[freenet-cvs] r11190 - trunk/freenet/src/freenet/clients/http/filter

Sat, 2 Dec 2006 00:56:39 +0000 (UTC) 

Author: toad
Date: 2006-12-02 00:56:37 +0000 (Sat, 02 Dec 2006)
New Revision: 11190

Added:
   trunk/freenet/src/freenet/clients/http/filter/PNGFilter.java
Modified:
   trunk/freenet/src/freenet/clients/http/filter/CSSReadFilter.java
   trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java
Log:
Initial PNG filter. Currently it just checks for a signature.
However this is enough to stop at least one attack, provided that my patch to 
firefox is (eventually) accepted.

Modified: trunk/freenet/src/freenet/clients/http/filter/CSSReadFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/CSSReadFilter.java    
2006-12-01 23:37:12 UTC (rev 11189)
+++ trunk/freenet/src/freenet/clients/http/filter/CSSReadFilter.java    
2006-12-02 00:56:37 UTC (rev 11190)
@@ -52,7 +52,7 @@
                        explanation.addChild("#", " The page you are about to 
display has an unknown character set. This means that we are not able to filter 
the page, and it may compromize your anonymity.");
                        throw new DataFilterException("Warning: Unknown 
character set ("+charset+ ')', "Warning: Unknown character set 
("+HTMLEncoder.encode(charset)+ ')',
                                        "<p><b>Unknown character set</b> The 
page you are about to display has an unknown character set. "+
-                                       "This means that we are not able to 
filter the page, and it may compromize your anonymity.", explanation);
+                                       "This means that we are not able to 
filter the page, and it may compromize your anonymity.</p>", explanation);
                }
                CSSParser parser = new CSSParser(r, w, false, cb);
                parser.parse();

Modified: trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java    
2006-12-01 23:37:12 UTC (rev 11189)
+++ trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java    
2006-12-02 00:56:37 UTC (rev 11190)
@@ -52,7 +52,7 @@

                // PNG - probably safe - FIXME check this out, write filters
                register(new MIMEType("image/png", "png", new String[0], new 
String[0],
-                               true, false, null, null, false, false, false, 
false, true, false,
+                               true, false, new PNGFilter(), null, false, 
false, false, false, true, false,
                                "PNG image - probably not dangerous",
                                "PNG image - probably not dangerous but you 
should wipe any comments or text blocks",
                                false, null, null));

Added: trunk/freenet/src/freenet/clients/http/filter/PNGFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/PNGFilter.java        
2006-12-01 23:37:12 UTC (rev 11189)
+++ trunk/freenet/src/freenet/clients/http/filter/PNGFilter.java        
2006-12-02 00:56:37 UTC (rev 11190)
@@ -0,0 +1,53 @@
+/* This code is part of Freenet. It is distributed under the GNU General
+ * Public License, version 2 (or at your option any later version). See
+ * http://www.gnu.org/ for further details of the GPL. */
+package freenet.clients.http.filter;
+
+import java.io.BufferedInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.HashMap;
+
+import freenet.support.HTMLNode;
+import freenet.support.io.Bucket;
+import freenet.support.io.BucketFactory;
+
+/**
+ * Content filter for PNG's.
+ * This one just verifies that a PNG is valid, and throws if it isn't.
+ */
+public class PNGFilter implements ContentDataFilter {
+
+       static final byte[] pngHeader = 
+               { (byte)137, (byte)80, (byte)78, (byte)71, (byte)13, (byte)10, 
(byte)26, (byte)10 };
+       
+       public Bucket readFilter(Bucket data, BucketFactory bf, String charset,
+                       HashMap otherParams, FilterCallback cb) throws 
DataFilterException,
+                       IOException {
+               InputStream is = data.getInputStream();
+               BufferedInputStream bis = new BufferedInputStream(is);
+               DataInputStream dis = new DataInputStream(bis);
+               // Check the header
+               byte[] headerCheck = new byte[pngHeader.length];
+               dis.read(headerCheck);
+               if(!Arrays.equals(headerCheck, pngHeader)) {
+                       // Throw an exception
+                       String message = "The file you tried to fetch is not a 
PNG. It does not include a valid PNG header. "+
+                                       "It might be some other file format, 
and your browser may do something horrible with it, "+
+                                       "therefore we have blocked it."; 
+                       throw new DataFilterException("Not a PNG - invalid 
header", "Not a PNG - invalid header",
+                                       "<p>"+message+"</p>", new 
HTMLNode("p").addChild("#", message));
+               }
+               return data;
+       }
+
+       public Bucket writeFilter(Bucket data, BucketFactory bf, String charset,
+                       HashMap otherParams, FilterCallback cb) throws 
DataFilterException,
+                       IOException {
+               // TODO Auto-generated method stub
+               return null;
+       }
+
+}

Reply via email to