Fabian Keil [Sat, 16 Jan 2016 12:31:40 +0000 (12:31 +0000)]
get_destination_from_headers(): Remove comment about code duplication
While there's similar code elsewhere, it's not exactly the same.
Fabian Keil [Sat, 16 Jan 2016 12:30:58 +0000 (12:30 +0000)]
Document forward-webserver
Fabian Keil [Sat, 16 Jan 2016 12:30:43 +0000 (12:30 +0000)]
Introduce the new forwarding type 'forward-webserver'
Currently it is only supported by the forward-override{}
action and there's no config directive with the same
name.
The forwarding type is similar to 'forward', but the
request line only contains the path instead of the
complete URL.
This makes it more convenient to use Privoxy to make
existing websites available as onion services as well.
Many websites serve content with hardcoded URLs and
can't be easily adjusted to change the domain based
on the one used by the client.
Putting Privoxy between Tor and the webserver (or an stunnel
that forwards to the webserver) allows to rewrite headers and
content to make client and server happy at the same time.
Fabian Keil [Sat, 16 Jan 2016 12:30:28 +0000 (12:30 +0000)]
Extend comment explaining SOCKS_NONE
Fabian Keil [Sat, 16 Jan 2016 12:30:05 +0000 (12:30 +0000)]
Note that someone is currently working on updating the CGI templates
Fabian Keil [Sat, 16 Jan 2016 12:29:51 +0000 (12:29 +0000)]
Note donor interest for #16, #144 and #145
Fabian Keil [Sat, 16 Jan 2016 12:29:40 +0000 (12:29 +0000)]
Add Gregory Seidman as contributor
Fabian Keil [Sat, 16 Jan 2016 12:29:30 +0000 (12:29 +0000)]
load_one_actions_file(): Prevent invalid read if the buffer is too short
Found with afl-fuzz and AddressSanitizer.
Fabian Keil [Sat, 16 Jan 2016 12:29:17 +0000 (12:29 +0000)]
remove_chunked_transfer_coding(): Reject invalid input sooner
Prevents invalid reads in case of corrupt input.
Bug discovered with alf-fuzz and ASAN.
Fabian Keil [Sat, 16 Jan 2016 12:29:00 +0000 (12:29 +0000)]
client_host(): Remove empty host headers
Previously they would result in invalid reads and crashes
when compiled with AddressSanitizer. Bug found with afl-fuzz.
Fabian Keil [Sat, 16 Jan 2016 12:28:43 +0000 (12:28 +0000)]
pcre: Fix invalid reads in internal and outdated pcre code
Fabian Keil [Sat, 16 Jan 2016 12:28:21 +0000 (12:28 +0000)]
Disable filter{banners-by-size} for .black-mosquito.org/
Fabian Keil [Sat, 16 Jan 2016 12:28:09 +0000 (12:28 +0000)]
Disable fast-redirects for disqus.com/
Fabian Keil [Sat, 16 Jan 2016 12:27:56 +0000 (12:27 +0000)]
uagen: Update OS data for FreeBSD
alpha is no longer supported.
Fabian Keil [Mon, 28 Dec 2015 18:56:36 +0000 (18:56 +0000)]
Fix the documented type of the forward-override{} action
... which is obviously 'parameterized'.
Fabian Keil [Mon, 28 Dec 2015 18:56:19 +0000 (18:56 +0000)]
Correctly document the action type for a bunch of "multi-value" actions
... that were incorrectly documented to be "parameterized".
Reported by Gregory Seidman on ijbswa-users@.
Fabian Keil [Mon, 28 Dec 2015 18:56:05 +0000 (18:56 +0000)]
Add Robert Klemme as contributor (donor)
Fabian Keil [Mon, 28 Dec 2015 18:55:49 +0000 (18:55 +0000)]
Check requests more carefully before serving them forcefully
... when blocks aren't enforced.
Privoxy always adds the force token at the beginning
of the path, but would previously accept it anywhere
in the request line.
This could result in requests being served that should
be blocked. For example in case of pages that were
loaded with force and contained JavaScript to create
additionally requests that embed the origin URL
(thus inheriting the force prefix).
The bug is not considered a security issue and the
fix does not make it harder for remote sites to
intentionally circumvent blocks if Privoxy isn't
configured to enforce them.
Fixes #1695 reported by Korda.
Fabian Keil [Sun, 27 Dec 2015 16:41:17 +0000 (16:41 +0000)]
Fix a typo in #146
Fabian Keil [Sun, 27 Dec 2015 16:40:54 +0000 (16:40 +0000)]
Block a bunch of criteo domains
Reported by Black Rider.
Fabian Keil [Sun, 27 Dec 2015 16:40:40 +0000 (16:40 +0000)]
Block abs.proxistore.com/abe/
Reported by Black Rider.
Fabian Keil [Sun, 27 Dec 2015 16:40:20 +0000 (16:40 +0000)]
Fix a regression test
The intent was to verify that the URL is blocked and the keyword for
this is "Blocked URL" which does not depend on the currently active
"Sticky Actions" which may change in the future.
Fabian Keil [Sun, 27 Dec 2015 13:32:02 +0000 (13:32 +0000)]
Add missing word in #143
Fabian Keil [Sun, 27 Dec 2015 13:31:48 +0000 (13:31 +0000)]
Add Korda as contributor
Fabian Keil [Sun, 27 Dec 2015 13:31:36 +0000 (13:31 +0000)]
Add Guybrush Threepwood as contributor
Fabian Keil [Sun, 27 Dec 2015 13:31:25 +0000 (13:31 +0000)]
Add Pak Chan as contributor
Fabian Keil [Sun, 27 Dec 2015 13:31:15 +0000 (13:31 +0000)]
Add Rustam Abdullaev as contributor
Fabian Keil [Sun, 27 Dec 2015 12:56:33 +0000 (12:56 +0000)]
Add #144-#146: Allow to pre-define tags that are set for clients that want them
Fabian Keil [Sun, 27 Dec 2015 12:56:04 +0000 (12:56 +0000)]
Add #143: Add support OpenBSD's pledge feature
Fabian Keil [Sun, 27 Dec 2015 12:54:12 +0000 (12:54 +0000)]
client_host_adder(): Reject the request if the destination host is unknown
Previously the request would fail later on.
While at it, use a less silly log message.
Fabian Keil [Sun, 27 Dec 2015 12:53:54 +0000 (12:53 +0000)]
Fix build with mingw x86_64
Submitted by Rustam Abdullaev in #135.
Fabian Keil [Sun, 27 Dec 2015 12:53:39 +0000 (12:53 +0000)]
acl_addr(): Properly parse acl directives with ports when compiled with HAVE_RFC2553
Previously the port wasn't removed from the host and in case of
'permit-access 127.0.0.1 example.org:80' Privoxy would try (and fail)
to resolve "example.org:80" instead of example.org.
Reported by Pak Chan on ijbswa-users@.
Fabian Keil [Sun, 27 Dec 2015 12:50:57 +0000 (12:50 +0000)]
GNUmakefile.in: Remove incomplete config-file-alt target
It's not needed and unlikely to get completed any time soon.
Fabian Keil [Sun, 27 Dec 2015 12:50:42 +0000 (12:50 +0000)]
Add parse_numeric_value()
... and use it to reject config directives with invalid
values more reliably.
Fabian Keil [Sun, 27 Dec 2015 12:49:29 +0000 (12:49 +0000)]
get_destination_from_headers(): Additionally update the request line in proxy format
This makes rewriting intercepted requests more convenient.
Previously it was expected to fail unless $hostport
was being used, but rewrites of intercepted requests
without $hostport failed "the wrong way" and would
result in an out-of-memory message (vanilla host patterns)
or a crash (extended host patterns).
Reported by "Guybrish Threepwood" in #1694.
Fabian Keil [Sun, 27 Dec 2015 12:48:59 +0000 (12:48 +0000)]
get_destination_from_headers(): Remove dead code
Fabian Keil [Sun, 27 Dec 2015 12:47:17 +0000 (12:47 +0000)]
host_matches(): Assert that the host pointer isn't NULL
Fabian Keil [Sun, 27 Dec 2015 12:46:46 +0000 (12:46 +0000)]
Fix comment typos
Fabian Keil [Sun, 27 Dec 2015 12:46:34 +0000 (12:46 +0000)]
execute_external_filter(): Assert that the buffer for the filter output is large enough
Fabian Keil [Sun, 27 Dec 2015 12:45:46 +0000 (12:45 +0000)]
pcrs_strerror(): Include the error code for unknown errors
While the approach (static buffer) is somewhat racy,
it's unlikely to matter in practice.
Fabian Keil [Fri, 6 Nov 2015 13:38:55 +0000 (13:38 +0000)]
webserver: Update with recent changes
The update has been done manually as I currently
have no working docbook setup.
Fabian Keil [Fri, 6 Nov 2015 13:38:38 +0000 (13:38 +0000)]
website: Add Ian's mirror to the download section
Fabian Keil [Fri, 6 Nov 2015 13:38:13 +0000 (13:38 +0000)]
cgi_show_status(): Stop treating files called standard.action special
... and allow to edit them just like any other action file.
Nowadays the official "standards" are part of default.action
and there's no obvious reason to disallow editing them through
the cgi editor anyway (if the user decided that the lack of
authentication isn't an issue in her environment).
Fabian Keil [Fri, 6 Nov 2015 13:37:55 +0000 (13:37 +0000)]
Block requests for "resources.infolinks.com/"
Reported by "Black Rider" on ijbswa-users@.
Fabian Keil [Fri, 6 Nov 2015 13:37:35 +0000 (13:37 +0000)]
accept_connection(): Enable socket lingering for the correct socket
Previously we repeatedly enabled it for the listen socket
instead of for the accepted socket. The bug was found by
code inspection and did not cause any (reported) issues.
Fabian Keil [Fri, 6 Nov 2015 13:35:24 +0000 (13:35 +0000)]
accept_connection(): Set NO_DELAY flag for the accepting socket
This significantly reduces the latency if the operating
system is not configured to set the flag by default.
For Windows the unnecessary delay has been reported
to be ~200ms while on ElectroBSD it's still 100ms.
Reported by Johan Sintorn in #894.
Fabian Keil [Fri, 6 Nov 2015 13:34:56 +0000 (13:34 +0000)]
Factor out set_no_delay_flag() to reduce code duplication
While at it, log an error message if setting the flag
fails and let the compiler emit a warning if Privoxy
is compiled on a platform where the function is a nop.
Fabian Keil [Tue, 25 Aug 2015 11:35:00 +0000 (11:35 +0000)]
Add #142: Remove or update the "internal" pcre version
Fabian Keil [Tue, 25 Aug 2015 11:34:10 +0000 (11:34 +0000)]
Better late than never: bump version to 3.0.24 UNRELEASED
Fabian Keil [Fri, 21 Aug 2015 10:59:07 +0000 (10:59 +0000)]
Add Yang Xia as contributor
Fabian Keil [Fri, 21 Aug 2015 10:58:53 +0000 (10:58 +0000)]
execute_external_filter(): Actually fix the buffer scaling
The previous commit was about as wrong as the code it
"fixed" and could still result in a buffer that wasn't
large enough to hold all the output from the external filter.
Submitted by Yang Xia in #892.
Fabian Keil [Wed, 12 Aug 2015 10:41:26 +0000 (10:41 +0000)]
Add Jonathan McKenzie as contributor
Fabian Keil [Wed, 12 Aug 2015 10:41:16 +0000 (10:41 +0000)]
Add Joel Verhagen and Jarry Xu as contributors
Fabian Keil [Wed, 12 Aug 2015 10:40:42 +0000 (10:40 +0000)]
FAQ: Explicitly point fingers at ASUS
.. as an example of a company that has been reported
to force malware based on Privoxy upon its customers.
Fabian Keil [Wed, 12 Aug 2015 10:39:16 +0000 (10:39 +0000)]
WinMain: Use the correct function to close the event handle
According to Microsoft's documentation DeleteObject() is
used to delete a "logical pen, brush, font, bitmap, region,
or palette" while CloseHandle() is supposed to be used
for the handle returned by CreateEvent():
https://msdn.microsoft.com/en-us/library/windows/desktop/
dd183539%28v=vs.85%29.aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682396%28v=vs.85%29.aspx
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724211%28v=vs.85%29.aspx
It's conceivable that this commit fixes a tiny memory leak,
but then again maybe not as DeleteObject() is apparently full
of magic:
http://blogs.msdn.com/b/oldnewthing/archive/2013/03/06/
10399678.aspx
Reported by Jarry Xu in #891.
Fabian Keil [Wed, 12 Aug 2015 10:38:45 +0000 (10:38 +0000)]
FAQ: Fix spelling of affect
Fabian Keil [Wed, 12 Aug 2015 10:38:16 +0000 (10:38 +0000)]
#132: Note some work in progress
Fabian Keil [Wed, 12 Aug 2015 10:38:02 +0000 (10:38 +0000)]
load_config(): In case of invalid forward-socks5(t) directives, use the correct directive name
Previously the error messages referred to forward-socks4t failures.
Reported by Joel Verhagen in #889.
Fabian Keil [Wed, 12 Aug 2015 10:37:44 +0000 (10:37 +0000)]
Add #141: Port Privoxy to CloudABI
Fabian Keil [Wed, 12 Aug 2015 10:37:26 +0000 (10:37 +0000)]
Unblock klikki.fi/adv/
Fabian Keil [Wed, 12 Aug 2015 10:37:11 +0000 (10:37 +0000)]
translate_socks5_error(): Improve SOCKS5_REQUEST_HOST_UNREACHABLE translation
... to make it more obvious that it's the destination
host that is unreachable and not the host running the
socks server.
Fabian Keil [Wed, 12 Aug 2015 10:34:38 +0000 (10:34 +0000)]
malloc_or_die(): Catch and prevent attempted zero-size allocations
Fabian Keil [Wed, 12 Aug 2015 10:34:21 +0000 (10:34 +0000)]
execute_external_filter(): Don't rely on undefined malloc() behaviour
... and fix the read buffer scaling for initial sizes below READ_LENGTH.
Could fix the crash reported by Jonathan McKenzie on ijbswa-users@
Fabian Keil [Wed, 12 Aug 2015 10:33:56 +0000 (10:33 +0000)]
docbook2man-spec.pl: Update the inserted man page banner
.. to make it more obvious that the script is part of Privoxy's source tarball.
Remove suggestion that bug reports should be reported to the original author
as the referenced address is no longer useful thanks to a domain squatter.
Fabian Keil [Wed, 12 Aug 2015 10:33:32 +0000 (10:33 +0000)]
Disable filter{banners-by-size} for .plasmaservice.de/
Fabian Keil [Wed, 12 Aug 2015 10:33:13 +0000 (10:33 +0000)]
get_actions(): Detect and reject parameters for parameter-less actions
Previously they were silently ignored.
Fabian Keil [Thu, 18 Jun 2015 15:26:40 +0000 (15:26 +0000)]
Increase socks5_connect()'s optimism
... and let it send the request body optimistically as well.
It's not that complicated and, more importantly, previously
the request body wasn't guaranteed to be sent at all.
Should fix #1686 reported by Peter Müller and G4JC.
Fabian Keil [Sun, 29 Mar 2015 17:22:36 +0000 (17:22 +0000)]
Regenerated docs with CVEs for 3.0.23 and bumped copyright
Fabian Keil [Sun, 29 Mar 2015 17:22:20 +0000 (17:22 +0000)]
Bump copyright
Fabian Keil [Sun, 29 Mar 2015 17:22:05 +0000 (17:22 +0000)]
Add CVEs for 3.0.23 stable
Fabian Keil [Fri, 27 Mar 2015 12:42:13 +0000 (12:42 +0000)]
Bump copyright
Fabian Keil [Fri, 27 Mar 2015 12:41:57 +0000 (12:41 +0000)]
Add CVEs for Privoxy 3.0.23
Fabian Keil [Fri, 27 Mar 2015 12:40:08 +0000 (12:40 +0000)]
listen_loop(): Add number of active threads to a couple of log messages
Fabian Keil [Fri, 27 Mar 2015 12:39:44 +0000 (12:39 +0000)]
decompress_iob(): Refine the log message emitted when the iob is too small
Fabian Keil [Sat, 21 Feb 2015 18:56:34 +0000 (18:56 +0000)]
Unblock .deutschlandradiokultur.de/
Reported by u302320 in #924.
Fabian Keil [Sat, 21 Feb 2015 18:55:53 +0000 (18:55 +0000)]
Add two fast-redirect exceptions for yandex.ru
Fabian Keil [Mon, 26 Jan 2015 11:26:16 +0000 (11:26 +0000)]
Import last-minute changes
Fabian Keil [Mon, 26 Jan 2015 11:25:45 +0000 (11:25 +0000)]
Fix contributor name
Fabian Keil [Sat, 24 Jan 2015 16:44:43 +0000 (16:44 +0000)]
Regenerate docs for Privoxy 3.0.23 stable
Fabian Keil [Sat, 24 Jan 2015 16:44:20 +0000 (16:44 +0000)]
Regenerate config file for Privoxy 3.0.23
Fabian Keil [Sat, 24 Jan 2015 16:44:08 +0000 (16:44 +0000)]
Import changelog for Privoxy 3.0.23
Fabian Keil [Sat, 24 Jan 2015 16:43:45 +0000 (16:43 +0000)]
Add CVEs for Privoxy 3.0.22 stable
Fabian Keil [Sat, 24 Jan 2015 16:43:34 +0000 (16:43 +0000)]
Add changes for 3.0.23 stable
Fabian Keil [Sat, 24 Jan 2015 16:43:21 +0000 (16:43 +0000)]
Declare 3.0.23 'stable'
Fabian Keil [Sat, 24 Jan 2015 16:43:11 +0000 (16:43 +0000)]
Add Basil Hussain as contributor
Fabian Keil [Sat, 24 Jan 2015 16:42:57 +0000 (16:42 +0000)]
Prevent parse errors after failing to deliver a client request with body
For now we err on the safe side and simply throw all the following
requests under the bus, even if no client body has been buffered.
A compliant client will repeat the dropped requests on an untainted
connection.
The proper fix is to discard the no longer needed client body
in the buffer (if there is one) and to continue parsing the
bytes that follow. This is less trivial and will have to wait
until the next release.
Reported by Basil Hussain.
Fabian Keil [Sat, 24 Jan 2015 16:42:23 +0000 (16:42 +0000)]
Add Matthew Daley as contributor
Fabian Keil [Sat, 24 Jan 2015 16:42:13 +0000 (16:42 +0000)]
Emphasize that Privoxy is serious business
Fabian Keil [Sat, 24 Jan 2015 16:41:51 +0000 (16:41 +0000)]
Add parse_time_header(), a wrapper around parse_header_time()
... which skips the header name for the callers which means
they can't get it wrong. Previously two callers did. This could
result in 'invalid read of size X' issues in case of value-less
headers.
On the systems I tested, X was always 1 and nobody but valgrind
cared, but with different malloc() implementations Privoxy might
be less lucky and segfault.
Partially discovered with afl-fuzz.
Fabian Keil [Sat, 24 Jan 2015 16:41:20 +0000 (16:41 +0000)]
chunked_body_is_complete(): Check input more carefully
Previously a nul-chunk without mandatory trailing "\r\n" would
not be rejected as invalid. When compiled with assertions enabled,
this would cause Privoxy to abort().
Reported by Matthew Daley.
Fabian Keil [Sat, 24 Jan 2015 16:40:59 +0000 (16:40 +0000)]
pcrs_compile_replacement(): Fix multiple segfaults and memory leaks
... and report errors more reliably. Previously some invalid
pcrs commands were silently accepted but didn't work as expected.
Partially discovered with afl-fuzz.
Fabian Keil [Sat, 24 Jan 2015 16:40:47 +0000 (16:40 +0000)]
Add ElectroBSD to the list of BSDs Privoxy is known to run on
Fabian Keil [Sat, 24 Jan 2015 16:40:37 +0000 (16:40 +0000)]
Fix comment typo
Fabian Keil [Sat, 24 Jan 2015 16:40:21 +0000 (16:40 +0000)]
Properly explain why the pcrs job couldn't be compiled
Fabian Keil [Sat, 24 Jan 2015 16:40:07 +0000 (16:40 +0000)]
Grammar fixes for the dok-tidy description
Fabian Keil [Sat, 24 Jan 2015 16:39:53 +0000 (16:39 +0000)]
Add a web-user-manual target that uses rsync
Fabian Keil [Fri, 19 Dec 2014 12:36:06 +0000 (12:36 +0000)]
Remove #84 as it's a duplicate of #51
Rephrase #51 to make it more obvious.
Fabian Keil [Fri, 19 Dec 2014 12:35:30 +0000 (12:35 +0000)]
Fix spelling in #126
Fabian Keil [Fri, 19 Dec 2014 12:32:15 +0000 (12:32 +0000)]
Regenerate documentation
Fabian Keil [Fri, 19 Dec 2014 12:31:46 +0000 (12:31 +0000)]
Add the Paypal address