varnish-cache/bin/varnishd/http1/cache_http1_proto.c
1
/*-
2
 * Copyright (c) 2006 Verdens Gang AS
3
 * Copyright (c) 2006-2015 Varnish Software AS
4
 * All rights reserved.
5
 *
6
 * Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 * 1. Redistributions of source code must retain the above copyright
12
 *    notice, this list of conditions and the following disclaimer.
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27
 * SUCH DAMAGE.
28
 *
29
 * HTTP protocol requests
30
 *
31
 * The trouble with the "until magic sequence" design of HTTP protocol messages
32
 * is that either you have to read a single character at a time, which is
33
 * inefficient, or you risk reading too much, and pre-read some of the object,
34
 * or even the next pipelined request, which follows the one you want.
35
 *
36
 * HTC reads a HTTP protocol header into a workspace, subject to limits,
37
 * and stops when we see the magic marker (double [CR]NL), and if we overshoot,
38
 * it keeps track of the "pipelined" data.
39
 *
40
 * We use this both for client and backend connections.
41
 */
42
43
#include "config.h"
44
45
#include "cache/cache_varnishd.h"
46
#include "cache/cache_transport.h"
47
48
#include "cache_http1.h"
49
50
#include "vct.h"
51
52
const int HTTP1_Req[3] = {
53
        HTTP_HDR_METHOD, HTTP_HDR_URL, HTTP_HDR_PROTO
54
};
55
56
const int HTTP1_Resp[3] = {
57
        HTTP_HDR_PROTO, HTTP_HDR_STATUS, HTTP_HDR_REASON
58
};
59
60
/*--------------------------------------------------------------------
61
 * Check if we have a complete HTTP request or response yet
62
 */
63
64
enum htc_status_e v_matchproto_(htc_complete_f)
65 18714
HTTP1_Complete(struct http_conn *htc)
66
{
67
        char *p;
68
        enum htc_status_e retval;
69
70 18714
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
71
72 18714
        assert(htc->rxbuf_e >= htc->rxbuf_b);
73 18714
        assert(htc->rxbuf_e <= htc->ws->r);
74
75
        /* Skip any leading white space */
76 18718
        for (p = htc->rxbuf_b ; p < htc->rxbuf_e && vct_islws(*p); p++)
77 4
                continue;
78 18714
        if (p == htc->rxbuf_e)
79 10250
                return (HTC_S_EMPTY);
80
81
        /* Do not return a partial H2 connection preface */
82 8464
        retval = H2_prism_complete(htc);
83 8464
        if (retval != HTC_S_JUNK)
84 268
                return (retval);
85
86
        /*
87
         * Here we just look for NL[CR]NL to see that reception
88
         * is completed.  More stringent validation happens later.
89
         */
90
        while (1) {
91 28776
                p = memchr(p, '\n', htc->rxbuf_e - p);
92 18486
                if (p == NULL)
93 745
                        return (HTC_S_MORE);
94 17741
                if (++p == htc->rxbuf_e)
95 49
                        return (HTC_S_MORE);
96 17692
                if (*p == '\r' && ++p == htc->rxbuf_e)
97 4
                        return (HTC_S_MORE);
98 17688
                if (*p == '\n')
99 7398
                        break;
100
        }
101 7398
        return (HTC_S_COMPLETE);
102
}
103
104
/*--------------------------------------------------------------------
105
 * Dissect the headers of the HTTP protocol message.
106
 * Detect conditionals (headers which start with '^[Ii][Ff]-')
107
 */
108
109
static uint16_t
110 7387
http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
111
    unsigned maxhdr)
112
{
113
        char *q, *r, *s;
114
115 7387
        assert(p > htc->rxbuf_b);
116 7387
        assert(p <= htc->rxbuf_e);
117 7387
        hp->nhd = HTTP_HDR_FIRST;
118 7387
        hp->conds = 0;
119 7387
        r = NULL;               /* For FlexeLint */
120 17242
        for (; p < htc->rxbuf_e; p = r) {
121
122
                /* Find end of next header */
123 17240
                q = r = p;
124 17240
                if (vct_iscrlf(p))
125
                        break;
126 218219
                while (r < htc->rxbuf_e) {
127 208326
                        if (!vct_isctl(*r) || vct_issp(*r)) {
128 198433
                                r++;
129 198433
                                continue;
130
                        }
131 9896
                        if (!vct_iscrlf(r)) {
132 8
                                VSLb(hp->vsl, SLT_BogoHeader,
133 8
                                    "Header has ctrl char 0x%02x", *r);
134 8
                                return (400);
135
                        }
136 9888
                        q = r;
137 9888
                        assert(r < htc->rxbuf_e);
138 9888
                        r += vct_skipcrlf(r);
139 9888
                        if (r >= htc->rxbuf_e)
140 0
                                break;
141 9888
                        if (vct_iscrlf(r))
142
                                break;
143
                        /* If line does not continue: got it. */
144 2577
                        if (!vct_issp(*r))
145 2567
                                break;
146
147
                        /* Clear line continuation LWS to spaces */
148 40
                        while (vct_islws(*q))
149 20
                                *q++ = ' ';
150
                }
151
152
                /* Empty header = end of headers */
153 9883
                if (p == q)
154 4
                        break;
155
156 9879
                if (q - p > maxhdr) {
157 8
                        VSLb(hp->vsl, SLT_BogoHeader, "Header too long: %.*s",
158 8
                            (int)(q - p > 20 ? 20 : q - p), p);
159 8
                        return (400);
160
                }
161
162 9871
                if (vct_islws(*p)) {
163 8
                        VSLb(hp->vsl, SLT_BogoHeader,
164
                            "1st header has white space: %.*s",
165 8
                            (int)(q - p > 20 ? 20 : q - p), p);
166 4
                        return (400);
167
                }
168
169 9865
                if (*p == ':') {
170 4
                        VSLb(hp->vsl, SLT_BogoHeader,
171
                            "Missing header name: %.*s",
172 4
                            (int)(q - p > 20 ? 20 : q - p), p);
173 2
                        return (400);
174
                }
175
176 9985
                if ((p[0] == 'i' || p[0] == 'I') &&
177 244
                    (p[1] == 'f' || p[1] == 'F') &&
178 106
                    p[2] == '-')
179 106
                        hp->conds = 1;
180
181 19750
                while (q > p && vct_issp(q[-1]))
182 24
                        q--;
183 9863
                *q = '\0';
184
185 90556
                for (s = p; *s != ':' && s < q; s++) {
186 80699
                        if (!vct_istchar(*s)) {
187 8
                                VSLb(hp->vsl, SLT_BogoHeader,
188 8
                                    "Illegal char 0x%02x in header name", *s);
189 8
                                return (400);
190
                        }
191
                }
192 9857
                if (*s != ':') {
193 4
                        VSLb(hp->vsl, SLT_BogoHeader, "Header without ':' %.*s",
194 4
                            (int)(q - p > 20 ? 20 : q - p), p);
195 2
                        return (400);
196
                }
197
198 9855
                if (hp->nhd < hp->shd) {
199 9855
                        hp->hdf[hp->nhd] = 0;
200 9855
                        hp->hd[hp->nhd].b = p;
201 9855
                        hp->hd[hp->nhd].e = q;
202 9855
                        hp->nhd++;
203
                } else {
204 0
                        VSLb(hp->vsl, SLT_BogoHeader, "Too many headers: %.*s",
205 0
                            (int)(q - p > 20 ? 20 : q - p), p);
206 0
                        return (400);
207
                }
208
        }
209 7358
        if (p < htc->rxbuf_e)
210 7356
                p += vct_skipcrlf(p);
211 7358
        HTC_RxPipeline(htc, p);
212 7356
        htc->rxbuf_e = p;
213 7356
        return (0);
214
}
215
216
/*--------------------------------------------------------------------
217
 * Deal with first line of HTTP protocol message.
218
 */
219
220
static uint16_t
221 7398
http1_splitline(struct http *hp, struct http_conn *htc, const int *hf,
222
    unsigned maxhdr)
223
{
224
        char *p;
225
        int i;
226
227 7398
        assert(hf == HTTP1_Req || hf == HTTP1_Resp);
228 7398
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
229 7398
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
230 7398
        assert(htc->rxbuf_e >= htc->rxbuf_b);
231
232 7398
        AZ(hp->hd[hf[0]].b);
233 7398
        AZ(hp->hd[hf[1]].b);
234 7398
        AZ(hp->hd[hf[2]].b);
235
236
        /* Skip leading LWS */
237 7398
        for (p = htc->rxbuf_b ; vct_islws(*p); p++)
238 0
                continue;
239 7398
        hp->hd[hf[0]].b = p;
240
241
        /* First field cannot contain SP or CTL */
242 45550
        for (; !vct_issp(*p); p++) {
243 38159
                if (vct_isctl(*p))
244 6
                        return (400);
245
        }
246 7392
        hp->hd[hf[0]].e = p;
247 7392
        assert(Tlen(hp->hd[hf[0]]));
248 7392
        *p++ = '\0';
249
250
        /* Skip SP */
251 7398
        for (; vct_issp(*p); p++) {
252 6
                if (vct_isctl(*p))
253 0
                        return (400);
254
        }
255 7392
        hp->hd[hf[1]].b = p;
256
257
        /* Second field cannot contain LWS or CTL */
258 31908
        for (; !vct_islws(*p); p++) {
259 24516
                if (vct_isctl(*p))
260 0
                        return (400);
261
        }
262 7392
        hp->hd[hf[1]].e = p;
263 7392
        if (!Tlen(hp->hd[hf[1]]))
264 2
                return (400);
265 7390
        *p++ = '\0';
266
267
        /* Skip SP */
268 7390
        for (; vct_issp(*p); p++) {
269 0
                if (vct_isctl(*p))
270 0
                        return (400);
271
        }
272 7390
        hp->hd[hf[2]].b = p;
273
274
        /* Third field is optional and cannot contain CTL except TAB */
275 47726
        for (; !vct_iscrlf(p); p++) {
276 40338
                if (vct_isctl(*p) && !vct_issp(*p)) {
277 2
                        hp->hd[hf[2]].b = NULL;
278 2
                        return (400);
279
                }
280
        }
281 7388
        hp->hd[hf[2]].e = p;
282
283
        /* Skip CRLF */
284 7388
        i = vct_skipcrlf(p);
285 7388
        *p = '\0';
286 7388
        p += i;
287
288 7388
        http_Proto(hp);
289
290 7387
        return (http1_dissect_hdrs(hp, p, htc, maxhdr));
291
}
292
293
/*--------------------------------------------------------------------*/
294
295
static enum body_status
296 7354
http1_body_status(const struct http *hp, struct http_conn *htc, int request)
297
{
298
        ssize_t cl;
299
        const char *b;
300
301 7354
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
302 7354
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
303
304 7354
        htc->content_length = -1;
305
306 7354
        cl = http_GetContentLength(hp);
307 7353
        if (cl == -2)
308 8
                return (BS_ERROR);
309 7345
        if (http_GetHdr(hp, H_Transfer_Encoding, &b)) {
310 258
                if (strcasecmp(b, "chunked"))
311 4
                        return (BS_ERROR);
312 254
                if (cl != -1) {
313
                        /*
314
                         * RFC7230 3.3.3 allows more lenient handling
315
                         * but we're going to be strict.
316
                         */
317 4
                        return (BS_ERROR);
318
                }
319 250
                return (BS_CHUNKED);
320
        }
321 7088
        if (cl >= 0) {
322 2900
                htc->content_length = cl;
323 2900
                return (cl == 0 ? BS_NONE : BS_LENGTH);
324
        }
325
326 4188
        if (hp->protover == 11 && request)
327 4084
                return (BS_NONE);
328
329 104
        if (http_HdrIs(hp, H_Connection, "keep-alive")) {
330
                /*
331
                 * Keep alive with neither TE=Chunked or C-Len is impossible.
332
                 * We assume a zero length body.
333
                 */
334 4
                return (BS_NONE);
335
        }
336
337
        /*
338
         * Fall back to EOF transfer.
339
         */
340 100
        return (BS_EOF);
341
}
342
343
/*--------------------------------------------------------------------*/
344
345
uint16_t
346 4258
HTTP1_DissectRequest(struct http_conn *htc, struct http *hp)
347
{
348
        uint16_t retval;
349
        const char *p;
350 4258
        const char *b = NULL, *e;
351
352 4258
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
353 4258
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
354
355 4258
        retval = http1_splitline(hp, htc,
356 4258
            HTTP1_Req, cache_param->http_req_hdr_len);
357 4258
        if (retval != 0)
358 30
                return (retval);
359
360 4228
        if (hp->protover < 10 || hp->protover > 11)
361 10
                return (400);
362
363 4218
        if (http_CountHdr(hp, H_Host) > 1)
364 2
                return (400);
365
366 4216
        if (http_CountHdr(hp, H_Content_Length) > 1)
367 2
                return (400);
368
369
        /* RFC2616, section 5.2, point 1 */
370 4214
        if (!strncasecmp(hp->hd[HTTP_HDR_URL].b, "http://", 7))
371 6
                b = hp->hd[HTTP_HDR_URL].b + 7;
372 4210
        else if (FEATURE(FEATURE_HTTPS_SCHEME) &&
373 2
            !strncasecmp(hp->hd[HTTP_HDR_URL].b, "https://", 8))
374 2
                b = hp->hd[HTTP_HDR_URL].b + 8;
375 4214
        if (b) {
376 8
                e = strchr(b, '/');
377 8
                if (e) {
378 8
                        http_Unset(hp, H_Host);
379 8
                        http_PrintfHeader(hp, "Host: %.*s", (int)(e - b), b);
380 8
                        hp->hd[HTTP_HDR_URL].b = e;
381
                }
382
        }
383
384 4214
        htc->body_status = http1_body_status(hp, htc, 1);
385 4214
        if (htc->body_status == BS_ERROR)
386 8
                return (400);
387
388 4206
        p = http_GetMethod(hp);
389 4206
        AN(p);
390
391 4206
        if (htc->body_status == BS_EOF) {
392 28
                assert(hp->protover == 10);
393
                /* RFC1945 8.3 p32 and D.1.1 p58 */
394 28
                if (!strcasecmp(p, "post") || !strcasecmp(p, "put"))
395 4
                        return (400);
396 24
                htc->body_status = BS_NONE;
397
        }
398
399
        /* HEAD with a body is a hard error */
400 4202
        if (htc->body_status != BS_NONE && !strcasecmp(p, "head"))
401 0
                return (400);
402
403 4202
        return (retval);
404
}
405
406
/*--------------------------------------------------------------------*/
407
408
uint16_t
409 3140
HTTP1_DissectResponse(struct http_conn *htc, struct http *hp,
410
    const struct http *rhttp)
411
{
412 3140
        uint16_t retval = 0;
413
        const char *p;
414
415 3140
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
416 3140
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
417 3140
        CHECK_OBJ_NOTNULL(rhttp, HTTP_MAGIC);
418
419 3140
        if (http1_splitline(hp, htc,
420 3140
            HTTP1_Resp, cache_param->http_resp_hdr_len))
421 12
                retval = 503;
422
423 3140
        if (retval == 0 && hp->protover < 10)
424 0
                retval = 503;
425
426 3140
        if (retval == 0 && hp->protover > rhttp->protover)
427 2
                http_SetH(hp, HTTP_HDR_PROTO, rhttp->hd[HTTP_HDR_PROTO].b);
428
429 3140
        if (retval == 0 && Tlen(hp->hd[HTTP_HDR_STATUS]) != 3)
430 6
                retval = 503;
431
432 3140
        if (retval == 0) {
433 3122
                p = hp->hd[HTTP_HDR_STATUS].b;
434
435 6238
                if (p[0] >= '1' && p[0] <= '9' &&
436 9342
                    p[1] >= '0' && p[1] <= '9' &&
437 6222
                    p[2] >= '0' && p[2] <= '9')
438 3108
                        hp->status =
439 3108
                            100 * (p[0] - '0') + 10 * (p[1] - '0') + p[2] - '0';
440
                else
441 14
                        retval = 503;
442
        }
443
444 3140
        if (retval != 0) {
445 64
                VSLb(hp->vsl, SLT_HttpGarbage, "%.*s",
446 32
                    (int)(htc->rxbuf_e - htc->rxbuf_b), htc->rxbuf_b);
447 32
                assert(retval >= 100 && retval <= 999);
448 32
                assert(retval == 503);
449 32
                http_SetStatus(hp, 503);
450
        }
451
452 6280
        if (hp->hd[HTTP_HDR_REASON].b == NULL ||
453 3140
            !Tlen(hp->hd[HTTP_HDR_REASON])) {
454 5
                http_SetH(hp, HTTP_HDR_REASON,
455 5
                    http_Status2Reason(hp->status, NULL));
456
        }
457
458 3139
        htc->body_status = http1_body_status(hp, htc, 0);
459
460 3140
        return (retval);
461
}
462
463
/*--------------------------------------------------------------------*/
464
465
static unsigned
466 68613
http1_WrTxt(const struct worker *wrk, const txt *hh, const char *suf)
467
{
468
        unsigned u;
469
470 68613
        CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
471 68613
        AN(wrk);
472 68613
        AN(hh);
473 68613
        AN(hh->b);
474 68613
        AN(hh->e);
475 68613
        u = V1L_Write(wrk, hh->b, hh->e - hh->b);
476 68617
        if (suf != NULL)
477 68617
                u += V1L_Write(wrk, suf, -1);
478 68615
        return (u);
479
}
480
481
unsigned
482 7332
HTTP1_Write(const struct worker *w, const struct http *hp, const int *hf)
483
{
484
        unsigned u, l;
485
486 7332
        assert(hf == HTTP1_Req || hf == HTTP1_Resp);
487 7332
        AN(hp->hd[hf[0]].b);
488 7332
        AN(hp->hd[hf[1]].b);
489 7332
        AN(hp->hd[hf[2]].b);
490 7332
        l = http1_WrTxt(w, &hp->hd[hf[0]], " ");
491 7332
        l += http1_WrTxt(w, &hp->hd[hf[1]], " ");
492 7332
        l += http1_WrTxt(w, &hp->hd[hf[2]], "\r\n");
493
494 53956
        for (u = HTTP_HDR_FIRST; u < hp->nhd; u++)
495 46624
                l += http1_WrTxt(w, &hp->hd[u], "\r\n");
496 7332
        l += V1L_Write(w, "\r\n", -1);
497 7332
        return (l);
498
}