/src/PROJ/curl/lib/http1.c
Line | Count | Source (jump to first uncovered line) |
1 | | /*************************************************************************** |
2 | | * _ _ ____ _ |
3 | | * Project ___| | | | _ \| | |
4 | | * / __| | | | |_) | | |
5 | | * | (__| |_| | _ <| |___ |
6 | | * \___|\___/|_| \_\_____| |
7 | | * |
8 | | * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al. |
9 | | * |
10 | | * This software is licensed as described in the file COPYING, which |
11 | | * you should have received as part of this distribution. The terms |
12 | | * are also available at https://curl.se/docs/copyright.html. |
13 | | * |
14 | | * You may opt to use, copy, modify, merge, publish, distribute and/or sell |
15 | | * copies of the Software, and permit persons to whom the Software is |
16 | | * furnished to do so, under the terms of the COPYING file. |
17 | | * |
18 | | * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY |
19 | | * KIND, either express or implied. |
20 | | * |
21 | | * SPDX-License-Identifier: curl |
22 | | * |
23 | | ***************************************************************************/ |
24 | | |
25 | | #include "curl_setup.h" |
26 | | |
27 | | #ifndef CURL_DISABLE_HTTP |
28 | | |
29 | | #include "urldata.h" |
30 | | #include <curl/curl.h> |
31 | | #include "http.h" |
32 | | #include "http1.h" |
33 | | #include "urlapi-int.h" |
34 | | |
35 | | /* The last 3 #include files should be in this order */ |
36 | | #include "curl_printf.h" |
37 | | #include "curl_memory.h" |
38 | | #include "memdebug.h" |
39 | | |
40 | | |
41 | | #define H1_MAX_URL_LEN (8*1024) |
42 | | |
43 | | void Curl_h1_req_parse_init(struct h1_req_parser *parser, size_t max_line_len) |
44 | 0 | { |
45 | 0 | memset(parser, 0, sizeof(*parser)); |
46 | 0 | parser->max_line_len = max_line_len; |
47 | 0 | Curl_dyn_init(&parser->scratch, max_line_len); |
48 | 0 | } |
49 | | |
50 | | void Curl_h1_req_parse_free(struct h1_req_parser *parser) |
51 | 0 | { |
52 | 0 | if(parser) { |
53 | 0 | Curl_http_req_free(parser->req); |
54 | 0 | Curl_dyn_free(&parser->scratch); |
55 | 0 | parser->req = NULL; |
56 | 0 | parser->done = FALSE; |
57 | 0 | } |
58 | 0 | } |
59 | | |
60 | | static CURLcode trim_line(struct h1_req_parser *parser, int options) |
61 | 0 | { |
62 | 0 | DEBUGASSERT(parser->line); |
63 | 0 | if(parser->line_len) { |
64 | 0 | if(parser->line[parser->line_len - 1] == '\n') |
65 | 0 | --parser->line_len; |
66 | 0 | if(parser->line_len) { |
67 | 0 | if(parser->line[parser->line_len - 1] == '\r') |
68 | 0 | --parser->line_len; |
69 | 0 | else if(options & H1_PARSE_OPT_STRICT) |
70 | 0 | return CURLE_URL_MALFORMAT; |
71 | 0 | } |
72 | 0 | else if(options & H1_PARSE_OPT_STRICT) |
73 | 0 | return CURLE_URL_MALFORMAT; |
74 | 0 | } |
75 | 0 | else if(options & H1_PARSE_OPT_STRICT) |
76 | 0 | return CURLE_URL_MALFORMAT; |
77 | | |
78 | 0 | if(parser->line_len > parser->max_line_len) { |
79 | 0 | return CURLE_URL_MALFORMAT; |
80 | 0 | } |
81 | 0 | return CURLE_OK; |
82 | 0 | } |
83 | | |
84 | | static ssize_t detect_line(struct h1_req_parser *parser, |
85 | | const char *buf, const size_t buflen, |
86 | | CURLcode *err) |
87 | 0 | { |
88 | 0 | const char *line_end; |
89 | |
|
90 | 0 | DEBUGASSERT(!parser->line); |
91 | 0 | line_end = memchr(buf, '\n', buflen); |
92 | 0 | if(!line_end) { |
93 | 0 | *err = CURLE_AGAIN; |
94 | 0 | return -1; |
95 | 0 | } |
96 | 0 | parser->line = buf; |
97 | 0 | parser->line_len = line_end - buf + 1; |
98 | 0 | *err = CURLE_OK; |
99 | 0 | return (ssize_t)parser->line_len; |
100 | 0 | } |
101 | | |
102 | | static ssize_t next_line(struct h1_req_parser *parser, |
103 | | const char *buf, const size_t buflen, int options, |
104 | | CURLcode *err) |
105 | 0 | { |
106 | 0 | ssize_t nread = 0; |
107 | |
|
108 | 0 | if(parser->line) { |
109 | 0 | parser->line = NULL; |
110 | 0 | parser->line_len = 0; |
111 | 0 | Curl_dyn_reset(&parser->scratch); |
112 | 0 | } |
113 | |
|
114 | 0 | nread = detect_line(parser, buf, buflen, err); |
115 | 0 | if(nread >= 0) { |
116 | 0 | if(Curl_dyn_len(&parser->scratch)) { |
117 | | /* append detected line to scratch to have the complete line */ |
118 | 0 | *err = Curl_dyn_addn(&parser->scratch, parser->line, parser->line_len); |
119 | 0 | if(*err) |
120 | 0 | return -1; |
121 | 0 | parser->line = Curl_dyn_ptr(&parser->scratch); |
122 | 0 | parser->line_len = Curl_dyn_len(&parser->scratch); |
123 | 0 | } |
124 | 0 | *err = trim_line(parser, options); |
125 | 0 | if(*err) |
126 | 0 | return -1; |
127 | 0 | } |
128 | 0 | else if(*err == CURLE_AGAIN) { |
129 | | /* no line end in `buf`, add it to our scratch */ |
130 | 0 | *err = Curl_dyn_addn(&parser->scratch, (const unsigned char *)buf, buflen); |
131 | 0 | nread = (*err)? -1 : (ssize_t)buflen; |
132 | 0 | } |
133 | 0 | return nread; |
134 | 0 | } |
135 | | |
136 | | static CURLcode start_req(struct h1_req_parser *parser, |
137 | | const char *scheme_default, int options) |
138 | 0 | { |
139 | 0 | const char *p, *m, *target, *hv, *scheme, *authority, *path; |
140 | 0 | size_t m_len, target_len, hv_len, scheme_len, authority_len, path_len; |
141 | 0 | size_t i; |
142 | 0 | CURLU *url = NULL; |
143 | 0 | CURLcode result = CURLE_URL_MALFORMAT; /* Use this as default fail */ |
144 | |
|
145 | 0 | DEBUGASSERT(!parser->req); |
146 | | /* line must match: "METHOD TARGET HTTP_VERSION" */ |
147 | 0 | p = memchr(parser->line, ' ', parser->line_len); |
148 | 0 | if(!p || p == parser->line) |
149 | 0 | goto out; |
150 | | |
151 | 0 | m = parser->line; |
152 | 0 | m_len = p - parser->line; |
153 | 0 | target = p + 1; |
154 | 0 | target_len = hv_len = 0; |
155 | 0 | hv = NULL; |
156 | | |
157 | | /* URL may contain spaces so scan backwards */ |
158 | 0 | for(i = parser->line_len; i > m_len; --i) { |
159 | 0 | if(parser->line[i] == ' ') { |
160 | 0 | hv = &parser->line[i + 1]; |
161 | 0 | hv_len = parser->line_len - i; |
162 | 0 | target_len = (hv - target) - 1; |
163 | 0 | break; |
164 | 0 | } |
165 | 0 | } |
166 | | /* no SPACE found or empty TARGET or empty HTTP_VERSION */ |
167 | 0 | if(!target_len || !hv_len) |
168 | 0 | goto out; |
169 | | |
170 | | /* TODO: we do not check HTTP_VERSION for conformity, should |
171 | | + do that when STRICT option is supplied. */ |
172 | 0 | (void)hv; |
173 | | |
174 | | /* The TARGET can be (rfc 9112, ch. 3.2): |
175 | | * origin-form: path + optional query |
176 | | * absolute-form: absolute URI |
177 | | * authority-form: host+port for CONNECT |
178 | | * asterisk-form: '*' for OPTIONS |
179 | | * |
180 | | * from TARGET, we derive `scheme` `authority` `path` |
181 | | * origin-form -- -- TARGET |
182 | | * absolute-form URL* URL* URL* |
183 | | * authority-form -- TARGET -- |
184 | | * asterisk-form -- -- TARGET |
185 | | */ |
186 | 0 | scheme = authority = path = NULL; |
187 | 0 | scheme_len = authority_len = path_len = 0; |
188 | |
|
189 | 0 | if(target_len == 1 && target[0] == '*') { |
190 | | /* asterisk-form */ |
191 | 0 | path = target; |
192 | 0 | path_len = target_len; |
193 | 0 | } |
194 | 0 | else if(!strncmp("CONNECT", m, m_len)) { |
195 | | /* authority-form */ |
196 | 0 | authority = target; |
197 | 0 | authority_len = target_len; |
198 | 0 | } |
199 | 0 | else if(target[0] == '/') { |
200 | | /* origin-form */ |
201 | 0 | path = target; |
202 | 0 | path_len = target_len; |
203 | 0 | } |
204 | 0 | else { |
205 | | /* origin-form OR absolute-form */ |
206 | 0 | CURLUcode uc; |
207 | 0 | char tmp[H1_MAX_URL_LEN]; |
208 | | |
209 | | /* default, unless we see an absolute URL */ |
210 | 0 | path = target; |
211 | 0 | path_len = target_len; |
212 | | |
213 | | /* URL parser wants 0-termination */ |
214 | 0 | if(target_len >= sizeof(tmp)) |
215 | 0 | goto out; |
216 | 0 | memcpy(tmp, target, target_len); |
217 | 0 | tmp[target_len] = '\0'; |
218 | | /* See if treating TARGET as an absolute URL makes sense */ |
219 | 0 | if(Curl_is_absolute_url(tmp, NULL, 0, FALSE)) { |
220 | 0 | int url_options; |
221 | |
|
222 | 0 | url = curl_url(); |
223 | 0 | if(!url) { |
224 | 0 | result = CURLE_OUT_OF_MEMORY; |
225 | 0 | goto out; |
226 | 0 | } |
227 | 0 | url_options = (CURLU_NON_SUPPORT_SCHEME| |
228 | 0 | CURLU_PATH_AS_IS| |
229 | 0 | CURLU_NO_DEFAULT_PORT); |
230 | 0 | if(!(options & H1_PARSE_OPT_STRICT)) |
231 | 0 | url_options |= CURLU_ALLOW_SPACE; |
232 | 0 | uc = curl_url_set(url, CURLUPART_URL, tmp, url_options); |
233 | 0 | if(uc) { |
234 | 0 | goto out; |
235 | 0 | } |
236 | 0 | } |
237 | | |
238 | 0 | if(!url && (options & H1_PARSE_OPT_STRICT)) { |
239 | | /* we should have an absolute URL or have seen `/` earlier */ |
240 | 0 | goto out; |
241 | 0 | } |
242 | 0 | } |
243 | | |
244 | 0 | if(url) { |
245 | 0 | result = Curl_http_req_make2(&parser->req, m, m_len, url, scheme_default); |
246 | 0 | } |
247 | 0 | else { |
248 | 0 | if(!scheme && scheme_default) { |
249 | 0 | scheme = scheme_default; |
250 | 0 | scheme_len = strlen(scheme_default); |
251 | 0 | } |
252 | 0 | result = Curl_http_req_make(&parser->req, m, m_len, scheme, scheme_len, |
253 | 0 | authority, authority_len, path, path_len); |
254 | 0 | } |
255 | |
|
256 | 0 | out: |
257 | 0 | curl_url_cleanup(url); |
258 | 0 | return result; |
259 | 0 | } |
260 | | |
261 | | ssize_t Curl_h1_req_parse_read(struct h1_req_parser *parser, |
262 | | const char *buf, size_t buflen, |
263 | | const char *scheme_default, int options, |
264 | | CURLcode *err) |
265 | 0 | { |
266 | 0 | ssize_t nread = 0, n; |
267 | |
|
268 | 0 | *err = CURLE_OK; |
269 | 0 | while(!parser->done) { |
270 | 0 | n = next_line(parser, buf, buflen, options, err); |
271 | 0 | if(n < 0) { |
272 | 0 | if(*err != CURLE_AGAIN) { |
273 | 0 | nread = -1; |
274 | 0 | } |
275 | 0 | *err = CURLE_OK; |
276 | 0 | goto out; |
277 | 0 | } |
278 | | |
279 | | /* Consume this line */ |
280 | 0 | nread += (size_t)n; |
281 | 0 | buf += (size_t)n; |
282 | 0 | buflen -= (size_t)n; |
283 | |
|
284 | 0 | if(!parser->line) { |
285 | | /* consumed bytes, but line not complete */ |
286 | 0 | if(!buflen) |
287 | 0 | goto out; |
288 | 0 | } |
289 | 0 | else if(!parser->req) { |
290 | 0 | *err = start_req(parser, scheme_default, options); |
291 | 0 | if(*err) { |
292 | 0 | nread = -1; |
293 | 0 | goto out; |
294 | 0 | } |
295 | 0 | } |
296 | 0 | else if(parser->line_len == 0) { |
297 | | /* last, empty line, we are finished */ |
298 | 0 | if(!parser->req) { |
299 | 0 | *err = CURLE_URL_MALFORMAT; |
300 | 0 | nread = -1; |
301 | 0 | goto out; |
302 | 0 | } |
303 | 0 | parser->done = TRUE; |
304 | 0 | Curl_dyn_reset(&parser->scratch); |
305 | | /* last chance adjustments */ |
306 | 0 | } |
307 | 0 | else { |
308 | 0 | *err = Curl_dynhds_h1_add_line(&parser->req->headers, |
309 | 0 | parser->line, parser->line_len); |
310 | 0 | if(*err) { |
311 | 0 | nread = -1; |
312 | 0 | goto out; |
313 | 0 | } |
314 | 0 | } |
315 | 0 | } |
316 | | |
317 | 0 | out: |
318 | 0 | return nread; |
319 | 0 | } |
320 | | |
321 | | CURLcode Curl_h1_req_write_head(struct httpreq *req, int http_minor, |
322 | | struct dynbuf *dbuf) |
323 | 0 | { |
324 | 0 | CURLcode result; |
325 | |
|
326 | 0 | result = Curl_dyn_addf(dbuf, "%s %s%s%s%s HTTP/1.%d\r\n", |
327 | 0 | req->method, |
328 | 0 | req->scheme? req->scheme : "", |
329 | 0 | req->scheme? "://" : "", |
330 | 0 | req->authority? req->authority : "", |
331 | 0 | req->path? req->path : "", |
332 | 0 | http_minor); |
333 | 0 | if(result) |
334 | 0 | goto out; |
335 | | |
336 | 0 | result = Curl_dynhds_h1_dprint(&req->headers, dbuf); |
337 | 0 | if(result) |
338 | 0 | goto out; |
339 | | |
340 | 0 | result = Curl_dyn_addn(dbuf, STRCONST("\r\n")); |
341 | |
|
342 | 0 | out: |
343 | 0 | return result; |
344 | 0 | } |
345 | | |
346 | | #endif /* !CURL_DISABLE_HTTP */ |