From b60610b8575351e5772b49506f8c4a28437505bd Mon Sep 17 00:00:00 2001
From: Art Cancro <ajc@citadel.org>
Date: Thu, 2 Mar 2006 16:20:07 +0000
Subject: [PATCH] 404 all broken Microsoft /_vti_* crap

---
 webcit/context_loop.c | 33 ++++++++++++++++++++++-----------
 webcit/webcit.c       |  8 ++++++++
 2 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/webcit/context_loop.c b/webcit/context_loop.c
index f430099c9..e276383f7 100644
--- a/webcit/context_loop.c
+++ b/webcit/context_loop.c
@@ -225,18 +225,25 @@ int lingering_close(int fd)
 
 
 /**
- * \brief sanity requests
- * Check for bogus requests coming from (for example) brain-dead
- * Windoze boxes that are infected with the latest worm-of-the-week.
- * If we detect one of these, bail out without bothering our Citadel
- * server.
- * \param http_cmd the cmd to check
+ * \brief	sanity requests
+ *		Check for bogus requests coming from brain-dead Windows boxes.
+ *
+ * \param	http_cmd	The HTTP request to check
  */
 int is_bogus(char *http_cmd) {
+	char *url;
+
+	url = strstr(http_cmd, " ");
+	if (url == NULL) return(1);
+	++url;
 
-	if (!strncasecmp(http_cmd, "GET /scripts/root.exe", 21)) return(1);
-	if (!strncasecmp(http_cmd, "GET /c/winnt", 12)) return(2);
-	if (!strncasecmp(http_cmd, "GET /MSADC/", 11)) return(3);
+	/** Worms and trojans and viruses, oh my! */
+	if (!strncasecmp(url, "/scripts/root.exe", 17)) return(2);
+	if (!strncasecmp(url, "/c/winnt", 8)) return(2);
+	if (!strncasecmp(url, "/MSADC/", 7)) return(2);
+
+	/** Broken Microsoft DAV implementation */
+	if (!strncasecmp(url, "/_vti", 5)) return(3);
 
 	return(0);	/* probably ok */
 }
@@ -357,7 +364,10 @@ void context_loop(int sock)
 	lprintf(5, "HTTP: %s\n", buf);
 
 	/** Check for bogus requests */
-	if (is_bogus(buf)) goto bail;
+	if (is_bogus(buf)) {
+		strcpy(req->line, "GET /404 HTTP/1.1");
+		strcpy(buf, "GET /404 HTTP/1.1");
+	}
 
 	/**
 	 * Strip out the method, leaving the URL up front...
@@ -390,6 +400,7 @@ void context_loop(int sock)
 		&& (strncasecmp(buf, "/groupdav", 9))
 		&& (strncasecmp(buf, "/static", 7))
 		&& (strncasecmp(buf, "/rss", 4))
+		&& (strncasecmp(buf, "/404", 4))
 	        && (got_cookie == 0)) {
 		strcpy(req->line, "GET /static/nocookies.html"
 				"?force_close_session=yes HTTP/1.1");
@@ -467,7 +478,7 @@ void context_loop(int sock)
 	pthread_mutex_unlock(&TheSession->SessionMutex);	/*< unbind */
 
 	/** Free the request buffer */
-bail:	while (req != NULL) {
+	while (req != NULL) {
 		hptr = req->next;
 		free(req);
 		req = hptr;
diff --git a/webcit/webcit.c b/webcit/webcit.c
index f278f50b3..85ee1ca4b 100644
--- a/webcit/webcit.c
+++ b/webcit/webcit.c
@@ -1184,6 +1184,14 @@ void session_loop(struct httprequest *req)
 		}
 	}
 
+	/** If it's a "force 404" situation then display the error and bail. */
+	if (!strcmp(action, "404")) {
+		wprintf("HTTP/1.1 404 Not found\r\n");
+		wprintf("Content-Type: text/plain\r\n");
+		wprintf("\r\n");
+		wprintf("Not found\r\n");
+		goto SKIP_ALL_THIS_CRAP;
+	}
 
 	/** Static content can be sent without connecting to Citadel. */
 	is_static = 0;
-- 
2.39.2