privoxy.git
4 years agoremember_connection(): Add assertion to silence bogus cppcheck warnings
Fabian Keil [Sat, 30 May 2020 07:20:16 +0000 (09:20 +0200)]
remember_connection(): Add assertion to silence bogus cppcheck warnings

     gateway.c:221:23: error: Array 'reusable_connection[100]' accessed at index 100, which is out of bounds. [arrayIndexOutOfBounds]
        reusable_connection[slot].host = strdup_or_die(connection->host);
                           ^
     gateway.c:198:4: note: After for loop, slot has value 100
        for (slot = 0; slot < SZ(reusable_connection); slot++)
        ^
     [...]

4 years agoStart using ssl_send_data_delayed()
Fabian Keil [Sat, 30 May 2020 03:41:23 +0000 (05:41 +0200)]
Start using ssl_send_data_delayed()

... so the delay-response{} action works with SSL as well.

Sponsored by: Robert Klemme

4 years agoAdd ssl_send_data_delayed()
Fabian Keil [Sat, 30 May 2020 03:39:32 +0000 (05:39 +0200)]
Add ssl_send_data_delayed()

... a SSL version of write_socket_delayed().

Based on a patch by Vašek Švec.

4 years agoRename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST
Fabian Keil [Fri, 29 May 2020 16:57:28 +0000 (18:57 +0200)]
Rename LOG_LEVEL_GPC to LOG_LEVEL_REQUEST

Only the shadow knows what "GPC" is supposed to stand for.

4 years agoBump copyright
Fabian Keil [Fri, 29 May 2020 15:19:47 +0000 (17:19 +0200)]
Bump copyright

4 years agoRename HTML block name 'https' to 'https-and-no-https-inspection'
Fabian Keil [Fri, 29 May 2020 06:30:27 +0000 (08:30 +0200)]
Rename HTML block name 'https' to 'https-and-no-https-inspection'

The block is only relevant when compiled without FEATURE_HTTPS_INSPECTION.

Sponsored by: Robert Klemme

4 years agoparse_http_url(): Only hide the path if FEATURE_HTTPS_INSPECTION in unavailable
Fabian Keil [Fri, 28 Feb 2020 08:33:25 +0000 (09:33 +0100)]
parse_http_url(): Only hide the path if FEATURE_HTTPS_INSPECTION in unavailable

This is relevant for the show-url-info CGI page
which should consider the whole URL when matching
with FEATURE_HTTPS_INSPECTION available.

Sponsored by: Robert Klemme

4 years agocgi_show_url_info(): Kill the "paths are ignored for https URLs" block
Fabian Keil [Fri, 28 Feb 2020 07:55:50 +0000 (08:55 +0100)]
cgi_show_url_info(): Kill the "paths are ignored for https URLs" block

... unconditionally if FEATURE_HTTPS_INSPECTION is available.

Sponsored by: Robert Klemme

4 years agoRegenerate docs
Fabian Keil [Fri, 29 May 2020 06:12:01 +0000 (08:12 +0200)]
Regenerate docs

4 years agoprivoxy-regression-test.pl: Fix a sentence in the documentation
Fabian Keil [Fri, 29 May 2020 05:36:27 +0000 (07:36 +0200)]
privoxy-regression-test.pl: Fix a sentence in the documentation

4 years agoDon't enable tunnelling if a CGI page is requested
Fabian Keil [Thu, 28 May 2020 11:54:30 +0000 (13:54 +0200)]
Don't enable tunnelling if a CGI page is requested

... even if HTTPS inspection is disabled.

This makes sure https://p.p/ and https://config.privoxy.org/
work even if Privoxy is toggled off.

Sponsored by: Robert Klemme

4 years agoIf a dynamic CGI page has been requested through https, use https URLs
Fabian Keil [Wed, 27 May 2020 07:02:47 +0000 (09:02 +0200)]
If a dynamic CGI page has been requested through https, use https URLs

... and accept https versions of the CGI pages as trusted referrers.

This prevents mixed-content warnings when accessing the
CGI pages through https.

Sponsored by: Robert Klemme

4 years agoAdd #159: Support Brotli compression
Fabian Keil [Fri, 29 May 2020 07:49:26 +0000 (09:49 +0200)]
Add #159: Support Brotli compression

4 years agoFix typo
Fabian Keil [Fri, 29 May 2020 07:38:54 +0000 (09:38 +0200)]
Fix typo

4 years agoRemove #54 as the git migration is done
Fabian Keil [Fri, 29 May 2020 07:35:05 +0000 (09:35 +0200)]
Remove #54 as the git migration is done

4 years agoRemove #123 as we now have proper support for https inspection
Fabian Keil [Fri, 29 May 2020 07:30:02 +0000 (09:30 +0200)]
Remove #123 as we now have proper support for https inspection

4 years agoBump copyright
Fabian Keil [Fri, 29 May 2020 07:27:17 +0000 (09:27 +0200)]
Bump copyright

4 years agoBump copyright
Fabian Keil [Fri, 29 May 2020 07:26:31 +0000 (09:26 +0200)]
Bump copyright

4 years agodefault.action.master: Update location of the development version
Fabian Keil [Fri, 29 May 2020 07:24:41 +0000 (09:24 +0200)]
default.action.master: Update location of the development version

4 years agoSync with updated 'Cautious' template which enables the 'no-brotli-accepted' client...
Fabian Keil [Fri, 29 May 2020 07:20:43 +0000 (09:20 +0200)]
Sync with updated 'Cautious' template which enables the 'no-brotli-accepted' client-header filter

4 years agoEnable 'no-brotli-accepted' client-header filter in all templates
Fabian Keil [Fri, 29 May 2020 07:19:51 +0000 (09:19 +0200)]
Enable 'no-brotli-accepted' client-header filter in all templates

4 years agoAdd 'no-brotli-accepted' filter which prevents the unsupported Brotli compression
Fabian Keil [Fri, 29 May 2020 07:09:38 +0000 (09:09 +0200)]
Add 'no-brotli-accepted' filter which prevents the unsupported Brotli compression

4 years agoAdd yet another reason why +prevent-compression may cause problems
Fabian Keil [Wed, 27 May 2020 11:01:56 +0000 (13:01 +0200)]
Add yet another reason why +prevent-compression may cause problems

4 years agoRename struct certs_chain member from text_buf to info_buf
Fabian Keil [Wed, 27 May 2020 10:13:32 +0000 (12:13 +0200)]
Rename struct certs_chain member from text_buf to info_buf

4 years agoHTML-encode the certificate info shown in case of verification failures
Fabian Keil [Wed, 27 May 2020 08:15:24 +0000 (10:15 +0200)]
HTML-encode the certificate info shown in case of verification failures

We don't want to allow code injection through crafted certificates.

Sponsored by: Robert Klemme

4 years agoBump copyright
Fabian Keil [Wed, 27 May 2020 10:00:31 +0000 (12:00 +0200)]
Bump copyright

4 years agoreceive_and_send_encrypted_post_data(): Change two more log messages
Fabian Keil [Mon, 25 May 2020 16:42:54 +0000 (18:42 +0200)]
receive_and_send_encrypted_post_data(): Change two more log messages

... from LOG_LEVEL_HEADER to LOG_LEVEL_CONNECT.

Sponsored by: Robert Klemme

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 10:18:36 +0000 (12:18 +0200)]
Fix typos

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 09:22:00 +0000 (11:22 +0200)]
Fix typos

4 years agoFix comment typo
Fabian Keil [Thu, 28 May 2020 09:20:13 +0000 (11:20 +0200)]
Fix comment typo

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 09:19:57 +0000 (11:19 +0200)]
Fix typos

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 09:19:30 +0000 (11:19 +0200)]
Fix typos

4 years agoFix typo
Fabian Keil [Thu, 28 May 2020 09:19:08 +0000 (11:19 +0200)]
Fix typo

4 years agoFix typo
Fabian Keil [Thu, 28 May 2020 09:15:57 +0000 (11:15 +0200)]
Fix typo

4 years agoFix typo
Fabian Keil [Thu, 28 May 2020 09:15:47 +0000 (11:15 +0200)]
Fix typo

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 09:15:33 +0000 (11:15 +0200)]
Fix typos

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 09:14:25 +0000 (11:14 +0200)]
Fix typos

4 years agoFix typo
Fabian Keil [Thu, 28 May 2020 09:14:06 +0000 (11:14 +0200)]
Fix typo

4 years agoFix typo
Fabian Keil [Thu, 28 May 2020 09:13:53 +0000 (11:13 +0200)]
Fix typo

4 years agoFix typo
Fabian Keil [Thu, 28 May 2020 09:13:21 +0000 (11:13 +0200)]
Fix typo

4 years agoFix typo
Fabian Keil [Thu, 28 May 2020 09:13:10 +0000 (11:13 +0200)]
Fix typo

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 09:12:58 +0000 (11:12 +0200)]
Fix typos

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 09:12:34 +0000 (11:12 +0200)]
Fix typos

4 years agoFix typo
Fabian Keil [Thu, 28 May 2020 09:12:20 +0000 (11:12 +0200)]
Fix typo

4 years agoFix typo
Fabian Keil [Thu, 28 May 2020 09:12:05 +0000 (11:12 +0200)]
Fix typo

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 09:11:55 +0000 (11:11 +0200)]
Fix typos

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 09:11:40 +0000 (11:11 +0200)]
Fix typos

4 years agoFix comment typos
Fabian Keil [Thu, 28 May 2020 09:11:16 +0000 (11:11 +0200)]
Fix comment typos

4 years agoFix comment typo
Fabian Keil [Thu, 28 May 2020 09:11:01 +0000 (11:11 +0200)]
Fix comment typo

4 years agoFix comment typo
Fabian Keil [Thu, 28 May 2020 09:10:29 +0000 (11:10 +0200)]
Fix comment typo

4 years agoFix comment typos
Fabian Keil [Thu, 28 May 2020 09:02:27 +0000 (11:02 +0200)]
Fix comment typos

4 years agoFix comment typos
Fabian Keil [Thu, 28 May 2020 09:00:43 +0000 (11:00 +0200)]
Fix comment typos

4 years agoFix typos
Fabian Keil [Thu, 28 May 2020 08:59:21 +0000 (10:59 +0200)]
Fix typos

4 years agoExtend is_ssl_pending()'s description
Fabian Keil [Mon, 25 May 2020 10:15:52 +0000 (12:15 +0200)]
Extend is_ssl_pending()'s description

... to note that it only considers data that has
already been received locally.

Sponsored by: Robert Klemme

4 years agoreceive_and_send_encrypted_post_data(): Change return code to int to match reality
Fabian Keil [Mon, 25 May 2020 10:07:56 +0000 (12:07 +0200)]
receive_and_send_encrypted_post_data(): Change return code to int to match reality

Sponsored by: Robert Klemme

4 years agoreceive_and_send_encrypted_post_data(): Change a log message from LOG_LEVEL_HEADER...
Fabian Keil [Mon, 25 May 2020 10:05:28 +0000 (12:05 +0200)]
receive_and_send_encrypted_post_data(): Change a log message from LOG_LEVEL_HEADER to LOG_LEVEL_CONNECT

Sponsored by: Robert Klemme

4 years agoreceive_and_send_encrypted_post_data(): Loop until no data is left
Fabian Keil [Mon, 25 May 2020 10:01:57 +0000 (12:01 +0200)]
receive_and_send_encrypted_post_data(): Loop until no data is left

... if the content length is known.

Previously data that wasn't received yet was ignored
which could result in incomplete uploads.

Sponsored by: Robert Klemme

4 years agoAdd www.vpncompare.co.uk as Bronze sponsor
Fabian Keil [Sat, 16 May 2020 09:07:07 +0000 (11:07 +0200)]
Add www.vpncompare.co.uk as Bronze sponsor

4 years agoSpell out 'version' in the http_request struct
Fabian Keil [Fri, 15 May 2020 18:56:44 +0000 (20:56 +0200)]
Spell out 'version' in the http_request struct

4 years agoWhen https inspecting, log the request later on
Fabian Keil [Fri, 15 May 2020 18:08:19 +0000 (20:08 +0200)]
When https inspecting, log the request later on

... once we have gathered the path.

Include the protocol to differentiate the log messages from those
for plain http (which currently don't include the protocol).

Sponsored by: Robert Klemme

4 years agocreate_server_ssl_connection(): Free certificate chain when the handshake fails
Fabian Keil [Fri, 15 May 2020 12:08:58 +0000 (14:08 +0200)]
create_server_ssl_connection(): Free certificate chain when the handshake fails

Fixes a memory leak.

Sponsored by: Robert Klemme

4 years agosend_crunch_response(): Log the whole URL for inspected https requests
Fabian Keil [Fri, 15 May 2020 10:52:30 +0000 (12:52 +0200)]
send_crunch_response(): Log the whole URL for inspected https requests

Sponsored by: Robert Klemme

4 years agoLog complete https request lines with LOG_LEVEL_CLF
Fabian Keil [Wed, 13 May 2020 09:53:12 +0000 (11:53 +0200)]
Log complete https request lines with LOG_LEVEL_CLF

... at the end of handle_established_connection().

Sponsored by: Robert Klemme

4 years agoImprove ssl_send_certificate_error()'s description
Fabian Keil [Fri, 15 May 2020 11:05:51 +0000 (13:05 +0200)]
Improve ssl_send_certificate_error()'s description

Sponsored by: Robert Klemme

4 years agoSimplify free_certificate_chain()
Fabian Keil [Thu, 14 May 2020 11:51:52 +0000 (13:51 +0200)]
Simplify free_certificate_chain()

Sponsored by: Robert Klemme

4 years agoSimplify code in handle_established_connection()
Fabian Keil [Sat, 29 Feb 2020 20:13:58 +0000 (21:13 +0100)]
Simplify code in handle_established_connection()

Sponsored by: Robert Klemme

4 years agossl_verify_callback(): Log when mbedtls_pem_write_buffer() fails
Fabian Keil [Wed, 4 Mar 2020 15:01:23 +0000 (16:01 +0100)]
ssl_verify_callback(): Log when mbedtls_pem_write_buffer() fails

Sponsored by: Robert Klemme

4 years agoRemove #16 'Filter SSL encrypted content as well' which is mostly implemented
Fabian Keil [Tue, 12 May 2020 22:31:38 +0000 (00:31 +0200)]
Remove #16 'Filter SSL encrypted content as well' which is mostly implemented

4 years agoAdd donor John Palkovic as contributor
Fabian Keil [Tue, 12 May 2020 11:45:59 +0000 (13:45 +0200)]
Add donor John Palkovic as contributor

4 years agoBump copyright
Fabian Keil [Tue, 12 May 2020 10:57:26 +0000 (12:57 +0200)]
Bump copyright

4 years agoAllow to configure https-inspection and ignore-certificate-errors with the CGI editor
Fabian Keil [Mon, 2 Mar 2020 11:15:05 +0000 (12:15 +0100)]
Allow to configure https-inspection and ignore-certificate-errors with the CGI editor

Sponsored by: Robert Klemme

4 years agosed_https(): Update the last https header after running sed()
Fabian Keil [Tue, 14 Apr 2020 12:15:56 +0000 (14:15 +0200)]
sed_https(): Update the last https header after running sed()

This is necessary because addtional header may have been added.

Fixes a crash triggered by an assertion.

Reported by:  Nedžad Hrnjica
Sponsored by: Robert Klemme

4 years agoFix a comment typo in sed_https()
Fabian Keil [Tue, 14 Apr 2020 12:09:31 +0000 (14:09 +0200)]
Fix a comment typo in sed_https()

4 years agoUpdate to upstream git ec5b42 and to Debian version 3.0.28-3.
Roland Rosenfeld [Sat, 4 Apr 2020 12:49:35 +0000 (14:49 +0200)]
Update to upstream git ec5b42 and to Debian version 3.0.28-3.

4 years agoRebuild docs
Fabian Keil [Thu, 12 Mar 2020 09:39:18 +0000 (10:39 +0100)]
Rebuild docs

4 years agoRemove www.vpnranks.com/ from the sponsor list
Fabian Keil [Thu, 12 Mar 2020 09:36:02 +0000 (10:36 +0100)]
Remove www.vpnranks.com/ from the sponsor list

4 years agoDon't claim that contributors need ssh
Fabian Keil [Fri, 6 Mar 2020 13:01:49 +0000 (14:01 +0100)]
Don't claim that contributors need ssh

It's only neede for committers.

4 years agoReplace obsolete CVS instructions with Git instructions
Fabian Keil [Fri, 6 Mar 2020 12:37:11 +0000 (13:37 +0100)]
Replace obsolete CVS instructions with Git instructions

4 years agoRemove a reference to CVS, we use Git now
Fabian Keil [Fri, 6 Mar 2020 12:30:36 +0000 (13:30 +0100)]
Remove a reference to CVS, we use Git now

4 years agoRemove an obsolete comment
Fabian Keil [Fri, 6 Mar 2020 12:27:46 +0000 (13:27 +0100)]
Remove an obsolete comment

4 years agoRemove a reference to CVS, we use Git now
Fabian Keil [Fri, 6 Mar 2020 12:27:34 +0000 (13:27 +0100)]
Remove a reference to CVS, we use Git now

4 years agoAdd a missing call to close_client_ssl_connection()
Fabian Keil [Tue, 10 Mar 2020 14:06:38 +0000 (15:06 +0100)]
Add a missing call to close_client_ssl_connection()

... to fix a memory leak.

Sponsored by: Robert Klemme

4 years agoprocess_encrypted_request(): Don't send an error response in case of unsupported...
Fabian Keil [Tue, 3 Mar 2020 11:26:33 +0000 (12:26 +0100)]
process_encrypted_request(): Don't send an error response in case of unsupported protocols

client_protocol_is_unsupported() already takes care of that.

Sponsored by: Robert Klemme

4 years agoclient_protocol_is_unsupported(): Send encrypted error message when necessary
Fabian Keil [Tue, 3 Mar 2020 11:21:32 +0000 (12:21 +0100)]
client_protocol_is_unsupported(): Send encrypted error message when necessary

Sponsored by: Robert Klemme

4 years agoprocess_encrypted_request(): Add more log messages in case of errors
Fabian Keil [Tue, 3 Mar 2020 11:17:45 +0000 (12:17 +0100)]
process_encrypted_request(): Add more log messages in case of errors

Sponsored by: Robert Klemme

4 years agohandle_established_connection(): Remove superfluous calls to close_client_and_server_...
Fabian Keil [Tue, 3 Mar 2020 10:27:07 +0000 (11:27 +0100)]
handle_established_connection(): Remove superfluous calls to close_client_and_server_ssl_connections()

... in the !client_use_ssl(csp) paths.

Sponsored by: Robert Klemme

4 years agohandle_established_connection(): Adjust indentation after 054d756c1ca
Fabian Keil [Tue, 3 Mar 2020 10:14:56 +0000 (11:14 +0100)]
handle_established_connection(): Adjust indentation after 054d756c1ca

No functional change.

Sponsored by: Robert Klemme

4 years agosend_https_request(): Don't call close_client_and_server_ssl_connections()
Fabian Keil [Tue, 3 Mar 2020 10:04:34 +0000 (11:04 +0100)]
send_https_request(): Don't call close_client_and_server_ssl_connections()

... inconsistenly. The caller already does it.

Sponsored by: Robert Klemme

4 years agoAdd a missing call to close_client_and_server_ssl_connections()
Fabian Keil [Mon, 2 Mar 2020 15:45:22 +0000 (16:45 +0100)]
Add a missing call to close_client_and_server_ssl_connections()

Not calling it caused memory leaks.

Sponsored by: Robert Klemme

4 years agodecompress_iob(): Free the temporary buffer when the buffer limit is reached
Fabian Keil [Mon, 2 Mar 2020 17:14:29 +0000 (18:14 +0100)]
decompress_iob(): Free the temporary buffer when the buffer limit is reached

... instead of leaking it.

Sponsored by: Robert Klemme

4 years agofree_csp_resources(): Destroy csp->client_tags
Fabian Keil [Mon, 2 Mar 2020 12:05:13 +0000 (13:05 +0100)]
free_csp_resources(): Destroy csp->client_tags

Fixes a memory leak when client tags are active.

Sponsored by: Robert Klemme

4 years agounload_configfile(): Use unload_forward_spec() instead of doing the work itself
Fabian Keil [Mon, 2 Mar 2020 11:36:40 +0000 (12:36 +0100)]
unload_configfile(): Use unload_forward_spec() instead of doing the work itself

... poorly. Previously the socks user name and password were leaked.

Sponsored by: Robert Klemme

4 years agounload_configfile(): free config->cors_allowed_origin
Fabian Keil [Mon, 2 Mar 2020 11:27:47 +0000 (12:27 +0100)]
unload_configfile(): free config->cors_allowed_origin

Fixes a small memory leak when reloading the config.

Sponsored by: Robert Klemme

4 years agofree_csp_resources(): Destroy csp->https_headers
Fabian Keil [Sun, 1 Mar 2020 15:40:01 +0000 (16:40 +0100)]
free_csp_resources(): Destroy csp->https_headers

Fixes a memory leak.

Sponsored by: Robert Klemme

4 years agohandle_established_connection(): Don't mess with csp->ssl_with_(server|client)_is_opened
Fabian Keil [Sun, 1 Mar 2020 14:31:24 +0000 (15:31 +0100)]
handle_established_connection(): Don't mess with csp->ssl_with_(server|client)_is_opened

This was a mismerge in 2111876638. The original code did
it in chat() were it doesn't hurt. Actually we don't need
to do it at all, as the variables are initialized to 0.

Zeroing the variables in handle_established_connection()
caused memory leaks as close_server_ssl_connection() and
close_client_ssl_connection() returned early,

Sponsored by: Robert Klemme

4 years agohandle_established_connection(): Remove pointless code
Fabian Keil [Sat, 29 Feb 2020 20:05:37 +0000 (21:05 +0100)]
handle_established_connection(): Remove pointless code

Sponsored by: Robert Klemme

4 years agoload_config(): Plug memory leaks
Fabian Keil [Sun, 1 Mar 2020 08:53:34 +0000 (09:53 +0100)]
load_config(): Plug memory leaks

Sponsored by: Robert Klemme

4 years agoSet the "Subject Alt Name" extension to when generating certificates
root [Fri, 28 Feb 2020 08:16:49 +0000 (08:16 +0000)]
Set the "Subject Alt Name" extension to when generating certificates

This is apparently required for the certificates to
be accepted by Chromium-based browsers.

Based on a patch by Nedžad Hrnjica.

Sponsored by: Robert Klemme

4 years agofinish_http_response(): Plug memory leak with CORS enabled
Fabian Keil [Sat, 29 Feb 2020 08:49:39 +0000 (09:49 +0100)]
finish_http_response(): Plug memory leak with CORS enabled

Introduced in 9fd58c0d, not in any release.

Fixes CID 267166 "Resource leaks".

4 years agoget_certificate_serial(): Remove dead code
Fabian Keil [Fri, 28 Feb 2020 12:39:58 +0000 (13:39 +0100)]
get_certificate_serial(): Remove dead code

Fixes CID 267164 "Logically dead code".

Sponsored by: Robert Klemme