| blob | d25e1e70df53aacc160deded4c051c81ce90201b |
11 #include <limits.h>
12 #include <stdlib.h>
13 #include <string.h>
24 /*
25 * hostport = host [ ":" port ]
26 * host = hostname | IPv4address | IPv6address
27 * hostname = *( domainlabel "." ) toplabel [ "." ]
28 * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
29 * toplabel = alpha | alpha *( alphanum | "-" ) alphanum
30 * IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit
31 * IPv6address = "[" ... "]"
32 * port = *digit
33 */
35 /* IPv6 adress */
40 /* check the address inside [...] */
45 }
48 }
49 }
51 /* missing ] */
54 }
56 /* check port */
61 }
62 }
63 }
65 /* only a port is allowed to follow [...] */
67 }
69 }
76 /* check portnumber */
79 }
81 /* remove the port from the host-len */
83 }
85 /* Host is empty */
88 /* if the hostname ends in a "." strip it */
90 /* shift port info one left */
94 }
97 /* scan from the right and skip the \0 */
104 /* only switch stage, if this is not the last character */
108 }
110 /* check the first character at right of the dot */
114 }
120 /* just digits */
122 }
127 level++;
129 /* just a dot and nothing else is evil */
131 }
133 /* the first character of the hostname */
136 }
137 label_len++;
141 }
144 }
145 label_len++;
146 }
154 }
157 level++;
161 label_len++;
162 }
167 }
169 /* c is either - or alphanum here */
172 }
175 level++;
179 }
180 label_len++;
184 }
185 label_len++;
186 }
187 }
190 }
191 }
193 /* a IP has to consist of 4 parts */
196 }
200 }
203 }
206 /*
207 * check for and canonicalize numeric IP address and portnum (optional)
208 * (IP address may be followed by ":portnum" (optional))
209 * - IPv6: "[...]"
210 * - IPv4: "x.x.x.x"
211 * - IPv4: 12345678 (32-bit decimal number)
212 * - IPv4: 012345678 (32-bit octal number)
213 * - IPv4: 0x12345678 (32-bit hex number)
214 *
215 * allow any chars (except ':' and '\0' and stray '[' or ']')
216 * (other code may check chars more strictly or more pedantically)
217 * ':' delimits (optional) port at end of string
218 * "[]" wraps IPv6 address literal
219 * '\0' should have been rejected earlier were it present
220 *
221 * any chars includes, but is not limited to:
222 * - allow '-' any where, even at beginning of word
223 * (security caution: might be confused for cmd flag if passed to shell)
224 * - allow all-digit TLDs
225 * (might be mistaken for IPv4 addr by inet_aton()
226 * unless non-digits appear in subdomain)
227 */
229 /* Note: not using getaddrinfo() since it does not support "[]" around IPv6
230 * and is not as lenient as inet_aton() and inet_addr() for IPv4 strings.
231 * Not using inet_pton() (when available) on IPv4 for similar reasons. */
245 /* valid port */
248 }
251 }
254 /* (IPv4 address literal or domain starting w/ digit (e.g. 3com))*/
255 /* (check one-element cache of normalized IPv4 address string) */
258 sock_addr addr;
264 }
267 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON)
269 /* (check one-element cache of normalized IPv4 address string) */
271 sock_addr addr;
282 }
287 /* valid port */
290 }
291 }
292 }
296 /* truncate after ']' and re-add normalized port, if needed */
299 }
316 }
321 #else
325 #endif
331 }
334 }
337 {
339 }
346 }
351 /*
352 * parse
353 *
354 * val1, val2, val3, val4
355 *
356 * into a array (more or less a explode() incl. stripping of whitespaces
357 */
370 /* found real data, switch to state 1 to find the end of the token */
374 }
380 /* space - don't update token_end */
388 /* no white space, update token_end to include current character */
391 }
393 }
394 }
397 }
401 }
403 __attribute_cold__
404 __attribute_noinline__
408 }
410 }
412 __attribute_cold__
413 __attribute_noinline__
419 }
422 }
423 }
425 }
428 HTTP_CONNECTION_UNSET,
429 HTTP_CONNECTION_KEEPALIVE,
430 HTTP_CONNECTION_CLOSE,
431 };
447 }
449 /* add header to list of headers
450 * certain headers are also parsed
451 * might drop a header if deemed unnecessary/broken
452 *
453 * returns 0 on success, HTTP status on error
454 */
455 static int parse_single_header(server *srv, connection *con, parse_header_state *state, char *k, size_t klen, char *v, size_t vlen) {
459 /* strip leading whitespace */
462 /* strip trailing whitespace */
465 /* empty header-fields are not allowed by HTTP-RFC, we just ignore them */
468 /*
469 * Note: k might not be '\0'-terminated
470 */
473 /*case HTTP_HEADER_OTHER:*/
481 }
482 }
484 /* ignore all Host: headers as we got Host in request line */
486 }
489 }
492 {
502 }
507 }
508 }
509 }
514 }
517 /* if dup, only the first one will survive */
520 }
529 }
532 }
533 }
536 }
540 /* Proxies sometimes send dup headers
541 * if they are the same we ignore the second
542 * if not, we raise an error */
547 /* ignore it if they are the same */
549 }
552 }
553 }
555 }
562 }
565 }
567 static size_t http_request_parse_reqline(server *srv, connection *con, buffer *hdrs, parse_header_state *state) {
572 const unsigned int http_header_strict = (con->conf.http_parseopts & HTTP_PARSEOPT_HEADER_STRICT);
574 /* hdrs must end with '\n' (already checked before parsing headers) */
575 #ifdef __COVERITY__
577 #endif
579 /*
580 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
581 * Option : "^([-a-zA-Z]+): (.+)$"
582 * End : "^$"
583 */
585 /* parse the first line of the request
586 *
587 * should be:
588 *
589 * <method> <uri> <protocol>\r\n
590 * */
595 else return http_request_header_line_invalid(srv, 400, "overlong request line; extra space -> 400"); /* ERROR, one space to much */
596 }
597 }
601 {
605 /* \r\n -> \0\0 */
606 #ifdef __COVERITY__
608 #endif
613 }
617 }
622 }
624 /*
625 * RFC7230:
626 * HTTP-version = HTTP-name "/" DIGIT "." DIGIT
627 * HTTP-name = %x48.54.54.50 ; "HTTP", case-sensitive
628 */
634 }
637 }
642 /* (common case) */
657 || (HTTP_METHOD_CONNECT == con->request.http_method && (uri[0] == ':' || light_isdigit(uri[0])))
662 }
664 /* check uri for invalid characters */
674 }
676 return http_request_header_char_invalid(srv, con->request.uri->ptr[j], "invalid character in URI -> 400");
677 }
680 }
683 /* Insert as host header */
686 }
687 http_header_request_set(con, HTTP_HEADER_HOST, CONST_STR_LEN("Host"), state->reqline_host, state->reqline_hostlen);
689 }
692 }
698 const unsigned int http_header_strict = (con->conf.http_parseopts & HTTP_PARSEOPT_HEADER_STRICT);
701 parse_header_state state;
711 }
718 /**
719 * 1*<any CHAR except CTLs or separators>
720 * CTLs == 0-31 + 127, CHAR = 7-bit ascii (0..127)
721 *
722 */
726 /* skip every thing up to the : */
730 }
731 /* fall through */
757 /* End of Header */
761 }
767 /* End of Header */
769 }
770 /* fall through */
774 }
775 /* ok */
777 }
783 }
789 }
791 /* fall through */
796 }
801 }
802 }
804 /* End of Headerline */
820 }
822 }
823 }
824 }
826 /* do some post-processing */
830 /* no Connection-Header sent */
832 /* HTTP/1.1 -> keep-alive default TRUE */
836 }
838 /* RFC 2616, 14.23 */
842 }
845 /* no Connection-Header sent */
847 /* HTTP/1.0 -> keep-alive default FALSE */
851 }
852 }
854 /* check hostname field if it is set */
858 }
861 buffer *vb = http_header_request_get(con, HTTP_HEADER_TRANSFER_ENCODING, CONST_STR_LEN("Transfer-Encoding"));
864 return http_request_header_line_invalid(srv, 400, "HTTP/1.0 with Transfer-Encoding (bad HTTP/1.0 proxy?) -> 400");
865 }
868 /* Transfer-Encoding might contain additional encodings,
869 * which are not currently supported by lighttpd */
871 }
873 /* reset value for Transfer-Encoding, a hop-by-hop header,
874 * which must not be blindly forwarded to backends */
875 http_header_request_unset(con, HTTP_HEADER_TRANSFER_ENCODING, CONST_STR_LEN("Transfer-Encoding"));
877 /*(note: ignore whether or not Content-Length was provided)*/
880 }
884 }
885 }
888 }
893 /* content-length is forbidden for those */
897 }
900 /* content-length is required for them */
902 return http_request_header_line_invalid(srv, 411, "POST-request, but content-length missing -> 411");
903 }
907 }
910 }