summaryrefslogtreecommitdiff
path: root/src/reqs.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/reqs.c')
-rw-r--r--src/reqs.c56
1 files changed, 1 insertions, 55 deletions
diff --git a/src/reqs.c b/src/reqs.c
index 1baab95..c92920f 100644
--- a/src/reqs.c
+++ b/src/reqs.c
@@ -46,6 +46,7 @@
#include "reverse-proxy.h"
#include "transparent-proxy.h"
#include "upstream.h"
+#include "connect-ports.h"
/*
* Maximum length of a HTTP line
@@ -78,61 +79,6 @@
((len) > 0 && (header[0] == ' ' || header[0] == '\t'))
/*
- * This is a global variable which stores which ports are allowed by
- * the CONNECT method. It's a security thing.
- */
-static vector_t ports_allowed_by_connect = NULL;
-
-/*
- * Now, this routine adds a "port" to the list. It also creates the list if
- * it hasn't already by done.
- */
-void add_connect_port_allowed (int port)
-{
- if (!ports_allowed_by_connect) {
- ports_allowed_by_connect = vector_create ();
- if (!ports_allowed_by_connect) {
- log_message (LOG_WARNING,
- "Could not create a list of allowed CONNECT ports");
- return;
- }
- }
-
- log_message (LOG_INFO,
- "Adding Port [%d] to the list allowed by CONNECT", port);
- vector_append (ports_allowed_by_connect, (void **) &port,
- sizeof (port));
-}
-
-/*
- * This routine checks to see if a port is allowed in the CONNECT method.
- *
- * Returns: 1 if allowed
- * 0 if denied
- */
-static int check_allowed_connect_ports (int port)
-{
- size_t i;
- int *data;
-
- /*
- * A port list is REQUIRED for a CONNECT request to function
- * properly. This closes a potential security hole.
- */
- if (!ports_allowed_by_connect)
- return 0;
-
- for (i = 0; i != (size_t) vector_length (ports_allowed_by_connect); ++i) {
- data =
- (int *) vector_getentry (ports_allowed_by_connect, i, NULL);
- if (data && *data == port)
- return 1;
- }
-
- return 0;
-}
-
-/*
* Read in the first line from the client (the request line for HTTP
* connections. The request line is allocated from the heap, but it must
* be freed in another function.