X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=urlmatch.c;h=ce12ecc81ccc6d217de86f29b1588b455415ccd6;hp=2f2c0cf2ec1e498306eb088bf44ed4da41146e20;hb=42a63263b2fec9d1cb5118ec1d5b0f799f08b45c;hpb=6ab9830668191a9e6d93ee02953d484cc653cad6

diff --git a/urlmatch.c b/urlmatch.c
index 2f2c0cf2..ce12ecc8 100644
--- a/urlmatch.c
+++ b/urlmatch.c
@@ -1,4 +1,4 @@
-const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.41 2008/05/02 09:51:34 fabiankeil Exp $";
+const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.46 2009/02/11 19:31:32 fabiankeil Exp $";
 /*********************************************************************
  *
  * File        :  $Source: /cvsroot/ijbswa/current/urlmatch.c,v $
@@ -6,8 +6,8 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.41 2008/05/02 09:51:34 fabianke
  * Purpose     :  Declares functions to match URLs against URL
  *                patterns.
  *
- * Copyright   :  Written by and Copyright (C) 2001-2003, 2006-2008 the SourceForge
- *                Privoxy team. http://www.privoxy.org/
+ * Copyright   :  Written by and Copyright (C) 2001-2009
+ *                the Privoxy team. http://www.privoxy.org/
  *
  *                Based on the Internet Junkbuster originally written
  *                by and Copyright (C) 1997 Anonymous Coders and
@@ -33,6 +33,22 @@ const char urlmatch_rcs[] = "$Id: urlmatch.c,v 1.41 2008/05/02 09:51:34 fabianke
  *
  * Revisions   :
  *    $Log: urlmatch.c,v $
+ *    Revision 1.46  2009/02/11 19:31:32  fabiankeil
+ *    Reject request lines that end with neither HTTP/1.0 nor HTTP/1.1.
+ *
+ *    Revision 1.45  2008/06/21 21:19:18  fabiankeil
+ *    Silence bogus compiler warning.
+ *
+ *    Revision 1.44  2008/05/04 16:18:32  fabiankeil
+ *    Provide parse_http_url() with a third parameter to specify
+ *    whether or not URLs without protocol are acceptable.
+ *
+ *    Revision 1.43  2008/05/04 13:30:55  fabiankeil
+ *    Streamline parse_http_url()'s prototype.
+ *
+ *    Revision 1.42  2008/05/04 13:24:16  fabiankeil
+ *    If the method isn't CONNECT, reject URLs without protocol.
+ *
  *    Revision 1.41  2008/05/02 09:51:34  fabiankeil
  *    In parse_http_url(), don't muck around with values
  *    that are none of its business: require an initialized
@@ -368,7 +384,8 @@ jb_err init_domain_components(struct http_request *http)
  *          1  :  url = URL (or is it URI?) to break down
  *          2  :  http = pointer to the http structure to hold elements.
  *                       Must be initialized with valid values (like NULLs).
- *          3  :  csp = Current client state (buffers, headers, etc...)
+ *          3  :  require_protocol = Whether or not URLs without
+ *                                   protocol are acceptable.
  *
  * Returns     :  JB_ERR_OK on success
  *                JB_ERR_MEMORY on out of memory
@@ -376,9 +393,7 @@ jb_err init_domain_components(struct http_request *http)
  *                             or >100 domains deep.
  *
  *********************************************************************/
-jb_err parse_http_url(const char * url,
-                      struct http_request *http,
-                      const struct client_state *csp)
+jb_err parse_http_url(const char *url, struct http_request *http, int require_protocol)
 {
    int host_available = 1; /* A proxy can dream. */
 
@@ -448,7 +463,7 @@ jb_err parse_http_url(const char * url,
          http->host = NULL;
          host_available = 0;
       }
-      else if (!http->ssl)
+      else if (require_protocol)
       {
          freez(buf);
          return JB_ERR_PARSE;
@@ -618,7 +633,6 @@ static int unknown_method(const char *method)
  * Parameters  :
  *          1  :  req = HTTP request line to break down
  *          2  :  http = pointer to the http structure to hold elements
- *          3  :  csp = Current client state (buffers, headers, etc...)
  *
  * Returns     :  JB_ERR_OK on success
  *                JB_ERR_MEMORY on out of memory
@@ -626,9 +640,7 @@ static int unknown_method(const char *method)
  *                                  or >100 domains deep.
  *
  *********************************************************************/
-jb_err parse_http_request(const char *req,
-                          struct http_request *http,
-                          const struct client_state *csp)
+jb_err parse_http_request(const char *req, struct http_request *http)
 {
    char *buf;
    char *v[10]; /* XXX: Why 10? We should only need three. */
@@ -666,9 +678,17 @@ jb_err parse_http_request(const char *req,
       return JB_ERR_PARSE;
    }
 
+   if (strcmpic(v[2], "HTTP/1.1") && strcmpic(v[2], "HTTP/1.0"))
+   {
+      log_error(LOG_LEVEL_ERROR, "The only supported HTTP "
+         "versions are 1.0 and 1.1. This rules out: %s", v[2]);
+      freez(buf);
+      return JB_ERR_PARSE;
+   }
+
    http->ssl = !strcmpic(v[0], "CONNECT");
 
-   err = parse_http_url(v[1], http, csp);
+   err = parse_http_url(v[1], http, !http->ssl);
    if (err)
    {
       freez(buf);
@@ -721,7 +741,7 @@ static jb_err compile_pattern(const char *pattern, enum regex_anchoring anchorin
 {
    int errcode;
    char rebuf[BUFFER_SIZE];
-   const char *fmt;
+   const char *fmt = NULL;
 
    assert(pattern);
    assert(strlen(pattern) < sizeof(rebuf) - 2);