X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=jcc.c;h=a805f0b26ac7eb6b3fcc82a5712bca8441561f79;hp=a5e561f5e69bd9b9c166077014cd6a45642e3fd4;hb=873efe14859c0fb3f53a905eb346c36cf5fe7eda;hpb=aa5ec3cea82a006dbc031c8fdde5a26fcefa2c18 diff --git a/jcc.c b/jcc.c index a5e561f5..a805f0b2 100644 --- a/jcc.c +++ b/jcc.c @@ -1044,6 +1044,16 @@ static jb_err change_request_destination(struct client_state *csp) log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.", jb_err_to_string(err)); } + if (http->ssl && strcmpic(csp->http->gpc, "CONNECT")) + { + /* + * A client header filter changed the request URL from + * http:// to https:// which we currently don't support. + */ + log_error(LOG_LEVEL_ERROR, "Changing the request destination from http " + "to https behind the client's back currently isn't supported."); + return JB_ERR_PARSE; + } return err; } @@ -1971,7 +1981,7 @@ static jb_err parse_client_request(struct client_state *csp) strlen(MESSED_UP_REQUEST_RESPONSE), get_write_delay(csp)); /* XXX: Use correct size */ log_error(LOG_LEVEL_CLF, - "%s - - [%T] \"Invalid request generated\" 500 0", csp->ip_addr_str); + "%s - - [%T] \"Invalid request generated\" 400 0", csp->ip_addr_str); log_error(LOG_LEVEL_ERROR, "Invalid request line after applying header filters."); free_http_request(http); @@ -2546,6 +2556,7 @@ static jb_err change_encrypted_request_destination(struct client_state *csp) { jb_err err; char *original_host = csp->http->host; + int original_port = csp->http->port; log_error(LOG_LEVEL_REDIRECTS, "Rewrite detected: %s", csp->https_headers->first->str); @@ -2556,27 +2567,38 @@ static jb_err change_encrypted_request_destination(struct client_state *csp) { log_error(LOG_LEVEL_ERROR, "Couldn't parse rewritten request: %s.", jb_err_to_string(err)); + freez(original_host); return err; } if (csp->http->host == NULL) { + char port_string[10]; /* * The rewritten request line did not specify a host * which means we can use the original host specified * by the client. */ csp->http->host = original_host; + csp->http->port = original_port; log_error(LOG_LEVEL_REDIRECTS, "Keeping the original host: %s", csp->http->host); /* * If the rewritten request line didn't contain a host * it also didn't contain a port so we can reuse the host - * and set the port to 443. + * port. */ freez(csp->http->hostport); csp->http->hostport = strdup_or_die(csp->http->host); - csp->http->port = 443; + snprintf(port_string, sizeof(port_string), ":%d", original_port); + err = string_append(&csp->http->hostport, port_string); + if (err != JB_ERR_OK) + { + log_error(LOG_LEVEL_ERROR, "Failed to rebuild hostport: %s.", + jb_err_to_string(err)); + return err; + } + /* * While the request line didn't mention it, * we're https-inspecting and want to speak TLS @@ -2802,10 +2824,15 @@ static jb_err process_encrypted_request(struct client_state *csp) || (strcmp(csp->http->cmd, csp->https_headers->first->str) && (JB_ERR_OK != change_encrypted_request_destination(csp)))) { - log_error(LOG_LEVEL_ERROR, - "Failed to get the request destination in the rewritten headers"); ssl_send_data_delayed(&(csp->ssl_client_attr), - (const unsigned char *)CHEADER, strlen(CHEADER), get_write_delay(csp)); + (const unsigned char *)MESSED_UP_REQUEST_RESPONSE, + strlen(MESSED_UP_REQUEST_RESPONSE), get_write_delay(csp)); + log_error(LOG_LEVEL_ERROR, + "Invalid request line after applying header filters."); + /* XXX: Use correct size */ + log_error(LOG_LEVEL_CLF, + "%s - - [%T] \"Invalid request generated\" 400 0", csp->ip_addr_str); + return JB_ERR_PARSE; }