summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Makefile.am3
-rw-r--r--src/conf.c1
-rw-r--r--src/connect-ports.c78
-rw-r--r--src/connect-ports.h29
-rw-r--r--src/reqs.c56
-rw-r--r--src/reqs.h1
6 files changed, 111 insertions, 57 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 27f85dd..7740814 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -42,7 +42,8 @@ tinyproxy_SOURCES = \
main.c main.h \
utils.c utils.h \
vector.c vector.h \
- upstream.c upstream.h
+ upstream.c upstream.h \
+ connect-ports.c connect-ports.h
EXTRA_tinyproxy_SOURCES = filter.c filter.h \
reverse-proxy.c reverse-proxy.h \
diff --git a/src/conf.c b/src/conf.c
index adc7def..47d8962 100644
--- a/src/conf.c
+++ b/src/conf.c
@@ -36,6 +36,7 @@
#include "reqs.h"
#include "reverse-proxy.h"
#include "upstream.h"
+#include "connect-ports.h"
/*
* The configuration directives are defined in the structure below. Each
diff --git a/src/connect-ports.c b/src/connect-ports.c
new file mode 100644
index 0000000..045adc9
--- /dev/null
+++ b/src/connect-ports.c
@@ -0,0 +1,78 @@
+/* tinyproxy - A fast light-weight HTTP proxy
+ * Copyright (C) 1998 Steven Young <sdyoung@miranda.org>
+ * Copyright (C) 1999-2005 Robert James Kaes <rjkaes@users.sourceforge.net>
+ * Copyright (C) 2009 Michael Adam <obnox@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "connect-ports.h"
+#include "vector.h"
+#include "log.h"
+
+/*
+ * This is a global variable which stores which ports are allowed by
+ * the CONNECT method. It's a security thing.
+ */
+static vector_t ports_allowed_by_connect = NULL;
+
+/*
+ * Now, this routine adds a "port" to the list. It also creates the list if
+ * it hasn't already by done.
+ */
+void add_connect_port_allowed (int port)
+{
+ if (!ports_allowed_by_connect) {
+ ports_allowed_by_connect = vector_create ();
+ if (!ports_allowed_by_connect) {
+ log_message (LOG_WARNING,
+ "Could not create a list of allowed CONNECT ports");
+ return;
+ }
+ }
+
+ log_message (LOG_INFO,
+ "Adding Port [%d] to the list allowed by CONNECT", port);
+ vector_append (ports_allowed_by_connect, (void **) &port,
+ sizeof (port));
+}
+
+/*
+ * This routine checks to see if a port is allowed in the CONNECT method.
+ *
+ * Returns: 1 if allowed
+ * 0 if denied
+ */
+int check_allowed_connect_ports (int port)
+{
+ size_t i;
+ int *data;
+
+ /*
+ * A port list is REQUIRED for a CONNECT request to function
+ * properly. This closes a potential security hole.
+ */
+ if (!ports_allowed_by_connect)
+ return 0;
+
+ for (i = 0; i != (size_t) vector_length (ports_allowed_by_connect); ++i) {
+ data =
+ (int *) vector_getentry (ports_allowed_by_connect, i, NULL);
+ if (data && *data == port)
+ return 1;
+ }
+
+ return 0;
+}
diff --git a/src/connect-ports.h b/src/connect-ports.h
new file mode 100644
index 0000000..6ed6479
--- /dev/null
+++ b/src/connect-ports.h
@@ -0,0 +1,29 @@
+/* tinyproxy - A fast light-weight HTTP proxy
+ * Copyright (C) 1998 Steven Young <sdyoung@miranda.org>
+ * Copyright (C) 1999 Robert James Kaes <rjkaes@users.sourceforge.net>
+ * Copyright (C) 2009 Michael Adam <obnox@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#ifndef _TINYPROXY_CONNECT_PORTS_H_
+#define _TINYPROXY_CONNECT_PORTS_H_
+
+#include "common.h"
+
+extern void add_connect_port_allowed (int port);
+int check_allowed_connect_ports (int port);
+
+#endif /* _TINYPROXY_CONNECT_PORTS_ */
diff --git a/src/reqs.c b/src/reqs.c
index 1baab95..c92920f 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -46,6 +46,7 @@
#include "reverse-proxy.h"
#include "transparent-proxy.h"
#include "upstream.h"
+#include "connect-ports.h"
/*
* Maximum length of a HTTP line
@@ -78,61 +79,6 @@
((len) > 0 && (header[0] == ' ' || header[0] == '\t'))
/*
- * This is a global variable which stores which ports are allowed by
- * the CONNECT method. It's a security thing.
- */
-static vector_t ports_allowed_by_connect = NULL;
-
-/*
- * Now, this routine adds a "port" to the list. It also creates the list if
- * it hasn't already by done.
- */
-void add_connect_port_allowed (int port)
-{
- if (!ports_allowed_by_connect) {
- ports_allowed_by_connect = vector_create ();
- if (!ports_allowed_by_connect) {
- log_message (LOG_WARNING,
- "Could not create a list of allowed CONNECT ports");
- return;
- }
- }
-
- log_message (LOG_INFO,
- "Adding Port [%d] to the list allowed by CONNECT", port);
- vector_append (ports_allowed_by_connect, (void **) &port,
- sizeof (port));
-}
-
-/*
- * This routine checks to see if a port is allowed in the CONNECT method.
- *
- * Returns: 1 if allowed
- * 0 if denied
- */
-static int check_allowed_connect_ports (int port)
-{
- size_t i;
- int *data;
-
- /*
- * A port list is REQUIRED for a CONNECT request to function
- * properly. This closes a potential security hole.
- */
- if (!ports_allowed_by_connect)
- return 0;
-
- for (i = 0; i != (size_t) vector_length (ports_allowed_by_connect); ++i) {
- data =
- (int *) vector_getentry (ports_allowed_by_connect, i, NULL);
- if (data && *data == port)
- return 1;
- }
-
- return 0;
-}
-
-/*
* Read in the first line from the client (the request line for HTTP
* connections. The request line is allocated from the heap, but it must
* be freed in another function.
diff --git a/src/reqs.h b/src/reqs.h
index cf40e46..73dd030 100644
--- a/src/reqs.h
+++ b/src/reqs.h
@@ -44,6 +44,5 @@ struct request_s {
};
extern void handle_connection (int fd);
-extern void add_connect_port_allowed (int port);
#endif