15 static int request_check_hostname(buffer
*host
) {
16 enum { DOMAINLABEL
, TOPLABEL
} stage
= TOPLABEL
;
19 size_t host_len
, hostport_len
;
21 int is_ip
= -1; /* -1 don't know yet, 0 no, 1 yes */
25 * hostport = host [ ":" port ]
26 * host = hostname | IPv4address | IPv6address
27 * hostname = *( domainlabel "." ) toplabel [ "." ]
28 * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
29 * toplabel = alpha | alpha *( alphanum | "-" ) alphanum
30 * IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit
31 * IPv6address = "[" ... "]"
36 if (host
->ptr
[0] == '[') {
37 char *c
= host
->ptr
+ 1;
40 /* check the address inside [...] */
41 for (; *c
&& *c
!= ']'; c
++) {
43 if (++colon_cnt
> 7) {
46 } else if (!light_isxdigit(*c
) && '.' != *c
) {
58 for (c
+= 2; *c
; c
++) {
59 if (!light_isdigit(*c
)) {
64 else if ('\0' != *(c
+1)) {
65 /* only a port is allowed to follow [...] */
71 hostport_len
= host_len
= buffer_string_length(host
);
73 if (NULL
!= (colon
= memchr(host
->ptr
, ':', host_len
))) {
76 /* check portnumber */
78 if (!light_isdigit(*c
)) return -1;
81 /* remove the port from the host-len */
82 host_len
= colon
- host
->ptr
;
86 if (host_len
== 0) return -1;
88 /* if the hostname ends in a "." strip it */
89 if (host
->ptr
[host_len
-1] == '.') {
90 /* shift port info one left */
91 if (NULL
!= colon
) memmove(colon
-1, colon
, hostport_len
- host_len
);
92 buffer_string_set_length(host
, --hostport_len
);
93 if (--host_len
== 0) return -1;
97 /* scan from the right and skip the \0 */
98 for (i
= host_len
; i
-- > 0; ) {
99 const char c
= host
->ptr
[i
];
104 /* only switch stage, if this is not the last character */
105 if (i
!= host_len
- 1) {
106 if (label_len
== 0) {
110 /* check the first character at right of the dot */
112 if (!light_isalnum(host
->ptr
[i
+1])) {
115 } else if (!light_isdigit(host
->ptr
[i
+1])) {
117 } else if ('-' == host
->ptr
[i
+1]) {
129 /* just a dot and nothing else is evil */
133 /* the first character of the hostname */
134 if (!light_isalnum(c
)) {
139 if (c
!= '-' && !light_isalnum(c
)) {
143 if (!light_isdigit(c
)) is_ip
= 0;
152 if (label_len
== 0) {
158 } else if (!light_isdigit(c
)) {
165 if (label_len
== 0) {
169 /* c is either - or alphanum here */
170 if ('-' == host
->ptr
[i
+1]) {
177 if (!light_isalnum(c
)) {
182 if (c
!= '-' && !light_isalnum(c
)) {
193 /* a IP has to consist of 4 parts */
194 if (is_ip
== 1 && level
!= 3) {
198 if (label_len
== 0) {
205 int http_request_host_normalize(buffer
*b
) {
207 * check for and canonicalize numeric IP address and portnum (optional)
208 * (IP address may be followed by ":portnum" (optional))
211 * - IPv4: 12345678 (32-bit decimal number)
212 * - IPv4: 012345678 (32-bit octal number)
213 * - IPv4: 0x12345678 (32-bit hex number)
215 * allow any chars (except ':' and '\0' and stray '[' or ']')
216 * (other code may check chars more strictly or more pedantically)
217 * ':' delimits (optional) port at end of string
218 * "[]" wraps IPv6 address literal
219 * '\0' should have been rejected earlier were it present
221 * any chars includes, but is not limited to:
222 * - allow '-' any where, even at beginning of word
223 * (security caution: might be confused for cmd flag if passed to shell)
224 * - allow all-digit TLDs
225 * (might be mistaken for IPv4 addr by inet_aton()
226 * unless non-digits appear in subdomain)
229 /* Note: not using getaddrinfo() since it does not support "[]" around IPv6
230 * and is not as lenient as inet_aton() and inet_addr() for IPv4 strings.
231 * Not using inet_pton() (when available) on IPv4 for similar reasons. */
233 const char * const p
= b
->ptr
;
234 const size_t blen
= buffer_string_length(b
);
238 char * const colon
= (char *)memchr(p
, ':', blen
);
240 if (*p
== ':') return -1; /*(empty host then port, or naked IPv6)*/
241 if (colon
[1] != '\0') {
243 port
= strtol(colon
+1, &e
, 0); /*(allow decimal, octal, hex)*/
244 if (0 < port
&& port
<= USHRT_MAX
&& *e
== '\0') {
249 } /*(else ignore stray colon at string end)*/
250 buffer_string_set_length(b
, (size_t)(colon
- p
)); /*(remove port str)*/
253 if (light_isdigit(*p
)) {
254 /* (IPv4 address literal or domain starting w/ digit (e.g. 3com))*/
256 #if defined(HAVE_INET_ATON) /*(Windows does not provide inet_aton())*/
257 if (0 != inet_aton(p
, &addr
))
259 if ((addr
.s_addr
= inet_addr(p
)) != INADDR_NONE
)
262 #if defined(HAVE_INET_PTON)/*(expect inet_ntop() if inet_pton())*/
263 #ifndef INET_ADDRSTRLEN
264 #define INET_ADDRSTRLEN 16
266 char buf
[INET_ADDRSTRLEN
];
267 inet_ntop(AF_INET
, (const void *)&addr
, buf
, sizeof(buf
));
268 buffer_copy_string(b
, buf
);
270 buffer_copy_string(b
, inet_ntoa(addr
)); /*(not thread-safe)*/
274 } else { /* IPv6 addr */
275 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON)
277 struct in6_addr addr
;
278 char *bracket
= b
->ptr
+blen
-1;
279 char *percent
= strchr(b
->ptr
+1, '%');
282 char buf
[INET6_ADDRSTRLEN
+16]; /*(+16 for potential %interface name)*/
283 if (blen
<= 2) return -1; /*(invalid "[]")*/
284 if (*bracket
!= ']') {
285 bracket
= (char *)memchr(b
->ptr
+1, ']', blen
-1);
286 if (NULL
== bracket
|| bracket
[1] != ':' || bracket
- b
->ptr
== 1){
289 if (bracket
[2] != '\0') { /*(ignore stray colon at string end)*/
291 port
= strtol(bracket
+2, &e
, 0); /*(allow decimal, octal, hex)*/
292 if (0 < port
&& port
<= USHRT_MAX
&& *e
== '\0') {
300 *bracket
= '\0';/*(terminate IPv6 string)*/
301 if (percent
) *percent
= '\0'; /*(remove %interface from address)*/
302 rc
= inet_pton(AF_INET6
, b
->ptr
+1, &addr
);
303 if (percent
) *percent
= '%'; /*(restore %interface)*/
304 *bracket
= ']'; /*(restore bracket)*/
305 if (1 != rc
) return -1;
307 inet_ntop(AF_INET6
,(const void *)&addr
, buf
, sizeof(buf
));
310 if (percent
> bracket
) return -1;
311 if (len
+ (size_t)(bracket
- percent
) >= sizeof(buf
)) return -1;
312 memcpy(buf
+len
, percent
, (size_t)(bracket
- percent
));
313 len
+= (size_t)(bracket
- percent
);
315 buffer_string_set_length(b
, 1); /* truncate after '[' */
316 buffer_append_string_len(b
, buf
, len
);
317 buffer_append_string_len(b
, CONST_STR_LEN("]"));
327 buffer_append_string_len(b
, CONST_STR_LEN(":"));
328 buffer_append_int(b
, (int)port
);
338 static int http_request_split_value(array
*vals
, buffer
*b
) {
343 const char *token_start
= NULL
, *token_end
= NULL
;
347 * val1, val2, val3, val4
349 * into a array (more or less a explode() incl. striping of whitespaces
352 if (buffer_string_is_empty(b
)) return 0;
355 len
= buffer_string_length(b
);
356 for (i
= 0; i
<= len
; ++i
, ++current
) {
360 case 0: /* find start of a token */
363 case '\t': /* skip white space */
364 case ',': /* skip empty token */
366 case '\0': /* end of string */
369 /* found real data, switch to state 1 to find the end of the token */
370 token_start
= token_end
= current
;
375 case 1: /* find end of token and last non white space character */
379 /* space - don't update token_end */
382 case '\0': /* end of string also marks the end of a token */
383 if (NULL
== (ds
= (data_string
*)array_get_unused_element(vals
, TYPE_STRING
))) {
384 ds
= data_string_init();
387 buffer_copy_string_len(ds
->value
, token_start
, token_end
-token_start
+1);
388 array_insert_unique(vals
, (data_unset
*)ds
);
393 /* no white space, update token_end to include current character */
404 static int request_uri_is_valid_char(unsigned char c
) {
405 if (c
<= 32) return 0;
406 if (c
== 127) return 0;
407 if (c
== 255) return 0;
412 int http_request_parse(server
*srv
, connection
*con
) {
413 char *uri
= NULL
, *proto
= NULL
, *method
= NULL
, con_length_set
;
414 int is_key
= 1, key_len
= 0, is_ws_after_key
= 0, in_folding
;
415 char *value
= NULL
, *key
= NULL
;
416 char *reqline_host
= NULL
;
417 int reqline_hostlen
= 0;
419 enum { HTTP_CONNECTION_UNSET
, HTTP_CONNECTION_KEEPALIVE
, HTTP_CONNECTION_CLOSE
} keep_alive_set
= HTTP_CONNECTION_UNSET
;
423 int request_line_stage
= 0;
424 size_t i
, first
, ilen
;
427 const unsigned int http_header_strict
= (con
->conf
.http_parseopts
& HTTP_PARSEOPT_HEADER_STRICT
);
430 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
431 * Option : "^([-a-zA-Z]+): (.+)$"
435 if (con
->conf
.log_request_header
) {
436 log_error_write(srv
, __FILE__
, __LINE__
, "sdsdSb",
438 "request-len:", buffer_string_length(con
->request
.request
),
439 "\n", con
->request
.request
);
442 if (con
->request_count
> 1 &&
443 con
->request
.request
->ptr
[0] == '\r' &&
444 con
->request
.request
->ptr
[1] == '\n') {
445 /* we are in keep-alive and might get \r\n after a previous POST request.*/
447 /* coverity[overflow_sink : FALSE] */
448 buffer_copy_string_len(con
->parse_request
, con
->request
.request
->ptr
+ 2, buffer_string_length(con
->request
.request
) - 2);
450 /* fill the local request buffer */
451 buffer_copy_buffer(con
->parse_request
, con
->request
.request
);
457 /* parse the first line of the request
461 * <method> <uri> <protocol>\r\n
463 ilen
= buffer_string_length(con
->parse_request
);
464 for (i
= 0, first
= 0; i
< ilen
&& line
== 0; i
++) {
465 switch(con
->parse_request
->ptr
[i
]) {
467 if (con
->parse_request
->ptr
[i
+1] == '\n') {
473 con
->parse_request
->ptr
[i
] = '\0';
474 con
->parse_request
->ptr
[i
+1] = '\0';
476 buffer_copy_string_len(con
->request
.request_line
, con
->parse_request
->ptr
, i
);
478 if (request_line_stage
!= 2) {
479 con
->http_status
= 400;
480 con
->response
.keep_alive
= 0;
483 if (srv
->srvconf
.log_request_header_on_error
) {
484 log_error_write(srv
, __FILE__
, __LINE__
, "s", "incomplete request line -> 400");
485 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
487 con
->request
.request
);
492 proto
= con
->parse_request
->ptr
+ first
;
497 /* we got the first one :) */
498 if (HTTP_METHOD_UNSET
== (r
= get_http_method_key(method
))) {
499 con
->http_status
= 501;
500 con
->response
.keep_alive
= 0;
503 if (srv
->srvconf
.log_request_header_on_error
) {
504 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown http-method -> 501");
505 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
507 con
->request
.request
);
513 con
->request
.http_method
= r
;
518 * HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
521 if (0 == strncmp(proto
, "HTTP/", sizeof("HTTP/") - 1)) {
522 char * major
= proto
+ sizeof("HTTP/") - 1;
523 char * minor
= strchr(major
, '.');
525 int major_num
= 0, minor_num
= 0;
527 int invalid_version
= 0;
529 if (NULL
== minor
|| /* no dot */
530 minor
== major
|| /* no major */
531 *(minor
+ 1) == '\0' /* no minor */) {
535 major_num
= strtol(major
, &err
, 10);
537 if (*err
!= '\0') invalid_version
= 1;
540 minor_num
= strtol(minor
, &err
, 10);
542 if (*err
!= '\0') invalid_version
= 1;
545 if (invalid_version
) {
546 con
->http_status
= 400;
549 if (srv
->srvconf
.log_request_header_on_error
) {
550 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown protocol -> 400");
551 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
553 con
->request
.request
);
558 if (major_num
== 1 && minor_num
== 1) {
559 con
->request
.http_version
= con
->conf
.allow_http11
? HTTP_VERSION_1_1
: HTTP_VERSION_1_0
;
560 } else if (major_num
== 1 && minor_num
== 0) {
561 con
->request
.http_version
= HTTP_VERSION_1_0
;
563 con
->http_status
= 505;
565 if (srv
->srvconf
.log_request_header_on_error
) {
566 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown HTTP version -> 505");
567 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
569 con
->request
.request
);
574 con
->http_status
= 400;
577 if (srv
->srvconf
.log_request_header_on_error
) {
578 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown protocol -> 400");
579 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
581 con
->request
.request
);
586 if (0 == strncmp(uri
, "http://", 7) &&
587 NULL
!= (nuri
= strchr(uri
+ 7, '/'))) {
588 reqline_host
= uri
+ 7;
589 reqline_hostlen
= nuri
- reqline_host
;
591 buffer_copy_string_len(con
->request
.uri
, nuri
, proto
- nuri
- 1);
592 } else if (0 == strncmp(uri
, "https://", 8) &&
593 NULL
!= (nuri
= strchr(uri
+ 8, '/'))) {
594 reqline_host
= uri
+ 8;
595 reqline_hostlen
= nuri
- reqline_host
;
597 buffer_copy_string_len(con
->request
.uri
, nuri
, proto
- nuri
- 1);
599 /* everything looks good so far */
600 buffer_copy_string_len(con
->request
.uri
, uri
, proto
- uri
- 1);
603 /* check uri for invalid characters */
604 jlen
= buffer_string_length(con
->request
.uri
);
605 if (http_header_strict
) {
606 for (j
= 0; j
< jlen
&& request_uri_is_valid_char(con
->request
.uri
->ptr
[j
]); j
++) ;
608 char *z
= memchr(con
->request
.uri
->ptr
, '\0', jlen
);
609 j
= (NULL
== z
) ? jlen
: (size_t)(z
- con
->request
.uri
->ptr
);
612 con
->http_status
= 400;
615 if (srv
->srvconf
.log_request_header_on_error
) {
616 unsigned char buf
[2];
617 buf
[0] = con
->request
.uri
->ptr
[j
];
620 if (con
->request
.uri
->ptr
[j
] > 32 &&
621 con
->request
.uri
->ptr
[j
] != 127) {
622 /* the character is printable -> print it */
623 log_error_write(srv
, __FILE__
, __LINE__
, "ss",
624 "invalid character in URI -> 400",
627 /* a control-character, print ascii-code */
628 log_error_write(srv
, __FILE__
, __LINE__
, "sd",
629 "invalid character in URI -> 400",
630 con
->request
.uri
->ptr
[j
]);
633 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
635 con
->request
.request
);
641 buffer_copy_buffer(con
->request
.orig_uri
, con
->request
.uri
);
643 con
->http_status
= 0;
651 switch(request_line_stage
) {
654 method
= con
->parse_request
->ptr
+ first
;
659 uri
= con
->parse_request
->ptr
+ first
;
663 /* ERROR, one space to much */
664 con
->http_status
= 400;
665 con
->response
.keep_alive
= 0;
668 if (srv
->srvconf
.log_request_header_on_error
) {
669 log_error_write(srv
, __FILE__
, __LINE__
, "s", "overlong request line -> 400");
670 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
672 con
->request
.request
);
677 request_line_stage
++;
684 if (buffer_string_is_empty(con
->request
.uri
)) {
685 con
->http_status
= 400;
686 con
->response
.keep_alive
= 0;
689 if (srv
->srvconf
.log_request_header_on_error
) {
690 log_error_write(srv
, __FILE__
, __LINE__
, "s", "no uri specified -> 400");
691 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
693 con
->request
.request
);
699 /* Insert as host header */
702 if (NULL
== (ds
= (data_string
*)array_get_unused_element(con
->request
.headers
, TYPE_STRING
))) {
703 ds
= data_string_init();
706 buffer_copy_string_len(ds
->key
, CONST_STR_LEN("Host"));
707 buffer_copy_string_len(ds
->value
, reqline_host
, reqline_hostlen
);
708 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
709 con
->request
.http_host
= ds
->value
;
712 for (; i
<= ilen
&& !done
; i
++) {
713 char *cur
= con
->parse_request
->ptr
+ i
;
720 * 1*<any CHAR except CTLs or separators>
721 * CTLs == 0-31 + 127, CHAR = 7-bit ascii (0..127)
730 if (is_ws_after_key
== 0) {
752 con
->http_status
= 400;
754 con
->response
.keep_alive
= 0;
756 if (srv
->srvconf
.log_request_header_on_error
) {
757 log_error_write(srv
, __FILE__
, __LINE__
, "sbsds",
758 "invalid character in key", con
->request
.request
, cur
, *cur
, "-> 400");
760 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
762 con
->request
.request
);
778 /* skip every thing up to the : */
779 for (j
= 1; !got_colon
; j
++) {
780 switch(con
->parse_request
->ptr
[j
+ i
]) {
786 /* ok, done; handle the colon the usual way */
790 is_ws_after_key
= 1; /* we already know the key length */
796 if (srv
->srvconf
.log_request_header_on_error
) {
797 log_error_write(srv
, __FILE__
, __LINE__
, "s", "WS character in key -> 400");
798 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
800 con
->request
.request
);
803 con
->http_status
= 400;
804 con
->response
.keep_alive
= 0;
813 if (con
->parse_request
->ptr
[i
+1] == '\n' && i
== first
) {
815 con
->parse_request
->ptr
[i
] = '\0';
816 con
->parse_request
->ptr
[i
+1] = '\0';
822 if (srv
->srvconf
.log_request_header_on_error
) {
823 log_error_write(srv
, __FILE__
, __LINE__
, "s", "CR without LF -> 400");
824 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
826 con
->request
.request
);
829 con
->http_status
= 400;
831 con
->response
.keep_alive
= 0;
836 if (http_header_strict
? (*cur
< 32 || ((unsigned char)*cur
) >= 127) : *cur
== '\0') {
837 con
->http_status
= 400;
839 con
->response
.keep_alive
= 0;
841 if (srv
->srvconf
.log_request_header_on_error
) {
842 log_error_write(srv
, __FILE__
, __LINE__
, "sbsds",
843 "invalid character in key", con
->request
.request
, cur
, *cur
, "-> 400");
845 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
847 con
->request
.request
);
858 if (con
->parse_request
->ptr
[i
+1] == '\n') {
859 data_string
*ds
= NULL
;
861 /* End of Headerline */
862 con
->parse_request
->ptr
[i
] = '\0';
863 con
->parse_request
->ptr
[i
+1] = '\0';
868 * we use a evil hack to handle the line-folding
870 * As array_insert_unique() deletes 'ds' in the case of a duplicate
871 * ds points somewhere and we get a evil crash. As a solution we keep the old
872 * "key" and get the current value from the hash and append us
876 if (!key
|| !key_len
) {
879 if (srv
->srvconf
.log_request_header_on_error
) {
880 log_error_write(srv
, __FILE__
, __LINE__
, "s", "WS at the start of first line -> 400");
882 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
884 con
->request
.request
);
888 con
->http_status
= 400;
890 con
->response
.keep_alive
= 0;
894 key_b
= buffer_init();
895 buffer_copy_string_len(key_b
, key
, key_len
);
897 if (NULL
!= (ds
= (data_string
*)array_get_element(con
->request
.headers
, key_b
->ptr
))) {
898 buffer_append_string(ds
->value
, value
);
904 key
= con
->parse_request
->ptr
+ first
;
908 /* strip trailing white-spaces */
910 (value
[s_len
- 1] == ' ' ||
911 value
[s_len
- 1] == '\t'); s_len
--);
917 if (NULL
== (ds
= (data_string
*)array_get_unused_element(con
->request
.headers
, TYPE_STRING
))) {
918 ds
= data_string_init();
920 buffer_copy_string_len(ds
->key
, key
, key_len
);
921 buffer_copy_string_len(ds
->value
, value
, s_len
);
926 * the list of options is sorted to simplify the search
929 if (0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Connection")))) {
935 vals
= srv
->split_vals
;
939 http_request_split_value(vals
, ds
->value
);
941 for (vi
= 0; vi
< vals
->used
; vi
++) {
942 data_string
*dsv
= (data_string
*)vals
->data
[vi
];
944 if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv
->value
), CONST_STR_LEN("keep-alive"))) {
945 keep_alive_set
= HTTP_CONNECTION_KEEPALIVE
;
948 } else if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv
->value
), CONST_STR_LEN("close"))) {
949 keep_alive_set
= HTTP_CONNECTION_CLOSE
;
955 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Content-Length")))) {
960 if (con_length_set
) {
961 con
->http_status
= 400;
964 if (srv
->srvconf
.log_request_header_on_error
) {
965 log_error_write(srv
, __FILE__
, __LINE__
, "s",
966 "duplicate Content-Length-header -> 400");
967 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
969 con
->request
.request
);
971 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
975 jlen
= buffer_string_length(ds
->value
);
976 for (j
= 0; j
< jlen
; j
++) {
977 char c
= ds
->value
->ptr
[j
];
978 if (!isdigit((unsigned char)c
)) {
979 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
980 "content-length broken:", ds
->value
, "-> 400");
982 con
->http_status
= 400;
985 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
990 r
= strtoul(ds
->value
->ptr
, &err
, 10);
994 con
->request
.content_length
= r
;
996 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
997 "content-length broken:", ds
->value
, "-> 400");
999 con
->http_status
= 400;
1000 con
->keep_alive
= 0;
1002 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1005 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Content-Type")))) {
1006 /* if dup, only the first one will survive */
1007 if (!con
->request
.http_content_type
) {
1008 con
->request
.http_content_type
= ds
->value
->ptr
;
1010 con
->http_status
= 400;
1011 con
->keep_alive
= 0;
1013 if (srv
->srvconf
.log_request_header_on_error
) {
1014 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1015 "duplicate Content-Type-header -> 400");
1016 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1017 "request-header:\n",
1018 con
->request
.request
);
1020 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1023 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Expect")))) {
1025 * Expect: 100-continue
1027 * -> (10.1.1) 100 (read content, process request, send final status-code)
1028 * -> (10.4.18) 417 (close)
1030 * (not handled at all yet, we always send 417 here)
1032 * What has to be added ?
1033 * 1. handling of chunked request body
1034 * 2. out-of-order sending from the HTTP/1.1 100 Continue
1039 if (srv
->srvconf
.reject_expect_100_with_417
&& 0 == buffer_caseless_compare(CONST_BUF_LEN(ds
->value
), CONST_STR_LEN("100-continue"))) {
1040 con
->http_status
= 417;
1041 con
->keep_alive
= 0;
1042 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1045 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Host")))) {
1047 /* ignore all host: headers as we got the host in the request line */
1048 ds
->free((data_unset
*) ds
);
1050 } else if (!con
->request
.http_host
) {
1051 con
->request
.http_host
= ds
->value
;
1053 con
->http_status
= 400;
1054 con
->keep_alive
= 0;
1056 if (srv
->srvconf
.log_request_header_on_error
) {
1057 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1058 "duplicate Host-header -> 400");
1059 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1060 "request-header:\n",
1061 con
->request
.request
);
1063 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1066 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("If-Modified-Since")))) {
1067 /* Proxies sometimes send dup headers
1068 * if they are the same we ignore the second
1069 * if not, we raise an error */
1070 if (!con
->request
.http_if_modified_since
) {
1071 con
->request
.http_if_modified_since
= ds
->value
->ptr
;
1072 } else if (0 == strcasecmp(con
->request
.http_if_modified_since
,
1074 /* ignore it if they are the same */
1076 ds
->free((data_unset
*)ds
);
1079 con
->http_status
= 400;
1080 con
->keep_alive
= 0;
1082 if (srv
->srvconf
.log_request_header_on_error
) {
1083 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1084 "duplicate If-Modified-Since header -> 400");
1085 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1086 "request-header:\n",
1087 con
->request
.request
);
1089 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1092 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("If-None-Match")))) {
1093 /* if dup, only the first one will survive */
1094 if (!con
->request
.http_if_none_match
) {
1095 con
->request
.http_if_none_match
= ds
->value
->ptr
;
1097 ds
->free((data_unset
*) ds
);
1100 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Range")))) {
1101 if (!con
->request
.http_range
) {
1104 if (0 == strncasecmp(ds
->value
->ptr
, "bytes=", 6) &&
1105 NULL
!= strchr(ds
->value
->ptr
+6, '-')) {
1107 /* if dup, only the first one will survive */
1108 con
->request
.http_range
= ds
->value
->ptr
+ 6;
1111 con
->http_status
= 400;
1112 con
->keep_alive
= 0;
1114 if (srv
->srvconf
.log_request_header_on_error
) {
1115 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1116 "duplicate Range-header -> 400");
1117 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1118 "request-header:\n",
1119 con
->request
.request
);
1121 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1126 if (ds
) array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1128 /* empty header-fields are not allowed by HTTP-RFC, we just ignore them */
1138 * for Bug 1230 keep the key_len a live
1144 if (srv
->srvconf
.log_request_header_on_error
) {
1145 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
1146 "CR without LF", con
->request
.request
, "-> 400");
1149 con
->http_status
= 400;
1150 con
->keep_alive
= 0;
1151 con
->response
.keep_alive
= 0;
1157 /* strip leading WS */
1158 if (value
== cur
) value
= cur
+1;
1161 if (http_header_strict
? (*cur
>= 0 && *cur
< 32) : *cur
== '\0') {
1162 if (srv
->srvconf
.log_request_header_on_error
) {
1163 log_error_write(srv
, __FILE__
, __LINE__
, "sds",
1164 "invalid char in header", (int)*cur
, "-> 400");
1167 con
->http_status
= 400;
1168 con
->keep_alive
= 0;
1177 con
->header_len
= i
;
1179 /* do some post-processing */
1181 if (con
->request
.http_version
== HTTP_VERSION_1_1
) {
1182 if (keep_alive_set
!= HTTP_CONNECTION_CLOSE
) {
1183 /* no Connection-Header sent */
1185 /* HTTP/1.1 -> keep-alive default TRUE */
1186 con
->keep_alive
= 1;
1188 con
->keep_alive
= 0;
1191 /* RFC 2616, 14.23 */
1192 if (con
->request
.http_host
== NULL
||
1193 buffer_string_is_empty(con
->request
.http_host
)) {
1194 con
->http_status
= 400;
1195 con
->response
.keep_alive
= 0;
1196 con
->keep_alive
= 0;
1198 if (srv
->srvconf
.log_request_header_on_error
) {
1199 log_error_write(srv
, __FILE__
, __LINE__
, "s", "HTTP/1.1 but Host missing -> 400");
1200 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1201 "request-header:\n",
1202 con
->request
.request
);
1207 if (keep_alive_set
== HTTP_CONNECTION_KEEPALIVE
) {
1208 /* no Connection-Header sent */
1210 /* HTTP/1.0 -> keep-alive default FALSE */
1211 con
->keep_alive
= 1;
1213 con
->keep_alive
= 0;
1217 /* check hostname field if it is set */
1218 if (!buffer_is_empty(con
->request
.http_host
) &&
1219 (((con
->conf
.http_parseopts
& HTTP_PARSEOPT_HOST_STRICT
) &&
1220 0 != request_check_hostname(con
->request
.http_host
))
1221 || ((con
->conf
.http_parseopts
& HTTP_PARSEOPT_HOST_NORMALIZE
) &&
1222 0 != http_request_host_normalize(con
->request
.http_host
)))) {
1224 if (srv
->srvconf
.log_request_header_on_error
) {
1225 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1226 "Invalid Hostname -> 400");
1227 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1228 "request-header:\n",
1229 con
->request
.request
);
1232 con
->http_status
= 400;
1233 con
->response
.keep_alive
= 0;
1234 con
->keep_alive
= 0;
1239 switch(con
->request
.http_method
) {
1240 case HTTP_METHOD_GET
:
1241 case HTTP_METHOD_HEAD
:
1242 /* content-length is forbidden for those */
1243 if (con_length_set
&& con
->request
.content_length
!= 0) {
1244 /* content-length is missing */
1245 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1246 "GET/HEAD with content-length -> 400");
1248 con
->keep_alive
= 0;
1249 con
->http_status
= 400;
1253 case HTTP_METHOD_POST
:
1254 /* content-length is required for them */
1255 if (!con_length_set
) {
1256 /* content-length is missing */
1257 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1258 "POST-request, but content-length missing -> 411");
1260 con
->keep_alive
= 0;
1261 con
->http_status
= 411;
1267 /* require Content-Length if request contains request body */
1268 if (array_get_element(con
->request
.headers
, "Transfer-Encoding")) {
1269 /* presence of Transfer-Encoding in request headers requires "chunked"
1270 * be final encoding in HTTP/1.1. Return 411 Length Required as
1271 * lighttpd does not support request input transfer-encodings */
1272 con
->keep_alive
= 0;
1273 con
->http_status
= 411; /* 411 Length Required */
1280 /* check if we have read post data */
1281 if (con_length_set
) {
1282 /* don't handle more the SSIZE_MAX bytes in content-length */
1283 if (con
->request
.content_length
> SSIZE_MAX
) {
1284 con
->http_status
= 413;
1285 con
->keep_alive
= 0;
1287 log_error_write(srv
, __FILE__
, __LINE__
, "sos",
1288 "request-size too long:", (off_t
) con
->request
.content_length
, "-> 413");
1292 /* we have content */
1293 if (con
->request
.content_length
!= 0) {
1301 int http_request_header_finished(server
*srv
, connection
*con
) {
1304 if (buffer_string_length(con
->request
.request
) < 4) return 0;
1306 if (0 == memcmp(con
->request
.request
->ptr
+ buffer_string_length(con
->request
.request
) - 4, CONST_STR_LEN("\r\n\r\n"))) return 1;
1307 if (NULL
!= strstr(con
->request
.request
->ptr
, "\r\n\r\n")) return 1;