Coverage Report

Created: 2025-06-09 07:02

/src/gdal/curl/lib/ws.c
Line
Count
Source (jump to first uncovered line)
1
/***************************************************************************
2
 *                                  _   _ ____  _
3
 *  Project                     ___| | | |  _ \| |
4
 *                             / __| | | | |_) | |
5
 *                            | (__| |_| |  _ <| |___
6
 *                             \___|\___/|_| \_\_____|
7
 *
8
 * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
9
 *
10
 * This software is licensed as described in the file COPYING, which
11
 * you should have received as part of this distribution. The terms
12
 * are also available at https://curl.se/docs/copyright.html.
13
 *
14
 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15
 * copies of the Software, and permit persons to whom the Software is
16
 * furnished to do so, under the terms of the COPYING file.
17
 *
18
 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19
 * KIND, either express or implied.
20
 *
21
 * SPDX-License-Identifier: curl
22
 *
23
 ***************************************************************************/
24
#include "curl_setup.h"
25
#include <curl/curl.h>
26
27
#if !defined(CURL_DISABLE_WEBSOCKETS) && !defined(CURL_DISABLE_HTTP)
28
29
#include "urldata.h"
30
#include "url.h"
31
#include "bufq.h"
32
#include "curlx/dynbuf.h"
33
#include "rand.h"
34
#include "curlx/base64.h"
35
#include "connect.h"
36
#include "sendf.h"
37
#include "multiif.h"
38
#include "ws.h"
39
#include "easyif.h"
40
#include "transfer.h"
41
#include "select.h"
42
#include "curlx/nonblock.h"
43
#include "curlx/strparse.h"
44
45
/* The last 3 #include files should be in this order */
46
#include "curl_printf.h"
47
#include "curl_memory.h"
48
#include "memdebug.h"
49
50
51
/***
52
    RFC 6455 Section 5.2
53
54
      0 1 2 3 4 5 6 7
55
     +-+-+-+-+-------+
56
     |F|R|R|R| opcode|
57
     |I|S|S|S|  (4)  |
58
     |N|V|V|V|       |
59
     | |1|2|3|       |
60
*/
61
0
#define WSBIT_FIN  (0x80)
62
0
#define WSBIT_RSV1 (0x40)
63
0
#define WSBIT_RSV2 (0x20)
64
0
#define WSBIT_RSV3 (0x10)
65
0
#define WSBIT_RSV_MASK (WSBIT_RSV1 | WSBIT_RSV2 | WSBIT_RSV3)
66
0
#define WSBIT_OPCODE_CONT  (0x0)
67
0
#define WSBIT_OPCODE_TEXT  (0x1)
68
0
#define WSBIT_OPCODE_BIN   (0x2)
69
0
#define WSBIT_OPCODE_CLOSE (0x8)
70
0
#define WSBIT_OPCODE_PING  (0x9)
71
0
#define WSBIT_OPCODE_PONG  (0xa)
72
0
#define WSBIT_OPCODE_MASK  (0xf)
73
74
0
#define WSBIT_MASK 0x80
75
76
/* buffer dimensioning */
77
0
#define WS_CHUNK_SIZE 65535
78
0
#define WS_CHUNK_COUNT 2
79
80
81
/* a client-side WS frame decoder, parsing frame headers and
82
 * payload, keeping track of current position and stats */
83
enum ws_dec_state {
84
  WS_DEC_INIT,
85
  WS_DEC_HEAD,
86
  WS_DEC_PAYLOAD
87
};
88
89
struct ws_decoder {
90
  int frame_age;        /* zero */
91
  int frame_flags;      /* See the CURLWS_* defines */
92
  curl_off_t payload_offset;   /* the offset parsing is at */
93
  curl_off_t payload_len;
94
  unsigned char head[10];
95
  int head_len, head_total;
96
  enum ws_dec_state state;
97
  int cont_flags;
98
};
99
100
/* a client-side WS frame encoder, generating frame headers and
101
 * converting payloads, tracking remaining data in current frame */
102
struct ws_encoder {
103
  curl_off_t payload_len;  /* payload length of current frame */
104
  curl_off_t payload_remain;  /* remaining payload of current */
105
  unsigned int xori; /* xor index */
106
  unsigned char mask[4]; /* 32-bit mask for this connection */
107
  unsigned char firstbyte; /* first byte of frame we encode */
108
  BIT(contfragment); /* set TRUE if the previous fragment sent was not final */
109
};
110
111
/* A websocket connection with en- and decoder that treat frames
112
 * and keep track of boundaries. */
113
struct websocket {
114
  struct Curl_easy *data; /* used for write callback handling */
115
  struct ws_decoder dec;  /* decode of we frames */
116
  struct ws_encoder enc;  /* decode of we frames */
117
  struct bufq recvbuf;    /* raw data from the server */
118
  struct bufq sendbuf;    /* raw data to be sent to the server */
119
  struct curl_ws_frame frame;  /* the current WS FRAME received */
120
  size_t sendbuf_payload; /* number of payload bytes in sendbuf */
121
};
122
123
124
static const char *ws_frame_name_of_op(unsigned char firstbyte)
125
0
{
126
0
  switch(firstbyte & WSBIT_OPCODE_MASK) {
127
0
    case WSBIT_OPCODE_CONT:
128
0
      return "CONT";
129
0
    case WSBIT_OPCODE_TEXT:
130
0
      return "TEXT";
131
0
    case WSBIT_OPCODE_BIN:
132
0
      return "BIN";
133
0
    case WSBIT_OPCODE_CLOSE:
134
0
      return "CLOSE";
135
0
    case WSBIT_OPCODE_PING:
136
0
      return "PING";
137
0
    case WSBIT_OPCODE_PONG:
138
0
      return "PONG";
139
0
    default:
140
0
      return "???";
141
0
  }
142
0
}
143
144
static int ws_frame_firstbyte2flags(struct Curl_easy *data,
145
                                    unsigned char firstbyte, int cont_flags)
146
0
{
147
0
  switch(firstbyte) {
148
    /* 0x00 - intermediate TEXT/BINARY fragment */
149
0
    case WSBIT_OPCODE_CONT:
150
0
      if(!(cont_flags & CURLWS_CONT)) {
151
0
        failf(data, "[WS] no ongoing fragmented message to resume");
152
0
        return 0;
153
0
      }
154
0
      return cont_flags | CURLWS_CONT;
155
    /* 0x80 - final TEXT/BIN fragment */
156
0
    case (WSBIT_OPCODE_CONT | WSBIT_FIN):
157
0
      if(!(cont_flags & CURLWS_CONT)) {
158
0
        failf(data, "[WS] no ongoing fragmented message to resume");
159
0
        return 0;
160
0
      }
161
0
      return cont_flags & ~CURLWS_CONT;
162
    /* 0x01 - first TEXT fragment */
163
0
    case WSBIT_OPCODE_TEXT:
164
0
      if(cont_flags & CURLWS_CONT) {
165
0
        failf(data, "[WS] fragmented message interrupted by new TEXT msg");
166
0
        return 0;
167
0
      }
168
0
      return CURLWS_TEXT | CURLWS_CONT;
169
    /* 0x81 - unfragmented TEXT msg */
170
0
    case (WSBIT_OPCODE_TEXT | WSBIT_FIN):
171
0
      if(cont_flags & CURLWS_CONT) {
172
0
        failf(data, "[WS] fragmented message interrupted by new TEXT msg");
173
0
        return 0;
174
0
      }
175
0
      return CURLWS_TEXT;
176
    /* 0x02 - first BINARY fragment */
177
0
    case WSBIT_OPCODE_BIN:
178
0
      if(cont_flags & CURLWS_CONT) {
179
0
        failf(data, "[WS] fragmented message interrupted by new BINARY msg");
180
0
        return 0;
181
0
      }
182
0
      return CURLWS_BINARY | CURLWS_CONT;
183
    /* 0x82 - unfragmented BINARY msg */
184
0
    case (WSBIT_OPCODE_BIN | WSBIT_FIN):
185
0
      if(cont_flags & CURLWS_CONT) {
186
0
        failf(data, "[WS] fragmented message interrupted by new BINARY msg");
187
0
        return 0;
188
0
      }
189
0
      return CURLWS_BINARY;
190
    /* 0x08 - first CLOSE fragment */
191
0
    case WSBIT_OPCODE_CLOSE:
192
0
      failf(data, "[WS] invalid fragmented CLOSE frame");
193
0
      return 0;
194
    /* 0x88 - unfragmented CLOSE */
195
0
    case (WSBIT_OPCODE_CLOSE | WSBIT_FIN):
196
0
      return CURLWS_CLOSE;
197
    /* 0x09 - first PING fragment */
198
0
    case WSBIT_OPCODE_PING:
199
0
      failf(data, "[WS] invalid fragmented PING frame");
200
0
      return 0;
201
    /* 0x89 - unfragmented PING */
202
0
    case (WSBIT_OPCODE_PING | WSBIT_FIN):
203
0
      return CURLWS_PING;
204
    /* 0x0a - first PONG fragment */
205
0
    case WSBIT_OPCODE_PONG:
206
0
      failf(data, "[WS] invalid fragmented PONG frame");
207
0
      return 0;
208
    /* 0x8a - unfragmented PONG */
209
0
    case (WSBIT_OPCODE_PONG | WSBIT_FIN):
210
0
      return CURLWS_PONG;
211
    /* invalid first byte */
212
0
    default:
213
0
      if(firstbyte & WSBIT_RSV_MASK)
214
        /* any of the reserved bits 0x40/0x20/0x10 are set */
215
0
        failf(data, "[WS] invalid reserved bits: %02x", firstbyte);
216
0
      else
217
        /* any of the reserved opcodes 0x3-0x7 or 0xb-0xf is used */
218
0
        failf(data, "[WS] invalid opcode: %02x", firstbyte);
219
0
      return 0;
220
0
  }
221
0
}
222
223
static unsigned char ws_frame_flags2firstbyte(struct Curl_easy *data,
224
                                              unsigned int flags,
225
                                              bool contfragment,
226
                                              CURLcode *err)
227
0
{
228
0
  switch(flags & ~CURLWS_OFFSET) {
229
0
    case 0:
230
0
      if(contfragment) {
231
0
        infof(data, "[WS] no flags given; interpreting as continuation "
232
0
                    "fragment for compatibility");
233
0
        return (WSBIT_OPCODE_CONT | WSBIT_FIN);
234
0
      }
235
0
      failf(data, "[WS] no flags given");
236
0
      *err = CURLE_BAD_FUNCTION_ARGUMENT;
237
0
      return 0xff;
238
0
    case CURLWS_CONT:
239
0
      if(contfragment) {
240
0
        infof(data, "[WS] setting CURLWS_CONT flag without message type is "
241
0
                    "supported for compatibility but highly discouraged");
242
0
        return WSBIT_OPCODE_CONT;
243
0
      }
244
0
      failf(data, "[WS] No ongoing fragmented message to continue");
245
0
      *err = CURLE_BAD_FUNCTION_ARGUMENT;
246
0
      return 0xff;
247
0
    case CURLWS_TEXT:
248
0
      return contfragment ? (WSBIT_OPCODE_CONT | WSBIT_FIN)
249
0
                          : (WSBIT_OPCODE_TEXT | WSBIT_FIN);
250
0
    case (CURLWS_TEXT | CURLWS_CONT):
251
0
      return contfragment ? WSBIT_OPCODE_CONT : WSBIT_OPCODE_TEXT;
252
0
    case CURLWS_BINARY:
253
0
      return contfragment ? (WSBIT_OPCODE_CONT | WSBIT_FIN)
254
0
                          : (WSBIT_OPCODE_BIN | WSBIT_FIN);
255
0
    case (CURLWS_BINARY | CURLWS_CONT):
256
0
      return contfragment ? WSBIT_OPCODE_CONT : WSBIT_OPCODE_BIN;
257
0
    case CURLWS_CLOSE:
258
0
      return WSBIT_OPCODE_CLOSE | WSBIT_FIN;
259
0
    case (CURLWS_CLOSE | CURLWS_CONT):
260
0
      failf(data, "[WS] CLOSE frame must not be fragmented");
261
0
      *err = CURLE_BAD_FUNCTION_ARGUMENT;
262
0
      return 0xff;
263
0
    case CURLWS_PING:
264
0
      return WSBIT_OPCODE_PING | WSBIT_FIN;
265
0
    case (CURLWS_PING | CURLWS_CONT):
266
0
      failf(data, "[WS] PING frame must not be fragmented");
267
0
      *err = CURLE_BAD_FUNCTION_ARGUMENT;
268
0
      return 0xff;
269
0
    case CURLWS_PONG:
270
0
      return WSBIT_OPCODE_PONG | WSBIT_FIN;
271
0
    case (CURLWS_PONG | CURLWS_CONT):
272
0
      failf(data, "[WS] PONG frame must not be fragmented");
273
0
      *err = CURLE_BAD_FUNCTION_ARGUMENT;
274
0
      return 0xff;
275
0
    default:
276
0
      failf(data, "[WS] unknown flags: %x", flags);
277
0
      *err = CURLE_BAD_FUNCTION_ARGUMENT;
278
0
      return 0xff;
279
0
  }
280
0
}
281
282
static void ws_dec_info(struct ws_decoder *dec, struct Curl_easy *data,
283
                        const char *msg)
284
0
{
285
0
  switch(dec->head_len) {
286
0
  case 0:
287
0
    break;
288
0
  case 1:
289
0
    CURL_TRC_WS(data, "decoded %s [%s%s]", msg,
290
0
                ws_frame_name_of_op(dec->head[0]),
291
0
                (dec->head[0] & WSBIT_FIN) ? "" : " NON-FINAL");
292
0
    break;
293
0
  default:
294
0
    if(dec->head_len < dec->head_total) {
295
0
      CURL_TRC_WS(data, "decoded %s [%s%s](%d/%d)", msg,
296
0
                  ws_frame_name_of_op(dec->head[0]),
297
0
                  (dec->head[0] & WSBIT_FIN) ? "" : " NON-FINAL",
298
0
                  dec->head_len, dec->head_total);
299
0
    }
300
0
    else {
301
0
      CURL_TRC_WS(data, "decoded %s [%s%s payload=%"
302
0
                  FMT_OFF_T "/%" FMT_OFF_T "]",
303
0
                  msg, ws_frame_name_of_op(dec->head[0]),
304
0
                  (dec->head[0] & WSBIT_FIN) ? "" : " NON-FINAL",
305
0
                  dec->payload_offset, dec->payload_len);
306
0
    }
307
0
    break;
308
0
  }
309
0
}
310
311
static CURLcode ws_send_raw_blocking(CURL *data, struct websocket *ws,
312
                                     const char *buffer, size_t buflen);
313
314
typedef ssize_t ws_write_payload(const unsigned char *buf, size_t buflen,
315
                                 int frame_age, int frame_flags,
316
                                 curl_off_t payload_offset,
317
                                 curl_off_t payload_len,
318
                                 void *userp,
319
                                 CURLcode *err);
320
321
static void ws_dec_next_frame(struct ws_decoder *dec)
322
0
{
323
0
  dec->frame_age = 0;
324
0
  dec->frame_flags = 0;
325
0
  dec->payload_offset = 0;
326
0
  dec->payload_len = 0;
327
0
  dec->head_len = dec->head_total = 0;
328
0
  dec->state = WS_DEC_INIT;
329
  /* dec->cont_flags must be carried over to next frame */
330
0
}
331
332
static void ws_dec_reset(struct ws_decoder *dec)
333
0
{
334
0
  dec->frame_age = 0;
335
0
  dec->frame_flags = 0;
336
0
  dec->payload_offset = 0;
337
0
  dec->payload_len = 0;
338
0
  dec->head_len = dec->head_total = 0;
339
0
  dec->state = WS_DEC_INIT;
340
0
  dec->cont_flags = 0;
341
0
}
342
343
static void ws_dec_init(struct ws_decoder *dec)
344
0
{
345
0
  ws_dec_reset(dec);
346
0
}
347
348
static CURLcode ws_dec_read_head(struct ws_decoder *dec,
349
                                 struct Curl_easy *data,
350
                                 struct bufq *inraw)
351
0
{
352
0
  const unsigned char *inbuf;
353
0
  size_t inlen;
354
355
0
  while(Curl_bufq_peek(inraw, &inbuf, &inlen)) {
356
0
    if(dec->head_len == 0) {
357
0
      dec->head[0] = *inbuf;
358
0
      Curl_bufq_skip(inraw, 1);
359
360
0
      dec->frame_flags = ws_frame_firstbyte2flags(data, dec->head[0],
361
0
                                                  dec->cont_flags);
362
0
      if(!dec->frame_flags) {
363
0
        ws_dec_reset(dec);
364
0
        return CURLE_RECV_ERROR;
365
0
      }
366
367
      /* fragmentation only applies to data frames (text/binary);
368
       * control frames (close/ping/pong) do not affect the CONT status */
369
0
      if(dec->frame_flags & (CURLWS_TEXT | CURLWS_BINARY)) {
370
0
        dec->cont_flags = dec->frame_flags;
371
0
      }
372
373
0
      dec->head_len = 1;
374
      /* ws_dec_info(dec, data, "seeing opcode"); */
375
0
      continue;
376
0
    }
377
0
    else if(dec->head_len == 1) {
378
0
      dec->head[1] = *inbuf;
379
0
      Curl_bufq_skip(inraw, 1);
380
0
      dec->head_len = 2;
381
382
0
      if(dec->head[1] & WSBIT_MASK) {
383
        /* A client MUST close a connection if it detects a masked frame. */
384
0
        failf(data, "[WS] masked input frame");
385
0
        ws_dec_reset(dec);
386
0
        return CURLE_RECV_ERROR;
387
0
      }
388
0
      if(dec->frame_flags & CURLWS_PING && dec->head[1] > 125) {
389
        /* The maximum valid size of PING frames is 125 bytes.
390
           Accepting overlong pings would mean sending equivalent pongs! */
391
0
        failf(data, "[WS] received PING frame is too big");
392
0
        ws_dec_reset(dec);
393
0
        return CURLE_RECV_ERROR;
394
0
      }
395
0
      if(dec->frame_flags & CURLWS_PONG && dec->head[1] > 125) {
396
        /* The maximum valid size of PONG frames is 125 bytes. */
397
0
        failf(data, "[WS] received PONG frame is too big");
398
0
        ws_dec_reset(dec);
399
0
        return CURLE_RECV_ERROR;
400
0
      }
401
0
      if(dec->frame_flags & CURLWS_CLOSE && dec->head[1] > 125) {
402
        /* The maximum valid size of CLOSE frames is 125 bytes. */
403
0
        failf(data, "[WS] received CLOSE frame is too big");
404
0
        ws_dec_reset(dec);
405
0
        return CURLE_RECV_ERROR;
406
0
      }
407
408
      /* How long is the frame head? */
409
0
      if(dec->head[1] == 126) {
410
0
        dec->head_total = 4;
411
0
        continue;
412
0
      }
413
0
      else if(dec->head[1] == 127) {
414
0
        dec->head_total = 10;
415
0
        continue;
416
0
      }
417
0
      else {
418
0
        dec->head_total = 2;
419
0
      }
420
0
    }
421
422
0
    if(dec->head_len < dec->head_total) {
423
0
      dec->head[dec->head_len] = *inbuf;
424
0
      Curl_bufq_skip(inraw, 1);
425
0
      ++dec->head_len;
426
0
      if(dec->head_len < dec->head_total) {
427
        /* ws_dec_info(dec, data, "decoding head"); */
428
0
        continue;
429
0
      }
430
0
    }
431
    /* got the complete frame head */
432
0
    DEBUGASSERT(dec->head_len == dec->head_total);
433
0
    switch(dec->head_total) {
434
0
    case 2:
435
0
      dec->payload_len = dec->head[1];
436
0
      break;
437
0
    case 4:
438
0
      dec->payload_len = (dec->head[2] << 8) | dec->head[3];
439
0
      break;
440
0
    case 10:
441
0
      if(dec->head[2] > 127) {
442
0
        failf(data, "[WS] frame length longer than 64 signed not supported");
443
0
        return CURLE_RECV_ERROR;
444
0
      }
445
0
      dec->payload_len = ((curl_off_t)dec->head[2] << 56) |
446
0
        (curl_off_t)dec->head[3] << 48 |
447
0
        (curl_off_t)dec->head[4] << 40 |
448
0
        (curl_off_t)dec->head[5] << 32 |
449
0
        (curl_off_t)dec->head[6] << 24 |
450
0
        (curl_off_t)dec->head[7] << 16 |
451
0
        (curl_off_t)dec->head[8] << 8 |
452
0
        dec->head[9];
453
0
      break;
454
0
    default:
455
      /* this should never happen */
456
0
      DEBUGASSERT(0);
457
0
      failf(data, "[WS] unexpected frame header length");
458
0
      return CURLE_RECV_ERROR;
459
0
    }
460
461
0
    dec->frame_age = 0;
462
0
    dec->payload_offset = 0;
463
0
    ws_dec_info(dec, data, "decoded");
464
0
    return CURLE_OK;
465
0
  }
466
0
  return CURLE_AGAIN;
467
0
}
468
469
static CURLcode ws_dec_pass_payload(struct ws_decoder *dec,
470
                                    struct Curl_easy *data,
471
                                    struct bufq *inraw,
472
                                    ws_write_payload *write_payload,
473
                                    void *write_ctx)
474
0
{
475
0
  const unsigned char *inbuf;
476
0
  size_t inlen;
477
0
  ssize_t nwritten;
478
0
  CURLcode result;
479
0
  curl_off_t remain = dec->payload_len - dec->payload_offset;
480
481
0
  (void)data;
482
0
  while(remain && Curl_bufq_peek(inraw, &inbuf, &inlen)) {
483
0
    if((curl_off_t)inlen > remain)
484
0
      inlen = (size_t)remain;
485
0
    nwritten = write_payload(inbuf, inlen, dec->frame_age, dec->frame_flags,
486
0
                             dec->payload_offset, dec->payload_len,
487
0
                             write_ctx, &result);
488
0
    if(nwritten < 0)
489
0
      return result;
490
0
    Curl_bufq_skip(inraw, (size_t)nwritten);
491
0
    dec->payload_offset += (curl_off_t)nwritten;
492
0
    remain = dec->payload_len - dec->payload_offset;
493
0
    CURL_TRC_WS(data, "passed %zd bytes payload, %"
494
0
                FMT_OFF_T " remain", nwritten, remain);
495
0
  }
496
497
0
  return remain ? CURLE_AGAIN : CURLE_OK;
498
0
}
499
500
static CURLcode ws_dec_pass(struct ws_decoder *dec,
501
                            struct Curl_easy *data,
502
                            struct bufq *inraw,
503
                            ws_write_payload *write_payload,
504
                            void *write_ctx)
505
0
{
506
0
  CURLcode result;
507
508
0
  if(Curl_bufq_is_empty(inraw))
509
0
    return CURLE_AGAIN;
510
511
0
  switch(dec->state) {
512
0
  case WS_DEC_INIT:
513
0
    ws_dec_next_frame(dec);
514
0
    dec->state = WS_DEC_HEAD;
515
0
    FALLTHROUGH();
516
0
  case WS_DEC_HEAD:
517
0
    result = ws_dec_read_head(dec, data, inraw);
518
0
    if(result) {
519
0
      if(result != CURLE_AGAIN) {
520
0
        infof(data, "[WS] decode error %d", (int)result);
521
0
        break;  /* real error */
522
0
      }
523
      /* incomplete ws frame head */
524
0
      DEBUGASSERT(Curl_bufq_is_empty(inraw));
525
0
      break;
526
0
    }
527
    /* head parsing done */
528
0
    dec->state = WS_DEC_PAYLOAD;
529
0
    if(dec->payload_len == 0) {
530
0
      ssize_t nwritten;
531
0
      const unsigned char tmp = '\0';
532
      /* special case of a 0 length frame, need to write once */
533
0
      nwritten = write_payload(&tmp, 0, dec->frame_age, dec->frame_flags,
534
0
                               0, 0, write_ctx, &result);
535
0
      if(nwritten < 0)
536
0
        return result;
537
0
      dec->state = WS_DEC_INIT;
538
0
      break;
539
0
    }
540
0
    FALLTHROUGH();
541
0
  case WS_DEC_PAYLOAD:
542
0
    result = ws_dec_pass_payload(dec, data, inraw, write_payload, write_ctx);
543
0
    ws_dec_info(dec, data, "passing");
544
0
    if(result)
545
0
      return result;
546
    /* paylod parsing done */
547
0
    dec->state = WS_DEC_INIT;
548
0
    break;
549
0
  default:
550
    /* we covered all enums above, but some code analyzers are whimps */
551
0
    result = CURLE_FAILED_INIT;
552
0
  }
553
0
  return result;
554
0
}
555
556
static void update_meta(struct websocket *ws,
557
                        int frame_age, int frame_flags,
558
                        curl_off_t payload_offset,
559
                        curl_off_t payload_len,
560
                        size_t cur_len)
561
0
{
562
0
  curl_off_t bytesleft = (payload_len - payload_offset - cur_len);
563
564
0
  ws->frame.age = frame_age;
565
0
  ws->frame.flags = frame_flags;
566
0
  ws->frame.offset = payload_offset;
567
0
  ws->frame.len = cur_len;
568
0
  ws->frame.bytesleft = bytesleft;
569
0
}
570
571
/* WebSockets decoding client writer */
572
struct ws_cw_ctx {
573
  struct Curl_cwriter super;
574
  struct bufq buf;
575
};
576
577
static CURLcode ws_cw_init(struct Curl_easy *data,
578
                           struct Curl_cwriter *writer)
579
0
{
580
0
  struct ws_cw_ctx *ctx = writer->ctx;
581
0
  (void)data;
582
0
  Curl_bufq_init2(&ctx->buf, WS_CHUNK_SIZE, 1, BUFQ_OPT_SOFT_LIMIT);
583
0
  return CURLE_OK;
584
0
}
585
586
static void ws_cw_close(struct Curl_easy *data, struct Curl_cwriter *writer)
587
0
{
588
0
  struct ws_cw_ctx *ctx = writer->ctx;
589
0
  (void) data;
590
0
  Curl_bufq_free(&ctx->buf);
591
0
}
592
593
struct ws_cw_dec_ctx {
594
  struct Curl_easy *data;
595
  struct websocket *ws;
596
  struct Curl_cwriter *next_writer;
597
  int cw_type;
598
};
599
600
static ssize_t ws_cw_dec_next(const unsigned char *buf, size_t buflen,
601
                              int frame_age, int frame_flags,
602
                              curl_off_t payload_offset,
603
                              curl_off_t payload_len,
604
                              void *user_data,
605
                              CURLcode *err)
606
0
{
607
0
  struct ws_cw_dec_ctx *ctx = user_data;
608
0
  struct Curl_easy *data = ctx->data;
609
0
  struct websocket *ws = ctx->ws;
610
0
  bool auto_pong = !data->set.ws_no_auto_pong;
611
0
  curl_off_t remain = (payload_len - (payload_offset + buflen));
612
613
0
  (void)frame_age;
614
615
0
  if(auto_pong && (frame_flags & CURLWS_PING) && !remain) {
616
    /* auto-respond to PINGs, only works for single-frame payloads atm */
617
0
    size_t bytes;
618
0
    infof(data, "[WS] auto-respond to PING with a PONG");
619
    /* send back the exact same content as a PONG */
620
0
    *err = curl_ws_send(data, buf, buflen, &bytes, 0, CURLWS_PONG);
621
0
    if(*err)
622
0
      return -1;
623
0
  }
624
0
  else if(buflen || !remain) {
625
    /* forward the decoded frame to the next client writer. */
626
0
    update_meta(ws, frame_age, frame_flags, payload_offset,
627
0
                payload_len, buflen);
628
629
0
    *err = Curl_cwriter_write(data, ctx->next_writer, ctx->cw_type,
630
0
                              (const char *)buf, buflen);
631
0
    if(*err)
632
0
      return -1;
633
0
  }
634
0
  *err = CURLE_OK;
635
0
  return (ssize_t)buflen;
636
0
}
637
638
static CURLcode ws_cw_write(struct Curl_easy *data,
639
                            struct Curl_cwriter *writer, int type,
640
                            const char *buf, size_t nbytes)
641
0
{
642
0
  struct ws_cw_ctx *ctx = writer->ctx;
643
0
  struct websocket *ws;
644
0
  CURLcode result;
645
646
0
  if(!(type & CLIENTWRITE_BODY) || data->set.ws_raw_mode)
647
0
    return Curl_cwriter_write(data, writer->next, type, buf, nbytes);
648
649
0
  ws = Curl_conn_meta_get(data->conn, CURL_META_PROTO_WS_CONN);
650
0
  if(!ws) {
651
0
    failf(data, "[WS] not a websocket transfer");
652
0
    return CURLE_FAILED_INIT;
653
0
  }
654
655
0
  if(nbytes) {
656
0
    ssize_t nwritten;
657
0
    nwritten = Curl_bufq_write(&ctx->buf, (const unsigned char *)buf,
658
0
                               nbytes, &result);
659
0
    if(nwritten < 0) {
660
0
      infof(data, "[WS] error adding data to buffer %d", result);
661
0
      return result;
662
0
    }
663
0
  }
664
665
0
  while(!Curl_bufq_is_empty(&ctx->buf)) {
666
0
    struct ws_cw_dec_ctx pass_ctx;
667
0
    pass_ctx.data = data;
668
0
    pass_ctx.ws = ws;
669
0
    pass_ctx.next_writer = writer->next;
670
0
    pass_ctx.cw_type = type;
671
0
    result = ws_dec_pass(&ws->dec, data, &ctx->buf,
672
0
                         ws_cw_dec_next, &pass_ctx);
673
0
    if(result == CURLE_AGAIN) {
674
      /* insufficient amount of data, keep it for later.
675
       * we pretend to have written all since we have a copy */
676
0
      CURL_TRC_WS(data, "buffered incomplete frame head");
677
0
      return CURLE_OK;
678
0
    }
679
0
    else if(result) {
680
0
      infof(data, "[WS] decode error %d", (int)result);
681
0
      return result;
682
0
    }
683
0
  }
684
685
0
  if((type & CLIENTWRITE_EOS) && !Curl_bufq_is_empty(&ctx->buf)) {
686
0
    failf(data, "[WS] decode ending with %zd frame bytes remaining",
687
0
          Curl_bufq_len(&ctx->buf));
688
0
    return CURLE_RECV_ERROR;
689
0
  }
690
691
0
  return CURLE_OK;
692
0
}
693
694
/* WebSocket payload decoding client writer. */
695
static const struct Curl_cwtype ws_cw_decode = {
696
  "ws-decode",
697
  NULL,
698
  ws_cw_init,
699
  ws_cw_write,
700
  ws_cw_close,
701
  sizeof(struct ws_cw_ctx)
702
};
703
704
705
static void ws_enc_info(struct ws_encoder *enc, struct Curl_easy *data,
706
                        const char *msg)
707
0
{
708
0
  CURL_TRC_WS(data, "WS-ENC: %s [%s%s payload=%"
709
0
              FMT_OFF_T "/%" FMT_OFF_T "]",
710
0
              msg, ws_frame_name_of_op(enc->firstbyte),
711
0
              (enc->firstbyte & WSBIT_FIN) ? "" : " NON-FIN",
712
0
              enc->payload_len - enc->payload_remain, enc->payload_len);
713
0
}
714
715
static void ws_enc_reset(struct ws_encoder *enc)
716
0
{
717
0
  enc->payload_remain = 0;
718
0
  enc->xori = 0;
719
0
  enc->contfragment = FALSE;
720
0
}
721
722
static void ws_enc_init(struct ws_encoder *enc)
723
0
{
724
0
  ws_enc_reset(enc);
725
0
}
726
727
/***
728
    RFC 6455 Section 5.2
729
730
      0                   1                   2                   3
731
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
732
     +-+-+-+-+-------+-+-------------+-------------------------------+
733
     |F|R|R|R| opcode|M| Payload len |    Extended payload length    |
734
     |I|S|S|S|  (4)  |A|     (7)     |             (16/64)           |
735
     |N|V|V|V|       |S|             |   (if payload len==126/127)   |
736
     | |1|2|3|       |K|             |                               |
737
     +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - +
738
     |     Extended payload length continued, if payload len == 127  |
739
     + - - - - - - - - - - - - - - - +-------------------------------+
740
     |                               |Masking-key, if MASK set to 1  |
741
     +-------------------------------+-------------------------------+
742
     | Masking-key (continued)       |          Payload Data         |
743
     +-------------------------------- - - - - - - - - - - - - - - - +
744
     :                     Payload Data continued ...                :
745
     + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
746
     |                     Payload Data continued ...                |
747
     +---------------------------------------------------------------+
748
*/
749
750
static ssize_t ws_enc_write_head(struct Curl_easy *data,
751
                                 struct ws_encoder *enc,
752
                                 unsigned int flags,
753
                                 curl_off_t payload_len,
754
                                 struct bufq *out,
755
                                 CURLcode *err)
756
0
{
757
0
  unsigned char firstbyte = 0;
758
0
  unsigned char head[14];
759
0
  size_t hlen;
760
0
  ssize_t n;
761
762
0
  if(payload_len < 0) {
763
0
    failf(data, "[WS] starting new frame with negative payload length %"
764
0
                FMT_OFF_T, payload_len);
765
0
    *err = CURLE_SEND_ERROR;
766
0
    return -1;
767
0
  }
768
769
0
  if(enc->payload_remain > 0) {
770
    /* trying to write a new frame before the previous one is finished */
771
0
    failf(data, "[WS] starting new frame with %zd bytes from last one "
772
0
                "remaining to be sent", (ssize_t)enc->payload_remain);
773
0
    *err = CURLE_SEND_ERROR;
774
0
    return -1;
775
0
  }
776
777
0
  firstbyte = ws_frame_flags2firstbyte(data, flags, enc->contfragment, err);
778
0
  if(*err) {
779
0
    return -1;
780
0
  }
781
782
  /* fragmentation only applies to data frames (text/binary);
783
   * control frames (close/ping/pong) do not affect the CONT status */
784
0
  if(flags & (CURLWS_TEXT | CURLWS_BINARY)) {
785
0
    enc->contfragment = (flags & CURLWS_CONT) ? (bit)TRUE : (bit)FALSE;
786
0
  }
787
788
0
  if(flags & CURLWS_PING && payload_len > 125) {
789
    /* The maximum valid size of PING frames is 125 bytes. */
790
0
    failf(data, "[WS] given PING frame is too big");
791
0
    *err = CURLE_TOO_LARGE;
792
0
    return -1;
793
0
  }
794
0
  if(flags & CURLWS_PONG && payload_len > 125) {
795
    /* The maximum valid size of PONG frames is 125 bytes. */
796
0
    failf(data, "[WS] given PONG frame is too big");
797
0
    *err = CURLE_TOO_LARGE;
798
0
    return -1;
799
0
  }
800
0
  if(flags & CURLWS_CLOSE && payload_len > 125) {
801
    /* The maximum valid size of CLOSE frames is 125 bytes. */
802
0
    failf(data, "[WS] given CLOSE frame is too big");
803
0
    *err = CURLE_TOO_LARGE;
804
0
    return -1;
805
0
  }
806
807
0
  head[0] = enc->firstbyte = firstbyte;
808
0
  if(payload_len > 65535) {
809
0
    head[1] = 127 | WSBIT_MASK;
810
0
    head[2] = (unsigned char)((payload_len >> 56) & 0xff);
811
0
    head[3] = (unsigned char)((payload_len >> 48) & 0xff);
812
0
    head[4] = (unsigned char)((payload_len >> 40) & 0xff);
813
0
    head[5] = (unsigned char)((payload_len >> 32) & 0xff);
814
0
    head[6] = (unsigned char)((payload_len >> 24) & 0xff);
815
0
    head[7] = (unsigned char)((payload_len >> 16) & 0xff);
816
0
    head[8] = (unsigned char)((payload_len >> 8) & 0xff);
817
0
    head[9] = (unsigned char)(payload_len & 0xff);
818
0
    hlen = 10;
819
0
  }
820
0
  else if(payload_len >= 126) {
821
0
    head[1] = 126 | WSBIT_MASK;
822
0
    head[2] = (unsigned char)((payload_len >> 8) & 0xff);
823
0
    head[3] = (unsigned char)(payload_len & 0xff);
824
0
    hlen = 4;
825
0
  }
826
0
  else {
827
0
    head[1] = (unsigned char)payload_len | WSBIT_MASK;
828
0
    hlen = 2;
829
0
  }
830
831
0
  enc->payload_remain = enc->payload_len = payload_len;
832
0
  ws_enc_info(enc, data, "sending");
833
834
  /* add 4 bytes mask */
835
0
  memcpy(&head[hlen], &enc->mask, 4);
836
0
  hlen += 4;
837
  /* reset for payload to come */
838
0
  enc->xori = 0;
839
840
0
  n = Curl_bufq_write(out, head, hlen, err);
841
0
  if(n < 0)
842
0
    return -1;
843
0
  if((size_t)n != hlen) {
844
    /* We use a bufq with SOFT_LIMIT, writing should always succeed */
845
0
    DEBUGASSERT(0);
846
0
    *err = CURLE_SEND_ERROR;
847
0
    return -1;
848
0
  }
849
0
  return n;
850
0
}
851
852
static ssize_t ws_enc_write_payload(struct ws_encoder *enc,
853
                                    struct Curl_easy *data,
854
                                    const unsigned char *buf, size_t buflen,
855
                                    struct bufq *out, CURLcode *err)
856
0
{
857
0
  ssize_t n;
858
0
  size_t i, len;
859
860
0
  if(Curl_bufq_is_full(out)) {
861
0
    *err = CURLE_AGAIN;
862
0
    return -1;
863
0
  }
864
865
  /* not the most performant way to do this */
866
0
  len = buflen;
867
0
  if((curl_off_t)len > enc->payload_remain)
868
0
    len = (size_t)enc->payload_remain;
869
870
0
  for(i = 0; i < len; ++i) {
871
0
    unsigned char c = buf[i] ^ enc->mask[enc->xori];
872
0
    n = Curl_bufq_write(out, &c, 1, err);
873
0
    if(n < 0) {
874
0
      if((*err != CURLE_AGAIN) || !i)
875
0
        return -1;
876
0
      break;
877
0
    }
878
0
    enc->xori++;
879
0
    enc->xori &= 3;
880
0
  }
881
0
  enc->payload_remain -= (curl_off_t)i;
882
0
  ws_enc_info(enc, data, "buffered");
883
0
  return (ssize_t)i;
884
0
}
885
886
887
struct wsfield {
888
  const char *name;
889
  const char *val;
890
};
891
892
CURLcode Curl_ws_request(struct Curl_easy *data, struct dynbuf *req)
893
0
{
894
0
  unsigned int i;
895
0
  CURLcode result = CURLE_OK;
896
0
  unsigned char rand[16];
897
0
  char *randstr;
898
0
  size_t randlen;
899
0
  char keyval[40];
900
0
  struct SingleRequest *k = &data->req;
901
0
  struct wsfield heads[]= {
902
0
    {
903
      /* The request MUST contain an |Upgrade| header field whose value
904
         MUST include the "websocket" keyword. */
905
0
      "Upgrade", "websocket"
906
0
    },
907
0
    {
908
      /* The request MUST contain a |Connection| header field whose value
909
         MUST include the "Upgrade" token. */
910
0
      "Connection", "Upgrade",
911
0
    },
912
0
    {
913
      /* The request MUST include a header field with the name
914
         |Sec-WebSocket-Version|. The value of this header field MUST be
915
         13. */
916
0
      "Sec-WebSocket-Version", "13",
917
0
    },
918
0
    {
919
      /* The request MUST include a header field with the name
920
         |Sec-WebSocket-Key|. The value of this header field MUST be a nonce
921
         consisting of a randomly selected 16-byte value that has been
922
         base64-encoded (see Section 4 of [RFC4648]). The nonce MUST be
923
         selected randomly for each connection. */
924
0
      "Sec-WebSocket-Key", NULL,
925
0
    }
926
0
  };
927
0
  heads[3].val = &keyval[0];
928
929
  /* 16 bytes random */
930
0
  result = Curl_rand(data, (unsigned char *)rand, sizeof(rand));
931
0
  if(result)
932
0
    return result;
933
0
  result = curlx_base64_encode((char *)rand, sizeof(rand), &randstr, &randlen);
934
0
  if(result)
935
0
    return result;
936
0
  DEBUGASSERT(randlen < sizeof(keyval));
937
0
  if(randlen >= sizeof(keyval)) {
938
0
    free(randstr);
939
0
    return CURLE_FAILED_INIT;
940
0
  }
941
0
  strcpy(keyval, randstr);
942
0
  free(randstr);
943
0
  for(i = 0; !result && (i < CURL_ARRAYSIZE(heads)); i++) {
944
0
    if(!Curl_checkheaders(data, heads[i].name, strlen(heads[i].name))) {
945
0
      result = curlx_dyn_addf(req, "%s: %s\r\n", heads[i].name,
946
0
                              heads[i].val);
947
0
    }
948
0
  }
949
0
  k->upgr101 = UPGR101_WS;
950
0
  return result;
951
0
}
952
953
static void ws_conn_dtor(void *key, size_t klen, void *entry)
954
0
{
955
0
  struct websocket *ws = entry;
956
0
  (void)key;
957
0
  (void)klen;
958
0
  Curl_bufq_free(&ws->recvbuf);
959
0
  Curl_bufq_free(&ws->sendbuf);
960
0
  free(ws);
961
0
}
962
963
/*
964
 * 'nread' is number of bytes of websocket data already in the buffer at
965
 * 'mem'.
966
 */
967
CURLcode Curl_ws_accept(struct Curl_easy *data,
968
                        const char *mem, size_t nread)
969
0
{
970
0
  struct SingleRequest *k = &data->req;
971
0
  struct websocket *ws;
972
0
  struct Curl_cwriter *ws_dec_writer;
973
0
  CURLcode result;
974
975
0
  DEBUGASSERT(data->conn);
976
0
  ws = Curl_conn_meta_get(data->conn, CURL_META_PROTO_WS_CONN);
977
0
  if(!ws) {
978
0
    size_t chunk_size = WS_CHUNK_SIZE;
979
0
    ws = calloc(1, sizeof(*ws));
980
0
    if(!ws)
981
0
      return CURLE_OUT_OF_MEMORY;
982
#ifdef DEBUGBUILD
983
    {
984
      const char *p = getenv("CURL_WS_CHUNK_SIZE");
985
      if(p) {
986
        curl_off_t l;
987
        if(!curlx_str_number(&p, &l, 1*1024*1024))
988
          chunk_size = (size_t)l;
989
      }
990
    }
991
#endif
992
0
    CURL_TRC_WS(data, "WS, using chunk size %zu", chunk_size);
993
0
    Curl_bufq_init2(&ws->recvbuf, chunk_size, WS_CHUNK_COUNT,
994
0
                    BUFQ_OPT_SOFT_LIMIT);
995
0
    Curl_bufq_init2(&ws->sendbuf, chunk_size, WS_CHUNK_COUNT,
996
0
                    BUFQ_OPT_SOFT_LIMIT);
997
0
    ws_dec_init(&ws->dec);
998
0
    ws_enc_init(&ws->enc);
999
0
    result = Curl_conn_meta_set(data->conn, CURL_META_PROTO_WS_CONN,
1000
0
                                ws, ws_conn_dtor);
1001
0
    if(result)
1002
0
      return result;
1003
0
  }
1004
0
  else {
1005
0
    Curl_bufq_reset(&ws->recvbuf);
1006
0
    ws_dec_reset(&ws->dec);
1007
0
    ws_enc_reset(&ws->enc);
1008
0
  }
1009
  /* Verify the Sec-WebSocket-Accept response.
1010
1011
     The sent value is the base64 encoded version of a SHA-1 hash done on the
1012
     |Sec-WebSocket-Key| header field concatenated with
1013
     the string "258EAFA5-E914-47DA-95CA-C5AB0DC85B11".
1014
  */
1015
1016
  /* If the response includes a |Sec-WebSocket-Extensions| header field and
1017
     this header field indicates the use of an extension that was not present
1018
     in the client's handshake (the server has indicated an extension not
1019
     requested by the client), the client MUST Fail the WebSocket Connection.
1020
  */
1021
1022
  /* If the response includes a |Sec-WebSocket-Protocol| header field
1023
     and this header field indicates the use of a subprotocol that was
1024
     not present in the client's handshake (the server has indicated a
1025
     subprotocol not requested by the client), the client MUST Fail
1026
     the WebSocket Connection. */
1027
1028
  /* 4 bytes random */
1029
1030
0
  result = Curl_rand(data, (unsigned char *)&ws->enc.mask,
1031
0
                     sizeof(ws->enc.mask));
1032
0
  if(result)
1033
0
    return result;
1034
1035
#ifdef DEBUGBUILD
1036
  if(getenv("CURL_WS_FORCE_ZERO_MASK"))
1037
    /* force the bit mask to 0x00000000, effectively disabling masking */
1038
    memset(ws->enc.mask, 0, sizeof(ws->enc.mask));
1039
#endif
1040
1041
0
  infof(data, "[WS] Received 101, switch to WebSocket; mask %02x%02x%02x%02x",
1042
0
        ws->enc.mask[0], ws->enc.mask[1], ws->enc.mask[2], ws->enc.mask[3]);
1043
1044
  /* Install our client writer that decodes WS frames payload */
1045
0
  result = Curl_cwriter_create(&ws_dec_writer, data, &ws_cw_decode,
1046
0
                               CURL_CW_CONTENT_DECODE);
1047
0
  if(result)
1048
0
    return result;
1049
1050
0
  result = Curl_cwriter_add(data, ws_dec_writer);
1051
0
  if(result) {
1052
0
    Curl_cwriter_free(data, ws_dec_writer);
1053
0
    return result;
1054
0
  }
1055
1056
0
  if(data->set.connect_only) {
1057
0
    ssize_t nwritten;
1058
    /* In CONNECT_ONLY setup, the payloads from `mem` need to be received
1059
     * when using `curl_ws_recv` later on after this transfer is already
1060
     * marked as DONE. */
1061
0
    nwritten = Curl_bufq_write(&ws->recvbuf, (const unsigned char *)mem,
1062
0
                               nread, &result);
1063
0
    if(nwritten < 0)
1064
0
      return result;
1065
0
    CURL_TRC_WS(data, "%zu bytes payload", nread);
1066
0
  }
1067
0
  else { /* !connect_only */
1068
    /* And pass any additional data to the writers */
1069
0
    if(nread) {
1070
0
      result = Curl_client_write(data, CLIENTWRITE_BODY, mem, nread);
1071
0
    }
1072
0
  }
1073
0
  k->upgr101 = UPGR101_RECEIVED;
1074
1075
0
  return result;
1076
0
}
1077
1078
struct ws_collect {
1079
  struct Curl_easy *data;
1080
  unsigned char *buffer;
1081
  size_t buflen;
1082
  size_t bufidx;
1083
  int frame_age;
1084
  int frame_flags;
1085
  curl_off_t payload_offset;
1086
  curl_off_t payload_len;
1087
  bool written;
1088
};
1089
1090
static ssize_t ws_client_collect(const unsigned char *buf, size_t buflen,
1091
                                 int frame_age, int frame_flags,
1092
                                 curl_off_t payload_offset,
1093
                                 curl_off_t payload_len,
1094
                                 void *userp,
1095
                                 CURLcode *err)
1096
0
{
1097
0
  struct ws_collect *ctx = userp;
1098
0
  struct Curl_easy *data = ctx->data;
1099
0
  bool auto_pong = !data->set.ws_no_auto_pong;
1100
0
  size_t nwritten;
1101
0
  curl_off_t remain = (payload_len - (payload_offset + buflen));
1102
1103
0
  if(!ctx->bufidx) {
1104
    /* first write */
1105
0
    ctx->frame_age = frame_age;
1106
0
    ctx->frame_flags = frame_flags;
1107
0
    ctx->payload_offset = payload_offset;
1108
0
    ctx->payload_len = payload_len;
1109
0
  }
1110
1111
0
  if(auto_pong && (frame_flags & CURLWS_PING) && !remain) {
1112
    /* auto-respond to PINGs, only works for single-frame payloads atm */
1113
0
    size_t bytes;
1114
0
    infof(ctx->data, "[WS] auto-respond to PING with a PONG");
1115
    /* send back the exact same content as a PONG */
1116
0
    *err = curl_ws_send(ctx->data, buf, buflen, &bytes, 0, CURLWS_PONG);
1117
0
    if(*err)
1118
0
      return -1;
1119
0
    nwritten = bytes;
1120
0
  }
1121
0
  else {
1122
0
    ctx->written = TRUE;
1123
0
    DEBUGASSERT(ctx->buflen >= ctx->bufidx);
1124
0
    nwritten = CURLMIN(buflen, ctx->buflen - ctx->bufidx);
1125
0
    if(!nwritten) {
1126
0
      if(!buflen) {  /* 0 length write, we accept that */
1127
0
        *err = CURLE_OK;
1128
0
        return 0;
1129
0
      }
1130
0
      *err = CURLE_AGAIN;  /* no more space */
1131
0
      return -1;
1132
0
    }
1133
0
    *err = CURLE_OK;
1134
0
    memcpy(ctx->buffer + ctx->bufidx, buf, nwritten);
1135
0
    ctx->bufidx += nwritten;
1136
0
  }
1137
0
  return nwritten;
1138
0
}
1139
1140
static ssize_t nw_in_recv(void *reader_ctx,
1141
                          unsigned char *buf, size_t buflen,
1142
                          CURLcode *err)
1143
0
{
1144
0
  struct Curl_easy *data = reader_ctx;
1145
0
  size_t nread;
1146
1147
0
  *err = curl_easy_recv(data, buf, buflen, &nread);
1148
0
  if(*err)
1149
0
    return -1;
1150
0
  return (ssize_t)nread;
1151
0
}
1152
1153
CURL_EXTERN CURLcode curl_ws_recv(CURL *d, void *buffer,
1154
                                  size_t buflen, size_t *nread,
1155
                                  const struct curl_ws_frame **metap)
1156
0
{
1157
0
  struct Curl_easy *data = d;
1158
0
  struct connectdata *conn = data->conn;
1159
0
  struct websocket *ws;
1160
0
  struct ws_collect ctx;
1161
1162
0
  *nread = 0;
1163
0
  *metap = NULL;
1164
1165
0
  if(!conn) {
1166
    /* Unhappy hack with lifetimes of transfers and connection */
1167
0
    if(!data->set.connect_only) {
1168
0
      failf(data, "[WS] CONNECT_ONLY is required");
1169
0
      return CURLE_UNSUPPORTED_PROTOCOL;
1170
0
    }
1171
1172
0
    Curl_getconnectinfo(data, &conn);
1173
0
    if(!conn) {
1174
0
      failf(data, "[WS] connection not found");
1175
0
      return CURLE_BAD_FUNCTION_ARGUMENT;
1176
0
    }
1177
0
  }
1178
0
  ws = Curl_conn_meta_get(conn, CURL_META_PROTO_WS_CONN);
1179
0
  if(!ws) {
1180
0
    failf(data, "[WS] connection is not setup for websocket");
1181
0
    return CURLE_BAD_FUNCTION_ARGUMENT;
1182
0
  }
1183
1184
1185
0
  memset(&ctx, 0, sizeof(ctx));
1186
0
  ctx.data = data;
1187
0
  ctx.buffer = buffer;
1188
0
  ctx.buflen = buflen;
1189
1190
0
  while(1) {
1191
0
    CURLcode result;
1192
1193
    /* receive more when our buffer is empty */
1194
0
    if(Curl_bufq_is_empty(&ws->recvbuf)) {
1195
0
      ssize_t n = Curl_bufq_slurp(&ws->recvbuf, nw_in_recv, data, &result);
1196
0
      if(n < 0) {
1197
0
        return result;
1198
0
      }
1199
0
      else if(n == 0) {
1200
        /* connection closed */
1201
0
        infof(data, "[WS] connection expectedly closed?");
1202
0
        return CURLE_GOT_NOTHING;
1203
0
      }
1204
0
      CURL_TRC_WS(data, "curl_ws_recv, added %zu bytes from network",
1205
0
                  Curl_bufq_len(&ws->recvbuf));
1206
0
    }
1207
1208
0
    result = ws_dec_pass(&ws->dec, data, &ws->recvbuf,
1209
0
                         ws_client_collect, &ctx);
1210
0
    if(result == CURLE_AGAIN) {
1211
0
      if(!ctx.written) {
1212
0
        ws_dec_info(&ws->dec, data, "need more input");
1213
0
        continue;  /* nothing written, try more input */
1214
0
      }
1215
0
      break;
1216
0
    }
1217
0
    else if(result) {
1218
0
      return result;
1219
0
    }
1220
0
    else if(ctx.written) {
1221
      /* The decoded frame is passed back to our caller.
1222
       * There are frames like PING were we auto-respond to and
1223
       * that we do not return. For these `ctx.written` is not set. */
1224
0
      break;
1225
0
    }
1226
0
  }
1227
1228
  /* update frame information to be passed back */
1229
0
  update_meta(ws, ctx.frame_age, ctx.frame_flags, ctx.payload_offset,
1230
0
              ctx.payload_len, ctx.bufidx);
1231
0
  *metap = &ws->frame;
1232
0
  *nread = ws->frame.len;
1233
0
  CURL_TRC_WS(data, "curl_ws_recv(len=%zu) -> %zu bytes (frame at %"
1234
0
               FMT_OFF_T ", %" FMT_OFF_T " left)",
1235
0
               buflen, *nread, ws->frame.offset, ws->frame.bytesleft);
1236
0
  return CURLE_OK;
1237
0
}
1238
1239
static CURLcode ws_flush(struct Curl_easy *data, struct websocket *ws,
1240
                         bool blocking)
1241
0
{
1242
0
  if(!Curl_bufq_is_empty(&ws->sendbuf)) {
1243
0
    CURLcode result;
1244
0
    const unsigned char *out;
1245
0
    size_t outlen, n;
1246
#ifdef DEBUGBUILD
1247
    /* Simulate a blocking send after this chunk has been sent */
1248
    bool eagain_next = FALSE;
1249
    size_t chunk_egain = 0;
1250
    const char *p = getenv("CURL_WS_CHUNK_EAGAIN");
1251
    if(p) {
1252
      curl_off_t l;
1253
      if(!curlx_str_number(&p, &l, 1*1024*1024))
1254
        chunk_egain = (size_t)l;
1255
    }
1256
#endif
1257
1258
0
    while(Curl_bufq_peek(&ws->sendbuf, &out, &outlen)) {
1259
#ifdef DEBUGBUILD
1260
      if(eagain_next)
1261
        return CURLE_AGAIN;
1262
      if(chunk_egain && (outlen > chunk_egain)) {
1263
        outlen = chunk_egain;
1264
        eagain_next = TRUE;
1265
      }
1266
#endif
1267
0
      if(blocking) {
1268
0
        result = ws_send_raw_blocking(data, ws, (const char *)out, outlen);
1269
0
        n = result ? 0 : outlen;
1270
0
      }
1271
0
      else if(data->set.connect_only || Curl_is_in_callback(data))
1272
0
        result = Curl_senddata(data, out, outlen, &n);
1273
0
      else {
1274
0
        result = Curl_xfer_send(data, out, outlen, FALSE, &n);
1275
0
        if(!result && !n && outlen)
1276
0
          result = CURLE_AGAIN;
1277
0
      }
1278
1279
0
      if(result == CURLE_AGAIN) {
1280
0
        CURL_TRC_WS(data, "flush EAGAIN, %zu bytes remain in buffer",
1281
0
                    Curl_bufq_len(&ws->sendbuf));
1282
0
        return result;
1283
0
      }
1284
0
      else if(result) {
1285
0
        failf(data, "[WS] flush, write error %d", result);
1286
0
        return result;
1287
0
      }
1288
0
      else {
1289
0
        CURL_TRC_WS(data, "flushed %zu bytes", n);
1290
0
        Curl_bufq_skip(&ws->sendbuf, n);
1291
0
      }
1292
0
    }
1293
0
  }
1294
0
  return CURLE_OK;
1295
0
}
1296
1297
static CURLcode ws_send_raw_blocking(CURL *d, struct websocket *ws,
1298
                                     const char *buffer, size_t buflen)
1299
0
{
1300
0
  CURLcode result = CURLE_OK;
1301
0
  size_t nwritten;
1302
0
  struct Curl_easy *data = d;
1303
1304
0
  (void)ws;
1305
0
  while(buflen) {
1306
0
    result = Curl_xfer_send(data, buffer, buflen, FALSE, &nwritten);
1307
0
    if(result)
1308
0
      return result;
1309
0
    DEBUGASSERT(nwritten <= buflen);
1310
0
    buffer += nwritten;
1311
0
    buflen -= nwritten;
1312
0
    if(buflen) {
1313
0
      curl_socket_t sock = data->conn->sock[FIRSTSOCKET];
1314
0
      timediff_t left_ms;
1315
0
      int ev;
1316
1317
0
      CURL_TRC_WS(data, "ws_send_raw_blocking() partial, %zu left to send",
1318
0
                  buflen);
1319
0
      left_ms = Curl_timeleft(data, NULL, FALSE);
1320
0
      if(left_ms < 0) {
1321
0
        failf(data, "[WS] Timeout waiting for socket becoming writable");
1322
0
        return CURLE_SEND_ERROR;
1323
0
      }
1324
1325
      /* POLLOUT socket */
1326
0
      if(sock == CURL_SOCKET_BAD)
1327
0
        return CURLE_SEND_ERROR;
1328
0
      ev = Curl_socket_check(CURL_SOCKET_BAD, CURL_SOCKET_BAD, sock,
1329
0
                             left_ms ? left_ms : 500);
1330
0
      if(ev < 0) {
1331
0
        failf(data, "[WS] Error while waiting for socket becoming writable");
1332
0
        return CURLE_SEND_ERROR;
1333
0
      }
1334
0
    }
1335
0
  }
1336
0
  return result;
1337
0
}
1338
1339
static CURLcode ws_send_raw(struct Curl_easy *data, const void *buffer,
1340
                            size_t buflen, size_t *pnwritten)
1341
0
{
1342
0
  struct websocket *ws;
1343
0
  CURLcode result;
1344
1345
0
  ws = Curl_conn_meta_get(data->conn, CURL_META_PROTO_WS_CONN);
1346
0
  if(!ws) {
1347
0
    failf(data, "[WS] Not a websocket transfer");
1348
0
    return CURLE_SEND_ERROR;
1349
0
  }
1350
0
  if(!buflen)
1351
0
    return CURLE_OK;
1352
1353
0
  if(Curl_is_in_callback(data)) {
1354
    /* When invoked from inside callbacks, we do a blocking send as the
1355
     * callback will probably not implement partial writes that may then
1356
     * mess up the ws framing subsequently.
1357
     * We need any pending data to be flushed before sending. */
1358
0
    result = ws_flush(data, ws, TRUE);
1359
0
    if(result)
1360
0
      return result;
1361
0
    result = ws_send_raw_blocking(data, ws, buffer, buflen);
1362
0
  }
1363
0
  else {
1364
    /* We need any pending data to be sent or EAGAIN this call. */
1365
0
    result = ws_flush(data, ws, FALSE);
1366
0
    if(result)
1367
0
      return result;
1368
0
    result = Curl_senddata(data, buffer, buflen, pnwritten);
1369
0
  }
1370
1371
0
  CURL_TRC_WS(data, "ws_send_raw(len=%zu) -> %d, %zu",
1372
0
              buflen, result, *pnwritten);
1373
0
  return result;
1374
0
}
1375
1376
CURL_EXTERN CURLcode curl_ws_send(CURL *d, const void *buffer_arg,
1377
                                  size_t buflen, size_t *sent,
1378
                                  curl_off_t fragsize,
1379
                                  unsigned int flags)
1380
0
{
1381
0
  struct websocket *ws;
1382
0
  const unsigned char *buffer = buffer_arg;
1383
0
  ssize_t n;
1384
0
  CURLcode result = CURLE_OK;
1385
0
  struct Curl_easy *data = d;
1386
1387
0
  CURL_TRC_WS(data, "curl_ws_send(len=%zu, fragsize=%" FMT_OFF_T
1388
0
              ", flags=%x), raw=%d",
1389
0
              buflen, fragsize, flags, data->set.ws_raw_mode);
1390
0
  *sent = 0;
1391
0
  if(!data->conn && data->set.connect_only) {
1392
0
    result = Curl_connect_only_attach(data);
1393
0
    if(result)
1394
0
      goto out;
1395
0
  }
1396
0
  if(!data->conn) {
1397
0
    failf(data, "[WS] No associated connection");
1398
0
    result = CURLE_SEND_ERROR;
1399
0
    goto out;
1400
0
  }
1401
0
  ws = Curl_conn_meta_get(data->conn, CURL_META_PROTO_WS_CONN);
1402
0
  if(!ws) {
1403
0
    failf(data, "[WS] Not a websocket transfer");
1404
0
    result = CURLE_SEND_ERROR;
1405
0
    goto out;
1406
0
  }
1407
1408
0
  if(data->set.ws_raw_mode) {
1409
    /* In raw mode, we write directly to the connection */
1410
    /* try flushing any content still waiting to be sent. */
1411
0
    result = ws_flush(data, ws, FALSE);
1412
0
    if(result)
1413
0
      goto out;
1414
1415
0
    if(fragsize || flags) {
1416
0
      failf(data, "[WS] fragsize and flags must be zero in raw mode");
1417
0
      return CURLE_BAD_FUNCTION_ARGUMENT;
1418
0
    }
1419
0
    result = ws_send_raw(data, buffer, buflen, sent);
1420
0
    goto out;
1421
0
  }
1422
1423
  /* Not RAW mode, buf we do the frame encoding */
1424
1425
0
  if(ws->enc.payload_remain || !Curl_bufq_is_empty(&ws->sendbuf)) {
1426
    /* a frame is ongoing with payload buffered or more payload
1427
     * that needs to be encoded into the buffer */
1428
0
    if(buflen < ws->sendbuf_payload) {
1429
      /* We have been called with LESS buffer data than before. This
1430
       * is not how it's supposed too work. */
1431
0
      failf(data, "[WS] curl_ws_send() called with smaller 'buflen' than "
1432
0
            "bytes already buffered in previous call, %zu vs %zu",
1433
0
            buflen, ws->sendbuf_payload);
1434
0
      result = CURLE_BAD_FUNCTION_ARGUMENT;
1435
0
      goto out;
1436
0
    }
1437
0
    if((curl_off_t)buflen >
1438
0
       (ws->enc.payload_remain + (curl_off_t)ws->sendbuf_payload)) {
1439
      /* too large buflen beyond payload length of frame */
1440
0
      failf(data, "[WS] unaligned frame size (sending %zu instead of %"
1441
0
                  FMT_OFF_T ")",
1442
0
            buflen, ws->enc.payload_remain + ws->sendbuf_payload);
1443
0
      result = CURLE_BAD_FUNCTION_ARGUMENT;
1444
0
      goto out;
1445
0
    }
1446
0
  }
1447
0
  else {
1448
    /* starting a new frame, we want a clean sendbuf */
1449
0
    curl_off_t payload_len = (flags & CURLWS_OFFSET) ?
1450
0
                             fragsize : (curl_off_t)buflen;
1451
0
    result = ws_flush(data, ws, Curl_is_in_callback(data));
1452
0
    if(result)
1453
0
      goto out;
1454
1455
0
    n = ws_enc_write_head(data, &ws->enc, flags, payload_len,
1456
0
                          &ws->sendbuf, &result);
1457
0
    if(n < 0)
1458
0
      goto out;
1459
0
  }
1460
1461
  /* While there is either sendbuf to flush OR more payload to encode... */
1462
0
  while(!Curl_bufq_is_empty(&ws->sendbuf) || (buflen > ws->sendbuf_payload)) {
1463
    /* Try to add more payload to sendbuf */
1464
0
    if(buflen > ws->sendbuf_payload) {
1465
0
      size_t prev_len = Curl_bufq_len(&ws->sendbuf);
1466
0
      n = ws_enc_write_payload(&ws->enc, data,
1467
0
                               buffer + ws->sendbuf_payload,
1468
0
                               buflen - ws->sendbuf_payload,
1469
0
                               &ws->sendbuf, &result);
1470
0
      if(n < 0 && (result != CURLE_AGAIN))
1471
0
        goto out;
1472
0
      ws->sendbuf_payload += Curl_bufq_len(&ws->sendbuf) - prev_len;
1473
0
      if(!ws->sendbuf_payload) {
1474
0
        result = CURLE_AGAIN;
1475
0
        goto out;
1476
0
      }
1477
0
    }
1478
1479
    /* flush, blocking when in callback */
1480
0
    result = ws_flush(data, ws, Curl_is_in_callback(data));
1481
0
    if(!result && ws->sendbuf_payload > 0) {
1482
0
      *sent += ws->sendbuf_payload;
1483
0
      buffer += ws->sendbuf_payload;
1484
0
      buflen -= ws->sendbuf_payload;
1485
0
      ws->sendbuf_payload = 0;
1486
0
    }
1487
0
    else if(result == CURLE_AGAIN) {
1488
0
      if(ws->sendbuf_payload > Curl_bufq_len(&ws->sendbuf)) {
1489
        /* blocked, part of payload bytes remain, report length
1490
         * that we managed to send. */
1491
0
        size_t flushed = (ws->sendbuf_payload - Curl_bufq_len(&ws->sendbuf));
1492
0
        *sent += flushed;
1493
0
        ws->sendbuf_payload -= flushed;
1494
0
        result = CURLE_OK;
1495
0
        goto out;
1496
0
      }
1497
0
      else {
1498
        /* blocked before sending headers or 1st payload byte. We cannot report
1499
         * OK on 0-length send (caller counts only payload) and EAGAIN */
1500
0
        CURL_TRC_WS(data, "EAGAIN flushing sendbuf, payload_encoded: %zu/%zu",
1501
0
                    ws->sendbuf_payload, buflen);
1502
0
        DEBUGASSERT(*sent == 0);
1503
0
        result = CURLE_AGAIN;
1504
0
        goto out;
1505
0
      }
1506
0
    }
1507
0
    else
1508
0
      goto out;  /* real error sending the data */
1509
0
  }
1510
1511
0
out:
1512
0
  CURL_TRC_WS(data, "curl_ws_send(len=%zu, fragsize=%" FMT_OFF_T
1513
0
              ", flags=%x, raw=%d) -> %d, %zu",
1514
0
              buflen, fragsize, flags, data->set.ws_raw_mode, result, *sent);
1515
0
  return result;
1516
0
}
1517
1518
static CURLcode ws_setup_conn(struct Curl_easy *data,
1519
                              struct connectdata *conn)
1520
0
{
1521
  /* WebSockets is 1.1 only (for now) */
1522
0
  data->state.http_neg.accept_09 = FALSE;
1523
0
  data->state.http_neg.only_10 = FALSE;
1524
0
  data->state.http_neg.wanted = CURL_HTTP_V1x;
1525
0
  data->state.http_neg.allowed = CURL_HTTP_V1x;
1526
0
  return Curl_http_setup_conn(data, conn);
1527
0
}
1528
1529
1530
CURL_EXTERN const struct curl_ws_frame *curl_ws_meta(CURL *d)
1531
0
{
1532
  /* we only return something for websocket, called from within the callback
1533
     when not using raw mode */
1534
0
  struct Curl_easy *data = d;
1535
0
  if(GOOD_EASY_HANDLE(data) && Curl_is_in_callback(data) &&
1536
0
     data->conn && !data->set.ws_raw_mode) {
1537
0
    struct websocket *ws;
1538
0
    ws = Curl_conn_meta_get(data->conn, CURL_META_PROTO_WS_CONN);
1539
0
    if(ws)
1540
0
      return &ws->frame;
1541
1542
0
  }
1543
0
  return NULL;
1544
0
}
1545
1546
const struct Curl_handler Curl_handler_ws = {
1547
  "WS",                                 /* scheme */
1548
  ws_setup_conn,                        /* setup_connection */
1549
  Curl_http,                            /* do_it */
1550
  Curl_http_done,                       /* done */
1551
  ZERO_NULL,                            /* do_more */
1552
  Curl_http_connect,                    /* connect_it */
1553
  ZERO_NULL,                            /* connecting */
1554
  ZERO_NULL,                            /* doing */
1555
  ZERO_NULL,                            /* proto_getsock */
1556
  Curl_http_getsock_do,                 /* doing_getsock */
1557
  ZERO_NULL,                            /* domore_getsock */
1558
  ZERO_NULL,                            /* perform_getsock */
1559
  ZERO_NULL,                            /* disconnect */
1560
  Curl_http_write_resp,                 /* write_resp */
1561
  Curl_http_write_resp_hd,              /* write_resp_hd */
1562
  ZERO_NULL,                            /* connection_check */
1563
  ZERO_NULL,                            /* attach connection */
1564
  Curl_http_follow,                     /* follow */
1565
  PORT_HTTP,                            /* defport */
1566
  CURLPROTO_WS,                         /* protocol */
1567
  CURLPROTO_HTTP,                       /* family */
1568
  PROTOPT_CREDSPERREQUEST |             /* flags */
1569
  PROTOPT_USERPWDCTRL
1570
};
1571
1572
#ifdef USE_SSL
1573
const struct Curl_handler Curl_handler_wss = {
1574
  "WSS",                                /* scheme */
1575
  ws_setup_conn,                        /* setup_connection */
1576
  Curl_http,                            /* do_it */
1577
  Curl_http_done,                       /* done */
1578
  ZERO_NULL,                            /* do_more */
1579
  Curl_http_connect,                    /* connect_it */
1580
  NULL,                                 /* connecting */
1581
  ZERO_NULL,                            /* doing */
1582
  NULL,                                 /* proto_getsock */
1583
  Curl_http_getsock_do,                 /* doing_getsock */
1584
  ZERO_NULL,                            /* domore_getsock */
1585
  ZERO_NULL,                            /* perform_getsock */
1586
  ZERO_NULL,                            /* disconnect */
1587
  Curl_http_write_resp,                 /* write_resp */
1588
  Curl_http_write_resp_hd,              /* write_resp_hd */
1589
  ZERO_NULL,                            /* connection_check */
1590
  ZERO_NULL,                            /* attach connection */
1591
  Curl_http_follow,                     /* follow */
1592
  PORT_HTTPS,                           /* defport */
1593
  CURLPROTO_WSS,                        /* protocol */
1594
  CURLPROTO_HTTP,                       /* family */
1595
  PROTOPT_SSL | PROTOPT_CREDSPERREQUEST | /* flags */
1596
  PROTOPT_USERPWDCTRL
1597
};
1598
#endif
1599
1600
1601
#else
1602
1603
CURL_EXTERN CURLcode curl_ws_recv(CURL *curl, void *buffer, size_t buflen,
1604
                                  size_t *nread,
1605
                                  const struct curl_ws_frame **metap)
1606
{
1607
  (void)curl;
1608
  (void)buffer;
1609
  (void)buflen;
1610
  (void)nread;
1611
  (void)metap;
1612
  return CURLE_NOT_BUILT_IN;
1613
}
1614
1615
CURL_EXTERN CURLcode curl_ws_send(CURL *curl, const void *buffer,
1616
                                  size_t buflen, size_t *sent,
1617
                                  curl_off_t fragsize,
1618
                                  unsigned int flags)
1619
{
1620
  (void)curl;
1621
  (void)buffer;
1622
  (void)buflen;
1623
  (void)sent;
1624
  (void)fragsize;
1625
  (void)flags;
1626
  return CURLE_NOT_BUILT_IN;
1627
}
1628
1629
CURL_EXTERN const struct curl_ws_frame *curl_ws_meta(CURL *data)
1630
{
1631
  (void)data;
1632
  return NULL;
1633
}
1634
#endif /* !CURL_DISABLE_WEBSOCKETS */