summaryrefslogtreecommitdiffhomepage
path: root/src
AgeCommit message (Collapse)Author
2016-09-10Continue with forward proxy if ReverseOnly is not true and no mapping ↵Stephan Leemburg
available (#35) allow non-reverse mappings if reverseonly is not enabled
2016-01-03update URLrofl0r
2014-12-13BB#110 Increase number of hash buckets from 32 to 256.Michael Adam
This should make hash processing generally faster. There is a treadeoff between memory footprint and speed of processing. 10 KB instead of 1.2 KB of hash table per process should not be a huge problem even on very limited current systems. Who really needs to stick to 32 buckets could recompile. We could also think about making this configurable at some point. Signed-off-by: Michael Adam <obnox@samba.org>
2014-12-13BB#110 limit the number of headers per request to prevent DoSMichael Adam
Based on patch provided by gpernot@praksys.org on bugzilla. Signed-off-by: Michael Adam <obnox@samba.org>
2014-12-13BB#110 secure the hashmaps by adding a seedMichael Adam
Based on a patch provided by gpernot@praksys.org on bugzilla. Signed-off-by: Michael Adam <obnox@samba.org>
2014-12-13BB#110 Replace hash function with Dan Bernstein's.Peter H. Froehlich
This hash function distributes much better than the original one. The effect is not as visible with hashes taken modulo 32 than with a bigger modulus, but it is there. And larger number of buckets migh become possible in the future... Reviewed-by: Michael Adam <obnox@samba.org>
2013-11-23buffer: fix log message in read_buffer().Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23buffer: reduce indentation in read_buffer()Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23reqs: fix typo in a debug message in get_request_entity()Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23transparent: make transparent support compile after introduction of multi ListenMichael Adam
I seem to have forgotten to compile with transparent support enabled... This belongs to the fix for bug BB#63. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-23child: remove use of config.listen_addrs in child_listening_sockets()Michael Adam
This was accidentially used instead of the function parameter listen_addrs This still belongs to the fix for bug BB#63. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130969 (part 3) - unchecked return value from library.Michael Adam
Check the return value of socket_blocking (fcntl) at the end of relay_connection() for client socket. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130969 (part 2) - unchecked return value from library.Michael Adam
Check the return value of socket_blocking (fcntl) at the end of relay_connection(). Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130972 - remove logically dead code.Michael Adam
url == NULL is caught above. Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22network: Fix CID 113095 - unchecked return value from libraryMichael Adam
Check return of "recv" in readline(). Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22child: check return code of socket_blocking for accept in child_mainMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22child: Fix CID 1130966 - unchecked return value from libraryMichael Adam
check the return code of fcntl via socket_nonblocking on the listen sockets in child_main() Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130967 - unchecked return value from library.Michael Adam
Check the return code of fcntl via socket_blocking in pull_client_data(). Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: Fix CID 1130968 - unchecked return value from libraryMichael Adam
Check the return code of fcntl via socket_nonblocking in pull_client_data() Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: rename a variable.Michael Adam
ret will be used in enclosing scope. so rename this special varibale. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: fix CID 1130969 - unchecked return code from libraryMichael Adam
Effectively, the return code of fcntl was not checked by not checking the return code of socket_nonblocking() for the server fd. Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22reqs: fix CID 1130970 - unchecked return code from libraryMichael Adam
Effectively, the return code of fcntl was not checked by not checking the return code of socket_nonblocking() for the client fd. Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-22conf: Fix CID 1130973 - resource leak.Michael Adam
Found by coverity. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16BB#106: remove now unused extract_ssl_url.Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16BB#106: fix CONNECT requsts with IPv6 literal addresses as host.Michael Adam
Use extract_url instead of the old extract_ssl_url: extract_url is generic and handles ipv6 literal addresses correctly. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16BB#106: add default_port argument to extract_http_url and rename it to ↵Michael Adam
extract_url There is in fact nothing http-specific any more about this function, hence the rename. The input has been stripped of the <proto>:// header anyways. This in preparation of fixing bug BB#106: ssl fails with literal ipv6 addrs. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16req: move a variable into the scope where it is used in extract_http_url()Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16BB#116: fix invalid free when connecting to ipv6 literal addressMichael Adam
When removing the '[' and ']' characers from the ipv6 literal address, make sure the pointer that is later free'd stays a malloced pointer by memmoving the string one place left. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-16sock: add debug messages to opensock()Michael Adam
log entering opensock and successful return of getaddrinfo. This allows to detect dns timeouts from looking at the logs. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09[BB#63] conf: Allow multiple Listen statements in the config.Michael Adam
This introduces a list (vector) of addresses instead of having just one address string. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09[BB#81] allow listening on multiple families when no Listen is provided in ↵Michael Adam
config This is achieved by not stopping at the first result of getaddrinfo that we managed to listen on: Without "Listen" in the config, we call getraddrinfo with NULL address. With AI_PASSIVE, this gives results for both IPv4 and IPv6 wildcard addresses (if both are supported). This lets tinyproxy listen on both IPv4 and IPv6 wildcard if the system supports them. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: add a starting debug message to listen_sock()Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: update introductory comment for listen_sock()Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: set IPV6_V6ONLY on the socket before binding an IPv6 addressMichael Adam
so that we can bind wildcard for both IPv4 and IPv6. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: factor listening on one socket out of the gai-result-loop in listen_sock()Michael Adam
for clarity of the code Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: in listen_sock(), move variable for setsockopt() into scopeMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: log each result of getaddrinfo() in listen_sock()Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: in listen_sock(), add a log message for when bind() has failedMichael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: in listen_sock(), detect and log failure to call setsockopt()Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: in listen_sock(), add debug message when socket() call failed.Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: move listen() into the getaddrinfo result loop in listen_sock()Michael Adam
This also reverses the exit logic of the loop. It prepares listening on multiple addresses. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09child: use a list of listen_fds instead of one single listenfd.Michael Adam
This prepares listenting on multiple sockets, which will be ussed to fix listening on the wildcard (listen on both ipv6 and ipv4) and help add the support for multiple Listen statements in the config Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09child: add addr argument to child_listening_sock().Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock: add addr argument to listen_sock()Michael Adam
instead of using config.ipAddr internally. This is in preparation to make it possible to call it for multiple addresses. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09sock/child: remove global variable addrlen.Michael Adam
This changes listen_sock() to not return the addrlen of the used address from getaddrinfo call to the caller, stored in global addrlen in child.c. This was only used to be able to allocate enough space for the arguments to the later accept call depending on whether IPv4 or IPv6 is used. This removes the need to pass this info by always allocating sizeof(struct sockaddr_storage) instead, which is enough to carry both sockaddr_in and sockaddr_in6. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09[BB#109] Fix crash (infinite loop) when writing to log file fails.Michael Adam
Fall back to syslog logging in that case. Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-09log: remove extra newline characters in log messages.Michael Adam
Signed-off-by: Michael Adam <obnox@samba.org>
2013-11-01[BB#115] Drop supplementary groupsGaudenz Steinlin
Supplementary groups are inherited from the calling process. Drop all supplementary groups if the "Group" configuration directive is set to change to a different user. Otherwise the process may have more rights than expected. Reviewed-by: Michael Adam <obnox@samba.org>
2012-01-23Update authorsMukund Sivaraman
2011-08-23Bug #103: Move files installed in /etc/ to /etc/tinyproxy/Mukund Sivaraman