summaryrefslogtreecommitdiff
path: root/src (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2015-10-11add crummy authentication supportninji-patchesTreeki4-1/+284
2014-12-13BB#110 Increase number of hash buckets from 32 to 256.Michael Adam1-1/+1
This should make hash processing generally faster. There is a treadeoff between memory footprint and speed of processing. 10 KB instead of 1.2 KB of hash table per process should not be a huge problem even on very limited current systems. Who really needs to stick to 32 buckets could recompile. We could also think about making this configurable at some point. Signed-off-by: Michael Adam <obnox@samba.org>
2014-12-13BB#110 limit the number of headers per request to prevent DoSMichael Adam1-1/+17
Based on patch provided by gpernot@praksys.org on bugzilla. Signed-off-by: Michael Adam <obnox@samba.org>
2014-12-13BB#110 secure the hashmaps by adding a seedMichael Adam2-6/+9
Based on a patch provided by gpernot@praksys.org on bugzilla. Signed-off-by: Michael Adam <obnox@samba.org>
2014-12-13BB#110 Replace hash function with Dan Bernstein's.Peter H. Froehlich1-6/+5
This hash function distributes much better than the original one. The effect is not as visible with hashes taken modulo 32 than with a bigger modulus, but it is there. And larger number of buckets migh become possible in the future... Reviewed-by: Michael Adam <obnox@samba.org>
2013-11-23buffer: fix log message in read_buffer().Michael Adam1-2/+2
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23buffer: reduce indentation in read_buffer()Michael Adam1-17/+15
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23reqs: fix typo in a debug message in get_request_entity()Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23transparent: make transparent support compile after introduction of multi ListenMichael Adam1-10/+23
I seem to have forgotten to compile with transparent support enabled... This belongs to the fix for bug BB#63. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23child: remove use of config.listen_addrs in child_listening_sockets()Michael Adam1-3/+3
This was accidentially used instead of the function parameter listen_addrs This still belongs to the fix for bug BB#63. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130969 (part 3) - unchecked return value from library.Michael Adam1-1/+8
Check the return value of socket_blocking (fcntl) at the end of relay_connection() for client socket. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130969 (part 2) - unchecked return value from library.Michael Adam1-1/+8
Check the return value of socket_blocking (fcntl) at the end of relay_connection(). Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130972 - remove logically dead code.Michael Adam1-9/+0
url == NULL is caught above. Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22network: Fix CID 113095 - unchecked return value from libraryMichael Adam1-1/+5
Check return of "recv" in readline(). Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22child: check return code of socket_blocking for accept in child_mainMichael Adam1-1/+7
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22child: Fix CID 1130966 - unchecked return value from libraryMichael Adam1-1/+8
check the return code of fcntl via socket_nonblocking on the listen sockets in child_main() Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130967 - unchecked return value from library.Michael Adam1-1/+7
Check the return code of fcntl via socket_blocking in pull_client_data(). Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130968 - unchecked return value from libraryMichael Adam1-1/+8
Check the return code of fcntl via socket_nonblocking in pull_client_data() Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: rename a variable.Michael Adam1-3/+3
ret will be used in enclosing scope. so rename this special varibale. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: fix CID 1130969 - unchecked return code from libraryMichael Adam1-1/+6
Effectively, the return code of fcntl was not checked by not checking the return code of socket_nonblocking() for the server fd. Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: fix CID 1130970 - unchecked return code from libraryMichael Adam1-1/+7
Effectively, the return code of fcntl was not checked by not checking the return code of socket_nonblocking() for the client fd. Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22conf: Fix CID 1130973 - resource leak.Michael Adam1-0/+1
Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16BB#106: remove now unused extract_ssl_url.Michael Adam1-25/+0
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16BB#106: fix CONNECT requsts with IPv6 literal addresses as host.Michael Adam1-1/+1
Use extract_url instead of the old extract_ssl_url: extract_url is generic and handles ipv6 literal addresses correctly. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16BB#106: add default_port argument to extract_http_url and rename it to ↵Michael Adam1-5/+9
extract_url There is in fact nothing http-specific any more about this function, hence the rename. The input has been stripped of the <proto>:// header anyways. This in preparation of fixing bug BB#106: ssl fails with literal ipv6 addrs. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16req: move a variable into the scope where it is used in extract_http_url()Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16BB#116: fix invalid free when connecting to ipv6 literal addressMichael Adam1-1/+4
When removing the '[' and ']' characers from the ipv6 literal address, make sure the pointer that is later free'd stays a malloced pointer by memmoving the string one place left. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16sock: add debug messages to opensock()Michael Adam1-0/+6
log entering opensock and successful return of getaddrinfo. This allows to detect dns timeouts from looking at the logs. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09[BB#63] conf: Allow multiple Listen statements in the config.Michael Adam5-14/+75
This introduces a list (vector) of addresses instead of having just one address string. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09[BB#81] allow listening on multiple families when no Listen is provided in ↵Michael Adam1-2/+9
config This is achieved by not stopping at the first result of getaddrinfo that we managed to listen on: Without "Listen" in the config, we call getraddrinfo with NULL address. With AI_PASSIVE, this gives results for both IPv4 and IPv6 wildcard addresses (if both are supported). This lets tinyproxy listen on both IPv4 and IPv6 wildcard if the system supports them. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: add a starting debug message to listen_sock()Michael Adam1-0/+3
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: update introductory comment for listen_sock()Michael Adam1-1/+7
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: set IPV6_V6ONLY on the socket before binding an IPv6 addressMichael Adam1-0/+12
so that we can bind wildcard for both IPv4 and IPv6. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: factor listening on one socket out of the gai-result-loop in listen_sock()Michael Adam1-48/+62
for clarity of the code Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: in listen_sock(), move variable for setsockopt() into scopeMichael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: log each result of getaddrinfo() in listen_sock()Michael Adam1-0/+14
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: in listen_sock(), add a log message for when bind() has failedMichael Adam1-0/+2
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: in listen_sock(), detect and log failure to call setsockopt()Michael Adam1-2/+10
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: in listen_sock(), add debug message when socket() call failed.Michael Adam1-1/+5
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: move listen() into the getaddrinfo result loop in listen_sock()Michael Adam1-22/+22
This also reverses the exit logic of the loop. It prepares listening on multiple addresses. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09child: use a list of listen_fds instead of one single listenfd.Michael Adam3-7/+90
This prepares listenting on multiple sockets, which will be ussed to fix listening on the wildcard (listen on both ipv6 and ipv4) and help add the support for multiple Listen statements in the config Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09child: add addr argument to child_listening_sock().Michael Adam3-4/+4
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: add addr argument to listen_sock()Michael Adam3-4/+4
instead of using config.ipAddr internally. This is in preparation to make it possible to call it for multiple addresses. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock/child: remove global variable addrlen.Michael Adam3-13/+8
This changes listen_sock() to not return the addrlen of the used address from getaddrinfo call to the caller, stored in global addrlen in child.c. This was only used to be able to allocate enough space for the arguments to the later accept call depending on whether IPv4 or IPv6 is used. This removes the need to pass this info by always allocating sizeof(struct sockaddr_storage) instead, which is enough to carry both sockaddr_in and sockaddr_in6. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09[BB#109] Fix crash (infinite loop) when writing to log file fails.Michael Adam1-2/+7
Fall back to syslog logging in that case. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09log: remove extra newline characters in log messages.Michael Adam1-2/+2
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-01[BB#115] Drop supplementary groupsGaudenz Steinlin1-0/+10
Supplementary groups are inherited from the calling process. Drop all supplementary groups if the "Group" configuration directive is set to change to a different user. Otherwise the process may have more rights than expected. Reviewed-by: Michael Adam <obnox@samba.org>
2012-01-23Update authorsMukund Sivaraman1-0/+2
2011-08-23Bug #103: Move files installed in /etc/ to /etc/tinyproxy/Mukund Sivaraman1-1/+3
2011-03-04[BB#90]: Fix bug in ACL netmask generationMukund Sivaraman1-4/+21
Thanks to John Horne who diagnosed this issue and found the problem.