/src/curl/lib/http1.c

Source (jump to first uncovered line)
/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * SPDX-License-Identifier: curl
 *
 ***************************************************************************/

#include "curl_setup.h"

#ifndef CURL_DISABLE_HTTP

#include "urldata.h"
#include <curl/curl.h>
#include "http.h"
#include "http1.h"
#include "urlapi-int.h"

/* The last 3 #include files should be in this order */
#include "curl_printf.h"
#include "curl_memory.h"
#include "memdebug.h"


#define MAX_URL_LEN   (4*1024)

void Curl_h1_req_parse_init(struct h1_req_parser *parser, size_t max_line_len)
{
  memset(parser, 0, sizeof(*parser));
  parser->max_line_len = max_line_len;
  Curl_bufq_init(&parser->scratch, max_line_len, 1);
}

void Curl_h1_req_parse_free(struct h1_req_parser *parser)
{
  if(parser) {
    Curl_http_req_free(parser->req);
    Curl_bufq_free(&parser->scratch);
    parser->req = NULL;
    parser->done = FALSE;
  }
}

static ssize_t detect_line(struct h1_req_parser *parser,
                           const char *buf, const size_t buflen, int options,
                           CURLcode *err)
{
  const char  *line_end;
  size_t len;

  DEBUGASSERT(!parser->line);
  line_end = memchr(buf, '\n', buflen);
  if(!line_end) {
    *err = (buflen > parser->max_line_len)? CURLE_URL_MALFORMAT : CURLE_AGAIN;
    return -1;
  }
  len = line_end - buf + 1;
  if(len > parser->max_line_len) {
    *err = CURLE_URL_MALFORMAT;
    return -1;
  }

  if(options & H1_PARSE_OPT_STRICT) {
    if((len == 1) || (buf[len - 2] != '\r')) {
      *err = CURLE_URL_MALFORMAT;
      return -1;
    }
    parser->line = buf;
    parser->line_len = len - 2;
  }
  else {
    parser->line = buf;
    parser->line_len = len - (((len == 1) || (buf[len - 2] != '\r'))? 1 : 2);
  }
  *err = CURLE_OK;
  return (ssize_t)len;
}

static ssize_t next_line(struct h1_req_parser *parser,
                         const char *buf, const size_t buflen, int options,
                         CURLcode *err)
{
  ssize_t nread = 0, n;

  if(parser->line) {
    if(parser->scratch_skip) {
      /* last line was from scratch. Remove it now, since we are done
       * with it and look for the next one. */
      Curl_bufq_skip_and_shift(&parser->scratch, parser->scratch_skip);
      parser->scratch_skip = 0;
    }
    parser->line = NULL;
    parser->line_len = 0;
  }

  if(Curl_bufq_is_empty(&parser->scratch)) {
    nread = detect_line(parser, buf, buflen, options, err);
    if(nread < 0) {
      if(*err != CURLE_AGAIN)
        return -1;
      /* not a complete line, add to scratch for later revisit */
      nread = Curl_bufq_write(&parser->scratch,
                              (const unsigned char *)buf, buflen, err);
      return nread;
    }
    /* found one */
  }
  else {
    const char *sbuf;
    size_t sbuflen;

    /* scratch contains bytes from last attempt, add more to it */
    if(buflen) {
      const char *line_end;
      size_t add_len;
      ssize_t pos;

      line_end = memchr(buf, '\n', buflen);
      pos = line_end? (line_end - buf + 1) : -1;
      add_len = (pos >= 0)? (size_t)pos : buflen;
      nread = Curl_bufq_write(&parser->scratch,
                              (const unsigned char *)buf, add_len, err);
      if(nread < 0) {
        /* Unable to add anything to scratch is an error, since we should
         * have seen a line there then before. */
        if(*err == CURLE_AGAIN)
          *err = CURLE_URL_MALFORMAT;
        return -1;
      }
    }

    if(Curl_bufq_peek(&parser->scratch,
                      (const unsigned char **)&sbuf, &sbuflen)) {
      n = detect_line(parser, sbuf, sbuflen, options, err);
      if(n < 0 && *err != CURLE_AGAIN)
        return -1;  /* real error */
      parser->scratch_skip = (size_t)n;
    }
    else {
      /* we SHOULD be able to peek at scratch data */
      DEBUGASSERT(0);
    }
  }
  return nread;
}

static CURLcode start_req(struct h1_req_parser *parser,
                          const char *scheme_default, int options)
{
  const char  *p, *m, *target, *hv, *scheme, *authority, *path;
  size_t m_len, target_len, hv_len, scheme_len, authority_len, path_len;
  size_t i;
  CURLU *url = NULL;
  CURLcode result = CURLE_URL_MALFORMAT; /* Use this as default fail */

  DEBUGASSERT(!parser->req);
  /* line must match: "METHOD TARGET HTTP_VERSION" */
  p = memchr(parser->line, ' ', parser->line_len);
  if(!p || p == parser->line)
    goto out;

  m = parser->line;
  m_len = p - parser->line;
  target = p + 1;
  target_len = hv_len = 0;
  hv = NULL;

  /* URL may contain spaces so scan backwards */
  for(i = parser->line_len; i > m_len; --i) {
    if(parser->line[i] == ' ') {
      hv = &parser->line[i + 1];
      hv_len = parser->line_len - i;
      target_len = (hv - target) - 1;
      break;
    }
  }
  /* no SPACE found or empty TARGET or empy HTTP_VERSION */
  if(!target_len || !hv_len)
    goto out;

  /* TODO: we do not check HTTP_VERSION for conformity, should
   + do that when STRICT option is supplied. */
  (void)hv;

  /* The TARGET can be (rfc 9112, ch. 3.2):
   * origin-form:     path + optional query
   * absolute-form:   absolute URI
   * authority-form:  host+port for CONNECT
   * asterisk-form:   '*' for OPTIONS
   *
   * from TARGET, we derive `scheme` `authority` `path`
   * origin-form            --        --          TARGET
   * absolute-form          URL*      URL*        URL*
   * authority-form         --        TARGET      --
   * asterisk-form          --        --          TARGET
   */
  scheme = authority = path = NULL;
  scheme_len = authority_len = path_len = 0;

  if(target_len == 1 && target[0] == '*') {
    /* asterisk-form */
    path = target;
    path_len = target_len;
  }
  else if(!strncmp("CONNECT", m, m_len)) {
    /* authority-form */
    authority = target;
    authority_len = target_len;
  }
  else if(target[0] == '/') {
    /* origin-form */
    path = target;
    path_len = target_len;
  }
  else {
    /* origin-form OR absolute-form */
    CURLUcode uc;
    char tmp[MAX_URL_LEN];

    /* default, unless we see an absolute URL */
    path = target;
    path_len = target_len;

    /* URL parser wants 0-termination */
    if(target_len >= sizeof(tmp))
      goto out;
    memcpy(tmp, target, target_len);
    tmp[target_len] = '\0';
    /* See if treating TARGET as an absolute URL makes sense */
    if(Curl_is_absolute_url(tmp, NULL, 0, FALSE)) {
      int url_options;

      url = curl_url();
      if(!url) {
        result = CURLE_OUT_OF_MEMORY;
        goto out;
      }
      url_options = (CURLU_NON_SUPPORT_SCHEME|
                     CURLU_PATH_AS_IS|
                     CURLU_NO_DEFAULT_PORT);
      if(!(options & H1_PARSE_OPT_STRICT))
        url_options |= CURLU_ALLOW_SPACE;
      uc = curl_url_set(url, CURLUPART_URL, tmp, url_options);
      if(uc) {
        goto out;
      }
    }

    if(!url && (options & H1_PARSE_OPT_STRICT)) {
      /* we should have an absolute URL or have seen `/` earlier */
      goto out;
    }
  }

  if(url) {
    result = Curl_http_req_make2(&parser->req, m, m_len, url, scheme_default);
  }
  else {
    if(!scheme && scheme_default) {
      scheme = scheme_default;
      scheme_len = strlen(scheme_default);
    }
    result = Curl_http_req_make(&parser->req, m, m_len, scheme, scheme_len,
                                authority, authority_len, path, path_len);
  }

out:
  curl_url_cleanup(url);
  return result;
}

ssize_t Curl_h1_req_parse_read(struct h1_req_parser *parser,
                               const char *buf, size_t buflen,
                               const char *scheme_default, int options,
                               CURLcode *err)
{
  ssize_t nread = 0, n;

  *err = CURLE_OK;
  while(!parser->done) {
    n = next_line(parser, buf, buflen, options, err);
    if(n < 0) {
      if(*err != CURLE_AGAIN) {
        nread = -1;
      }
      *err = CURLE_OK;
      goto out;
    }

    /* Consume this line */
    nread += (size_t)n;
    buf += (size_t)n;
    buflen -= (size_t)n;

    if(!parser->line) {
      /* consumed bytes, but line not complete */
      if(!buflen)
        goto out;
    }
    else if(!parser->req) {
      *err = start_req(parser, scheme_default, options);
      if(*err) {
        nread = -1;
        goto out;
      }
    }
    else if(parser->line_len == 0) {
      /* last, empty line, we are finished */
      if(!parser->req) {
        *err = CURLE_URL_MALFORMAT;
        nread = -1;
        goto out;
      }
      parser->done = TRUE;
      Curl_bufq_free(&parser->scratch);
      /* last chance adjustments */
    }
    else {
      *err = Curl_dynhds_h1_add_line(&parser->req->headers,
                                     parser->line, parser->line_len);
      if(*err) {
        nread = -1;
        goto out;
      }
    }
  }

out:
  return nread;
}


#endif /* !CURL_DISABLE_HTTP */

Coverage Report

Created: 2023-06-07 07:02

Line	Count	Source (jump to first uncovered line)
1		/***************************************************************************
2		* _ _ ____ _
3		* Project ___\| \| \| \| _ \\| \|
4		* / __\| \| \| \| \|_) \| \|
5		* \| (__\| \|_\| \| _ <\| \|___
6		* \___\|\___/\|_\| \_\_____\|
7		*
8		* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9		*
10		* This software is licensed as described in the file COPYING, which
11		* you should have received as part of this distribution. The terms
12		* are also available at https://curl.se/docs/copyright.html.
13		*
14		* You may opt to use, copy, modify, merge, publish, distribute and/or sell
15		* copies of the Software, and permit persons to whom the Software is
16		* furnished to do so, under the terms of the COPYING file.
17		*
18		* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19		* KIND, either express or implied.
20		*
21		* SPDX-License-Identifier: curl
22		*
23		***************************************************************************/
24
25		#include "curl_setup.h"
26
27		#ifndef CURL_DISABLE_HTTP
28
29		#include "urldata.h"
30		#include <curl/curl.h>
31		#include "http.h"
32		#include "http1.h"
33		#include "urlapi-int.h"
34
35		/* The last 3 #include files should be in this order */
36		#include "curl_printf.h"
37		#include "curl_memory.h"
38		#include "memdebug.h"
39
40
41		#define MAX_URL_LEN (4*1024)
42
43		void Curl_h1_req_parse_init(struct h1_req_parser *parser, size_t max_line_len)
44	0	{
45	0	memset(parser, 0, sizeof(*parser));
46	0	parser->max_line_len = max_line_len;
47	0	Curl_bufq_init(&parser->scratch, max_line_len, 1);
48	0	}
49
50		void Curl_h1_req_parse_free(struct h1_req_parser *parser)
51	0	{
52	0	if(parser) {
53	0	Curl_http_req_free(parser->req);
54	0	Curl_bufq_free(&parser->scratch);
55	0	parser->req = NULL;
56	0	parser->done = FALSE;
57	0	}
58	0	}
59
60		static ssize_t detect_line(struct h1_req_parser *parser,
61		const char *buf, const size_t buflen, int options,
62		CURLcode *err)
63	0	{
64	0	const char *line_end;
65	0	size_t len;
66
67	0	DEBUGASSERT(!parser->line);
68	0	line_end = memchr(buf, '\n', buflen);
69	0	if(!line_end) {
70	0	*err = (buflen > parser->max_line_len)? CURLE_URL_MALFORMAT : CURLE_AGAIN;
71	0	return -1;
72	0	}
73	0	len = line_end - buf + 1;
74	0	if(len > parser->max_line_len) {
75	0	*err = CURLE_URL_MALFORMAT;
76	0	return -1;
77	0	}
78
79	0	if(options & H1_PARSE_OPT_STRICT) {
80	0	if((len == 1) \|\| (buf[len - 2] != '\r')) {
81	0	*err = CURLE_URL_MALFORMAT;
82	0	return -1;
83	0	}
84	0	parser->line = buf;
85	0	parser->line_len = len - 2;
86	0	}
87	0	else {
88	0	parser->line = buf;
89	0	parser->line_len = len - (((len == 1) \|\| (buf[len - 2] != '\r'))? 1 : 2);
90	0	}
91	0	*err = CURLE_OK;
92	0	return (ssize_t)len;
93	0	}
94
95		static ssize_t next_line(struct h1_req_parser *parser,
96		const char *buf, const size_t buflen, int options,
97		CURLcode *err)
98	0	{
99	0	ssize_t nread = 0, n;
100
101	0	if(parser->line) {
102	0	if(parser->scratch_skip) {
103		/* last line was from scratch. Remove it now, since we are done
104		* with it and look for the next one. */
105	0	Curl_bufq_skip_and_shift(&parser->scratch, parser->scratch_skip);
106	0	parser->scratch_skip = 0;
107	0	}
108	0	parser->line = NULL;
109	0	parser->line_len = 0;
110	0	}
111
112	0	if(Curl_bufq_is_empty(&parser->scratch)) {
113	0	nread = detect_line(parser, buf, buflen, options, err);
114	0	if(nread < 0) {
115	0	if(*err != CURLE_AGAIN)
116	0	return -1;
117		/* not a complete line, add to scratch for later revisit */
118	0	nread = Curl_bufq_write(&parser->scratch,
119	0	(const unsigned char *)buf, buflen, err);
120	0	return nread;
121	0	}
122		/* found one */
123	0	}
124	0	else {
125	0	const char *sbuf;
126	0	size_t sbuflen;
127
128		/* scratch contains bytes from last attempt, add more to it */
129	0	if(buflen) {
130	0	const char *line_end;
131	0	size_t add_len;
132	0	ssize_t pos;
133
134	0	line_end = memchr(buf, '\n', buflen);
135	0	pos = line_end? (line_end - buf + 1) : -1;
136	0	add_len = (pos >= 0)? (size_t)pos : buflen;
137	0	nread = Curl_bufq_write(&parser->scratch,
138	0	(const unsigned char *)buf, add_len, err);
139	0	if(nread < 0) {
140		/* Unable to add anything to scratch is an error, since we should
141		* have seen a line there then before. */
142	0	if(*err == CURLE_AGAIN)
143	0	*err = CURLE_URL_MALFORMAT;
144	0	return -1;
145	0	}
146	0	}
147
148	0	if(Curl_bufq_peek(&parser->scratch,
149	0	(const unsigned char **)&sbuf, &sbuflen)) {
150	0	n = detect_line(parser, sbuf, sbuflen, options, err);
151	0	if(n < 0 && *err != CURLE_AGAIN)
152	0	return -1; /* real error */
153	0	parser->scratch_skip = (size_t)n;
154	0	}
155	0	else {
156		/* we SHOULD be able to peek at scratch data */
157	0	DEBUGASSERT(0);
158	0	}
159	0	}
160	0	return nread;
161	0	}
162
163		static CURLcode start_req(struct h1_req_parser *parser,
164		const char *scheme_default, int options)
165	0	{
166	0	const char p, m, target, hv, scheme, authority, *path;
167	0	size_t m_len, target_len, hv_len, scheme_len, authority_len, path_len;
168	0	size_t i;
169	0	CURLU *url = NULL;
170	0	CURLcode result = CURLE_URL_MALFORMAT; /* Use this as default fail */
171
172	0	DEBUGASSERT(!parser->req);
173		/* line must match: "METHOD TARGET HTTP_VERSION" */
174	0	p = memchr(parser->line, ' ', parser->line_len);
175	0	if(!p \|\| p == parser->line)
176	0	goto out;
177
178	0	m = parser->line;
179	0	m_len = p - parser->line;
180	0	target = p + 1;
181	0	target_len = hv_len = 0;
182	0	hv = NULL;
183
184		/* URL may contain spaces so scan backwards */
185	0	for(i = parser->line_len; i > m_len; --i) {
186	0	if(parser->line[i] == ' ') {
187	0	hv = &parser->line[i + 1];
188	0	hv_len = parser->line_len - i;
189	0	target_len = (hv - target) - 1;
190	0	break;
191	0	}
192	0	}
193		/* no SPACE found or empty TARGET or empy HTTP_VERSION */
194	0	if(!target_len \|\| !hv_len)
195	0	goto out;
196
197		/* TODO: we do not check HTTP_VERSION for conformity, should
198		+ do that when STRICT option is supplied. */
199	0	(void)hv;
200
201		/* The TARGET can be (rfc 9112, ch. 3.2):
202		* origin-form: path + optional query
203		* absolute-form: absolute URI
204		* authority-form: host+port for CONNECT
205		* asterisk-form: '*' for OPTIONS
206		*
207		* from TARGET, we derive `scheme` `authority` `path`
208		* origin-form -- -- TARGET
209		* absolute-form URL* URL* URL*
210		* authority-form -- TARGET --
211		* asterisk-form -- -- TARGET
212		*/
213	0	scheme = authority = path = NULL;
214	0	scheme_len = authority_len = path_len = 0;
215
216	0	if(target_len == 1 && target[0] == '*') {
217		/* asterisk-form */
218	0	path = target;
219	0	path_len = target_len;
220	0	}
221	0	else if(!strncmp("CONNECT", m, m_len)) {
222		/* authority-form */
223	0	authority = target;
224	0	authority_len = target_len;
225	0	}
226	0	else if(target[0] == '/') {
227		/* origin-form */
228	0	path = target;
229	0	path_len = target_len;
230	0	}
231	0	else {
232		/* origin-form OR absolute-form */
233	0	CURLUcode uc;
234	0	char tmp[MAX_URL_LEN];
235
236		/* default, unless we see an absolute URL */
237	0	path = target;
238	0	path_len = target_len;
239
240		/* URL parser wants 0-termination */
241	0	if(target_len >= sizeof(tmp))
242	0	goto out;
243	0	memcpy(tmp, target, target_len);
244	0	tmp[target_len] = '\0';
245		/* See if treating TARGET as an absolute URL makes sense */
246	0	if(Curl_is_absolute_url(tmp, NULL, 0, FALSE)) {
247	0	int url_options;
248
249	0	url = curl_url();
250	0	if(!url) {
251	0	result = CURLE_OUT_OF_MEMORY;
252	0	goto out;
253	0	}
254	0	url_options = (CURLU_NON_SUPPORT_SCHEME\|
255	0	CURLU_PATH_AS_IS\|
256	0	CURLU_NO_DEFAULT_PORT);
257	0	if(!(options & H1_PARSE_OPT_STRICT))
258	0	url_options \|= CURLU_ALLOW_SPACE;
259	0	uc = curl_url_set(url, CURLUPART_URL, tmp, url_options);
260	0	if(uc) {
261	0	goto out;
262	0	}
263	0	}
264
265	0	if(!url && (options & H1_PARSE_OPT_STRICT)) {
266		/* we should have an absolute URL or have seen `/` earlier */
267	0	goto out;
268	0	}
269	0	}
270
271	0	if(url) {
272	0	result = Curl_http_req_make2(&parser->req, m, m_len, url, scheme_default);
273	0	}
274	0	else {
275	0	if(!scheme && scheme_default) {
276	0	scheme = scheme_default;
277	0	scheme_len = strlen(scheme_default);
278	0	}
279	0	result = Curl_http_req_make(&parser->req, m, m_len, scheme, scheme_len,
280	0	authority, authority_len, path, path_len);
281	0	}
282
283	0	out:
284	0	curl_url_cleanup(url);
285	0	return result;
286	0	}
287
288		ssize_t Curl_h1_req_parse_read(struct h1_req_parser *parser,
289		const char *buf, size_t buflen,
290		const char *scheme_default, int options,
291		CURLcode *err)
292	0	{
293	0	ssize_t nread = 0, n;
294
295	0	*err = CURLE_OK;
296	0	while(!parser->done) {
297	0	n = next_line(parser, buf, buflen, options, err);
298	0	if(n < 0) {
299	0	if(*err != CURLE_AGAIN) {
300	0	nread = -1;
301	0	}
302	0	*err = CURLE_OK;
303	0	goto out;
304	0	}
305
306		/* Consume this line */
307	0	nread += (size_t)n;
308	0	buf += (size_t)n;
309	0	buflen -= (size_t)n;
310
311	0	if(!parser->line) {
312		/* consumed bytes, but line not complete */
313	0	if(!buflen)
314	0	goto out;
315	0	}
316	0	else if(!parser->req) {
317	0	*err = start_req(parser, scheme_default, options);
318	0	if(*err) {
319	0	nread = -1;
320	0	goto out;
321	0	}
322	0	}
323	0	else if(parser->line_len == 0) {
324		/* last, empty line, we are finished */
325	0	if(!parser->req) {
326	0	*err = CURLE_URL_MALFORMAT;
327	0	nread = -1;
328	0	goto out;
329	0	}
330	0	parser->done = TRUE;
331	0	Curl_bufq_free(&parser->scratch);
332		/* last chance adjustments */
333	0	}
334	0	else {
335	0	*err = Curl_dynhds_h1_add_line(&parser->req->headers,
336	0	parser->line, parser->line_len);
337	0	if(*err) {
338	0	nread = -1;
339	0	goto out;
340	0	}
341	0	}
342	0	}
343
344	0	out:
345	0	return nread;
346	0	}
347
348
349		#endif /* !CURL_DISABLE_HTTP */