[Privoxy-commits] [privoxy] 09/38: block_acl(): Ignore ACL matches when we don't have a destination yet
User Git
git at git.privoxy.org
Thu Apr 9 09:37:07 CEST 2026
This is an automated email from the git hooks/post-receive script.
git pushed a commit to branch master
in repository privoxy.
commit ddded9876e9456d201f9ac0b550d57458e092a70
Author: Fabian Keil <fk at fabiankeil.de>
AuthorDate: Fri Jun 10 13:15:23 2022 +0200
block_acl(): Ignore ACL matches when we don't have a destination yet
... but the ACL requires one to match. block_acl() will be called
again later on when the destination is known from parsing the request.
Fixes SF bug #913 reported by Rainer Sokoll
with confirmation from Peter Geelhoed.
---
filters.c | 12 +++++++++++-
loadcfg.c | 4 ----
project.h | 2 --
3 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/filters.c b/filters.c
index 07c9f5fd..ff21f4c5 100644
--- a/filters.c
+++ b/filters.c
@@ -243,7 +243,7 @@ static int match_sockaddr(const struct sockaddr_storage *network,
* 2 : csp = Current client state (buffers, headers, etc...)
* Also includes the client IP address.
*
- * Returns : 0 = FALSE (don't block) and 1 = TRUE (do block)
+ * Returns : 0 = FALSE (don't block (yet)) and 1 = TRUE (do block)
*
*********************************************************************/
int block_acl(const struct access_control_addr *dst, const struct client_state *csp)
@@ -269,6 +269,16 @@ int block_acl(const struct access_control_addr *dst, const struct client_state *
{
if (dst == NULL)
{
+ if (!acl->wildcard_dst)
+ {
+ /*
+ * While the client address matches, the ACL also
+ * has a destination address which we can't check
+ * yet so we accept the connection for now and check
+ * again later when the destination is known.
+ */
+ return(0);
+ }
/* Just want to check if they have any access */
if (acl->action == ACL_PERMIT)
{
diff --git a/loadcfg.c b/loadcfg.c
index 46eacf27..c83cc991 100644
--- a/loadcfg.c
+++ b/loadcfg.c
@@ -1008,12 +1008,10 @@ struct configuration_spec * load_config(void)
break;
}
}
-#ifdef HAVE_RFC2553
else
{
cur_acl->wildcard_dst = 1;
}
-#endif /* def HAVE_RFC2553 */
/*
* Add it to the list. Note we reverse the list to get the
@@ -1564,12 +1562,10 @@ struct configuration_spec * load_config(void)
break;
}
}
-#ifdef HAVE_RFC2553
else
{
cur_acl->wildcard_dst = 1;
}
-#endif /* def HAVE_RFC2553 */
/*
* Add it to the list. Note we reverse the list to get the
diff --git a/project.h b/project.h
index 8e46a732..30297c51 100644
--- a/project.h
+++ b/project.h
@@ -1386,9 +1386,7 @@ struct access_control_list
{
struct access_control_addr src[1]; /**< Client IP address */
struct access_control_addr dst[1]; /**< Website or parent proxy IP address */
-#ifdef HAVE_RFC2553
short wildcard_dst; /** < dst address is wildcard */
-#endif
short action; /**< ACL_PERMIT or ACL_DENY */
struct access_control_list *next; /**< The next entry in the ACL. */
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
More information about the Privoxy-commits
mailing list