diff options
Diffstat (limited to '')
| -rw-r--r-- | src/reqs.c | 56 |
1 files changed, 1 insertions, 55 deletions
@@ -46,6 +46,7 @@ #include "reverse-proxy.h" #include "transparent-proxy.h" #include "upstream.h" +#include "connect-ports.h" /* * Maximum length of a HTTP line @@ -78,61 +79,6 @@ ((len) > 0 && (header[0] == ' ' || header[0] == '\t')) /* - * This is a global variable which stores which ports are allowed by - * the CONNECT method. It's a security thing. - */ -static vector_t ports_allowed_by_connect = NULL; - -/* - * Now, this routine adds a "port" to the list. It also creates the list if - * it hasn't already by done. - */ -void add_connect_port_allowed (int port) -{ - if (!ports_allowed_by_connect) { - ports_allowed_by_connect = vector_create (); - if (!ports_allowed_by_connect) { - log_message (LOG_WARNING, - "Could not create a list of allowed CONNECT ports"); - return; - } - } - - log_message (LOG_INFO, - "Adding Port [%d] to the list allowed by CONNECT", port); - vector_append (ports_allowed_by_connect, (void **) &port, - sizeof (port)); -} - -/* - * This routine checks to see if a port is allowed in the CONNECT method. - * - * Returns: 1 if allowed - * 0 if denied - */ -static int check_allowed_connect_ports (int port) -{ - size_t i; - int *data; - - /* - * A port list is REQUIRED for a CONNECT request to function - * properly. This closes a potential security hole. - */ - if (!ports_allowed_by_connect) - return 0; - - for (i = 0; i != (size_t) vector_length (ports_allowed_by_connect); ++i) { - data = - (int *) vector_getentry (ports_allowed_by_connect, i, NULL); - if (data && *data == port) - return 1; - } - - return 0; -} - -/* * Read in the first line from the client (the request line for HTTP * connections. The request line is allocated from the heap, but it must * be freed in another function. |