search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[mod_openssl] remove erroneous SSL_set_shutdown()
[lighttpd.git] / src / request.c
blob65fcddf649612c9b1751a9c4d96e228f961b430f
1 #include "first.h"
2
3 #include "request.h"
4 #include "keyvalue.h"
5 #include "log.h"
6 #include "inet_ntop_cache.h"
7
8 #include <sys/stat.h>
9
10 #include <limits.h>
11 #include <stdlib.h>
12 #include <string.h>
13
14 static int request_check_hostname(buffer *host) {
15 enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL;
16 size_t i;
17 int label_len = 0;
18 size_t host_len, hostport_len;
19 char *colon;
20 int is_ip = -1; /* -1 don't know yet, 0 no, 1 yes */
21 int level = 0;
22
23 /*
24 * hostport = host [ ":" port ]
25 * host = hostname | IPv4address | IPv6address
26 * hostname = *( domainlabel "." ) toplabel [ "." ]
27 * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
28 * toplabel = alpha | alpha *( alphanum | "-" ) alphanum
29 * IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit
30 * IPv6address = "[" ... "]"
31 * port = *digit
32 */
33
34 /* IPv6 adress */
35 if (host->ptr[0] == '[') {
36 char *c = host->ptr + 1;
37 int colon_cnt = 0;
38
39 /* check the address inside [...] */
40 for (; *c && *c != ']'; c++) {
41 if (*c == ':') {
42 if (++colon_cnt > 7) {
43 return -1;
44 }
45 } else if (!light_isxdigit(*c) && '.' != *c) {
46 return -1;
47 }
48 }
49
50 /* missing ] */
51 if (!*c) {
52 return -1;
53 }
54
55 /* check port */
56 if (*(c+1) == ':') {
57 for (c += 2; *c; c++) {
58 if (!light_isdigit(*c)) {
59 return -1;
60 }
61 }
62 }
63 else if ('\0' != *(c+1)) {
64 /* only a port is allowed to follow [...] */
65 return -1;
66 }
67 return 0;
68 }
69
70 hostport_len = host_len = buffer_string_length(host);
71
72 if (NULL != (colon = memchr(host->ptr, ':', host_len))) {
73 char *c = colon + 1;
74
75 /* check portnumber */
76 for (; *c; c++) {
77 if (!light_isdigit(*c)) return -1;
78 }
79
80 /* remove the port from the host-len */
81 host_len = colon - host->ptr;
82 }
83
84 /* Host is empty */
85 if (host_len == 0) return -1;
86
87 /* if the hostname ends in a "." strip it */
88 if (host->ptr[host_len-1] == '.') {
89 /* shift port info one left */
90 if (NULL != colon) memmove(colon-1, colon, hostport_len - host_len);
91 buffer_string_set_length(host, --hostport_len);
92 if (--host_len == 0) return -1;
93 }
94
95
96 /* scan from the right and skip the \0 */
97 for (i = host_len; i-- > 0; ) {
98 const char c = host->ptr[i];
99
100 switch (stage) {
101 case TOPLABEL:
102 if (c == '.') {
103 /* only switch stage, if this is not the last character */
104 if (i != host_len - 1) {
105 if (label_len == 0) {
106 return -1;
107 }
108
109 /* check the first character at right of the dot */
110 if (is_ip == 0) {
111 if (!light_isalnum(host->ptr[i+1])) {
112 return -1;
113 }
114 } else if (!light_isdigit(host->ptr[i+1])) {
115 is_ip = 0;
116 } else if ('-' == host->ptr[i+1]) {
117 return -1;
118 } else {
119 /* just digits */
120 is_ip = 1;
121 }
122
123 stage = DOMAINLABEL;
124
125 label_len = 0;
126 level++;
127 } else if (i == 0) {
128 /* just a dot and nothing else is evil */
129 return -1;
130 }
131 } else if (i == 0) {
132 /* the first character of the hostname */
133 if (!light_isalnum(c)) {
134 return -1;
135 }
136 label_len++;
137 } else {
138 if (c != '-' && !light_isalnum(c)) {
139 return -1;
140 }
141 if (is_ip == -1) {
142 if (!light_isdigit(c)) is_ip = 0;
143 }
144 label_len++;
145 }
146
147 break;
148 case DOMAINLABEL:
149 if (is_ip == 1) {
150 if (c == '.') {
151 if (label_len == 0) {
152 return -1;
153 }
154
155 label_len = 0;
156 level++;
157 } else if (!light_isdigit(c)) {
158 return -1;
159 } else {
160 label_len++;
161 }
162 } else {
163 if (c == '.') {
164 if (label_len == 0) {
165 return -1;
166 }
167
168 /* c is either - or alphanum here */
169 if ('-' == host->ptr[i+1]) {
170 return -1;
171 }
172
173 label_len = 0;
174 level++;
175 } else if (i == 0) {
176 if (!light_isalnum(c)) {
177 return -1;
178 }
179 label_len++;
180 } else {
181 if (c != '-' && !light_isalnum(c)) {
182 return -1;
183 }
184 label_len++;
185 }
186 }
187
188 break;
189 }
190 }
191
192 /* a IP has to consist of 4 parts */
193 if (is_ip == 1 && level != 3) {
194 return -1;
195 }
196
197 if (label_len == 0) {
198 return -1;
199 }
200
201 return 0;
202 }
203
204 int http_request_host_normalize(buffer *b, int scheme_port) {
205 /*
206 * check for and canonicalize numeric IP address and portnum (optional)
207 * (IP address may be followed by ":portnum" (optional))
208 * - IPv6: "[...]"
209 * - IPv4: "x.x.x.x"
210 * - IPv4: 12345678 (32-bit decimal number)
211 * - IPv4: 012345678 (32-bit octal number)
212 * - IPv4: 0x12345678 (32-bit hex number)
213 *
214 * allow any chars (except ':' and '\0' and stray '[' or ']')
215 * (other code may check chars more strictly or more pedantically)
216 * ':' delimits (optional) port at end of string
217 * "[]" wraps IPv6 address literal
218 * '\0' should have been rejected earlier were it present
219 *
220 * any chars includes, but is not limited to:
221 * - allow '-' any where, even at beginning of word
222 * (security caution: might be confused for cmd flag if passed to shell)
223 * - allow all-digit TLDs
224 * (might be mistaken for IPv4 addr by inet_aton()
225 * unless non-digits appear in subdomain)
226 */
227
228 /* Note: not using getaddrinfo() since it does not support "[]" around IPv6
229 * and is not as lenient as inet_aton() and inet_addr() for IPv4 strings.
230 * Not using inet_pton() (when available) on IPv4 for similar reasons. */
231
232 const char * const p = b->ptr;
233 const size_t blen = buffer_string_length(b);
234 long port = 0;
235
236 if (*p != '[') {
237 char * const colon = (char *)memchr(p, ':', blen);
238 if (colon) {
239 if (*p == ':') return -1; /*(empty host then port, or naked IPv6)*/
240 if (colon[1] != '\0') {
241 char *e;
242 port = strtol(colon+1, &e, 0); /*(allow decimal, octal, hex)*/
243 if (0 < port && port <= USHRT_MAX && *e == '\0') {
244 /* valid port */
245 } else {
246 return -1;
247 }
248 } /*(else ignore stray colon at string end)*/
249 buffer_string_set_length(b, (size_t)(colon - p)); /*(remove port str)*/
250 }
251
252 if (light_isdigit(*p)) {
253 /* (IPv4 address literal or domain starting w/ digit (e.g. 3com))*/
254 sock_addr addr;
255 if (1 == sock_addr_inet_pton(&addr, p, AF_INET, 0)) {
256 sock_addr_inet_ntop_copy_buffer(b, &addr);
257 }
258 }
259 } else { /* IPv6 addr */
260 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON)
261
262 sock_addr addr;
263 char *bracket = b->ptr+blen-1;
264 char *percent = strchr(b->ptr+1, '%');
265 size_t len;
266 int rc;
267 char buf[INET6_ADDRSTRLEN+16]; /*(+16 for potential %interface name)*/
268 if (blen <= 2) return -1; /*(invalid "[]")*/
269 if (*bracket != ']') {
270 bracket = (char *)memchr(b->ptr+1, ']', blen-1);
271 if (NULL == bracket || bracket[1] != ':' || bracket - b->ptr == 1){
272 return -1;
273 }
274 if (bracket[2] != '\0') { /*(ignore stray colon at string end)*/
275 char *e;
276 port = strtol(bracket+2, &e, 0); /*(allow decimal, octal, hex)*/
277 if (0 < port && port <= USHRT_MAX && *e == '\0') {
278 /* valid port */
279 } else {
280 return -1;
281 }
282 }
283 }
284
285 *bracket = '\0';/*(terminate IPv6 string)*/
286 if (percent) *percent = '\0'; /*(remove %interface from address)*/
287 rc = sock_addr_inet_pton(&addr, b->ptr+1, AF_INET6, 0);
288 if (percent) *percent = '%'; /*(restore %interface)*/
289 *bracket = ']'; /*(restore bracket)*/
290 if (1 != rc) return -1;
291
292 sock_addr_inet_ntop(&addr, buf, sizeof(buf));
293 len = strlen(buf);
294 if (percent) {
295 if (percent > bracket) return -1;
296 if (len + (size_t)(bracket - percent) >= sizeof(buf)) return -1;
297 memcpy(buf+len, percent, (size_t)(bracket - percent));
298 len += (size_t)(bracket - percent);
299 }
300 buffer_string_set_length(b, 1); /* truncate after '[' */
301 buffer_append_string_len(b, buf, len);
302 buffer_append_string_len(b, CONST_STR_LEN("]"));
303
304 #else
305
306 return -1;
307
308 #endif
309 }
310
311 if (0 != port && port != scheme_port) {
312 buffer_append_string_len(b, CONST_STR_LEN(":"));
313 buffer_append_int(b, (int)port);
314 }
315
316 return 0;
317 }
318
319 static int scheme_port (const buffer *scheme)
320 {
321 return buffer_is_equal_string(scheme, CONST_STR_LEN("https")) ? 443 : 80;
322 }
323
324 int http_request_host_policy (connection *con, buffer *b, const buffer *scheme) {
325 return (((con->conf.http_parseopts & HTTP_PARSEOPT_HOST_STRICT)
326 && 0 != request_check_hostname(b))
327 || ((con->conf.http_parseopts & HTTP_PARSEOPT_HOST_NORMALIZE)
328 && 0 != http_request_host_normalize(b, scheme_port(scheme))));
329 }
330
331 #if 0
332 #define DUMP_HEADER
333 #endif
334
335 static int http_request_split_value(array *vals, buffer *b) {
336 size_t i, len;
337 int state = 0;
338
339 const char *current;
340 const char *token_start = NULL, *token_end = NULL;
341 /*
342 * parse
343 *
344 * val1, val2, val3, val4
345 *
346 * into a array (more or less a explode() incl. striping of whitespaces
347 */
348
349 if (buffer_string_is_empty(b)) return 0;
350
351 current = b->ptr;
352 len = buffer_string_length(b);
353 for (i = 0; i <= len; ++i, ++current) {
354 data_string *ds;
355
356 switch (state) {
357 case 0: /* find start of a token */
358 switch (*current) {
359 case ' ':
360 case '\t': /* skip white space */
361 case ',': /* skip empty token */
362 break;
363 case '\0': /* end of string */
364 return 0;
365 default:
366 /* found real data, switch to state 1 to find the end of the token */
367 token_start = token_end = current;
368 state = 1;
369 break;
370 }
371 break;
372 case 1: /* find end of token and last non white space character */
373 switch (*current) {
374 case ' ':
375 case '\t':
376 /* space - don't update token_end */
377 break;
378 case ',':
379 case '\0': /* end of string also marks the end of a token */
380 if (NULL == (ds = (data_string *)array_get_unused_element(vals, TYPE_STRING))) {
381 ds = data_string_init();
382 }
383
384 buffer_copy_string_len(ds->value, token_start, token_end-token_start+1);
385 array_insert_unique(vals, (data_unset *)ds);
386
387 state = 0;
388 break;
389 default:
390 /* no white space, update token_end to include current character */
391 token_end = current;
392 break;
393 }
394 break;
395 }
396 }
397
398 return 0;
399 }
400
401 static int request_uri_is_valid_char(unsigned char c) {
402 if (c <= 32) return 0;
403 if (c == 127) return 0;
404 if (c == 255) return 0;
405
406 return 1;
407 }
408
409 int http_request_parse(server *srv, connection *con) {
410 char *uri = NULL, *proto = NULL, *method = NULL, con_length_set;
411 int is_key = 1, key_len = 0, is_ws_after_key = 0, in_folding;
412 char *value = NULL, *key = NULL;
413 char *reqline_host = NULL;
414 int reqline_hostlen = 0;
415
416 enum { HTTP_CONNECTION_UNSET, HTTP_CONNECTION_KEEPALIVE, HTTP_CONNECTION_CLOSE } keep_alive_set = HTTP_CONNECTION_UNSET;
417
418 int line = 0;
419
420 int request_line_stage = 0;
421 size_t i, first, ilen;
422
423 int done = 0;
424 const unsigned int http_header_strict = (con->conf.http_parseopts & HTTP_PARSEOPT_HEADER_STRICT);
425
426 /*
427 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
428 * Option : "^([-a-zA-Z]+): (.+)$"
429 * End : "^$"
430 */
431
432 if (con->conf.log_request_header) {
433 log_error_write(srv, __FILE__, __LINE__, "sdsdSb",
434 "fd:", con->fd,
435 "request-len:", buffer_string_length(con->request.request),
436 "\n", con->request.request);
437 }
438
439 if (con->request_count > 1 &&
440 con->request.request->ptr[0] == '\r' &&
441 con->request.request->ptr[1] == '\n') {
442 /* we are in keep-alive and might get \r\n after a previous POST request.*/
443
444 #ifdef __COVERITY__
445 if (buffer_string_length(con->request.request) < 2) {
446 con->keep_alive = 0;
447 con->http_status = 400;
448 return 0;
449 }
450 #endif
451 /* coverity[overflow_sink : FALSE] */
452 buffer_copy_string_len(con->parse_request, con->request.request->ptr + 2, buffer_string_length(con->request.request) - 2);
453 } else {
454 /* fill the local request buffer */
455 buffer_copy_buffer(con->parse_request, con->request.request);
456 }
457
458 keep_alive_set = 0;
459 con_length_set = 0;
460
461 /* parse the first line of the request
462 *
463 * should be:
464 *
465 * <method> <uri> <protocol>\r\n
466 * */
467 ilen = buffer_string_length(con->parse_request);
468 for (i = 0, first = 0; i < ilen && line == 0; i++) {
469 switch(con->parse_request->ptr[i]) {
470 case '\r':
471 if (con->parse_request->ptr[i+1] == '\n') {
472 http_method_t r;
473 char *nuri = NULL;
474 size_t j, jlen;
475
476 /* \r\n -> \0\0 */
477 con->parse_request->ptr[i] = '\0';
478 con->parse_request->ptr[i+1] = '\0';
479
480 buffer_copy_string_len(con->request.request_line, con->parse_request->ptr, i);
481
482 if (request_line_stage != 2) {
483 con->http_status = 400;
484 con->response.keep_alive = 0;
485 con->keep_alive = 0;
486
487 if (srv->srvconf.log_request_header_on_error) {
488 log_error_write(srv, __FILE__, __LINE__, "s", "incomplete request line -> 400");
489 log_error_write(srv, __FILE__, __LINE__, "Sb",
490 "request-header:\n",
491 con->request.request);
492 }
493 return 0;
494 }
495
496 proto = con->parse_request->ptr + first;
497
498 *(uri - 1) = '\0';
499 *(proto - 1) = '\0';
500
501 /* we got the first one :) */
502 if (HTTP_METHOD_UNSET == (r = get_http_method_key(method))) {
503 con->http_status = 501;
504 con->response.keep_alive = 0;
505 con->keep_alive = 0;
506
507 if (srv->srvconf.log_request_header_on_error) {
508 log_error_write(srv, __FILE__, __LINE__, "s", "unknown http-method -> 501");
509 log_error_write(srv, __FILE__, __LINE__, "Sb",
510 "request-header:\n",
511 con->request.request);
512 }
513
514 return 0;
515 }
516
517 con->request.http_method = r;
518
519 /*
520 * RFC2616 says:
521 *
522 * HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
523 *
524 * */
525 if (0 == strncmp(proto, "HTTP/", sizeof("HTTP/") - 1)) {
526 char * major = proto + sizeof("HTTP/") - 1;
527 char * minor = strchr(major, '.');
528 char *err = NULL;
529 int major_num = 0, minor_num = 0;
530
531 int invalid_version = 0;
532
533 if (NULL == minor || /* no dot */
534 minor == major || /* no major */
535 *(minor + 1) == '\0' /* no minor */) {
536 invalid_version = 1;
537 } else {
538 *minor = '\0';
539 major_num = strtol(major, &err, 10);
540
541 if (*err != '\0') invalid_version = 1;
542
543 *minor++ = '.';
544 minor_num = strtol(minor, &err, 10);
545
546 if (*err != '\0') invalid_version = 1;
547 }
548
549 if (invalid_version) {
550 con->http_status = 400;
551 con->keep_alive = 0;
552
553 if (srv->srvconf.log_request_header_on_error) {
554 log_error_write(srv, __FILE__, __LINE__, "s", "unknown protocol -> 400");
555 log_error_write(srv, __FILE__, __LINE__, "Sb",
556 "request-header:\n",
557 con->request.request);
558 }
559 return 0;
560 }
561
562 if (major_num == 1 && minor_num == 1) {
563 con->request.http_version = con->conf.allow_http11 ? HTTP_VERSION_1_1 : HTTP_VERSION_1_0;
564 } else if (major_num == 1 && minor_num == 0) {
565 con->request.http_version = HTTP_VERSION_1_0;
566 } else {
567 con->http_status = 505;
568
569 if (srv->srvconf.log_request_header_on_error) {
570 log_error_write(srv, __FILE__, __LINE__, "s", "unknown HTTP version -> 505");
571 log_error_write(srv, __FILE__, __LINE__, "Sb",
572 "request-header:\n",
573 con->request.request);
574 }
575 return 0;
576 }
577 } else {
578 con->http_status = 400;
579 con->keep_alive = 0;
580
581 if (srv->srvconf.log_request_header_on_error) {
582 log_error_write(srv, __FILE__, __LINE__, "s", "unknown protocol -> 400");
583 log_error_write(srv, __FILE__, __LINE__, "Sb",
584 "request-header:\n",
585 con->request.request);
586 }
587 return 0;
588 }
589
590 if (*uri == '/') {
591 /* (common case) */
592 buffer_copy_string_len(con->request.uri, uri, proto - uri - 1);
593 } else if (0 == strncasecmp(uri, "http://", 7) &&
594 NULL != (nuri = strchr(uri + 7, '/'))) {
595 reqline_host = uri + 7;
596 reqline_hostlen = nuri - reqline_host;
597
598 buffer_copy_string_len(con->request.uri, nuri, proto - nuri - 1);
599 } else if (0 == strncasecmp(uri, "https://", 8) &&
600 NULL != (nuri = strchr(uri + 8, '/'))) {
601 reqline_host = uri + 8;
602 reqline_hostlen = nuri - reqline_host;
603
604 buffer_copy_string_len(con->request.uri, nuri, proto - nuri - 1);
605 } else {
606 /* everything looks good so far */
607 buffer_copy_string_len(con->request.uri, uri, proto - uri - 1);
608 }
609
610 /* check uri for invalid characters */
611 jlen = buffer_string_length(con->request.uri);
612 if (http_header_strict) {
613 for (j = 0; j < jlen && request_uri_is_valid_char(con->request.uri->ptr[j]); j++) ;
614 } else {
615 char *z = memchr(con->request.uri->ptr, '\0', jlen);
616 j = (NULL == z) ? jlen : (size_t)(z - con->request.uri->ptr);
617 }
618 if (j < jlen) {
619 con->http_status = 400;
620 con->keep_alive = 0;
621
622 if (srv->srvconf.log_request_header_on_error) {
623 unsigned char buf[2];
624 buf[0] = con->request.uri->ptr[j];
625 buf[1] = '\0';
626
627 if (con->request.uri->ptr[j] > 32 &&
628 con->request.uri->ptr[j] != 127) {
629 /* the character is printable -> print it */
630 log_error_write(srv, __FILE__, __LINE__, "ss",
631 "invalid character in URI -> 400",
632 buf);
633 } else {
634 /* a control-character, print ascii-code */
635 log_error_write(srv, __FILE__, __LINE__, "sd",
636 "invalid character in URI -> 400",
637 con->request.uri->ptr[j]);
638 }
639
640 log_error_write(srv, __FILE__, __LINE__, "Sb",
641 "request-header:\n",
642 con->request.request);
643 }
644
645 return 0;
646 }
647
648 buffer_copy_buffer(con->request.orig_uri, con->request.uri);
649
650 con->http_status = 0;
651
652 i++;
653 line++;
654 first = i+1;
655 }
656 break;
657 case ' ':
658 switch(request_line_stage) {
659 case 0:
660 /* GET|POST|... */
661 method = con->parse_request->ptr + first;
662 first = i + 1;
663 break;
664 case 1:
665 /* /foobar/... */
666 uri = con->parse_request->ptr + first;
667 first = i + 1;
668 break;
669 default:
670 /* ERROR, one space to much */
671 con->http_status = 400;
672 con->response.keep_alive = 0;
673 con->keep_alive = 0;
674
675 if (srv->srvconf.log_request_header_on_error) {
676 log_error_write(srv, __FILE__, __LINE__, "s", "overlong request line -> 400");
677 log_error_write(srv, __FILE__, __LINE__, "Sb",
678 "request-header:\n",
679 con->request.request);
680 }
681 return 0;
682 }
683
684 request_line_stage++;
685 break;
686 }
687 }
688
689 in_folding = 0;
690
691 if (buffer_string_is_empty(con->request.uri)) {
692 con->http_status = 400;
693 con->response.keep_alive = 0;
694 con->keep_alive = 0;
695
696 if (srv->srvconf.log_request_header_on_error) {
697 log_error_write(srv, __FILE__, __LINE__, "s", "no uri specified -> 400");
698 log_error_write(srv, __FILE__, __LINE__, "Sb",
699 "request-header:\n",
700 con->request.request);
701 }
702 return 0;
703 }
704
705 if (reqline_host) {
706 /* Insert as host header */
707 data_string *ds;
708
709 if (NULL == (ds = (data_string *)array_get_unused_element(con->request.headers, TYPE_STRING))) {
710 ds = data_string_init();
711 }
712
713 buffer_copy_string_len(ds->key, CONST_STR_LEN("Host"));
714 buffer_copy_string_len(ds->value, reqline_host, reqline_hostlen);
715 array_insert_unique(con->request.headers, (data_unset *)ds);
716 con->request.http_host = ds->value;
717 }
718
719 for (; i <= ilen && !done; i++) {
720 char *cur = con->parse_request->ptr + i;
721
722 if (is_key) {
723 size_t j;
724 int got_colon = 0;
725
726 /**
727 * 1*<any CHAR except CTLs or separators>
728 * CTLs == 0-31 + 127, CHAR = 7-bit ascii (0..127)
729 *
730 */
731 switch(*cur) {
732 case ':':
733 is_key = 0;
734
735 value = cur + 1;
736
737 if (is_ws_after_key == 0) {
738 key_len = i - first;
739 }
740 is_ws_after_key = 0;
741
742 break;
743 case '(':
744 case ')':
745 case '<':
746 case '>':
747 case '@':
748 case ',':
749 case ';':
750 case '\\':
751 case '\"':
752 case '/':
753 case '[':
754 case ']':
755 case '?':
756 case '=':
757 case '{':
758 case '}':
759 con->http_status = 400;
760 con->keep_alive = 0;
761 con->response.keep_alive = 0;
762
763 if (srv->srvconf.log_request_header_on_error) {
764 log_error_write(srv, __FILE__, __LINE__, "sbsds",
765 "invalid character in key", con->request.request, cur, *cur, "-> 400");
766
767 log_error_write(srv, __FILE__, __LINE__, "Sb",
768 "request-header:\n",
769 con->request.request);
770 }
771 return 0;
772 case ' ':
773 case '\t':
774 if (i == first) {
775 is_key = 0;
776 in_folding = 1;
777 value = cur;
778
779 break;
780 }
781
782
783 key_len = i - first;
784
785 /* skip every thing up to the : */
786 for (j = 1; !got_colon; j++) {
787 switch(con->parse_request->ptr[j + i]) {
788 case ' ':
789 case '\t':
790 /* skip WS */
791 continue;
792 case ':':
793 /* ok, done; handle the colon the usual way */
794
795 i += j - 1;
796 got_colon = 1;
797 is_ws_after_key = 1; /* we already know the key length */
798
799 break;
800 default:
801 /* error */
802
803 if (srv->srvconf.log_request_header_on_error) {
804 log_error_write(srv, __FILE__, __LINE__, "s", "WS character in key -> 400");
805 log_error_write(srv, __FILE__, __LINE__, "Sb",
806 "request-header:\n",
807 con->request.request);
808 }
809
810 con->http_status = 400;
811 con->response.keep_alive = 0;
812 con->keep_alive = 0;
813
814 return 0;
815 }
816 }
817
818 break;
819 case '\r':
820 if (con->parse_request->ptr[i+1] == '\n' && i == first) {
821 /* End of Header */
822 con->parse_request->ptr[i] = '\0';
823 con->parse_request->ptr[i+1] = '\0';
824
825 i++;
826
827 done = 1;
828 } else {
829 if (srv->srvconf.log_request_header_on_error) {
830 log_error_write(srv, __FILE__, __LINE__, "s", "CR without LF -> 400");
831 log_error_write(srv, __FILE__, __LINE__, "Sb",
832 "request-header:\n",
833 con->request.request);
834 }
835
836 con->http_status = 400;
837 con->keep_alive = 0;
838 con->response.keep_alive = 0;
839 return 0;
840 }
841 break;
842 default:
843 if (http_header_strict ? (*cur < 32 || ((unsigned char)*cur) >= 127) : *cur == '\0') {
844 con->http_status = 400;
845 con->keep_alive = 0;
846 con->response.keep_alive = 0;
847
848 if (srv->srvconf.log_request_header_on_error) {
849 log_error_write(srv, __FILE__, __LINE__, "sbsds",
850 "invalid character in key", con->request.request, cur, *cur, "-> 400");
851
852 log_error_write(srv, __FILE__, __LINE__, "Sb",
853 "request-header:\n",
854 con->request.request);
855 }
856
857 return 0;
858 }
859 /* ok */
860 break;
861 }
862 } else {
863 switch(*cur) {
864 case '\r':
865 if (con->parse_request->ptr[i+1] == '\n') {
866 data_string *ds = NULL;
867
868 /* End of Headerline */
869 con->parse_request->ptr[i] = '\0';
870 con->parse_request->ptr[i+1] = '\0';
871
872 if (in_folding) {
873 /**
874 * we use a evil hack to handle the line-folding
875 *
876 * As array_insert_unique() deletes 'ds' in the case of a duplicate
877 * ds points somewhere and we get a evil crash. As a solution we keep the old
878 * "key" and get the current value from the hash and append us
879 *
880 * */
881
882 if (!key || !key_len) {
883 /* 400 */
884
885 if (srv->srvconf.log_request_header_on_error) {
886 log_error_write(srv, __FILE__, __LINE__, "s", "WS at the start of first line -> 400");
887
888 log_error_write(srv, __FILE__, __LINE__, "Sb",
889 "request-header:\n",
890 con->request.request);
891 }
892
893
894 con->http_status = 400;
895 con->keep_alive = 0;
896 con->response.keep_alive = 0;
897 return 0;
898 }
899
900 if (NULL != (ds = (data_string *)array_get_element_klen(con->request.headers, key, key_len))) {
901 buffer_append_string(ds->value, value);
902 }
903 } else {
904 int s_len;
905 key = con->parse_request->ptr + first;
906
907 s_len = cur - value;
908
909 /* strip trailing white-spaces */
910 for (; s_len > 0 &&
911 (value[s_len - 1] == ' ' ||
912 value[s_len - 1] == '\t'); s_len--);
913
914 value[s_len] = '\0';
915
916 if (s_len > 0) {
917 int cmp = 0;
918 if (NULL == (ds = (data_string *)array_get_unused_element(con->request.headers, TYPE_STRING))) {
919 ds = data_string_init();
920 }
921 buffer_copy_string_len(ds->key, key, key_len);
922 buffer_copy_string_len(ds->value, value, s_len);
923
924 /* retreive values
925 *
926 *
927 * the list of options is sorted to simplify the search
928 */
929
930 if (0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Connection")))) {
931 array *vals;
932 size_t vi;
933
934 /* split on , */
935
936 vals = srv->split_vals;
937
938 array_reset(vals);
939
940 http_request_split_value(vals, ds->value);
941
942 for (vi = 0; vi < vals->used; vi++) {
943 data_string *dsv = (data_string *)vals->data[vi];
944
945 if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv->value), CONST_STR_LEN("keep-alive"))) {
946 keep_alive_set = HTTP_CONNECTION_KEEPALIVE;
947
948 break;
949 } else if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv->value), CONST_STR_LEN("close"))) {
950 keep_alive_set = HTTP_CONNECTION_CLOSE;
951
952 break;
953 }
954 }
955
956 } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Content-Length")))) {
957 char *err;
958 off_t r;
959
960 if (con_length_set) {
961 con->http_status = 400;
962 con->keep_alive = 0;
963
964 if (srv->srvconf.log_request_header_on_error) {
965 log_error_write(srv, __FILE__, __LINE__, "s",
966 "duplicate Content-Length-header -> 400");
967 log_error_write(srv, __FILE__, __LINE__, "Sb",
968 "request-header:\n",
969 con->request.request);
970 }
971 array_insert_unique(con->request.headers, (data_unset *)ds);
972 return 0;
973 }
974
975 r = strtoll(ds->value->ptr, &err, 10);
976
977 if (*err == '\0' && r >= 0) {
978 con_length_set = 1;
979 con->request.content_length = r;
980 } else {
981 log_error_write(srv, __FILE__, __LINE__, "sbs",
982 "content-length broken:", ds->value, "-> 400");
983
984 con->http_status = 400;
985 con->keep_alive = 0;
986
987 array_insert_unique(con->request.headers, (data_unset *)ds);
988 return 0;
989 }
990 } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Content-Type")))) {
991 /* if dup, only the first one will survive */
992 if (!con->request.http_content_type) {
993 con->request.http_content_type = ds->value->ptr;
994 } else {
995 con->http_status = 400;
996 con->keep_alive = 0;
997
998 if (srv->srvconf.log_request_header_on_error) {
999 log_error_write(srv, __FILE__, __LINE__, "s",
1000 "duplicate Content-Type-header -> 400");
1001 log_error_write(srv, __FILE__, __LINE__, "Sb",
1002 "request-header:\n",
1003 con->request.request);
1004 }
1005 array_insert_unique(con->request.headers, (data_unset *)ds);
1006 return 0;
1007 }
1008 } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Host")))) {
1009 if (reqline_host) {
1010 /* ignore all host: headers as we got the host in the request line */
1011 ds->free((data_unset*) ds);
1012 ds = NULL;
1013 } else if (!con->request.http_host) {
1014 con->request.http_host = ds->value;
1015 } else {
1016 con->http_status = 400;
1017 con->keep_alive = 0;
1018
1019 if (srv->srvconf.log_request_header_on_error) {
1020 log_error_write(srv, __FILE__, __LINE__, "s",
1021 "duplicate Host-header -> 400");
1022 log_error_write(srv, __FILE__, __LINE__, "Sb",
1023 "request-header:\n",
1024 con->request.request);
1025 }
1026 array_insert_unique(con->request.headers, (data_unset *)ds);
1027 return 0;
1028 }
1029 } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("If-Modified-Since")))) {
1030 /* Proxies sometimes send dup headers
1031 * if they are the same we ignore the second
1032 * if not, we raise an error */
1033 if (!con->request.http_if_modified_since) {
1034 con->request.http_if_modified_since = ds->value->ptr;
1035 } else if (0 == strcasecmp(con->request.http_if_modified_since,
1036 ds->value->ptr)) {
1037 /* ignore it if they are the same */
1038
1039 ds->free((data_unset *)ds);
1040 ds = NULL;
1041 } else {
1042 con->http_status = 400;
1043 con->keep_alive = 0;
1044
1045 if (srv->srvconf.log_request_header_on_error) {
1046 log_error_write(srv, __FILE__, __LINE__, "s",
1047 "duplicate If-Modified-Since header -> 400");
1048 log_error_write(srv, __FILE__, __LINE__, "Sb",
1049 "request-header:\n",
1050 con->request.request);
1051 }
1052 array_insert_unique(con->request.headers, (data_unset *)ds);
1053 return 0;
1054 }
1055 } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("If-None-Match")))) {
1056 /* if dup, only the first one will survive */
1057 if (!con->request.http_if_none_match) {
1058 con->request.http_if_none_match = ds->value->ptr;
1059 } else {
1060 ds->free((data_unset*) ds);
1061 ds = NULL;
1062 }
1063 } else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Range")))) {
1064 if (!con->request.http_range) {
1065 /* bytes=.*-.* */
1066
1067 if (0 == strncasecmp(ds->value->ptr, "bytes=", 6) &&
1068 NULL != strchr(ds->value->ptr+6, '-')) {
1069
1070 /* if dup, only the first one will survive */
1071 con->request.http_range = ds->value->ptr + 6;
1072 }
1073 } else {
1074 con->http_status = 400;
1075 con->keep_alive = 0;
1076
1077 if (srv->srvconf.log_request_header_on_error) {
1078 log_error_write(srv, __FILE__, __LINE__, "s",
1079 "duplicate Range-header -> 400");
1080 log_error_write(srv, __FILE__, __LINE__, "Sb",
1081 "request-header:\n",
1082 con->request.request);
1083 }
1084 array_insert_unique(con->request.headers, (data_unset *)ds);
1085 return 0;
1086 }
1087 }
1088
1089 if (ds) array_insert_unique(con->request.headers, (data_unset *)ds);
1090 } else {
1091 /* empty header-fields are not allowed by HTTP-RFC, we just ignore them */
1092 }
1093 }
1094
1095 i++;
1096 first = i+1;
1097 is_key = 1;
1098 value = NULL;
1099 #if 0
1100 /**
1101 * for Bug 1230 keep the key_len a live
1102 */
1103 key_len = 0;
1104 #endif
1105 in_folding = 0;
1106 } else {
1107 if (srv->srvconf.log_request_header_on_error) {
1108 log_error_write(srv, __FILE__, __LINE__, "sbs",
1109 "CR without LF", con->request.request, "-> 400");
1110 }
1111
1112 con->http_status = 400;
1113 con->keep_alive = 0;
1114 con->response.keep_alive = 0;
1115 return 0;
1116 }
1117 break;
1118 case ' ':
1119 case '\t':
1120 /* strip leading WS */
1121 if (value == cur) value = cur+1;
1122 break;
1123 default:
1124 if (http_header_strict ? (*cur >= 0 && *cur < 32) : *cur == '\0') {
1125 if (srv->srvconf.log_request_header_on_error) {
1126 log_error_write(srv, __FILE__, __LINE__, "sds",
1127 "invalid char in header", (int)*cur, "-> 400");
1128 }
1129
1130 con->http_status = 400;
1131 con->keep_alive = 0;
1132
1133 return 0;
1134 }
1135 break;
1136 }
1137 }
1138 }
1139
1140 con->header_len = i;
1141
1142 /* do some post-processing */
1143
1144 if (con->request.http_version == HTTP_VERSION_1_1) {
1145 if (keep_alive_set != HTTP_CONNECTION_CLOSE) {
1146 /* no Connection-Header sent */
1147
1148 /* HTTP/1.1 -> keep-alive default TRUE */
1149 con->keep_alive = 1;
1150 } else {
1151 con->keep_alive = 0;
1152 }
1153
1154 /* RFC 2616, 14.23 */
1155 if (con->request.http_host == NULL ||
1156 buffer_string_is_empty(con->request.http_host)) {
1157 con->http_status = 400;
1158 con->response.keep_alive = 0;
1159 con->keep_alive = 0;
1160
1161 if (srv->srvconf.log_request_header_on_error) {
1162 log_error_write(srv, __FILE__, __LINE__, "s", "HTTP/1.1 but Host missing -> 400");
1163 log_error_write(srv, __FILE__, __LINE__, "Sb",
1164 "request-header:\n",
1165 con->request.request);
1166 }
1167 return 0;
1168 }
1169 } else {
1170 if (keep_alive_set == HTTP_CONNECTION_KEEPALIVE) {
1171 /* no Connection-Header sent */
1172
1173 /* HTTP/1.0 -> keep-alive default FALSE */
1174 con->keep_alive = 1;
1175 } else {
1176 con->keep_alive = 0;
1177 }
1178 }
1179
1180 /* check hostname field if it is set */
1181 if (!buffer_is_empty(con->request.http_host) &&
1182 0 != http_request_host_policy(con, con->request.http_host, con->proto)) {
1183
1184 if (srv->srvconf.log_request_header_on_error) {
1185 log_error_write(srv, __FILE__, __LINE__, "s",
1186 "Invalid Hostname -> 400");
1187 log_error_write(srv, __FILE__, __LINE__, "Sb",
1188 "request-header:\n",
1189 con->request.request);
1190 }
1191
1192 con->http_status = 400;
1193 con->response.keep_alive = 0;
1194 con->keep_alive = 0;
1195
1196 return 0;
1197 }
1198
1199 {
1200 data_string *ds = (data_string *)array_get_element(con->request.headers, "Transfer-Encoding");
1201 if (NULL != ds) {
1202 if (con->request.http_version == HTTP_VERSION_1_0) {
1203 log_error_write(srv, __FILE__, __LINE__, "s",
1204 "HTTP/1.0 with Transfer-Encoding (bad HTTP/1.0 proxy?) -> 400");
1205 con->keep_alive = 0;
1206 con->http_status = 400; /* Bad Request */
1207 return 0;
1208 }
1209
1210 if (0 != strcasecmp(ds->value->ptr, "chunked")) {
1211 /* Transfer-Encoding might contain additional encodings,
1212 * which are not currently supported by lighttpd */
1213 con->keep_alive = 0;
1214 con->http_status = 501; /* Not Implemented */
1215 return 0;
1216 }
1217
1218 /* reset value for Transfer-Encoding, a hop-by-hop header,
1219 * which must not be blindly forwarded to backends */
1220 buffer_reset(ds->value); /* headers with empty values are ignored */
1221
1222 con_length_set = 1;
1223 con->request.content_length = -1;
1224
1225 /*(note: ignore whether or not Content-Length was provided)*/
1226 ds = (data_string *)array_get_element(con->request.headers, "Content-Length");
1227 if (NULL != ds) buffer_reset(ds->value); /* headers with empty values are ignored */
1228 }
1229 }
1230
1231 switch(con->request.http_method) {
1232 case HTTP_METHOD_GET:
1233 case HTTP_METHOD_HEAD:
1234 /* content-length is forbidden for those */
1235 if (con_length_set && con->request.content_length != 0) {
1236 /* content-length is missing */
1237 log_error_write(srv, __FILE__, __LINE__, "s",
1238 "GET/HEAD with content-length -> 400");
1239
1240 con->keep_alive = 0;
1241 con->http_status = 400;
1242 return 0;
1243 }
1244 break;
1245 case HTTP_METHOD_POST:
1246 /* content-length is required for them */
1247 if (!con_length_set) {
1248 /* content-length is missing */
1249 log_error_write(srv, __FILE__, __LINE__, "s",
1250 "POST-request, but content-length missing -> 411");
1251
1252 con->keep_alive = 0;
1253 con->http_status = 411;
1254 return 0;
1255
1256 }
1257 break;
1258 default:
1259 break;
1260 }
1261
1262
1263 /* check if we have read post data */
1264 if (con_length_set) {
1265 /* we have content */
1266 if (con->request.content_length != 0) {
1267 return 1;
1268 }
1269 }
1270
1271 return 0;
1272 }
1273
1274 int http_request_header_finished(server *srv, connection *con) {
1275 UNUSED(srv);
1276
1277 if (buffer_string_length(con->request.request) < 4) return 0;
1278
1279 if (0 == memcmp(con->request.request->ptr + buffer_string_length(con->request.request) - 4, CONST_STR_LEN("\r\n\r\n"))) return 1;
1280 if (NULL != strstr(con->request.request->ptr, "\r\n\r\n")) return 1;
1281
1282 return 0;
1283 }
A fast webserver with minimal memory-footprint (lighttpd)