//作者:京东瀚览家居官方旗舰店 <--点击关注
//文件名:Request.c
#include <sys/stat.h>
#include <limits.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <ctype.h>
#include "request.h"
#include "keyvalue.h"
#include "log.h"
/* 判断host 格式是否正确,正确返回0 ,否则返回-1 */
static int request_check_hostname(server *srv, connection *con, buffer *host) {
enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL;
size_t i;
int label_len = 0;
size_t host_len;
char *colon;
int is_ip = -1; /* -1 don't know yet, 0 no, 1 yes */
int level = 0;
UNUSED(srv);
UNUSED(con);
/*
* hostport = host [ ":" port ]
* host = hostname | IPv4address | IPv6address
* hostname = *( domainlabel "." ) toplabel [ "." ]
* domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
* toplabel = alpha | alpha *( alphanum | "-" ) alphanum
* IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit
* IPv6address = "[" ... "]"
* port = *digit
*/
/* no Host: */
/* 空或长度为0 , 也认为符合host 格式而返回0 */
if (!host || host->used == 0) return 0;
host_len = host->used - 1;
/* IPv6 adress */
if (host->ptr[0] == '[') {
char *c = host->ptr + 1;
int colon_cnt = 0;
/* check portnumber */
for (; *c && *c != ']'; c++) {
if (*c == ':') {
if (++colon_cnt > 7) {
return -1;
}
} else if (!light_isxdigit(*c)) {
return -1;
}
}
/* missing ] */
if (!*c) {
return -1;
}
/* check port */
if (*(c+1) == ':') {
for (c += 2; *c; c++) {
if (!light_isdigit(*c)) {
return -1;
}
}
}
return 0;
}
/* IP4 地址处理*/
if (NULL != (colon = memchr(host->ptr, ':', host_len))) {
char *c = colon + 1;
/* check portnumber */
for (; *c; c++) {
if (!light_isdigit(*c)) return -1;
}
/* 求得IP4 的host 实际长度*/
/* remove the port from the host-len */
host_len = colon - host->ptr;
}
/* Host is empty */
if (host_len == 0) return -1;
/* if the hostname ends in a "." strip it */
if (host->ptr[host_len-1] == '.') host_len -= 1;
/* scan from the right and skip the \0 */
for (i = host_len - 1; i + 1 > 0; i--) {
const char c = host->ptr[i];
switch (stage) {
case TOPLABEL:
if (c == '.') {
/* only switch stage, if this is not the last character */
if (i != host_len - 1) {
if (label_len == 0) {
return -1;
}
/* check the first character at right of the dot */
if (is_ip == 0) {
if (!light_isalpha(host->ptr[i+1])) {
return -1;
}
} else if (!light_isdigit(host->ptr[i+1])) {
is_ip = 0;
} else if ('-' == host->ptr[i+1]) {
return -1;
} else {
/* just digits */
is_ip = 1;
}
stage = DOMAINLABEL;
label_len = 0;
level++;
} else if (i == 0) {
/* just a dot and nothing else is evil */
return -1;
}
} else if (i == 0) {
/* the first character of the hostname */
if (!light_isalpha(c)) {
return -1;
}
label_len++;
} else {
if (c != '-' && !light_isalnum(c)) {
return -1;
}
if (is_ip == -1) {
if (!light_isdigit(c)) is_ip = 0;
}
label_len++;
}
break;
case DOMAINLABEL:
if (is_ip == 1) {
if (c == '.') {
if (label_len == 0) {
return -1;
}
label_len = 0;
level++;
} else if (!light_isdigit(c)) {
return -1;
} else {
label_len++;
}
} else {
if (c == '.') {
if (label_len == 0) {
return -1;
}
/* c is either - or alphanum here */
if ('-' == host->ptr[i+1]) {
return -1;
}
label_len = 0;
level++;
} else if (i == 0) {
if (!light_isalnum(c)) {
return -1;
}
label_len++;
} else {
if (c != '-' && !light_isalnum(c)) {
return -1;
}
label_len++;
}
}
break;
}
}
/* a IP has to consist of 4 parts */
if (is_ip == 1 && level != 3) {
return -1;
}
if (label_len == 0) {
return -1;
}
return 0;
}
#if 0
#define DUMP_HEADER
#endif
/* 将b内保存的类似于"val1 , val2, val3, val4" 的字符串按"," 分割*/
/* 并保存到vals 数组内, 并且会去除val 前后的空格*/
int http_request_split_value(array *vals, buffer *b) {
char *s;
size_t i;
int state = 0;
/*
* parse
*
* val1, val2, val3, val4
*
* into a array (more or less a explode() incl. striping of whitespaces
*/
if (b->used == 0) return 0;
s = b->ptr;
for (i =0; i < b->used - 1; ) {
char *start = NULL, *end = NULL;
data_string *ds;
switch (state) {
case 0: /* ws */
/* skip ws */
/* 跳过开头的空白字符*/
for (; (*s == ' ' || *s == '\t') && i < b->used - 1; i++, s++);
state = 1;
break;
case 1: /* value */
start = s;
for (; *s != ',' && i < b->used - 1; i++, s++);
end = s - 1; /* 删除末尾的空白字符*/
for (; (*end == ' ' || *end == '\t') && end > start; end--);
if (NULL == (ds = (data_string *)array_get_unused_element(vals, TYPE_STRING))) {
ds = data_string_init();
}
buffer_copy_string_len(ds->value, start, end-start+1);
array_insert_unique(vals, (data_unset *)ds);
if (*s == ',') {
state = 0;
i++;
s++;
} else {
/* end of string */
state = 2;
}
break;
default:
i++;
break;
}
}
return 0;
}
/* 检测c是否为合法的uri 字符*/
int request_uri_is_valid_char(unsigned char c) {
if (c <= 32) return 0;
if (c == 127) return 0;
if (c == 255) return 0;
return 1;
}
/* 解析客户端请求*/
/* 返回1 表示有后续的POST 数据到达, 就会进入CON_STATE_READ_POST 状态*/
int http_request_parse(server *srv, connection *con) {
/* 头域是由关键字( field-name)、冒号和可选值(field-value) 组成的(即message-header=field-name":"[field-value]) */
/* 这里设置is_key 用于标记区分当前处理的字符属于哪部分.*/
/* 1表示属于关键字部分, 为0表示属于field-value 部分*/
char *uri = NULL, *proto = NULL, *method = NULL, con_length_set;
int is_key = 1, key_len = 0, is_ws_after_key = 0, in_folding;
char *value = NULL, *key = NULL;
enum { HTTP_CONNECTION_UNSET, HTTP_CONNECTION_KEEPALIVE, HTTP_CONNECTION_CLOSE } keep_alive_set = HTTP_CONNECTION_UNSET;
int line = 0;
int request_line_stage = 0;
size_t i, first;
int done = 0;
/*
* Request: "^(GET|POST|HEAD) ([^ ]+(\\?[^ ]+|)) (HTTP/1\\.[01])$"
* Option : "^([-a-zA-Z]+): (.+)$"
* End : "^$"
*/
if (con->conf.log_request_header) { /* 日志记录*/
log_error_write(srv, __FILE__, __LINE__, "sdsdSb",
"fd:", con->fd,
"request-len:", con->request.request->used,
"\n", con->request.request);
}
if (con->request_count > 1 &&
con->request.request->ptr[0] == '\r' &&
con->request.request->ptr[1] == '\n') {
/* we are in keep-alive and might get \r\n after a previous POST request.*/
/* 复制到con->parse_request ,接下来对其进行解析*/
buffer_copy_string_len(con->parse_request, con->request.request->ptr + 2, con->request.request->used - 1 - 2);
} else {
/* fill the local request buffer */
buffer_copy_string_buffer(con->parse_request, con->request.request);
}
keep_alive_set = 0;
con_length_set = 0;
/* parse the first line of the request
*
* should be:
*
* <method> <uri> <protocol>\r\n
* */
/* 按照请求行Request-Line 的格式进行逐个字符解析*/
for (i = 0, first = 0; i < con->parse_request->used && line == 0; i++) {
char *cur = con->parse_request->ptr + i;
/* 正常的请求行应该是以\r\n 结束 */
switch(*cur) {
case '\r':
if (con->parse_request->ptr[i+1] == '\n') {
http_method_t r;
char *nuri = NULL;
size_t j;
/* \r\n -> \0\0 */
con->parse_request->ptr[i] = '\0';
con->parse_request->ptr[i+1] = '\0';
/*截取请求行,利用函数buffer_copy_string_len 将parse_request 的前i 个字符(即请求行) */
/* 复制到 request_line 内*/
buffer_copy_string_len(con->request.request_line, con->parse_request->ptr, i);
/*request_line_stage 用于记录已经遇到的空格数, 正常的请求行逐个字符解析后,*/
/* request_line_stage 应该等于2, 即"<method> <uri> <prorocol>\r\n" 格式的请求行只包含2个空格字符*/
/* 否则就是错误的请求,因此设置错误码为400 ( Bad Request) */
if (request_line_stage != 2) {
con->http_status = 400;
con->response.keep_alive = 0;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "incomplete request line -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
}
/* 截取请求行内的method、uri、protocol */
proto = con->parse_request->ptr + first;
*(uri - 1) = '\0'; /* 在method和uri之间截断*/
*(proto - 1) = '\0'; /*在uri和protocol之间截断*/
/* we got the first one :) */
/* 获取request方法*/
if (-1 == (r = get_http_method_key(method))) {
con->http_status = 501;
con->response.keep_alive = 0;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "unknown http-method -> 501");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
}
con->request.http_method = r;
/*
* RFC2616 says:
*
* HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
*
* */
if (0 == strncmp(proto, "HTTP/", sizeof("HTTP/") - 1)) {
char * major = proto + sizeof("HTTP/") - 1; /*主版本号*/
char * minor = strchr(major, '.'); /*副版本号*/
char *err = NULL;
int major_num = 0, minor_num = 0;
int invalid_version = 0;
if (NULL == minor || /* no dot */
minor == major || /* no major */
*(minor + 1) == '\0' /* no minor */) {
invalid_version = 1;
} else {
*minor = '\0';
major_num = strtol(major, &err, 10);
if (*err != '\0') invalid_version = 1;
*minor++ = '.';
minor_num = strtol(minor, &err, 10);
if (*err != '\0') invalid_version = 1;
}
if (invalid_version) { /* 错误的http协议版本号*/
con->http_status = 400;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "unknown protocol -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
}
if (major_num == 1 && minor_num == 1) {
con->request.http_version = con->conf.allow_http11 ? HTTP_VERSION_1_1 : HTTP_VERSION_1_0;
} else if (major_num == 1 && minor_num == 0) {
con->request.http_version = HTTP_VERSION_1_0;
} else {
con->http_status = 505;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "unknown HTTP version -> 505");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
}
} else {
/* 不是http协议*/
con->http_status = 400;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "unknown protocol -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
}
if (0 == strncmp(uri, "http://", 7) &&
NULL != (nuri = strchr(uri + 7, '/'))) {
/* ignore the host-part */
/* 忽略掉主机部分,即当请求行内的uri 为absoluteRUI时,此时请求为*/
/*"GET http://www.example.com/www/index.htm HTTP/1.1" 此时uri内的主机部分*/
/* "http://www.example.com"将被去掉*/
buffer_copy_string_len(con->request.uri, nuri, proto - nuri - 1);
} else {
/* everything looks good so far */
buffer_copy_string_len(con->request.uri, uri, proto - uri - 1);
}
/* check uri for invalid characters */
for (j = 0; j < con->request.uri->used - 1; j++) {
/*这儿的uri是经过客户端编码的,也就是说,当客户请求莫文件时*/
/*若为"http://127.0.0.1:3000/123 4.htm"(文件名内带有空格),传到服务端时,*/
/* 变成了"GET /1234%20.htm HTTP/1.1" ,即空格被编码为%20 */
if (!request_uri_is_valid_char(con->request.uri->ptr[j])) {
/* 捕获非法字符*/
unsigned char buf[2];
con->http_status = 400;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
buf[0] = con->request.uri->ptr[j];
buf[1] = '\0';
if (con->request.uri->ptr[j] > 32 &&
con->request.uri->ptr[j] != 127) {
/* the character is printable -> print it */
log_error_write(srv, __FILE__, __LINE__, "ss",
"invalid character in URI -> 400",
buf);
} else {
/* a control-character, print ascii-code */
log_error_write(srv, __FILE__, __LINE__, "sd",
"invalid character in URI -> 400",
con->request.uri->ptr[j]);
}
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
}
}
/* 转存请求uri */
buffer_copy_string_buffer(con->request.orig_uri, con->request.uri);
con->http_status = 0;
i++;
line++; /* 请求行处理完毕, 设置变量跳出for 循环*/
first = i+1;
}
break;
case ' ':
/* 正常的客户端请求行格式为<method> <uri> <protocol>\r\n*/
/* 即分为三个阶段, request_line_stage 用于记录当前分析处于哪个阶段*/
switch(request_line_stage) {
case 0:
/*第一阶段为<method> , 利用变量method 记录*/
/* GET|POST|... */
method = con->parse_request->ptr + first;
first = i + 1;
break;
case 1:
/*第一阶段为<uri> , 利用变量uri 记录*/
/* /foobar/... */
uri = con->parse_request->ptr + first;
first = i + 1;
break;
default:
/* ERROR, one space to much */
/* 空格字符多余2个,即为错误的请求*/
con->http_status = 400;
con->response.keep_alive = 0;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "overlong request line -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
}
/*遇到一个空格request_line_stage 增加一*/
request_line_stage++;
break;
}
}
in_folding = 0; /* 用于标记折叠行*/
/* 检查是否指定了请求的uri */
if (con->request.uri->used == 1) {
con->http_status = 400;
con->response.keep_alive = 0;
con->keep_alive = 0;
log_error_write(srv, __FILE__, __LINE__, "s", "no uri specified -> 400");
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
}
for (; i < con->parse_request->used && !done; i++) {
/* 解析请求头,is_key 用于标记区分当前处理的字符属于哪部分,为1表示属于field-name部分,*/
/* 为0表示属于field-value部分,这2部分通过冒号分割*/
char *cur = con->parse_request->ptr + i;
if (is_key) { /* is_key初始值为1,field-name部分解析处理*/
size_t j;
int got_colon = 0;
/**
* 1*<any CHAR except CTLs or separators>
* CTLs == 0-31 + 127
*
*/
switch(*cur) {
case ':':
is_key = 0;/* 遇到冒号则进入field-value处理部分*/
value = cur + 1;/*field-value 开始字符位置*/
if (is_ws_after_key == 0) {/*field-value 字符串实际长度*/
key_len = i - first;
}
is_ws_after_key = 0;
break;
case '(':
case ')':
case '<':
case '>':
case '@':
case ',':
case ';':
case '\\':
case '\"':
case '/':
case '[':
case ']':
case '?':
case '=':
case '{':
case '}':
con->http_status = 400;
con->keep_alive = 0;
con->response.keep_alive = 0;
log_error_write(srv, __FILE__, __LINE__, "sbsds",
"invalid character in key", con->request.request, cur, *cur, "-> 400");
return 0;
case ' ':
case '\t':
if (i == first) {
is_key = 0;
in_folding = 1;
value = cur;
break;
}
key_len = i - first;
/* skip every thing up to the : */
for (j = 1; !got_colon; j++) {
switch(con->parse_request->ptr[j + i]) {
case ' ':
case '\t':
/* skip WS */
continue;
case ':':
/* ok, done */
i += j - 1;
got_colon = 1;
break;
default:
/* error */
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "WS character in key -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
con->http_status = 400;
con->response.keep_alive = 0;
con->keep_alive = 0;
return 0;
}
}
break;
case '\r':
if (con->parse_request->ptr[i+1] == '\n' && i == first) {
/* End of Header */
con->parse_request->ptr[i] = '\0';
con->parse_request->ptr[i+1] = '\0';
i++;
done = 1;
break;
} else {
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "CR without LF -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
con->http_status = 400;
con->keep_alive = 0;
con->response.keep_alive = 0;
return 0;
}
/* fall thru */
case 0: /* illegal characters (faster than a if () :) */
case 1:
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
case 8:
case 10:
case 11:
case 12:
case 14:
case 15:
case 16:
case 17:
case 18:
case 19:
case 20:
case 21:
case 22:
case 23:
case 24:
case 25:
case 26:
case 27:
case 28:
case 29:
case 30:
case 31:
case 127:
con->http_status = 400;
con->keep_alive = 0;
con->response.keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "sbsds",
"CTL character in key", con->request.request, cur, *cur, "-> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
default:
/* ok */
break;
}
} else {
switch(*cur) {
case '\r':
if (con->parse_request->ptr[i+1] == '\n') {
data_string *ds = NULL;
/* End of Headerline */
con->parse_request->ptr[i] = '\0';
con->parse_request->ptr[i+1] = '\0';
if (in_folding) {
buffer *key_b;
/**
* we use a evil hack to handle the line-folding
*
* As array_insert_unique() deletes 'ds' in the case of a duplicate
* ds points somewhere and we get a evil crash. As a solution we keep the old
* "key" and get the current value from the hash and append us
*
* */
if (!key || !key_len) {
/* 400 */
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "WS at the start of first line -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
con->http_status = 400;
con->keep_alive = 0;
con->response.keep_alive = 0;
return 0;
}
key_b = buffer_init();
buffer_copy_string_len(key_b, key, key_len);
if (NULL != (ds = (data_string *)array_get_element(con->request.headers, key_b->ptr))) {
buffer_append_string(ds->value, value);
}
buffer_free(key_b);
} else {
int s_len;
key = con->parse_request->ptr + first;
s_len = cur - value;
/* strip trailing white-spaces */
for (; s_len > 0 &&
(value[s_len - 1] == ' ' ||
value[s_len - 1] == '\t'); s_len--);
value[s_len] = '\0';
if (s_len > 0) {
int cmp = 0;
if (NULL == (ds = (data_string *)array_get_unused_element(con->request.headers, TYPE_STRING))) {
ds = data_string_init();
}
buffer_copy_string_len(ds->key, key, key_len);
buffer_copy_string_len(ds->value, value, s_len);
/* retreive values
*
*
* the list of options is sorted to simplify the search
*/
if (0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Connection")))) {
array *vals;
size_t vi;
/* split on , */
vals = srv->split_vals;
array_reset(vals);
http_request_split_value(vals, ds->value);
for (vi = 0; vi < vals->used; vi++) {
data_string *dsv = (data_string *)vals->data[vi];
if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv->value), CONST_STR_LEN("keep-alive"))) {
keep_alive_set = HTTP_CONNECTION_KEEPALIVE;
break;
} else if (0 == buffer_caseless_compare(CONST_BUF_LEN(dsv->value), CONST_STR_LEN("close"))) {
keep_alive_set = HTTP_CONNECTION_CLOSE;
break;
}
}
} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Content-Length")))) {
char *err;
unsigned long int r;
size_t j;
if (con_length_set) {
con->http_status = 400;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s",
"duplicate Content-Length-header -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
array_insert_unique(con->request.headers, (data_unset *)ds);
return 0;
}
if (ds->value->used == 0) SEGFAULT();
for (j = 0; j < ds->value->used - 1; j++) {
char c = ds->value->ptr[j];
if (!isdigit((unsigned char)c)) {
log_error_write(srv, __FILE__, __LINE__, "sbs",
"content-length broken:", ds->value, "-> 400");
con->http_status = 400;
con->keep_alive = 0;
array_insert_unique(con->request.headers, (data_unset *)ds);
return 0;
}
}
r = strtoul(ds->value->ptr, &err, 10);
if (*err == '\0') {
con_length_set = 1;
con->request.content_length = r;
} else {
log_error_write(srv, __FILE__, __LINE__, "sbs",
"content-length broken:", ds->value, "-> 400");
con->http_status = 400;
con->keep_alive = 0;
array_insert_unique(con->request.headers, (data_unset *)ds);
return 0;
}
} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Content-Type")))) {
/* if dup, only the first one will survive */
if (!con->request.http_content_type) {
con->request.http_content_type = ds->value->ptr;
} else {
con->http_status = 400;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s",
"duplicate Content-Type-header -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
array_insert_unique(con->request.headers, (data_unset *)ds);
return 0;
}
} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Expect")))) {
/* HTTP 2616 8.2.3
* Expect: 100-continue
*
* -> (10.1.1) 100 (read content, process request, send final status-code)
* -> (10.4.18) 417 (close)
*
* (not handled at all yet, we always send 417 here)
*
* What has to be added ?
* 1. handling of chunked request body
* 2. out-of-order sending from the HTTP/1.1 100 Continue
* header
*
*/
con->http_status = 417;
con->keep_alive = 0;
array_insert_unique(con->request.headers, (data_unset *)ds);
return 0;
} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Host")))) {
if (!con->request.http_host) {
con->request.http_host = ds->value;
} else {
con->http_status = 400;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s",
"duplicate Host-header -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
array_insert_unique(con->request.headers, (data_unset *)ds);
return 0;
}
} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("If-Modified-Since")))) {
/* Proxies sometimes send dup headers
* if they are the same we ignore the second
* if not, we raise an error */
if (!con->request.http_if_modified_since) {
con->request.http_if_modified_since = ds->value->ptr;
} else if (0 == strcasecmp(con->request.http_if_modified_since,
ds->value->ptr)) {
/* ignore it if they are the same */
ds->free((data_unset *)ds);
ds = NULL;
} else {
con->http_status = 400;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s",
"duplicate If-Modified-Since header -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
array_insert_unique(con->request.headers, (data_unset *)ds);
return 0;
}
} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("If-None-Match")))) {
/* if dup, only the first one will survive */
if (!con->request.http_if_none_match) {
con->request.http_if_none_match = ds->value->ptr;
} else {
con->http_status = 400;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s",
"duplicate If-None-Match-header -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
array_insert_unique(con->request.headers, (data_unset *)ds);
return 0;
}
} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Range")))) {
if (!con->request.http_range) {
/* bytes=.*-.* */
if (0 == strncasecmp(ds->value->ptr, "bytes=", 6) &&
NULL != strchr(ds->value->ptr+6, '-')) {
/* if dup, only the first one will survive */
con->request.http_range = ds->value->ptr + 6;
}
} else {
con->http_status = 400;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s",
"duplicate Range-header -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
array_insert_unique(con->request.headers, (data_unset *)ds);
return 0;
}
}
if (ds) array_insert_unique(con->request.headers, (data_unset *)ds);
} else {
/* empty header-fields are not allowed by HTTP-RFC, we just ignore them */
}
}
i++;
first = i+1;
is_key = 1;
value = 0;
#if 0
/**
* for Bug 1230 keep the key_len a live
*/
key_len = 0;
#endif
in_folding = 0;
} else {
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "sbs",
"CR without LF", con->request.request, "-> 400");
}
con->http_status = 400;
con->keep_alive = 0;
con->response.keep_alive = 0;
return 0;
}
break;
case ' ':
case '\t':
/* strip leading WS */
if (value == cur) value = cur+1;
default:
if (*cur >= 0 && *cur < 32) {
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "sds",
"invalid char in header", (int)*cur, "-> 400");
}
con->http_status = 400;
con->keep_alive = 0;
return 0;
}
break;
}
}
}
con->header_len = i;
/* do some post-processing */
if (con->request.http_version == HTTP_VERSION_1_1) {
if (keep_alive_set != HTTP_CONNECTION_CLOSE) {
/* no Connection-Header sent */
/* HTTP/1.1 -> keep-alive default TRUE */
con->keep_alive = 1;
} else {
con->keep_alive = 0;
}
/* RFC 2616, 14.23 */
if (con->request.http_host == NULL ||
buffer_is_empty(con->request.http_host)) {
con->http_status = 400;
con->response.keep_alive = 0;
con->keep_alive = 0;
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s", "HTTP/1.1 but Host missing -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
return 0;
}
} else {
if (keep_alive_set == HTTP_CONNECTION_KEEPALIVE) {
/* no Connection-Header sent */
/* HTTP/1.0 -> keep-alive default FALSE */
con->keep_alive = 1;
} else {
con->keep_alive = 0;
}
}
/* check hostname field if it is set */
if (NULL != con->request.http_host &&
0 != request_check_hostname(srv, con, con->request.http_host)) {
if (srv->srvconf.log_request_header_on_error) {
log_error_write(srv, __FILE__, __LINE__, "s",
"Invalid Hostname -> 400");
log_error_write(srv, __FILE__, __LINE__, "Sb",
"request-header:\n",
con->request.request);
}
con->http_status = 400;
con->response.keep_alive = 0;
con->keep_alive = 0;
return 0;
}
switch(con->request.http_method) {
case HTTP_METHOD_GET:
case HTTP_METHOD_HEAD:
/* content-length is forbidden for those */
if (con_length_set && con->request.content_length != 0) {
/* content-length is missing */
log_error_write(srv, __FILE__, __LINE__, "s",
"GET/HEAD with content-length -> 400");
con->keep_alive = 0;
con->http_status = 400;
return 0;
}
break;
case HTTP_METHOD_POST:
/* content-length is required for them */
if (!con_length_set) {
/* content-length is missing */
log_error_write(srv, __FILE__, __LINE__, "s",
"POST-request, but content-length missing -> 411");
con->keep_alive = 0;
con->http_status = 411;
return 0;
}
break;
default:
/* the may have a content-length */
break;
}
/* check if we have read post data */
if (con_length_set) {
/* don't handle more the SSIZE_MAX bytes in content-length */
if (con->request.content_length > SSIZE_MAX) {
con->http_status = 413;
con->keep_alive = 0;
log_error_write(srv, __FILE__, __LINE__, "sds",
"request-size too long:", con->request.content_length, "-> 413");
return 0;
}
/* divide by 1024 as srvconf.max_request_size is in kBytes */
if (srv->srvconf.max_request_size != 0 &&
(con->request.content_length >> 10) > srv->srvconf.max_request_size) {
/* the request body itself is larger then
* our our max_request_size
*/
con->http_status = 413;
con->keep_alive = 0;
log_error_write(srv, __FILE__, __LINE__, "sds",
"request-size too long:", con->request.content_length, "-> 413");
return 0;
}
/* we have content */
if (con->request.content_length != 0) {
return 1;
}
}
return 0;
}
int http_request_header_finished(server *srv, connection *con) {
UNUSED(srv);
if (con->request.request->used < 5) return 0;
if (0 == memcmp(con->request.request->ptr + con->request.request->used - 5, "\r\n\r\n", 4)) return 1;
if (NULL != strstr(con->request.request->ptr, "\r\n\r\n")) return 1;
return 0;
}