4 files changed, 81 insertions, 4 deletions

diff --git a/libmproxy/platform/__init__.py b/libmproxy/platform/__init__.py
index 93423e91..15ac9c1a 100644
--- a/libmproxy/platform/__init__.py
+++ b/libmproxy/platform/__init__.py
@@ -4,4 +4,6 @@ resolver = None
 if sys.platform == "linux2":
     import linux
     resolver = linux.Resolver()
-
+#elif sys.platform == "darwin":
+#    import osx
+#    resolver = osx.Resolver()
diff --git a/libmproxy/platform/osx.py b/libmproxy/platform/osx.py
new file mode 100644
index 00000000..fa51a2db
--- /dev/null
+++ b/libmproxy/platform/osx.py
@@ -0,0 +1,54 @@
+import socket, struct
+
+# Python socket module does not have this constant
+DIOCNATLOOK = 23
+
+class Resolver:
+    def original_addr(self, csock):
+        """
+            The following sttruct defintions are plucked from the current XNU source, found here:
+
+                http://www.opensource.apple.com/source/xnu/xnu-1699.26.8/bsd/net/pfvar.h
+
+
+            union pf_state_xport {
+                u_int16_t	port;
+                u_int16_t	call_id;
+                u_int32_t	spi;
+            };
+
+            struct pf_addr {
+                union {
+                    struct in_addr		v4;
+                    struct in6_addr		v6;
+                    u_int8_t		addr8[16];
+                    u_int16_t		addr16[8];
+                    u_int32_t		addr32[4];
+                } pfa;
+
+            struct pfioc_natlook {
+                struct pf_addr	 saddr;
+                struct pf_addr	 daddr;
+                struct pf_addr	 rsaddr;
+                struct pf_addr	 rdaddr;
+            #ifndef NO_APPLE_EXTENSIONS
+                union pf_state_xport	sxport;
+                union pf_state_xport	dxport;
+                union pf_state_xport	rsxport;
+                union pf_state_xport	rdxport;
+                sa_family_t	 af;
+                u_int8_t	 proto;
+                u_int8_t	 proto_variant;
+                u_int8_t	 direction;
+            #else
+                u_int16_t	 sport;
+                u_int16_t	 dport;
+                u_int16_t	 rsport;
+                u_int16_t	 rdport;
+                sa_family_t	 af;
+                u_int8_t	 proto;
+                u_int8_t	 direction;
+            #endif
+            };
+        """
+        pass
diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 392714ff..3ec22fb4 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -189,7 +189,7 @@ class ProxyHandler(tcp.BaseHandler):
             if request:
                 err = flow.Error(request, e.msg)
                 err._send(self.mqueue)
-                self.send_error(e.code, e.msg)
+            self.send_error(e.code, e.msg)
         else:
             return True
 
@@ -261,7 +261,10 @@ class ProxyHandler(tcp.BaseHandler):
             if line == "":
                 return None
             if line.startswith("CONNECT"):
-                host, port, httpversion = http.parse_init_connect(line)
+                r = http.parse_init_connect(line)
+                if not r:
+                    raise ProxyError(400, "Bad HTTP request line: %s"%line)
+                host, port, httpversion = r
                 # FIXME: Discard additional headers sent to the proxy. Should I expose
                 # these to users?
                 while 1:
@@ -290,6 +293,9 @@ class ProxyHandler(tcp.BaseHandler):
                 )
                 return flow.Request(client_conn, httpversion, host, port, "https", method, path, headers, content)
             else:
+                r = http.parse_init_proxy(line)
+                if not r:
+                    raise ProxyError(400, "Bad HTTP request line: %s"%line)
                 method, scheme, host, port, path, httpversion = http.parse_init_proxy(line)
                 headers = http.read_headers(self.rfile)
                 content = http.read_http_body_request(
@@ -425,6 +431,8 @@ def process_proxy_options(parser, options):
         parser.errror("Can't set both reverse proxy and transparent proxy.")
 
     if options.transparent_proxy:
+        if not platform.resolver:
+            parser.error("Transparent mode not supported on this platform.")
         trans = dict(
             resolver = platform.resolver,
             sslports = TRANSPARENT_SSL_PORTS
diff --git a/test/test_server.py b/test/test_server.py
index 8878cf32..e4a62fa5 100644
--- a/test/test_server.py
+++ b/test/test_server.py
@@ -1,6 +1,7 @@
 import urllib, urllib2, unittest
 import time
 import libpathod.test, requests
+from netlib import tcp, http
 import tutils
 
 """
@@ -21,7 +22,19 @@ class SanityMixin:
 
 
 class TestHTTP(tutils.HTTPProxTest, SanityMixin):
-    pass
+    def test_invalid_http(self):
+        t = tcp.TCPClient("127.0.0.1", self.proxy.port)
+        t.connect()
+        t.wfile.write("invalid\n\n")
+        t.wfile.flush()
+        assert "Bad Request" in t.rfile.readline()
+
+    def test_invalid_connect(self):
+        t = tcp.TCPClient("127.0.0.1", self.proxy.port)
+        t.connect()
+        t.wfile.write("CONNECT invalid\n\n")
+        t.wfile.flush()
+        assert "Bad Request" in t.rfile.readline()
 
 
 class TestHTTPS(tutils.HTTPProxTest, SanityMixin):