[Privoxy-commits] [privoxy] branch master updated: receive_client_request(): Reject https URLs without CONNECT request

[User Git]

This is an automated email from the git hooks/post-receive script.

git pushed a commit to branch master
in repository privoxy.

The following commit(s) were added to refs/heads/master by this push:
     new 358601f7 receive_client_request(): Reject https URLs without CONNECT request
358601f7 is described below

commit 358601f7ad1aa1ad97dce91261e584c65296ab64
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Thu Mar 25 11:06:54 2021 +0100

    receive_client_request(): Reject https URLs without CONNECT request
---
 jcc.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/jcc.c b/jcc.c
index 36ac4f06..17aa0392 100644
--- a/jcc.c
+++ b/jcc.c
@@ -1813,6 +1813,19 @@ static jb_err receive_client_request(struct client_state *csp)
       free_http_request(http);
       return JB_ERR_PARSE;
    }
+   if (http->ssl && strcmpic(http->gpc, "CONNECT"))
+   {
+      write_socket_delayed(csp->cfd, CHEADER, strlen(CHEADER),
+         get_write_delay(csp));
+      /* XXX: Use correct size */
+      log_error(LOG_LEVEL_CLF, "%s - - [%T] \"Invalid request\" 400 0",
+         csp->ip_addr_str);
+      log_error(LOG_LEVEL_ERROR, "Client %s tried to send a https "
+         "URL without sending a CONNECT request first",
+         csp->ip_addr_str);
+      free_http_request(http);
+      return JB_ERR_PARSE;
+   }
 
    /* grab the rest of the client's headers */
    init_list(headers);

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.