'[privoxy-commits] current jcc.c, 1.428, 1.429 parsers.c, 1.286, 1.287 project.h, 1.206, 1.207'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       privoxy-commits
Subject:    [privoxy-commits] current jcc.c, 1.428, 1.429 parsers.c, 1.286, 1.287 project.h, 1.206, 1.207
From:       Fabian Keil <fabiankeil () users ! sourceforge ! net>
Date:       2014-07-25 11:55:13
Message-ID: E1XAe5k-0006B5-5M () sfs-ml-4 ! v29 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Update of /cvsroot/ijbswa/current
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv15884

Modified Files:
	jcc.c parsers.c project.h 
Log Message:
Reject requests with unsupported Expect header values

This changes the test status for the following Co-Advisor
tests from "Violation" to "Success":

rfc2616/unsuppExpect-0100-continue
rfc2616/unsuppExpect-100-continueing
rfc2616/unsuppExpect-expect=params
rfc2616/unsuppExpect-expect=quoted-100c

For RFC 2616 rejecting such requests was a MUST,
but RFC 7230 downgraded this to a MAY.


Index: project.h
===================================================================
RCS file: /cvsroot/ijbswa/current/project.h,v
retrieving revision 1.206
retrieving revision 1.207
diff -C2 -d -r1.206 -r1.207
*** project.h	2 Jun 2014 06:22:21 -0000	1.206
--- project.h	25 Jul 2014 11:55:11 -0000	1.207
***************
*** 849,852 ****
--- 849,856 ----
  #define CSP_FLAG_CHUNKED_CLIENT_BODY                0x01000000U
  
+ /**
+  * Flag for csp->flags: Set if the client set the Expect header
+  */
+ #define CSP_FLAG_UNSUPPORTED_CLIENT_EXPECTATION     0x02000000U
  
  /*

Index: jcc.c
===================================================================
RCS file: /cvsroot/ijbswa/current/jcc.c,v
retrieving revision 1.428
retrieving revision 1.429
diff -C2 -d -r1.428 -r1.429
*** jcc.c	3 Jun 2014 10:25:57 -0000	1.428
--- jcc.c	25 Jul 2014 11:55:11 -0000	1.429
***************
*** 280,283 ****
--- 280,290 ----
     "Failed parsing or buffering the chunk-encoded client body.\r\n";
  
+ static const char UNSUPPORTED_CLIENT_EXPECTATION_ERROR_RESPONSE[] =
+    "HTTP/1.1 417 Expecting too much\r\n"
+    "Proxy-Agent: Privoxy " VERSION "\r\n"
+    "Content-Type: text/plain\r\n"
+    "Connection: close\r\n\r\n"
+    "Privoxy detected an unsupported Expect header value.\r\n";
+ 
  /* A function to crunch a response */
  typedef struct http_response *(*crunch_func_ptr)(struct client_state *);
***************
*** 440,443 ****
--- 447,484 ----
  /*********************************************************************
   *
+  * Function    :  client_has_unsupported_expectations
+  *
+  * Description :  Checks if the client used an unsupported expectation
+  *                in which case an error message is delivered.
+  *
+  * Parameters  :
+  *          1  :  csp = Current client state (buffers, headers, etc...)
+  *
+  * Returns     :  TRUE if an error response has been generated, or
+  *                FALSE if the request doesn't look invalid.
+  *
+  *********************************************************************/
+ static int client_has_unsupported_expectations(const struct client_state *csp)
+ {
+    if ((csp->flags & CSP_FLAG_UNSUPPORTED_CLIENT_EXPECTATION))
+    {
+       log_error(LOG_LEVEL_ERROR,
+          "Rejecting request from client %s with unsupported Expect header value",
+          csp->ip_addr_str);
+       log_error(LOG_LEVEL_CLF,
+          "%s - - [%T] \"%s\" 417 0", csp->ip_addr_str, csp->http->cmd);
+       write_socket(csp->cfd, UNSUPPORTED_CLIENT_EXPECTATION_ERROR_RESPONSE,
+          strlen(UNSUPPORTED_CLIENT_EXPECTATION_ERROR_RESPONSE));
+ 
+       return TRUE;
+    }
+ 
+    return FALSE;
+ 
+ }
+ 
+ 
+ /*********************************************************************
+  *
   * Function    :  get_request_destination_elsewhere
   *
***************
*** 1694,1697 ****
--- 1735,1743 ----
     }
  
+    if (client_has_unsupported_expectations(csp))
+    {
+       return JB_ERR_PARSE;
+    }
+ 
     return JB_ERR_OK;
  

Index: parsers.c
===================================================================
RCS file: /cvsroot/ijbswa/current/parsers.c,v
retrieving revision 1.286
retrieving revision 1.287
diff -C2 -d -r1.286 -r1.287
*** parsers.c	12 Jun 2014 13:10:21 -0000	1.286
--- parsers.c	25 Jul 2014 11:55:11 -0000	1.287
***************
*** 117,120 ****
--- 117,121 ----
  static jb_err client_x_filter           (struct client_state *csp, char **header);
  static jb_err client_range              (struct client_state *csp, char **header);
+ static jb_err client_expect             (struct client_state *csp, char **header);
  static jb_err server_set_cookie         (struct client_state *csp, char **header);
  static jb_err server_connection         (struct client_state *csp, char **header);
***************
*** 204,207 ****
--- 205,209 ----
     { "Transfer-Encoding:",       18,   client_transfer_encoding },
  #endif
+    { "Expect:",                   7,   client_expect },
     { "*",                         0,   crunch_client_header },
     { "*",                         0,   filter_header },
***************
*** 2009,2012 ****
--- 2011,2048 ----
  /*********************************************************************
   *
+  * Function    :  client_expect
+  *
+  * Description :  Raise the CSP_FLAG_UNSUPPORTED_CLIENT_EXPECTATION
+  *                if the Expect header value is unsupported.
+  *
+  *                Rejecting unsupported expectations is a RFC 7231 5.1.1
+  *                MAY and a RFC 2616 (obsolete) MUST.
+  *
+  * Parameters  :
+  *          1  :  csp = Current client state (buffers, headers, etc...)
+  *          2  :  header = On input, pointer to header to modify.
+  *                On output, pointer to the modified header, or NULL
+  *                to remove the header.  This function frees the
+  *                original string if necessary.
+  *
+  * Returns     :  JB_ERR_OK on success, or
+  *
+  *********************************************************************/
+ jb_err client_expect(struct client_state *csp, char **header)
+ {
+    if (0 != strcmpic(*header, "Expect: 100-continue"))
+    {
+       csp->flags |= CSP_FLAG_UNSUPPORTED_CLIENT_EXPECTATION;
+       log_error(LOG_LEVEL_HEADER,
+          "Unsupported client expectaction: %s", *header);
+    }
+ 
+    return JB_ERR_OK;
+ 
+ }
+ 
+ 
+ /*********************************************************************
+  *
   * Function    :  crumble
   *


------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
ijbswa-commits mailing list
ijbswa-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ijbswa-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic