X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=jcc.c;h=0dc75335ad7bdcadaa03070fec4af2d114076586;hp=408c649d1bc50c91ee5afb204c1d50dffa31779c;hb=1e3471c05f279e9f4ebead3a943512d8919a70f3;hpb=a1649d1c0992d9b1459d2b92cc02f7b723baf5e0 diff --git a/jcc.c b/jcc.c index 408c649d..0dc75335 100644 --- a/jcc.c +++ b/jcc.c @@ -1,4 +1,4 @@ -const char jcc_rcs[] = "$Id: jcc.c,v 1.447 2016/09/27 22:48:28 ler762 Exp $"; +const char jcc_rcs[] = "$Id: jcc.c,v 1.458 2017/05/29 10:02:11 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/jcc.c,v $ @@ -6,7 +6,7 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.447 2016/09/27 22:48:28 ler762 Exp $"; * Purpose : Main file. Contains main() method, main loop, and * the main connection-handling function. * - * Copyright : Written by and Copyright (C) 2001-2016 the + * Copyright : Written by and Copyright (C) 2001-2017 the * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -93,12 +93,19 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.447 2016/09/27 22:48:28 ler762 Exp $"; # ifdef __OS2__ #define INCL_DOS # include -#define bzero(B,N) memset(B,0x00,n) # endif +#ifdef HAVE_POLL +#ifdef __GLIBC__ +#include +#else +#include +#endif /* def __GLIBC__ */ +#else # ifndef FD_ZERO # include # endif +#endif /* HAVE_POLL */ #endif @@ -178,6 +185,11 @@ static int32 server_thread(void *data); #define sleep(N) DosSleep(((N) * 100)) #endif +#ifdef FUZZ +int process_fuzzed_input(char *fuzz_input_type, char *fuzz_input_file); +void show_fuzz_usage(const char *name); +#endif + #ifdef MUTEX_LOCKS_AVAILABLE /* * XXX: Does the locking stuff really belong in this file? @@ -205,9 +217,9 @@ privoxy_mutex_t gmtime_mutex; privoxy_mutex_t localtime_mutex; #endif /* ndef HAVE_GMTIME_R */ -#ifndef HAVE_RANDOM +#if !defined(HAVE_ARC4RANDOM) && !defined(HAVE_RANDOM) privoxy_mutex_t rand_mutex; -#endif /* ndef HAVE_RANDOM */ +#endif /* !defined(HAVE_ARC4RANDOM) && !defined(HAVE_RANDOM) */ #endif /* def MUTEX_LOCKS_AVAILABLE */ @@ -1279,7 +1291,12 @@ static char *get_request_line(struct client_state *csp) do { - if (!data_is_available(csp->cfd, csp->config->socket_timeout)) + if ( +#ifdef FUZZ + 0 == (csp->flags & CSP_FLAG_FUZZED_INPUT) && +#endif + !data_is_available(csp->cfd, csp->config->socket_timeout) + ) { if (socket_is_still_alive(csp->cfd)) { @@ -1425,7 +1442,7 @@ static jb_err receive_chunked_client_request_body(struct client_state *csp) enum chunk_status status; while (CHUNK_STATUS_MISSING_DATA == - (status = chunked_body_is_complete(csp->client_iob,&body_length))) + (status = chunked_body_is_complete(csp->client_iob, &body_length))) { char buf[BUFFER_SIZE]; int len; @@ -1464,6 +1481,80 @@ static jb_err receive_chunked_client_request_body(struct client_state *csp) } +#ifdef FUZZ +/********************************************************************* + * + * Function : fuzz_chunked_transfer_encoding + * + * Description : Treat the fuzzed input as chunked transfer encoding + * to check and dechunk. + * + * Parameters : + * 1 : csp = Used to store the data. + * 2 : fuzz_input_file = File to read the input from. + * + * Returns : Result of dechunking + * + *********************************************************************/ +extern int fuzz_chunked_transfer_encoding(struct client_state *csp, char *fuzz_input_file) +{ + size_t length; + size_t size = (size_t)(csp->iob->eod - csp->iob->cur); + enum chunk_status status; + + status = chunked_body_is_complete(csp->iob, &length); + if (CHUNK_STATUS_BODY_COMPLETE != status) + { + log_error(LOG_LEVEL_INFO, "Chunked body is incomplete or invalid"); + } + + return (JB_ERR_OK == remove_chunked_transfer_coding(csp->iob->cur, &size)); + +} + + +/********************************************************************* + * + * Function : fuzz_client_request + * + * Description : Try to get a client request from the fuzzed input. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : fuzz_input_file = File to read the input from. + * + * Returns : Result of fuzzing. + * + *********************************************************************/ +extern int fuzz_client_request(struct client_state *csp, char *fuzz_input_file) +{ + jb_err err; + + csp->cfd = 0; + csp->ip_addr_str = "fuzzer"; + + if (strcmp(fuzz_input_file, "-") != 0) + { + log_error(LOG_LEVEL_FATAL, + "Fuzzed client requests can currenty only be read from stdin (-)."); + } + err = receive_client_request(csp); + if (err != JB_ERR_OK) + { + return 1; + } + err = parse_client_request(csp); + if (err != JB_ERR_OK) + { + return 1; + } + + return 0; + +} +#endif /* def FUZZ */ + + #ifdef FEATURE_FORCE_LOAD /********************************************************************* * @@ -1804,6 +1895,57 @@ static jb_err parse_client_request(struct client_state *csp) } +/********************************************************************* + * + * Function : send_http_request + * + * Description : Sends the HTTP headers from the client request + * and all the body data that has already been received. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * + * Returns : 0 on success, anything else is na error. + * + *********************************************************************/ +static int send_http_request(struct client_state *csp) +{ + char *hdr; + int write_failure; + + hdr = list_to_text(csp->headers); + if (hdr == NULL) + { + /* FIXME Should handle error properly */ + log_error(LOG_LEVEL_FATAL, "Out of memory parsing client header"); + } + list_remove_all(csp->headers); + + /* + * Write the client's (modified) header to the server + * (along with anything else that may be in the buffer) + */ + write_failure = 0 != write_socket(csp->server_connection.sfd, hdr, strlen(hdr)); + freez(hdr); + + if (write_failure) + { + log_error(LOG_LEVEL_CONNECT, "Failed sending request headers to: %s: %E", + csp->http->hostport); + } + else if (((csp->flags & CSP_FLAG_PIPELINED_REQUEST_WAITING) == 0) + && (flush_socket(csp->server_connection.sfd, csp->client_iob) < 0)) + { + write_failure = 1; + log_error(LOG_LEVEL_CONNECT, "Failed sending request body to: %s: %E", + csp->http->hostport); + } + + return write_failure; + +} + + /********************************************************************* * * Function : handle_established_connection @@ -1820,12 +1962,17 @@ static jb_err parse_client_request(struct client_state *csp) static void handle_established_connection(struct client_state *csp, const struct forward_spec *fwd) { - char buf[BUFFER_SIZE]; + char *receive_buffer; char *hdr; char *p; - fd_set rfds; int n; +#ifdef HAVE_POLL + struct pollfd poll_fds[2]; +#else + fd_set rfds; jb_socket maxfd; + struct timeval timeout; +#endif int server_body; int ms_iis5_hack = 0; unsigned long long byte_count = 0; @@ -1835,17 +1982,27 @@ static void handle_established_connection(struct client_state *csp, /* Skeleton for HTTP response, if we should intercept the request */ struct http_response *rsp; - struct timeval timeout; #ifdef FEATURE_CONNECTION_KEEP_ALIVE int watch_client_socket; #endif + const size_t receive_buffer_size = csp->config->receive_buffer_size; - memset(buf, 0, sizeof(buf)); + receive_buffer = zalloc(receive_buffer_size + 1); + if (receive_buffer == NULL) + { + log_error(LOG_LEVEL_ERROR, + "Out of memory. Failed to allocate the receive buffer."); + rsp = cgi_error_memory(); + send_crunch_response(csp, rsp); + return; + } http = csp->http; +#ifndef HAVE_POLL maxfd = (csp->cfd > csp->server_connection.sfd) ? csp->cfd : csp->server_connection.sfd; +#endif /* pass data between the client and server * until one or the other shuts down the connection. @@ -1859,6 +2016,7 @@ static void handle_established_connection(struct client_state *csp, for (;;) { +#ifndef HAVE_POLL #ifdef __OS2__ /* * FD_ZERO here seems to point to an errant macro which crashes. @@ -1880,6 +2038,7 @@ static void handle_established_connection(struct client_state *csp, } FD_SET(csp->server_connection.sfd, &rfds); +#endif /* ndef HAVE_POLL */ #ifdef FEATURE_CONNECTION_KEEP_ALIVE if ((csp->flags & CSP_FLAG_CHUNKED) @@ -1924,9 +2083,32 @@ static void handle_established_connection(struct client_state *csp, } #endif /* FEATURE_CONNECTION_KEEP_ALIVE */ +#ifdef HAVE_POLL + poll_fds[0].fd = csp->cfd; +#ifdef FEATURE_CONNECTION_KEEP_ALIVE + if (!watch_client_socket) + { + /* + * Ignore incoming data, but still watch out + * for disconnects etc. These flags are always + * implied anyway but explicitly setting them + * doesn't hurt. + */ + poll_fds[0].events = POLLERR|POLLHUP; + } + else +#endif + { + poll_fds[0].events = POLLIN; + } + poll_fds[1].fd = csp->server_connection.sfd; + poll_fds[1].events = POLLIN; + n = poll(poll_fds, 2, csp->config->socket_timeout * 1000); +#else timeout.tv_sec = csp->config->socket_timeout; timeout.tv_usec = 0; n = select((int)maxfd+1, &rfds, NULL, NULL, &timeout); +#endif /* def HAVE_POLL */ if (n == 0) { @@ -1937,12 +2119,18 @@ static void handle_established_connection(struct client_state *csp, send_crunch_response(csp, error_response(csp, "connection-timeout")); } mark_server_socket_tainted(csp); + freez(receive_buffer); return; } else if (n < 0) { +#ifdef HAVE_POLL + log_error(LOG_LEVEL_ERROR, "poll() failed!: %E"); +#else log_error(LOG_LEVEL_ERROR, "select() failed!: %E"); +#endif mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -1953,9 +2141,23 @@ static void handle_established_connection(struct client_state *csp, * XXX: Make sure the client doesn't use pipelining * behind Privoxy's back. */ +#ifdef HAVE_POLL + if ((poll_fds[0].revents & (POLLERR|POLLHUP|POLLNVAL)) != 0) + { + log_error(LOG_LEVEL_CONNECT, + "The client socket %d has become unusable while " + "the server socket %d is still open.", + csp->cfd, csp->server_connection.sfd); + mark_server_socket_tainted(csp); + break; + } + + if (poll_fds[0].revents != 0) +#else if (FD_ISSET(csp->cfd, &rfds)) +#endif /* def HAVE_POLL*/ { - int max_bytes_to_read = sizeof(buf) - 1; + int max_bytes_to_read = (int)receive_buffer_size; #ifdef FEATURE_CONNECTION_KEEP_ALIVE if ((csp->flags & CSP_FLAG_CLIENT_REQUEST_COMPLETELY_READ)) @@ -1989,7 +2191,7 @@ static void handle_established_connection(struct client_state *csp, } if (csp->expected_client_content_length != 0) { - if (csp->expected_client_content_length < (sizeof(buf) - 1)) + if (csp->expected_client_content_length < receive_buffer_size) { max_bytes_to_read = (int)csp->expected_client_content_length; } @@ -1997,10 +2199,10 @@ static void handle_established_connection(struct client_state *csp, "Waiting for up to %d bytes from the client.", max_bytes_to_read); } - assert(max_bytes_to_read < sizeof(buf)); + assert(max_bytes_to_read <= receive_buffer_size); #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ - len = read_socket(csp->cfd, buf, max_bytes_to_read); + len = read_socket(csp->cfd, receive_buffer, max_bytes_to_read); if (len <= 0) { @@ -2027,10 +2229,11 @@ static void handle_established_connection(struct client_state *csp, } #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ - if (write_socket(csp->server_connection.sfd, buf, (size_t)len)) + if (write_socket(csp->server_connection.sfd, receive_buffer, (size_t)len)) { log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } continue; @@ -2041,7 +2244,11 @@ static void handle_established_connection(struct client_state *csp, * If `hdr' is null, then it's the header otherwise it's the body. * FIXME: Does `hdr' really mean `host'? No. */ +#ifdef HAVE_POLL + if (poll_fds[1].revents != 0) +#else if (FD_ISSET(csp->server_connection.sfd, &rfds)) +#endif /* HAVE_POLL */ { #ifdef FEATURE_CONNECTION_KEEP_ALIVE /* @@ -2060,12 +2267,13 @@ static void handle_established_connection(struct client_state *csp, log_error(LOG_LEVEL_CONNECT, "The server still wants to talk, but the client hung up on us."); mark_server_socket_tainted(csp); + freez(receive_buffer); return; #endif /* def _WIN32 */ } #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ - len = read_socket(csp->server_connection.sfd, buf, sizeof(buf) - 1); + len = read_socket(csp->server_connection.sfd, receive_buffer, (int)receive_buffer_size); if (len < 0) { @@ -2080,6 +2288,7 @@ static void handle_established_connection(struct client_state *csp, */ log_error(LOG_LEVEL_ERROR, "CONNECT already confirmed. Unable to tell the client about the problem."); + freez(receive_buffer); return; } else if (byte_count) @@ -2094,6 +2303,7 @@ static void handle_established_connection(struct client_state *csp, log_error(LOG_LEVEL_ERROR, "Already forwarded the original headers. " "Unable to tell the client about the problem."); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } /* @@ -2106,7 +2316,7 @@ static void handle_established_connection(struct client_state *csp, #ifdef FEATURE_CONNECTION_KEEP_ALIVE if (csp->flags & CSP_FLAG_CHUNKED) { - if ((len >= 5) && !memcmp(buf+len-5, "0\r\n\r\n", 5)) + if ((len >= 5) && !memcmp(receive_buffer+len-5, "0\r\n\r\n", 5)) { /* XXX: this is a temporary hack */ log_error(LOG_LEVEL_CONNECT, @@ -2119,11 +2329,23 @@ static void handle_established_connection(struct client_state *csp, reading_done: #endif /* FEATURE_CONNECTION_KEEP_ALIVE */ + /* + * This is guaranteed by allocating with zalloc_or_die() + * and never (intentionally) writing to the last byte. + * + * receive_buffer_size is the size of the part of the + * buffer we intentionally write to, but we actually + * allocated receive_buffer_size+1 bytes so the assertion + * stays within the allocated range. + */ + assert(receive_buffer[receive_buffer_size] == '\0'); + /* * Add a trailing zero to let be able to use string operations. * XXX: do we still need this with filter_popups gone? */ - buf[len] = '\0'; + assert(len <= receive_buffer_size); + receive_buffer[len] = '\0'; /* * Normally, this would indicate that we've read @@ -2202,6 +2424,7 @@ static void handle_established_connection(struct client_state *csp, freez(hdr); freez(p); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -2216,8 +2439,8 @@ static void handle_established_connection(struct client_state *csp, * This is NOT the body, so * Let's pretend the server just sent us a blank line. */ - snprintf(buf, sizeof(buf), "\r\n"); - len = (int)strlen(buf); + snprintf(receive_buffer, receive_buffer_size, "\r\n"); + len = (int)strlen(receive_buffer); /* * Now, let the normal header parsing algorithm below do its @@ -2241,7 +2464,7 @@ static void handle_established_connection(struct client_state *csp, * has been reached, switch to non-filtering mode, i.e. make & write the * header, flush the iob and buf, and get out of the way. */ - if (add_to_iob(csp->iob, csp->config->buffer_limit, buf, len)) + if (add_to_iob(csp->iob, csp->config->buffer_limit, receive_buffer, len)) { size_t hdrlen; long flushed; @@ -2260,18 +2483,20 @@ static void handle_established_connection(struct client_state *csp, rsp = cgi_error_memory(); send_crunch_response(csp, rsp); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } hdrlen = strlen(hdr); if (write_socket(csp->cfd, hdr, hdrlen) || ((flushed = flush_socket(csp->cfd, csp->iob)) < 0) - || (write_socket(csp->cfd, buf, (size_t)len))) + || (write_socket(csp->cfd, receive_buffer, (size_t)len))) { log_error(LOG_LEVEL_CONNECT, "Flush header and buffers to client failed: %E"); freez(hdr); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -2288,10 +2513,11 @@ static void handle_established_connection(struct client_state *csp, } else { - if (write_socket(csp->cfd, buf, (size_t)len)) + if (write_socket(csp->cfd, receive_buffer, (size_t)len)) { log_error(LOG_LEVEL_ERROR, "write to client failed: %E"); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } } @@ -2305,12 +2531,13 @@ static void handle_established_connection(struct client_state *csp, * Buffer up the data we just read. If that fails, there's * little we can do but send our static out-of-memory page. */ - if (add_to_iob(csp->iob, csp->config->buffer_limit, buf, len)) + if (add_to_iob(csp->iob, csp->config->buffer_limit, receive_buffer, len)) { log_error(LOG_LEVEL_ERROR, "Out of memory while looking for end of server headers."); rsp = cgi_error_memory(); send_crunch_response(csp, rsp); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -2331,6 +2558,7 @@ static void handle_established_connection(struct client_state *csp, write_socket(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE, strlen(INVALID_SERVER_HEADERS_RESPONSE)); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } else @@ -2376,6 +2604,7 @@ static void handle_established_connection(struct client_state *csp, } free_http_request(http); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -2416,6 +2645,7 @@ static void handle_established_connection(struct client_state *csp, strlen(INVALID_SERVER_HEADERS_RESPONSE)); free_http_request(http); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } hdr = list_to_text(csp->headers); @@ -2450,6 +2680,7 @@ static void handle_established_connection(struct client_state *csp, */ freez(hdr); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } /* Buffer and pcrs filter this if appropriate. */ @@ -2480,6 +2711,7 @@ static void handle_established_connection(struct client_state *csp, */ freez(hdr); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } } @@ -2504,14 +2736,17 @@ static void handle_established_connection(struct client_state *csp, write_socket(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE, strlen(INVALID_SERVER_HEADERS_RESPONSE)); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } } continue; } mark_server_socket_tainted(csp); + freez(receive_buffer); return; /* huh? we should never get here */ } + freez(receive_buffer); if (csp->content_length == 0) { @@ -2539,6 +2774,7 @@ static void handle_established_connection(struct client_state *csp, csp->server_connection.timestamp = time(NULL); } + /********************************************************************* * * Function : chat @@ -2565,15 +2801,11 @@ static void handle_established_connection(struct client_state *csp, *********************************************************************/ static void chat(struct client_state *csp) { - char buf[BUFFER_SIZE]; - char *hdr; const struct forward_spec *fwd; struct http_request *http; /* Skeleton for HTTP response, if we should intercept the request */ struct http_response *rsp; - memset(buf, 0, sizeof(buf)); - http = csp->http; if (receive_client_request(csp) != JB_ERR_OK) @@ -2765,36 +2997,7 @@ static void chat(struct client_state *csp) } else if (fwd->forward_host || (http->ssl == 0)) { - int write_failure; - hdr = list_to_text(csp->headers); - if (hdr == NULL) - { - /* FIXME Should handle error properly */ - log_error(LOG_LEVEL_FATAL, "Out of memory parsing client header"); - } - list_remove_all(csp->headers); - - /* - * Write the client's (modified) header to the server - * (along with anything else that may be in the buffer) - */ - write_failure = 0 != write_socket(csp->server_connection.sfd, hdr, strlen(hdr)); - freez(hdr); - - if (write_failure) - { - log_error(LOG_LEVEL_CONNECT, - "Failed sending request headers to: %s: %E", http->hostport); - } - else if (((csp->flags & CSP_FLAG_PIPELINED_REQUEST_WAITING) == 0) - && (flush_socket(csp->server_connection.sfd, csp->client_iob) < 0)) - { - write_failure = 1; - log_error(LOG_LEVEL_CONNECT, - "Failed sending request body to: %s: %E", http->hostport); - } - - if (write_failure) + if (send_http_request(csp)) { rsp = error_response(csp, "connect-failed"); if (rsp) @@ -2828,6 +3031,66 @@ static void chat(struct client_state *csp) } +#ifdef FUZZ +/********************************************************************* + * + * Function : fuzz_server_response + * + * Description : Treat the input as a whole server response. + * + * Parameters : + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : fuzz_input_file = File to read the input from. + * + * Returns : 0 + * + *********************************************************************/ +extern int fuzz_server_response(struct client_state *csp, char *fuzz_input_file) +{ + static struct forward_spec fwd; /* Zero'd due to being static */ + csp->cfd = 0; + + if (strcmp(fuzz_input_file, "-") == 0) + { + /* XXX: Doesn'T work yet. */ + csp->server_connection.sfd = 0; + } + else + { + csp->server_connection.sfd = open(fuzz_input_file, O_RDONLY); + if (csp->server_connection.sfd == -1) + { + log_error(LOG_LEVEL_FATAL, "Failed to open %s: %E", + fuzz_input_file); + } + } + csp->content_type |= CT_GIF; + csp->action->flags |= ACTION_DEANIMATE; + csp->action->string[ACTION_STRING_DEANIMATE] = "last"; + + csp->http->path = strdup_or_die("/"); + csp->http->host = strdup_or_die("fuzz.example.org"); + csp->http->hostport = strdup_or_die("fuzz.example.org:80"); + /* Prevent client socket monitoring */ + csp->flags |= CSP_FLAG_PIPELINED_REQUEST_WAITING; + csp->flags |= CSP_FLAG_CHUNKED; + + csp->config->feature_flags |= RUNTIME_FEATURE_CONNECTION_KEEP_ALIVE; + csp->flags |= CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE; + + csp->content_type |= CT_DECLARED|CT_GIF; + + csp->config->socket_timeout = 0; + + cgi_init_error_messages(); + + handle_established_connection(csp, &fwd); + + return 0; +} +#endif + + #ifdef FEATURE_CONNECTION_KEEP_ALIVE /********************************************************************* * @@ -3158,7 +3421,7 @@ static int32 server_thread(void *data) * Returns : No. ,-) * *********************************************************************/ -static void usage(const char *myname) +static void usage(const char *name) { printf("Privoxy version " VERSION " (" HOME_PAGE_URL ")\n" "Usage: %s [--config-test] " @@ -3169,8 +3432,14 @@ static void usage(const char *myname) #if defined(unix) "[--no-daemon] [--pidfile pidfile] [--pre-chroot-nslookup hostname] [--user user[.group]] " #endif /* defined(unix) */ - "[--version] [configfile]\n" - "Aborting\n", myname); + "[--version] [configfile]\n", + name); + +#ifdef FUZZ + show_fuzz_usage(name); +#endif + + printf("Aborting\n"); exit(2); @@ -3319,14 +3588,13 @@ static void initialize_mutexes(void) privoxy_mutex_init(&localtime_mutex); #endif /* ndef HAVE_GMTIME_R */ -#ifndef HAVE_RANDOM +#if !defined(HAVE_ARC4RANDOM) && !defined(HAVE_RANDOM) privoxy_mutex_init(&rand_mutex); -#endif /* ndef HAVE_RANDOM */ +#endif /* !defined(HAVE_ARC4RANDOM) && !defined(HAVE_RANDOM) */ #endif /* def MUTEX_LOCKS_AVAILABLE */ } - /********************************************************************* * * Function : main @@ -3358,13 +3626,19 @@ int main(int argc, char **argv) { int argc_pos = 0; int do_config_test = 0; +#ifndef HAVE_ARC4RANDOM unsigned int random_seed; +#endif #ifdef unix struct passwd *pw = NULL; struct group *grp = NULL; int do_chroot = 0; char *pre_chroot_nslookup_to_load_resolver = NULL; #endif +#ifdef FUZZ + char *fuzz_input_type = NULL; + char *fuzz_input_file = NULL; +#endif Argc = argc; Argv = argv; @@ -3492,7 +3766,20 @@ int main(int argc, char **argv) { do_config_test = 1; } - +#ifdef FUZZ + else if (strcmp(argv[argc_pos], "--fuzz") == 0) + { + argc_pos++; + if (argc < argc_pos + 2) usage(argv[0]); + fuzz_input_type = argv[argc_pos]; + argc_pos++; + fuzz_input_file = argv[argc_pos]; + } + else if (strcmp(argv[argc_pos], "--stfu") == 0) + { + set_debug_level(LOG_LEVEL_STFU); + } +#endif else if (argc_pos + 1 != argc) { /* @@ -3549,19 +3836,24 @@ int main(int argc, char **argv) InitWin32(); #endif +#ifndef HAVE_ARC4RANDOM random_seed = (unsigned int)time(NULL); #ifdef HAVE_RANDOM srandom(random_seed); #else srand(random_seed); #endif /* ifdef HAVE_RANDOM */ +#endif /* ifndef HAVE_ARC4RANDOM */ /* * Unix signal handling * * Catch the abort, interrupt and terminate signals for a graceful exit * Catch the hangup signal so the errlog can be reopened. - * Ignore the broken pipe signals (FIXME: Why?) + * + * Ignore the broken pipe signal as connection failures + * are handled when and where they occur without relying + * on a signal. */ #if !defined(_WIN32) && !defined(__OS2__) && !defined(AMIGA) { @@ -3596,6 +3888,16 @@ int main(int argc, char **argv) # endif /* def _WIN_CONSOLE */ #endif /* def _WIN32 */ +#ifdef FUZZ + if (fuzz_input_type != NULL) + { + exit(process_fuzzed_input(fuzz_input_type, fuzz_input_file)); + } + log_error(LOG_LEVEL_FATAL, + "When compiled with fuzzing support, Privoxy should only be used for fuzzing. " + "Various data structures are static which is unsafe when using threads."); +#endif + if (do_config_test) { exit(NULL == load_config()); @@ -3850,6 +4152,7 @@ static jb_socket bind_port_helper(const char *haddr, int hport) return JB_INVALID_SOCKET; } +#ifndef HAVE_POLL #ifndef _WIN32 if (bfd >= FD_SETSIZE) { @@ -3857,6 +4160,7 @@ static jb_socket bind_port_helper(const char *haddr, int hport) "Bind socket number too high to use select(): %d >= %d", bfd, FD_SETSIZE); } +#endif #endif if (haddr == NULL)