[prev in list] [next in list] [prev in thread] [next in thread]
List: privoxy-commits
Subject: [privoxy-commits] current jcc.c, 1.428, 1.429 parsers.c, 1.286, 1.287 project.h, 1.206, 1.207
From: Fabian Keil <fabiankeil () users ! sourceforge ! net>
Date: 2014-07-25 11:55:13
Message-ID: E1XAe5k-0006B5-5M () sfs-ml-4 ! v29 ! ch3 ! sourceforge ! com
[Download RAW message or body]
Update of /cvsroot/ijbswa/current
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv15884
Modified Files:
jcc.c parsers.c project.h
Log Message:
Reject requests with unsupported Expect header values
This changes the test status for the following Co-Advisor
tests from "Violation" to "Success":
rfc2616/unsuppExpect-0100-continue
rfc2616/unsuppExpect-100-continueing
rfc2616/unsuppExpect-expect=params
rfc2616/unsuppExpect-expect=quoted-100c
For RFC 2616 rejecting such requests was a MUST,
but RFC 7230 downgraded this to a MAY.
Index: project.h
===================================================================
RCS file: /cvsroot/ijbswa/current/project.h,v
retrieving revision 1.206
retrieving revision 1.207
diff -C2 -d -r1.206 -r1.207
*** project.h 2 Jun 2014 06:22:21 -0000 1.206
--- project.h 25 Jul 2014 11:55:11 -0000 1.207
***************
*** 849,852 ****
--- 849,856 ----
#define CSP_FLAG_CHUNKED_CLIENT_BODY 0x01000000U
+ /**
+ * Flag for csp->flags: Set if the client set the Expect header
+ */
+ #define CSP_FLAG_UNSUPPORTED_CLIENT_EXPECTATION 0x02000000U
/*
Index: jcc.c
===================================================================
RCS file: /cvsroot/ijbswa/current/jcc.c,v
retrieving revision 1.428
retrieving revision 1.429
diff -C2 -d -r1.428 -r1.429
*** jcc.c 3 Jun 2014 10:25:57 -0000 1.428
--- jcc.c 25 Jul 2014 11:55:11 -0000 1.429
***************
*** 280,283 ****
--- 280,290 ----
"Failed parsing or buffering the chunk-encoded client body.\r\n";
+ static const char UNSUPPORTED_CLIENT_EXPECTATION_ERROR_RESPONSE[] =
+ "HTTP/1.1 417 Expecting too much\r\n"
+ "Proxy-Agent: Privoxy " VERSION "\r\n"
+ "Content-Type: text/plain\r\n"
+ "Connection: close\r\n\r\n"
+ "Privoxy detected an unsupported Expect header value.\r\n";
+
/* A function to crunch a response */
typedef struct http_response *(*crunch_func_ptr)(struct client_state *);
***************
*** 440,443 ****
--- 447,484 ----
/*********************************************************************
*
+ * Function : client_has_unsupported_expectations
+ *
+ * Description : Checks if the client used an unsupported expectation
+ * in which case an error message is delivered.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ *
+ * Returns : TRUE if an error response has been generated, or
+ * FALSE if the request doesn't look invalid.
+ *
+ *********************************************************************/
+ static int client_has_unsupported_expectations(const struct client_state *csp)
+ {
+ if ((csp->flags & CSP_FLAG_UNSUPPORTED_CLIENT_EXPECTATION))
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Rejecting request from client %s with unsupported Expect header value",
+ csp->ip_addr_str);
+ log_error(LOG_LEVEL_CLF,
+ "%s - - [%T] \"%s\" 417 0", csp->ip_addr_str, csp->http->cmd);
+ write_socket(csp->cfd, UNSUPPORTED_CLIENT_EXPECTATION_ERROR_RESPONSE,
+ strlen(UNSUPPORTED_CLIENT_EXPECTATION_ERROR_RESPONSE));
+
+ return TRUE;
+ }
+
+ return FALSE;
+
+ }
+
+
+ /*********************************************************************
+ *
* Function : get_request_destination_elsewhere
*
***************
*** 1694,1697 ****
--- 1735,1743 ----
}
+ if (client_has_unsupported_expectations(csp))
+ {
+ return JB_ERR_PARSE;
+ }
+
return JB_ERR_OK;
Index: parsers.c
===================================================================
RCS file: /cvsroot/ijbswa/current/parsers.c,v
retrieving revision 1.286
retrieving revision 1.287
diff -C2 -d -r1.286 -r1.287
*** parsers.c 12 Jun 2014 13:10:21 -0000 1.286
--- parsers.c 25 Jul 2014 11:55:11 -0000 1.287
***************
*** 117,120 ****
--- 117,121 ----
static jb_err client_x_filter (struct client_state *csp, char **header);
static jb_err client_range (struct client_state *csp, char **header);
+ static jb_err client_expect (struct client_state *csp, char **header);
static jb_err server_set_cookie (struct client_state *csp, char **header);
static jb_err server_connection (struct client_state *csp, char **header);
***************
*** 204,207 ****
--- 205,209 ----
{ "Transfer-Encoding:", 18, client_transfer_encoding },
#endif
+ { "Expect:", 7, client_expect },
{ "*", 0, crunch_client_header },
{ "*", 0, filter_header },
***************
*** 2009,2012 ****
--- 2011,2048 ----
/*********************************************************************
*
+ * Function : client_expect
+ *
+ * Description : Raise the CSP_FLAG_UNSUPPORTED_CLIENT_EXPECTATION
+ * if the Expect header value is unsupported.
+ *
+ * Rejecting unsupported expectations is a RFC 7231 5.1.1
+ * MAY and a RFC 2616 (obsolete) MUST.
+ *
+ * Parameters :
+ * 1 : csp = Current client state (buffers, headers, etc...)
+ * 2 : header = On input, pointer to header to modify.
+ * On output, pointer to the modified header, or NULL
+ * to remove the header. This function frees the
+ * original string if necessary.
+ *
+ * Returns : JB_ERR_OK on success, or
+ *
+ *********************************************************************/
+ jb_err client_expect(struct client_state *csp, char **header)
+ {
+ if (0 != strcmpic(*header, "Expect: 100-continue"))
+ {
+ csp->flags |= CSP_FLAG_UNSUPPORTED_CLIENT_EXPECTATION;
+ log_error(LOG_LEVEL_HEADER,
+ "Unsupported client expectaction: %s", *header);
+ }
+
+ return JB_ERR_OK;
+
+ }
+
+
+ /*********************************************************************
+ *
* Function : crumble
*
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
ijbswa-commits mailing list
ijbswa-commits@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ijbswa-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic