X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=urlmatch.c;h=8bb8e267fe6254759d7f028147b4ce64ce333340;hp=32ef56101eccd1be0f6a2fb8172f253f91fee8d2;hb=7055dabf9dd0294cc8e1cf78e12a1b606e89d684;hpb=b3ee70e4ee07171ad5cc5050748d53db7228f232 diff --git a/urlmatch.c b/urlmatch.c index 32ef5610..8bb8e267 100644 --- a/urlmatch.c +++ b/urlmatch.c @@ -1,4 +1,4 @@ -const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.5 2002/03/13 00:27:05 jongfoster Exp $"; +const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.15 2007/01/28 16:11:23 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/urlmatch.c,v $ @@ -6,8 +6,8 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.5 2002/03/13 00:27:05 jongfoste * Purpose : Declares functions to match URLs against URL * patterns. * - * Copyright : Written by and Copyright (C) 2001 the SourceForge - * Privoxy team. http://ijbswa.sourceforge.net + * Copyright : Written by and Copyright (C) 2001-2003, 2006-2007 the SourceForge + * Privoxy team. http://www.privoxy.org/ * * Based on the Internet Junkbuster originally written * by and Copyright (C) 1997 Anonymous Coders and @@ -33,6 +33,71 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.5 2002/03/13 00:27:05 jongfoste * * Revisions : * $Log: urlmatch.c,v $ + * Revision 1.15 2007/01/28 16:11:23 fabiankeil + * Accept WebDAV methods for subversion + * in parse_http_request(). Closes FR 1581425. + * + * Revision 1.14 2007/01/06 14:23:56 fabiankeil + * Fix gcc43 warnings. Mark *csp as immutable + * for parse_http_url() and url_match(). + * Replace a sprintf call with snprintf. + * + * Revision 1.13 2006/12/06 19:50:54 fabiankeil + * parse_http_url() now handles intercepted + * HTTP request lines as well. Moved parts + * of parse_http_url()'s code into + * init_domain_components() so that it can + * be reused in chat(). + * + * Revision 1.12 2006/07/18 14:48:47 david__schmidt + * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) + * with what was really the latest development (the v_3_0_branch branch) + * + * Revision 1.10.2.7 2003/05/17 15:57:24 oes + * - parse_http_url now checks memory allocation failure for + * duplication of "*" URL and rejects "*something" URLs + * Closes bug #736344 + * - Added a comment to what might look like a bug in + * create_url_spec (see !bug #736931) + * - Comment cosmetics + * + * Revision 1.10.2.6 2003/05/07 12:39:48 oes + * Fix typo: Default port for https URLs is 443, not 143. + * Thanks to Scott Tregear for spotting this one. + * + * Revision 1.10.2.5 2003/02/28 13:09:29 oes + * Fixed a rare double free condition as per Bug #694713 + * + * Revision 1.10.2.4 2003/02/28 12:57:44 oes + * Moved freeing of http request structure to its owner + * as per Dan Price's observations in Bug #694713 + * + * Revision 1.10.2.3 2002/11/12 16:50:40 oes + * Fixed memory leak in parse_http_request() reported by Oliver Stoeneberg. Fixes bug #637073 + * + * Revision 1.10.2.2 2002/09/25 14:53:15 oes + * Added basic support for OPTIONS and TRACE HTTP methods: + * parse_http_url now recognizes the "*" URI as well as + * the OPTIONS and TRACE method keywords. + * + * Revision 1.10.2.1 2002/06/06 19:06:44 jongfoster + * Adding support for proprietary Microsoft WebDAV extensions + * + * Revision 1.10 2002/05/12 21:40:37 jongfoster + * - Removing some unused code + * + * Revision 1.9 2002/04/04 00:36:36 gliptak + * always use pcre for matching + * + * Revision 1.8 2002/04/03 23:32:47 jongfoster + * Fixing memory leak on error + * + * Revision 1.7 2002/03/26 22:29:55 swa + * we have a new homepage! + * + * Revision 1.6 2002/03/24 13:25:43 swa + * name change related issues + * * Revision 1.5 2002/03/13 00:27:05 jongfoster * Killing warnings * @@ -91,19 +156,6 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.5 2002/03/13 00:27:05 jongfoste const char urlmatch_h_rcs[] = URLMATCH_H_VERSION; -/* Fix a problem with Solaris. There should be no effect on other - * platforms. - * Solaris's isspace() is a macro which uses it's argument directly - * as an array index. Therefore we need to make sure that high-bit - * characters generate +ve values, and ideally we also want to make - * the argument match the declared parameter type of "int". - * - * Why did they write a character function that can't take a simple - * "char" argument? Doh! - */ -#define ijb_isupper(__X) isupper((int)(unsigned char)(__X)) -#define ijb_tolower(__X) tolower((int)(unsigned char)(__X)) - /********************************************************************* * @@ -135,6 +187,69 @@ void free_http_request(struct http_request *http) http->dcount = 0; } +/********************************************************************* + * + * Function : init_domain_components + * + * Description : Splits the domain name so we can compare it + * against wildcards. It used to be part of + * parse_http_url, but was separated because the + * same code is required in chat in case of + * intercepted requests. + * + * Parameters : + * 1 : http = pointer to the http structure to hold elements. + * + * Returns : JB_ERR_OK on success + * JB_ERR_MEMORY on out of memory + * JB_ERR_PARSE on malformed command/URL + * or >100 domains deep. + * + *********************************************************************/ +jb_err init_domain_components(struct http_request *http) +{ + char *vec[BUFFER_SIZE]; + size_t size; + char *p; + + http->dbuffer = strdup(http->host); + if (NULL == http->dbuffer) + { + return JB_ERR_MEMORY; + } + + /* map to lower case */ + for (p = http->dbuffer; *p ; p++) + { + *p = (char)tolower((int)(unsigned char)*p); + } + + /* split the domain name into components */ + http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec), 1, 1); + + if (http->dcount <= 0) + { + /* + * Error: More than SZ(vec) components in domain + * or: no components in domain + */ + log_error(LOG_LEVEL_ERROR, "More than SZ(vec) components in domain or none at all."); + return JB_ERR_PARSE; + } + + /* save a copy of the pointers in dvec */ + size = (size_t)http->dcount * sizeof(*http->dvec); + + http->dvec = (char **)malloc(size); + if (NULL == http->dvec) + { + return JB_ERR_MEMORY; + } + + memcpy(http->dvec, vec, size); + + return JB_ERR_OK; +} /********************************************************************* * @@ -153,14 +268,16 @@ void free_http_request(struct http_request *http) * * Returns : JB_ERR_OK on success * JB_ERR_MEMORY on out of memory - * JB_ERR_CGI_PARAMS on malformed command/URL - * or >100 domains deep. + * JB_ERR_PARSE on malformed command/URL + * or >100 domains deep. * *********************************************************************/ jb_err parse_http_url(const char * url, struct http_request *http, - struct client_state *csp) + const struct client_state *csp) { + int host_available = 1; /* A proxy can dream. */ + /* * Zero out the results structure */ @@ -177,6 +294,24 @@ jb_err parse_http_url(const char * url, } + /* + * Check for * URI. If found, we're done. + */ + if (*http->url == '*') + { + if ( NULL == (http->path = strdup("*")) + || NULL == (http->hostport = strdup("")) ) + { + return JB_ERR_MEMORY; + } + if (http->url[1] != '\0') + { + return JB_ERR_PARSE; + } + return JB_ERR_OK; + } + + /* * Split URL into protocol,hostport,path. */ @@ -203,6 +338,17 @@ jb_err parse_http_url(const char * url, url_noproto += 8; http->ssl = 1; } + else if (*url_noproto == '/') + { + /* + * Short request line without protocol and host. + * Most likely because the client's request + * was intercepted and redirected into Privoxy. + */ + http->ssl = 0; + http->host = NULL; + host_available = 0; + } else { http->ssl = 0; @@ -233,17 +379,20 @@ jb_err parse_http_url(const char * url, http->hostport = strdup(url_noproto); } - free(buf); + freez(buf); if ( (http->path == NULL) || (http->hostport == NULL)) { - free(buf); - free_http_request(http); return JB_ERR_MEMORY; } } + if (!host_available) + { + /* Without host, there is nothing left to do here */ + return JB_ERR_OK; + } /* * Split hostport into user/password (ignored), host, port. @@ -256,7 +405,6 @@ jb_err parse_http_url(const char * url, buf = strdup(http->hostport); if (buf == NULL) { - free_http_request(http); return JB_ERR_MEMORY; } @@ -285,7 +433,7 @@ jb_err parse_http_url(const char * url, else { /* No port specified. */ - http->port = (http->ssl ? 143 : 80); + http->port = (http->ssl ? 443 : 80); } http->host = strdup(host); @@ -294,61 +442,15 @@ jb_err parse_http_url(const char * url, if (http->host == NULL) { - free_http_request(http); return JB_ERR_MEMORY; } } - /* * Split domain name so we can compare it against wildcards */ - { - char *vec[BUFFER_SIZE]; - size_t size; - char *p; - - http->dbuffer = strdup(http->host); - if (NULL == http->dbuffer) - { - free_http_request(http); - return JB_ERR_MEMORY; - } - - /* map to lower case */ - for (p = http->dbuffer; *p ; p++) - { - *p = tolower((int)(unsigned char)*p); - } - - /* split the domain name into components */ - http->dcount = ssplit(http->dbuffer, ".", vec, SZ(vec), 1, 1); - - if (http->dcount <= 0) - { - /* - * Error: More than SZ(vec) components in domain - * or: no components in domain - */ - free_http_request(http); - return JB_ERR_PARSE; - } - - /* save a copy of the pointers in dvec */ - size = http->dcount * sizeof(*http->dvec); + return init_domain_components(http); - http->dvec = (char **)malloc(size); - if (NULL == http->dvec) - { - free_http_request(http); - return JB_ERR_MEMORY; - } - - memcpy(http->dvec, vec, size); - } - - - return JB_ERR_OK; } @@ -372,7 +474,7 @@ jb_err parse_http_url(const char * url, *********************************************************************/ jb_err parse_http_request(const char *req, struct http_request *http, - struct client_state *csp) + const struct client_state *csp) { char *buf; char *v[10]; @@ -407,6 +509,8 @@ jb_err parse_http_request(const char *req, || (0 == strcmpic(v[0], "post")) || (0 == strcmpic(v[0], "put")) || (0 == strcmpic(v[0], "delete")) + || (0 == strcmpic(v[0], "options")) + || (0 == strcmpic(v[0], "trace")) /* or a webDAV extension (RFC2518) */ || (0 == strcmpic(v[0], "propfind")) @@ -416,6 +520,40 @@ jb_err parse_http_request(const char *req, || (0 == strcmpic(v[0], "mkcol")) || (0 == strcmpic(v[0], "lock")) || (0 == strcmpic(v[0], "unlock")) + + /* Or a Microsoft webDAV extension for Exchange 2000. See: */ + /* http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html */ + /* http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp */ + || (0 == strcmpic(v[0], "bcopy")) + || (0 == strcmpic(v[0], "bmove")) + || (0 == strcmpic(v[0], "bdelete")) + || (0 == strcmpic(v[0], "bpropfind")) + || (0 == strcmpic(v[0], "bproppatch")) + + /* Or another Microsoft webDAV extension for Exchange 2000. See: */ + /* http://systems.cs.colorado.edu/grunwald/MobileComputing/Papers/draft-cohen-gena-p-base-00.txt */ + /* http://lists.w3.org/Archives/Public/w3c-dist-auth/2002JanMar/0001.html */ + /* http://msdn.microsoft.com/library/en-us/wss/wss/_webdav_methods.asp */ + || (0 == strcmpic(v[0], "subscribe")) + || (0 == strcmpic(v[0], "unsubscribe")) + || (0 == strcmpic(v[0], "notify")) + || (0 == strcmpic(v[0], "poll")) + + /* + * Or yet another WebDAV extension, this time for + * Web Distributed Authoring and Versioning (RFC3253) + */ + || (0 == strcmpic(v[0], "version-control")) + || (0 == strcmpic(v[0], "report")) + || (0 == strcmpic(v[0], "checkout")) + || (0 == strcmpic(v[0], "checkin")) + || (0 == strcmpic(v[0], "uncheckout")) + || (0 == strcmpic(v[0], "mkworkspace")) + || (0 == strcmpic(v[0], "update")) + || (0 == strcmpic(v[0], "label")) + || (0 == strcmpic(v[0], "merge")) + || (0 == strcmpic(v[0], "baseline-control")) + || (0 == strcmpic(v[0], "mkactivity")) ) { /* Normal */ @@ -424,6 +562,7 @@ jb_err parse_http_request(const char *req, else { /* Unknown HTTP method */ + log_error(LOG_LEVEL_ERROR, "Unknown HTTP method detected: %s", v[0]); free(buf); return JB_ERR_PARSE; } @@ -448,11 +587,12 @@ jb_err parse_http_request(const char *req, || (http->ver == NULL) ) { free(buf); - free_http_request(http); return JB_ERR_MEMORY; } + free(buf); return JB_ERR_OK; + } @@ -580,7 +720,7 @@ static int domain_match(const struct url_spec *pattern, const struct http_reques * Function : create_url_spec * * Description : Creates a "url_spec" structure from a string. - * When finished, free with unload_url(). + * When finished, free with free_url_spec(). * * Parameters : * 1 : url = Target url_spec to be filled in. Will be @@ -605,10 +745,14 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) assert(url); assert(buf); - /* Zero memory */ + /* + * Zero memory + */ memset(url, '\0', sizeof(*url)); - /* save a copy of the orignal specification */ + /* + * Save a copy of the orignal specification + */ if ((url->spec = strdup(buf)) == NULL) { return JB_ERR_MEMORY; @@ -629,7 +773,6 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) url->path = NULL; url->pathlen = 0; } -#ifdef REGEX if (url->path) { int errcode; @@ -642,7 +785,7 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) return JB_ERR_MEMORY; } - sprintf(rebuf, "^(%s)", url->path); + snprintf(rebuf, sizeof(rebuf), "^(%s)", url->path); errcode = regcomp(url->preg, rebuf, (REG_EXTENDED|REG_NOSUB|REG_ICASE)); @@ -662,12 +805,12 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) freez(url->spec); freez(url->path); + regfree(url->preg); freez(url->preg); return JB_ERR_PARSE; } } -#endif if ((p = strchr(buf, ':')) == NULL) { url->port = 0; @@ -683,7 +826,9 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) char *v[150]; size_t size; - /* Parse domain part */ + /* + * Parse domain part + */ if (buf[strlen(buf) - 1] == '.') { url->unanchored |= ANCHOR_RIGHT; @@ -693,35 +838,38 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) url->unanchored |= ANCHOR_LEFT; } - /* split domain into components */ - + /* + * Split domain into components + */ url->dbuffer = strdup(buf); if (NULL == url->dbuffer) { freez(url->spec); freez(url->path); -#ifdef REGEX + regfree(url->preg); freez(url->preg); -#endif /* def REGEX */ return JB_ERR_MEMORY; } - /* map to lower case */ + /* + * Map to lower case + */ for (p = url->dbuffer; *p ; p++) { - *p = tolower((int)(unsigned char)*p); + *p = (char)tolower((int)(unsigned char)*p); } - /* split the domain name into components */ + /* + * Split the domain name into components + */ url->dcount = ssplit(url->dbuffer, ".", v, SZ(v), 1, 1); if (url->dcount < 0) { freez(url->spec); freez(url->path); -#ifdef REGEX + regfree(url->preg); freez(url->preg); -#endif /* def REGEX */ freez(url->dbuffer); url->dcount = 0; return JB_ERR_MEMORY; @@ -729,17 +877,18 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) else if (url->dcount != 0) { - /* save a copy of the pointers in dvec */ - size = url->dcount * sizeof(*url->dvec); + /* + * Save a copy of the pointers in dvec + */ + size = (size_t)url->dcount * sizeof(*url->dvec); url->dvec = (char **)malloc(size); if (NULL == url->dvec) { freez(url->spec); freez(url->path); -#ifdef REGEX + regfree(url->preg); freez(url->preg); -#endif /* def REGEX */ freez(url->dbuffer); url->dcount = 0; return JB_ERR_MEMORY; @@ -747,6 +896,11 @@ jb_err create_url_spec(struct url_spec * url, const char * buf) memcpy(url->dvec, v, size); } + /* + * else dcount == 0 in which case we needn't do anything, + * since dvec will never be accessed and the pattern will + * match all domains. + */ } return JB_ERR_OK; @@ -775,14 +929,11 @@ void free_url_spec(struct url_spec *url) freez(url->dbuffer); freez(url->dvec); freez(url->path); -#ifdef REGEX if (url->preg) { regfree(url->preg); freez(url->preg); } -#endif - } @@ -805,11 +956,7 @@ int url_match(const struct url_spec *pattern, return ((pattern->port == 0) || (pattern->port == url->port)) && ((pattern->dbuffer == NULL) || (domain_match(pattern, url) == 0)) && ((pattern->path == NULL) || -#ifdef REGEX (regexec(pattern->preg, url->path, 0, NULL, 0) == 0) -#else - (strncmp(pattern->path, url->path, pattern->pathlen) == 0) -#endif ); }