-const char filters_rcs[] = "$Id: filters.c,v 1.147 2011/10/30 16:15:43 fabiankeil Exp $";
+const char filters_rcs[] = "$Id: filters.c,v 1.163 2011/12/26 17:03:08 fabiankeil Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/filters.c,v $
*
* Purpose : Declares functions to parse/crunch headers and pages.
- * Functions declared include:
- * `acl_addr', `add_stats', `block_acl', `block_imageurl',
- * `block_url', `url_actions', `domain_split',
- * `filter_popups', `forward_url', 'redirect_url',
- * `ij_untrusted_url', `intercept_url', `pcrs_filter_respose',
- * `ijb_send_banner', `trust_url', `gif_deanimate_response',
- * `execute_single_pcrs_command', `rewrite_url',
- * `get_last_url'
- *
- * Copyright : Written by and Copyright (C) 2001-2010 the
+ *
+ * Copyright : Written by and Copyright (C) 2001-2011 the
* Privoxy team. http://www.privoxy.org/
*
* Based on the Internet Junkbuster originally written
return NULL;
}
- if (0 == strcmpic(redirect_mode, "check-decoded-url"))
+ if (0 == strcmpic(redirect_mode, "check-decoded-url") && strchr(subject, '%'))
{
log_error(LOG_LEVEL_REDIRECTS,
"Checking \"%s\" for encoded redirects.", subject);
+
/*
* Check each parameter in the URL separately.
* Sectionize the URL at "?" and "&",
- * then URL-decode each component,
+ * go backwards through the segments, URL-decode them
* and look for a URL in the decoded result.
- * Keep the last one we spot.
+ * Stop the search after the first match.
*/
- char *found = NULL;
- char *token = strtok(subject, "?&");
- while (token)
+ char *url_segment = NULL;
+ /*
+ * XXX: This estimate is guaranteed to be high enough as we
+ * let ssplit() ignore empty fields, but also a bit wasteful.
+ */
+ size_t max_segments = strlen(subject) / 2;
+ char **url_segments = malloc(max_segments * sizeof(char *));
+ int segments;
+
+ if (NULL == url_segments)
+ {
+ log_error(LOG_LEVEL_ERROR, "Out of memory while decoding URL: %s", new_url);
+ freez(subject);
+ return NULL;
+ }
+
+ segments = ssplit(subject, "?&", url_segments, max_segments, 1, 1);
+
+ while (segments-- > 0)
{
- char *dtoken = url_decode(token);
- if (!dtoken) continue;
- char *h1 = strstr(dtoken, "http://");
- char *h2 = strstr(dtoken, "https://");
- char *h = (h1 && h2
- ? (h1 < h2 ? h1 : h2)
- : (h1 ? h1 : h2));
- if (h)
+ char *dtoken = url_decode(url_segments[segments]);
+ if (NULL == dtoken)
+ {
+ log_error(LOG_LEVEL_ERROR, "Unable to decode \"%s\".", url_segments[segments]);
+ continue;
+ }
+ url_segment = strstr(dtoken, "http://");
+ if (NULL == url_segment)
{
- freez(found);
- found = strdup(h);
+ url_segment = strstr(dtoken, "https://");
}
- token = strtok(NULL, "?&");
+ if (NULL != url_segment)
+ {
+ url_segment = strdup(url_segment);
+ freez(dtoken);
+ if (url_segment == NULL)
+ {
+ log_error(LOG_LEVEL_ERROR,
+ "Out of memory while searching for redirects.");
+ return NULL;
+ }
+ break;
+ }
+ freez(dtoken);
}
+ freez(subject);
+ freez(url_segments);
- if (found)
+ if (url_segment == NULL)
{
- freez(subject);
- return found;
+ return NULL;
}
-
- freez(subject);
- return NULL;
+ subject = url_segment;
+ }
+ else
+ {
+ /* Look for a URL inside this one, without decoding anything. */
+ log_error(LOG_LEVEL_REDIRECTS,
+ "Checking \"%s\" for unencoded redirects.", subject);
}
-
- /* Else, just look for a URL inside this one, without decoding anything. */
-
- log_error(LOG_LEVEL_REDIRECTS,
- "Checking \"%s\" for unencoded redirects.", subject);
/*
* Find the last URL encoded in the request
/* Did any redirect action trigger? */
if (new_url)
{
+ if (url_requires_percent_encoding(new_url))
+ {
+ char *encoded_url;
+ log_error(LOG_LEVEL_REDIRECTS, "Percent-encoding redirect URL: %N",
+ strlen(new_url), new_url);
+ encoded_url = percent_encode_url(new_url);
+ freez(new_url);
+ if (encoded_url == NULL)
+ {
+ return cgi_error_memory();
+ }
+ new_url = encoded_url;
+ assert(FALSE == url_requires_percent_encoding(new_url));
+ }
+
if (0 == strcmpic(new_url, csp->http->url))
{
log_error(LOG_LEVEL_ERROR,
return cgi_error_memory();
}
- if ( enlist_unique_header(rsp->headers, "Location", new_url)
- || (NULL == (rsp->status = strdup("302 Local Redirect from Privoxy"))) )
+ if (enlist_unique_header(rsp->headers, "Location", new_url)
+ || (NULL == (rsp->status = strdup("302 Local Redirect from Privoxy"))))
{
freez(new_url);
free_http_response(rsp);
return JB_ERR_PARSE;
}
- if ((newsize += chunksize) >= *size)
+ if (chunksize >= *size - newsize)
{
- /*
- * XXX: The message is a bit confusing. Isn't the real problem that
- * the specified chunk size is greater than the number of bytes
- * left in the buffer? This probably means the connection got
- * closed prematurely. To be investigated after 3.0.17 is out.
- */
log_error(LOG_LEVEL_ERROR,
- "Chunk size %d exceeds buffer size %d in \"chunked\" transfer coding",
- chunksize, *size);
+ "Chunk size %u exceeds buffered data left. "
+ "Already digested %u of %u buffered bytes.",
+ chunksize, (unsigned int)newsize, (unsigned int)*size);
return JB_ERR_PARSE;
}
+ newsize += chunksize;
from_p += 2;
memmove(to_p, from_p, (size_t) chunksize);