71 lines
2.5 KiB
Diff
71 lines
2.5 KiB
Diff
|
--- src/sg.h.in 2007-11-16 17:58:32.000000000 +0100
|
||
|
+++ squidGuard-1.4-20091019/sg.h.in 2009-10-19 21:25:23.000000000 +0200
|
||
|
@@ -73,7 +73,7 @@
|
||
|
#define REQUEST_TYPE_REDIRECT 2
|
||
|
#define REQUEST_TYPE_PASS 3
|
||
|
|
||
|
-#define MAX_BUF 4096
|
||
|
+#define MAX_BUF 12288
|
||
|
|
||
|
#define DEFAULT_LOGFILE "squidGuard.log"
|
||
|
#define WARNING_LOGFILE "squidGuard.log"
|
||
|
--- src/sgDiv.c 2008-03-12 21:41:53.000000000 +0100
|
||
|
+++ squidGuard-1.4-20091019/sgDiv.c.in 2009-10-19 21:26:04.000000000 +0200
|
||
|
@@ -94,6 +94,7 @@
|
||
|
int i = 0;
|
||
|
char c;
|
||
|
int report_once = 1;
|
||
|
+ int trailingdot = 0;
|
||
|
size_t strsz;
|
||
|
int ndx = 0;
|
||
|
|
||
|
@@ -132,7 +133,7 @@
|
||
|
{
|
||
|
/* in case this is a '://' skip over it, but try to not read past EOS */
|
||
|
if(3 <= strsz-ndx) {
|
||
|
- if(':' == p[ndx] && '/' == p[ndx+1] && '/' == p[ndx+2]) {
|
||
|
+ if(':' == p[ndx] && '/' == p[ndx+1] && '/' == p[ndx+2] && '\0' != p[ndx+3]) {
|
||
|
ndx+=3; /* 3 == strlen("://"); */
|
||
|
}
|
||
|
}
|
||
|
@@ -144,10 +145,20 @@
|
||
|
strncpy(p+ndx,p+ndx+1, sz);
|
||
|
p[ndx+sz] = '\0';
|
||
|
if(1 == report_once) {
|
||
|
- sgLogError("Warning: Possible bypass attempt. Found multiple slashes where only one is expected: %s", s->orig);
|
||
|
+ @NOLOG1@ sgLogError("Warning: Possible bypass attempt. Found multiple slashes where only one is expected: %s", s->orig); @NOLOG2@
|
||
|
report_once--;
|
||
|
}
|
||
|
}
|
||
|
+ else if ('.' == p[ndx] && '/' == p[ndx+1] && trailingdot == 0) {
|
||
|
+ /* If the domain has trailing dot, remove (problem found with squid 3.0 stable1-5) */
|
||
|
+ /* if this char is a dot and the next char is a slash, then shift the rest of the string left one char */
|
||
|
+ /* We do this only the first time it is encountered. */
|
||
|
+ trailingdot++;
|
||
|
+ size_t sz = strlen(p+ndx+1);
|
||
|
+ strncpy(p+ndx,p+ndx+1, sz);
|
||
|
+ p[ndx+sz] = '\0';
|
||
|
+ @NOLOG1@ sgLogError("Warning: Possible bypass attempt. Found a trailing dot in the domain name: %s", s->orig); @NOLOG2@
|
||
|
+ }
|
||
|
else
|
||
|
{
|
||
|
/* increment the string indexer */
|
||
|
@@ -734,7 +745,7 @@
|
||
|
p++;
|
||
|
break;
|
||
|
case 'u': /* Requested URL */
|
||
|
- strcat(buf, req->orig);
|
||
|
+ strncat(buf, req->orig, 2048);
|
||
|
p++;
|
||
|
break;
|
||
|
default:
|
||
|
@@ -766,7 +777,7 @@
|
||
|
fprintf( stderr, " ****************\n");
|
||
|
fprintf( stderr, "FAILURE! Check your log file for problems with the database files!\n" );
|
||
|
fprintf( stderr, " ****************\n");
|
||
|
- exit(1);
|
||
|
+ exit(4);
|
||
|
}
|
||
|
}
|
||
|
sgLogError("Going into emergency mode");
|