X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=jcc.c;h=3bbacd15fba45e41a37357f544d0471ea5a36480;hp=bfbde00713d57cd8378c28591e112db2da3ddf5f;hb=84ee09b204158e3b3e4062f5d4bb3faccf7a4e0c;hpb=a40aa0237d6ef1be4c333260f71403ac931008bc diff --git a/jcc.c b/jcc.c index bfbde007..3bbacd15 100644 --- a/jcc.c +++ b/jcc.c @@ -1,4 +1,4 @@ -const char jcc_rcs[] = "$Id: jcc.c,v 1.455 2017/05/25 11:16:04 fabiankeil Exp $"; +const char jcc_rcs[] = "$Id: jcc.c,v 1.468 2017/08/12 09:33:25 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/jcc.c,v $ @@ -6,7 +6,7 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.455 2017/05/25 11:16:04 fabiankeil Exp $" * Purpose : Main file. Contains main() method, main loop, and * the main connection-handling function. * - * Copyright : Written by and Copyright (C) 2001-2016 the + * Copyright : Written by and Copyright (C) 2001-2017 the * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written @@ -105,6 +105,7 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.455 2017/05/25 11:16:04 fabiankeil Exp $" # ifndef FD_ZERO # include # endif +#warning poll() appears to be unavailable. Your platform will become unsupported in the future. #endif /* HAVE_POLL */ #endif @@ -162,7 +163,7 @@ static void serve(struct client_state *csp); static void usage(const char *myname); #endif static void initialize_mutexes(void); -static jb_socket bind_port_helper(const char *haddr, int hport); +static jb_socket bind_port_helper(const char *haddr, int hport, int backlog); static void bind_ports_helper(struct configuration_spec *config, jb_socket sockets[]); static void close_ports_helper(jb_socket sockets[]); static void listen_loop(void); @@ -1852,6 +1853,10 @@ static jb_err parse_client_request(struct client_state *csp) } verify_request_length(csp); } + else + { + csp->flags |= CSP_FLAG_SERVER_SOCKET_TAINTED; + } #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ err = sed(csp, FILTER_CLIENT_HEADERS); @@ -1959,10 +1964,9 @@ static int send_http_request(struct client_state *csp) * Returns : Nothing. * *********************************************************************/ -static void handle_established_connection(struct client_state *csp, - const struct forward_spec *fwd) +static void handle_established_connection(struct client_state *csp) { - char buf[BUFFER_SIZE]; + char *receive_buffer; char *hdr; char *p; int n; @@ -1985,8 +1989,17 @@ static void handle_established_connection(struct client_state *csp, #ifdef FEATURE_CONNECTION_KEEP_ALIVE int watch_client_socket; #endif + const size_t receive_buffer_size = csp->config->receive_buffer_size; - memset(buf, 0, sizeof(buf)); + receive_buffer = zalloc(receive_buffer_size + 1); + if (receive_buffer == NULL) + { + log_error(LOG_LEVEL_ERROR, + "Out of memory. Failed to allocate the receive buffer."); + rsp = cgi_error_memory(); + send_crunch_response(csp, rsp); + return; + } http = csp->http; @@ -2103,13 +2116,14 @@ static void handle_established_connection(struct client_state *csp, if (n == 0) { - log_error(LOG_LEVEL_ERROR, - "Didn't receive data in time: %s", http->url); + log_error(LOG_LEVEL_CONNECT, "Socket timeout %d reached: %s", + csp->config->socket_timeout, http->url); if ((byte_count == 0) && (http->ssl == 0)) { send_crunch_response(csp, error_response(csp, "connection-timeout")); } mark_server_socket_tainted(csp); + freez(receive_buffer); return; } else if (n < 0) @@ -2120,6 +2134,7 @@ static void handle_established_connection(struct client_state *csp, log_error(LOG_LEVEL_ERROR, "select() failed!: %E"); #endif mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -2146,7 +2161,7 @@ static void handle_established_connection(struct client_state *csp, if (FD_ISSET(csp->cfd, &rfds)) #endif /* def HAVE_POLL*/ { - int max_bytes_to_read = sizeof(buf) - 1; + int max_bytes_to_read = (int)receive_buffer_size; #ifdef FEATURE_CONNECTION_KEEP_ALIVE if ((csp->flags & CSP_FLAG_CLIENT_REQUEST_COMPLETELY_READ)) @@ -2180,7 +2195,7 @@ static void handle_established_connection(struct client_state *csp, } if (csp->expected_client_content_length != 0) { - if (csp->expected_client_content_length < (sizeof(buf) - 1)) + if (csp->expected_client_content_length < receive_buffer_size) { max_bytes_to_read = (int)csp->expected_client_content_length; } @@ -2188,10 +2203,10 @@ static void handle_established_connection(struct client_state *csp, "Waiting for up to %d bytes from the client.", max_bytes_to_read); } - assert(max_bytes_to_read < sizeof(buf)); + assert(max_bytes_to_read <= receive_buffer_size); #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ - len = read_socket(csp->cfd, buf, max_bytes_to_read); + len = read_socket(csp->cfd, receive_buffer, max_bytes_to_read); if (len <= 0) { @@ -2218,10 +2233,11 @@ static void handle_established_connection(struct client_state *csp, } #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ - if (write_socket(csp->server_connection.sfd, buf, (size_t)len)) + if (write_socket(csp->server_connection.sfd, receive_buffer, (size_t)len)) { log_error(LOG_LEVEL_ERROR, "write to: %s failed: %E", http->host); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } continue; @@ -2255,18 +2271,19 @@ static void handle_established_connection(struct client_state *csp, log_error(LOG_LEVEL_CONNECT, "The server still wants to talk, but the client hung up on us."); mark_server_socket_tainted(csp); + freez(receive_buffer); return; #endif /* def _WIN32 */ } #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */ - len = read_socket(csp->server_connection.sfd, buf, sizeof(buf) - 1); + len = read_socket(csp->server_connection.sfd, receive_buffer, (int)receive_buffer_size); if (len < 0) { log_error(LOG_LEVEL_ERROR, "read from: %s failed: %E", http->host); - if (http->ssl && (fwd->forward_host == NULL)) + if (http->ssl && (csp->fwd == NULL)) { /* * Just hang up. We already confirmed the client's CONNECT @@ -2275,6 +2292,7 @@ static void handle_established_connection(struct client_state *csp, */ log_error(LOG_LEVEL_ERROR, "CONNECT already confirmed. Unable to tell the client about the problem."); + freez(receive_buffer); return; } else if (byte_count) @@ -2289,6 +2307,7 @@ static void handle_established_connection(struct client_state *csp, log_error(LOG_LEVEL_ERROR, "Already forwarded the original headers. " "Unable to tell the client about the problem."); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } /* @@ -2301,7 +2320,7 @@ static void handle_established_connection(struct client_state *csp, #ifdef FEATURE_CONNECTION_KEEP_ALIVE if (csp->flags & CSP_FLAG_CHUNKED) { - if ((len >= 5) && !memcmp(buf+len-5, "0\r\n\r\n", 5)) + if ((len >= 5) && !memcmp(receive_buffer+len-5, "0\r\n\r\n", 5)) { /* XXX: this is a temporary hack */ log_error(LOG_LEVEL_CONNECT, @@ -2314,11 +2333,23 @@ static void handle_established_connection(struct client_state *csp, reading_done: #endif /* FEATURE_CONNECTION_KEEP_ALIVE */ + /* + * This is guaranteed by allocating with zalloc_or_die() + * and never (intentionally) writing to the last byte. + * + * receive_buffer_size is the size of the part of the + * buffer we intentionally write to, but we actually + * allocated receive_buffer_size+1 bytes so the assertion + * stays within the allocated range. + */ + assert(receive_buffer[receive_buffer_size] == '\0'); + /* * Add a trailing zero to let be able to use string operations. * XXX: do we still need this with filter_popups gone? */ - buf[len] = '\0'; + assert(len <= receive_buffer_size); + receive_buffer[len] = '\0'; /* * Normally, this would indicate that we've read @@ -2397,6 +2428,7 @@ static void handle_established_connection(struct client_state *csp, freez(hdr); freez(p); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -2411,8 +2443,8 @@ static void handle_established_connection(struct client_state *csp, * This is NOT the body, so * Let's pretend the server just sent us a blank line. */ - snprintf(buf, sizeof(buf), "\r\n"); - len = (int)strlen(buf); + snprintf(receive_buffer, receive_buffer_size, "\r\n"); + len = (int)strlen(receive_buffer); /* * Now, let the normal header parsing algorithm below do its @@ -2436,7 +2468,7 @@ static void handle_established_connection(struct client_state *csp, * has been reached, switch to non-filtering mode, i.e. make & write the * header, flush the iob and buf, and get out of the way. */ - if (add_to_iob(csp->iob, csp->config->buffer_limit, buf, len)) + if (add_to_iob(csp->iob, csp->config->buffer_limit, receive_buffer, len)) { size_t hdrlen; long flushed; @@ -2455,18 +2487,20 @@ static void handle_established_connection(struct client_state *csp, rsp = cgi_error_memory(); send_crunch_response(csp, rsp); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } hdrlen = strlen(hdr); if (write_socket(csp->cfd, hdr, hdrlen) || ((flushed = flush_socket(csp->cfd, csp->iob)) < 0) - || (write_socket(csp->cfd, buf, (size_t)len))) + || (write_socket(csp->cfd, receive_buffer, (size_t)len))) { log_error(LOG_LEVEL_CONNECT, "Flush header and buffers to client failed: %E"); freez(hdr); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -2483,10 +2517,11 @@ static void handle_established_connection(struct client_state *csp, } else { - if (write_socket(csp->cfd, buf, (size_t)len)) + if (write_socket(csp->cfd, receive_buffer, (size_t)len)) { log_error(LOG_LEVEL_ERROR, "write to client failed: %E"); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } } @@ -2500,12 +2535,13 @@ static void handle_established_connection(struct client_state *csp, * Buffer up the data we just read. If that fails, there's * little we can do but send our static out-of-memory page. */ - if (add_to_iob(csp->iob, csp->config->buffer_limit, buf, len)) + if (add_to_iob(csp->iob, csp->config->buffer_limit, receive_buffer, len)) { log_error(LOG_LEVEL_ERROR, "Out of memory while looking for end of server headers."); rsp = cgi_error_memory(); send_crunch_response(csp, rsp); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -2526,6 +2562,7 @@ static void handle_established_connection(struct client_state *csp, write_socket(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE, strlen(INVALID_SERVER_HEADERS_RESPONSE)); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } else @@ -2571,6 +2608,7 @@ static void handle_established_connection(struct client_state *csp, } free_http_request(http); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } @@ -2611,6 +2649,7 @@ static void handle_established_connection(struct client_state *csp, strlen(INVALID_SERVER_HEADERS_RESPONSE)); free_http_request(http); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } hdr = list_to_text(csp->headers); @@ -2643,9 +2682,10 @@ static void handle_established_connection(struct client_state *csp, * delivered the crunch response to the client * and are done here after cleaning up. */ - freez(hdr); - mark_server_socket_tainted(csp); - return; + freez(hdr); + mark_server_socket_tainted(csp); + freez(receive_buffer); + return; } /* Buffer and pcrs filter this if appropriate. */ @@ -2675,6 +2715,7 @@ static void handle_established_connection(struct client_state *csp, */ freez(hdr); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } } @@ -2699,14 +2740,17 @@ static void handle_established_connection(struct client_state *csp, write_socket(csp->cfd, INVALID_SERVER_HEADERS_RESPONSE, strlen(INVALID_SERVER_HEADERS_RESPONSE)); mark_server_socket_tainted(csp); + freez(receive_buffer); return; } } continue; } mark_server_socket_tainted(csp); + freez(receive_buffer); return; /* huh? we should never get here */ } + freez(receive_buffer); if (csp->content_length == 0) { @@ -2987,7 +3031,7 @@ static void chat(struct client_state *csp) /* XXX: should the time start earlier for optimistically sent data? */ csp->server_connection.request_sent = time(NULL); - handle_established_connection(csp, fwd); + handle_established_connection(csp); } @@ -3024,6 +3068,7 @@ extern int fuzz_server_response(struct client_state *csp, char *fuzz_input_file) fuzz_input_file); } } + csp->fwd = &fwd; csp->content_type |= CT_GIF; csp->action->flags |= ACTION_DEANIMATE; csp->action->string[ACTION_STRING_DEANIMATE] = "last"; @@ -3044,7 +3089,7 @@ extern int fuzz_server_response(struct client_state *csp, char *fuzz_input_file) cgi_init_error_messages(); - handle_established_connection(csp, &fwd); + handle_established_connection(csp); return 0; } @@ -3342,6 +3387,8 @@ static void serve(struct client_state *csp) drain_and_close_socket(csp->cfd); } + free_csp_resources(csp); + csp->flags &= ~CSP_FLAG_ACTIVE; } @@ -3853,6 +3900,9 @@ int main(int argc, char **argv) { exit(process_fuzzed_input(fuzz_input_type, fuzz_input_file)); } + log_error(LOG_LEVEL_FATAL, + "When compiled with fuzzing support, Privoxy should only be used for fuzzing. " + "Various data structures are static which is unsafe when using threads."); #endif if (do_config_test) @@ -4073,16 +4123,17 @@ int main(int argc, char **argv) * 1 : haddr = Host address to bind to. Use NULL to bind to * INADDR_ANY. * 2 : hport = Specifies port to bind to. + * 3 : backlog = Listen backlog. * * Returns : Port that was opened. * *********************************************************************/ -static jb_socket bind_port_helper(const char *haddr, int hport) +static jb_socket bind_port_helper(const char *haddr, int hport, int backlog) { int result; jb_socket bfd; - result = bind_port(haddr, hport, &bfd); + result = bind_port(haddr, hport, backlog, &bfd); if (result < 0) { @@ -4162,7 +4213,22 @@ static void bind_ports_helper(struct configuration_spec * config, { if (config->hport[i]) { - sockets[i] = bind_port_helper(config->haddr[i], config->hport[i]); + sockets[i] = bind_port_helper(config->haddr[i], + config->hport[i], config->listen_backlog); +#if defined(FEATURE_ACCEPT_FILTER) && defined(SO_ACCEPTFILTER) + if (config->enable_accept_filter && sockets[i] != JB_INVALID_SOCKET) + { + struct accept_filter_arg af_options; + bzero(&af_options, sizeof(af_options)); + strlcpy(af_options.af_name, "httpready", sizeof(af_options.af_name)); + if (setsockopt(sockets[i], SOL_SOCKET, SO_ACCEPTFILTER, &af_options, + sizeof(af_options))) + { + log_error(LOG_LEVEL_ERROR, + "Enabling accept filter for socket %d failed: %E", sockets[i]); + } + } +#endif } else { @@ -4231,6 +4297,12 @@ static void listen_loop(void) jb_socket bfds[MAX_LISTENING_SOCKETS]; struct configuration_spec *config; unsigned int active_threads = 0; +#if defined(FEATURE_PTHREAD) + pthread_attr_t attrs; + + pthread_attr_init(&attrs); + pthread_attr_setdetachstate(&attrs, PTHREAD_CREATE_DETACHED); +#endif config = load_config(); @@ -4318,7 +4390,7 @@ static void listen_loop(void) * new one. * * Which-ever is correct, we will serve 1 more page via the - * old settings. This should probably be a "show-proxy-args" + * old settings. This should probably be a "show-status" * request. This should not be a so common of an operation * that this will hurt people's feelings. */ @@ -4386,14 +4458,10 @@ static void listen_loop(void) #define SELECTED_ONE_OPTION { pthread_t the_thread; - pthread_attr_t attrs; - pthread_attr_init(&attrs); - pthread_attr_setdetachstate(&attrs, PTHREAD_CREATE_DETACHED); errno = pthread_create(&the_thread, &attrs, (void * (*)(void *))serve, csp); child_id = errno ? -1 : 0; - pthread_attr_destroy(&attrs); } #endif @@ -4558,6 +4626,10 @@ static void listen_loop(void) } } +#if defined(FEATURE_PTHREAD) + pthread_attr_destroy(&attrs); +#endif + /* NOTREACHED unless FEATURE_GRACEFUL_TERMINATION is defined */ /* Clean up. Aim: free all memory (no leaks) */