14 static int request_check_hostname(buffer
*host
) {
15 enum { DOMAINLABEL
, TOPLABEL
} stage
= TOPLABEL
;
18 size_t host_len
, hostport_len
;
20 int is_ip
= -1; /* -1 don't know yet, 0 no, 1 yes */
24 * hostport = host [ ":" port ]
25 * host = hostname | IPv4address | IPv6address
26 * hostname = *( domainlabel "." ) toplabel [ "." ]
27 * domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
28 * toplabel = alpha | alpha *( alphanum | "-" ) alphanum
29 * IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit
30 * IPv6address = "[" ... "]"
35 if (host
->ptr
[0] == '[') {
36 char *c
= host
->ptr
+ 1;
39 /* check the address inside [...] */
40 for (; *c
&& *c
!= ']'; c
++) {
42 if (++colon_cnt
> 7) {
45 } else if (!light_isxdigit(*c
) && '.' != *c
) {
57 for (c
+= 2; *c
; c
++) {
58 if (!light_isdigit(*c
)) {
63 else if ('\0' != *(c
+1)) {
64 /* only a port is allowed to follow [...] */
70 hostport_len
= host_len
= buffer_string_length(host
);
72 if (NULL
!= (colon
= memchr(host
->ptr
, ':', host_len
))) {
75 /* check portnumber */
77 if (!light_isdigit(*c
)) return -1;
80 /* remove the port from the host-len */
81 host_len
= colon
- host
->ptr
;
85 if (host_len
== 0) return -1;
87 /* if the hostname ends in a "." strip it */
88 if (host
->ptr
[host_len
-1] == '.') {
89 /* shift port info one left */
90 if (NULL
!= colon
) memmove(colon
-1, colon
, hostport_len
- host_len
);
91 buffer_string_set_length(host
, --hostport_len
);
92 if (--host_len
== 0) return -1;
96 /* scan from the right and skip the \0 */
97 for (i
= host_len
; i
-- > 0; ) {
98 const char c
= host
->ptr
[i
];
103 /* only switch stage, if this is not the last character */
104 if (i
!= host_len
- 1) {
105 if (label_len
== 0) {
109 /* check the first character at right of the dot */
111 if (!light_isalnum(host
->ptr
[i
+1])) {
114 } else if (!light_isdigit(host
->ptr
[i
+1])) {
116 } else if ('-' == host
->ptr
[i
+1]) {
128 /* just a dot and nothing else is evil */
132 /* the first character of the hostname */
133 if (!light_isalnum(c
)) {
138 if (c
!= '-' && !light_isalnum(c
)) {
142 if (!light_isdigit(c
)) is_ip
= 0;
151 if (label_len
== 0) {
157 } else if (!light_isdigit(c
)) {
164 if (label_len
== 0) {
168 /* c is either - or alphanum here */
169 if ('-' == host
->ptr
[i
+1]) {
176 if (!light_isalnum(c
)) {
181 if (c
!= '-' && !light_isalnum(c
)) {
192 /* a IP has to consist of 4 parts */
193 if (is_ip
== 1 && level
!= 3) {
197 if (label_len
== 0) {
204 int http_request_host_normalize(buffer
*b
, int scheme_port
) {
206 * check for and canonicalize numeric IP address and portnum (optional)
207 * (IP address may be followed by ":portnum" (optional))
210 * - IPv4: 12345678 (32-bit decimal number)
211 * - IPv4: 012345678 (32-bit octal number)
212 * - IPv4: 0x12345678 (32-bit hex number)
214 * allow any chars (except ':' and '\0' and stray '[' or ']')
215 * (other code may check chars more strictly or more pedantically)
216 * ':' delimits (optional) port at end of string
217 * "[]" wraps IPv6 address literal
218 * '\0' should have been rejected earlier were it present
220 * any chars includes, but is not limited to:
221 * - allow '-' any where, even at beginning of word
222 * (security caution: might be confused for cmd flag if passed to shell)
223 * - allow all-digit TLDs
224 * (might be mistaken for IPv4 addr by inet_aton()
225 * unless non-digits appear in subdomain)
228 /* Note: not using getaddrinfo() since it does not support "[]" around IPv6
229 * and is not as lenient as inet_aton() and inet_addr() for IPv4 strings.
230 * Not using inet_pton() (when available) on IPv4 for similar reasons. */
232 const char * const p
= b
->ptr
;
233 const size_t blen
= buffer_string_length(b
);
237 char * const colon
= (char *)memchr(p
, ':', blen
);
239 if (*p
== ':') return -1; /*(empty host then port, or naked IPv6)*/
240 if (colon
[1] != '\0') {
242 port
= strtol(colon
+1, &e
, 0); /*(allow decimal, octal, hex)*/
243 if (0 < port
&& port
<= USHRT_MAX
&& *e
== '\0') {
248 } /*(else ignore stray colon at string end)*/
249 buffer_string_set_length(b
, (size_t)(colon
- p
)); /*(remove port str)*/
252 if (light_isdigit(*p
)) {
253 /* (IPv4 address literal or domain starting w/ digit (e.g. 3com))*/
255 if (1 == sock_addr_inet_pton(&addr
, p
, AF_INET
, 0)) {
256 sock_addr_inet_ntop_copy_buffer(b
, &addr
);
259 } else { /* IPv6 addr */
260 #if defined(HAVE_IPV6) && defined(HAVE_INET_PTON)
263 char *bracket
= b
->ptr
+blen
-1;
264 char *percent
= strchr(b
->ptr
+1, '%');
267 char buf
[INET6_ADDRSTRLEN
+16]; /*(+16 for potential %interface name)*/
268 if (blen
<= 2) return -1; /*(invalid "[]")*/
269 if (*bracket
!= ']') {
270 bracket
= (char *)memchr(b
->ptr
+1, ']', blen
-1);
271 if (NULL
== bracket
|| bracket
[1] != ':' || bracket
- b
->ptr
== 1){
274 if (bracket
[2] != '\0') { /*(ignore stray colon at string end)*/
276 port
= strtol(bracket
+2, &e
, 0); /*(allow decimal, octal, hex)*/
277 if (0 < port
&& port
<= USHRT_MAX
&& *e
== '\0') {
285 *bracket
= '\0';/*(terminate IPv6 string)*/
286 if (percent
) *percent
= '\0'; /*(remove %interface from address)*/
287 rc
= sock_addr_inet_pton(&addr
, b
->ptr
+1, AF_INET6
, 0);
288 if (percent
) *percent
= '%'; /*(restore %interface)*/
289 *bracket
= ']'; /*(restore bracket)*/
290 if (1 != rc
) return -1;
292 sock_addr_inet_ntop(&addr
, buf
, sizeof(buf
));
295 if (percent
> bracket
) return -1;
296 if (len
+ (size_t)(bracket
- percent
) >= sizeof(buf
)) return -1;
297 memcpy(buf
+len
, percent
, (size_t)(bracket
- percent
));
298 len
+= (size_t)(bracket
- percent
);
300 buffer_string_set_length(b
, 1); /* truncate after '[' */
301 buffer_append_string_len(b
, buf
, len
);
302 buffer_append_string_len(b
, CONST_STR_LEN("]"));
311 if (0 != port
&& port
!= scheme_port
) {
312 buffer_append_string_len(b
, CONST_STR_LEN(":"));
313 buffer_append_int(b
, (int)port
);
319 static int scheme_port (const buffer
*scheme
)
321 return buffer_is_equal_string(scheme
, CONST_STR_LEN("https")) ? 443 : 80;
324 int http_request_host_policy (connection
*con
, buffer
*b
, const buffer
*scheme
) {
325 return (((con
->conf
.http_parseopts
& HTTP_PARSEOPT_HOST_STRICT
)
326 && 0 != request_check_hostname(b
))
327 || ((con
->conf
.http_parseopts
& HTTP_PARSEOPT_HOST_NORMALIZE
)
328 && 0 != http_request_host_normalize(b
, scheme_port(scheme
))));
335 static int http_request_split_value(array
*vals
, buffer
*b
) {
340 const char *token_start
= NULL
, *token_end
= NULL
;
344 * val1, val2, val3, val4
346 * into a array (more or less a explode() incl. striping of whitespaces
349 if (buffer_string_is_empty(b
)) return 0;
352 len
= buffer_string_length(b
);
353 for (i
= 0; i
<= len
; ++i
, ++current
) {
357 case 0: /* find start of a token */
360 case '\t': /* skip white space */
361 case ',': /* skip empty token */
363 case '\0': /* end of string */
366 /* found real data, switch to state 1 to find the end of the token */
367 token_start
= token_end
= current
;
372 case 1: /* find end of token and last non white space character */
376 /* space - don't update token_end */
379 case '\0': /* end of string also marks the end of a token */
380 if (NULL
== (ds
= (data_string
*)array_get_unused_element(vals
, TYPE_STRING
))) {
381 ds
= data_string_init();
384 buffer_copy_string_len(ds
->value
, token_start
, token_end
-token_start
+1);
385 array_insert_unique(vals
, (data_unset
*)ds
);
390 /* no white space, update token_end to include current character */
401 static int request_uri_is_valid_char(unsigned char c
) {
402 if (c
<= 32) return 0;
403 if (c
== 127) return 0;
404 if (c
== 255) return 0;
409 static int http_request_missing_CR_before_LF(server
*srv
, connection
*con
) {
410 if (srv
->srvconf
.log_request_header_on_error
) {
411 log_error_write(srv
, __FILE__
, __LINE__
, "s", "missing CR before LF in header -> 400");
412 log_error_write(srv
, __FILE__
, __LINE__
, "Sb", "request-header:\n", con
->request
.request
);
415 con
->http_status
= 400;
417 con
->response
.keep_alive
= 0;
421 int http_request_parse(server
*srv
, connection
*con
) {
422 char *uri
= NULL
, *proto
= NULL
, *method
= NULL
, con_length_set
;
423 int is_key
= 1, key_len
= 0, is_ws_after_key
= 0, in_folding
;
424 char *value
= NULL
, *key
= NULL
;
425 char *reqline_host
= NULL
;
426 int reqline_hostlen
= 0;
428 enum { HTTP_CONNECTION_UNSET
, HTTP_CONNECTION_KEEPALIVE
, HTTP_CONNECTION_CLOSE
} keep_alive_set
= HTTP_CONNECTION_UNSET
;
432 int request_line_stage
= 0;
433 size_t i
, first
, ilen
;
436 const unsigned int http_header_strict
= (con
->conf
.http_parseopts
& HTTP_PARSEOPT_HEADER_STRICT
);
439 * Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
440 * Option : "^([-a-zA-Z]+): (.+)$"
444 if (con
->conf
.log_request_header
) {
445 log_error_write(srv
, __FILE__
, __LINE__
, "sdsdSb",
447 "request-len:", buffer_string_length(con
->request
.request
),
448 "\n", con
->request
.request
);
451 if (con
->request_count
> 1 &&
452 con
->request
.request
->ptr
[0] == '\r' &&
453 con
->request
.request
->ptr
[1] == '\n') {
454 /* we are in keep-alive and might get \r\n after a previous POST request.*/
457 if (buffer_string_length(con
->request
.request
) < 2) {
459 con
->http_status
= 400;
463 /* coverity[overflow_sink : FALSE] */
464 buffer_copy_string_len(con
->parse_request
, con
->request
.request
->ptr
+ 2, buffer_string_length(con
->request
.request
) - 2);
465 } else if (con
->request_count
> 0 &&
466 con
->request
.request
->ptr
[1] == '\n') {
467 /* we are in keep-alive and might get \n after a previous POST request.*/
468 if (http_header_strict
) return http_request_missing_CR_before_LF(srv
, con
);
470 if (buffer_string_length(con
->request
.request
) < 1) {
472 con
->http_status
= 400;
476 /* coverity[overflow_sink : FALSE] */
477 buffer_copy_string_len(con
->parse_request
, con
->request
.request
->ptr
+ 1, buffer_string_length(con
->request
.request
) - 1);
479 /* fill the local request buffer */
480 buffer_copy_buffer(con
->parse_request
, con
->request
.request
);
486 /* parse the first line of the request
490 * <method> <uri> <protocol>\r\n
492 ilen
= buffer_string_length(con
->parse_request
);
493 for (i
= 0, first
= 0; i
< ilen
&& line
== 0; i
++) {
494 switch(con
->parse_request
->ptr
[i
]) {
496 if (con
->parse_request
->ptr
[i
+1] != '\n') break;
504 buffer_copy_string_len(con
->request
.request_line
, con
->parse_request
->ptr
, i
);
507 if (con
->parse_request
->ptr
[i
] == '\r') {
508 con
->parse_request
->ptr
[i
] = '\0';
510 } else if (http_header_strict
) { /* '\n' */
511 return http_request_missing_CR_before_LF(srv
, con
);
513 con
->parse_request
->ptr
[i
] = '\0';
515 if (request_line_stage
!= 2) {
516 con
->http_status
= 400;
517 con
->response
.keep_alive
= 0;
520 if (srv
->srvconf
.log_request_header_on_error
) {
521 log_error_write(srv
, __FILE__
, __LINE__
, "s", "incomplete request line -> 400");
522 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
524 con
->request
.request
);
529 proto
= con
->parse_request
->ptr
+ first
;
534 /* we got the first one :) */
535 if (HTTP_METHOD_UNSET
== (r
= get_http_method_key(method
))) {
536 con
->http_status
= 501;
537 con
->response
.keep_alive
= 0;
540 if (srv
->srvconf
.log_request_header_on_error
) {
541 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown http-method -> 501");
542 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
544 con
->request
.request
);
550 con
->request
.http_method
= r
;
555 * HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
558 if (0 == strncmp(proto
, "HTTP/", sizeof("HTTP/") - 1)) {
559 char * major
= proto
+ sizeof("HTTP/") - 1;
560 char * minor
= strchr(major
, '.');
562 int major_num
= 0, minor_num
= 0;
564 int invalid_version
= 0;
566 if (NULL
== minor
|| /* no dot */
567 minor
== major
|| /* no major */
568 *(minor
+ 1) == '\0' /* no minor */) {
572 major_num
= strtol(major
, &err
, 10);
574 if (*err
!= '\0') invalid_version
= 1;
577 minor_num
= strtol(minor
, &err
, 10);
579 if (*err
!= '\0') invalid_version
= 1;
582 if (invalid_version
) {
583 con
->http_status
= 400;
586 if (srv
->srvconf
.log_request_header_on_error
) {
587 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown protocol -> 400");
588 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
590 con
->request
.request
);
595 if (major_num
== 1 && minor_num
== 1) {
596 con
->request
.http_version
= con
->conf
.allow_http11
? HTTP_VERSION_1_1
: HTTP_VERSION_1_0
;
597 } else if (major_num
== 1 && minor_num
== 0) {
598 con
->request
.http_version
= HTTP_VERSION_1_0
;
600 con
->http_status
= 505;
602 if (srv
->srvconf
.log_request_header_on_error
) {
603 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown HTTP version -> 505");
604 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
606 con
->request
.request
);
611 con
->http_status
= 400;
614 if (srv
->srvconf
.log_request_header_on_error
) {
615 log_error_write(srv
, __FILE__
, __LINE__
, "s", "unknown protocol -> 400");
616 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
618 con
->request
.request
);
625 buffer_copy_string_len(con
->request
.uri
, uri
, proto
- uri
- 1);
626 } else if (0 == strncasecmp(uri
, "http://", 7) &&
627 NULL
!= (nuri
= strchr(uri
+ 7, '/'))) {
628 reqline_host
= uri
+ 7;
629 reqline_hostlen
= nuri
- reqline_host
;
631 buffer_copy_string_len(con
->request
.uri
, nuri
, proto
- nuri
- 1);
632 } else if (0 == strncasecmp(uri
, "https://", 8) &&
633 NULL
!= (nuri
= strchr(uri
+ 8, '/'))) {
634 reqline_host
= uri
+ 8;
635 reqline_hostlen
= nuri
- reqline_host
;
637 buffer_copy_string_len(con
->request
.uri
, nuri
, proto
- nuri
- 1);
638 } else if (!http_header_strict
639 || (HTTP_METHOD_OPTIONS
== con
->request
.http_method
&& uri
[0] == '*' && uri
[1] == '\0')) {
640 /* everything looks good so far */
641 buffer_copy_string_len(con
->request
.uri
, uri
, proto
- uri
- 1);
643 con
->http_status
= 400;
645 log_error_write(srv
, __FILE__
, __LINE__
, "ss", "request-URI parse error -> 400 for:", uri
);
649 /* check uri for invalid characters */
650 jlen
= buffer_string_length(con
->request
.uri
);
651 if (http_header_strict
) {
652 for (j
= 0; j
< jlen
&& request_uri_is_valid_char(con
->request
.uri
->ptr
[j
]); j
++) ;
654 char *z
= memchr(con
->request
.uri
->ptr
, '\0', jlen
);
655 j
= (NULL
== z
) ? jlen
: (size_t)(z
- con
->request
.uri
->ptr
);
658 con
->http_status
= 400;
661 if (srv
->srvconf
.log_request_header_on_error
) {
662 unsigned char buf
[2];
663 buf
[0] = con
->request
.uri
->ptr
[j
];
666 if (con
->request
.uri
->ptr
[j
] > 32 &&
667 con
->request
.uri
->ptr
[j
] != 127) {
668 /* the character is printable -> print it */
669 log_error_write(srv
, __FILE__
, __LINE__
, "ss",
670 "invalid character in URI -> 400",
673 /* a control-character, print ascii-code */
674 log_error_write(srv
, __FILE__
, __LINE__
, "sd",
675 "invalid character in URI -> 400",
676 con
->request
.uri
->ptr
[j
]);
679 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
681 con
->request
.request
);
687 buffer_copy_buffer(con
->request
.orig_uri
, con
->request
.uri
);
689 con
->http_status
= 0;
696 switch(request_line_stage
) {
699 method
= con
->parse_request
->ptr
+ first
;
704 uri
= con
->parse_request
->ptr
+ first
;
708 /* ERROR, one space to much */
709 con
->http_status
= 400;
710 con
->response
.keep_alive
= 0;
713 if (srv
->srvconf
.log_request_header_on_error
) {
714 log_error_write(srv
, __FILE__
, __LINE__
, "s", "overlong request line -> 400");
715 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
717 con
->request
.request
);
722 request_line_stage
++;
729 if (buffer_string_is_empty(con
->request
.uri
)) {
730 con
->http_status
= 400;
731 con
->response
.keep_alive
= 0;
734 if (srv
->srvconf
.log_request_header_on_error
) {
735 log_error_write(srv
, __FILE__
, __LINE__
, "s", "no uri specified -> 400");
736 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
738 con
->request
.request
);
744 /* Insert as host header */
747 if (NULL
== (ds
= (data_string
*)array_get_unused_element(con
->request
.headers
, TYPE_STRING
))) {
748 ds
= data_string_init();
751 buffer_copy_string_len(ds
->key
, CONST_STR_LEN("Host"));
752 buffer_copy_string_len(ds
->value
, reqline_host
, reqline_hostlen
);
753 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
754 con
->request
.http_host
= ds
->value
;
757 for (; i
<= ilen
&& !done
; i
++) {
758 char *cur
= con
->parse_request
->ptr
+ i
;
765 * 1*<any CHAR except CTLs or separators>
766 * CTLs == 0-31 + 127, CHAR = 7-bit ascii (0..127)
775 if (is_ws_after_key
== 0) {
797 con
->http_status
= 400;
799 con
->response
.keep_alive
= 0;
801 if (srv
->srvconf
.log_request_header_on_error
) {
802 log_error_write(srv
, __FILE__
, __LINE__
, "sbsds",
803 "invalid character in key", con
->request
.request
, cur
, *cur
, "-> 400");
805 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
807 con
->request
.request
);
823 /* skip every thing up to the : */
824 for (j
= 1; !got_colon
; j
++) {
825 switch(con
->parse_request
->ptr
[j
+ i
]) {
831 /* ok, done; handle the colon the usual way */
835 is_ws_after_key
= 1; /* we already know the key length */
841 if (srv
->srvconf
.log_request_header_on_error
) {
842 log_error_write(srv
, __FILE__
, __LINE__
, "s", "WS character in key -> 400");
843 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
845 con
->request
.request
);
848 con
->http_status
= 400;
849 con
->response
.keep_alive
= 0;
858 if (con
->parse_request
->ptr
[i
+1] == '\n' && i
== first
) {
860 con
->parse_request
->ptr
[i
] = '\0';
861 con
->parse_request
->ptr
[i
+1] = '\0';
867 if (srv
->srvconf
.log_request_header_on_error
) {
868 log_error_write(srv
, __FILE__
, __LINE__
, "s", "CR without LF -> 400");
869 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
871 con
->request
.request
);
874 con
->http_status
= 400;
876 con
->response
.keep_alive
= 0;
881 if (http_header_strict
) {
882 return http_request_missing_CR_before_LF(srv
, con
);
883 } else if (i
== first
) {
884 con
->parse_request
->ptr
[i
] = '\0';
890 if (http_header_strict
? (*cur
< 32 || ((unsigned char)*cur
) >= 127) : *cur
== '\0') {
891 con
->http_status
= 400;
893 con
->response
.keep_alive
= 0;
895 if (srv
->srvconf
.log_request_header_on_error
) {
896 log_error_write(srv
, __FILE__
, __LINE__
, "sbsds",
897 "invalid character in key", con
->request
.request
, cur
, *cur
, "-> 400");
899 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
901 con
->request
.request
);
913 if (*cur
== '\n' || con
->parse_request
->ptr
[i
+1] == '\n') {
914 data_string
*ds
= NULL
;
916 if (http_header_strict
) return http_request_missing_CR_before_LF(srv
, con
);
917 } else { /* (con->parse_request->ptr[i+1] == '\n') */
918 con
->parse_request
->ptr
[i
] = '\0';
922 /* End of Headerline */
923 con
->parse_request
->ptr
[i
] = '\0';
927 * we use a evil hack to handle the line-folding
929 * As array_insert_unique() deletes 'ds' in the case of a duplicate
930 * ds points somewhere and we get a evil crash. As a solution we keep the old
931 * "key" and get the current value from the hash and append us
935 if (!key
|| !key_len
) {
938 if (srv
->srvconf
.log_request_header_on_error
) {
939 log_error_write(srv
, __FILE__
, __LINE__
, "s", "WS at the start of first line -> 400");
941 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
943 con
->request
.request
);
947 con
->http_status
= 400;
949 con
->response
.keep_alive
= 0;
953 if (NULL
!= (ds
= (data_string
*)array_get_element_klen(con
->request
.headers
, key
, key_len
))) {
954 buffer_append_string(ds
->value
, value
);
958 key
= con
->parse_request
->ptr
+ first
;
962 /* strip trailing white-spaces */
964 (value
[s_len
- 1] == ' ' ||
965 value
[s_len
- 1] == '\t'); s_len
--);
971 if (NULL
== (ds
= (data_string
*)array_get_unused_element(con
->request
.headers
, TYPE_STRING
))) {
972 ds
= data_string_init();
974 buffer_copy_string_len(ds
->key
, key
, key_len
);
975 buffer_copy_string_len(ds
->value
, value
, s_len
);
980 * the list of options is sorted to simplify the search
983 if (0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Connection")))) {
989 vals
= srv
->split_vals
;
993 http_request_split_value(vals
, ds
->value
);
995 for (vi
= 0; vi
< vals
->used
; vi
++) {
996 data_string
*dsv
= (data_string
*)vals
->data
[vi
];
998 if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv
->value
), CONST_STR_LEN("keep-alive"))) {
999 keep_alive_set
= HTTP_CONNECTION_KEEPALIVE
;
1002 } else if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv
->value
), CONST_STR_LEN("close"))) {
1003 keep_alive_set
= HTTP_CONNECTION_CLOSE
;
1009 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Content-Length")))) {
1013 if (con_length_set
) {
1014 con
->http_status
= 400;
1015 con
->keep_alive
= 0;
1017 if (srv
->srvconf
.log_request_header_on_error
) {
1018 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1019 "duplicate Content-Length-header -> 400");
1020 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1021 "request-header:\n",
1022 con
->request
.request
);
1024 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1028 r
= strtoll(ds
->value
->ptr
, &err
, 10);
1030 if (*err
== '\0' && r
>= 0) {
1032 con
->request
.content_length
= r
;
1034 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
1035 "content-length broken:", ds
->value
, "-> 400");
1037 con
->http_status
= 400;
1038 con
->keep_alive
= 0;
1040 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1043 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Content-Type")))) {
1044 /* if dup, only the first one will survive */
1045 if (!con
->request
.http_content_type
) {
1046 con
->request
.http_content_type
= ds
->value
->ptr
;
1048 con
->http_status
= 400;
1049 con
->keep_alive
= 0;
1051 if (srv
->srvconf
.log_request_header_on_error
) {
1052 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1053 "duplicate Content-Type-header -> 400");
1054 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1055 "request-header:\n",
1056 con
->request
.request
);
1058 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1061 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Host")))) {
1063 /* ignore all host: headers as we got the host in the request line */
1064 ds
->free((data_unset
*) ds
);
1066 } else if (!con
->request
.http_host
) {
1067 con
->request
.http_host
= ds
->value
;
1069 con
->http_status
= 400;
1070 con
->keep_alive
= 0;
1072 if (srv
->srvconf
.log_request_header_on_error
) {
1073 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1074 "duplicate Host-header -> 400");
1075 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1076 "request-header:\n",
1077 con
->request
.request
);
1079 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1082 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("If-Modified-Since")))) {
1083 /* Proxies sometimes send dup headers
1084 * if they are the same we ignore the second
1085 * if not, we raise an error */
1086 if (!con
->request
.http_if_modified_since
) {
1087 con
->request
.http_if_modified_since
= ds
->value
->ptr
;
1088 } else if (0 == strcasecmp(con
->request
.http_if_modified_since
,
1090 /* ignore it if they are the same */
1092 ds
->free((data_unset
*)ds
);
1095 con
->http_status
= 400;
1096 con
->keep_alive
= 0;
1098 if (srv
->srvconf
.log_request_header_on_error
) {
1099 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1100 "duplicate If-Modified-Since header -> 400");
1101 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1102 "request-header:\n",
1103 con
->request
.request
);
1105 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1108 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("If-None-Match")))) {
1109 /* if dup, only the first one will survive */
1110 if (!con
->request
.http_if_none_match
) {
1111 con
->request
.http_if_none_match
= ds
->value
->ptr
;
1113 ds
->free((data_unset
*) ds
);
1116 } else if (cmp
> 0 && 0 == (cmp
= buffer_caseless_compare(CONST_BUF_LEN(ds
->key
), CONST_STR_LEN("Range")))) {
1117 if (!con
->request
.http_range
) {
1120 if (0 == strncasecmp(ds
->value
->ptr
, "bytes=", 6) &&
1121 NULL
!= strchr(ds
->value
->ptr
+6, '-')) {
1123 /* if dup, only the first one will survive */
1124 con
->request
.http_range
= ds
->value
->ptr
+ 6;
1127 con
->http_status
= 400;
1128 con
->keep_alive
= 0;
1130 if (srv
->srvconf
.log_request_header_on_error
) {
1131 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1132 "duplicate Range-header -> 400");
1133 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1134 "request-header:\n",
1135 con
->request
.request
);
1137 array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1142 if (ds
) array_insert_unique(con
->request
.headers
, (data_unset
*)ds
);
1144 /* empty header-fields are not allowed by HTTP-RFC, we just ignore them */
1153 * for Bug 1230 keep the key_len a live
1159 if (srv
->srvconf
.log_request_header_on_error
) {
1160 log_error_write(srv
, __FILE__
, __LINE__
, "sbs",
1161 "CR without LF", con
->request
.request
, "-> 400");
1164 con
->http_status
= 400;
1165 con
->keep_alive
= 0;
1166 con
->response
.keep_alive
= 0;
1172 /* strip leading WS */
1173 if (value
== cur
) value
= cur
+1;
1176 if (http_header_strict
? (*cur
>= 0 && *cur
< 32) : *cur
== '\0') {
1177 if (srv
->srvconf
.log_request_header_on_error
) {
1178 log_error_write(srv
, __FILE__
, __LINE__
, "sds",
1179 "invalid char in header", (int)*cur
, "-> 400");
1182 con
->http_status
= 400;
1183 con
->keep_alive
= 0;
1192 con
->header_len
= i
;
1194 /* do some post-processing */
1196 if (con
->request
.http_version
== HTTP_VERSION_1_1
) {
1197 if (keep_alive_set
!= HTTP_CONNECTION_CLOSE
) {
1198 /* no Connection-Header sent */
1200 /* HTTP/1.1 -> keep-alive default TRUE */
1201 con
->keep_alive
= 1;
1203 con
->keep_alive
= 0;
1206 /* RFC 2616, 14.23 */
1207 if (con
->request
.http_host
== NULL
||
1208 buffer_string_is_empty(con
->request
.http_host
)) {
1209 con
->http_status
= 400;
1210 con
->response
.keep_alive
= 0;
1211 con
->keep_alive
= 0;
1213 if (srv
->srvconf
.log_request_header_on_error
) {
1214 log_error_write(srv
, __FILE__
, __LINE__
, "s", "HTTP/1.1 but Host missing -> 400");
1215 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1216 "request-header:\n",
1217 con
->request
.request
);
1222 if (keep_alive_set
== HTTP_CONNECTION_KEEPALIVE
) {
1223 /* no Connection-Header sent */
1225 /* HTTP/1.0 -> keep-alive default FALSE */
1226 con
->keep_alive
= 1;
1228 con
->keep_alive
= 0;
1232 /* check hostname field if it is set */
1233 if (!buffer_is_empty(con
->request
.http_host
) &&
1234 0 != http_request_host_policy(con
, con
->request
.http_host
, con
->proto
)) {
1236 if (srv
->srvconf
.log_request_header_on_error
) {
1237 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1238 "Invalid Hostname -> 400");
1239 log_error_write(srv
, __FILE__
, __LINE__
, "Sb",
1240 "request-header:\n",
1241 con
->request
.request
);
1244 con
->http_status
= 400;
1245 con
->response
.keep_alive
= 0;
1246 con
->keep_alive
= 0;
1252 data_string
*ds
= (data_string
*)array_get_element(con
->request
.headers
, "Transfer-Encoding");
1254 if (con
->request
.http_version
== HTTP_VERSION_1_0
) {
1255 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1256 "HTTP/1.0 with Transfer-Encoding (bad HTTP/1.0 proxy?) -> 400");
1257 con
->keep_alive
= 0;
1258 con
->http_status
= 400; /* Bad Request */
1262 if (0 != strcasecmp(ds
->value
->ptr
, "chunked")) {
1263 /* Transfer-Encoding might contain additional encodings,
1264 * which are not currently supported by lighttpd */
1265 con
->keep_alive
= 0;
1266 con
->http_status
= 501; /* Not Implemented */
1270 /* reset value for Transfer-Encoding, a hop-by-hop header,
1271 * which must not be blindly forwarded to backends */
1272 buffer_reset(ds
->value
); /* headers with empty values are ignored */
1275 con
->request
.content_length
= -1;
1277 /*(note: ignore whether or not Content-Length was provided)*/
1278 ds
= (data_string
*)array_get_element(con
->request
.headers
, "Content-Length");
1279 if (NULL
!= ds
) buffer_reset(ds
->value
); /* headers with empty values are ignored */
1283 switch(con
->request
.http_method
) {
1284 case HTTP_METHOD_GET
:
1285 case HTTP_METHOD_HEAD
:
1286 /* content-length is forbidden for those */
1287 if (con_length_set
&& con
->request
.content_length
!= 0) {
1288 /* content-length is missing */
1289 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1290 "GET/HEAD with content-length -> 400");
1292 con
->keep_alive
= 0;
1293 con
->http_status
= 400;
1297 case HTTP_METHOD_POST
:
1298 /* content-length is required for them */
1299 if (!con_length_set
) {
1300 /* content-length is missing */
1301 log_error_write(srv
, __FILE__
, __LINE__
, "s",
1302 "POST-request, but content-length missing -> 411");
1304 con
->keep_alive
= 0;
1305 con
->http_status
= 411;
1315 /* check if we have read post data */
1316 if (con_length_set
) {
1317 /* we have content */
1318 if (con
->request
.content_length
!= 0) {
1326 int http_request_header_finished(server
*srv
, connection
*con
) {
1329 if (buffer_string_length(con
->request
.request
) < 4) return 0;
1331 if (0 == memcmp(con
->request
.request
->ptr
+ buffer_string_length(con
->request
.request
) - 4, CONST_STR_LEN("\r\n\r\n"))) return 1;
1332 if (NULL
!= strstr(con
->request
.request
->ptr
, "\r\n\r\n")) return 1;