || !strncmpic(rsp->status, "404", 3) - || !strncmpic(rsp->status, "503", 3)) + || !strncmpic(rsp->status, "502", 3) + || !strncmpic(rsp->status, "503", 3) + || !strncmpic(rsp->status, "504", 3)) { if (!err) err = enlist_unique_header(rsp->headers, "Last-Modified", "Wed, 08 Jun 1955 12:00:00 GMT"); } @@ -1634,15 +1737,13 @@ struct http_response *finish_http_response(const struct client_state *csp, struc if (!err) err = enlist_unique_header(rsp->headers, "Pragma", "no-cache"); } - /* - * Quoting RFC 2616: - * - * HTTP/1.1 applications that do not support persistent connections MUST - * include the "close" connection option in every message. - */ - if (!err) err = enlist_unique_header(rsp->headers, "Connection", "close"); + if (!err && (!(csp->flags & CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE) + || (csp->flags & CSP_FLAG_SERVER_SOCKET_TAINTED))) + { + err = enlist_unique_header(rsp->headers, "Connection", "close"); + } - /* + /* * Write the head */ if (err || (NULL == (rsp->head = list_to_text(rsp->headers)))) @@ -1722,11 +1823,11 @@ void free_http_response(struct http_response *rsp) * following an #include statament * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * JB_ERR_FILE if the template file cannot be read * *********************************************************************/ -jb_err template_load(const struct client_state *csp, char **template_ptr, +jb_err template_load(const struct client_state *csp, char **template_ptr, const char *templatename, int recursive) { jb_err err; @@ -1808,7 +1909,7 @@ jb_err template_load(const struct client_state *csp, char **template_ptr, } free(full_path); - /* + /* * Read the file, ignoring comments, and honoring #include * statements, unless we're already called recursively. * @@ -1863,7 +1964,7 @@ jb_err template_load(const struct client_state *csp, char **template_ptr, * HTML template by replacing @name@ with value using * pcrs, for each item in the output map. * - * Note that a leading '$' charachter in the export map's + * Note that a leading '$' character in the export map's * values will be stripped and toggle on backreference * interpretation. * @@ -1896,7 +1997,7 @@ jb_err template_fill(char **template_ptr, const struct map *exports) file_buffer = *template_ptr; size = strlen(file_buffer) + 1; - /* + /* * Assemble pcrs joblist from exports map */ for (m = exports->first; m != NULL; m = m->next) @@ -1914,7 +2015,7 @@ jb_err template_fill(char **template_ptr, const struct map *exports) else { /* - * Treat the "replace with" text as a literal string - + * Treat the "replace with" text as a literal string - * no quoting needed, no backreferences allowed. * ("Trivial" ['T'] flag). */ @@ -1928,7 +2029,7 @@ jb_err template_fill(char **template_ptr, const struct map *exports) /* Make and run job. */ job = pcrs_compile(buf, m->value, flags, &error); - if (job == NULL) + if (job == NULL) { if (error == PCRS_ERR_NOMEM) { @@ -1955,10 +2056,10 @@ jb_err template_fill(char **template_ptr, const struct map *exports) if (error < 0) { - /* + /* * Substitution failed, keep the original buffer, * log the problem and ignore it. - * + * * The user might see some unresolved @CGI_VARIABLES@, * but returning a special CGI error page seems unreasonable * and could mask more important error messages. @@ -2010,7 +2111,7 @@ jb_err template_fill_for_cgi(const struct client_state *csp, struct http_response *rsp) { jb_err err; - + assert(csp); assert(templatename); assert(exports); @@ -2055,6 +2156,7 @@ struct map *default_exports(const struct client_state *csp, const char *caller) struct map * exports; int local_help_exists = 0; char *ip_address = NULL; + char *port = NULL; char *hostname = NULL; assert(csp); @@ -2067,12 +2169,12 @@ struct map *default_exports(const struct client_state *csp, const char *caller) if (csp->config->hostname) { - get_host_information(csp->cfd, &ip_address, NULL); + get_host_information(csp->cfd, &ip_address, &port, NULL); hostname = strdup(csp->config->hostname); } else { - get_host_information(csp->cfd, &ip_address, &hostname); + get_host_information(csp->cfd, &ip_address, &port, &hostname); } err = map(exports, "version", 1, html_encode(VERSION), 0); @@ -2080,6 +2182,8 @@ struct map *default_exports(const struct client_state *csp, const char *caller) if (!err) err = map(exports, "time", 1, html_encode(buf), 0); if (!err) err = map(exports, "my-ip-address", 1, html_encode(ip_address ? ip_address : "unknown"), 0); freez(ip_address); + if (!err) err = map(exports, "my-port", 1, html_encode(port ? port : "unknown"), 0); + freez(port); if (!err) err = map(exports, "my-hostname", 1, html_encode(hostname ? hostname : "unknown"), 0); freez(hostname); if (!err) err = map(exports, "homepage", 1, html_encode(HOME_PAGE_URL), 0); @@ -2104,10 +2208,7 @@ struct map *default_exports(const struct client_state *csp, const char *caller) if (!err) err = map_block_killer(exports, "can-toggle"); #endif - snprintf(buf, sizeof(buf), "%d", csp->config->hport); - if (!err) err = map(exports, "my-port", 1, buf, 1); - - if(!strcmp(CODE_STATUS, "stable")) + if (!strcmp(CODE_STATUS, "stable")) { if (!err) err = map_block_killer(exports, "unstable"); } @@ -2157,12 +2258,12 @@ struct map *default_exports(const struct client_state *csp, const char *caller) * "if--start.*if--end" to the given * export list. * - * Parameters : + * Parameters : * 1 : exports = map to extend * 2 : name = name of conditional block * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err map_block_killer(struct map *exports, const char *name) @@ -2186,12 +2287,12 @@ jb_err map_block_killer(struct map *exports, const char *name) * by map-block-killer, to save a few bytes. * i.e. removes "@if--start@" and "@if--end@" * - * Parameters : + * Parameters : * 1 : exports = map to extend * 2 : name = name of conditional block * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err map_block_keep(struct map *exports, const char *name) @@ -2232,13 +2333,13 @@ jb_err map_block_keep(struct map *exports, const char *name) * The control structure and one of the alternatives * will be hidden. * - * Parameters : + * Parameters : * 1 : exports = map to extend * 2 : name = name of conditional block * 3 : choose_first = nonzero for first, zero for second. * * Returns : JB_ERR_OK on success - * JB_ERR_MEMORY on out-of-memory error. + * JB_ERR_MEMORY on out-of-memory error. * *********************************************************************/ jb_err map_conditional(struct map *exports, const char *name, int choose_first) @@ -2270,7 +2371,7 @@ jb_err map_conditional(struct map *exports, const char *name, int choose_first) * * Function : make_menu * - * Description : Returns an HTML-formatted menu of the available + * Description : Returns an HTML-formatted menu of the available * unhidden CGIs, excluding the one given in * and the toggle CGI if toggling is disabled. * @@ -2278,7 +2379,7 @@ jb_err map_conditional(struct map *exports, const char *name, int choose_first) * 1 : self = name of CGI to leave out, can be NULL for * complete listing. * 2 : feature_flags = feature bitmap from csp->config - * + * * * Returns : menu string, or NULL on out-of-memory error. * @@ -2319,7 +2420,7 @@ char *make_menu(const char *self, const unsigned feature_flags) html_encoded_prefix = html_encode(CGI_PREFIX); if (html_encoded_prefix == NULL) { - return NULL; + return NULL; } else {