bughz/tinyproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

upstream: fix ip/mask calculation for types other than none

Browse Source 
the code wrongly processed the site_spec (here: domain) parameter
only when PT_TYPE == PT_NONE.
re-arranged code to process it correctly whenever passed.
additionally the mask is now also applied to the passed subnet/ip,
so a site_spec like 127.0.0.1/8 is converted into 127.0.0.0/8.
also the case where inet_aton fails now produces a proper error
message.

note that the code still doesn't process ipv6 addresses and mask.
to support it, we should use the existing code in acl.c and refactor
it so it can be used from both call sites.

closes #83
closes #165
This commit is contained in:
rofl0r 2020-09-07 16:11:51 +01:00
parent 559faf7957
commit 23b0c84653
1 changed files with 28 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/upstream.c
View File

@ -81,7 +81,13 @@ static struct upstream *upstream_build (const char *host, int port, const char *
} }
if (domain == NULL) { if (domain == NULL) {
if (!host || host[0] == '\0' || port < 1) { if (type == PT_NONE) {
e_nonedomain:;
log_message (LOG_WARNING,
"Nonsense upstream none rule: empty domain");
goto fail;
}
if (!host || !host[0] || port < 1) {
log_message (LOG_WARNING, log_message (LOG_WARNING,
"Nonsense upstream rule: invalid host or port"); "Nonsense upstream rule: invalid host or port");
goto fail; goto fail;
@ -92,11 +98,17 @@ static struct upstream *upstream_build (const char *host, int port, const char *
log_message (LOG_INFO, "Added upstream %s %s:%d for [default]", log_message (LOG_INFO, "Added upstream %s %s:%d for [default]",
proxy_type_name(type), host, port); proxy_type_name(type), host, port);
} else if (host == NULL || type == PT_NONE) { } else {
if (!domain || domain[0] == '\0') { if (type == PT_NONE) {
log_message (LOG_WARNING, if (!domain[0]) goto e_nonedomain;
"Nonsense no-upstream rule: empty domain"); } else {
goto fail; if (!host || !host[0] || !domain[0]) {
log_message (LOG_WARNING,
"Nonsense upstream rule: invalid parameters");
goto fail;
}
up->host = safestrdup (host);
up->port = port;
} }
ptr = strchr (domain, '/'); ptr = strchr (domain, '/');
@ -116,26 +128,21 @@ static struct upstream *upstream_build (const char *host, int port, const char *
up->mask = up->mask =
~((1 << (32 - atoi (ptr))) - 1); ~((1 << (32 - atoi (ptr))) - 1);
} }
up->ip = up->ip & up->mask;
} else {
log_message (LOG_WARNING,
"Nonsense upstream rule: failed to parse netmask");
goto fail;
} }
} else { } else {
up->domain = safestrdup (domain); up->domain = safestrdup (domain);
} }
log_message (LOG_INFO, "Added no-upstream for %s", domain); if (type == PT_NONE)
} else { log_message (LOG_INFO, "Added upstream none for %s", domain);
if (!host || host[0] == '\0' || !domain else
|| domain[0] == '\0') { log_message (LOG_INFO, "Added upstream %s %s:%d for %s",
log_message (LOG_WARNING, proxy_type_name(type), host, port, domain);
"Nonsense upstream rule: invalid parameters");
goto fail;
}
up->host = safestrdup (host);
up->port = port;
up->domain = safestrdup (domain);
log_message (LOG_INFO, "Added upstream %s %s:%d for %s",
proxy_type_name(type), host, port, domain);
} }
return up; return up;