1 /* 2 * http_cgi - Common Gateway Interface (CGI) interfaces (RFC 3875) 3 * 4 * Copyright(c) 2016-2017 Glenn Strauss gstrauss()gluelogic.com All rights reserved 5 * License: BSD 3-clause (same as lighttpd) 6 */ 7 #include "first.h" 8 9 #include "http_cgi.h" 10 11 #include "sys-socket.h" 12 #include <string.h> 13 14 #include "base.h" 15 #include "array.h" 16 #include "buffer.h" 17 #include "chunk.h" 18 #include "log.h" 19 #include "http_header.h" 20 #include "sock_addr.h" 21 22 handler_t 23 http_cgi_local_redir (request_st * const r) 24 { 25 /* [RFC3875] The Common Gateway Interface (CGI) Version 1.1 26 * [RFC3875] 6.2.2 Local Redirect Response 27 * 28 * The CGI script can return a URI path and query-string 29 * ('local-pathquery') for a local resource in a Location header field. 30 * This indicates to the server that it should reprocess the request 31 * using the path specified. 32 * 33 * local-redir-response = local-Location NL 34 * 35 * The script MUST NOT return any other header fields or a message-body, 36 * and the server MUST generate the response that it would have produced 37 * in response to a request containing the URL 38 * 39 * scheme "://" server-name ":" server-port local-pathquery 40 * 41 * (While not required by the RFC, do not send local-redir back to same URL 42 * since CGI should have handled it internally if it really wanted to do 43 * that internally) 44 */ 45 46 size_t ulen = buffer_clen(&r->uri.path); 47 const buffer *vb = http_header_response_get(r, HTTP_HEADER_LOCATION, 48 CONST_STR_LEN("Location")); 49 if (NULL != vb 50 && vb->ptr[0] == '/' 51 && (0 != strncmp(vb->ptr, r->uri.path.ptr, ulen) 52 || ( vb->ptr[ulen] != '\0' 53 && vb->ptr[ulen] != '/' 54 && vb->ptr[ulen] != '?')) 55 && 1 == r->resp_headers.used /*"Location"; no "Status" or NPH response*/ 56 && r->http_status >= 300 && r->http_status < 400) { 57 if (++r->loops_per_request > 5) { 58 log_error(r->conf.errh, __FILE__, __LINE__, 59 "too many internal loops while processing request: %s", 60 r->target_orig.ptr); 61 r->http_status = 500; /* Internal Server Error */ 62 r->resp_body_started = 0; 63 r->handler_module = NULL; 64 return HANDLER_FINISHED; 65 } 66 67 buffer_copy_buffer(&r->target, vb); 68 buffer_clear(&r->pathinfo); 69 70 if (r->reqbody_length) { 71 if (r->reqbody_length != r->reqbody_queue.bytes_in) 72 r->keep_alive = 0; 73 r->reqbody_length = 0; 74 chunkqueue_reset(&r->reqbody_queue); 75 } 76 77 if (r->http_status != 307 && r->http_status != 308) { 78 /* Note: request body (if any) sent to initial dynamic handler 79 * and is not available to the internal redirect */ 80 r->http_method = HTTP_METHOD_GET; 81 } 82 83 /*(caller must reset request as follows)*/ 84 /*http_response_reset(r);*/ /*(sets r->http_status = 0)*/ 85 /*r->con->srv->plugins_request_reset(r);*/ 86 87 return HANDLER_COMEBACK; 88 } 89 90 return HANDLER_GO_ON; 91 } 92 93 94 static void 95 http_cgi_encode_varname (buffer * const b, const char * const restrict s, const size_t len, const int is_http_header) 96 { 97 char * const restrict p = buffer_string_prepare_copy(b, len + 5); 98 size_t i, j = 0; 99 100 if (is_http_header) { 101 #if 0 /*(special-cased in caller that sets is_http_header)*/ 102 if (len == 12 && buffer_eq_icase_ssn(s, "Content-Type", 12)) { 103 buffer_copy_string_len(b, CONST_STR_LEN("CONTENT_TYPE")); 104 return; 105 } 106 #endif 107 memcpy(p, "HTTP_", 5); 108 j = 5; /* "HTTP_" */ 109 } 110 111 for (i = 0; i < len; ++i) {/* uppercase alpha, pass numeric, map rest '_' */ 112 const unsigned char c = s[i]; 113 p[j++] = light_isalpha(c) ? c & ~0x20 : light_isdigit(c) ? c : '_'; 114 } 115 buffer_truncate(b, j); 116 } 117 118 119 int 120 http_cgi_headers (request_st * const r, http_cgi_opts * const opts, http_cgi_header_append_cb cb, void *vdata) 121 { 122 /* CGI-SPEC 6.1.2, FastCGI spec 6.3 and SCGI spec */ 123 124 /* note: string ptrs passed to cb() func must not be NULL */ 125 126 int rc = 0; 127 uint32_t len; 128 buffer * const tb = r->tmp_buf; 129 const char *s; 130 size_t n; 131 char buf[INET6_ADDRSTRLEN + 1]; /*(also larger than LI_ITOSTRING_LENGTH)*/ 132 133 /* (CONTENT_LENGTH must be first for SCGI) */ 134 if (!opts->authorizer) 135 rc |= cb(vdata, CONST_STR_LEN("CONTENT_LENGTH"), 136 buf, li_itostrn(buf,sizeof(buf),r->reqbody_length)); 137 138 n = buffer_clen(&r->uri.query); 139 rc |= cb(vdata, CONST_STR_LEN("QUERY_STRING"), 140 n ? r->uri.query.ptr : "", n); 141 142 s = r->target_orig.ptr; 143 n = buffer_clen(&r->target_orig); 144 len = opts->strip_request_uri ? buffer_clen(opts->strip_request_uri) : 0; 145 if (len) { 146 /* e.g. /app1/index/list 147 * stripping /app1 or /app1/ should lead to /index/list 148 * (trailing slash removed from strip_request_uri at config time)*/ 149 if (n < len || 0 != memcmp(s, opts->strip_request_uri->ptr, len) 150 || s[len] != '/') 151 len = 0; 152 } 153 rc |= cb(vdata, CONST_STR_LEN("REQUEST_URI"), s+len, n-len); 154 155 if (!buffer_is_equal(&r->target, &r->target_orig)) 156 rc |= cb(vdata, CONST_STR_LEN("REDIRECT_URI"), 157 BUF_PTR_LEN(&r->target)); 158 159 /* set REDIRECT_STATUS for php compiled with --force-redirect 160 * (if REDIRECT_STATUS has not already been set by error handler) */ 161 if (0 == r->error_handler_saved_status) 162 rc |= cb(vdata, CONST_STR_LEN("REDIRECT_STATUS"), 163 CONST_STR_LEN("200")); 164 165 /* 166 * SCRIPT_NAME, PATH_INFO and PATH_TRANSLATED according to 167 * http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html 168 * (6.1.14, 6.1.6, 6.1.7) 169 */ 170 if (!opts->authorizer) { 171 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_NAME"), 172 BUF_PTR_LEN(&r->uri.path)); 173 if (!buffer_is_blank(&r->pathinfo)) { 174 rc |= cb(vdata, CONST_STR_LEN("PATH_INFO"), 175 BUF_PTR_LEN(&r->pathinfo)); 176 /* PATH_TRANSLATED is only defined if PATH_INFO is set 177 * Note: not implemented: re-url-encode '?' '=' ';' for 178 * (RFC 3875 4.1.6) */ 179 const buffer * const bd = (opts->docroot) 180 ? opts->docroot 181 : &r->physical.basedir; 182 buffer_copy_path_len2(tb, BUF_PTR_LEN(bd), 183 BUF_PTR_LEN(&r->pathinfo)); 184 rc |= cb(vdata, CONST_STR_LEN("PATH_TRANSLATED"), 185 BUF_PTR_LEN(tb)); 186 } 187 } 188 189 /* 190 * SCRIPT_FILENAME and DOCUMENT_ROOT for php 191 * The PHP manual http://www.php.net/manual/en/reserved.variables.php 192 * treatment of PATH_TRANSLATED is different from the one of CGI specs. 193 * (see php.ini cgi.fix_pathinfo = 1 config parameter) 194 */ 195 196 if (opts->docroot) { 197 /* alternate docroot, e.g. for remote FastCGI or SCGI server */ 198 buffer_copy_path_len2(tb, BUF_PTR_LEN(opts->docroot), 199 BUF_PTR_LEN(&r->uri.path)); 200 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"), 201 BUF_PTR_LEN(tb)); 202 rc |= cb(vdata, CONST_STR_LEN("DOCUMENT_ROOT"), 203 BUF_PTR_LEN(opts->docroot)); 204 } 205 else { 206 if (opts->break_scriptfilename_for_php) { 207 /* php.ini config cgi.fix_pathinfo = 1 need a broken SCRIPT_FILENAME 208 * to find out what PATH_INFO is itself 209 * 210 * see src/sapi/cgi_main.c, init_request_info() 211 */ 212 buffer_copy_path_len2(tb, BUF_PTR_LEN(&r->physical.path), 213 BUF_PTR_LEN(&r->pathinfo)); 214 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"), 215 BUF_PTR_LEN(tb)); 216 } 217 else 218 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"), 219 BUF_PTR_LEN(&r->physical.path)); 220 rc |= cb(vdata, CONST_STR_LEN("DOCUMENT_ROOT"), 221 BUF_PTR_LEN(&r->physical.basedir)); 222 } 223 224 const buffer * const m = http_method_buf(r->http_method); 225 rc |= cb(vdata, CONST_STR_LEN("REQUEST_METHOD"), BUF_PTR_LEN(m)); 226 227 s = get_http_version_name(r->http_version); 228 force_assert(s); 229 rc |= cb(vdata, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s)); 230 231 if (r->conf.server_tag) { 232 s = r->conf.server_tag->ptr; 233 n = buffer_clen(r->conf.server_tag); 234 } 235 else { 236 s = ""; 237 n = 0; 238 } 239 rc |= cb(vdata, CONST_STR_LEN("SERVER_SOFTWARE"), s, n); 240 241 rc |= cb(vdata, CONST_STR_LEN("GATEWAY_INTERFACE"), 242 CONST_STR_LEN("CGI/1.1")); 243 244 rc |= cb(vdata, CONST_STR_LEN("REQUEST_SCHEME"), 245 BUF_PTR_LEN(&r->uri.scheme)); 246 247 if (buffer_is_equal_string(&r->uri.scheme, CONST_STR_LEN("https"))) 248 rc |= cb(vdata, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on")); 249 250 const connection * const con = r->con; 251 const server_socket * const srv_sock = con->srv_socket; 252 const size_t tlen = buffer_clen(srv_sock->srv_token); 253 n = srv_sock->srv_token_colon; 254 if (n < tlen) { /*(n != tlen)*/ 255 s = srv_sock->srv_token->ptr+n+1; 256 n = tlen - (n+1); 257 } 258 else { 259 s = "0"; 260 n = 1; 261 } 262 rc |= cb(vdata, CONST_STR_LEN("SERVER_PORT"), s, n); 263 264 n = 0; 265 switch (sock_addr_get_family(&srv_sock->addr)) { 266 case AF_INET: 267 case AF_INET6: 268 if (sock_addr_is_addr_wildcard(&srv_sock->addr)) { 269 sock_addr addrbuf; 270 socklen_t addrlen = sizeof(addrbuf); 271 if (0 == getsockname(con->fd,(struct sockaddr *)&addrbuf,&addrlen)){ 272 /* future: might add a one- or two- element cache 273 * or use sock_addr_cache_inet_ntop_copy_buffer() into tb */ 274 s = sock_addr_inet_ntop(&addrbuf, buf, sizeof(buf)); 275 if (s) 276 n = strlen(s); 277 else 278 s = ""; 279 } 280 else 281 s = ""; 282 } 283 else { 284 s = srv_sock->srv_token->ptr; 285 n = srv_sock->srv_token_colon; 286 } 287 break; 288 default: 289 s = ""; 290 break; 291 } 292 rc |= cb(vdata, CONST_STR_LEN("SERVER_ADDR"), s, n); 293 294 n = buffer_clen(r->server_name); 295 if (n) { 296 s = r->server_name->ptr; 297 if (s[0] == '[') { 298 const char *colon = strstr(s, "]:"); 299 if (colon) n = (colon + 1) - s; 300 } 301 else { 302 const char *colon = strchr(s, ':'); 303 if (colon) n = colon - s; 304 } 305 } /* else set to be same as SERVER_ADDR (above) */ 306 rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), s, n); 307 308 rc |= cb(vdata, CONST_STR_LEN("REMOTE_ADDR"), 309 BUF_PTR_LEN(r->dst_addr_buf)); 310 311 rc |= cb(vdata, CONST_STR_LEN("REMOTE_PORT"), buf, 312 li_utostrn(buf, sizeof(buf), sock_addr_get_port(r->dst_addr))); 313 314 for (n = 0; n < r->rqst_headers.used; n++) { 315 data_string *ds = (data_string *)r->rqst_headers.data[n]; 316 if (!buffer_is_blank(&ds->value) && !buffer_is_unset(&ds->key)) { 317 /* Security: Do not emit HTTP_PROXY in environment. 318 * Some executables use HTTP_PROXY to configure 319 * outgoing proxy. See also https://httpoxy.org/ */ 320 if (ds->ext == HTTP_HEADER_OTHER 321 && buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Proxy"))) { 322 continue; 323 } 324 else if (ds->ext == HTTP_HEADER_CONTENT_TYPE) 325 buffer_copy_string_len(tb, CONST_STR_LEN("CONTENT_TYPE")); 326 else 327 http_cgi_encode_varname(tb, BUF_PTR_LEN(&ds->key), 1); 328 rc |= cb(vdata, BUF_PTR_LEN(tb), 329 BUF_PTR_LEN(&ds->value)); 330 } 331 } 332 333 con->srv->request_env(r); 334 335 for (n = 0; n < r->env.used; n++) { 336 data_string *ds = (data_string *)r->env.data[n]; 337 if (!buffer_is_unset(&ds->value) && !buffer_is_unset(&ds->key)) { 338 http_cgi_encode_varname(tb, BUF_PTR_LEN(&ds->key), 0); 339 rc |= cb(vdata, BUF_PTR_LEN(tb), 340 BUF_PTR_LEN(&ds->value)); 341 } 342 } 343 344 return rc; 345 } 346