summaryrefslogtreecommitdiffhomepage
path: root/src/connect-ports.c
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2009-12-06 23:50:15 +0100
committerMichael Adam <obnox@samba.org>2009-12-07 00:22:52 +0100
commitc981b246ce2b0b9c3cee5878d0cbefffb8fc2370 (patch)
treebd9e3533d5a19461432efc3760c0ccf824969764 /src/connect-ports.c
parent8cb182e1b873fde40db6e4258ee23b05f956f397 (diff)
Move handling of connect_ports list to its own source module.
Michael
Diffstat (limited to 'src/connect-ports.c')
-rw-r--r--src/connect-ports.c78
1 files changed, 78 insertions, 0 deletions
diff --git a/src/connect-ports.c b/src/connect-ports.c
new file mode 100644
index 0000000..045adc9
--- /dev/null
+++ b/src/connect-ports.c
@@ -0,0 +1,78 @@
+/* tinyproxy - A fast light-weight HTTP proxy
+ * Copyright (C) 1998 Steven Young <sdyoung@miranda.org>
+ * Copyright (C) 1999-2005 Robert James Kaes <rjkaes@users.sourceforge.net>
+ * Copyright (C) 2009 Michael Adam <obnox@samba.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "connect-ports.h"
+#include "vector.h"
+#include "log.h"
+
+/*
+ * This is a global variable which stores which ports are allowed by
+ * the CONNECT method. It's a security thing.
+ */
+static vector_t ports_allowed_by_connect = NULL;
+
+/*
+ * Now, this routine adds a "port" to the list. It also creates the list if
+ * it hasn't already by done.
+ */
+void add_connect_port_allowed (int port)
+{
+ if (!ports_allowed_by_connect) {
+ ports_allowed_by_connect = vector_create ();
+ if (!ports_allowed_by_connect) {
+ log_message (LOG_WARNING,
+ "Could not create a list of allowed CONNECT ports");
+ return;
+ }
+ }
+
+ log_message (LOG_INFO,
+ "Adding Port [%d] to the list allowed by CONNECT", port);
+ vector_append (ports_allowed_by_connect, (void **) &port,
+ sizeof (port));
+}
+
+/*
+ * This routine checks to see if a port is allowed in the CONNECT method.
+ *
+ * Returns: 1 if allowed
+ * 0 if denied
+ */
+int check_allowed_connect_ports (int port)
+{
+ size_t i;
+ int *data;
+
+ /*
+ * A port list is REQUIRED for a CONNECT request to function
+ * properly. This closes a potential security hole.
+ */
+ if (!ports_allowed_by_connect)
+ return 0;
+
+ for (i = 0; i != (size_t) vector_length (ports_allowed_by_connect); ++i) {
+ data =
+ (int *) vector_getentry (ports_allowed_by_connect, i, NULL);
+ if (data && *data == port)
+ return 1;
+ }
+
+ return 0;
+}