Update NEWS

Thanks to John Horne who diagnosed this issue and found the problem.

Makefile.am

@@ -17,5 +17,11 @@ EXTRA_DIST = \
 test: all
 	./tests/scripts/run_tests.sh
 
+test-wait:
+	TINYPROXY_TESTS_WAIT=yes $(MAKE) test
+
 valgrind-test: all
 	./tests/scripts/run_tests_valgrind.sh
+
+valgrind-test-wait:
+	TINYPROXY_TESTS_WAIT=yes $(MAKE) valgrind-test

NEWS

@@ -1,6 +1,76 @@
 Tinyproxy NEWS
 ==============
 
+Version 1.8.3
+-------------
+
+This release mostly fixes support for IPv6, and also some security
+bugs. Fixes to messages, etc. were also made.
+
+Bugs resolved since version 1.8.2
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ * BB#91: Fix upstream proxy support
+ * BB#95: Fix FilterURLs with transparent proxy support
+ * BB#90: Fix bug in ACL netmask generation
+
+Contributors
+~~~~~~~~~~~~
+
+Daniel Egger, John Horne, Michael Adam, Mukund Sivaraman.
+
+
+Version 1.8.2
+-------------
+
+ * Minor formatting changes and typo fixes were made.
+
+Bugs resolved since version 1.8.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ * BB#69: INET6 not available when configured to Listen and Bind in v4,
+   and vice versa
+ * BB#74: tinyproxy unable to reopen log files after receiving HUP
+ * BB#78: Warn if configuration results in an open proxy
+ * BB#82: https access not working
+ * BB#83: run_tests.sh relies on $USER
+ * BB#84: Unaligned access error on ia64 and alpha
+ * BB#87: Unable to listen on ports less than 1024 (regression in 1.8.1)
+ * BB#88: Crashes when reloading configuration
+ * BB#89: tinyproxy leaks memory over time
+
+Contributors
+~~~~~~~~~~~~
+
+Dmitry Semyonov, John van der Kamp, Jordi Mallach, Michael Adam,
+Mukund Sivaraman.
+
+
+Version 1.8.1
+-------------
+
+ * Tinyproxy now drops `root` user privileges more quickly.
+ * The log and pid files are now stored in a sub-directory in `/var/`.
+ * A format string vulnerability was fixed.
+ * Minor formatting changes and typo fixes were made.
+
+Bugs fixed since version 1.8.0
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+ * BB#74: tinyproxy unable to reopen log files after receiving HUP
+ * BB#79: Make the testsuite uninteractive
+ * BB#80: Handle errors in testsuite
+ * BB#81: Listen directive doesn't work as expected
+ * BB#72: upstream support is not reported with tinyproxy -h
+ * BB#73: generated tinyproxy.conf has the wrong location for the html
+   file installation
+
+Contributors
+~~~~~~~~~~~~
+
+Michael Adam, Mukund Sivaraman.
+
+
 Version 1.8.0
 -------------
 
@@ -39,6 +109,7 @@ Contributors
 
 David Shanks, Mathew Mrosko, Michael Adam, Mukund Sivaraman.
 
+
 Version 1.7.1
 -------------
 
@@ -64,6 +135,7 @@ Contributors
 Andrew Stribblehill, Jeremy Hinegardner, Matthew Dempsky, Michael Adam,
 Mukund Sivaraman, Robert James Kaes.
 
+
 Version 1.7.0
 -------------
 

README

@@ -15,7 +15,7 @@ administrator.
 
 For more info, please visit:
 
-	https://www.banu.com/tinyproxy/
+	https://banu.com/tinyproxy/
 
 
 Installation
@@ -44,7 +44,7 @@ include:
 				domains and URLs.
 	--enable-upstream	Enable support for proxying connections
 				through another proxy server.
-	--enable-transparent-proxy
+	--enable-transparent
 				Allow Tinyproxy to be used as a
 				transparent proxy daemon
 	--enable-static		Compile a static version of Tinyproxy
@@ -58,14 +58,14 @@ Support
 If you are having problems with Tinyproxy, please submit a bug report
 using Tinyproxy as the product at:
 
-	https://www.banu.com/bugzilla/
+	https://banu.com/bugzilla/
 
 You may also wish to subscribe to the Tinyproxy mailing lists. To do so
 please visit:
 
-	https://www.banu.com/mailman/listinfo/tinyproxy-announce-list
+	https://banu.com/mailman/listinfo/tinyproxy-announce-list
-	https://www.banu.com/mailman/listinfo/tinyproxy-users-list
+	https://banu.com/mailman/listinfo/tinyproxy-users-list
-	https://www.banu.com/mailman/listinfo/tinyproxy-developers-list
+	https://banu.com/mailman/listinfo/tinyproxy-developers-list
 
 for more information on how to subscribe and post messages to the lists.
 
@@ -79,11 +79,11 @@ source, please send a patch (preferably as a unified diff. i.e. `diff
 repository to tinyproxy-developers-list.  Please include a description
 of what your patch does.
 
-Tinyproxy's git repository is git://www.banu.com/tinyproxy.git. The
+Tinyproxy's git repository is git://banu.com/tinyproxy.git. The
 following command creates a local copy:
 
 ----
-git clone git://www.banu.com/tinyproxy.git
+git clone git://banu.com/tinyproxy.git
 ----
 
 The easiest and preferred way to create a patch for submission is to

TODO

@@ -42,12 +42,6 @@ against the current tree and I'll integrate it if possible.
 
    ==> https://www.banu.com/bugzilla/show_bug.cgi?id=13
 
- * Fix paths inside etc/tinyproxy.conf
-
- * Finish manpages
-
- * Move defaults handling to conf.c
-
  * Remove common.h and fix order of headers
 
  * Remove memory debugging functions (Valgrind is good enough)

configure.ac

@@ -5,13 +5,13 @@ AC_PREREQ(2.54)
 
 m4_define([tinyproxy_major_version], [1])
 m4_define([tinyproxy_minor_version], [8])
-m4_define([tinyproxy_micro_version], [0])
+m4_define([tinyproxy_micro_version], [3])
 m4_define([tinyproxy_real_version],
           [tinyproxy_major_version.tinyproxy_minor_version.tinyproxy_micro_version])
 m4_define([tinyproxy_version], [tinyproxy_real_version])
 
 # For overriding the version string. Comment out if not needed.
-# m4_define([tinyproxy_version], [1.8.0])
+# m4_define([tinyproxy_version], [1.8.2])
 
 m4_define([tinyproxy_unstable],
           m4_if(m4_eval(tinyproxy_minor_version % 2), [1], [yes], [no]))
@@ -19,7 +19,7 @@ m4_define([tinyproxy_stable],
           m4_if(m4_eval(tinyproxy_minor_version % 2), [0], [yes], [no]))
 
 AC_INIT([Tinyproxy], [tinyproxy_version],
-	[https://www.banu.com/bugzilla/enter_bug.cgi?product=tinyproxy],
+	[https://banu.com/tinyproxy/],
 	[tinyproxy])
 
 AC_CANONICAL_TARGET

docs/man5/tinyproxy.conf.txt.in

@@ -147,7 +147,7 @@ The possible keywords and their descriptions are as follows:
 *No Upstream*::
 
     This option allows you to set up a set of rules for deciding
-    whether an upstream a proxy server is to be used, based on the
+    whether an upstream proxy server is to be used, based on the
     host or domain of the site being accessed. The rules are stored
     in the order encountered in the configuration file and the
     LAST matching rule wins. There are three possible forms for
@@ -210,9 +210,9 @@ The possible keywords and their descriptions are as follows:
     which clients are allowed to access Tinyproxy. `Allow` and `Deny`
     lines can be specified multiple times to build the access control
     list for Tinyproxy. The order in the config file is important.
-    If there are no `Access` or `Deny` lines, then all clients are
+    If there are no `Allow` or `Deny` lines, then all clients are
     allowed. Otherwise, the default action is to deny access.
-    The argument to `Access` or `Deny` can be a single IP address
+    The argument to `Allow` or `Deny` can be a single IP address
     of a client host, like `127.0.0.1`, an IP address range, like
     `192.168.0.1/24` or a string that will be matched against the
     end of the client host name, i.e, this can be a full host name
@@ -343,7 +343,7 @@ BUGS
 ----
 
 To report bugs in Tinyproxy, please visit
-<https://www.banu.com/tinyproxy/support/[https://www.banu.com/tinyproxy/support/]>.
+<https://www.banu.com/tinyproxy/[https://www.banu.com/tinyproxy/]>.
 
 
 SEE ALSO

docs/man8/Makefile.am

@@ -1,4 +1,4 @@
-MAN8_FILES  = \
+MAN8_FILES = \
 	tinyproxy.txt
 
 A2X_ARGS = \

docs/man8/tinyproxy.txt.in

@@ -130,13 +130,13 @@ configuration variable `StatFile`.
 FILES
 -----
 
-`/etc/tinyproxy/tinyproxy.conf`, `/var/run/tinyproxy.pid`, `/var/log/tinyproxy.log`
+`/etc/tinyproxy/tinyproxy.conf`, `/var/run/tinyproxy/tinyproxy.pid`, `/var/log/tinyproxy/tinyproxy.log`
 
 BUGS
 ----
 
 To report bugs in Tinyproxy, please visit
-<https://www.banu.com/tinyproxy/support/[https://www.banu.com/tinyproxy/support/]>.
+<https://www.banu.com/tinyproxy/[https://www.banu.com/tinyproxy/]>.
 
 
 SEE ALSO

etc/tinyproxy.conf.in

@@ -56,18 +56,18 @@ Timeout 600
 #   /usr/share/tinyproxy
 #   /etc/tinyproxy
 #
-#ErrorFile 404 "@datadir@/404.html"
+#ErrorFile 404 "@pkgdatadir@/404.html"
-#ErrorFile 400 "@datadir@/400.html"
+#ErrorFile 400 "@pkgdatadir@/400.html"
-#ErrorFile 503 "@datadir@/503.html"
+#ErrorFile 503 "@pkgdatadir@/503.html"
-#ErrorFile 403 "@datadir@/403.html"
+#ErrorFile 403 "@pkgdatadir@/403.html"
-#ErrorFile 408 "@datadir@/408.html"
+#ErrorFile 408 "@pkgdatadir@/408.html"
 
 #
 # DefaultErrorFile: The HTML file that gets sent if there is no
 # HTML file defined with an ErrorFile keyword for the HTTP error
 # that has occured.
 #
-DefaultErrorFile "@datadir@/default.html"
+DefaultErrorFile "@pkgdatadir@/default.html"
 
 #
 # StatHost: This configures the host name or IP address that is treated
@@ -84,15 +84,15 @@ DefaultErrorFile "@datadir@/default.html"
 # for the stathost.  If this file doesn't exist a basic page is
 # hardcoded in tinyproxy.
 #
-StatFile "@datadir@/stats.html"
+StatFile "@pkgdatadir@/stats.html"
 
 #
-# Logfile: Allows you to specify the location where information should
+# LogFile: Allows you to specify the location where information should
 # be logged to.  If you would prefer to log to syslog, then disable this
 # and enable the Syslog directive.  These directives are mutually
 # exclusive.
 #
-Logfile "@localstatedir@/log/tinyproxy.log"
+#LogFile "@localstatedir@/log/tinyproxy/tinyproxy.log"
 
 #
 # Syslog: Tell tinyproxy to use syslog instead of a logfile.  This
@@ -122,7 +122,7 @@ LogLevel Info
 # PidFile: Write the PID of the main tinyproxy thread to this file so it
 # can be used for signalling purposes.
 #
-PidFile "@localstatedir@/run/tinyproxy.pid"
+#PidFile "@localstatedir@/run/tinyproxy/tinyproxy.pid"
 
 #
 # XTinyproxy: Tell Tinyproxy to include the X-Tinyproxy header, which

src/acl.c

@@ -66,8 +66,8 @@ struct acl_s {
  *
  */
 static int
-fill_netmask_array (char *bitmask_string, unsigned char array[],
+fill_netmask_array (char *bitmask_string, int v6,
-                    size_t len)
+                    unsigned char array[], size_t len)
 {
         unsigned int i;
         unsigned long int mask;
@@ -81,7 +81,14 @@ fill_netmask_array (char *bitmask_string, unsigned char array[],
             || (errno != 0 && mask == 0) || (endptr == bitmask_string))
                 return -1;
 
-        /* valid range for a bit mask */
+        if (v6 == 0) {
+                /* The mask comparison is done as an IPv6 address, so
+                 * convert to a longer mask in the case of IPv4
+                 * addresses. */
+                mask += 12 * 8;
+        }
+
+        /* check valid range for a bit mask */
         if (mask > (8 * len))
                 return -1;
 
@@ -160,6 +167,9 @@ int insert_acl (char *location, acl_access_t access_type, vector_t *access_list)
                  */
                 p = strchr (location, '/');
                 if (p != NULL) {
+                        char dst[sizeof(struct in6_addr)];
+                        int v6;
+
                         /*
                          * We have a slash, so it's intended to be an
                          * IP address with mask
@@ -171,8 +181,15 @@ int insert_acl (char *location, acl_access_t access_type, vector_t *access_list)
                         acl.type = ACL_NUMERIC;
                         memcpy (acl.address.ip.octet, ip_dst, IPV6_LEN);
 
+                        /* Check if the IP address before the netmask is
+                         * an IPv6 address */
+                        if (inet_pton(AF_INET6, location, dst) > 0)
+                                v6 = 1;
+                        else
+                                v6 = 0;
+
                         if (fill_netmask_array
-                            (p + 1, &(acl.address.ip.mask[0]), IPV6_LEN)
+                            (p + 1, v6, &(acl.address.ip.mask[0]), IPV6_LEN)
                             < 0)
                                 return -1;
                 } else {

src/conf.c

@@ -163,6 +163,8 @@ static HANDLE_FUNC (handle_upstream);
 static HANDLE_FUNC (handle_upstream_no);
 #endif
 
+static void config_free_regex (void);
+
 /*
  * This macro can be used to make standard directives in the form:
  *   directive arguments [arguments ...]
@@ -317,7 +319,8 @@ static void free_config (struct config_s *conf)
  *
  * Returns 0 on success; negative upon failure.
  */
-static int config_compile (void)
+int
+config_compile_regex (void)
 {
         unsigned int i, r;
 
@@ -335,9 +338,30 @@ static int config_compile (void)
                 if (r)
                         return r;
         }
+
+        atexit (config_free_regex);
+
         return 0;
 }
 
+/*
+ * Frees pre-compiled regular expressions used by the configuration
+ * file. This function is registered to be automatically called at exit.
+ */
+static void
+config_free_regex (void)
+{
+        unsigned int i;
+
+        for (i = 0; i < ndirectives; i++) {
+                if (directives[i].cre) {
+                        regfree (directives[i].cre);
+                        safefree (directives[i].cre);
+                        directives[i].cre = NULL;
+                }
+        }
+}
+
 /*
  * Attempt to match the supplied line with any of the configuration
  * regexes defined above.  If a match is found, call the handler
@@ -397,7 +421,7 @@ static int load_config_file (const char *config_fname, struct config_s *conf)
                 goto done;
         }
 
-        if (config_compile () || config_parse (conf, config_file)) {
+        if (config_parse (conf, config_file)) {
                 fprintf (stderr, "Unable to parse config file. "
                          "Not starting.\n");
                 goto done;
@@ -617,8 +641,8 @@ set_bool_arg (unsigned int *var, const char *line, regmatch_t * match)
         return 0;
 }
 
-static unsigned long int
+static unsigned long
-get_int_arg (const char *line, regmatch_t * match)
+get_long_arg (const char *line, regmatch_t * match)
 {
         assert (line);
         assert (match && match->rm_so != -1);
@@ -627,13 +651,13 @@ get_int_arg (const char *line, regmatch_t * match)
 }
 
 static int
-set_int_arg (unsigned long int *var, const char *line, regmatch_t * match)
+set_int_arg (unsigned int *var, const char *line, regmatch_t * match)
 {
         assert (var);
         assert (line);
         assert (match);
 
-        *var = get_int_arg (line, match);
+        *var = (unsigned int) get_long_arg (line, match);
         return 0;
 }
 
@@ -755,49 +779,58 @@ static HANDLE_FUNC (handle_bindsame)
 
 static HANDLE_FUNC (handle_port)
 {
-        return set_int_arg ((unsigned long int *) &conf->port, line, &match[2]);
+        set_int_arg (&conf->port, line, &match[2]);
+
+        if (conf->port > 65535) {
+                fprintf (stderr, "Bad port number (%d) supplied for Port.\n",
+                         conf->port);
+                return 1;
+        }
+
+        return 0;
 }
 
 static HANDLE_FUNC (handle_maxclients)
 {
-        child_configure (CHILD_MAXCLIENTS, get_int_arg (line, &match[2]));
+        child_configure (CHILD_MAXCLIENTS, get_long_arg (line, &match[2]));
         return 0;
 }
 
 static HANDLE_FUNC (handle_maxspareservers)
 {
-        child_configure (CHILD_MAXSPARESERVERS, get_int_arg (line, &match[2]));
+        child_configure (CHILD_MAXSPARESERVERS,
+                         get_long_arg (line, &match[2]));
         return 0;
 }
 
 static HANDLE_FUNC (handle_minspareservers)
 {
-        child_configure (CHILD_MINSPARESERVERS, get_int_arg (line, &match[2]));
+        child_configure (CHILD_MINSPARESERVERS,
+                         get_long_arg (line, &match[2]));
         return 0;
 }
 
 static HANDLE_FUNC (handle_startservers)
 {
-        child_configure (CHILD_STARTSERVERS, get_int_arg (line, &match[2]));
+        child_configure (CHILD_STARTSERVERS, get_long_arg (line, &match[2]));
         return 0;
 }
 
 static HANDLE_FUNC (handle_maxrequestsperchild)
 {
         child_configure (CHILD_MAXREQUESTSPERCHILD,
-                         get_int_arg (line, &match[2]));
+                         get_long_arg (line, &match[2]));
         return 0;
 }
 
 static HANDLE_FUNC (handle_timeout)
 {
-        return set_int_arg ((unsigned long int *) &conf->idletimeout, line,
+        return set_int_arg (&conf->idletimeout, line, &match[2]);
-                            &match[2]);
 }
 
 static HANDLE_FUNC (handle_connectport)
 {
-        add_connect_port_allowed (get_int_arg (line, &match[2]),
+        add_connect_port_allowed (get_long_arg (line, &match[2]),
                                   &conf->connect_ports);
         return 0;
 }
@@ -866,7 +899,7 @@ static HANDLE_FUNC (handle_errorfile)
          * present.  This is why the "string" is located at
          * match[4] (rather than the more intuitive match[3].
          */
-        unsigned long int err = get_int_arg (line, &match[2]);
+        unsigned long int err = get_long_arg (line, &match[2]);
         char *page = get_string_arg (line, &match[4]);
 
         add_new_errorpage (page, err);
@@ -1019,10 +1052,10 @@ static HANDLE_FUNC (handle_upstream)
         ip = get_string_arg (line, &match[2]);
         if (!ip)
                 return -1;
-        port = (int) get_int_arg (line, &match[7]);
+        port = (int) get_long_arg (line, &match[7]);
 
-        if (match[9].rm_so != -1) {
+        if (match[10].rm_so != -1) {
-                domain = get_string_arg (line, &match[9]);
+                domain = get_string_arg (line, &match[10]);
                 if (domain) {
                         upstream_add (ip, port, domain, &conf->upstream_list);
                         safefree (domain);

src/conf.h

@@ -40,7 +40,7 @@ struct config_s {
         char *logf_name;
         char *config_file;
         unsigned int syslog;    /* boolean */
-        int port;
+        unsigned int port;
         char *stathost;
         unsigned int godaemon;  /* boolean */
         unsigned int quit;      /* boolean */
@@ -115,4 +115,6 @@ struct config_s {
 extern int reload_config_file (const char *config_fname, struct config_s *conf,
                                struct config_s *defaults);
 
+int config_compile_regex (void);
+
 #endif

src/html-error.c

@@ -280,7 +280,7 @@ int add_standard_vars (struct conn_s *connptr)
         add_error_variable (connptr, "date", timebuf);
 
         add_error_variable (connptr, "website",
-                            "https://www.banu.com/tinyproxy/");
+                            "https://banu.com/tinyproxy/");
         add_error_variable (connptr, "version", VERSION);
         add_error_variable (connptr, "package", PACKAGE);
 

src/log.c

@@ -206,11 +206,12 @@ void send_stored_logs (void)
 {
         char *string;
         char *ptr;
-
         int level;
-
         size_t i;
 
+        if (log_message_storage == NULL)
+                return;
+
         log_message(LOG_DEBUG, "sending stored logs");
 
         for (i = 0; (ssize_t) i != vector_length (log_message_storage); ++i) {
@@ -230,7 +231,7 @@ void send_stored_logs (void)
                         continue;
 #endif
 
-                log_message (level, ptr);
+                log_message (level, "%s", ptr);
         }
 
         vector_delete (log_message_storage);

src/main.c

@@ -162,12 +162,17 @@ display_usage (void)
         features++;
 #endif /* REVERSE_SUPPORT */
 
+#ifdef UPSTREAM_SUPPORT
+        printf ("    Upstream proxy support\n");
+        features++;
+#endif /* UPSTREAM_SUPPORT */
+
         if (0 == features)
                 printf ("    None\n");
 
         printf ("\n"
                 "For bug reporting instructions, please see:\n"
-                "<https://www.banu.com/tinyproxy/support/>.\n");
+                "<https://banu.com/tinyproxy/>.\n");
 }
 
 static int
@@ -321,8 +326,8 @@ static void initialize_config_defaults (struct config_s *conf)
         conf->errorpages = NULL;
         conf->stathost = safestrdup (TINYPROXY_STATHOST);
         conf->idletimeout = MAX_IDLE_TIME;
-	conf->logf_name = safestrdup (LOCALSTATEDIR "/log/tinyproxy.log");
+        conf->logf_name = safestrdup (LOCALSTATEDIR "/log/tinyproxy/tinyproxy.log");
-	conf->pidpath = safestrdup (LOCALSTATEDIR "/run/tinyproxy.pid");
+        conf->pidpath = safestrdup (LOCALSTATEDIR "/run/tinyproxy/tinyproxy.pid");
 }
 
 /**
@@ -350,20 +355,23 @@ done:
 int
 main (int argc, char **argv)
 {
-        int ret;
-
         /* Only allow u+rw bits. This may be required for some versions
          * of glibc so that mkstemp() doesn't make us vulnerable.
          */
         umask (0177);
 
+        log_message (LOG_INFO, "Initializing " PACKAGE " ...");
+
+        if (config_compile_regex()) {
+                exit (EX_SOFTWARE);
+        }
+
         initialize_config_defaults (&config_defaults);
         process_cmdline (argc, argv, &config_defaults);
 
-        log_message (LOG_INFO, "Initializing " PACKAGE " ...");
+        if (reload_config_file (config_defaults.config_file,
-
+                                &config,
-        ret = reload_config ();
+                                &config_defaults)) {
-        if (ret != 0) {
                 exit (EX_SOFTWARE);
         }
 
@@ -381,14 +389,6 @@ main (int argc, char **argv)
         if (config.godaemon == TRUE)
                 makedaemon ();
 
-        if (config.pidpath) {
-                if (pidfile_create (config.pidpath) < 0) {
-                        fprintf (stderr, "%s: Could not create PID file.\n",
-                                 argv[0]);
-                        exit (EX_OSERR);
-                }
-        }
-
         if (set_signal_handler (SIGPIPE, SIG_IGN) == SIG_ERR) {
                 fprintf (stderr, "%s: Could not set the \"SIGPIPE\" signal.\n",
                          argv[0]);
@@ -414,6 +414,20 @@ main (int argc, char **argv)
                 log_message (LOG_WARNING,
                              "Not running as root, so not changing UID/GID.");
 
+        /* Create log file after we drop privileges */
+        if (setup_logging ()) {
+                exit (EX_SOFTWARE);
+        }
+
+        /* Create pid file after we drop privileges */
+        if (config.pidpath) {
+                if (pidfile_create (config.pidpath) < 0) {
+                        fprintf (stderr, "%s: Could not create PID file.\n",
+                                 argv[0]);
+                        exit (EX_OSERR);
+                }
+        }
+
         if (child_pool_create () < 0) {
                 fprintf (stderr,
                          "%s: Could not create the pool of children.\n",

src/reqs.c

@@ -167,12 +167,18 @@ static void strip_username_password (char *host)
 static int strip_return_port (char *host)
 {
         char *ptr1;
+        char *ptr2;
         int port;
 
-        ptr1 = strchr (host, ':');
+        ptr1 = strrchr (host, ':');
         if (ptr1 == NULL)
                 return 0;
 
+        /* Check for IPv6 style literals */
+        ptr2 = strchr (ptr1, ']');
+        if (ptr2 != NULL)
+                return 0;
+
         *ptr1++ = '\0';
         if (sscanf (ptr1, "%d", &port) != 1)    /* one conversion required */
                 return 0;
@@ -212,6 +218,13 @@ static int extract_http_url (const char *url, struct request_s *request)
         port = strip_return_port (request->host);
         request->port = (port != 0) ? port : HTTP_PORT;
 
+        /* Remove any surrounding '[' and ']' from IPv6 literals */
+        p = strrchr (request->host, ']');
+        if (p && (*(request->host) == '[')) {
+                request->host++;
+                *p = '\0';
+        }
+
         return 0;
 
 ERROR_EXIT:
@@ -255,6 +268,7 @@ static int
 establish_http_connection (struct conn_s *connptr, struct request_s *request)
 {
         char portbuff[7];
+        char dst[sizeof(struct in6_addr)];
 
         /* Build a port string if it's not a standard port */
         if (request->port != HTTP_PORT && request->port != HTTP_PORT_SSL)
@@ -262,12 +276,23 @@ establish_http_connection (struct conn_s *connptr, struct request_s *request)
         else
                 portbuff[0] = '\0';
 
-        return write_message (connptr->server_fd,
+        if (inet_pton(AF_INET6, request->host, dst) > 0) {
-                              "%s %s HTTP/1.0\r\n"
+                /* host is an IPv6 address literal, so surround it with
-                              "Host: %s%s\r\n"
+                 * [] */
-                              "Connection: close\r\n",
+                return write_message (connptr->server_fd,
-                              request->method, request->path,
+                                      "%s %s HTTP/1.0\r\n"
-                              request->host, portbuff);
+                                      "Host: [%s]%s\r\n"
+                                      "Connection: close\r\n",
+                                      request->method, request->path,
+                                      request->host, portbuff);
+        } else {
+                return write_message (connptr->server_fd,
+                                      "%s %s HTTP/1.0\r\n"
+                                      "Host: %s%s\r\n"
+                                      "Connection: close\r\n",
+                                      request->method, request->path,
+                                      request->host, portbuff);
+        }
 }
 
 /*
@@ -418,7 +443,7 @@ BAD_REQUEST_ERROR:
         } else {
 #ifdef TRANSPARENT_PROXY
                 if (!do_transparent_proxy
-                    (connptr, hashofheaders, request, &config, url)) {
+                    (connptr, hashofheaders, request, &config, &url)) {
                         goto fail;
                 }
 #else

src/sock.c

@@ -181,6 +181,7 @@ int listen_sock (uint16_t port, socklen_t * addrlen)
         memset (&hints, 0, sizeof (struct addrinfo));
         hints.ai_family = AF_UNSPEC;
         hints.ai_socktype = SOCK_STREAM;
+        hints.ai_flags = AI_PASSIVE;
 
         snprintf (portstr, sizeof (portstr), "%d", port);
 

src/transparent-proxy.c

@@ -55,11 +55,11 @@ static int build_url (char **url, const char *host, int port, const char *path)
 int
 do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders,
                       struct request_s *request, struct config_s *conf,
-                      char *url)
+                      char **url)
 {
         socklen_t length;
         char *data;
-        size_t ulen = strlen (url);
+        size_t ulen = strlen (*url);
 
         length = hashmap_entry_by_key (hashofheaders, "host", (void **) &data);
         if (length <= 0) {
@@ -73,7 +73,7 @@ do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders,
                                      connptr->client_fd);
                         indicate_http_error (connptr, 400, "Bad Request",
                                              "detail", "Unknown destination",
-                                             "url", url, NULL);
+                                             "url", *url, NULL);
                         return 0;
                 }
 
@@ -83,15 +83,12 @@ do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders,
                 request->port = ntohs (dest_addr.sin_port);
 
                 request->path = (char *) safemalloc (ulen + 1);
-                strlcpy (request->path, url, ulen + 1);
+                strlcpy (request->path, *url, ulen + 1);
 
-                /* url overwritten by the call below is the url passed
+                build_url (url, request->host, request->port, request->path);
-                 * to this function, and is not the url variable in the
-                 * caller. */
-                build_url (&url, request->host, request->port, request->path);
                 log_message (LOG_INFO,
                              "process_request: trans IP %s %s for %d",
-                             request->method, url, connptr->client_fd);
+                             request->method, *url, connptr->client_fd);
         } else {
                 request->host = (char *) safemalloc (length + 1);
                 if (sscanf (data, "%[^:]:%hu", request->host, &request->port) !=
@@ -101,15 +98,12 @@ do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders,
                 }
 
                 request->path = (char *) safemalloc (ulen + 1);
-                strlcpy (request->path, url, ulen + 1);
+                strlcpy (request->path, *url, ulen + 1);
 
-                /* url overwritten by the call below is the url passed
+                build_url (url, request->host, request->port, request->path);
-                 * to this function, and is not the url variable in the
-                 * caller. */
-                build_url (&url, request->host, request->port, request->path);
                 log_message (LOG_INFO,
                              "process_request: trans Host %s %s for %d",
-                             request->method, url, connptr->client_fd);
+                             request->method, *url, connptr->client_fd);
         }
         if (conf->ipAddr && strcmp (request->host, conf->ipAddr) == 0) {
                 log_message (LOG_ERR,
@@ -118,7 +112,7 @@ do_transparent_proxy (struct conn_s *connptr, hashmap_t hashofheaders,
                 indicate_http_error (connptr, 400, "Bad Request",
                                      "detail",
                                      "You tried to connect to the machine "
-                                     "the proxy is running on", "url", url,
+                                     "the proxy is running on", "url", *url,
                                      NULL);
                 return 0;
         }

src/transparent-proxy.h

@@ -32,7 +32,7 @@
 extern int do_transparent_proxy (struct conn_s *connptr,
                                  hashmap_t hashofheaders,
                                  struct request_s *request,
-                                 struct config_s *config, char *url);
+                                 struct config_s *config, char **url);
 
 #endif
 

src/upstream.c

@@ -202,10 +202,10 @@ struct upstream *upstream_get (char *host, struct upstream *up)
                 up = NULL;
 
         if (up)
-                log_message (LOG_INFO, "Found proxy %s:%d for %s",
+                log_message (LOG_INFO, "Found upstream proxy %s:%d for %s",
                              up->host, up->port, host);
         else
-                log_message (LOG_INFO, "No proxy for %s", host);
+                log_message (LOG_INFO, "No upstream proxy for %s", host);
 
         return up;
 }

tests/scripts/run_tests.sh

@@ -26,10 +26,10 @@ LOG_DIR=$TESTENV_DIR/var/log
 
 TINYPROXY_IP=127.0.0.2
 TINYPROXY_PORT=12321
-TINYPROXY_USER=$USER
+TINYPROXY_USER=$(id -un)
 TINYPROXY_PID_DIR=$TESTENV_DIR/var/run/tinyproxy
 TINYPROXY_PID_FILE=$TINYPROXY_PID_DIR/tinyproxy.pid
-TINYPROXY_LOG_DIR=$LOG_DIR
+TINYPROXY_LOG_DIR=$LOG_DIR/tinyproxy
 TINYPROXY_DATA_DIR=$TESTENV_DIR/usr/share/tinyproxy
 TINYPROXY_CONF_DIR=$TESTENV_DIR/etc/tinyproxy
 TINYPROXY_CONF_FILE=$TINYPROXY_CONF_DIR/tinyproxy.conf
@@ -159,12 +159,13 @@ run_basic_webclient_request() {
 	if test "x$WEBCLIENT_EXIT_CODE" = "x0" ; then
 		echo " ok"
 	else
-		echo "ERROR ($EBCLIENT_EXIT_CODE)"
+		echo "ERROR ($WEBCLIENT_EXIT_CODE)"
 		echo "webclient output:"
 		cat $WEBCLIENT_LOG
 	fi
-}
 
+	return $WEBCLIENT_EXIT_CODE
+}
 
 # "main"
 
@@ -177,22 +178,31 @@ start_tinyproxy
 
 wait_for_some_seconds 3
 
+FAILED=0
+
 echo -n "checking direct connection to web server..."
 run_basic_webclient_request "$WEBSERVER_IP:$WEBSERVER_PORT" /
+test "x$?" = "x0" || FAILED=$((FAILED + 1))
 
 echo -n "testing connection through tinyproxy..."
 run_basic_webclient_request "$TINYPROXY_IP:$TINYPROXY_PORT" "http://$WEBSERVER_IP:$WEBSERVER_PORT/"
+test "x$?" = "x0" || FAILED=$((FAILED + 1))
 
 echo -n "requesting statspage via stathost url..."
 run_basic_webclient_request "$TINYPROXY_IP:$TINYPROXY_PORT" "http://$TINYPROXY_STATHOST_IP"
+test "x$?" = "x0" || FAILED=$((FAILED + 1))
 
-echo "You can continue using the webserver and tinyproxy."
+echo "$FAILED errors"
-echo -n "hit <enter> to stop the servers and exit: "
+
-read READ
+if test "x$TINYPROXY_TESTS_WAIT" = "xyes"; then
+	echo "You can continue using the webserver and tinyproxy."
+	echo -n "hit <enter> to stop the servers and exit: "
+	read READ
+fi
 
 stop_tinyproxy
 stop_webserver
 
 echo "done"
 
-exit 0
+exit $FAILED