-const char cgi_rcs[] = "$Id: cgi.c,v 1.151 2012/06/08 15:07:53 fabiankeil Exp $";
+const char cgi_rcs[] = "$Id: cgi.c,v 1.159 2014/10/18 11:31:25 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/cgi.c,v $
return NULL;
}
+ if (strcmpic(csp->http->gpc, "GET")
+ && strcmpic(csp->http->gpc, "HEAD"))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "CGI request with unsupported method received: %s", csp->http->gpc);
+ /*
+ * The CGI pages currently only support GET and HEAD requests.
+ *
+ * If the client used a different method, ditch any data following
+ * the current headers to reduce the likelihood of parse errors
+ * with the following request.
+ */
+ csp->client_iob->eod = csp->client_iob->cur;
+ }
+
/*
* This is a CGI call.
*/
if (*query_args_start == '/')
{
*query_args_start++ = '\0';
- if ((param_list = new_map()))
- {
- map(param_list, "file", 1, url_decode(query_args_start), 0);
+ param_list = new_map();
+ err = map(param_list, "file", 1, url_decode(query_args_start), 0);
+ if (JB_ERR_OK != err) {
+ free(param_list);
+ free(path_copy);
+ return cgi_error_memory();
}
}
else
*/
max_segments = 1;
}
- vector = malloc(max_segments * sizeof(char *));
+ vector = malloc_or_die(max_segments * sizeof(char *));
- if (NULL == vector)
- {
- return NULL;
- }
-
- if (NULL == (cgi_params = new_map()))
- {
- freez(vector);
- return NULL;
- }
+ cgi_params = new_map();
/*
* IE 5 does, of course, violate RFC 2316 Sect 4.1 and sends
*p = '\0';
}
- pairs = ssplit(argstring, "&", vector, max_segments, 1, 1);
+ pairs = ssplit(argstring, "&", vector, max_segments);
assert(pairs != -1);
if (pairs == -1)
{
case SOCKS_5:
socks_type = "socks5-";
break;
+ case SOCKS_5T:
+ socks_type = "socks5t-";
+ break;
default:
log_error(LOG_LEVEL_FATAL, "Unknown socks type: %d.", fwd->type);
}
rsp->head_length = 0;
rsp->is_static = 0;
- rsp->body = malloc(body_size);
- if (rsp->body == NULL)
- {
- return JB_ERR_MEMORY;
- }
+ rsp->body = malloc_or_die(body_size);
strlcpy(rsp->body, body_prefix, body_size);
strlcat(rsp->body, template_name, body_size);
strlcat(rsp->body, body_suffix, body_size);
rsp->is_static = 0;
rsp->crunch_reason = INTERNAL_ERROR;
- rsp->body = malloc(body_size);
- if (rsp->body == NULL)
- {
- return JB_ERR_MEMORY;
- }
+ rsp->body = malloc_or_die(body_size);
snprintf(rsp->body, body_size, "%s%d%s", body_prefix, error_to_report, body_suffix);
/* Let zlib figure out the maximum length of the compressed data */
new_length = compressBound((uLongf)*buffer_length);
- compressed_buffer = malloc(new_length);
- if (NULL == compressed_buffer)
- {
- log_error(LOG_LEVEL_FATAL,
- "Out of memory allocation compression buffer.");
- }
+ compressed_buffer = malloc_or_die(new_length);
if (Z_OK != compress2((Bytef *)compressed_buffer, &new_length,
(Bytef *)buffer, *buffer_length, compression_level))
* On error, free()s rsp and returns cgi_error_memory()
*
*********************************************************************/
-struct http_response *finish_http_response(const struct client_state *csp, struct http_response *rsp)
+struct http_response *finish_http_response(struct client_state *csp, struct http_response *rsp)
{
char buf[BUFFER_SIZE];
jb_err err;
if (!err)
{
snprintf(buf, sizeof(buf), "Content-Length: %d", (int)rsp->content_length);
+ /*
+ * Signal serve() that the client will be able to figure out
+ * the end of the response without having to close the connection.
+ */
+ csp->flags |= CSP_FLAG_SERVER_CONTENT_LENGTH_SET;
err = enlist(rsp->headers, buf);
}
if (!err) err = enlist_unique_header(rsp->headers, "Pragma", "no-cache");
}
- if (!err && !(csp->flags & CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE))
+ if (!err && (!(csp->flags & CSP_FLAG_CLIENT_CONNECTION_KEEP_ALIVE)
+ || (csp->flags & CSP_FLAG_SERVER_SOCKET_TAINTED)))
{
err = enlist_unique_header(rsp->headers, "Connection", "close");
}
assert(csp);
exports = new_map();
- if (exports == NULL)
- {
- return NULL;
- }
if (csp->config->hostname)
{