-const char filters_rcs[] = "$Id: filters.c,v 2.6 2003/09/25 02:37:32 david__schmidt Exp $";
+const char filters_rcs[] = "$Id: filters.c,v 1.58.2.9 2006/01/29 23:10:56 david__schmidt Exp $";
/*********************************************************************
*
- * File : $Source: /cvsroot/ijbswa/current/src/filters.c,v $
+ * File : $Source: /cvsroot/ijbswa/current/Attic/filters.c,v $
*
* Purpose : Declares functions to parse/crunch headers and pages.
* Functions declared include:
*
* Revisions :
* $Log: filters.c,v $
- * Revision 2.6 2003/09/25 02:37:32 david__schmidt
- * Feature request 595948: Re-Filter logging in single line
- *
- * Revision 2.5 2003/09/22 00:33:01 david__schmidt
- * Enable sending a custom 'blocked' image. Shows up as
- * "image-blocker-custom-file" parameter in config, and
- * "+set-image-blocker{custom}" in action files.
- *
- * Revision 2.4 2003/01/21 02:49:27 david__schmidt
- * Developer TODO 612294: src: C++ keyword as variable name
- * I changed all ocurrences of 'new' to 'new_something' wherever I found
- * one. I also brought up all the source files in MSDEV to see if I could
- * spot any highlighted keywords that really were variables. Non-scientific,
- * but at least I tried. :-)
- *
- * Revision 2.3 2002/12/28 03:58:19 david__schmidt
- * Initial drop of dashboard instrumentation - enabled with
- * --enable-activity-console
- *
- * Revision 2.2 2002/09/04 15:38:24 oes
- * Synced with the stable branch:
- * Revision 1.58.2.2 2002/08/01 17:18:28 oes
- * Fixed BR 537651 / SR 579724 (MSIE image detect improper for IE/Mac)
- *
- * Revision 1.58.2.1 2002/07/26 15:18:53 oes
- * - Bugfix: Executing a filters without jobs no longer results in
- * turing off *all* filters.
- * - Security fix: Malicious web servers can't cause a seg fault
- * through bogus chunk sizes anymore
- *
- * Revision 2.1 2002/08/26 11:08:18 sarantis
- * Fix typo.
- *
- * Revision 2.0 2002/06/04 14:34:21 jongfoster
- * Moving source files to src/
+ * Revision 1.58.2.9 2006/01/29 23:10:56 david__schmidt
+ * Multiple filter file support
+ *
+ * Revision 1.58.2.8 2005/05/07 21:50:55 david__schmidt
+ * A few memory leaks plugged (mostly on error paths)
+ *
+ * Revision 1.58.2.7 2004/10/03 12:53:32 david__schmidt
+ * Add the ability to check jpeg images for invalid
+ * lengths of comment blocks. Defensive strategy
+ * against the exploit:
+ * Microsoft Security Bulletin MS04-028
+ * Buffer Overrun in JPEG Processing (GDI+) Could
+ * Allow Code Execution (833987)
+ * Enabled with +inspect-jpegs in actions files.
+ *
+ * Revision 1.58.2.6 2003/12/06 22:18:27 gliptak
+ * Correcting compile problem with FEATURE_IMAGE_BLOCKING
+ *
+ * Revision 1.58.2.5 2003/11/11 13:10:31 oes
+ * Fixed bug #839859: "See why" link URL now gets url-encoded.
+ *
+ * Revision 1.58.2.4 2003/02/28 12:52:45 oes
+ * Fixed a typo
+ *
+ * Revision 1.58.2.3 2002/09/25 14:51:51 oes
+ * Added basic support for OPTIONS and TRACE HTTP methods:
+ * New function direct_response which handles OPTIONS and
+ * TRACE requests whose Max-Forwards header field is zero.
+ *
+ * Revision 1.58.2.2 2002/08/01 17:18:28 oes
+ * Fixed BR 537651 / SR 579724 (MSIE image detect improper for IE/Mac)
+ *
+ * Revision 1.58.2.1 2002/07/26 15:18:53 oes
+ * - Bugfix: Executing a filters without jobs no longer results in
+ * turing off *all* filters.
+ * - Security fix: Malicious web servers can't cause a seg fault
+ * through bogus chunk sizes anymore
*
* Revision 1.58 2002/04/24 02:11:17 oes
* Jon's multiple AF patch: url_actions now evaluates rules
* generic content modification interface of pcrs_filter_response
* and acts as a wrapper to deanimate.c:gif_deanimate()
* - Renamed re_process_buffer to pcrs_filter_response
- * - pcrs_filter_response now returns NULL on failure
+ * - pcrs_filter_response now returns NULL on failiure
* - Removed all #ifdef PCRS
*
* Revision 1.20 2001/07/01 17:01:04 oes
#include "list.h"
#include "deanimate.h"
#include "urlmatch.h"
-#ifdef FEATURE_ACTIVITY_CONSOLE
-#include "stats.h"
-#endif /* def FEATURE_ACTIVITY_CONSOLE */
+
#ifdef _WIN32
#include "win32.h"
#endif
}
else
{
-#ifdef FEATURE_ACTIVITY_CONSOLE
- accumulate_stats(STATS_ACL_RESTRICT, 1);
-#endif /* def FEATURE_ACTIVITY_CONSOLE */
return(1);
}
}
*********************************************************************/
struct http_response *block_url(struct client_state *csp)
{
-#ifdef FEATURE_IMAGE_BLOCKING
- char *p;
-#endif /* def FEATURE_IMAGE_BLOCKING */
struct http_response *rsp;
/*
if (((csp->action->flags & ACTION_IMAGE_BLOCKER) != 0)
&& is_imageurl(csp))
{
+ char *p;
/* determine HOW images should be blocked */
p = csp->action->string[ACTION_STRING_IMAGE_BLOCKER];
/* and handle accordingly: */
if ((p == NULL) || (0 == strcmpic(p, "pattern")))
{
-#ifdef FEATURE_ACTIVITY_CONSOLE
- accumulate_stats(STATS_IMAGE_BLOCK, 1);
-#endif /* def FEATURE_ACTIVITY_CONSOLE */
rsp->body = bindup(image_pattern_data, image_pattern_length);
if (rsp->body == NULL)
{
else if (0 == strcmpic(p, "blank"))
{
-#ifdef FEATURE_ACTIVITY_CONSOLE
- accumulate_stats(STATS_IMAGE_BLOCK, 1);
-#endif /* def FEATURE_ACTIVITY_CONSOLE */
rsp->body = bindup(image_blank_data, image_blank_length);
if (rsp->body == NULL)
{
}
}
- else if (0 == strcmpic(p, "custom"))
- {
- rsp->body = bindup(csp->config->image_blocker_data, csp->config->image_blocker_length);
- if (rsp->body == NULL)
- {
- free_http_response(rsp);
- return cgi_error_memory();
- }
- rsp->content_length = csp->config->image_blocker_length;
-
- if (enlist_unique_header(rsp->headers, "Content-Type", csp->config->image_blocker_format))
- {
- free_http_response(rsp);
- return cgi_error_memory();
- }
- }
-
else
{
rsp->status = strdup("302 Local Redirect from Privoxy");
{
jb_err err;
struct map * exports;
+ char *p;
/*
* Workaround for stupid Netscape bug which prevents
if (!err) err = map(exports, "protocol", 1, csp->http->ssl ? "https://" : "http://", 1);
if (!err) err = map(exports, "hostport", 1, html_encode(csp->http->hostport), 0);
if (!err) err = map(exports, "path", 1, html_encode(csp->http->path), 0);
+ if (!err) err = map(exports, "path-ue", 1, url_encode(csp->http->path), 0);
if (err)
{
string_append(&p, buf);
}
err = map(exports, "trusted-referrers", 1, p, 0);
+ freez(p);
if (err)
{
string_append(&p, buf);
}
err = map(exports, "trust-info", 1, p, 0);
+ freez(p);
}
else
{
char *pcrs_filter_response(struct client_state *csp)
{
int hits=0;
- size_t size, prev_size;
+ size_t size;
- char *old_buf = csp->iob->cur, *new_buf = NULL;
+ char *old = csp->iob->cur, *new = NULL;
pcrs_job *job;
struct file_list *fl;
struct re_filterfile_spec *b;
struct list_entry *filtername;
+ int i, found_filters = 0;
+
/*
* Sanity first
*/
}
size = csp->iob->eod - csp->iob->cur;
- if ( ( NULL == (fl = csp->rlist) ) || ( NULL == fl->f) )
+ /*
+ * Need to check the set of re_filterfiles...
+ */
+ for (i = 0; i < MAX_AF_FILES; i++)
+ {
+ fl = csp->rlist[i];
+ if (NULL != fl)
+ {
+ if (NULL != fl->f)
+ {
+ found_filters = 1;
+ break;
+ }
+ }
+ }
+
+ if (0 == found_filters)
{
log_error(LOG_LEVEL_ERROR, "Unable to get current state of regexp filtering.");
- return(NULL);
+ return(NULL);
}
/*
csp->flags |= CSP_FLAG_MODIFIED;
}
+ for (i = 0; i < MAX_AF_FILES; i++)
+ {
+ fl = csp->rlist[i];
+ if ((NULL == fl) || (NULL == fl->f))
+ break;
/*
* For all applying +filter actions, look if a filter by that
* name exists and if yes, execute it's pcrs_joblist on the
continue;
}
- prev_size = size;
+ log_error(LOG_LEVEL_RE_FILTER, "re_filtering %s%s (size %d) with filter %s...",
+ csp->http->hostport, csp->http->path, size, b->name);
+
/* Apply all jobs from the joblist */
for (job = b->joblist; NULL != job; job = job->next)
{
- current_hits += pcrs_execute(job, old_buf, size, &new_buf, &size);
- if (old_buf != csp->iob->cur) free(old_buf);
- old_buf=new_buf;
+ current_hits += pcrs_execute(job, old, size, &new, &size);
+ if (old != csp->iob->cur) free(old);
+ old=new;
}
- log_error(LOG_LEVEL_RE_FILTER, "re_filtering %s%s (size %d) with filter %s produced %d hits (new size %d).",
- csp->http->hostport, csp->http->path, prev_size, b->name, current_hits, size);
-
+ log_error(LOG_LEVEL_RE_FILTER, " ...produced %d hits (new size %d).", current_hits, size);
hits += current_hits;
}
}
}
+ }
/*
* If there were no hits, destroy our copy and let
*/
if (!hits)
{
- free(new_buf);
+ free(new);
return(NULL);
}
-#ifdef FEATURE_ACTIVITY_CONSOLE
- else
- accumulate_stats(STATS_FILTER, hits);
-#endif /* def FEATURE_ACTIVITY_CONSOLE */
csp->flags |= CSP_FLAG_MODIFIED;
csp->content_length = size;
IOB_RESET(csp);
- return(new_buf);
+ return(new);
}
}
else
{
-#ifdef FEATURE_ACTIVITY_CONSOLE
- accumulate_stats(STATS_GIF_DEANIMATE, 1);
-#endif /* def FEATURE_ACTIVITY_CONSOLE */
log_error(LOG_LEVEL_DEANIMATE, "Success! GIF shrunk from %d bytes to %d.", size, out->offset);
}
csp->content_length = out->offset;
init_current_action(csp->action);
- for (i = 0; i < MAX_ACTION_FILES; i++)
+ for (i = 0; i < MAX_AF_FILES; i++)
{
if (((fl = csp->actions_list[i]) == NULL) || ((b = fl->f) == NULL))
{
}
+/*********************************************************************
+ *
+ * Function : direct_response
+ *
+ * Description : Check if Max-Forwards == 0 for an OPTIONS or TRACE
+ * request and if so, return a HTTP 501 to the client.
+ *
+ * FIXME: I have a stupid name and I should handle the
+ * requests properly. Still, what we do here is rfc-
+ * compliant, whereas ignoring or forwarding are not.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : http_response if , NULL if nonmatch or handler fail
+ *
+ *********************************************************************/
+struct http_response *direct_response(struct client_state *csp)
+{
+ struct http_response *rsp;
+ struct list_entry *p;
+
+ if ((0 == strcmpic(csp->http->gpc, "trace"))
+ || (0 == strcmpic(csp->http->gpc, "options")))
+ {
+ for (p = csp->headers->first; (p != NULL) ; p = p->next)
+ {
+ if (!strncmp("Max-Forwards:", p->str, 13)
+ && (*(p->str+13) != '\0') && (atoi(p->str+13) == 0))
+ {
+ /* FIXME: We could handle at least TRACE here,
+ but that would require a verbatim copy of
+ the request which we don't have anymore */
+
+ log_error(LOG_LEVEL_HEADER, "Found Max-Forwards:0 in OPTIONS or TRACE request -- Returning 501");
+
+ /* Get mem for response or fail*/
+ if (NULL == (rsp = alloc_http_response()))
+ {
+ return cgi_error_memory();
+ }
+
+ if (NULL == (rsp->status = strdup("501 Not Implemented")))
+ {
+ free_http_response(rsp);
+ return cgi_error_memory();
+ }
+
+ rsp->is_static = 1;
+ return(finish_http_response(rsp));
+ }
+ }
+ }
+ return NULL;
+}
+
+
/*
Local Variables:
tab-width: 3