From: Fabian Keil Date: Fri, 21 Mar 2008 11:14:00 +0000 (+0000) Subject: Only gather host information if it's actually needed. X-Git-Tag: v_3_0_9~200 X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=commitdiff_plain;h=e960d924ca9abc7e98f490b61dd5f65a189e6ff7 Only gather host information if it's actually needed. Also move the code out of accept_connection() so it's less likely to delay other incoming connections if the host is misconfigured. --- diff --git a/ChangeLog b/ChangeLog index a1b7ecf1..7983cdf3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,6 +20,8 @@ ChangeLog for Privoxy file modification timestamps. This makes life harder for attackers who can leverage browser bugs to send fake Referers and intend to brute-force edit URLs. +- Host information is gathered outside the main thread so it's less + likely to delay other incoming connections if the host is misconfigured. - The CGI editor supports the "disable all filters of this type" directives "-client-header-filter", "-server-header-filter", "-client-header-tagger" and "-server-header-tagger". diff --git a/GNUmakefile.in b/GNUmakefile.in index 290a4d08..35a721ff 100644 --- a/GNUmakefile.in +++ b/GNUmakefile.in @@ -1,6 +1,6 @@ # Note: Makefile is built automatically from Makefile.in # -# $Id: GNUmakefile.in,v 1.157 2007/12/10 02:28:02 hal9 Exp $ +# $Id: GNUmakefile.in,v 1.158 2007/12/11 21:29:25 fabiankeil Exp $ # # Written by and Copyright (C) 2001 - 2007 the SourceForge # Privoxy team. http://www.privoxy.org/ @@ -955,7 +955,7 @@ dok-get: ############################################################################# actions.@OBJEXT@: actions.c actions.h config.h $(PROJECT_H_DEPS) errlog.h jcc.h list.h loaders.h miscutil.h actionlist.h ssplit.h -cgi.@OBJEXT@: cgi.c cgi.h config.h $(PROJECT_H_DEPS) cgiedit.h cgisimple.h list.h pcrs.h encode.h ssplit.h jcc.h filters.h actions.h errlog.h miscutil.h +cgi.@OBJEXT@: cgi.c cgi.h config.h $(PROJECT_H_DEPS) cgiedit.h cgisimple.h jbsockets.h list.h pcrs.h encode.h ssplit.h jcc.h filters.h actions.h errlog.h miscutil.h cgiedit.@OBJEXT@: cgiedit.c cgiedit.h config.h $(PROJECT_H_DEPS) cgi.h list.h pcrs.h encode.h ssplit.h jcc.h filters.h actionlist.h actions.h errlog.h miscutil.h cgisimple.@OBJEXT@: cgisimple.c cgisimple.h config.h $(PROJECT_H_DEPS) cgi.h list.h pcrs.h encode.h ssplit.h jcc.h filters.h actions.h errlog.h miscutil.h deanimate.@OBJEXT@: deanimate.c deanimate.h config.h $(PROJECT_H_DEPS) @@ -1364,6 +1364,9 @@ coffee: ## end: # $Log: GNUmakefile.in,v $ +# Revision 1.158 2007/12/11 21:29:25 fabiankeil +# Fix dependency list for cgiedit.c. +# # Revision 1.157 2007/12/10 02:28:02 hal9 # Unset $LANG for text processing of docs so we get pure text. # diff --git a/cgi.c b/cgi.c index bd0c8f6f..4f46bca7 100644 --- a/cgi.c +++ b/cgi.c @@ -1,4 +1,4 @@ -const char cgi_rcs[] = "$Id: cgi.c,v 1.101 2008/02/03 15:45:06 fabiankeil Exp $"; +const char cgi_rcs[] = "$Id: cgi.c,v 1.102 2008/02/23 16:33:43 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/cgi.c,v $ @@ -38,6 +38,10 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.101 2008/02/03 15:45:06 fabiankeil Exp $" * * Revisions : * $Log: cgi.c,v $ + * Revision 1.102 2008/02/23 16:33:43 fabiankeil + * Let forward_url() use the standard parameter ordering + * and mark its second parameter immutable. + * * Revision 1.101 2008/02/03 15:45:06 fabiankeil * Add SOCKS5 support for "Forwarding failure" CGI page. * @@ -608,6 +612,7 @@ const char cgi_rcs[] = "$Id: cgi.c,v 1.101 2008/02/03 15:45:06 fabiankeil Exp $" #include "filters.h" #include "miscutil.h" #include "cgisimple.h" +#include "jbsockets.h" #ifdef FEATURE_CGI_EDIT_ACTIONS #include "cgiedit.h" #endif /* def FEATURE_CGI_EDIT_ACTIONS */ @@ -2561,6 +2566,8 @@ struct map *default_exports(const struct client_state *csp, const char *caller) jb_err err; struct map * exports; int local_help_exists = 0; + char *ip_address = NULL; + char *hostname = NULL; assert(csp); @@ -2570,9 +2577,13 @@ struct map *default_exports(const struct client_state *csp, const char *caller) return NULL; } + get_host_information(csp->cfd, &ip_address, &hostname); + err = map(exports, "version", 1, html_encode(VERSION), 0); - if (!err) err = map(exports, "my-ip-address", 1, html_encode(csp->my_ip_addr_str ? csp->my_ip_addr_str : "unknown"), 0); - if (!err) err = map(exports, "my-hostname", 1, html_encode(csp->my_hostname ? csp->my_hostname : "unknown"), 0); + if (!err) err = map(exports, "my-ip-address", 1, html_encode(ip_address ? ip_address : "unknown"), 0); + freez(ip_address); + if (!err) err = map(exports, "my-hostname", 1, html_encode(hostname ? hostname : "unknown"), 0); + freez(hostname); if (!err) err = map(exports, "homepage", 1, html_encode(HOME_PAGE_URL), 0); if (!err) err = map(exports, "default-cgi", 1, html_encode(CGI_PREFIX), 0); if (!err) err = map(exports, "menu", 1, make_menu(caller, csp->config->feature_flags), 0); diff --git a/jbsockets.c b/jbsockets.c index 6f66e1ce..74a3e43e 100644 --- a/jbsockets.c +++ b/jbsockets.c @@ -1,4 +1,4 @@ -const char jbsockets_rcs[] = "$Id: jbsockets.c,v 1.44 2007/09/15 13:01:31 fabiankeil Exp $"; +const char jbsockets_rcs[] = "$Id: jbsockets.c,v 1.45 2007/09/30 16:59:22 fabiankeil Exp $"; /********************************************************************* * * File : $Source: /cvsroot/ijbswa/current/jbsockets.c,v $ @@ -35,6 +35,10 @@ const char jbsockets_rcs[] = "$Id: jbsockets.c,v 1.44 2007/09/15 13:01:31 fabian * * Revisions : * $Log: jbsockets.c,v $ + * Revision 1.45 2007/09/30 16:59:22 fabiankeil + * Set the maximum listen() backlog to 128. Apparently SOMAXCONN is + * neither high enough, nor a hard limit on mingw32. Again for BR#1795281. + * * Revision 1.44 2007/09/15 13:01:31 fabiankeil * Increase listen() backlog to SOMAXCONN (or 128) to decrease * chances of dropped connections under load. Problem reported @@ -706,30 +710,34 @@ int bind_port(const char *hostnam, int portnum, jb_socket *pfd) /********************************************************************* * - * Function : accept_connection + * Function : get_host_information * - * Description : Accepts a connection on a socket. Socket must have - * been created using bind_port(). + * Description : Determines the IP address the client used to + * reach us and the hostname associated with it. + * + * XXX: Most of the code has been copy and pasted + * from accept_connection() and not all of the + * ifdefs paths have been tested afterwards. * * Parameters : - * 1 : csp = Client state, cfd, ip_addr_str, and - * ip_addr_long will be set by this routine. - * 2 : fd = file descriptor returned from bind_port + * 1 : afd = File descriptor returned from accept(). + * 2 : ip_address = Pointer to return the pointer to + * the ip address string. + * 3 : hostname = Pointer to return the pointer to + * the hostname. * - * Returns : when a connection is accepted, it returns 1 (TRUE). - * On an error it returns 0 (FALSE). + * Returns : void. * *********************************************************************/ -int accept_connection(struct client_state * csp, jb_socket fd) +void get_host_information(jb_socket afd, char **ip_address, char **hostname) { - struct sockaddr_in client, server; + struct sockaddr_in server; struct hostent *host = NULL; - jb_socket afd; #if defined(_WIN32) || defined(__OS2__) || defined(__APPLE_CC__) || defined(AMIGA) - /* Wierdness - fix a warning. */ - int c_length, s_length; + /* according to accept_connection() this fixes a warning. */ + int s_length; #else - socklen_t c_length, s_length; + socklen_t s_length; #endif #if defined(HAVE_GETHOSTBYADDR_R_8_ARGS) || defined(HAVE_GETHOSTBYADDR_R_7_ARGS) || defined(HAVE_GETHOSTBYADDR_R_5_ARGS) struct hostent result; @@ -740,33 +748,14 @@ int accept_connection(struct client_state * csp, jb_socket fd) int thd_err; #endif /* def HAVE_GETHOSTBYADDR_R_5_ARGS */ #endif /* def HAVE_GETHOSTBYADDR_R_(8|7|5)_ARGS */ + s_length = sizeof(server); - c_length = s_length = sizeof(client); - -#ifdef _WIN32 - afd = accept (fd, (struct sockaddr *) &client, &c_length); - if (afd == JB_INVALID_SOCKET) - { - return 0; - } -#else - do - { - afd = accept (fd, (struct sockaddr *) &client, &c_length); - } while (afd < 1 && errno == EINTR); - if (afd < 0) - { - return 0; - } -#endif + *hostname = NULL; + *ip_address = NULL; - /* - * Determine the IP-Adress that the client used to reach us - * and the hostname associated with that address - */ if (!getsockname(afd, (struct sockaddr *) &server, &s_length)) { - csp->my_ip_addr_str = strdup(inet_ntoa(server.sin_addr)); + *ip_address = strdup(inet_ntoa(server.sin_addr)); #if defined(HAVE_GETHOSTBYADDR_R_8_ARGS) gethostbyaddr_r((const char *)&server.sin_addr, sizeof(server.sin_addr), AF_INET, @@ -802,11 +791,61 @@ int accept_connection(struct client_state * csp, jb_socket fd) } else { - csp->my_hostname = strdup(host->h_name); + *hostname = strdup(host->h_name); } } - csp->cfd = afd; + return; +} + + +/********************************************************************* + * + * Function : accept_connection + * + * Description : Accepts a connection on a socket. Socket must have + * been created using bind_port(). + * + * Parameters : + * 1 : csp = Client state, cfd, ip_addr_str, and + * ip_addr_long will be set by this routine. + * 2 : fd = file descriptor returned from bind_port + * + * Returns : when a connection is accepted, it returns 1 (TRUE). + * On an error it returns 0 (FALSE). + * + *********************************************************************/ +int accept_connection(struct client_state * csp, jb_socket fd) +{ + struct sockaddr_in client; + jb_socket afd; +#if defined(_WIN32) || defined(__OS2__) || defined(__APPLE_CC__) || defined(AMIGA) + /* Wierdness - fix a warning. */ + int c_length; +#else + socklen_t c_length; +#endif + + c_length = sizeof(client); + +#ifdef _WIN32 + afd = accept (fd, (struct sockaddr *) &client, &c_length); + if (afd == JB_INVALID_SOCKET) + { + return 0; + } +#else + do + { + afd = accept (fd, (struct sockaddr *) &client, &c_length); + } while (afd < 1 && errno == EINTR); + if (afd < 0) + { + return 0; + } +#endif + + csp->cfd = afd; csp->ip_addr_str = strdup(inet_ntoa(client.sin_addr)); csp->ip_addr_long = ntohl(client.sin_addr.s_addr); diff --git a/jbsockets.h b/jbsockets.h index a0cb9f27..72bfc69e 100644 --- a/jbsockets.h +++ b/jbsockets.h @@ -1,9 +1,9 @@ #ifndef JBSOCKETS_H_INCLUDED #define JBSOCKETS_H_INCLUDED -#define JBSOCKETS_H_VERSION "$Id: jbsockets.h,v 1.9.2.1 2002/05/26 23:41:27 joergs Exp $" +#define JBSOCKETS_H_VERSION "$Id: jbsockets.h,v 1.12 2006/07/18 14:48:46 david__schmidt Exp $" /********************************************************************* * - * File : $Source: /cvsroot/ijbswa/current/Attic/jbsockets.h,v $ + * File : $Source: /cvsroot/ijbswa/current/jbsockets.h,v $ * * Purpose : Contains wrappers for system-specific sockets code, * so that the rest of Junkbuster can be more @@ -37,6 +37,10 @@ * * Revisions : * $Log: jbsockets.h,v $ + * Revision 1.12 2006/07/18 14:48:46 david__schmidt + * Reorganizing the repository: swapping out what was HEAD (the old 3.1 branch) + * with what was really the latest development (the v_3_0_branch branch) + * * Revision 1.9.2.1 2002/05/26 23:41:27 joergs * AmigaOS: Fixed wrong type of len in write_socket() * @@ -113,6 +117,7 @@ extern void close_socket(jb_socket fd); extern int bind_port(const char *hostnam, int portnum, jb_socket *pfd); extern int accept_connection(struct client_state * csp, jb_socket fd); +extern void get_host_information(jb_socket afd, char **ip_address, char **hostname); extern unsigned long resolve_hostname_to_ip(const char *host);