X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=jcc.c;h=7357c9ee56e01bde81ecd3aae6b36bf8831ed16b;hp=e7ad4e257e36cbeea5c4a26a1d19d2ecfe6aac30;hb=960ae61d1bce3289d3a79290a3d0c583620c2414;hpb=093ce0d6a6ba53bc4f89d3c12287fb7e9dcb8a46

diff --git a/jcc.c b/jcc.c
index e7ad4e25..7357c9ee 100644
--- a/jcc.c
+++ b/jcc.c
@@ -5,7 +5,7 @@
  * Purpose     :  Main file.  Contains main() method, main loop, and
  *                the main connection-handling function.
  *
- * Copyright   :  Written by and Copyright (C) 2001-2020 the
+ * Copyright   :  Written by and Copyright (C) 2001-2021 the
  *                Privoxy team. https://www.privoxy.org/
  *
  *                Based on the Internet Junkbuster originally written
@@ -1044,6 +1044,16 @@ static jb_err change_request_destination(struct client_state *csp)
       log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.",
          jb_err_to_string(err));
    }
+   if (http->ssl && strcmpic(csp->http->gpc, "CONNECT"))
+   {
+      /*
+       * A client header filter changed the request URL from
+       * http:// to https:// which we currently don't support.
+       */
+      log_error(LOG_LEVEL_ERROR, "Changing the request destination from http "
+         "to https behind the client's back currently isn't supported.");
+      return JB_ERR_PARSE;
+   }
 
    return err;
 }
@@ -1971,7 +1981,7 @@ static jb_err parse_client_request(struct client_state *csp)
          strlen(MESSED_UP_REQUEST_RESPONSE), get_write_delay(csp));
       /* XXX: Use correct size */
       log_error(LOG_LEVEL_CLF,
-         "%s - - [%T] \"Invalid request generated\" 500 0", csp->ip_addr_str);
+         "%s - - [%T] \"Invalid request generated\" 400 0", csp->ip_addr_str);
       log_error(LOG_LEVEL_ERROR,
          "Invalid request line after applying header filters.");
       free_http_request(http);
@@ -2546,6 +2556,7 @@ static jb_err change_encrypted_request_destination(struct client_state *csp)
 {
    jb_err err;
    char *original_host = csp->http->host;
+   int original_port = csp->http->port;
 
    log_error(LOG_LEVEL_REDIRECTS, "Rewrite detected: %s",
       csp->https_headers->first->str);
@@ -2556,27 +2567,38 @@ static jb_err change_encrypted_request_destination(struct client_state *csp)
    {
       log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.",
          jb_err_to_string(err));
+      freez(original_host);
       return err;
    }
 
    if (csp->http->host == NULL)
    {
+      char port_string[10];
       /*
        * The rewritten request line did not specify a host
        * which means we can use the original host specified
        * by the client.
        */
       csp->http->host = original_host;
+      csp->http->port = original_port;
       log_error(LOG_LEVEL_REDIRECTS, "Keeping the original host: %s",
          csp->http->host);
       /*
        * If the rewritten request line didn't contain a host
        * it also didn't contain a port so we can reuse the host
-       * and set the port to 443.
+       * port.
        */
       freez(csp->http->hostport);
       csp->http->hostport = strdup_or_die(csp->http->host);
-      csp->http->port = 443;
+      snprintf(port_string, sizeof(port_string), ":%d", original_port);
+      err = string_append(&csp->http->hostport, port_string);
+      if (err != JB_ERR_OK)
+      {
+         log_error(LOG_LEVEL_ERROR, "Failed to rebuild hostport: %s.",
+            jb_err_to_string(err));
+         return err;
+      }
+
       /*
        * While the request line didn't mention it,
        * we're https-inspecting and want to speak TLS
@@ -2802,10 +2824,15 @@ static jb_err process_encrypted_request(struct client_state *csp)
       || (strcmp(csp->http->cmd, csp->https_headers->first->str) &&
          (JB_ERR_OK != change_encrypted_request_destination(csp))))
    {
-      log_error(LOG_LEVEL_ERROR,
-         "Failed to get the request destination in the rewritten headers");
       ssl_send_data_delayed(&(csp->ssl_client_attr),
-         (const unsigned char *)CHEADER, strlen(CHEADER), get_write_delay(csp));
+         (const unsigned char *)MESSED_UP_REQUEST_RESPONSE,
+         strlen(MESSED_UP_REQUEST_RESPONSE), get_write_delay(csp));
+      log_error(LOG_LEVEL_ERROR,
+         "Invalid request line after applying header filters.");
+      /* XXX: Use correct size */
+      log_error(LOG_LEVEL_CLF,
+         "%s - - [%T] \"Invalid request generated\" 400 0", csp->ip_addr_str);
+
       return JB_ERR_PARSE;
    }
 
@@ -4256,7 +4283,7 @@ static void chat(struct client_state *csp)
       }
 #endif /* def FEATURE_CONNECTION_KEEP_ALIVE */
 #ifdef FEATURE_HTTPS_INSPECTION
-      if (http->ssl && !use_ssl_tunnel)
+      if (client_use_ssl(csp) && !use_ssl_tunnel)
       {
          int ret;
          /*
@@ -6192,6 +6219,8 @@ static void listen_loop(void)
    freez(basedir);
 #endif
 
+   log_error(LOG_LEVEL_INFO, "Exiting gracefully.");
+
 #if defined(_WIN32) && !defined(_WIN_CONSOLE)
    /* Cleanup - remove taskbar icon etc. */
    TermLogWindow();