varnish-cache/bin/varnishd/http1/cache_http1_proto.c
0
/*-
1
 * Copyright (c) 2006 Verdens Gang AS
2
 * Copyright (c) 2006-2015 Varnish Software AS
3
 * All rights reserved.
4
 *
5
 * Author: Poul-Henning Kamp <phk@phk.freebsd.dk>
6
 *
7
 * SPDX-License-Identifier: BSD-2-Clause
8
 *
9
 * Redistribution and use in source and binary forms, with or without
10
 * modification, are permitted provided that the following conditions
11
 * are met:
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 * 2. Redistributions in binary form must reproduce the above copyright
15
 *    notice, this list of conditions and the following disclaimer in the
16
 *    documentation and/or other materials provided with the distribution.
17
 *
18
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
22
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28
 * SUCH DAMAGE.
29
 *
30
 * HTTP protocol requests
31
 *
32
 * The trouble with the "until magic sequence" design of HTTP protocol messages
33
 * is that either you have to read a single character at a time, which is
34
 * inefficient, or you risk reading too much, and pre-read some of the object,
35
 * or even the next pipelined request, which follows the one you want.
36
 *
37
 * HTC reads a HTTP protocol header into a workspace, subject to limits,
38
 * and stops when we see the magic marker (double [CR]NL), and if we overshoot,
39
 * it keeps track of the "pipelined" data.
40
 *
41
 * We use this both for client and backend connections.
42
 */
43
44
#include "config.h"
45
46
#include "cache/cache_varnishd.h"
47
#include "cache/cache_transport.h"
48
49
#include "cache_http1.h"
50
51
#include "vct.h"
52
53
const int HTTP1_Req[3] = {
54
        HTTP_HDR_METHOD, HTTP_HDR_URL, HTTP_HDR_PROTO
55
};
56
57
const int HTTP1_Resp[3] = {
58
        HTTP_HDR_PROTO, HTTP_HDR_STATUS, HTTP_HDR_REASON
59
};
60
61
/*--------------------------------------------------------------------
62
 * Check if we have a complete HTTP request or response yet
63
 */
64
65
enum htc_status_e v_matchproto_(htc_complete_f)
66 304565
HTTP1_Complete(struct http_conn *htc)
67
{
68
        char *p;
69
        enum htc_status_e retval;
70
71 304565
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
72 304565
        AN(WS_Reservation(htc->ws));
73 304565
        assert(pdiff(htc->rxbuf_b, htc->rxbuf_e) <= WS_ReservationSize(htc->ws));
74
75
        /* Skip any leading white space */
76 305490
        for (p = htc->rxbuf_b ; p < htc->rxbuf_e && vct_islws(*p); p++)
77 925
                continue;
78 304565
        if (p == htc->rxbuf_e)
79 165777
                return (HTC_S_EMPTY);
80
81
        /* Do not return a partial H2 connection preface */
82 138788
        retval = H2_prism_complete(htc);
83 138788
        if (retval != HTC_S_JUNK)
84 6649
                return (retval);
85
86
        /*
87
         * Here we just look for NL[CR]NL to see that reception
88
         * is completed.  More stringent validation happens later.
89
         */
90 475653
        while (1) {
91 475653
                p = memchr(p, '\n', htc->rxbuf_e - p);
92 475653
                if (p == NULL)
93 7250
                        return (HTC_S_MORE);
94 468403
                if (++p == htc->rxbuf_e)
95 528
                        return (HTC_S_MORE);
96 467875
                if (*p == '\r' && ++p == htc->rxbuf_e)
97 50
                        return (HTC_S_MORE);
98 467825
                if (*p == '\n')
99 124311
                        break;
100
        }
101 124311
        return (HTC_S_COMPLETE);
102 304565
}
103
104
/*--------------------------------------------------------------------
105
 * Dissect the headers of the HTTP protocol message.
106
 * Detect conditionals (headers which start with '^[Ii][Ff]-')
107
 */
108
109
static uint16_t
110 124199
http1_dissect_hdrs(struct http *hp, char *p, struct http_conn *htc,
111
    unsigned maxhdr)
112
{
113
        char *q, *r, *s;
114
        int i;
115
116 124199
        assert(p > htc->rxbuf_b);
117 124199
        assert(p <= htc->rxbuf_e);
118 124199
        hp->nhd = HTTP_HDR_FIRST;
119 124199
        r = NULL;               /* For FlexeLint */
120 462103
        for (; p < htc->rxbuf_e; p = r) {
121
122
                /* Find end of next header */
123 462100
                q = r = p;
124 462100
                if (vct_iscrlf(p, htc->rxbuf_e))
125 123758
                        break;
126 7206027
                while (r < htc->rxbuf_e) {
127 7206003
                        if (vct_ishdrval(*r)) {
128 6867460
                                r++;
129 6867460
                                continue;
130
                        }
131 338543
                        i = vct_iscrlf(r, htc->rxbuf_e);
132 338543
                        if (i == 0) {
133 200
                                VSLb(hp->vsl, SLT_BogoHeader,
134 100
                                    "Header has ctrl char 0x%02x", *r);
135 100
                                return (400);
136
                        }
137 338443
                        q = r;
138 338443
                        r += i;
139 338443
                        assert(r <= htc->rxbuf_e);
140 338443
                        if (r == htc->rxbuf_e)
141 0
                                break;
142 338443
                        if (vct_iscrlf(r, htc->rxbuf_e))
143 123559
                                break;
144
                        /* If line does not continue: got it. */
145 214884
                        if (!vct_issp(*r))
146 214659
                                break;
147
148
                        /* Clear line continuation LWS to spaces */
149 450
                        while (q < r)
150 225
                                *q++ = ' ';
151 475
                        while (q < htc->rxbuf_e && vct_issp(*q))
152 250
                                *q++ = ' ';
153
                }
154
155
                /* Empty header = end of headers */
156 338242
                if (p == q)
157 0
                        break;
158
159 338232
                if (q - p > maxhdr) {
160 200
                        VSLb(hp->vsl, SLT_BogoHeader, "Header too long: %.*s",
161 100
                            (int)(q - p > 20 ? 20 : q - p), p);
162 100
                        return (400);
163
                }
164
165 338132
                if (vct_islws(*p)) {
166 100
                        VSLb(hp->vsl, SLT_BogoHeader,
167
                            "1st header has white space: %.*s",
168 50
                            (int)(q - p > 20 ? 20 : q - p), p);
169 50
                        return (400);
170
                }
171
172 338082
                if (*p == ':') {
173 50
                        VSLb(hp->vsl, SLT_BogoHeader,
174
                            "Missing header name: %.*s",
175 25
                            (int)(q - p > 20 ? 20 : q - p), p);
176 25
                        return (400);
177
                }
178
179 338507
                while (q > p && vct_issp(q[-1]))
180 450
                        q--;
181 338029
                *q = '\0';
182
183 2934066
                for (s = p; *s != ':' && s < q; s++) {
184 2596137
                        if (!vct_istchar(*s)) {
185 200
                                VSLb(hp->vsl, SLT_BogoHeader,
186 100
                                    "Illegal char 0x%02x in header name", *s);
187 100
                                return (400);
188
                        }
189 2596037
                }
190 337929
                if (*s != ':') {
191 50
                        VSLb(hp->vsl, SLT_BogoHeader, "Header without ':' %.*s",
192 25
                            (int)(q - p > 20 ? 20 : q - p), p);
193 25
                        return (400);
194
                }
195
196 337904
                if (hp->nhd < hp->shd) {
197 337904
                        hp->hdf[hp->nhd] = 0;
198 337904
                        hp->hd[hp->nhd].b = p;
199 337904
                        hp->hd[hp->nhd].e = q;
200 337904
                        hp->nhd++;
201 337904
                } else {
202 0
                        VSLb(hp->vsl, SLT_BogoHeader, "Too many headers: %.*s",
203 0
                            (int)(q - p > 20 ? 20 : q - p), p);
204 0
                        return (400);
205
                }
206 337904
        }
207 123761
        i = vct_iscrlf(p, htc->rxbuf_e);
208 123761
        assert(i > 0);          /* HTTP1_Complete guarantees this */
209 123757
        p += i;
210 123757
        HTC_RxPipeline(htc, p);
211 123757
        htc->rxbuf_e = p;
212 123757
        return (0);
213 124157
}
214
215
/*--------------------------------------------------------------------
216
 * Deal with first line of HTTP protocol message.
217
 */
218
219
static uint16_t
220 124311
http1_splitline(struct http *hp, struct http_conn *htc, const int *hf,
221
    unsigned maxhdr)
222
{
223
        char *p, *q;
224
        int i;
225
226 124311
        assert(hf == HTTP1_Req || hf == HTTP1_Resp);
227 124311
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
228 124311
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
229 124311
        assert(htc->rxbuf_e >= htc->rxbuf_b);
230
231 124311
        AZ(hp->hd[hf[0]].b);
232 124311
        AZ(hp->hd[hf[1]].b);
233 124311
        AZ(hp->hd[hf[2]].b);
234
235
        /* Skip leading LWS */
236 124436
        for (p = htc->rxbuf_b ; vct_islws(*p); p++)
237 125
                continue;
238 124311
        hp->hd[hf[0]].b = p;
239
240
        /* First field cannot contain SP or CTL */
241 749494
        for (; !vct_issp(*p); p++) {
242 625283
                if (vct_isctl(*p))
243 100
                        return (400);
244 625183
        }
245 124211
        hp->hd[hf[0]].e = p;
246 124211
        assert(Tlen(hp->hd[hf[0]]));
247 124211
        *p++ = '\0';
248
249
        /* Skip SP */
250 124361
        for (; vct_issp(*p); p++) {
251 150
                if (vct_isctl(*p))
252 0
                        return (400);
253 150
        }
254 124211
        hp->hd[hf[1]].b = p;
255
256
        /* Second field cannot contain LWS or CTL */
257 914523
        for (; !vct_islws(*p); p++) {
258 790312
                if (vct_isctl(*p))
259 0
                        return (400);
260 790312
        }
261 124211
        hp->hd[hf[1]].e = p;
262 124211
        if (!Tlen(hp->hd[hf[1]]))
263 25
                return (400);
264
265
        /* Skip SP */
266 124186
        q = p;
267 248191
        for (; vct_issp(*p); p++) {
268 124005
                if (vct_isctl(*p))
269 0
                        return (400);
270 124005
        }
271 124186
        if (q < p)
272 123979
                *q = '\0';      /* Nul guard for the 2nd field. If q == p
273
                                 * (the third optional field is not
274
                                 * present), the last nul guard will
275
                                 * cover this field. */
276
277
        /* Third field is optional and cannot contain CTL except TAB */
278 124186
        q = p;
279 822027
        for (; p < htc->rxbuf_e && !vct_iscrlf(p, htc->rxbuf_e); p++) {
280 697866
                if (vct_isctl(*p) && !vct_issp(*p))
281 25
                        return (400);
282 697841
        }
283 124161
        if (p > q) {
284 123886
                hp->hd[hf[2]].b = q;
285 123886
                hp->hd[hf[2]].e = p;
286 123886
        }
287
288
        /* Skip CRLF */
289 124161
        i = vct_iscrlf(p, htc->rxbuf_e);
290 124161
        if (!i)
291 0
                return (400);
292 124161
        *p = '\0';
293 124161
        p += i;
294
295 124161
        http_Proto(hp);
296
297 124161
        return (http1_dissect_hdrs(hp, p, htc, maxhdr));
298 124311
}
299
300
/*--------------------------------------------------------------------*/
301
302
static body_status_t
303 123623
http1_body_status(const struct http *hp, struct http_conn *htc, int request)
304
{
305
        ssize_t cl;
306
        const char *b;
307
308 123623
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
309 123623
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
310
311 123623
        htc->content_length = -1;
312
313 123623
        cl = http_GetContentLength(hp);
314 123623
        if (cl == -2)
315 100
                return (BS_ERROR);
316 123523
        if (http_GetHdr(hp, H_Transfer_Encoding, &b)) {
317 4075
                if (!http_coding_eq(b, chunked))
318 50
                        return (BS_ERROR);
319 4025
                if (cl != -1) {
320
                        /*
321
                         * RFC7230 3.3.3 allows more lenient handling
322
                         * but we're going to be strict.
323
                         */
324 50
                        return (BS_ERROR);
325
                }
326 3975
                return (BS_CHUNKED);
327
        }
328 119448
        if (cl >= 0) {
329 45947
                htc->content_length = cl;
330 45947
                return (cl == 0 ? BS_NONE : BS_LENGTH);
331
        }
332
333 73501
        if (hp->protover == 11 && request)
334 72101
                return (BS_NONE);
335
336 1400
        if (http_HdrIs(hp, H_Connection, "keep-alive")) {
337
                /*
338
                 * Keep alive with neither TE=Chunked or C-Len is impossible.
339
                 * We assume a zero length body.
340
                 */
341 50
                return (BS_NONE);
342
        }
343
344
        /*
345
         * Fall back to EOF transfer.
346
         */
347 1350
        return (BS_EOF);
348 123623
}
349
350
/*--------------------------------------------------------------------*/
351
352
uint16_t
353 75055
HTTP1_DissectRequest(struct http_conn *htc, struct http *hp)
354
{
355
        uint16_t retval;
356
        const char *p;
357 75055
        const char *b = NULL, *e;
358
359 75055
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
360 75055
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
361
362 150110
        retval = http1_splitline(hp, htc,
363 75055
            HTTP1_Req, cache_param->http_req_hdr_len);
364 75055
        if (retval != 0)
365 375
                return (retval);
366
367 74680
        if (hp->protover < 10 || hp->protover > 11)
368 300
                return (400);
369
370
        /* RFC2616, section 5.2, point 1 */
371 74380
        if (http_scheme_at(hp->hd[HTTP_HDR_URL].b, http))
372 75
                b = hp->hd[HTTP_HDR_URL].b + 7;
373 74305
        else if (FEATURE(FEATURE_HTTPS_SCHEME) &&
374 25
            http_scheme_at(hp->hd[HTTP_HDR_URL].b, https))
375 25
                b = hp->hd[HTTP_HDR_URL].b + 8;
376 74380
        if (b) {
377 100
                e = strchr(b, '/');
378 100
                if (e) {
379 100
                        http_Unset(hp, H_Host);
380 100
                        http_PrintfHeader(hp, "Host: %.*s", (int)(e - b), b);
381 100
                        hp->hd[HTTP_HDR_URL].b = e;
382 100
                }
383 100
        }
384
385 74380
        htc->body_status = http1_body_status(hp, htc, 1);
386 74380
        if (htc->body_status == BS_ERROR)
387 100
                return (400);
388
389 74280
        p = http_GetMethod(hp);
390 74280
        AN(p);
391
392 74280
        if (htc->body_status == BS_EOF) {
393 350
                assert(hp->protover == 10);
394
                /* RFC1945 8.3 p32 and D.1.1 p58 */
395 350
                if (http_method_eq(p, POST) || http_method_eq(p, PUT))
396 50
                        return (400);
397 300
                htc->body_status = BS_NONE;
398 300
        }
399
400
        /* HEAD with a body is a hard error */
401 74230
        if (htc->body_status != BS_NONE && http_method_eq(p, HEAD))
402 0
                return (400);
403
404 74230
        return (retval);
405 75055
}
406
407
/*--------------------------------------------------------------------*/
408
409
uint16_t
410 49246
HTTP1_DissectResponse(struct http_conn *htc, struct http *hp,
411
    const struct http *rhttp)
412
{
413 49246
        uint16_t retval = 0;
414
        const char *p;
415
416 49246
        CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
417 49246
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
418 49246
        CHECK_OBJ_NOTNULL(rhttp, HTTP_MAGIC);
419
420 98492
        if (http1_splitline(hp, htc,
421 49246
            HTTP1_Resp, cache_param->http_resp_hdr_len))
422 175
                retval = 503;
423
424 49246
        if (retval == 0 && hp->protover < 10)
425 0
                retval = 503;
426
427 49246
        if (retval == 0 && hp->protover > rhttp->protover)
428 25
                http_SetH(hp, HTTP_HDR_PROTO, rhttp->hd[HTTP_HDR_PROTO].b);
429
430 49246
        if (retval == 0 && Tlen(hp->hd[HTTP_HDR_STATUS]) != 3)
431 75
                retval = 503;
432
433 49246
        if (retval == 0) {
434 48996
                p = hp->hd[HTTP_HDR_STATUS].b;
435
436 97842
                if (p[0] >= '1' && p[0] <= '9' &&
437 48921
                    p[1] >= '0' && p[1] <= '9' &&
438 48871
                    p[2] >= '0' && p[2] <= '9')
439 48821
                        hp->status =
440 48821
                            100 * (p[0] - '0') + 10 * (p[1] - '0') + p[2] - '0';
441
                else
442 175
                        retval = 503;
443 48996
        }
444
445 49246
        if (retval != 0) {
446 850
                VSLb(hp->vsl, SLT_HttpGarbage, "%.*s",
447 425
                    (int)(htc->rxbuf_e - htc->rxbuf_b), htc->rxbuf_b);
448 425
                assert(retval >= 100 && retval <= 999);
449 425
                assert(retval == 503);
450 425
                http_SetStatus(hp, 503, NULL);
451 425
        }
452
453 49246
        if (hp->hd[HTTP_HDR_REASON].b == NULL ||
454 49196
            !Tlen(hp->hd[HTTP_HDR_REASON])) {
455 108
                http_SetH(hp, HTTP_HDR_REASON,
456 54
                    http_Status2Reason(hp->status, NULL));
457 54
        }
458
459 49242
        htc->body_status = http1_body_status(hp, htc, 0);
460
461 49242
        return (retval);
462
}
463
464
/*--------------------------------------------------------------------*/
465
466
static unsigned
467 1267571
http1_WrTxt(const struct worker *wrk, const txt *hh, const char *suf)
468
{
469
        unsigned u;
470
471 1267571
        CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
472 1267571
        AN(wrk);
473 1267571
        AN(hh);
474 1267571
        AN(hh->b);
475 1267571
        AN(hh->e);
476 1267571
        u = V1L_Write(wrk, hh->b, hh->e - hh->b);
477 1267571
        if (suf != NULL)
478 1267506
                u += V1L_Write(wrk, suf, -1);
479 1267583
        return (u);
480
}
481
482
unsigned
483 119941
HTTP1_Write(const struct worker *w, const struct http *hp, const int *hf)
484
{
485
        unsigned u, l;
486
487 119941
        assert(hf == HTTP1_Req || hf == HTTP1_Resp);
488 119941
        AN(hp->hd[hf[0]].b);
489 119941
        AN(hp->hd[hf[1]].b);
490 119941
        AN(hp->hd[hf[2]].b);
491 119941
        l = http1_WrTxt(w, &hp->hd[hf[0]], " ");
492 119941
        l += http1_WrTxt(w, &hp->hd[hf[1]], " ");
493 119941
        l += http1_WrTxt(w, &hp->hd[hf[2]], "\r\n");
494
495 1027913
        for (u = HTTP_HDR_FIRST; u < hp->nhd; u++)
496 907972
                l += http1_WrTxt(w, &hp->hd[u], "\r\n");
497 119941
        l += V1L_Write(w, "\r\n", -1);
498 119941
        return (l);
499
}