[freenet-cvs] r11190 - trunk/freenet/src/freenet/clients/http/filter

toad at freenetproject.org toad at freenetproject.org
Sat Dec 2 00:56:39 UTC 2006 

Author: toad
Date: 2006-12-02 00:56:37 +0000 (Sat, 02 Dec 2006)
New Revision: 11190

Added:
   trunk/freenet/src/freenet/clients/http/filter/PNGFilter.java
Modified:
   trunk/freenet/src/freenet/clients/http/filter/CSSReadFilter.java
   trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java
Log:
Initial PNG filter. Currently it just checks for a signature.
However this is enough to stop at least one attack, provided that my patch to firefox is (eventually) accepted.

Modified: trunk/freenet/src/freenet/clients/http/filter/CSSReadFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/CSSReadFilter.java	2006-12-01 23:37:12 UTC (rev 11189)
+++ trunk/freenet/src/freenet/clients/http/filter/CSSReadFilter.java	2006-12-02 00:56:37 UTC (rev 11190)
@@ -52,7 +52,7 @@
 			explanation.addChild("#", " The page you are about to display has an unknown character set. This means that we are not able to filter the page, and it may compromize your anonymity.");
 			throw new DataFilterException("Warning: Unknown character set ("+charset+ ')', "Warning: Unknown character set ("+HTMLEncoder.encode(charset)+ ')',
 					"<p><b>Unknown character set</b> The page you are about to display has an unknown character set. "+
-					"This means that we are not able to filter the page, and it may compromize your anonymity.", explanation);
+					"This means that we are not able to filter the page, and it may compromize your anonymity.</p>", explanation);
 		}
 		CSSParser parser = new CSSParser(r, w, false, cb);
 		parser.parse();

Modified: trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java	2006-12-01 23:37:12 UTC (rev 11189)
+++ trunk/freenet/src/freenet/clients/http/filter/ContentFilter.java	2006-12-02 00:56:37 UTC (rev 11190)
@@ -52,7 +52,7 @@
 		
 		// PNG - probably safe - FIXME check this out, write filters
 		register(new MIMEType("image/png", "png", new String[0], new String[0],
-				true, false, null, null, false, false, false, false, true, false,
+				true, false, new PNGFilter(), null, false, false, false, false, true, false,
 				"PNG image - probably not dangerous",
 				"PNG image - probably not dangerous but you should wipe any comments or text blocks",
 				false, null, null));

Added: trunk/freenet/src/freenet/clients/http/filter/PNGFilter.java
===================================================================
--- trunk/freenet/src/freenet/clients/http/filter/PNGFilter.java	2006-12-01 23:37:12 UTC (rev 11189)
+++ trunk/freenet/src/freenet/clients/http/filter/PNGFilter.java	2006-12-02 00:56:37 UTC (rev 11190)
@@ -0,0 +1,53 @@
+/* This code is part of Freenet. It is distributed under the GNU General
+ * Public License, version 2 (or at your option any later version). See
+ * http://www.gnu.org/ for further details of the GPL. */
+package freenet.clients.http.filter;
+
+import java.io.BufferedInputStream;
+import java.io.DataInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Arrays;
+import java.util.HashMap;
+
+import freenet.support.HTMLNode;
+import freenet.support.io.Bucket;
+import freenet.support.io.BucketFactory;
+
+/**
+ * Content filter for PNG's.
+ * This one just verifies that a PNG is valid, and throws if it isn't.
+ */
+public class PNGFilter implements ContentDataFilter {
+
+	static final byte[] pngHeader = 
+		{ (byte)137, (byte)80, (byte)78, (byte)71, (byte)13, (byte)10, (byte)26, (byte)10 };
+	
+	public Bucket readFilter(Bucket data, BucketFactory bf, String charset,
+			HashMap otherParams, FilterCallback cb) throws DataFilterException,
+			IOException {
+		InputStream is = data.getInputStream();
+		BufferedInputStream bis = new BufferedInputStream(is);
+		DataInputStream dis = new DataInputStream(bis);
+		// Check the header
+		byte[] headerCheck = new byte[pngHeader.length];
+		dis.read(headerCheck);
+		if(!Arrays.equals(headerCheck, pngHeader)) {
+			// Throw an exception
+			String message = "The file you tried to fetch is not a PNG. It does not include a valid PNG header. "+
+					"It might be some other file format, and your browser may do something horrible with it, "+
+					"therefore we have blocked it."; 
+			throw new DataFilterException("Not a PNG - invalid header", "Not a PNG - invalid header",
+					"<p>"+message+"</p>", new HTMLNode("p").addChild("#", message));
+		}
+		return data;
+	}
+
+	public Bucket writeFilter(Bucket data, BucketFactory bf, String charset,
+			HashMap otherParams, FilterCallback cb) throws DataFilterException,
+			IOException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+}

More information about the cvs mailing list