1 #include "first.h"
2
3 #include "sys-time.h"
4
5 #include "base.h"
6 #include "array.h"
7 #include "buffer.h"
8 #include "chunk.h"
9 #include "fdevent.h"
10 #include "log.h"
11 #include "http_chunk.h"
12 #include "http_cgi.h"
13 #include "http_date.h"
14 #include "http_etag.h"
15 #include "http_header.h"
16 #include "response.h"
17 #include "sock_addr.h"
18 #include "stat_cache.h"
19
20 #include <stdlib.h>
21 #include <string.h>
22 #include <errno.h>
23
24 #include "sys-socket.h"
25 #include <unistd.h>
26
27 /**
28 * max size of the HTTP response header from backends
29 * (differs from server.max-request-field-size for max request field size)
30 */
31 #define MAX_HTTP_RESPONSE_FIELD_SIZE 65535
32
33
34 __attribute_cold__
http_response_buffer_append_authority(request_st * const r,buffer * const o)35 int http_response_buffer_append_authority(request_st * const r, buffer * const o) {
36 if (!buffer_is_blank(&r->uri.authority)) {
37 buffer_append_string_buffer(o, &r->uri.authority);
38 } else {
39 /* get the name of the currently connected socket */
40 sock_addr our_addr;
41 socklen_t our_addr_len;
42
43 our_addr.plain.sa_family = 0;
44 our_addr_len = sizeof(our_addr);
45
46 if (-1 == getsockname(r->con->fd, (struct sockaddr *)&our_addr, &our_addr_len)
47 || our_addr_len > (socklen_t)sizeof(our_addr)) {
48 r->http_status = 500;
49 log_perror(r->conf.errh, __FILE__, __LINE__, "can't get sockname");
50 return -1;
51 }
52
53 if (our_addr.plain.sa_family == AF_INET
54 && our_addr.ipv4.sin_addr.s_addr == htonl(INADDR_LOOPBACK)) {
55 static char lhost[32];
56 static size_t lhost_len = 0;
57 if (0 != lhost_len) {
58 buffer_append_string_len(o, lhost, lhost_len);
59 }
60 else {
61 size_t olen = buffer_clen(o);
62 if (0 == sock_addr_nameinfo_append_buffer(o, &our_addr, r->conf.errh)) {
63 lhost_len = buffer_clen(o) - olen;
64 if (lhost_len < sizeof(lhost)) {
65 memcpy(lhost, o->ptr+olen, lhost_len+1); /*(+1 for '\0')*/
66 }
67 else {
68 lhost_len = 0;
69 }
70 }
71 else {
72 lhost_len = sizeof("localhost")-1;
73 memcpy(lhost, "localhost", lhost_len+1); /*(+1 for '\0')*/
74 buffer_append_string_len(o, lhost, lhost_len);
75 }
76 }
77 } else if (!buffer_is_blank(r->server_name)) {
78 buffer_append_string_buffer(o, r->server_name);
79 } else
80 /* Lookup name: secondly try to get hostname for bind address */
81 if (0 != sock_addr_nameinfo_append_buffer(o, &our_addr, r->conf.errh)) {
82 r->http_status = 500;
83 return -1;
84 }
85
86 {
87 unsigned short listen_port = sock_addr_get_port(&our_addr);
88 unsigned short default_port = 80;
89 if (buffer_is_equal_string(&r->uri.scheme, CONST_STR_LEN("https"))) {
90 default_port = 443;
91 }
92 if (0 == listen_port) listen_port = r->con->srv->srvconf.port;
93 if (default_port != listen_port) {
94 buffer_append_char(o, ':');
95 buffer_append_int(o, listen_port);
96 }
97 }
98 }
99 return 0;
100 }
101
http_response_redirect_to_directory(request_st * const r,int status)102 int http_response_redirect_to_directory(request_st * const r, int status) {
103 buffer *o = r->tmp_buf;
104 buffer_clear(o);
105 /* XXX: store flag in global at startup? */
106 if (r->con->srv->srvconf.absolute_dir_redirect) {
107 buffer_append_str2(o, BUF_PTR_LEN(&r->uri.scheme),
108 CONST_STR_LEN("://"));
109 if (0 != http_response_buffer_append_authority(r, o)) {
110 return -1;
111 }
112 }
113 buffer *vb;
114 if (status >= 300) {
115 r->http_status = status;
116 r->resp_body_finished = 1;
117 vb = http_header_response_set_ptr(r, HTTP_HEADER_LOCATION,
118 CONST_STR_LEN("Location"));
119 }
120 else {
121 vb = http_header_response_set_ptr(r, HTTP_HEADER_CONTENT_LOCATION,
122 CONST_STR_LEN("Content-Location"));
123 }
124 buffer_copy_buffer(vb, o);
125 buffer_append_string_encoded(vb, BUF_PTR_LEN(&r->uri.path),
126 ENCODING_REL_URI);
127 buffer_append_char(vb, '/');
128 if (!buffer_is_blank(&r->uri.query))
129 buffer_append_str2(vb, CONST_STR_LEN("?"),
130 BUF_PTR_LEN(&r->uri.query));
131
132 return 0;
133 }
134
135 #define MTIME_CACHE_MAX 16
136 struct mtime_cache_type {
137 unix_time64_t mtime; /* key */
138 buffer str; /* buffer for string representation */
139 };
140 static struct mtime_cache_type mtime_cache[MTIME_CACHE_MAX];
141 static char mtime_cache_str[MTIME_CACHE_MAX][HTTP_DATE_SZ];
142 /* 30-chars for "%a, %d %b %Y %T GMT" */
143
strftime_cache_reset(void)144 void strftime_cache_reset(void) {
145 for (int i = 0; i < MTIME_CACHE_MAX; ++i) {
146 mtime_cache[i].mtime = -1;
147 mtime_cache[i].str.ptr = mtime_cache_str[i];
148 mtime_cache[i].str.used = sizeof(mtime_cache_str[0]);
149 mtime_cache[i].str.size = sizeof(mtime_cache_str[0]);
150 }
151 }
152
strftime_cache_get(const unix_time64_t last_mod)153 static const buffer * strftime_cache_get(const unix_time64_t last_mod) {
154 /*(note: not bothering to convert *here* if last_mod < 0 (for cache key);
155 * last_mod < 0 handled in http_date_time_to_str() call to gmtime64_r())*/
156
157 static int mtime_cache_idx;
158
159 for (int j = 0; j < MTIME_CACHE_MAX; ++j) {
160 if (mtime_cache[j].mtime == last_mod)
161 return &mtime_cache[j].str; /* found cache-entry */
162 }
163
164 if (++mtime_cache_idx == MTIME_CACHE_MAX) mtime_cache_idx = 0;
165
166 const int i = mtime_cache_idx;
167 http_date_time_to_str(mtime_cache[i].str.ptr, sizeof(mtime_cache_str[0]),
168 (mtime_cache[i].mtime = last_mod));
169
170 return &mtime_cache[i].str;
171 }
172
173
http_response_set_last_modified(request_st * const r,const unix_time64_t lmtime)174 const buffer * http_response_set_last_modified(request_st * const r, const unix_time64_t lmtime) {
175 buffer * const vb =
176 http_header_response_set_ptr(r, HTTP_HEADER_LAST_MODIFIED,
177 CONST_STR_LEN("Last-Modified"));
178 buffer_copy_buffer(vb, strftime_cache_get(lmtime));
179 return vb;
180 }
181
182
183 __attribute_pure__
http_response_maybe_cachable(const request_st * const r)184 static int http_response_maybe_cachable (const request_st * const r) {
185 return (r->rqst_htags
186 & (light_bshift(HTTP_HEADER_IF_NONE_MATCH)
187 |light_bshift(HTTP_HEADER_IF_MODIFIED_SINCE)));
188 }
189
190
http_response_handle_cachable(request_st * const r,const buffer * lmod,const unix_time64_t lmtime)191 int http_response_handle_cachable(request_st * const r, const buffer *lmod, const unix_time64_t lmtime) {
192 if (!http_response_maybe_cachable(r))
193 return HANDLER_GO_ON;
194
195 const buffer *vb, *etag;
196
197 /*
198 * 14.26 If-None-Match
199 * [...]
200 * If none of the entity tags match, then the server MAY perform the
201 * requested method as if the If-None-Match header field did not exist,
202 * but MUST also ignore any If-Modified-Since header field(s) in the
203 * request. That is, if no entity tags match, then the server MUST NOT
204 * return a 304 (Not Modified) response.
205 */
206
207 if ((vb = http_header_request_get(r, HTTP_HEADER_IF_NONE_MATCH,
208 CONST_STR_LEN("If-None-Match")))
209 && (etag = http_header_response_get(r, HTTP_HEADER_ETAG,
210 CONST_STR_LEN("ETag")))) {
211 /*(weak etag comparison must not be used for ranged requests)*/
212 int range_request = (0 != light_btst(r->rqst_htags, HTTP_HEADER_RANGE));
213 if (http_etag_matches(etag, vb->ptr, !range_request)) {
214 if (http_method_get_head_query(r->http_method)) {
215 r->http_status = 304;
216 return HANDLER_FINISHED;
217 } else {
218 r->http_status = 412;
219 r->handler_module = NULL;
220 return HANDLER_FINISHED;
221 }
222 }
223 } else if (http_method_get_head_query(r->http_method)
224 && (vb = http_header_request_get(r, HTTP_HEADER_IF_MODIFIED_SINCE,
225 CONST_STR_LEN("If-Modified-Since")))
226 && (lmod
227 || (lmod = http_header_response_get(r, HTTP_HEADER_LAST_MODIFIED,
228 CONST_STR_LEN("Last-Modified"))))) {
229 /* last-modified handling */
230 if (buffer_is_equal(lmod, vb)
231 || !http_date_if_modified_since(BUF_PTR_LEN(vb), lmtime)) {
232 r->http_status = 304;
233 return HANDLER_FINISHED;
234 }
235 }
236
237 return HANDLER_GO_ON;
238 }
239
240
http_response_body_clear(request_st * const r,int preserve_length)241 void http_response_body_clear (request_st * const r, int preserve_length) {
242 r->resp_body_finished = 0;
243 r->resp_body_started = 0;
244 r->resp_send_chunked = 0;
245 r->resp_body_scratchpad = -1;
246 if (light_btst(r->resp_htags, HTTP_HEADER_TRANSFER_ENCODING)) {
247 http_header_response_unset(r, HTTP_HEADER_TRANSFER_ENCODING,
248 CONST_STR_LEN("Transfer-Encoding"));
249 }
250 if (!preserve_length) { /* preserve for HEAD responses and no-content responses (204, 205, 304) */
251 if (light_btst(r->resp_htags, HTTP_HEADER_CONTENT_LENGTH)) {
252 http_header_response_unset(r, HTTP_HEADER_CONTENT_LENGTH,
253 CONST_STR_LEN("Content-Length"));
254 }
255 /*(if not preserving Content-Length, do not preserve trailers, if any)*/
256 r->resp_decode_chunked = 0;
257 if (r->gw_dechunk) {
258 free(r->gw_dechunk->b.ptr);
259 free(r->gw_dechunk);
260 r->gw_dechunk = NULL;
261 }
262 }
263 chunkqueue_reset(&r->write_queue);
264 }
265
266
http_response_header_clear(request_st * const r)267 static void http_response_header_clear (request_st * const r) {
268 r->http_status = 0;
269 r->resp_htags = 0;
270 r->resp_header_len = 0;
271 r->resp_header_repeated = 0;
272 array_reset_data_strings(&r->resp_headers);
273
274 /* Note: http_response_body_clear(r, 0) is not called here
275 * r->write_queue should be preserved for additional data after 1xx response
276 * However, if http_response_process_headers() was called and response had
277 * Transfer-Encoding: chunked set, then other items need to be reset */
278 r->resp_send_chunked = 0;
279 r->resp_decode_chunked = 0;
280 r->resp_body_scratchpad = -1;
281 if (r->gw_dechunk) {
282 free(r->gw_dechunk->b.ptr);
283 free(r->gw_dechunk);
284 r->gw_dechunk = NULL;
285 }
286 }
287
288
http_response_reset(request_st * const r)289 void http_response_reset (request_st * const r) {
290 r->http_status = 0;
291 r->con->is_writable = 1;
292 r->handler_module = NULL;
293 if (r->physical.path.ptr) { /*(skip for mod_fastcgi authorizer)*/
294 buffer_clear(&r->physical.doc_root);
295 buffer_clear(&r->physical.basedir);
296 buffer_reset(&r->physical.path);
297 buffer_reset(&r->physical.rel_path);
298 }
299 r->resp_htags = 0;
300 r->resp_header_len = 0;
301 r->resp_header_repeated = 0;
302 array_reset_data_strings(&r->resp_headers);
303 http_response_body_clear(r, 0);
304 }
305
306
http_response_reqbody_read_error(request_st * const r,int http_status)307 handler_t http_response_reqbody_read_error (request_st * const r, int http_status) {
308 r->keep_alive = 0;
309
310 /*(do not change status if response headers already set and possibly sent)*/
311 if (0 != r->resp_header_len) return HANDLER_ERROR;
312
313 http_response_body_clear(r, 0);
314 r->http_status = http_status;
315 r->handler_module = NULL;
316 return HANDLER_FINISHED;
317 }
318
319
http_response_send_file(request_st * const r,const buffer * const path,stat_cache_entry * sce)320 void http_response_send_file (request_st * const r, const buffer * const path, stat_cache_entry *sce) {
321 if (__builtin_expect( (NULL == sce), 0)
322 || (__builtin_expect( (sce->fd < 0), 0) && 0 != sce->st.st_size)) {
323 sce = stat_cache_get_entry_open(path, r->conf.follow_symlink);
324 if (NULL == sce) {
325 r->http_status = (errno == ENOENT) ? 404 : 403;
326 log_error(r->conf.errh, __FILE__, __LINE__,
327 "not a regular file: %s -> %s", r->uri.path.ptr, path->ptr);
328 return;
329 }
330 if (sce->fd < 0 && __builtin_expect( (0 != sce->st.st_size), 0)) {
331 r->http_status = (errno == ENOENT) ? 404 : 403;
332 if (r->conf.log_request_handling) {
333 log_perror(r->conf.errh, __FILE__, __LINE__,
334 "file open failed: %s", path->ptr);
335 }
336 return;
337 }
338 }
339
340 if (__builtin_expect( (!r->conf.follow_symlink), 0)
341 && 0 != stat_cache_path_contains_symlink(path, r->conf.errh)) {
342 r->http_status = 403;
343 if (r->conf.log_request_handling) {
344 log_error(r->conf.errh, __FILE__, __LINE__,
345 "-- access denied due symlink restriction");
346 log_error(r->conf.errh, __FILE__, __LINE__,
347 "Path : %s", path->ptr);
348 }
349 return;
350 }
351
352 /* we only handle regular files */
353 if (__builtin_expect( (!S_ISREG(sce->st.st_mode)), 0)) {
354 r->http_status = 403;
355 if (r->conf.log_file_not_found) {
356 log_error(r->conf.errh, __FILE__, __LINE__,
357 "not a regular file: %s -> %s",
358 r->uri.path.ptr, path->ptr);
359 }
360 return;
361 }
362
363 /* set response content-type, if not set already */
364 static const buffer octet_stream =
365 { CONST_STR_LEN("application/octet-stream")+1, 0 };
366 const buffer *content_type = NULL;
367 if (__builtin_expect( (!light_btst(r->resp_htags, HTTP_HEADER_CONTENT_TYPE)), 1)) {
368 content_type = stat_cache_content_type_get(sce, r);
369 if (__builtin_expect( (!content_type), 0)
370 || __builtin_expect( (buffer_is_blank(content_type)), 0))
371 content_type = &octet_stream;
372 http_header_response_set(r, HTTP_HEADER_CONTENT_TYPE,
373 CONST_STR_LEN("Content-Type"),
374 BUF_PTR_LEN(content_type));
375 }
376
377 /* avoid sending caching headers if implicit "application/octet-stream"
378 * This should workaround aggressive caching by FF and script download
379 * seen by the first installations (e.g. if lighttpd is misconfigured)*/
380 int allow_caching = (content_type != &octet_stream)
381 && (0 == r->http_status || 200 == r->http_status);
382 if (__builtin_expect( (allow_caching), 1)) {
383 if (__builtin_expect( (!light_btst(r->resp_htags, HTTP_HEADER_ETAG)), 1)
384 && 0 != r->conf.etag_flags) {
385 const buffer *etag =
386 stat_cache_etag_get(sce, r->conf.etag_flags);
387 if (etag && !buffer_is_blank(etag)) {
388 http_header_response_set(r, HTTP_HEADER_ETAG,
389 CONST_STR_LEN("ETag"),
390 BUF_PTR_LEN(etag));
391 }
392 }
393
394 const buffer * const lmod =
395 __builtin_expect( (!light_btst(r->resp_htags, HTTP_HEADER_LAST_MODIFIED)), 1)
396 ? http_response_set_last_modified(r, sce->st.st_mtime)
397 : NULL;
398
399 if (http_response_maybe_cachable(r)
400 && HANDLER_FINISHED == http_response_handle_cachable(r, lmod, sce->st.st_mtime))
401 return;
402 }
403
404 /* if we are still here, prepare body */
405
406 /* we add it here for all requests
407 * the HEAD request will drop it afterwards again
408 */
409
410 if (0 == sce->st.st_size || 0 == http_chunk_append_file_ref(r, sce)) {
411 r->http_status = 200;
412 r->resp_body_finished = 1;
413 /*(Transfer-Encoding should not have been set at this point)*/
414 buffer_append_int(
415 http_header_response_set_ptr(r, HTTP_HEADER_CONTENT_LENGTH,
416 CONST_STR_LEN("Content-Length")),
417 sce->st.st_size);
418 }
419 else {
420 r->http_status = 500;
421 }
422 }
423
424
http_response_xsendfile(request_st * const r,buffer * const path,const array * const xdocroot)425 static void http_response_xsendfile (request_st * const r, buffer * const path, const array * const xdocroot) {
426 const int status = r->http_status;
427 int valid = 1;
428
429 /* reset Content-Length, if set by backend
430 * Content-Length might later be set to size of X-Sendfile static file,
431 * determined by open(), fstat() to reduces race conditions if the file
432 * is modified between stat() (stat_cache_get_entry()) and open(). */
433 if (light_btst(r->resp_htags, HTTP_HEADER_CONTENT_LENGTH)) {
434 http_header_response_unset(r, HTTP_HEADER_CONTENT_LENGTH,
435 CONST_STR_LEN("Content-Length"));
436 }
437
438 buffer_urldecode_path(path);
439 if (!buffer_is_valid_UTF8(path)) {
440 log_error(r->conf.errh, __FILE__, __LINE__,
441 "X-Sendfile invalid UTF-8 after url-decode: %s", path->ptr);
442 if (r->http_status < 400) {
443 r->http_status = 502;
444 r->handler_module = NULL;
445 }
446 return;
447 }
448 buffer_path_simplify(path);
449 if (r->conf.force_lowercase_filenames) {
450 buffer_to_lower(path);
451 }
452 if (buffer_is_blank(path)) {
453 r->http_status = 502;
454 valid = 0;
455 }
456
457 /* check that path is under xdocroot(s)
458 * - xdocroot should have trailing slash appended at config time
459 * - r->conf.force_lowercase_filenames is not a server-wide setting,
460 * and so can not be definitively applied to xdocroot at config time*/
461 if (xdocroot && xdocroot->used) {
462 const buffer * const xval = !r->conf.force_lowercase_filenames
463 ? array_match_value_prefix(xdocroot, path)
464 : array_match_value_prefix_nc(xdocroot, path);
465 if (NULL == xval) {
466 log_error(r->conf.errh, __FILE__, __LINE__,
467 "X-Sendfile (%s) not under configured x-sendfile-docroot(s)", path->ptr);
468 r->http_status = 403;
469 valid = 0;
470 }
471 }
472
473 if (valid) http_response_send_file(r, path, NULL);
474
475 if (r->http_status >= 400 && status < 300) {
476 r->handler_module = NULL;
477 } else if (0 != status && 200 != status) {
478 r->http_status = status;
479 }
480 }
481
482
http_response_xsendfile2(request_st * const r,const buffer * const value,const array * const xdocroot)483 static void http_response_xsendfile2(request_st * const r, const buffer * const value, const array * const xdocroot) {
484 const char *pos = value->ptr;
485 buffer * const b = r->tmp_buf;
486 const int status = r->http_status;
487
488 /* reset Content-Length, if set by backend */
489 if (light_btst(r->resp_htags, HTTP_HEADER_CONTENT_LENGTH)) {
490 http_header_response_unset(r, HTTP_HEADER_CONTENT_LENGTH,
491 CONST_STR_LEN("Content-Length"));
492 }
493
494 while (*pos) {
495 const char *filename, *range;
496 stat_cache_entry *sce;
497 off_t begin_range, end_range, range_len;
498
499 while (' ' == *pos) pos++;
500 if (!*pos) break;
501
502 filename = pos;
503 if (NULL == (range = strchr(pos, ' '))) {
504 /* missing range */
505 log_error(r->conf.errh, __FILE__, __LINE__,
506 "Couldn't find range after filename: %s", filename);
507 r->http_status = 502;
508 break;
509 }
510 buffer_copy_string_len(b, filename, range - filename);
511
512 /* find end of range */
513 for (pos = ++range; *pos && *pos != ' ' && *pos != ','; pos++) ;
514
515 buffer_urldecode_path(b);
516 if (!buffer_is_valid_UTF8(b)) {
517 log_error(r->conf.errh, __FILE__, __LINE__,
518 "X-Sendfile2 invalid UTF-8 after url-decode: %s", b->ptr);
519 r->http_status = 502;
520 break;
521 }
522 buffer_path_simplify(b);
523 if (r->conf.force_lowercase_filenames) {
524 buffer_to_lower(b);
525 }
526 if (buffer_is_blank(b)) {
527 r->http_status = 502;
528 break;
529 }
530 if (xdocroot && xdocroot->used) {
531 const buffer * const xval = !r->conf.force_lowercase_filenames
532 ? array_match_value_prefix(xdocroot, b)
533 : array_match_value_prefix_nc(xdocroot, b);
534 if (NULL == xval) {
535 log_error(r->conf.errh, __FILE__, __LINE__,
536 "X-Sendfile2 (%s) not under configured x-sendfile-docroot(s)",
537 b->ptr);
538 r->http_status = 403;
539 break;
540 }
541 }
542
543 sce = stat_cache_get_entry_open(b, r->conf.follow_symlink);
544 if (NULL == sce) {
545 log_error(r->conf.errh, __FILE__, __LINE__,
546 "send-file error: couldn't get stat_cache entry for "
547 "X-Sendfile2: %s", b->ptr);
548 r->http_status = 404;
549 break;
550 } else if (!S_ISREG(sce->st.st_mode)) {
551 log_error(r->conf.errh, __FILE__, __LINE__,
552 "send-file error: wrong filetype for X-Sendfile2: %s", b->ptr);
553 r->http_status = 502;
554 break;
555 }
556 /* found the file */
557
558 /* parse range */
559 end_range = sce->st.st_size - 1;
560 {
561 char *rpos = NULL;
562 errno = 0;
563 begin_range = strtoll(range, &rpos, 10);
564 if (errno != 0 || begin_range < 0 || rpos == range)
565 goto range_failed;
566 if ('-' != *rpos++) goto range_failed;
567 if (rpos != pos) {
568 range = rpos;
569 end_range = strtoll(range, &rpos, 10);
570 if (errno != 0 || end_range < 0 || rpos == range)
571 goto range_failed;
572 }
573 if (rpos != pos) goto range_failed;
574
575 goto range_success;
576
577 range_failed:
578 log_error(r->conf.errh, __FILE__, __LINE__,
579 "Couldn't decode range after filename: %s", filename);
580 r->http_status = 502;
581 break;
582
583 range_success: ;
584 }
585
586 /* no parameters accepted */
587
588 while (*pos == ' ') pos++;
589 if (*pos != '\0' && *pos != ',') {
590 r->http_status = 502;
591 break;
592 }
593
594 range_len = end_range - begin_range + 1;
595 if (range_len < 0) {
596 r->http_status = 502;
597 break;
598 }
599 if (range_len != 0) {
600 http_chunk_append_file_ref_range(r, sce, begin_range, range_len);
601 }
602
603 if (*pos == ',') pos++;
604 }
605
606 if (r->http_status >= 400 && status < 300) {
607 r->handler_module = NULL;
608 } else if (0 != status && 200 != status) {
609 r->http_status = status;
610 }
611 }
612
613
http_response_backend_error(request_st * const r)614 void http_response_backend_error (request_st * const r) {
615 if (r->resp_body_started) {
616 /*(response might have been already started, kill the connection)*/
617 /*(mode == DIRECT to avoid later call to http_response_backend_done())*/
618 r->handler_module = NULL; /*(avoid sending final chunked block)*/
619 r->keep_alive = 0;
620 r->resp_body_finished = 1;
621 } /*(else error status set later by http_response_backend_done())*/
622 }
623
http_response_backend_done(request_st * const r)624 void http_response_backend_done (request_st * const r) {
625 /* (not CON_STATE_ERROR and not CON_STATE_RESPONSE_END,
626 * i.e. not called from handle_connection_close or handle_request_reset
627 * hooks, except maybe from errdoc handler, which later resets state)*/
628 switch (r->state) {
629 case CON_STATE_HANDLE_REQUEST:
630 case CON_STATE_READ_POST:
631 if (!r->resp_body_started) {
632 /* Send an error if we haven't sent any data yet */
633 if (r->http_status < 500 && r->http_status != 400)
634 r->http_status = 500;
635 r->handler_module = NULL;
636 break;
637 }
638 __attribute_fallthrough__
639 case CON_STATE_WRITE:
640 if (!r->resp_body_finished) {
641 if (r->http_version == HTTP_VERSION_1_1)
642 http_chunk_close(r);
643 #if 0
644 /* This is a lot of work to make it possible for an HTTP/1.0 client
645 * to detect that response is truncated (after lighttpd made an
646 * HTTP/1.1 request to backend, and backend gave a Transfer-Encoding
647 * chunked response instead of sending Content-Length, and lighttpd
648 * is streaming response to client). An HTTP/1.0 client is probably
649 * not checking for truncated response, or else client should really
650 * prefer HTTP/1.1 or better. If lighttpd were streaming response,
651 * there would be no Content-Length and lighttpd would have sent
652 * Connection: close. Alternatively, since not streaming (if these
653 * conditions are true), could send an HTTP status error instead of
654 * sending partial content with a bogus Content-Length. If we do
655 * not send an HTTP error status, then response_start hooks may add
656 * caching headers (e.g. mod_expire, mod_setenv). If in future we
657 * send HTTP error status, might special-case HEAD requests and
658 * clear response body so that response headers (w/o Content-Length)
659 * can be sent. For now, we have chosen to send partial content,
660 * including generating an incorrect Content-Length (later), and not
661 * to take any of these extra steps. */
662 else if (__builtin_expect( (r->http_version == HTTP_VERSION_1_0), 0)
663 && r->gw_dechunk && !r->gw_dechunk->done
664 && !(r->conf.stream_response_body
665 & (FDEVENT_STREAM_RESPONSE
666 |FDEVENT_STREAM_RESPONSE_BUFMIN))) {
667 r->keep_alive = 0; /* disable keep-alive, send bogus length */
668 http_header_response_set(r, HTTP_HEADER_CONTENT_LENGTH,
669 CONST_STR_LEN("Content-Length"),
670 CONST_STR_LEN("9999999999999"));
671 http_header_response_unset(r, HTTP_HEADER_ETAG,
672 CONST_STR_LEN("ETag"));
673 http_header_response_unset(r, HTTP_HEADER_LAST_MODIFIED,
674 CONST_STR_LEN("Last-Modified"));
675 http_header_response_unset(r, HTTP_HEADER_CACHE_CONTROL,
676 CONST_STR_LEN("Cache-Control"));
677 http_header_response_unset(r, HTTP_HEADER_EXPIRES,
678 CONST_STR_LEN("Expires"));
679 }
680 #endif
681 r->resp_body_finished = 1;
682 }
683 default:
684 break;
685 }
686 }
687
688
http_response_upgrade_read_body_unknown(request_st * const r)689 void http_response_upgrade_read_body_unknown(request_st * const r) {
690 /* act as transparent proxy */
691 if (!(r->conf.stream_request_body & FDEVENT_STREAM_REQUEST))
692 r->conf.stream_request_body |=
693 (FDEVENT_STREAM_REQUEST_BUFMIN | FDEVENT_STREAM_REQUEST);
694 if (!(r->conf.stream_response_body & FDEVENT_STREAM_RESPONSE))
695 r->conf.stream_response_body |=
696 (FDEVENT_STREAM_RESPONSE_BUFMIN | FDEVENT_STREAM_RESPONSE);
697 r->conf.stream_request_body |= FDEVENT_STREAM_REQUEST_POLLIN;
698 r->reqbody_length = -2;
699 r->resp_body_scratchpad = -1;
700 r->keep_alive = 0;
701 }
702
703
704 __attribute_pure__
http_response_append_buffer_simple_accum(const request_st * const r,const off_t len)705 static int http_response_append_buffer_simple_accum(const request_st * const r, const off_t len) {
706 /*(check to accumulate small reads in buffer before flushing to temp file)*/
707 return
708 len < 32768 && r->write_queue.last && r->write_queue.last->file.is_temp;
709 }
710
711
http_response_append_buffer(request_st * const r,buffer * const mem,const int simple_accum)712 static int http_response_append_buffer(request_st * const r, buffer * const mem, const int simple_accum) {
713 /* Note: this routine is separate from http_response_append_mem() to
714 * potentially avoid copying buffer by using http_chunk_append_buffer(). */
715
716 if (r->resp_decode_chunked)
717 return http_chunk_decode_append_buffer(r, mem);
718
719 if (r->resp_body_scratchpad > 0) {
720 off_t len = (off_t)buffer_clen(mem);
721 r->resp_body_scratchpad -= len;
722 if (r->resp_body_scratchpad > 0) {
723 if (simple_accum
724 && http_response_append_buffer_simple_accum(r, len)) {
725 r->resp_body_scratchpad += len;
726 return 0; /*(accumulate small reads in buffer)*/
727 }
728 }
729 else { /* (r->resp_body_scratchpad <= 0) */
730 r->resp_body_finished = 1;
731 if (__builtin_expect( (r->resp_body_scratchpad < 0), 0)) {
732 /*(silently truncate if data exceeds Content-Length)*/
733 len += r->resp_body_scratchpad;
734 r->resp_body_scratchpad = 0;
735 buffer_truncate(mem, (uint32_t)len);
736 }
737 }
738 }
739 else if (0 == r->resp_body_scratchpad) {
740 /*(silently truncate if data exceeds Content-Length)*/
741 buffer_clear(mem);
742 return 0;
743 }
744 else if (simple_accum
745 && http_response_append_buffer_simple_accum(r, buffer_clen(mem))) {
746 return 0; /*(accumulate small reads in buffer)*/
747 }
748 return http_chunk_append_buffer(r, mem);
749 }
750
751
752 #ifdef HAVE_SPLICE
http_response_append_splice(request_st * const r,http_response_opts * const opts,buffer * const b,const int fd,unsigned int toread)753 static int http_response_append_splice(request_st * const r, http_response_opts * const opts, buffer * const b, const int fd, unsigned int toread) {
754 /* check if worthwhile to splice() to avoid copying through userspace */
755 /*assert(opts->simple_accum);*//*(checked in caller)*/
756 if (r->resp_body_scratchpad >= toread
757 && (toread > 32768
758 || (toread >= 8192 /*(!http_response_append_buffer_simple_accum())*/
759 && r->write_queue.last && r->write_queue.last->file.is_temp))) {
760
761 if (!buffer_is_blank(b)) {
762 /*(flush small reads previously accumulated in b)*/
763 int rc = http_response_append_buffer(r, b, 0); /*(0 to flush)*/
764 chunk_buffer_yield(b); /*(improve large buf reuse)*/
765 if (__builtin_expect( (0 != rc), 0)) return -1; /* error */
766 }
767
768 /*assert(opts->fdfmt == S_IFSOCK || opts->fdfmt == S_IFIFO);*/
769 ssize_t n = (opts->fdfmt == S_IFSOCK)
770 ? chunkqueue_append_splice_sock_tempfile(
771 &r->write_queue, fd, toread, r->conf.errh)
772 : chunkqueue_append_splice_pipe_tempfile(
773 &r->write_queue, fd, toread, r->conf.errh);
774 if (__builtin_expect( (n >= 0), 1)) {
775 if (0 == (r->resp_body_scratchpad -= n))
776 r->resp_body_finished = 1;
777 return 1; /* success */
778 }
779 else if (n != -EINVAL)
780 return -1; /* error */
781 /*(fall through; target filesystem w/o splice() support)*/
782 }
783 return 0; /* not handled */
784 }
785 #endif
786
787
http_response_append_mem(request_st * const r,const char * const mem,size_t len)788 static int http_response_append_mem(request_st * const r, const char * const mem, size_t len) {
789 if (r->resp_decode_chunked)
790 return http_chunk_decode_append_mem(r, mem, len);
791
792 if (r->resp_body_scratchpad > 0) {
793 r->resp_body_scratchpad -= (off_t)len;
794 if (r->resp_body_scratchpad <= 0) {
795 r->resp_body_finished = 1;
796 if (__builtin_expect( (r->resp_body_scratchpad < 0), 0)) {
797 /*(silently truncate if data exceeds Content-Length)*/
798 len = (size_t)(r->resp_body_scratchpad + (off_t)len);
799 r->resp_body_scratchpad = 0;
800 }
801 }
802 }
803 else if (0 == r->resp_body_scratchpad) {
804 /*(silently truncate if data exceeds Content-Length)*/
805 return 0;
806 }
807 return http_chunk_append_mem(r, mem, len);
808 }
809
810
http_response_transfer_cqlen(request_st * const r,chunkqueue * const cq,size_t len)811 int http_response_transfer_cqlen(request_st * const r, chunkqueue * const cq, size_t len) {
812 /*(intended for use as callback from modules setting opts->parse(),
813 * e.g. mod_fastcgi and mod_ajp13)
814 *(do not set r->resp_body_finished here since those protocols handle it)*/
815 if (0 == len) return 0;
816 if (__builtin_expect( (!r->resp_decode_chunked), 1)) {
817 const size_t olen = len;
818 if (r->resp_body_scratchpad >= 0) {
819 r->resp_body_scratchpad -= (off_t)len;
820 if (__builtin_expect( (r->resp_body_scratchpad < 0), 0)) {
821 /*(silently truncate if data exceeds Content-Length)*/
822 len = (size_t)(r->resp_body_scratchpad + (off_t)len);
823 r->resp_body_scratchpad = 0;
824 }
825 }
826 int rc = http_chunk_transfer_cqlen(r, cq, len);
827 if (__builtin_expect( (0 != rc), 0))
828 return -1;
829 if (__builtin_expect( (olen != len), 0)) /*discard excess data, if any*/
830 chunkqueue_mark_written(cq, (off_t)(olen - len));
831 }
832 else {
833 /* specialized use by opts->parse() to decode chunked encoding;
834 * FastCGI, AJP13 packet data is all type MEM_CHUNK
835 * (This extra copy can be avoided if FastCGI backend does not send
836 * Transfer-Encoding: chunked, which FastCGI is not supposed to do) */
837 uint32_t remain = (uint32_t)len, wr;
838 for (const chunk *c = cq->first; c && remain; c=c->next, remain-=wr) {
839 /*assert(c->type == MEM_CHUNK);*/
840 wr = buffer_clen(c->mem) - c->offset;
841 if (wr > remain) wr = remain;
842 if (0 != http_chunk_decode_append_mem(r, c->mem->ptr+c->offset, wr))
843 return -1;
844 }
845 chunkqueue_mark_written(cq, len);
846 }
847 return 0;
848 }
849
850
http_response_process_headers(request_st * const restrict r,http_response_opts * const restrict opts,char * const restrict s,const unsigned short hoff[8192],const int is_nph)851 static int http_response_process_headers(request_st * const restrict r, http_response_opts * const restrict opts, char * const restrict s, const unsigned short hoff[8192], const int is_nph) {
852 int i = 1;
853
854 if (is_nph) {
855 /* non-parsed headers ... we parse them anyway */
856 /* (accept HTTP/2.0 and HTTP/3.0 from naive non-proxy backends) */
857 /* (http_header_str_to_code() expects certain chars after code) */
858 if (s[12] == '\r' || s[12] == '\n') s[12] = '\0';/*(caller checked 12)*/
859 if ((s[5] == '1' || opts->backend != BACKEND_PROXY) && s[6] == '.'
860 && (s[7] == '1' || s[7] == '0') && s[8] == ' ') {
861 /* after the space should be a status code for us */
862 int status = http_header_str_to_code(s+9);
863 if (status >= 100 && status < 1000) {
864 #ifdef __COVERITY__ /* Coverity false positive for tainted data */
865 status = 200;/* http_header_str_to_code() validates, untaints */
866 #endif
867 r->http_status = status;
868 opts->local_redir = 0; /*(disable; status was set)*/
869 i = 2;
870 } /* else we expected 3 digits and didn't get them */
871 }
872
873 if (0 == r->http_status) {
874 log_error(r->conf.errh, __FILE__, __LINE__,
875 "invalid HTTP status line: %s", s);
876 r->http_status = 502; /* Bad Gateway */
877 r->handler_module = NULL;
878 return 0;
879 }
880 }
881 else if (__builtin_expect( (opts->backend == BACKEND_PROXY), 0)) {
882 /* invalid response Status-Line from HTTP proxy */
883 r->http_status = 502; /* Bad Gateway */
884 r->handler_module = NULL;
885 return 0;
886 }
887
888 for (; i < hoff[0]; ++i) {
889 const char *k = s+hoff[i], *value;
890 char *end = s+hoff[i+1]-1; /*('\n')*/
891
892 /* parse the headers */
893 if (NULL == (value = memchr(k, ':', end - k))) {
894 /* we expect: "<key>: <value>\r\n" */
895 continue;
896 }
897
898 const uint32_t klen = (uint32_t)(value - k);
899 if (0 == klen) continue; /*(already ignored when writing response)*/
900 const enum http_header_e id = http_header_hkey_get(k, klen);
901
902 do { ++value; } while (*value == ' ' || *value == '\t'); /* skip LWS */
903 /* strip the \r?\n */
904 if (end > value && end[-1] == '\r') --end;
905 /*(XXX: not done; could remove trailing whitespace)*/
906
907 if (opts->authorizer && (0 == r->http_status || 200 == r->http_status)){
908 if (id == HTTP_HEADER_STATUS) {
909 end[0] = '\0';
910 int status = http_header_str_to_code(value);
911 if (status >= 100 && status < 1000) {
912 #ifdef __COVERITY__ /* Coverity false positive for tainted */
913 status = 200;/* http_header_str_to_code() validates */
914 #endif
915 r->http_status = status;
916 opts->local_redir = 0; /*(disable; status was set)*/
917 }
918 else {
919 r->http_status = 502; /* Bad Gateway */
920 break; /*(do not unset r->handler_module)*/
921 }
922 }
923 else if (id == HTTP_HEADER_OTHER && klen > 9 && (k[0] & 0xdf) == 'V'
924 && buffer_eq_icase_ssn(k, CONST_STR_LEN("Variable-"))) {
925 http_header_env_append(r, k + 9, klen - 9, value, end - value);
926 }
927 continue;
928 }
929
930 switch (id) {
931 case HTTP_HEADER_STATUS:
932 if (opts->backend != BACKEND_PROXY) {
933 end[0] = '\0';
934 int status = http_header_str_to_code(value);
935 if (status >= 100 && status < 1000) {
936 #ifdef __COVERITY__ /* Coverity false positive for tainted */
937 status = 200;/* http_header_str_to_code() validates */
938 #endif
939 r->http_status = status;
940 opts->local_redir = 0; /*(disable; status was set)*/
941 }
942 else {
943 r->http_status = 502;
944 r->handler_module = NULL;
945 }
946 continue; /* do not send Status to client */
947 } /*(else pass w/o parse for BACKEND_PROXY)*/
948 break;
949 case HTTP_HEADER_UPGRADE:
950 /*(technically, should also verify Connection: upgrade)*/
951 /*(flag only for mod_proxy and mod_cgi (for now))*/
952 if (opts->backend != BACKEND_PROXY && opts->backend != BACKEND_CGI)
953 continue;
954 if (r->http_version >= HTTP_VERSION_2 && !r->h2_connect_ext)
955 continue;
956 break;
957 case HTTP_HEADER_CONNECTION:
958 if (opts->backend == BACKEND_PROXY) continue;
959 /*(simplistic attempt to honor backend request to close)*/
960 if (http_header_str_contains_token(value, end - value,
961 CONST_STR_LEN("close")))
962 r->keep_alive = 0;
963 if (r->http_version >= HTTP_VERSION_2) continue;
964 break;
965 case HTTP_HEADER_CONTENT_TYPE:
966 if (end - value >= 22 /*(prefix match probably good enough)*/
967 && 0 == memcmp(value, "application/javascript", 22)) {
968 /* value = "text/javascript"; *//*(loses ";charset=...")*/
969 /* *(const char **)&end = value+sizeof("text/javascript")-1; */
970 /*(convert "application/javascript" to "text/javascript")*/
971 value += 7; /*(step over "applica", leaving "tion")*/
972 memcpy(s+(value-s)+1, "ext", 3);
973 }
974 break;
975 case HTTP_HEADER_CONTENT_LENGTH:
976 if (*value == '+') ++value;
977 if (!r->resp_decode_chunked
978 && !light_btst(r->resp_htags, HTTP_HEADER_CONTENT_LENGTH)) {
979 const char *err = end;
980 while (err > value && (err[-1] == ' ' || err[-1] == '\t')) --err;
981 if (err <= value) continue; /*(might error 502 Bad Gateway)*/
982 uint32_t vlen = (uint32_t)(err - value);
983 r->resp_body_scratchpad =
984 (off_t)li_restricted_strtoint64(value, vlen, &err);
985 if (err != value + vlen) {
986 /*(invalid Content-Length value from backend;
987 * read from backend until backend close, hope for the best)
988 *(might choose to treat this as 502 Bad Gateway) */
989 r->resp_body_scratchpad = -1;
990 }
991 }
992 else {
993 /* ignore Content-Length if Transfer-Encoding: chunked
994 * ignore subsequent (multiple) Content-Length
995 * (might choose to treat this as 502 Bad Gateway) */
996 continue;
997 }
998 break;
999 case HTTP_HEADER_TRANSFER_ENCODING:
1000 if (light_btst(r->resp_htags, HTTP_HEADER_CONTENT_LENGTH)) {
1001 /* ignore Content-Length if Transfer-Encoding: chunked
1002 * (might choose to treat this as 502 Bad Gateway) */
1003 r->resp_body_scratchpad = -1;
1004 http_header_response_unset(r, HTTP_HEADER_CONTENT_LENGTH,
1005 CONST_STR_LEN("Content-Length"));
1006 }
1007 /*(assumes "Transfer-Encoding: chunked"; does not verify)*/
1008 r->resp_decode_chunked = 1;
1009 r->gw_dechunk = ck_calloc(1, sizeof(response_dechunk));
1010 continue;
1011 case HTTP_HEADER_HTTP2_SETTINGS:
1012 /* RFC7540 3.2.1
1013 * A server MUST NOT send this header field. */
1014 /* (not bothering to remove HTTP2-Settings from Connection) */
1015 continue;
1016 case HTTP_HEADER_OTHER:
1017 /* ignore invalid headers with whitespace between label and ':'
1018 * (if less strict behavior is desired, check and correct above
1019 * this switch() statement, but not for BACKEND_PROXY) */
1020 if (k[klen-1] == ' ' || k[klen-1] == '\t')
1021 continue;
1022 break;
1023 default:
1024 break;
1025 }
1026
1027 if (end - value)
1028 http_header_response_insert(r, id, k, klen, value, end - value);
1029 }
1030
1031 /* CGI/1.1 rev 03 - 7.2.1.2 */
1032 /* (proxy requires Status-Line, so never true for proxy)*/
1033 if (0 == r->http_status && light_btst(r->resp_htags, HTTP_HEADER_LOCATION)){
1034 r->http_status = 302;
1035 }
1036
1037 return 0;
1038 }
1039
1040
1041 static http_response_send_1xx_cb http_response_send_1xx_h1;
1042 static http_response_send_1xx_cb http_response_send_1xx_h2;
1043
1044 void
http_response_send_1xx_cb_set(http_response_send_1xx_cb fn,int vers)1045 http_response_send_1xx_cb_set (http_response_send_1xx_cb fn, int vers)
1046 {
1047 if (vers >= HTTP_VERSION_2)
1048 http_response_send_1xx_h2 = fn;
1049 else if (vers == HTTP_VERSION_1_1)
1050 http_response_send_1xx_h1 = fn;
1051 }
1052
1053
1054 int
http_response_send_1xx(request_st * const r)1055 http_response_send_1xx (request_st * const r)
1056 {
1057 http_response_send_1xx_cb http_response_send_1xx_fn = NULL;
1058 if (r->http_version >= HTTP_VERSION_2)
1059 http_response_send_1xx_fn = http_response_send_1xx_h2;
1060 else if (r->http_version == HTTP_VERSION_1_1)
1061 http_response_send_1xx_fn = http_response_send_1xx_h1;
1062
1063 if (http_response_send_1xx_fn && !http_response_send_1xx_fn(r, r->con))
1064 return 0; /* error occurred */
1065
1066 http_response_header_clear(r);
1067 return 1; /* 1xx response handled */
1068 }
1069
1070
1071 __attribute_cold__
1072 __attribute_noinline__
1073 static int
http_response_check_1xx(request_st * const r,buffer * const restrict b,uint32_t hlen,uint32_t dlen)1074 http_response_check_1xx (request_st * const r, buffer * const restrict b, uint32_t hlen, uint32_t dlen)
1075 {
1076 /* pass through unset r->http_status (not 1xx) or 101 Switching Protocols */
1077 if (0 == r->http_status || 101 == r->http_status)
1078 return 0; /* pass through as-is; do not loop for addtl response hdrs */
1079
1080 /* discard 1xx response from b; already processed
1081 * (but further response might follow in b, so preserve addtl data) */
1082 if (dlen)
1083 memmove(b->ptr, b->ptr+hlen, dlen);
1084 buffer_truncate(b, dlen);
1085
1086 /* Note: while GW_AUTHORIZER mode is not expected to return 1xx, as a
1087 * feature, 1xx responses from authorizer are passed back to client */
1088
1089 return http_response_send_1xx(r);
1090 /* 0: error, 1: 1xx response handled; loop for next response headers */
1091 }
1092
1093
1094 __attribute_noinline__
http_response_parse_headers(request_st * const r,http_response_opts * const opts,buffer * const b)1095 handler_t http_response_parse_headers(request_st * const r, http_response_opts * const opts, buffer * const b) {
1096 /**
1097 * possible formats of response headers:
1098 *
1099 * proxy or NPH (non-parsed headers):
1100 *
1101 * HTTP/1.0 200 Ok\n
1102 * Header: Value\n
1103 * \n
1104 *
1105 * CGI:
1106 *
1107 * Header: Value\n
1108 * Status: 200\n
1109 * \n
1110 *
1111 * and different mixes of \n and \r\n combinations
1112 *
1113 * Some users also forget about CGI and just send a response
1114 * and hope we handle it. No headers, no header-content separator
1115 */
1116 const char *bstart;
1117 uint32_t blen;
1118
1119 do {
1120 uint32_t header_len, is_nph = 0;
1121 unsigned short hoff[8192]; /* max num header lines + 3; 16k on stack */
1122 hoff[0] = 1; /* number of lines */
1123 hoff[1] = 0; /* base offset for all lines */
1124 hoff[2] = 0; /* offset from base for 2nd line; init 0 to detect '\n' */
1125 blen = buffer_clen(b);
1126 header_len = http_header_parse_hoff(b->ptr, blen, hoff);
1127 if ((header_len ? header_len : blen) > MAX_HTTP_RESPONSE_FIELD_SIZE) {
1128 log_error(r->conf.errh, __FILE__, __LINE__,
1129 "response headers too large for %s", r->uri.path.ptr);
1130 r->http_status = 502; /* Bad Gateway */
1131 r->handler_module = NULL;
1132 return HANDLER_FINISHED;
1133 }
1134 if (hoff[2]) { /*(at least one newline found if offset is non-zero)*/
1135 /*("HTTP/1.1 200 " is at least 13 chars + \r\n; 12 w/o final ' ')*/
1136 is_nph = hoff[2] >= 12 && 0 == memcmp(b->ptr, "HTTP/", 5);
1137 if (!is_nph) {
1138 const char * colon = memchr(b->ptr, ':', hoff[2]-1);
1139 if (__builtin_expect( (NULL == colon), 0)) {
1140 if (hoff[2] <= 2 && (1 == hoff[2] || b->ptr[0] == '\r')) {
1141 /* no HTTP headers */
1142 }
1143 else if (opts->backend == BACKEND_CGI) {
1144 /* no HTTP headers, but body (special-case for CGI)*/
1145 /* no colon found; does not appear to be HTTP headers */
1146 if (0 != http_chunk_append_buffer(r, b)) {
1147 return HANDLER_ERROR;
1148 }
1149 r->http_status = 200; /* OK */
1150 r->resp_body_started = 1;
1151 return HANDLER_GO_ON;
1152 }
1153 else {
1154 /* invalid response headers */
1155 r->http_status = 502; /* Bad Gateway */
1156 r->handler_module = NULL;
1157 return HANDLER_FINISHED;
1158 }
1159 }
1160 }
1161 } /* else no newline yet; partial header line?) */
1162 if (0 == header_len) /* headers incomplete */
1163 return HANDLER_GO_ON;
1164
1165 /* the body starts after the EOL */
1166 bstart = b->ptr + header_len;
1167 blen -= header_len;
1168
1169 if (0 != http_response_process_headers(r, opts, b->ptr, hoff, is_nph))
1170 return HANDLER_ERROR;
1171
1172 } while (r->http_status < 200
1173 && http_response_check_1xx(r, b, bstart - b->ptr, blen));
1174
1175 r->resp_body_started = 1;
1176
1177 if (opts->authorizer
1178 && (r->http_status == 0 || r->http_status == 200)) {
1179 return HANDLER_GO_ON;
1180 }
1181
1182 if (NULL == r->handler_module) {
1183 return HANDLER_FINISHED;
1184 }
1185
1186 if (opts->local_redir && r->http_status >= 300 && r->http_status < 400
1187 && 0 == blen) {
1188 /* (Might not have begun to receive body yet, but do skip local-redir
1189 * if we already have started receiving a response body (blen > 0)) */
1190 /*(light_btst(r->resp_htags, HTTP_HEADER_LOCATION))*/
1191 handler_t rc = http_cgi_local_redir(r);
1192 if (rc != HANDLER_GO_ON) return rc;
1193 }
1194
1195 if (opts->xsendfile_allow) {
1196 buffer *vb;
1197 /* X-Sendfile2 is deprecated; historical for fastcgi */
1198 if (opts->backend == BACKEND_FASTCGI
1199 && NULL != (vb = http_header_response_get(r, HTTP_HEADER_OTHER,
1200 CONST_STR_LEN("X-Sendfile2")))) {
1201 http_response_xsendfile2(r, vb, opts->xsendfile_docroot);
1202 /* http_header_response_unset() shortcut for HTTP_HEADER_OTHER */
1203 buffer_clear(vb); /*(do not send to client)*/
1204 if (NULL == r->handler_module)
1205 r->resp_body_started = 0;
1206 return HANDLER_FINISHED;
1207 } else if (NULL != (vb = http_header_response_get(r, HTTP_HEADER_OTHER,
1208 CONST_STR_LEN("X-Sendfile")))
1209 || (opts->backend == BACKEND_FASTCGI /* X-LIGHTTPD-send-file is deprecated; historical for fastcgi */
1210 && NULL != (vb = http_header_response_get(r, HTTP_HEADER_OTHER,
1211 CONST_STR_LEN("X-LIGHTTPD-send-file"))))) {
1212 http_response_xsendfile(r, vb, opts->xsendfile_docroot);
1213 /* http_header_response_unset() shortcut for HTTP_HEADER_OTHER */
1214 buffer_clear(vb); /*(do not send to client)*/
1215 if (NULL == r->handler_module)
1216 r->resp_body_started = 0;
1217 return HANDLER_FINISHED;
1218 }
1219 }
1220
1221 if (blen > 0) {
1222 /* modules which set opts->parse() (e.g. mod_ajp13, mod_fastcgi) must
1223 * not pass buffer with excess data to this routine (and do not do so
1224 * due to framing of response headers separately from response body) */
1225 int rc = http_response_append_mem(r, bstart, blen);
1226 if (__builtin_expect( (0 != rc), 0))
1227 return HANDLER_ERROR;
1228 }
1229
1230 /* (callback for response headers complete) */
1231 return (opts->headers) ? opts->headers(r, opts) : HANDLER_GO_ON;
1232 }
1233
1234
http_response_read(request_st * const r,http_response_opts * const opts,buffer * const b,fdnode * const fdn)1235 handler_t http_response_read(request_st * const r, http_response_opts * const opts, buffer * const b, fdnode * const fdn) {
1236 const int fd = fdn->fd;
1237 ssize_t n;
1238 size_t avail;
1239 /*size_t total = 0;*/
1240 do {
1241 unsigned int toread = 0;
1242 avail = buffer_string_space(b);
1243
1244 if (0 == fdevent_ioctl_fionread(fd, opts->fdfmt, (int *)&toread)) {
1245
1246 #ifdef HAVE_SPLICE
1247 /* check if worthwhile to splice() to avoid copying to userspace */
1248 if (opts->simple_accum) {
1249 int rc = http_response_append_splice(r, opts, b, fd, toread);
1250 if (rc) {
1251 if (__builtin_expect( (rc > 0), 1))
1252 break;
1253 return HANDLER_ERROR;
1254 } /*(fall through to handle traditionally)*/
1255 }
1256 #endif
1257
1258 if (avail < toread) {
1259 uint32_t blen = buffer_clen(b);
1260 if (toread + blen < 4096)
1261 toread = 4095 - blen;
1262 else if (toread > opts->max_per_read)
1263 toread = opts->max_per_read;
1264 /* reduce amount read for response headers to reduce extra data
1265 * copying for initial data following response headers
1266 * (see http_response_parse_headers())
1267 * (This seems reasonable to do even if opts->parse is set)
1268 * (default chunk buffer is 8k; typical response headers < 8k)
1269 * (An alternative might be the opposite: read extra, e.g. 128k,
1270 * if data available, in order to write to temp files sooner)*/
1271 if (toread > 8192 && !r->resp_body_started) toread = 8192;
1272 }
1273 else if (0 == toread) {
1274 #if 0
1275 return (fdevent_fdnode_interest(fdn) & FDEVENT_IN)
1276 ? HANDLER_FINISHED /* read finished */
1277 : HANDLER_GO_ON; /* optimistic read; data not ready */
1278 #else
1279 if (!(fdevent_fdnode_interest(fdn) & FDEVENT_IN)) {
1280 if (!(r->conf.stream_response_body
1281 & FDEVENT_STREAM_RESPONSE_POLLRDHUP))
1282 return HANDLER_GO_ON;/*optimistic read; data not ready*/
1283 }
1284 if (0 == avail) /* let read() below indicate if EOF or EAGAIN */
1285 toread = 1024;
1286 #endif
1287 }
1288 }
1289 else if (avail < 1024) {
1290 toread = 4095 - avail;
1291 }
1292
1293 if (r->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) {
1294 off_t cqlen = chunkqueue_length(&r->write_queue);
1295 if (cqlen + (off_t)toread > 65536 - 4096) {
1296 if (!r->con->is_writable) {
1297 /*(defer removal of FDEVENT_IN interest since
1298 * connection_state_machine() might be able to send data
1299 * immediately, unless !con->is_writable, where
1300 * connection_state_machine() might not loop back to call
1301 * mod_proxy_handle_subrequest())*/
1302 fdevent_fdnode_event_clr(r->con->srv->ev, fdn, FDEVENT_IN);
1303 }
1304 if (cqlen >= 65536-1) {
1305 if (buffer_is_blank(b))
1306 chunk_buffer_yield(b); /*(improve large buf reuse)*/
1307 return HANDLER_GO_ON;
1308 }
1309 toread = 65536 - 1 - (unsigned int)cqlen;
1310 /* Note: heuristic is fuzzy in that it limits how much to read
1311 * from backend based on how much is pending to write to client.
1312 * Modules where data from backend is framed (e.g. FastCGI) may
1313 * want to limit how much is buffered from backend while waiting
1314 * for a complete data frame or data packet from backend. */
1315 }
1316 }
1317
1318 if (avail < toread) {
1319 /*(add avail+toread to reduce allocations when ioctl EOPNOTSUPP)*/
1320 avail = toread < opts->max_per_read && avail
1321 ? avail-1+toread
1322 : toread;
1323 avail = chunk_buffer_prepare_append(b, avail);
1324 }
1325
1326 n = read(fd, b->ptr+buffer_clen(b), avail);
1327
1328 if (n < 0) {
1329 switch (errno) {
1330 case EAGAIN:
1331 #ifdef EWOULDBLOCK
1332 #if EWOULDBLOCK != EAGAIN
1333 case EWOULDBLOCK:
1334 #endif
1335 #endif
1336 case EINTR:
1337 if (buffer_is_blank(b))
1338 chunk_buffer_yield(b); /*(improve large buf reuse)*/
1339 return HANDLER_GO_ON;
1340 default:
1341 log_perror(r->conf.errh, __FILE__, __LINE__,
1342 "read() %d %d", r->con->fd, fd);
1343 return HANDLER_ERROR;
1344 }
1345 }
1346
1347 buffer_commit(b, (size_t)n);
1348 #ifdef __COVERITY__
1349 /* Coverity Scan overlooks the effect of buffer_commit() */
1350 b->ptr[buffer_clen(b)+n] = '\0';
1351 #endif
1352
1353 if (NULL != opts->parse) {
1354 handler_t rc = opts->parse(r, opts, b, (size_t)n);
1355 if (rc != HANDLER_GO_ON) return rc;
1356 } else if (0 == n) {
1357 if (buffer_is_blank(b))
1358 chunk_buffer_yield(b); /*(improve large buf reuse)*/
1359 else if (opts->simple_accum) {
1360 /*(flush small reads previously accumulated in b)*/
1361 int rc = http_response_append_buffer(r, b, 0); /*(0 to flush)*/
1362 chunk_buffer_yield(b); /*(improve large buf reuse)*/
1363 if (__builtin_expect( (0 != rc), 0)) {
1364 /* error writing to tempfile;
1365 * truncate response or send 500 if nothing sent yet */
1366 return HANDLER_ERROR;
1367 }
1368 }
1369 /* note: no further data is sent to backend after read EOF on socket
1370 * (not checking for half-closed TCP socket)
1371 * (backend should read all data desired prior to closing socket,
1372 * though might send app-level close data frame, if applicable) */
1373 return HANDLER_FINISHED; /* read finished */
1374 } else if (0 == r->resp_body_started) {
1375 /* split header from body */
1376 handler_t rc = http_response_parse_headers(r, opts, b);
1377 if (rc != HANDLER_GO_ON) return rc;
1378 /* accumulate response in b until headers completed (or error)*/
1379 if (r->resp_body_started) {
1380 buffer_clear(b);
1381 /* check if Content-Length provided and response body received
1382 * (done here instead of http_response_process_headers() since
1383 * backends which set opts->parse() might handle differently)*/
1384 if (0 == r->resp_body_scratchpad)
1385 r->resp_body_finished = 1;
1386 /* enable simple accumulation of small reads in some situations
1387 * no Content-Length (will read to EOF)
1388 * Content-Length (will read until r->resp_body_scratchpad == 0)
1389 * not chunked-encoding
1390 * not bufmin streaming
1391 * (no custom parse routine set for opts->parse()) */
1392 else if (!r->resp_decode_chunked /* && NULL == opts->parse */
1393 && !(r->conf.stream_response_body
1394 & FDEVENT_STREAM_RESPONSE_BUFMIN))
1395 opts->simple_accum = 1;
1396 }
1397 } else {
1398 /* flush b (do not accumulate small reads) if streaming and might
1399 * write to client since there is a chance that r->write_queue is
1400 * fully written to client (no more temp files) and then we do not
1401 * want to hold onto buffered data in b for an indeterminate time
1402 * until next read of data from backend */
1403 int simple_accum = opts->simple_accum
1404 && (!(r->conf.stream_response_body
1405 & FDEVENT_STREAM_RESPONSE)
1406 || !r->con->is_writable);
1407 int rc = http_response_append_buffer(r, b, simple_accum);
1408 if (__builtin_expect( (0 != rc), 0)) {
1409 /* error writing to tempfile;
1410 * truncate response or send 500 if nothing sent yet */
1411 return HANDLER_ERROR;
1412 }
1413 /*buffer_clear(b);*//*http_response_append_buffer() clears*/
1414 /* small reads might accumulate in b; not necessarily cleared */
1415 }
1416
1417 if (r->conf.stream_response_body & FDEVENT_STREAM_RESPONSE_BUFMIN) {
1418 if (chunkqueue_length(&r->write_queue) > 65536 - 4096) {
1419 /*(defer removal of FDEVENT_IN interest since
1420 * connection_state_machine() might be able to send
1421 * data immediately, unless !con->is_writable, where
1422 * connection_state_machine() might not loop back to
1423 * call the subrequest handler)*/
1424 if (!r->con->is_writable)
1425 fdevent_fdnode_event_clr(r->con->srv->ev, fdn, FDEVENT_IN);
1426 break;
1427 }
1428 }
1429 } while (!r->resp_body_started); /*(loop to read large response headers)*/
1430 /*while (0);*//*(extra logic might benefit systems without FIONREAD)*/
1431 /*while ((size_t)n == avail && (total += (size_t)n) < opts->max_per_read);*/
1432 /* else emptied kernel read buffer or partial read or reached read limit */
1433
1434 if (buffer_is_blank(b)) chunk_buffer_yield(b); /*(improve large buf reuse)*/
1435
1436 return (!r->resp_body_finished ? HANDLER_GO_ON : HANDLER_FINISHED);
1437 }
1438