Author: toad
Date: 2006-03-18 21:10:36 +0000 (Sat, 18 Mar 2006)
New Revision: 8279
Modified:
trunk/freenet/src/freenet/clients/http/FproxyToadlet.java
trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java
trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
trunk/freenet/src/freenet/node/Version.java
Log:
548:
- UTF-32 isn't supported by JVMs prior to 1.6. Ignore this.
- Drop any illegal characters in text in HTML (it's probably a bogus charset,
which might possibly be exploitable).
Modified: trunk/freenet/src/freenet/clients/http/FproxyToadlet.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/FproxyToadlet.java 2006-03-18
20:13:52 UTC (rev 8278)
+++ trunk/freenet/src/freenet/clients/http/FproxyToadlet.java 2006-03-18
21:10:36 UTC (rev 8279)
@@ -121,6 +121,11 @@
forceString.equals(getForceValue(key, now-FORCE_GRAIN_INTERVAL)))
force = true;
}
+
+ if(typeName.equals("application/x-msdownload")) {
+ // Download to disk, this should be safe, and
is set when we do "force download to disk" from a dangerous-content-warning
page.
+ force = true;
+ }
try {
if(!force)
Modified: trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java
2006-03-18 20:13:52 UTC (rev 8278)
+++ trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java
2006-03-18 21:10:36 UTC (rev 8279)
@@ -3,6 +3,7 @@
import java.io.EOFException;
import java.io.IOException;
import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
import java.util.HashMap;
import java.util.Hashtable;
@@ -193,6 +194,9 @@
try {
if((charset =
handler.charsetExtractor.getCharset(data, "UTF-32")) != null)
return charset;
+ } catch (UnsupportedEncodingException e) {
+ // Doesn't seem to be supported by prior to 1.6.
+ Logger.minor(ContentFilter.class, "UTF-32 not
supported");
} catch (DataFilterException e) {
// Ignore
}
Modified: trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
2006-03-18 20:13:52 UTC (rev 8278)
+++ trunk/freenet/src/freenet/clients/http/filter/HTMLFilter.java
2006-03-18 21:10:36 UTC (rev 8279)
@@ -343,6 +343,15 @@
return;
}
+ for(int i=0;i<s.length();i++) {
+ if(s.charAt(i) < 32) {
+ // Not a real character
+ // STRONGLY suggests somebody is using a bogus
charset.
+ // This could be in order to break the filter.
+ s.deleteCharAt(i);
+ }
+ }
+
String style = s.toString();
if (pc.inStyle) {
pc.currentStyleScriptChunk += style;
Modified: trunk/freenet/src/freenet/node/Version.java
===================================================================
--- trunk/freenet/src/freenet/node/Version.java 2006-03-18 20:13:52 UTC (rev
8278)
+++ trunk/freenet/src/freenet/node/Version.java 2006-03-18 21:10:36 UTC (rev
8279)
@@ -20,7 +20,7 @@
public static final String protocolVersion = "1.0";
/** The build number of the current revision */
- private static final int buildNumber = 547;
+ private static final int buildNumber = 548;
/** Oldest build of Fred we will talk to */
private static final int lastGoodBuild = 507;
