-const char filters_rcs[] = "$Id: filters.c,v 1.80 2007/02/07 10:55:20 fabiankeil Exp $";
+const char filters_rcs[] = "$Id: filters.c,v 1.81 2007/03/05 14:40:53 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/filters.c,v $
*
* Revisions :
* $Log: filters.c,v $
+ * Revision 1.81 2007/03/05 14:40:53 fabiankeil
+ * - Cosmetical changes for LOG_LEVEL_RE_FILTER messages.
+ * - Hide the "Go there anyway" link for blocked CONNECT
+ * requests where going there anyway doesn't work anyway.
+ *
* Revision 1.80 2007/02/07 10:55:20 fabiankeil
* - Save the reason for generating http_responses.
* - Block (+block) with status code 403 instead of 404.
* Returns : 0 => Ok, everything else is an error.
*
*********************************************************************/
-int acl_addr(char *aspec, struct access_control_addr *aca)
+int acl_addr(const char *aspec, struct access_control_addr *aca)
{
- int i, masklength, port;
+ int i, masklength;
+ long port;
char *p;
+ char *acl_spec = NULL;
masklength = 32;
port = 0;
- if ((p = strchr(aspec, '/')) != NULL)
+ /*
+ * Use a temporary acl spec copy so we can log
+ * the unmodified original in case of parse errors.
+ */
+ acl_spec = strdup(aspec);
+ if (acl_spec == NULL)
{
- *p++ = '\0';
+ /* XXX: This will be logged as parse error. */
+ return(-1);
+ }
+ if ((p = strchr(acl_spec, '/')) != NULL)
+ {
+ *p++ = '\0';
if (ijb_isdigit(*p) == 0)
{
+ free(acl_spec);
return(-1);
}
masklength = atoi(p);
if ((masklength < 0) || (masklength > 32))
{
+ free(acl_spec);
return(-1);
}
- if ((p = strchr(aspec, ':')) != NULL)
+ if ((p = strchr(acl_spec, ':')) != NULL)
{
+ char *endptr;
+
*p++ = '\0';
+ port = strtol(p, &endptr, 10);
- if (ijb_isdigit(*p) == 0)
+ if (port <= 0 || port > 65535 || *endptr != '\0')
{
+ free(acl_spec);
return(-1);
}
- port = atoi(p);
}
- aca->port = port;
+ aca->port = (unsigned long)port;
- aca->addr = ntohl(resolve_hostname_to_ip(aspec));
+ aca->addr = ntohl(resolve_hostname_to_ip(acl_spec));
+ free(acl_spec);
if (aca->addr == INADDR_NONE)
{
+ /* XXX: This will be logged as parse error. */
return(-1);
}
csp->content_type &= ~CT_DEFLATE;
return(NULL);
}
- log_error(LOG_LEVEL_RE_FILTER, "Decompression successful");
+ log_error(LOG_LEVEL_RE_FILTER,
+ "Decompression successful. Old size: %d, new size: %d.",
+ size, csp->iob->eod - csp->iob->cur);
/*
* Decompression gives us a completely new iob,
#ifndef FILTERS_H_INCLUDED
#define FILTERS_H_INCLUDED
-#define FILTERS_H_VERSION "$Id: filters.h,v 1.24 2006/12/29 18:30:46 fabiankeil Exp $"
+#define FILTERS_H_VERSION "$Id: filters.h,v 1.25 2007/01/12 15:36:44 fabiankeil Exp $"
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/filters.h,v $
*
* Revisions :
* $Log: filters.h,v $
+ * Revision 1.25 2007/01/12 15:36:44 fabiankeil
+ * Mark *csp as immutable for is_untrusted_url()
+ * and is_imageurl(). Closes FR 1237736.
+ *
* Revision 1.24 2006/12/29 18:30:46 fabiankeil
* Fixed gcc43 conversion warnings,
* changed sprintf calls to snprintf.
*/
#ifdef FEATURE_ACL
extern int block_acl(struct access_control_addr *dst, struct client_state *csp);
-extern int acl_addr(char *aspec, struct access_control_addr *aca);
+extern int acl_addr(const char *aspec, struct access_control_addr *aca);
#endif /* def FEATURE_ACL */
extern int match_portlist(const char *portlist, int port);