/src/curl/lib/http1.c

Source
/***************************************************************************
 *                                  _   _ ____  _
 *  Project                     ___| | | |  _ \| |
 *                             / __| | | | |_) | |
 *                            | (__| |_| |  _ <| |___
 *                             \___|\___/|_| \_\_____|
 *
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
 *
 * This software is licensed as described in the file COPYING, which
 * you should have received as part of this distribution. The terms
 * are also available at https://curl.se/docs/copyright.html.
 *
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
 * copies of the Software, and permit persons to whom the Software is
 * furnished to do so, under the terms of the COPYING file.
 *
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
 * KIND, either express or implied.
 *
 * SPDX-License-Identifier: curl
 *
 ***************************************************************************/

#include "curl_setup.h"

#ifndef CURL_DISABLE_HTTP

#include "urldata.h"
#include <curl/curl.h>
#include "http.h"
#include "http1.h"
#include "urlapi-int.h"

/* The last 2 #include files should be in this order */
#include "curl_memory.h"
#include "memdebug.h"


#define H1_MAX_URL_LEN   (8*1024)

void Curl_h1_req_parse_init(struct h1_req_parser *parser, size_t max_line_len)
{
  memset(parser, 0, sizeof(*parser));
  parser->max_line_len = max_line_len;
  curlx_dyn_init(&parser->scratch, max_line_len);
}

void Curl_h1_req_parse_free(struct h1_req_parser *parser)
{
  if(parser) {
    Curl_http_req_free(parser->req);
    curlx_dyn_free(&parser->scratch);
    parser->req = NULL;
    parser->done = FALSE;
  }
}

static CURLcode trim_line(struct h1_req_parser *parser, int options)
{
  DEBUGASSERT(parser->line);
  if(parser->line_len) {
    if(parser->line[parser->line_len - 1] == '\n')
      --parser->line_len;
    if(parser->line_len) {
      if(parser->line[parser->line_len - 1] == '\r')
        --parser->line_len;
      else if(options & H1_PARSE_OPT_STRICT)
        return CURLE_URL_MALFORMAT;
    }
    else if(options & H1_PARSE_OPT_STRICT)
      return CURLE_URL_MALFORMAT;
  }
  else if(options & H1_PARSE_OPT_STRICT)
    return CURLE_URL_MALFORMAT;

  if(parser->line_len > parser->max_line_len) {
    return CURLE_URL_MALFORMAT;
  }
  return CURLE_OK;
}

static ssize_t detect_line(struct h1_req_parser *parser,
                           const char *buf, const size_t buflen,
                           CURLcode *err)
{
  const char  *line_end;

  DEBUGASSERT(!parser->line);
  line_end = memchr(buf, '\n', buflen);
  if(!line_end) {
    *err = CURLE_AGAIN;
    return -1;
  }
  parser->line = buf;
  parser->line_len = line_end - buf + 1;
  *err = CURLE_OK;
  return (ssize_t)parser->line_len;
}

static ssize_t next_line(struct h1_req_parser *parser,
                         const char *buf, const size_t buflen, int options,
                         CURLcode *err)
{
  ssize_t nread = 0;

  if(parser->line) {
    parser->line = NULL;
    parser->line_len = 0;
    curlx_dyn_reset(&parser->scratch);
  }

  nread = detect_line(parser, buf, buflen, err);
  if(nread >= 0) {
    if(curlx_dyn_len(&parser->scratch)) {
      /* append detected line to scratch to have the complete line */
      *err = curlx_dyn_addn(&parser->scratch, parser->line, parser->line_len);
      if(*err)
        return -1;
      parser->line = curlx_dyn_ptr(&parser->scratch);
      parser->line_len = curlx_dyn_len(&parser->scratch);
    }
    *err = trim_line(parser, options);
    if(*err)
      return -1;
  }
  else if(*err == CURLE_AGAIN) {
    /* no line end in `buf`, add it to our scratch */
    *err = curlx_dyn_addn(&parser->scratch, (const unsigned char *)buf,
                          buflen);
    nread = (*err) ? -1 : (ssize_t)buflen;
  }
  return nread;
}

static CURLcode start_req(struct h1_req_parser *parser,
                          const char *scheme_default, int options)
{
  const char  *p, *m, *target, *hv, *scheme, *authority, *path;
  size_t m_len, target_len, hv_len, scheme_len, authority_len, path_len;
  size_t i;
  CURLU *url = NULL;
  CURLcode result = CURLE_URL_MALFORMAT; /* Use this as default fail */

  DEBUGASSERT(!parser->req);
  /* line must match: "METHOD TARGET HTTP_VERSION" */
  p = memchr(parser->line, ' ', parser->line_len);
  if(!p || p == parser->line)
    goto out;

  m = parser->line;
  m_len = p - parser->line;
  target = p + 1;
  target_len = hv_len = 0;
  hv = NULL;

  /* URL may contain spaces so scan backwards */
  for(i = parser->line_len; i > m_len; --i) {
    if(parser->line[i] == ' ') {
      hv = &parser->line[i + 1];
      hv_len = parser->line_len - i;
      target_len = (hv - target) - 1;
      break;
    }
  }
  /* no SPACE found or empty TARGET or empty HTTP_VERSION */
  if(!target_len || !hv_len)
    goto out;

  (void)hv;

  /* The TARGET can be (rfc 9112, ch. 3.2):
   * origin-form:     path + optional query
   * absolute-form:   absolute URI
   * authority-form:  host+port for CONNECT
   * asterisk-form:   '*' for OPTIONS
   *
   * from TARGET, we derive `scheme` `authority` `path`
   * origin-form            --        --          TARGET
   * absolute-form          URL*      URL*        URL*
   * authority-form         --        TARGET      --
   * asterisk-form          --        --          TARGET
   */
  scheme = authority = path = NULL;
  scheme_len = authority_len = path_len = 0;

  if(target_len == 1 && target[0] == '*') {
    /* asterisk-form */
    path = target;
    path_len = target_len;
  }
  else if(!strncmp("CONNECT", m, m_len)) {
    /* authority-form */
    authority = target;
    authority_len = target_len;
  }
  else if(target[0] == '/') {
    /* origin-form */
    path = target;
    path_len = target_len;
  }
  else {
    /* origin-form OR absolute-form */
    CURLUcode uc;
    char tmp[H1_MAX_URL_LEN];

    /* default, unless we see an absolute URL */
    path = target;
    path_len = target_len;

    /* URL parser wants null-termination */
    if(target_len >= sizeof(tmp))
      goto out;
    memcpy(tmp, target, target_len);
    tmp[target_len] = '\0';
    /* See if treating TARGET as an absolute URL makes sense */
    if(Curl_is_absolute_url(tmp, NULL, 0, FALSE)) {
      unsigned int url_options;

      url = curl_url();
      if(!url) {
        result = CURLE_OUT_OF_MEMORY;
        goto out;
      }
      url_options = (CURLU_NON_SUPPORT_SCHEME|
                     CURLU_PATH_AS_IS|
                     CURLU_NO_DEFAULT_PORT);
      if(!(options & H1_PARSE_OPT_STRICT))
        url_options |= CURLU_ALLOW_SPACE;
      uc = curl_url_set(url, CURLUPART_URL, tmp, url_options);
      if(uc) {
        goto out;
      }
    }

    if(!url && (options & H1_PARSE_OPT_STRICT)) {
      /* we should have an absolute URL or have seen `/` earlier */
      goto out;
    }
  }

  if(url) {
    result = Curl_http_req_make2(&parser->req, m, m_len, url, scheme_default);
  }
  else {
    if(!scheme && scheme_default) {
      scheme = scheme_default;
      scheme_len = strlen(scheme_default);
    }
    result = Curl_http_req_make(&parser->req, m, m_len, scheme, scheme_len,
                                authority, authority_len, path, path_len);
  }

out:
  curl_url_cleanup(url);
  return result;
}

ssize_t Curl_h1_req_parse_read(struct h1_req_parser *parser,
                               const char *buf, size_t buflen,
                               const char *scheme_default, int options,
                               CURLcode *err)
{
  ssize_t nread = 0, n;

  *err = CURLE_OK;
  while(!parser->done) {
    n = next_line(parser, buf, buflen, options, err);
    if(n < 0) {
      if(*err != CURLE_AGAIN) {
        nread = -1;
      }
      *err = CURLE_OK;
      goto out;
    }

    /* Consume this line */
    nread += (size_t)n;
    buf += (size_t)n;
    buflen -= (size_t)n;

    if(!parser->line) {
      /* consumed bytes, but line not complete */
      if(!buflen)
        goto out;
    }
    else if(!parser->req) {
      *err = start_req(parser, scheme_default, options);
      if(*err) {
        nread = -1;
        goto out;
      }
    }
    else if(parser->line_len == 0) {
      /* last, empty line, we are finished */
      if(!parser->req) {
        *err = CURLE_URL_MALFORMAT;
        nread = -1;
        goto out;
      }
      parser->done = TRUE;
      curlx_dyn_reset(&parser->scratch);
      /* last chance adjustments */
    }
    else {
      *err = Curl_dynhds_h1_add_line(&parser->req->headers,
                                     parser->line, parser->line_len);
      if(*err) {
        nread = -1;
        goto out;
      }
    }
  }

out:
  return nread;
}

CURLcode Curl_h1_req_write_head(struct httpreq *req, int http_minor,
                                struct dynbuf *dbuf)
{
  CURLcode result;

  result = curlx_dyn_addf(dbuf, "%s %s%s%s%s HTTP/1.%d\r\n",
                          req->method,
                          req->scheme ? req->scheme : "",
                          req->scheme ? "://" : "",
                          req->authority ? req->authority : "",
                          req->path ? req->path : "",
                          http_minor);
  if(result)
    goto out;

  result = Curl_dynhds_h1_dprint(&req->headers, dbuf);
  if(result)
    goto out;

  result = curlx_dyn_addn(dbuf, STRCONST("\r\n"));

out:
  return result;
}

#endif /* !CURL_DISABLE_HTTP */

Coverage Report

Created: 2025-10-13 06:43

Line	Count	Source
1		/***************************************************************************
2		* _ _ ____ _
3		* Project ___\| \| \| \| _ \\| \|
4		* / __\| \| \| \| \|_) \| \|
5		* \| (__\| \|_\| \| _ <\| \|___
6		* \___\|\___/\|_\| \_\_____\|
7		*
8		* Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9		*
10		* This software is licensed as described in the file COPYING, which
11		* you should have received as part of this distribution. The terms
12		* are also available at https://curl.se/docs/copyright.html.
13		*
14		* You may opt to use, copy, modify, merge, publish, distribute and/or sell
15		* copies of the Software, and permit persons to whom the Software is
16		* furnished to do so, under the terms of the COPYING file.
17		*
18		* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19		* KIND, either express or implied.
20		*
21		* SPDX-License-Identifier: curl
22		*
23		***************************************************************************/
24
25		#include "curl_setup.h"
26
27		#ifndef CURL_DISABLE_HTTP
28
29		#include "urldata.h"
30		#include <curl/curl.h>
31		#include "http.h"
32		#include "http1.h"
33		#include "urlapi-int.h"
34
35		/* The last 2 #include files should be in this order */
36		#include "curl_memory.h"
37		#include "memdebug.h"
38
39
40		#define H1_MAX_URL_LEN (8*1024)
41
42		void Curl_h1_req_parse_init(struct h1_req_parser *parser, size_t max_line_len)
43	15.2k	{
44	15.2k	memset(parser, 0, sizeof(*parser));
45	15.2k	parser->max_line_len = max_line_len;
46	15.2k	curlx_dyn_init(&parser->scratch, max_line_len);
47	15.2k	}
48
49		void Curl_h1_req_parse_free(struct h1_req_parser *parser)
50	30.2k	{
51	30.2k	if(parser) {
52	30.2k	Curl_http_req_free(parser->req);
53	30.2k	curlx_dyn_free(&parser->scratch);
54	30.2k	parser->req = NULL;
55	30.2k	parser->done = FALSE;
56	30.2k	}
57	30.2k	}
58
59		static CURLcode trim_line(struct h1_req_parser *parser, int options)
60	796k	{
61	796k	DEBUGASSERT(parser->line);
62	796k	if(parser->line_len) {
63	796k	if(parser->line[parser->line_len - 1] == '\n')
64	796k	--parser->line_len;
65	796k	if(parser->line_len) {
66	795k	if(parser->line[parser->line_len - 1] == '\r')
67	158k	--parser->line_len;
68	637k	else if(options & H1_PARSE_OPT_STRICT)
69	0	return CURLE_URL_MALFORMAT;
70	795k	}
71	353	else if(options & H1_PARSE_OPT_STRICT)
72	0	return CURLE_URL_MALFORMAT;
73	796k	}
74	0	else if(options & H1_PARSE_OPT_STRICT)
75	0	return CURLE_URL_MALFORMAT;
76
77	796k	if(parser->line_len > parser->max_line_len) {
78	0	return CURLE_URL_MALFORMAT;
79	0	}
80	796k	return CURLE_OK;
81	796k	}
82
83		static ssize_t detect_line(struct h1_req_parser *parser,
84		const char *buf, const size_t buflen,
85		CURLcode *err)
86	796k	{
87	796k	const char *line_end;
88
89	796k	DEBUGASSERT(!parser->line);
90	796k	line_end = memchr(buf, '\n', buflen);
91	796k	if(!line_end) {
92	219	*err = CURLE_AGAIN;
93	219	return -1;
94	219	}
95	796k	parser->line = buf;
96	796k	parser->line_len = line_end - buf + 1;
97	796k	*err = CURLE_OK;
98	796k	return (ssize_t)parser->line_len;
99	796k	}
100
101		static ssize_t next_line(struct h1_req_parser *parser,
102		const char *buf, const size_t buflen, int options,
103		CURLcode *err)
104	796k	{
105	796k	ssize_t nread = 0;
106
107	796k	if(parser->line) {
108	781k	parser->line = NULL;
109	781k	parser->line_len = 0;
110	781k	curlx_dyn_reset(&parser->scratch);
111	781k	}
112
113	796k	nread = detect_line(parser, buf, buflen, err);
114	796k	if(nread >= 0) {
115	796k	if(curlx_dyn_len(&parser->scratch)) {
116		/* append detected line to scratch to have the complete line */
117	143	*err = curlx_dyn_addn(&parser->scratch, parser->line, parser->line_len);
118	143	if(*err)
119	0	return -1;
120	143	parser->line = curlx_dyn_ptr(&parser->scratch);
121	143	parser->line_len = curlx_dyn_len(&parser->scratch);
122	143	}
123	796k	*err = trim_line(parser, options);
124	796k	if(*err)
125	0	return -1;
126	796k	}
127	219	else if(*err == CURLE_AGAIN) {
128		/* no line end in `buf`, add it to our scratch */
129	219	err = curlx_dyn_addn(&parser->scratch, (const unsigned char )buf,
130	219	buflen);
131	219	nread = (*err) ? -1 : (ssize_t)buflen;
132	219	}
133	796k	return nread;
134	796k	}
135
136		static CURLcode start_req(struct h1_req_parser *parser,
137		const char *scheme_default, int options)
138	15.1k	{
139	15.1k	const char p, m, target, hv, scheme, authority, *path;
140	15.1k	size_t m_len, target_len, hv_len, scheme_len, authority_len, path_len;
141	15.1k	size_t i;
142	15.1k	CURLU *url = NULL;
143	15.1k	CURLcode result = CURLE_URL_MALFORMAT; /* Use this as default fail */
144
145	15.1k	DEBUGASSERT(!parser->req);
146		/* line must match: "METHOD TARGET HTTP_VERSION" */
147	15.1k	p = memchr(parser->line, ' ', parser->line_len);
148	15.1k	if(!p \|\| p == parser->line)
149	15	goto out;
150
151	15.1k	m = parser->line;
152	15.1k	m_len = p - parser->line;
153	15.1k	target = p + 1;
154	15.1k	target_len = hv_len = 0;
155	15.1k	hv = NULL;
156
157		/* URL may contain spaces so scan backwards */
158	124k	for(i = parser->line_len; i > m_len; --i) {
159	124k	if(parser->line[i] == ' ') {
160	15.1k	hv = &parser->line[i + 1];
161	15.1k	hv_len = parser->line_len - i;
162	15.1k	target_len = (hv - target) - 1;
163	15.1k	break;
164	15.1k	}
165	124k	}
166		/* no SPACE found or empty TARGET or empty HTTP_VERSION */
167	15.1k	if(!target_len \|\| !hv_len)
168	18	goto out;
169
170	15.1k	(void)hv;
171
172		/* The TARGET can be (rfc 9112, ch. 3.2):
173		* origin-form: path + optional query
174		* absolute-form: absolute URI
175		* authority-form: host+port for CONNECT
176		* asterisk-form: '*' for OPTIONS
177		*
178		* from TARGET, we derive `scheme` `authority` `path`
179		* origin-form -- -- TARGET
180		* absolute-form URL* URL* URL*
181		* authority-form -- TARGET --
182		* asterisk-form -- -- TARGET
183		*/
184	15.1k	scheme = authority = path = NULL;
185	15.1k	scheme_len = authority_len = path_len = 0;
186
187	15.1k	if(target_len == 1 && target[0] == '*') {
188		/* asterisk-form */
189	10	path = target;
190	10	path_len = target_len;
191	10	}
192	15.1k	else if(!strncmp("CONNECT", m, m_len)) {
193		/* authority-form */
194	43	authority = target;
195	43	authority_len = target_len;
196	43	}
197	15.0k	else if(target[0] == '/') {
198		/* origin-form */
199	14.6k	path = target;
200	14.6k	path_len = target_len;
201	14.6k	}
202	489	else {
203		/* origin-form OR absolute-form */
204	489	CURLUcode uc;
205	489	char tmp[H1_MAX_URL_LEN];
206
207		/* default, unless we see an absolute URL */
208	489	path = target;
209	489	path_len = target_len;
210
211		/* URL parser wants null-termination */
212	489	if(target_len >= sizeof(tmp))
213	3	goto out;
214	486	memcpy(tmp, target, target_len);
215	486	tmp[target_len] = '\0';
216		/* See if treating TARGET as an absolute URL makes sense */
217	486	if(Curl_is_absolute_url(tmp, NULL, 0, FALSE)) {
218	75	unsigned int url_options;
219
220	75	url = curl_url();
221	75	if(!url) {
222	0	result = CURLE_OUT_OF_MEMORY;
223	0	goto out;
224	0	}
225	75	url_options = (CURLU_NON_SUPPORT_SCHEME\|
226	75	CURLU_PATH_AS_IS\|
227	75	CURLU_NO_DEFAULT_PORT);
228	75	if(!(options & H1_PARSE_OPT_STRICT))
229	75	url_options \|= CURLU_ALLOW_SPACE;
230	75	uc = curl_url_set(url, CURLUPART_URL, tmp, url_options);
231	75	if(uc) {
232	9	goto out;
233	9	}
234	75	}
235
236	477	if(!url && (options & H1_PARSE_OPT_STRICT)) {
237		/* we should have an absolute URL or have seen `/` earlier */
238	0	goto out;
239	0	}
240	477	}
241
242	15.1k	if(url) {
243	66	result = Curl_http_req_make2(&parser->req, m, m_len, url, scheme_default);
244	66	}
245	15.0k	else {
246	15.0k	if(!scheme && scheme_default) {
247	0	scheme = scheme_default;
248	0	scheme_len = strlen(scheme_default);
249	0	}
250	15.0k	result = Curl_http_req_make(&parser->req, m, m_len, scheme, scheme_len,
251	15.0k	authority, authority_len, path, path_len);
252	15.0k	}
253
254	15.1k	out:
255	15.1k	curl_url_cleanup(url);
256	15.1k	return result;
257	15.1k	}
258
259		ssize_t Curl_h1_req_parse_read(struct h1_req_parser *parser,
260		const char *buf, size_t buflen,
261		const char *scheme_default, int options,
262		CURLcode *err)
263	15.4k	{
264	15.4k	ssize_t nread = 0, n;
265
266	15.4k	*err = CURLE_OK;
267	811k	while(!parser->done) {
268	796k	n = next_line(parser, buf, buflen, options, err);
269	796k	if(n < 0) {
270	0	if(*err != CURLE_AGAIN) {
271	0	nread = -1;
272	0	}
273	0	*err = CURLE_OK;
274	0	goto out;
275	0	}
276
277		/* Consume this line */
278	796k	nread += (size_t)n;
279	796k	buf += (size_t)n;
280	796k	buflen -= (size_t)n;
281
282	796k	if(!parser->line) {
283		/* consumed bytes, but line not complete */
284	219	if(!buflen)
285	219	goto out;
286	219	}
287	796k	else if(!parser->req) {
288	15.1k	*err = start_req(parser, scheme_default, options);
289	15.1k	if(*err) {
290	45	nread = -1;
291	45	goto out;
292	45	}
293	15.1k	}
294	781k	else if(parser->line_len == 0) {
295		/* last, empty line, we are finished */
296	15.0k	if(!parser->req) {
297	0	*err = CURLE_URL_MALFORMAT;
298	0	nread = -1;
299	0	goto out;
300	0	}
301	15.0k	parser->done = TRUE;
302	15.0k	curlx_dyn_reset(&parser->scratch);
303		/* last chance adjustments */
304	15.0k	}
305	765k	else {
306	765k	*err = Curl_dynhds_h1_add_line(&parser->req->headers,
307	765k	parser->line, parser->line_len);
308	765k	if(*err) {
309	73	nread = -1;
310	73	goto out;
311	73	}
312	765k	}
313	796k	}
314
315	15.4k	out:
316	15.4k	return nread;
317	15.4k	}
318
319		CURLcode Curl_h1_req_write_head(struct httpreq *req, int http_minor,
320		struct dynbuf *dbuf)
321	17.1k	{
322	17.1k	CURLcode result;
323
324	17.1k	result = curlx_dyn_addf(dbuf, "%s %s%s%s%s HTTP/1.%d\r\n",
325	17.1k	req->method,
326	17.1k	req->scheme ? req->scheme : "",
327	17.1k	req->scheme ? "://" : "",
328	17.1k	req->authority ? req->authority : "",
329	17.1k	req->path ? req->path : "",
330	17.1k	http_minor);
331	17.1k	if(result)
332	0	goto out;
333
334	17.1k	result = Curl_dynhds_h1_dprint(&req->headers, dbuf);
335	17.1k	if(result)
336	0	goto out;
337
338	17.1k	result = curlx_dyn_addn(dbuf, STRCONST("\r\n"));
339
340	17.1k	out:
341	17.1k	return result;
342	17.1k	}
343
344		#endif /* !CURL_DISABLE_HTTP */