* introduced because the compile command line started
* getting ludicrously long with feature defines.
*
- * Copyright : Written by and Copyright (C) 2001-2014 the
+ * Copyright : Written by and Copyright (C) 2001-2021 the
* Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
*/
#undef FEATURE_DYNAMIC_PCRE
+/*
+ * Should pcrs use pcre JIT compilation if it's supported?
+ */
+#undef DISABLE_PCRE_JIT_COMPILATION
+
/*
* Should pcrs be statically built in instead of linkling with libpcrs?
* (This is determined by configure depending on the availiability of
* Purpose : Simple CGIs to get information about Privoxy's
* status.
*
- * Copyright : Written by and Copyright (C) 2001-2020 the
+ * Copyright : Written by and Copyright (C) 2001-2021 the
* Privoxy team. https://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
CFLAGS="$CFLAGS -DNDEBUG"
fi
+AC_ARG_WITH(asan, [ --with-asan Enable AddressSanitizer. Requires compiler support.])
+if test "x$with_asan" = "xyes"; then
+ CFLAGS="$CFLAGS -fsanitize=address"
+ LDFLAGS="$LDFLAGS -fsanitize=address"
+fi
+
+AC_ARG_WITH(asan, [ --with-msan Enable MemorySanitizer. Requires compiler support.])
+if test "x$with_msan" = "xyes"; then
+ CFLAGS="$CFLAGS -fsanitize=memory"
+ LDFLAGS="$LDFLAGS -fsanitize=memory"
+fi
+
+AC_ARG_WITH(usan, [ --with-usan Enable UndefinedBehaviorSanitizer. Requires compiler support.])
+if test "x$with_usan" = "xyes"; then
+ CFLAGS="$CFLAGS -fsanitize=undefined"
+ LDFLAGS="$LDFLAGS -fsanitize=undefined"
+fi
+
dnl =================================================================
dnl Check for user and group validity
dnl =================================================================
AC_SUBST(W3M)
AC_SUBST(DB2HTML)
-dnl If we use rpm, we need to check where %_topdir is
-AC_CHECK_PROGS(RPMBIN,rpm,false)
-if test $RPMBIN != false; then
- RPM_BASE=`rpm --eval "%{_topdir}"`
- if test "$RPM_BASE" = ""; then
- RPM_BASE=/usr/src/redhat
- fi
-fi
-AC_SUBST(RPM_BASE)
-
dnl prefer openjade to jade
dnl Check for jade, so we can build the documentation
AC_CHECK_PROGS(JADEBIN,openjade jade,false)
if test $have_pthread = yes; then
AC_MSG_WARN([pthreads seem to be available but you are using --disable-pthread.])
AC_MSG_WARN([This is almost always a mistake and can render Privoxy unacceptable slow.])
+ AC_MSG_WARN([Also various Privoxy features only work when using threads and won't even compile without them.])
fi
have_pthread=no
fi])
AC_DEFINE(FEATURE_PCRE_HOST_PATTERNS)
fi])
+AC_ARG_ENABLE(pcre-jit-compilation,
+[ --disable-pcre-jit-compilation Don't let pcrs use pcre JIT compilation even if pcre supports it.],
+[if test $enableval != yes; then
+ AC_DEFINE(DISABLE_PCRE_JIT_COMPILATION)
+fi])
+
AC_ARG_ENABLE(external-filters,
[ --enable-external-filters Allow to filter content with scripts and programs. Experimental.],
[if test $enableval = yes; then
Wan-Teh Chang
Sam Chen
Ramkumar Chinchani
+ Gwyn Ciesla
Billy Crook
Frédéric Crozat
Matthew Daley
}
log_error(LOG_LEVEL_HEADER, "Encrypted request processed");
- log_applied_actions(csp->action);
log_error(LOG_LEVEL_REQUEST, "https://%s%s", csp->http->hostport,
csp->http->path);
return;
}
+ log_applied_actions(csp->action);
+
log_error(LOG_LEVEL_CONNECT,
"Reusing server socket %d connected to %s. Requests already sent: %u.",
csp->server_connection.sfd, csp->server_connection.host,
last->next = malloc_or_die(sizeof(struct certs_chain));
last->next->next = NULL;
memset(last->next->info_buf, 0, sizeof(last->next->info_buf));
- memset(last->next->file_buf, 0, sizeof(last->next->file_buf));
+ last->next->file_buf = NULL;
/*
* Saving certificate file into buffer
len = BIO_get_mem_data(bio, &bio_mem_data);
- if (len > (sizeof(last->file_buf) - 1))
+ last->file_buf = malloc((size_t)len + 1);
+ if (last->file_buf == NULL)
{
log_error(LOG_LEVEL_ERROR,
- "X509 PEM cert len %ld is larger than buffer len %lu",
- len, sizeof(last->file_buf) - 1);
- len = sizeof(last->file_buf) - 1;
+ "Failed to allocate %lu bytes to store the X509 PEM certificate",
+ len + 1);
+ ret = -1;
+ goto exit;
}
strncpy(last->file_buf, bio_mem_data, (size_t)len);
+ last->file_buf[len] = '\0';
BIO_free(bio);
bio = BIO_new(BIO_s_mem());
if (!bio)
v++;
}
+ if (filter_server_headers &&
+ (csp->flags & CSP_FLAG_SERVER_CONTENT_LENGTH_SET) &&
+ (csp->flags & CSP_FLAG_CHUNKED))
+ {
+ /* RFC 2616 4.4 3 */
+ log_error(LOG_LEVEL_HEADER, "Ignoring the Content-Length header "
+ "sent by the server as the response is chunk-encoded.");
+ csp->flags &= ~CSP_FLAG_CONTENT_LENGTH_SET;
+ csp->expected_content_length = 0;
+ }
+
/* place additional headers on the csp->headers list */
while ((err == JB_ERR_OK) && (*f))
{
#ifdef PCRE_STUDY_JIT_COMPILE
+#ifdef DISABLE_PCRE_JIT_COMPILATION
+#warning PCRE_STUDY_JIT_COMPILE is supported but Privoxy has been configured not to use it
+#else
if (!(flags & PCRS_DYNAMIC))
{
pcre_study_options = PCRE_STUDY_JIT_COMPILE;
}
+#endif
#endif
/*
* Macros for SSL structures
*/
#define CERT_INFO_BUF_SIZE 4096
-#define CERT_FILE_BUF_SIZE 16384
#define ISSUER_NAME_BUF_SIZE 2048
#define HASH_OF_HOST_BUF_SIZE 16
#endif /* FEATURE_HTTPS_INSPECTION */
*/
typedef struct certs_chain {
char info_buf[CERT_INFO_BUF_SIZE]; /* text info about properties of certificate */
- char file_buf[CERT_FILE_BUF_SIZE]; /* buffer for whole certificate - format to save in file */
+ char *file_buf; /* buffer for whole certificate - format to save in file */
struct certs_chain *next; /* next certificate in chain of trust */
} certs_chain_t;
#endif
* using mbedTLS.
*
* Copyright : Written by and Copyright (c) 2017-2020 Vaclav Svec. FIT CVUT.
- * Copyright (C) 2018-2020 by Fabian Keil <fk@fabiankeil.de>
+ * Copyright (C) 2018-2021 by Fabian Keil <fk@fabiankeil.de>
*
* This program is free software; you can redistribute it
* and/or modify it under the terms of the GNU General
struct certs_chain *last = &(csp->server_certs_chain);
size_t olen = 0;
int ret = 0;
+ size_t pem_buffer_length;
/*
* Searching for last item in certificates linked list
last->next = malloc_or_die(sizeof(struct certs_chain));
last->next->next = NULL;
memset(last->next->info_buf, 0, sizeof(last->next->info_buf));
- memset(last->next->file_buf, 0, sizeof(last->next->file_buf));
+ last->next->file_buf = NULL;
+
+ ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, crt->raw.p,
+ crt->raw.len, NULL, 0, &olen);
+ if (MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL != ret)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Failed to figure out the required X509 PEM certificate buffer size");
+ return -1;
+ }
+ pem_buffer_length = olen;
+
+ last->file_buf = malloc(pem_buffer_length);
+ if (last->file_buf == NULL)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Failed to allocate %lu bytes to store the X509 PEM certificate",
+ pem_buffer_length);
+ return -1;
+ }
/*
* Saving certificate file into buffer
*/
if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT,
crt->raw.p, crt->raw.len, (unsigned char *)last->file_buf,
- sizeof(last->file_buf)-1, &olen)) != 0)
+ pem_buffer_length, &olen)) != 0)
{
char err_buf[ERROR_BUF_SIZE];
/* Cleaning buffers */
memset(csp->server_certs_chain.info_buf, 0,
sizeof(csp->server_certs_chain.info_buf));
- memset(csp->server_certs_chain.file_buf, 0,
- sizeof(csp->server_certs_chain.file_buf));
+ freez(csp->server_certs_chain.file_buf);
+
csp->server_certs_chain.next = NULL;
/* Freeing memory in whole linked list */
{
struct certs_chain *cert_for_free = cert;
cert = cert->next;
+
+ /* Cleaning buffers */
+ memset(cert_for_free->info_buf, 0, sizeof(cert_for_free->info_buf));
+ freez(cert_for_free->file_buf);
+
freez(cert_for_free);
}
}
# Complete client request followed by 59 bytes of pipelined data received.
$c =~ s@(?<=followed by )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+ } elsif ($c =~ m/^The peer notified us that the connection on socket/) {
+
+ # The peer notified us that the connection on socket 11 is going to be closed
+ $c =~ s@(?<=socket )(\d+)@$h{'Number'}$1$h{'Standard'}@;
+
} elsif ($c =~ m/^Looks like we / or
$c =~ m/^Unsetting keep-alive flag/ or
$c =~ m/^No connections to wait/ or