varnish-cache/bin/varnishd/http1/cache_http1_proto.c
1
/*-
2
 * Copyright (c) 2006 Verdens Gang AS
3
 * Copyright (c) 2006-2015 Varnish Software AS
4
 * All rights reserved.
5
 *
6
 * Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 * 1. Redistributions of source code must retain the above copyright
12
 *    notice, this list of conditions and the following disclaimer.
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27
 * SUCH DAMAGE.
28
 *
29
 * HTTP protocol requests
30
 *
31
 * The trouble with the "until magic sequence" design of HTTP protocol messages
32
 * is that either you have to read a single character at a time, which is
33
 * inefficient, or you risk reading too much, and pre-read some of the object,
34
 * or even the next pipelined request, which follows the one you want.
35
 *
36
 * HTC reads a HTTP protocol header into a workspace, subject to limits,
37
 * and stops when we see the magic marker (double [CR]NL), and if we overshoot,
38
 * it keeps track of the "pipelined" data.
39
 *
40
 * We use this both for client and backend connections.
41
 */
42
43
#include "config.h"
44
45
#include "cache/cache_varnishd.h"
46
#include "cache/cache_transport.h"
47
48
#include "cache_http1.h"
49
50
#include "vct.h"
51
52
const int HTTP1_Req[3] = {
53
        HTTP_HDR_METHOD, HTTP_HDR_URL, HTTP_HDR_PROTO
54
};
55
56
const int HTTP1_Resp[3] = {
57
        HTTP_HDR_PROTO, HTTP_HDR_STATUS, HTTP_HDR_REASON
58
};
59
60
/*--------------------------------------------------------------------
61
 * Check if we have a complete HTTP request or response yet
62
 */
63
64
enum htc_status_e v_matchproto_(htc_complete_f)
65 80237
HTTP1_Complete(struct http_conn *htc)
66
{
67
        char *p;
68
        enum htc_status_e retval;
69
70 80237
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
71
72 80237
        assert(htc->rxbuf_e >= htc->rxbuf_b);
73 80237
        assert(htc->rxbuf_e <= htc->ws->r);
74
75
        /* Skip any leading white space */
76 80491
        for (p = htc->rxbuf_b ; p < htc->rxbuf_e && vct_islws(*p); p++)
77 256
                continue;
78 80237
        if (p == htc->rxbuf_e)
79 43188
                return (HTC_S_EMPTY);
80
81
        /* Do not return a partial H2 connection preface */
82 37049
        retval = H2_prism_complete(htc);
83 37049
        if (retval != HTC_S_JUNK)
84 1232
                return (retval);
85
86
        /*
87
         * Here we just look for NL[CR]NL to see that reception
88
         * is completed.  More stringent validation happens later.
89
         */
90 82245
        while (1) {
91 82246
                p = memchr(p, '\n', htc->rxbuf_e - p);
92 82246
                if (p == NULL)
93 3143
                        return (HTC_S_MORE);
94 79102
                if (++p == htc->rxbuf_e)
95 258
                        return (HTC_S_MORE);
96 78843
                if (*p == '\r' && ++p == htc->rxbuf_e)
97 16
                        return (HTC_S_MORE);
98 78828
                if (*p == '\n')
99 32399
                        break;
100
        }
101 32399
        return (HTC_S_COMPLETE);
102 80235
}
103
104
/*--------------------------------------------------------------------
105
 * Dissect the headers of the HTTP protocol message.
106
 * Detect conditionals (headers which start with '^[Ii][Ff]-')
107
 */
108
109
static uint16_t
110 32360
http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
111
    unsigned maxhdr)
112
{
113
        char *q, *r, *s;
114
        int i;
115
116 32360
        assert(p > htc->rxbuf_b);
117 32359
        assert(p <= htc->rxbuf_e);
118 32360
        hp->nhd = HTTP_HDR_FIRST;
119 32360
        r = NULL;               /* For FlexeLint */
120 76848
        for (; p < htc->rxbuf_e; p = r) {
121
122
                /* Find end of next header */
123 76849
                q = r = p;
124 76849
                if (vct_iscrlf(p, htc->rxbuf_e))
125 32232
                        break;
126 972174
                while (r < htc->rxbuf_e) {
127 972171
                        if (!vct_isctl(*r) || vct_issp(*r)) {
128 927487
                                r++;
129 927487
                                continue;
130
                        }
131 44687
                        i = vct_iscrlf(r, htc->rxbuf_e);
132 44687
                        if (i == 0) {
133 64
                                VSLb(hp->vsl, SLT_BogoHeader,
134 32
                                    "Header has ctrl char 0x%02x", *r);
135 32
                                return (400);
136
                        }
137 44656
                        q = r;
138 44656
                        r += i;
139 44656
                        assert(r <= htc->rxbuf_e);
140 44656
                        if (r == htc->rxbuf_e)
141 0
                                break;
142 44656
                        if (vct_iscrlf(r, htc->rxbuf_e))
143 32055
                                break;
144
                        /* If line does not continue: got it. */
145 12601
                        if (!vct_issp(*r))
146 12529
                                break;
147
148
                        /* Clear line continuation LWS to spaces */
149 144
                        while (q < r)
150 72
                                *q++ = ' ';
151 152
                        while (q < htc->rxbuf_e && vct_issp(*q))
152 80
                                *q++ = ' ';
153
                }
154
155
                /* Empty header = end of headers */
156 44584
                if (p == q)
157 0
                        break;
158
159 44584
                if (q - p > maxhdr) {
160 64
                        VSLb(hp->vsl, SLT_BogoHeader, "Header too long: %.*s",
161 32
                            (int)(q - p > 20 ? 20 : q - p), p);
162 32
                        return (400);
163
                }
164
165 44551
                if (vct_islws(*p)) {
166 32
                        VSLb(hp->vsl, SLT_BogoHeader,
167
                            "1st header has white space: %.*s",
168 16
                            (int)(q - p > 20 ? 20 : q - p), p);
169 16
                        return (400);
170
                }
171
172 44535
                if (*p == ':') {
173 16
                        VSLb(hp->vsl, SLT_BogoHeader,
174
                            "Missing header name: %.*s",
175 8
                            (int)(q - p > 20 ? 20 : q - p), p);
176 8
                        return (400);
177
                }
178
179 44654
                while (q > p && vct_issp(q[-1]))
180 128
                        q--;
181 44526
                *q = '\0';
182
183 406293
                for (s = p; *s != ':' && s < q; s++) {
184 361800
                        if (!vct_istchar(*s)) {
185 64
                                VSLb(hp->vsl, SLT_BogoHeader,
186 32
                                    "Illegal char 0x%02x in header name", *s);
187 32
                                return (400);
188
                        }
189 361767
                }
190 44495
                if (*s != ':') {
191 16
                        VSLb(hp->vsl, SLT_BogoHeader, "Header without ':' %.*s",
192 8
                            (int)(q - p > 20 ? 20 : q - p), p);
193 8
                        return (400);
194
                }
195
196 44488
                if (hp->nhd < hp->shd) {
197 44488
                        hp->hdf[hp->nhd] = 0;
198 44488
                        hp->hd[hp->nhd].b = p;
199 44488
                        hp->hd[hp->nhd].e = q;
200 44488
                        hp->nhd++;
201 44488
                } else {
202 0
                        VSLb(hp->vsl, SLT_BogoHeader, "Too many headers: %.*s",
203 0
                            (int)(q - p > 20 ? 20 : q - p), p);
204 0
                        return (400);
205
                }
206 44488
        }
207 32232
        i = vct_iscrlf(p, htc->rxbuf_e);
208 32232
        assert(i > 0);          /* HTTP1_Complete guarantees this */
209 32232
        p += i;
210 32232
        HTC_RxPipeline(htc, p);
211 32232
        htc->rxbuf_e = p;
212 32232
        return (0);
213 32360
}
214
215
/*--------------------------------------------------------------------
216
 * Deal with first line of HTTP protocol message.
217
 */
218
219
static uint16_t
220 32398
http1_splitline(struct http *hp, struct http_conn *htc, const int *hf,
221
    unsigned maxhdr)
222
{
223
        char *p, *q;
224
        int i;
225
226 32398
        assert(hf == HTTP1_Req || hf == HTTP1_Resp);
227 32400
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
228 32400
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
229 32400
        assert(htc->rxbuf_e >= htc->rxbuf_b);
230
231 32400
        AZ(hp->hd[hf[0]].b);
232 32400
        AZ(hp->hd[hf[1]].b);
233 32400
        AZ(hp->hd[hf[2]].b);
234
235
        /* Skip leading LWS */
236 32399
        for (p = htc->rxbuf_b ; vct_islws(*p); p++)
237 0
                continue;
238 32399
        hp->hd[hf[0]].b = p;
239
240
        /* First field cannot contain SP or CTL */
241 196841
        for (; !vct_issp(*p); p++) {
242 164467
                if (vct_isctl(*p))
243 24
                        return (400);
244 164442
        }
245 32376
        hp->hd[hf[0]].e = p;
246 32376
        assert(Tlen(hp->hd[hf[0]]));
247 32376
        *p++ = '\0';
248
249
        /* Skip SP */
250 32400
        for (; vct_issp(*p); p++) {
251 24
                if (vct_isctl(*p))
252 0
                        return (400);
253 24
        }
254 32376
        hp->hd[hf[1]].b = p;
255
256
        /* Second field cannot contain LWS or CTL */
257 136910
        for (; !vct_islws(*p); p++) {
258 104532
                if (vct_isctl(*p))
259 0
                        return (400);
260 104534
        }
261 32376
        hp->hd[hf[1]].e = p;
262 32376
        if (!Tlen(hp->hd[hf[1]]))
263 8
                return (400);
264
265
        /* Skip SP */
266 32368
        q = p;
267 64704
        for (; vct_issp(*p); p++) {
268 32336
                if (vct_isctl(*p))
269 0
                        return (400);
270 32336
        }
271 32368
        if (q < p)
272 32336
                *q = '\0';      /* Nul guard for the 2nd field. If q == p
273
                                 * (the third optional field is not
274
                                 * present), the last nul guard will
275
                                 * cover this field. */
276
277
        /* Third field is optional and cannot contain CTL except TAB */
278 32368
        q = p;
279 211932
        for (; p < htc->rxbuf_e && !vct_iscrlf(p, htc->rxbuf_e); p++) {
280 179573
                if (vct_isctl(*p) && !vct_issp(*p))
281 8
                        return (400);
282 179564
        }
283 32360
        if (p > q) {
284 32320
                hp->hd[hf[2]].b = q;
285 32320
                hp->hd[hf[2]].e = p;
286 32320
        }
287
288
        /* Skip CRLF */
289 32360
        i = vct_iscrlf(p, htc->rxbuf_e);
290 32360
        if (!i)
291 0
                return (400);
292 32360
        *p = '\0';
293 32360
        p += i;
294
295 32360
        http_Proto(hp);
296
297 32360
        return (http1_dissect_hdrs(hp, p, htc, maxhdr));
298 32400
}
299
300
/*--------------------------------------------------------------------*/
301
302
static enum body_status
303 32224
http1_body_status(const struct http *hp, struct http_conn *htc, int request)
304
{
305
        ssize_t cl;
306
        const char *b;
307
308 32224
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
309 32224
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
310
311 32224
        htc->content_length = -1;
312
313 32224
        cl = http_GetContentLength(hp);
314 32224
        if (cl == -2)
315 32
                return (BS_ERROR);
316 32191
        if (http_GetHdr(hp, H_Transfer_Encoding, &b)) {
317 1160
                if (strcasecmp(b, "chunked"))
318 16
                        return (BS_ERROR);
319 1144
                if (cl != -1) {
320
                        /*
321
                         * RFC7230 3.3.3 allows more lenient handling
322
                         * but we're going to be strict.
323
                         */
324 16
                        return (BS_ERROR);
325
                }
326 1128
                return (BS_CHUNKED);
327
        }
328 31032
        if (cl >= 0) {
329 12192
                htc->content_length = cl;
330 12192
                return (cl == 0 ? BS_NONE : BS_LENGTH);
331
        }
332
333 18840
        if (hp->protover == 11 && request)
334 18432
                return (BS_NONE);
335
336 408
        if (http_HdrIs(hp, H_Connection, "keep-alive")) {
337
                /*
338
                 * Keep alive with neither TE=Chunked or C-Len is impossible.
339
                 * We assume a zero length body.
340
                 */
341 16
                return (BS_NONE);
342
        }
343
344
        /*
345
         * Fall back to EOF transfer.
346
         */
347 392
        return (BS_EOF);
348 32223
}
349
350
/*--------------------------------------------------------------------*/
351
352
uint16_t
353 19136
HTTP1_DissectRequest(struct http_conn *htc, struct http *hp)
354
{
355
        uint16_t retval;
356
        const char *p;
357 19136
        const char *b = NULL, *e;
358
359 19136
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
360 19136
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
361
362 38272
        retval = http1_splitline(hp, htc,
363 19136
            HTTP1_Req, cache_param->http_req_hdr_len);
364 19136
        if (retval != 0)
365 120
                return (retval);
366
367 19016
        if (hp->protover < 10 || hp->protover > 11)
368 40
                return (400);
369
370 18976
        if (http_CountHdr(hp, H_Host) > 1)
371 8
                return (400);
372
373 18968
        if (http_CountHdr(hp, H_Content_Length) > 1)
374 8
                return (400);
375
376
        /* RFC2616, section 5.2, point 1 */
377 18959
        if (!strncasecmp(hp->hd[HTTP_HDR_URL].b, "http://", 7))
378 24
                b = hp->hd[HTTP_HDR_URL].b + 7;
379 18936
        else if (FEATURE(FEATURE_HTTPS_SCHEME) &&
380 8
            !strncasecmp(hp->hd[HTTP_HDR_URL].b, "https://", 8))
381 8
                b = hp->hd[HTTP_HDR_URL].b + 8;
382 18960
        if (b) {
383 32
                e = strchr(b, '/');
384 32
                if (e) {
385 32
                        http_Unset(hp, H_Host);
386 32
                        http_PrintfHeader(hp, "Host: %.*s", (int)(e - b), b);
387 32
                        hp->hd[HTTP_HDR_URL].b = e;
388 32
                }
389 32
        }
390
391 18960
        htc->body_status = http1_body_status(hp, htc, 1);
392 18960
        if (htc->body_status == BS_ERROR)
393 32
                return (400);
394
395 18927
        p = http_GetMethod(hp);
396 18927
        AN(p);
397
398 18928
        if (htc->body_status == BS_EOF) {
399 112
                assert(hp->protover == 10);
400
                /* RFC1945 8.3 p32 and D.1.1 p58 */
401 112
                if (!strcasecmp(p, "post") || !strcasecmp(p, "put"))
402 16
                        return (400);
403 96
                htc->body_status = BS_NONE;
404 96
        }
405
406
        /* HEAD with a body is a hard error */
407 18912
        if (htc->body_status != BS_NONE && !strcasecmp(p, "head"))
408 0
                return (400);
409
410 18912
        return (retval);
411 19136
}
412
413
/*--------------------------------------------------------------------*/
414
415
uint16_t
416 13264
HTTP1_DissectResponse(struct http_conn *htc, struct http *hp,
417
    const struct http *rhttp)
418
{
419 13264
        uint16_t retval = 0;
420
        const char *p;
421
422 13264
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
423 13264
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
424 13263
        CHECK_OBJ_NOTNULL(rhttp, HTTP_MAGIC);
425
426 26528
        if (http1_splitline(hp, htc,
427 13264
            HTTP1_Resp, cache_param->http_resp_hdr_len))
428 48
                retval = 503;
429
430 13264
        if (retval == 0 && hp->protover < 10)
431 0
                retval = 503;
432
433 13264
        if (retval == 0 && hp->protover > rhttp->protover)
434 8
                http_SetH(hp, HTTP_HDR_PROTO, rhttp->hd[HTTP_HDR_PROTO].b);
435
436 13264
        if (retval == 0 && Tlen(hp->hd[HTTP_HDR_STATUS]) != 3)
437 24
                retval = 503;
438
439 13264
        if (retval == 0) {
440 13192
                p = hp->hd[HTTP_HDR_STATUS].b;
441
442 26335
                if (p[0] >= '1' && p[0] <= '9' &&
443 13168
                    p[1] >= '0' && p[1] <= '9' &&
444 13152
                    p[2] >= '0' && p[2] <= '9')
445 13136
                        hp->status =
446 13136
                            100 * (p[0] - '0') + 10 * (p[1] - '0') + p[2] - '0';
447
                else
448 56
                        retval = 503;
449 13192
        }
450
451 13264
        if (retval != 0) {
452 256
                VSLb(hp->vsl, SLT_HttpGarbage, "%.*s",
453 128
                    (int)(htc->rxbuf_e - htc->rxbuf_b), htc->rxbuf_b);
454 128
                assert(retval >= 100 && retval <= 999);
455 128
                assert(retval == 503);
456 128
                http_SetStatus(hp, 503);
457 128
        }
458
459 13264
        if (hp->hd[HTTP_HDR_REASON].b == NULL ||
460 13248
            !Tlen(hp->hd[HTTP_HDR_REASON])) {
461 32
                http_SetH(hp, HTTP_HDR_REASON,
462 16
                    http_Status2Reason(hp->status, NULL));
463 16
        }
464
465 13264
        htc->body_status = http1_body_status(hp, htc, 0);
466
467 13264
        return (retval);
468
}
469
470
/*--------------------------------------------------------------------*/
471
472
static unsigned
473 304455
http1_WrTxt(const struct worker *wrk, const txt *hh, const char *suf)
474
{
475
        unsigned u;
476
477 304455
        CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
478 304466
        AN(wrk);
479 304464
        AN(hh);
480 304466
        AN(hh->b);
481 304467
        AN(hh->e);
482 304465
        u = V1L_Write(wrk, hh->b, hh->e - hh->b);
483 304465
        if (suf != NULL)
484 304455
                u += V1L_Write(wrk, suf, -1);
485 304456
        return (u);
486
}
487
488
unsigned
489 32120
HTTP1_Write(const struct worker *w, const struct http *hp, const int *hf)
490
{
491
        unsigned u, l;
492
493 32120
        assert(hf == HTTP1_Req || hf == HTTP1_Resp);
494 32120
        AN(hp->hd[hf[0]].b);
495 32120
        AN(hp->hd[hf[1]].b);
496 32120
        AN(hp->hd[hf[2]].b);
497 32120
        l = http1_WrTxt(w, &hp->hd[hf[0]], " ");
498 32120
        l += http1_WrTxt(w, &hp->hd[hf[1]], " ");
499 32120
        l += http1_WrTxt(w, &hp->hd[hf[2]], "\r\n");
500
501 240226
        for (u = HTTP_HDR_FIRST; u < hp->nhd; u++)
502 208105
                l += http1_WrTxt(w, &hp->hd[u], "\r\n");
503 32120
        l += V1L_Write(w, "\r\n", -1);
504 32120
        return (l);
505
}