6 #include "inet_ntop_cache.h"
14 static int request_check_hostname(buffer
*host
) {
15 enum { DOMAINLABEL
, TOPLABEL
} stage
= TOPLABEL
;
18 size_t host_len
, hostport_len
;
20 int is_ip
= -1; /* -1 don't know yet, 0 no, 1 yes */
24 * hostport = host [ ":" port ]
25 * host = hostname | IPv4address | IPv6address
26 * hostname = *( domainlabel "." ) toplabel [ "." ]
27 * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
28 * toplabel = alpha | alpha *( alphanum | "-" ) alphanum
29 * IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit
30 * IPv6address = "[" ... "]"
35 if (host
->ptr
[0] == '[') {
36 char *c
= host
->ptr
+ 1;
39 /* check the address inside [...] */
40 for (; *c
&& *c
!= ']'; c
++) {
42 if (++colon_cnt
> 7) {
45 } else if (!light_isxdigit(*c
) && '.' != *c
) {
57 for (c
+= 2; *c
; c
++) {
58 if (!light_isdigit(*c
)) {
63 else if ('\0' != *(c
+1)) {
64 /* only a port is allowed to follow [...] */
70 hostport_len
= host_len
= buffer_string_length(host
);
72 if (NULL
!= (colon
= memchr(host
->ptr
, ':', host_len
))) {
75 /* check portnumber */
77 if (!light_isdigit(*c
)) return -1;
80 /* remove the port from the host-len */
81 host_len
= colon
- host
->ptr
;
85 if (host_len
== 0) return -1;
87 /* if the hostname ends in a "." strip it */
88 if (host
->ptr
[host_len
-1] == '.') {
89 /* shift port info one left */
90 if (NULL
!= colon
) memmove(colon
-1, colon
, hostport_len
- host_len
);
91 buffer_string_set_length(host
, --hostport_len
);
92 if (--host_len
== 0) return -1;
96 /* scan from the right and skip the \0 */
97 for (i
= host_len
; i
-- > 0; ) {
98 const char c
= host
->ptr
[i
];
103 /* only switch stage, if this is not the last character */
104 if (i
!= host_len
- 1) {
105 if (label_len
== 0) {
109 /* check the first character at right of the dot */
111 if (!light_isalnum(host
->ptr
[i
+1])) {
114 } else if (!light_isdigit(host
->ptr
[i
+1])) {
116 } else if ('-' == host
->ptr
[i
+1]) {
128 /* just a dot and nothing else is evil */
132 /* the first character of the hostname */
133 if (!light_isalnum(c
)) {
138 if (c
!= '-' && !light_isalnum(c
)) {
142 if (!light_isdigit(c
)) is_ip
= 0;
151 if (label_len
== 0) {
157 } else if (!light_isdigit(c
)) {
164 if (label_len
== 0) {
168 /* c is either - or alphanum here */
169 if ('-' == host
->ptr
[i
+1]) {
176 if (!light_isalnum(c
)) {
181 if (c
!= '-' && !light_isalnum(c
)) {
192 /* a IP has to consist of 4 parts */
193 if (is_ip
== 1 && level
!= 3) {
197 if (label_len
== 0) {
204 int http_request_host_normalize(buffer
*b
, int scheme_port
) {
206 * check for and canonicalize numeric IP address and portnum (optional)
207 * (IP address may be followed by ":portnum" (optional))
210 * - IPv4: 12345678 (32-bit decimal number)
211 * - IPv4: 012345678 (32-bit octal number)
212 * - IPv4: 0x12345678 (32-bit hex number)
214 * allow any chars (except ':' and '\0' and stray '[' or ']')
215 * (other code may check chars more strictly or more pedantically)
216 * ':' delimits (optional) port at end of string
217 * "[]" wraps IPv6 address literal
218 * '\0' should have been rejected earlier were it present
220 * any chars includes, but is not limited to:
221 * - allow '-' any where, even at beginning of word
222 * (security caution: might be confused for cmd flag if passed to shell)
223 * - allow all-digit TLDs
224 * (might be mistaken for IPv4 addr by inet_aton()
225 * unless non-digits appear in subdomain)
228 /* Note: not using getaddrinfo() since it does not support "[]" around IPv6
229 * and is not as lenient as inet_aton() and inet_addr() for IPv4 strings.
230 * Not using inet_pton() (when available) on IPv4 for similar reasons. */
232 const char * const p
= b
->ptr
;
233 const size_t blen
= buffer_string_length(b
);
237 char * const colon
= (char *)memchr(p
, ':', blen
);
239 if (*p
== ':') return -1; /*(empty host then port, or naked IPv6)*/
240 if (colon
[1] != '\0') {
242 port
= strtol(colon
+1, &e
, 0); /*(allow decimal, octal, hex)*/
243 if (0 < port
&& port
<= USHRT_MAX
&& *e
== '\0') {
248 } /*(else ignore stray colon at string end)*/
249 buffer_string_set_length(b
, (size_t)(colon
- p
)); /*(remove port str)*/
252 if (light_isdigit(*p
)) {
253 /* (IPv4 address literal or domain starting w/ digit (e.g. 3com))*/
255 if (1 == sock_addr_inet_pton(&addr
, p
, AF_INET
, 0)) {
256 sock_addr_inet_ntop_copy_buffer(b
, &addr
);
259 } else { /* IPv6 addr */
260 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON)
263 char *bracket
= b
->ptr
+blen
-1;
264 char *percent
= strchr(b
->ptr
+1, '%');
267 char buf
[INET6_ADDRSTRLEN
+16]; /*(+16 for potential %interface name)*/
268 if (blen
<= 2) return -1; /*(invalid "[]")*/
269 if (*bracket
!= ']') {
270 bracket
= (char *)memchr(b
->ptr
+1, ']', blen
-1);
271 if (NULL
== bracket
|| bracket
[1] != ':' || bracket
- b
->ptr
== 1){
274 if (bracket
[2] != '\0') { /*(ignore stray colon at string end)*/
276 port
= strtol(bracket
+2, &e
, 0); /*(allow decimal, octal, hex)*/
277 if (0 < port
&& port
<= USHRT_MAX
&& *e
== '\0') {
285 *bracket
= '\0';/*(terminate IPv6 string)*/
286 if (percent
) *percent
= '\0'; /*(remove %interface from address)*/
287 rc
= sock_addr_inet_pton(&addr
, b
->ptr
+1, AF_INET6
, 0);
288 if (percent
) *percent
= '%'; /*(restore %interface)*/
289 *bracket
= ']'; /*(restore bracket)*/
290 if (1 != rc
) return -1;
292 sock_addr_inet_ntop(&addr
, buf
, sizeof(buf
));
295 if (percent
> bracket
) return -1;
296 if (len
+ (size_t)(bracket
- percent
) >= sizeof(buf
)) return -1;
297 memcpy(buf
+len
, percent
, (size_t)(bracket
- percent
));
298 len
+= (size_t)(bracket
- percent
);
300 buffer_string_set_length(b
, 1); /* truncate after '[' */
301 buffer_append_string_len(b
, buf
, len
);
302 buffer_append_string_len(b
, CONST_STR_LEN("]"));
311 if (0 != port
&& port
!= scheme_port
) {
312 buffer_append_string_len(b
, CONST_STR_LEN(":"));
313 buffer_append_int(b
, (int)port
);
319 static int scheme_port (const buffer
*scheme
)
321 return buffer_is_equal_string(scheme
, CONST_STR_LEN("https")) ? 443 : 80;
324 int http_request_host_policy (connection
*con
, buffer
*b
, const buffer
*scheme
) {
325 return (((con
->conf
.http_parseopts
& HTTP_PARSEOPT_HOST_STRICT
)
326 && 0 != request_check_hostname(b
))
327 || ((con
->conf
.http_parseopts
& HTTP_PARSEOPT_HOST_NORMALIZE
)
328 && 0 != http_request_host_normalize(b
, scheme_port(scheme
))));
335 static int http_request_split_value(array
*vals
, buffer
*b
) {
340 const char *token_start
= NULL
, *token_end
= NULL
;
344 * val1, val2, val3, val4
346 * into a array (more or less a explode() incl. striping of whitespaces
349 if (buffer_string_is_empty(b
)) return 0;
352 len
= buffer_string_length(b
);
353 for (i
= 0; i
<= len
; ++i
, ++current
) {
357 case 0: /* find start of a token */
360 case '\t': /* skip white space */
361 case ',': /* skip empty token */
363 case '\0': /* end of string */
366 /* found real data, switch to state 1 to find the end of the token */
367 token_start
= token_end
= current
;
372 case 1: /* find end of token and last non white space character */
376 /* space - don't update token_end */
379 case '\0': /* end of string also marks the end of a token */
380 if (NULL
== (ds
= (data_string
*)array_get_unused_element(vals
, TYPE_STRING
))) {
381 ds
= data_string_init();
384 buffer_copy_string_len(ds
->value
, token_start
, token_end
-token_start
+1);
385 array_insert_unique(vals
, (data_unset
*)ds
);
390 /* no white space, update token_end to include current character */
401 static int request_uri_is_valid_char(unsigned char c
) {
402 if (c
<= 32) return 0;
403 if (c
== 127) return 0;
404 if (c
== 255) return 0;
409 int http_request_parse(server
*srv
, connection
*con
) {
410 char *uri
= NULL
, *proto
= NULL
, *method
= NULL
, con_length_set
;
411 int is_key
= 1, key_len
= 0, is_ws_after_key
= 0, in_folding
;
412 char *value
= NULL
, *key
= NULL
;
413 char *reqline_host
= NULL
;
414 int reqline_hostlen
= 0;
416 enum { HTTP_CONNECTION_UNSET
, HTTP_CONNECTION_KEEPALIVE
, HTTP_CONNECTION_CLOSE
} keep_alive_set
= HTTP_CONNECTION_UNSET
;
420 int request_line_stage
= 0;
421 size_t i
, first
, ilen
;
424 const unsigned int http_header_strict
= (con
->conf
.http_parseopts
& HTTP_PARSEOPT_HEADER_STRICT
);
427 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
428 * Option : "^([-a-zA-Z]+): (.+)$"
432 if (con
->conf
.log_request_header
) {
433 log_error_write(srv
, __FILE__
, __LINE__
, "sdsdSb",
435 "request-len:", buffer_string_length(con
->request
.request
),
436 "\n", con
->request
.request
);
439 if (con
->request_count
> 1 &&
440 con
->request
.request
->ptr
[0] == '\r' &&
441 con
->request
.request
->ptr
[1] == '\n') {
442 /* we are in keep-alive and might get \r\n after a previous POST request.*/
445 if (buffer_string_length(con
->request
.request
) < 2) {
447 con
->http_status
= 400;
451 /* coverity[overflow_sink : FALSE] */
452 buffer_copy_string_len(con
->parse_request
, con
->request
.request
->ptr
+ 2, buffer_string_length(con
->request
.request
) - 2);
454 /* fill the local request buffer */
455 buffer_copy_buffer(con
->parse_request
, con
->request
.request
);
461 /* parse the first line of the request
465 * <method> <uri> <protocol>\r\n
467 ilen
= buffer_string_length(con
->parse_request
);
468 for (i
= 0, first
= 0; i
< ilen
&& line
== 0; i
++) {
469 switch(con
->parse_request
->ptr
[i
]) {
471 if (con
->parse_request
->ptr
[i
+1] == '\n') {
477 con
->parse_request
->ptr
[i
] = '\0';
478 con
->parse_request
->ptr
[i
+1] = '\0';
480 buffer_copy_string_len(con
->request
.request_line
, con
->parse_request
->ptr
, i
);
482 if (request_line_stage
!= 2) {
483 con
->http_status
= 400;
484 con
->response
.keep_alive
= 0;
487 if (srv
->srvconf
.log_request_header_on_error
) {
488 log_error_write(srv
, __FILE__
, __LINE__
, "s", "incomplete request line -> 400");
489 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
491 con
->request
.request
);
496 proto
= con
->parse_request
->ptr
+ first
;
501 /* we got the first one :) */
502 if (HTTP_METHOD_UNSET
== (r
= get_http_method_key(method
))) {
503 con
->http_status
= 501;
504 con
->response
.keep_alive
= 0;
507 if (srv
->srvconf
.log_request_header_on_error
) {
508 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown http-method -> 501");
509 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
511 con
->request
.request
);
517 con
->request
.http_method
= r
;
522 * HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
525 if (0 == strncmp(proto
, "HTTP/", sizeof("HTTP/") - 1)) {
526 char * major
= proto
+ sizeof("HTTP/") - 1;
527 char * minor
= strchr(major
, '.');
529 int major_num
= 0, minor_num
= 0;
531 int invalid_version
= 0;
533 if (NULL
== minor
|| /* no dot */
534 minor
== major
|| /* no major */
535 *(minor
+ 1) == '\0' /* no minor */) {
539 major_num
= strtol(major
, &err
, 10);
541 if (*err
!= '\0') invalid_version
= 1;
544 minor_num
= strtol(minor
, &err
, 10);
546 if (*err
!= '\0') invalid_version
= 1;
549 if (invalid_version
) {
550 con
->http_status
= 400;
553 if (srv
->srvconf
.log_request_header_on_error
) {
554 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown protocol -> 400");
555 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
557 con
->request
.request
);
562 if (major_num
== 1 && minor_num
== 1) {
563 con
->request
.http_version
= con
->conf
.allow_http11
? HTTP_VERSION_1_1
: HTTP_VERSION_1_0
;
564 } else if (major_num
== 1 && minor_num
== 0) {
565 con
->request
.http_version
= HTTP_VERSION_1_0
;
567 con
->http_status
= 505;
569 if (srv
->srvconf
.log_request_header_on_error
) {
570 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown HTTP version -> 505");
571 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
573 con
->request
.request
);
578 con
->http_status
= 400;
581 if (srv
->srvconf
.log_request_header_on_error
) {
582 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown protocol -> 400");
583 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
585 con
->request
.request
);
592 buffer_copy_string_len(con
->request
.uri
, uri
, proto
- uri
- 1);
593 } else if (0 == strncasecmp(uri
, "http://", 7) &&
594 NULL
!= (nuri
= strchr(uri
+ 7, '/'))) {
595 reqline_host
= uri
+ 7;
596 reqline_hostlen
= nuri
- reqline_host
;
598 buffer_copy_string_len(con
->request
.uri
, nuri
, proto
- nuri
- 1);
599 } else if (0 == strncasecmp(uri
, "https://", 8) &&
600 NULL
!= (nuri
= strchr(uri
+ 8, '/'))) {
601 reqline_host
= uri
+ 8;
602 reqline_hostlen
= nuri
- reqline_host
;
604 buffer_copy_string_len(con
->request
.uri
, nuri
, proto
- nuri
- 1);
606 /* everything looks good so far */
607 buffer_copy_string_len(con
->request
.uri
, uri
, proto
- uri
- 1);
610 /* check uri for invalid characters */
611 jlen
= buffer_string_length(con
->request
.uri
);
612 if (http_header_strict
) {
613 for (j
= 0; j
< jlen
&& request_uri_is_valid_char(con
->request
.uri
->ptr
[j
]); j
++) ;
615 char *z
= memchr(con
->request
.uri
->ptr
, '\0', jlen
);
616 j
= (NULL
== z
) ? jlen
: (size_t)(z
- con
->request
.uri
->ptr
);
619 con
->http_status
= 400;
622 if (srv
->srvconf
.log_request_header_on_error
) {
623 unsigned char buf
[2];
624 buf
[0] = con
->request
.uri
->ptr
[j
];
627 if (con
->request
.uri
->ptr
[j
] > 32 &&
628 con
->request
.uri
->ptr
[j
] != 127) {
629 /* the character is printable -> print it */
630 log_error_write(srv
, __FILE__
, __LINE__
, "ss",
631 "invalid character in URI -> 400",
634 /* a control-character, print ascii-code */
635 log_error_write(srv
, __FILE__
, __LINE__
, "sd",
636 "invalid character in URI -> 400",
637 con
->request
.uri
->ptr
[j
]);
640 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
642 con
->request
.request
);
648 buffer_copy_buffer(con
->request
.orig_uri
, con
->request
.uri
);
650 con
->http_status
= 0;
658 switch(request_line_stage
) {
661 method
= con
->parse_request
->ptr
+ first
;
666 uri
= con
->parse_request
->ptr
+ first
;
670 /* ERROR, one space to much */
671 con
->http_status
= 400;
672 con
->response
.keep_alive
= 0;
675 if (srv
->srvconf
.log_request_header_on_error
) {
676 log_error_write(srv
, __FILE__
, __LINE__
, "s", "overlong request line -> 400");
677 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
679 con
->request
.request
);
684 request_line_stage
++;
691 if (buffer_string_is_empty(con
->request
.uri
)) {
692 con
->http_status
= 400;
693 con
->response
.keep_alive
= 0;
696 if (srv
->srvconf
.log_request_header_on_error
) {
697 log_error_write(srv
, __FILE__
, __LINE__
, "s", "no uri specified -> 400");
698 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
700 con
->request
.request
);
706 /* Insert as host header */
709 if (NULL
== (ds
= (data_string
*)array_get_unused_element(con
->request
.headers
, TYPE_STRING
))) {
710 ds
= data_string_init();
713 buffer_copy_string_len(ds
->key
, CONST_STR_LEN("Host"));
714 buffer_copy_string_len(ds
->value
, reqline_host
, reqline_hostlen
);
715 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
716 con
->request
.http_host
= ds
->value
;
719 for (; i
<= ilen
&& !done
; i
++) {
720 char *cur
= con
->parse_request
->ptr
+ i
;
727 * 1*<any CHAR except CTLs or separators>
728 * CTLs == 0-31 + 127, CHAR = 7-bit ascii (0..127)
737 if (is_ws_after_key
== 0) {
759 con
->http_status
= 400;
761 con
->response
.keep_alive
= 0;
763 if (srv
->srvconf
.log_request_header_on_error
) {
764 log_error_write(srv
, __FILE__
, __LINE__
, "sbsds",
765 "invalid character in key", con
->request
.request
, cur
, *cur
, "-> 400");
767 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
769 con
->request
.request
);
785 /* skip every thing up to the : */
786 for (j
= 1; !got_colon
; j
++) {
787 switch(con
->parse_request
->ptr
[j
+ i
]) {
793 /* ok, done; handle the colon the usual way */
797 is_ws_after_key
= 1; /* we already know the key length */
803 if (srv
->srvconf
.log_request_header_on_error
) {
804 log_error_write(srv
, __FILE__
, __LINE__
, "s", "WS character in key -> 400");
805 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
807 con
->request
.request
);
810 con
->http_status
= 400;
811 con
->response
.keep_alive
= 0;
820 if (con
->parse_request
->ptr
[i
+1] == '\n' && i
== first
) {
822 con
->parse_request
->ptr
[i
] = '\0';
823 con
->parse_request
->ptr
[i
+1] = '\0';
829 if (srv
->srvconf
.log_request_header_on_error
) {
830 log_error_write(srv
, __FILE__
, __LINE__
, "s", "CR without LF -> 400");
831 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
833 con
->request
.request
);
836 con
->http_status
= 400;
838 con
->response
.keep_alive
= 0;
843 if (http_header_strict
? (*cur
< 32 || ((unsigned char)*cur
) >= 127) : *cur
== '\0') {
844 con
->http_status
= 400;
846 con
->response
.keep_alive
= 0;
848 if (srv
->srvconf
.log_request_header_on_error
) {
849 log_error_write(srv
, __FILE__
, __LINE__
, "sbsds",
850 "invalid character in key", con
->request
.request
, cur
, *cur
, "-> 400");
852 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
854 con
->request
.request
);
865 if (con
->parse_request
->ptr
[i
+1] == '\n') {
866 data_string
*ds
= NULL
;
868 /* End of Headerline */
869 con
->parse_request
->ptr
[i
] = '\0';
870 con
->parse_request
->ptr
[i
+1] = '\0';
874 * we use a evil hack to handle the line-folding
876 * As array_insert_unique() deletes 'ds' in the case of a duplicate
877 * ds points somewhere and we get a evil crash. As a solution we keep the old
878 * "key" and get the current value from the hash and append us
882 if (!key
|| !key_len
) {
885 if (srv
->srvconf
.log_request_header_on_error
) {
886 log_error_write(srv
, __FILE__
, __LINE__
, "s", "WS at the start of first line -> 400");
888 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
890 con
->request
.request
);
894 con
->http_status
= 400;
896 con
->response
.keep_alive
= 0;
900 if (NULL
!= (ds
= (data_string
*)array_get_element_klen(con
->request
.headers
, key
, key_len
))) {
901 buffer_append_string(ds
->value
, value
);
905 key
= con
->parse_request
->ptr
+ first
;
909 /* strip trailing white-spaces */
911 (value
[s_len
- 1] == ' ' ||
912 value
[s_len
- 1] == '\t'); s_len
--);
918 if (NULL
== (ds
= (data_string
*)array_get_unused_element(con
->request
.headers
, TYPE_STRING
))) {
919 ds
= data_string_init();
921 buffer_copy_string_len(ds
->key
, key
, key_len
);
922 buffer_copy_string_len(ds
->value
, value
, s_len
);
927 * the list of options is sorted to simplify the search
930 if (0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Connection")))) {
936 vals
= srv
->split_vals
;
940 http_request_split_value(vals
, ds
->value
);
942 for (vi
= 0; vi
< vals
->used
; vi
++) {
943 data_string
*dsv
= (data_string
*)vals
->data
[vi
];
945 if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv
->value
), CONST_STR_LEN("keep-alive"))) {
946 keep_alive_set
= HTTP_CONNECTION_KEEPALIVE
;
949 } else if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv
->value
), CONST_STR_LEN("close"))) {
950 keep_alive_set
= HTTP_CONNECTION_CLOSE
;
956 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Content-Length")))) {
960 if (con_length_set
) {
961 con
->http_status
= 400;
964 if (srv
->srvconf
.log_request_header_on_error
) {
965 log_error_write(srv
, __FILE__
, __LINE__
, "s",
966 "duplicate Content-Length-header -> 400");
967 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
969 con
->request
.request
);
971 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
975 r
= strtoll(ds
->value
->ptr
, &err
, 10);
977 if (*err
== '\0' && r
>= 0) {
979 con
->request
.content_length
= r
;
981 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
982 "content-length broken:", ds
->value
, "-> 400");
984 con
->http_status
= 400;
987 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
990 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Content-Type")))) {
991 /* if dup, only the first one will survive */
992 if (!con
->request
.http_content_type
) {
993 con
->request
.http_content_type
= ds
->value
->ptr
;
995 con
->http_status
= 400;
998 if (srv
->srvconf
.log_request_header_on_error
) {
999 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1000 "duplicate Content-Type-header -> 400");
1001 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1002 "request-header:\n",
1003 con
->request
.request
);
1005 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1008 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Host")))) {
1010 /* ignore all host: headers as we got the host in the request line */
1011 ds
->free((data_unset
*) ds
);
1013 } else if (!con
->request
.http_host
) {
1014 con
->request
.http_host
= ds
->value
;
1016 con
->http_status
= 400;
1017 con
->keep_alive
= 0;
1019 if (srv
->srvconf
.log_request_header_on_error
) {
1020 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1021 "duplicate Host-header -> 400");
1022 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1023 "request-header:\n",
1024 con
->request
.request
);
1026 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1029 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("If-Modified-Since")))) {
1030 /* Proxies sometimes send dup headers
1031 * if they are the same we ignore the second
1032 * if not, we raise an error */
1033 if (!con
->request
.http_if_modified_since
) {
1034 con
->request
.http_if_modified_since
= ds
->value
->ptr
;
1035 } else if (0 == strcasecmp(con
->request
.http_if_modified_since
,
1037 /* ignore it if they are the same */
1039 ds
->free((data_unset
*)ds
);
1042 con
->http_status
= 400;
1043 con
->keep_alive
= 0;
1045 if (srv
->srvconf
.log_request_header_on_error
) {
1046 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1047 "duplicate If-Modified-Since header -> 400");
1048 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1049 "request-header:\n",
1050 con
->request
.request
);
1052 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1055 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("If-None-Match")))) {
1056 /* if dup, only the first one will survive */
1057 if (!con
->request
.http_if_none_match
) {
1058 con
->request
.http_if_none_match
= ds
->value
->ptr
;
1060 ds
->free((data_unset
*) ds
);
1063 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Range")))) {
1064 if (!con
->request
.http_range
) {
1067 if (0 == strncasecmp(ds
->value
->ptr
, "bytes=", 6) &&
1068 NULL
!= strchr(ds
->value
->ptr
+6, '-')) {
1070 /* if dup, only the first one will survive */
1071 con
->request
.http_range
= ds
->value
->ptr
+ 6;
1074 con
->http_status
= 400;
1075 con
->keep_alive
= 0;
1077 if (srv
->srvconf
.log_request_header_on_error
) {
1078 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1079 "duplicate Range-header -> 400");
1080 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1081 "request-header:\n",
1082 con
->request
.request
);
1084 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1089 if (ds
) array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1091 /* empty header-fields are not allowed by HTTP-RFC, we just ignore them */
1101 * for Bug 1230 keep the key_len a live
1107 if (srv
->srvconf
.log_request_header_on_error
) {
1108 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
1109 "CR without LF", con
->request
.request
, "-> 400");
1112 con
->http_status
= 400;
1113 con
->keep_alive
= 0;
1114 con
->response
.keep_alive
= 0;
1120 /* strip leading WS */
1121 if (value
== cur
) value
= cur
+1;
1124 if (http_header_strict
? (*cur
>= 0 && *cur
< 32) : *cur
== '\0') {
1125 if (srv
->srvconf
.log_request_header_on_error
) {
1126 log_error_write(srv
, __FILE__
, __LINE__
, "sds",
1127 "invalid char in header", (int)*cur
, "-> 400");
1130 con
->http_status
= 400;
1131 con
->keep_alive
= 0;
1140 con
->header_len
= i
;
1142 /* do some post-processing */
1144 if (con
->request
.http_version
== HTTP_VERSION_1_1
) {
1145 if (keep_alive_set
!= HTTP_CONNECTION_CLOSE
) {
1146 /* no Connection-Header sent */
1148 /* HTTP/1.1 -> keep-alive default TRUE */
1149 con
->keep_alive
= 1;
1151 con
->keep_alive
= 0;
1154 /* RFC 2616, 14.23 */
1155 if (con
->request
.http_host
== NULL
||
1156 buffer_string_is_empty(con
->request
.http_host
)) {
1157 con
->http_status
= 400;
1158 con
->response
.keep_alive
= 0;
1159 con
->keep_alive
= 0;
1161 if (srv
->srvconf
.log_request_header_on_error
) {
1162 log_error_write(srv
, __FILE__
, __LINE__
, "s", "HTTP/1.1 but Host missing -> 400");
1163 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1164 "request-header:\n",
1165 con
->request
.request
);
1170 if (keep_alive_set
== HTTP_CONNECTION_KEEPALIVE
) {
1171 /* no Connection-Header sent */
1173 /* HTTP/1.0 -> keep-alive default FALSE */
1174 con
->keep_alive
= 1;
1176 con
->keep_alive
= 0;
1180 /* check hostname field if it is set */
1181 if (!buffer_is_empty(con
->request
.http_host
) &&
1182 0 != http_request_host_policy(con
, con
->request
.http_host
, con
->proto
)) {
1184 if (srv
->srvconf
.log_request_header_on_error
) {
1185 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1186 "Invalid Hostname -> 400");
1187 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1188 "request-header:\n",
1189 con
->request
.request
);
1192 con
->http_status
= 400;
1193 con
->response
.keep_alive
= 0;
1194 con
->keep_alive
= 0;
1200 data_string
*ds
= (data_string
*)array_get_element(con
->request
.headers
, "Transfer-Encoding");
1202 if (con
->request
.http_version
== HTTP_VERSION_1_0
) {
1203 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1204 "HTTP/1.0 with Transfer-Encoding (bad HTTP/1.0 proxy?) -> 400");
1205 con
->keep_alive
= 0;
1206 con
->http_status
= 400; /* Bad Request */
1210 if (0 != strcasecmp(ds
->value
->ptr
, "chunked")) {
1211 /* Transfer-Encoding might contain additional encodings,
1212 * which are not currently supported by lighttpd */
1213 con
->keep_alive
= 0;
1214 con
->http_status
= 501; /* Not Implemented */
1218 /* reset value for Transfer-Encoding, a hop-by-hop header,
1219 * which must not be blindly forwarded to backends */
1220 buffer_reset(ds
->value
); /* headers with empty values are ignored */
1223 con
->request
.content_length
= -1;
1225 /*(note: ignore whether or not Content-Length was provided)*/
1226 ds
= (data_string
*)array_get_element(con
->request
.headers
, "Content-Length");
1227 if (NULL
!= ds
) buffer_reset(ds
->value
); /* headers with empty values are ignored */
1231 switch(con
->request
.http_method
) {
1232 case HTTP_METHOD_GET
:
1233 case HTTP_METHOD_HEAD
:
1234 /* content-length is forbidden for those */
1235 if (con_length_set
&& con
->request
.content_length
!= 0) {
1236 /* content-length is missing */
1237 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1238 "GET/HEAD with content-length -> 400");
1240 con
->keep_alive
= 0;
1241 con
->http_status
= 400;
1245 case HTTP_METHOD_POST
:
1246 /* content-length is required for them */
1247 if (!con_length_set
) {
1248 /* content-length is missing */
1249 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1250 "POST-request, but content-length missing -> 411");
1252 con
->keep_alive
= 0;
1253 con
->http_status
= 411;
1263 /* check if we have read post data */
1264 if (con_length_set
) {
1265 /* we have content */
1266 if (con
->request
.content_length
!= 0) {
1274 int http_request_header_finished(server
*srv
, connection
*con
) {
1277 if (buffer_string_length(con
->request
.request
) < 4) return 0;
1279 if (0 == memcmp(con
->request
.request
->ptr
+ buffer_string_length(con
->request
.request
) - 4, CONST_STR_LEN("\r\n\r\n"))) return 1;
1280 if (NULL
!= strstr(con
->request
.request
->ptr
, "\r\n\r\n")) return 1;