X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=jcc.c;h=9c4ee5b624baad2192f1facf9a62259d375a02d0;hp=f9d39e6ab3300b9b8b761cf23238fa39ff3c25b8;hb=58b518549b4cad7b89e2e87def5169d83ceb2d45;hpb=a0d0527d51dbb1cb9af76e999a43dbf989dd1245

diff --git a/jcc.c b/jcc.c
index f9d39e6a..9c4ee5b6 100644
--- a/jcc.c
+++ b/jcc.c
@@ -1,4 +1,4 @@
-const char jcc_rcs[] = "$Id: jcc.c,v 1.214 2008/12/20 14:53:55 fabiankeil Exp $";
+const char jcc_rcs[] = "$Id: jcc.c,v 1.221 2009/02/06 18:02:58 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/jcc.c,v $
@@ -33,6 +33,34 @@ const char jcc_rcs[] = "$Id: jcc.c,v 1.214 2008/12/20 14:53:55 fabiankeil Exp $"
  *
  * Revisions   :
  *    $Log: jcc.c,v $
+ *    Revision 1.221  2009/02/06 18:02:58  fabiankeil
+ *    When dropping privileges, also give up membership in supplementary
+ *    groups. Thanks to Matthias Drochner for reporting the problem,
+ *    providing the initial patch and testing the final version.
+ *
+ *    Revision 1.220  2009/02/04 18:29:07  fabiankeil
+ *    Initialize the log module before parsing arguments.
+ *    Thanks to Matthias Drochner for the report.
+ *
+ *    Revision 1.219  2009/01/31 16:08:21  fabiankeil
+ *    Remove redundant error check in receive_client_request().
+ *
+ *    Revision 1.218  2009/01/31 12:25:54  fabiankeil
+ *    Flatten indentation in receive_client_request().
+ *
+ *    Revision 1.217  2009/01/07 19:50:09  fabiankeil
+ *    - If the socket-timeout has been reached and the client
+ *      hasn't received any data yet, send an explanation before
+ *      closing the connection.
+ *    - In get_request_line(), signal timeouts the right way.
+ *
+ *    Revision 1.216  2008/12/24 22:13:11  ler762
+ *    fix GCC 3.4.4 warning
+ *
+ *    Revision 1.215  2008/12/24 17:06:19  fabiankeil
+ *    Keep a thread around to timeout alive connections
+ *    even if no new requests are coming in.
+ *
  *    Revision 1.214  2008/12/20 14:53:55  fabiankeil
  *    Add config option socket-timeout to control the time
  *    Privoxy waits for data to arrive on a socket. Useful
@@ -1384,6 +1412,14 @@ static const char MESSED_UP_REQUEST_RESPONSE[] =
    "Connection: close\r\n\r\n"
    "Bad request. Messed up with header filters.\r\n";
 
+/* XXX: should be a template */
+static const char CONNECTION_TIMEOUT_RESPONSE[] =
+   "HTTP/1.0 502 Connection timeout\r\n"
+   "Proxy-Agent: Privoxy " VERSION "\r\n"
+   "Content-Type: text/plain\r\n"
+   "Connection: close\r\n\r\n"
+   "The connection timed out.\r\n";
+
 /* A function to crunch a response */
 typedef struct http_response *(*crunch_func_ptr)(struct client_state *);
 
@@ -2174,7 +2210,9 @@ static char *get_request_line(struct client_state *csp)
       {
          log_error(LOG_LEVEL_ERROR,
             "Stopped waiting for the request line.");
-         return '\0';
+         write_socket(csp->cfd, CONNECTION_TIMEOUT_RESPONSE,
+            strlen(CONNECTION_TIMEOUT_RESPONSE));
+         return NULL;
       }
 
       len = read_socket(csp->cfd, buf, sizeof(buf) - 1);
@@ -2234,58 +2272,48 @@ static jb_err receive_client_request(struct client_state *csp)
    memset(buf, 0, sizeof(buf));
 
    req = get_request_line(csp);
-
-   if ((NULL != req) && ('\0' != *req))
+   if (req == NULL)
    {
-      /* Request received. Validate and parse it. */
+      return JB_ERR_PARSE;
+   }
+   assert(*req != '\0');
 
-      /* Does the request line look invalid? */
-      if (client_protocol_is_unsupported(csp, req))
-      {
-         /* 
-          * Yes. The request has already been
-          * answered with a error response, the buffers
-          * were freed and we're done with chatting.
-          */
-         return JB_ERR_PARSE;
-      }
+   if (client_protocol_is_unsupported(csp, req))
+   {
+      return JB_ERR_PARSE;
+   }
 
 #ifdef FEATURE_FORCE_LOAD
-      /*
-       * If this request contains the FORCE_PREFIX and blocks
-       * aren't enforced, get rid of it and set the force flag.
-       */
-      if (strstr(req, FORCE_PREFIX))
+   /*
+    * If this request contains the FORCE_PREFIX and blocks
+    * aren't enforced, get rid of it and set the force flag.
+    */
+   if (strstr(req, FORCE_PREFIX))
+   {
+      if (csp->config->feature_flags & RUNTIME_FEATURE_ENFORCE_BLOCKS)
       {
-         if (csp->config->feature_flags & RUNTIME_FEATURE_ENFORCE_BLOCKS)
-         {
-            log_error(LOG_LEVEL_FORCE,
-               "Ignored force prefix in request: \"%s\".", req);
-         }
-         else
-         {
-            strclean(req, FORCE_PREFIX);
-            log_error(LOG_LEVEL_FORCE, "Enforcing request: \"%s\".", req);
-            csp->flags |= CSP_FLAG_FORCED;
-         }
+         log_error(LOG_LEVEL_FORCE,
+            "Ignored force prefix in request: \"%s\".", req);
       }
-#endif /* def FEATURE_FORCE_LOAD */
-
-      err = parse_http_request(req, http, csp);
-      if (JB_ERR_OK != err)
+      else
       {
-         log_error(LOG_LEVEL_ERROR, "Couldn't parse request: %s.", jb_err_to_string(err));
+         strclean(req, FORCE_PREFIX);
+         log_error(LOG_LEVEL_FORCE, "Enforcing request: \"%s\".", req);
+         csp->flags |= CSP_FLAG_FORCED;
       }
-
-      freez(req);
    }
+#endif /* def FEATURE_FORCE_LOAD */
 
-   if (http->cmd == NULL)
+   err = parse_http_request(req, http, csp);
+   freez(req);
+   if (JB_ERR_OK != err)
    {
       write_socket(csp->cfd, CHEADER, strlen(CHEADER));
       /* XXX: Use correct size */
       log_error(LOG_LEVEL_CLF, "%s - - [%T] \"Invalid request\" 400 0", csp->ip_addr_str);
-      log_error(LOG_LEVEL_ERROR, "Invalid header received from %s.", csp->ip_addr_str);
+      log_error(LOG_LEVEL_ERROR,
+         "Couldn't parse request line received from %s: %s",
+         csp->ip_addr_str, jb_err_to_string(err));
 
       free_http_request(http);
       return JB_ERR_PARSE;
@@ -2490,7 +2518,7 @@ static void chat(struct client_state *csp)
    int max_forwarded_connect_retries = csp->config->forwarded_connect_retries;
    const struct forward_spec *fwd;
    struct http_request *http;
-   int len; /* for buffer sizes (and negative error codes) */
+   int len = 0; /* for buffer sizes (and negative error codes) */
 
    /* Function that does the content filtering for the current request */
    filter_function_ptr content_filter = NULL;
@@ -2747,6 +2775,11 @@ static void chat(struct client_state *csp)
       if (n == 0)
       {
          log_error(LOG_LEVEL_ERROR, "Didn't receive data in time.");
+         if ((byte_count == 0) && (http->ssl == 0))
+         {
+            write_socket(csp->cfd, CONNECTION_TIMEOUT_RESPONSE,
+               strlen(CONNECTION_TIMEOUT_RESPONSE));
+         }
          mark_server_socket_tainted(csp);
          return;
       }
@@ -3543,6 +3576,12 @@ int main(int argc, const char *argv[])
 #endif
       ;
 
+   /* Prepare mutexes if supported and necessary. */
+   initialize_mutexes();
+
+   /* Enable logging until further notice. */
+   init_log_module(Argv[0]);
+
    /*
     * Parse the command line arguments
     *
@@ -3696,12 +3735,6 @@ int main(int argc, const char *argv[])
    InitWin32();
 #endif
 
-   /* Prepare mutexes if supported and necessary. */
-   initialize_mutexes();
-
-   /* Enable logging until further notice. */
-   init_log_module(Argv[0]);
-
    random_seed = (unsigned int)time(NULL);
 #ifdef HAVE_RANDOM
    srandom(random_seed);
@@ -3835,6 +3868,17 @@ int main(int argc, const char *argv[])
       {
          log_error(LOG_LEVEL_FATAL, "Cannot setgid(): Insufficient permissions.");
       }
+      if (NULL != grp)
+      {
+         if (setgroups(1, &grp->gr_gid))
+         {
+            log_error(LOG_LEVEL_FATAL, "setgroups() failed: %E");
+         }
+      }
+      else if (initgroups(pw->pw_name, pw->pw_gid))
+      {
+         log_error(LOG_LEVEL_FATAL, "initgroups() failed: %E");
+      }
       if (do_chroot)
       {
          if (!pw->pw_dir)