varnish-cache/bin/varnishd/http2/cache_http2_hpack.c
0 
/*-
1 
 * Copyright (c) 2016 Varnish Software AS
2 
 * All rights reserved.
3 
 *
4 
 * Author: Martin Blix Grydeland <martin@varnish-software.com>
5 
 *
6 
 * SPDX-License-Identifier: BSD-2-Clause
7 
 *
8 
 * Redistribution and use in source and binary forms, with or without
9 
 * modification, are permitted provided that the following conditions
10 
 * are met:
11 
 * 1. Redistributions of source code must retain the above copyright
12 
 *    notice, this list of conditions and the following disclaimer.
13 
 * 2. Redistributions in binary form must reproduce the above copyright
14 
 *    notice, this list of conditions and the following disclaimer in the
15 
 *    documentation and/or other materials provided with the distribution.
16 
 *
17 
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 
 * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21 
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 
 * SUCH DAMAGE.
28 
 *
29 
 */
30 





31
  
  
#include "config.h"





32
  
  





33
  
  
#include "cache/cache_varnishd.h"





34
  
  





35
  
  
#include <ctype.h>





36
  
  
#include <stdio.h>





37
  
  





38
  
  
#include "http2/cache_http2.h"





39
  
  
#include "vct.h"





40
  
  





41
  
  
static void





42
  590
  
h2h_assert_ready(const struct h2h_decode *d)





43
  
  
{





44
  
  





45
  590
  
        CHECK_OBJ_NOTNULL(d, H2H_DECODE_MAGIC);





46
  590
  
        AN(d->out);





47
  590
  
        assert(d->namelen >= 2); /* 2 chars from the ": " that we added */





48
  590
  
        assert(d->namelen <= d->out_u);





49
  590
  
        assert(d->out[d->namelen - 2] == ':');





50
  590
  
        assert(d->out[d->namelen - 1] == ' ');





51
  590
  
}





52
  
  





53
  
  
// rfc9113,l,2493,2528





54
  
  
static h2_error





55
  590
  
h2h_checkhdr(struct vsl_log *vsl, txt nm, txt val)





56
  
  
{





57
  
  
        const char *p;





58
  
  
        int l;





59
  
  
        enum {





60
  
  
                FLD_NAME_FIRST,





61
  
  
                FLD_NAME,





62
  
  
                FLD_VALUE_FIRST,





63
  
  
                FLD_VALUE





64
  
  
        } state;





65
  
  





66
  590
  
        if (Tlen(nm) == 0) {





67
  0
  
                VSLb(vsl, SLT_BogoHeader, "Empty name");





68
  0
  
                return (H2SE_PROTOCOL_ERROR);





69
  
  
        }





70
  
  





71
  
  
        // VSLb(vsl, SLT_Debug, "CHDR [%.*s] [%.*s]",





72
  
  
        //     (int)Tlen(nm), nm.b, (int)Tlen(val), val.b);





73
  
  





74
  590
  
        l = vmin_t(int, Tlen(nm) + 2 + Tlen(val), 20);





75
  590
  
        state = FLD_NAME_FIRST;





76
  4462
  
        Tforeach(p, nm) {





77
  3876
  
                switch(state) {





78
  
  
                case FLD_NAME_FIRST:





79
  590
  
                        state = FLD_NAME;





80
  590
  
                        if (*p == ':')





81
  474
  
                                break;





82
  
  
                        /* FALLTHROUGH */





83
  
  
                case FLD_NAME:





84
  3402
  
                        if (isupper(*p)) {





85
  2
  
                                VSLb(vsl, SLT_BogoHeader,





86
  
  
                                    "Illegal field header name (upper-case): %.*s",





87
  1
  
                                    l, nm.b);





88
  1
  
                                return (H2SE_PROTOCOL_ERROR);





89
  
  
                        }





90
  3401
  
                        if (!vct_istchar(*p) || *p == ':') {





91
  6
  
                                VSLb(vsl, SLT_BogoHeader,





92
  
  
                                    "Illegal field header name (non-token): %.*s",





93
  3
  
                                    l, nm.b);





94
  3
  
                                return (H2SE_PROTOCOL_ERROR);





95
  
  
                        }





96
  3398
  
                        break;





97
  
  
                default:





98
  0
  
                        WRONG("http2 field name validation state");





99
  0
  
                }





100
  3872
  
        }





101
  
  





102
  586
  
        state = FLD_VALUE_FIRST;





103
  31888
  
        Tforeach(p, val) {





104
  31312
  
                switch(state) {





105
  
  
                case FLD_VALUE_FIRST:





106
  579
  
                        if (vct_issp(*p)) {





107
  18
  
                                VSLb(vsl, SLT_BogoHeader,





108
  
  
                                    "Illegal field value 0x%02x start %.*s",





109
  9
  
                                    *p, l, nm.b);





110
  9
  
                                return (H2SE_PROTOCOL_ERROR);





111
  
  
                        }





112
  570
  
                        state = FLD_VALUE;





113
  
  
                        /* FALLTHROUGH */





114
  
  
                case FLD_VALUE:





115
  31303
  
                        if (!vct_ishdrval(*p)) {





116
  2
  
                                VSLb(vsl, SLT_BogoHeader,





117
  
  
                                    "Illegal field value 0x%02x %.*s",





118
  1
  
                                    *p, l, nm.b);





119
  1
  
                                return (H2SE_PROTOCOL_ERROR);





120
  
  
                        }





121
  31302
  
                        break;





122
  
  
                default:





123
  0
  
                        WRONG("http2 field value validation state");





124
  0
  
                }





125
  31302
  
        }





126
  576
  
        if (state == FLD_VALUE && vct_issp(val.e[-1])) {





127
  4
  
                VSLb(vsl, SLT_BogoHeader,





128
  
  
                    "Illegal field value 0x%02x (end) at %.*s",





129
  2
  
                    val.e[-1], l, nm.b);





130
  2
  
                return (H2SE_PROTOCOL_ERROR);





131
  
  
        }





132
  574
  
        return (0);





133
  590
  
}





134
  
  





135
  
  
static h2_error





136
  590
  
h2h_addhdr(struct http *hp, struct h2h_decode *d)





137
  
  
{





138
  
  
        /* XXX: This might belong in cache/cache_http.c */





139
  
  
        txt hdr, nm, val;





140
  
  
        int disallow_empty;





141
  
  
        const char *p;





142
  
  
        unsigned n, has_dup;





143
  
  
        h2_error err;





144
  
  





145
  590
  
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);





146
  590
  
        h2h_assert_ready(d);





147
  
  





148
  
  
        /* Assume hdr is by default a regular header from what we decoded. */





149
  590
  
        hdr.b = d->out;





150
  590
  
        hdr.e = hdr.b + d->out_u;





151
  590
  
        n = hp->nhd;





152
  
  





153
  
  
        /* nm and val are separated by ": " */





154
  590
  
        nm.b = hdr.b;





155
  590
  
        nm.e = nm.b + d->namelen - 2;





156
  590
  
        val.b = nm.e + 2;





157
  590
  
        val.e = hdr.e;





158
  
  





159
  590
  
        err = h2h_checkhdr(hp->vsl, nm, val);





160
  590
  
        if (err != NULL)





161
  16
  
                return (err);





162
  
  





163
  574
  
        disallow_empty = 0;





164
  574
  
        has_dup = 0;





165
  
  





166
  574
  
        if (Tlen(hdr) > cache_param->http_req_hdr_len) {





167
  1
  
                VSLb(hp->vsl, SLT_BogoHeader, "Header too large: %.20s", hdr.b);





168
  1
  
                return (H2SE_ENHANCE_YOUR_CALM);





169
  
  
        }





170
  
  





171
  
  
        /* Match H/2 pseudo headers */





172
  
  
        /* XXX: Should probably have some include tbl for pseudo-headers */





173
  573
  
        if (!Tstrcmp(nm, ":method")) {





174
  147
  
                hdr.b = val.b;





175
  147
  
                n = HTTP_HDR_METHOD;





176
  147
  
                disallow_empty = 1;





177
  
  





178
  
  
                /* Check HTTP token */





179
  618
  
                Tforeach(p, hdr) {





180
  471
  
                        if (!vct_istchar(*p))





181
  0
  
                                return (H2SE_PROTOCOL_ERROR);





182
  471
  
                }





183
  573
  
        } else if (!Tstrcmp(nm, ":path")) {





184
  153
  
                hdr.b = val.b;





185
  153
  
                n = HTTP_HDR_URL;





186
  153
  
                disallow_empty = 1;





187
  
  





188
  
  
                // rfc9113,l,2693,2705





189
  153
  
                if (Tlen(val) > 0 && val.b[0] != '/' && Tstrcmp(val, "*")) {





190
  4
  
                        VSLb(hp->vsl, SLT_BogoHeader,





191
  
  
                            "Illegal :path pseudo-header %.*s",





192
  2
  
                            (int)Tlen(val), val.b);





193
  2
  
                        return (H2SE_PROTOCOL_ERROR);





194
  
  
                }





195
  
  





196
  
  
                /* Path cannot contain LWS or CTL */





197
  484
  
                Tforeach(p, hdr) {





198
  333
  
                        if (vct_islws(*p) || vct_isctl(*p))





199
  0
  
                                return (H2SE_PROTOCOL_ERROR);





200
  333
  
                }





201
  424
  
        } else if (!Tstrcmp(nm, ":scheme")) {





202
  
  
                /* XXX: What to do about this one? (typically





203
  
  
                   "http" or "https"). For now set it as a normal





204
  
  
                   header, stripping the first ':'. */





205
  148
  
                hdr.b++;





206
  148
  
                has_dup = d->has_scheme;





207
  148
  
                d->has_scheme = 1;





208
  148
  
                disallow_empty = 1;





209
  
  





210
  
  
                /* Check HTTP token */





211
  733
  
                Tforeach(p, val) {





212
  585
  
                        if (!vct_istchar(*p))





213
  0
  
                                return (H2SE_PROTOCOL_ERROR);





214
  585
  
                }





215
  273
  
        } else if (!Tstrcmp(nm, ":authority")) {





216
  
  
                /* NB: we inject "host" in place of "rity" for





217
  
  
                 * the ":authority" pseudo-header.





218
  
  
                 */





219
  17
  
                memcpy(d->out + 6, "host", 4);





220
  17
  
                hdr.b += 6;





221
  17
  
                nm = Tstr(":authority"); /* preserve original */





222
  17
  
                has_dup = d->has_authority;





223
  17
  
                d->has_authority = 1;





224
  125
  
        } else if (nm.b[0] == ':') {





225
  4
  
                VSLb(hp->vsl, SLT_BogoHeader,





226
  
  
                    "Unknown pseudo-header: %.*s",





227
  2
  
                    vmin_t(int, Tlen(hdr), 20), hdr.b);





228
  2
  
                return (H2SE_PROTOCOL_ERROR);   // rfc7540,l,2990,2992





229
  
  
        }





230
  
  





231
  569
  
        if (disallow_empty && Tlen(val) == 0) {





232
  12
  
                VSLb(hp->vsl, SLT_BogoHeader,





233
  
  
                    "Empty pseudo-header %.*s",





234
  6
  
                    (int)Tlen(nm), nm.b);





235
  6
  
                return (H2SE_PROTOCOL_ERROR);





236
  
  
        }





237
  
  





238
  563
  
        if (n >= HTTP_HDR_FIRST) {





239
  
  
                /* Check for space in struct http */





240
  269
  
                if (n >= hp->shd) {





241
  2
  
                        VSLb(hp->vsl, SLT_LostHeader,





242
  
  
                            "Too many headers: %.*s",





243
  1
  
                            vmin_t(int, Tlen(hdr), 20), hdr.b);





244
  1
  
                        return (H2SE_ENHANCE_YOUR_CALM);





245
  
  
                }





246
  268
  
                hp->nhd++;





247
  268
  
                AZ(hp->hd[n].b);





248
  268
  
        }





249
  
  





250
  562
  
        if (has_dup || hp->hd[n].b != NULL) {





251
  5
  
                assert(nm.b[0] == ':');





252
  10
  
                VSLb(hp->vsl, SLT_BogoHeader,





253
  
  
                    "Duplicate pseudo-header %.*s",





254
  5
  
                    (int)Tlen(nm), nm.b);





255
  5
  
                return (H2SE_PROTOCOL_ERROR);   // rfc7540,l,3158,3162





256
  
  
        }





257
  
  





258
  557
  
        hp->hd[n] = hdr;





259
  557
  
        return (0);





260
  590
  
}





261
  
  





262
  
  
static void





263
  182
  
h2h_decode_init(const struct h2_sess *h2, struct ws *ws)





264
  
  
{





265
  
  
        struct h2h_decode *d;





266
  
  





267
  182
  
        CHECK_OBJ_NOTNULL(h2, H2_SESS_MAGIC);





268
  182
  
        CHECK_OBJ_NOTNULL(ws, WS_MAGIC);





269
  
  





270
  182
  
        AN(h2->decode);





271
  182
  
        d = h2->decode;





272
  182
  
        INIT_OBJ(d, H2H_DECODE_MAGIC);





273
  182
  
        VHD_Init(d->vhd);





274
  182
  
        d->out_l = WS_ReserveSize(ws, cache_param->http_req_size);





275
  
  
        /*





276
  
  
         * Can't do any work without any buffer





277
  
  
         * space. Require non-zero size.





278
  
  
         */





279
  182
  
        XXXAN(d->out_l);





280
  182
  
        d->out = WS_Reservation(ws);





281
  
  





282
  182
  
        if (cache_param->h2_max_header_list_size == 0)





283
  182
  
                d->limit =





284
  182
  
                    (long)(h2->local_settings.max_header_list_size * 1.5);





285
  
  
        else





286
  0
  
                d->limit = cache_param->h2_max_header_list_size;





287
  
  





288
  182
  
        if (d->limit < h2->local_settings.max_header_list_size)





289
  0
  
                d->limit = INT64_MAX;





290
  
  





291
  182
  
        d->ws = ws;





292
  182
  
}





293
  
  





294
  
  
void





295
  182
  
h2h_decode_hdr_init(const struct h2_sess *h2)





296
  
  
{





297
  
  





298
  182
  
        CHECK_OBJ_NOTNULL(h2, H2_SESS_MAGIC);





299
  182
  
        CHECK_OBJ_NOTNULL(h2->new_req, REQ_MAGIC);





300
  182
  
        CHECK_OBJ_NOTNULL(h2->new_req->http, HTTP_MAGIC);





301
  182
  
        h2h_decode_init(h2, h2->new_req->ws);





302
  182
  
}





303
  
  





304
  
  
/* Possible error returns:





305
  
  
 *





306
  
  
 * H2E_COMPRESSION_ERROR: Lost compression state due to incomplete header





307
  
  
 * block. This is a connection level error.





308
  
  
 *





309
  
  
 * H2E_ENHANCE_YOUR_CALM: Ran out of workspace or http header space. This





310
  
  
 * is a stream level error.





311
  
  
 */





312
  
  
h2_error





313
  182
  
h2h_decode_hdr_fini(const struct h2_sess *h2)





314
  
  
{





315
  
  
        h2_error ret;





316
  
  
        struct h2h_decode *d;





317
  
  





318
  182
  
        CHECK_OBJ_NOTNULL(h2, H2_SESS_MAGIC);





319
  182
  
        d = h2->decode;





320
  182
  
        CHECK_OBJ_NOTNULL(h2->new_req, REQ_MAGIC);





321
  182
  
        CHECK_OBJ_NOTNULL(d, H2H_DECODE_MAGIC);





322
  182
  
        WS_ReleaseP(d->ws, d->out);





323
  182
  
        if (d->vhd_ret != VHD_OK) {





324
  
  
                /* HPACK header block didn't finish at an instruction





325
  
  
                   boundary */





326
  70
  
                VSLb(h2->new_req->http->vsl, SLT_BogoHeader,





327
  35
  
                    "HPACK compression error/fini (%s)", VHD_Error(d->vhd_ret));





328
  35
  
                ret = H2CE_COMPRESSION_ERROR;





329
  182
  
        } else if (d->error == NULL && !d->has_scheme) {





330
  4
  
                H2S_Lock_VSLb(h2, SLT_Debug, "Missing :scheme");





331
  4
  
                ret = H2SE_MISSING_SCHEME; //rfc7540,l,3087,3090





332
  4
  
        } else





333
  143
  
                ret = d->error;





334
  182
  
        FINI_OBJ(d);





335
  182
  
        if (ret == H2SE_REQ_SIZE) {





336
  1
  
                VSLb(h2->new_req->http->vsl, SLT_LostHeader,





337
  
  
                    "Header list too large");





338
  1
  
        }





339
  182
  
        return (ret);





340
  
  
}





341
  
  





342
  
  
/* Possible error returns:





343
  
  
 *





344
  
  
 * H2E_COMPRESSION_ERROR: Lost compression state due to invalid header





345
  
  
 * block. This is a connection level error.





346
  
  
 *





347
  
  
 * H2E_PROTOCOL_ERROR: Malformed header or duplicate pseudo-header.





348
  
  
 *                     Violation of field name/value charsets





349
  
  
 */





350
  
  
h2_error





351
  196
  
h2h_decode_bytes(struct h2_sess *h2, const uint8_t *in, size_t in_l)





352
  
  
{





353
  
  
        struct http *hp;





354
  
  
        struct h2h_decode *d;





355
  196
  
        size_t in_u = 0;





356
  
  
        const char *r, *e;





357
  
  





358
  196
  
        CHECK_OBJ_NOTNULL(h2, H2_SESS_MAGIC);





359
  196
  
        CHECK_OBJ_NOTNULL(h2->new_req, REQ_MAGIC);





360
  196
  
        hp = h2->new_req->http;





361
  196
  
        CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);





362
  196
  
        d = h2->decode;





363
  196
  
        CHECK_OBJ_NOTNULL(d, H2H_DECODE_MAGIC);





364
  196
  
        CHECK_OBJ_NOTNULL(d->ws, WS_MAGIC);





365
  196
  
        r = WS_Reservation(d->ws);





366
  196
  
        AN(r);





367
  196
  
        e = r + WS_ReservationSize(d->ws);





368
  
  





369
  
  
        /* Only H2E_ENHANCE_YOUR_CALM indicates that we should continue





370
  
  
           processing. Other errors should have been returned and handled





371
  
  
           by the caller. */





372
  196
  
        if (d->error != NULL)





373
  4
  
                assert(H2_ERROR_MATCH(d->error, H2SE_ENHANCE_YOUR_CALM));





374
  
  





375
  1375
  
        while (d->limit >= 0) {





376
  1374
  
                AN(d->out);





377
  1374
  
                assert(d->out_u <= d->out_l);





378
  2748
  
                d->vhd_ret = VHD_Decode(d->vhd, h2->dectbl, in, in_l, &in_u,





379
  1374
  
                    d->out, d->out_l, &d->out_u);





380
  
  





381
  1374
  
                if (d->vhd_ret < 0) {





382
  4
  
                        H2S_Lock_VSLb(h2, SLT_BogoHeader,





383
  
  
                            "HPACK compression error (%s)",





384
  2
  
                            VHD_Error(d->vhd_ret));





385
  2
  
                        d->error = H2CE_COMPRESSION_ERROR;





386
  2
  
                        break;





387
  1372
  
                } else if (d->vhd_ret == VHD_OK || d->vhd_ret == VHD_MORE) {





388
  162
  
                        assert(in_u == in_l);





389
  162
  
                        break;





390
  
  
                }





391
  
  





392
  1210
  
                if (H2_ERROR_MATCH(d->error, H2SE_ENHANCE_YOUR_CALM)) {





393
  26
  
                        d->limit -= d->out_u;





394
  26
  
                        d->out_u = 0;





395
  26
  
                        assert(d->out_u < d->out_l);





396
  26
  
                        continue;





397
  
  
                }





398
  
  





399
  1184
  
                switch (d->vhd_ret) {





400
  
  
                case VHD_NAME_SEC:





401
  
  
                        /* XXX: header flag for never-indexed header */





402
  
  
                case VHD_NAME:





403
  593
  
                        assert(d->namelen == 0);





404
  593
  
                        if (d->out_l - d->out_u < 2) {





405
  1
  
                                d->error = H2SE_REQ_SIZE;





406
  1
  
                                break;





407
  
  
                        }





408
  592
  
                        d->out[d->out_u++] = ':';





409
  592
  
                        d->out[d->out_u++] = ' ';





410
  592
  
                        d->namelen = d->out_u;





411
  592
  
                        break;





412
  
  





413
  
  
                case VHD_VALUE_SEC:





414
  
  
                        /* XXX: header flag for never-indexed header */





415
  
  
                case VHD_VALUE:





416
  590
  
                        assert(d->namelen > 0);





417
  590
  
                        if (d->out_l - d->out_u < 1) {





418
  0
  
                                d->error = H2SE_REQ_SIZE;





419
  0
  
                                break;





420
  
  
                        }





421
  590
  
                        d->error = h2h_addhdr(hp, d);





422
  590
  
                        if (d->error)





423
  33
  
                                break;





424
  557
  
                        d->out[d->out_u++] = '\0'; /* Zero guard */





425
  557
  
                        d->out += d->out_u;





426
  557
  
                        d->out_l -= d->out_u;





427
  557
  
                        d->limit -= d->out_u;





428
  557
  
                        d->out_u = 0;





429
  557
  
                        d->namelen = 0;





430
  557
  
                        break;





431
  
  





432
  
  
                case VHD_BUF:





433
  1
  
                        d->error = H2SE_REQ_SIZE;





434
  1
  
                        break;





435
  
  





436
  
  
                default:





437
  0
  
                        WRONG("Unhandled return value");





438
  0
  
                        break;





439
  
  
                }





440
  
  





441
  1184
  
                if (H2_ERROR_MATCH(d->error, H2SE_ENHANCE_YOUR_CALM)) {





442
  4
  
                        d->out = WS_Reservation(d->ws);





443
  4
  
                        d->out_l = e - d->out;





444
  4
  
                        d->limit -= d->out_u;





445
  4
  
                        d->out_u = 0;





446
  4
  
                        assert(d->out_l > 0);





447
  1184
  
                } else if (d->error)





448
  31
  
                        break;





449
  
  
        }





450
  
  





451
  196
  
        if (d->limit < 0) {





452
  
  
                /* Fatal error, the client exceeded both http_req_size





453
  
  
                 * and h2_max_header_list_size. */





454
  1
  
                H2S_Lock_VSLb(h2, SLT_SessError, "Header list too large");





455
  1
  
                return (H2CE_ENHANCE_YOUR_CALM);





456
  
  
        }





457
  
  





458
  195
  
        if (H2_ERROR_MATCH(d->error, H2SE_ENHANCE_YOUR_CALM)) {





459
  
  
                /* Stream error, delay reporting until h2h_decode_hdr_fini so





460
  
  
                 * that we can process the complete header block. */





461
  7
  
                return (NULL);





462
  
  
        }





463
  
  





464
  188
  
        return (d->error);





465
  196
  
}