1 /*
2 * http_cgi - Common Gateway Interface (CGI) interfaces (RFC 3875)
3 *
4 * Copyright(c) 2016-2017 Glenn Strauss gstrauss()gluelogic.com All rights reserved
5 * License: BSD 3-clause (same as lighttpd)
6 */
7 #include "first.h"
8
9 #include "http_cgi.h"
10
11 #include "sys-socket.h"
12 #include <string.h>
13
14 #include "base.h"
15 #include "array.h"
16 #include "buffer.h"
17 #include "chunk.h"
18 #include "log.h"
19 #include "http_header.h"
20 #include "sock_addr.h"
21
22 handler_t
http_cgi_local_redir(request_st * const r)23 http_cgi_local_redir (request_st * const r)
24 {
25 /* [RFC3875] The Common Gateway Interface (CGI) Version 1.1
26 * [RFC3875] 6.2.2 Local Redirect Response
27 *
28 * The CGI script can return a URI path and query-string
29 * ('local-pathquery') for a local resource in a Location header field.
30 * This indicates to the server that it should reprocess the request
31 * using the path specified.
32 *
33 * local-redir-response = local-Location NL
34 *
35 * The script MUST NOT return any other header fields or a message-body,
36 * and the server MUST generate the response that it would have produced
37 * in response to a request containing the URL
38 *
39 * scheme "://" server-name ":" server-port local-pathquery
40 *
41 * (While not required by the RFC, do not send local-redir back to same URL
42 * since CGI should have handled it internally if it really wanted to do
43 * that internally)
44 */
45
46 size_t ulen = buffer_clen(&r->uri.path);
47 const buffer *vb = http_header_response_get(r, HTTP_HEADER_LOCATION,
48 CONST_STR_LEN("Location"));
49 if (NULL != vb
50 && vb->ptr[0] == '/'
51 && (0 != strncmp(vb->ptr, r->uri.path.ptr, ulen)
52 || ( vb->ptr[ulen] != '\0'
53 && vb->ptr[ulen] != '/'
54 && vb->ptr[ulen] != '?'))
55 && 1 == r->resp_headers.used /*"Location"; no "Status" or NPH response*/
56 && r->http_status >= 300 && r->http_status < 400) {
57 if (++r->loops_per_request > 5) {
58 log_error(r->conf.errh, __FILE__, __LINE__,
59 "too many internal loops while processing request: %s",
60 r->target_orig.ptr);
61 r->http_status = 500; /* Internal Server Error */
62 r->resp_body_started = 0;
63 r->handler_module = NULL;
64 return HANDLER_FINISHED;
65 }
66
67 buffer_copy_buffer(&r->target, vb);
68 buffer_clear(&r->pathinfo);
69
70 if (r->reqbody_length) {
71 if (r->reqbody_length != r->reqbody_queue.bytes_in)
72 r->keep_alive = 0;
73 r->reqbody_length = 0;
74 chunkqueue_reset(&r->reqbody_queue);
75 }
76
77 if (r->http_status != 307 && r->http_status != 308) {
78 /* Note: request body (if any) sent to initial dynamic handler
79 * and is not available to the internal redirect */
80 r->http_method = HTTP_METHOD_GET;
81 }
82
83 /*(caller must reset request as follows)*/
84 /*http_response_reset(r);*/ /*(sets r->http_status = 0)*/
85 /*r->con->srv->plugins_request_reset(r);*/
86
87 return HANDLER_COMEBACK;
88 }
89
90 return HANDLER_GO_ON;
91 }
92
93
94 static void
http_cgi_encode_varname(buffer * const b,const char * const restrict s,const size_t len,const int is_http_header)95 http_cgi_encode_varname (buffer * const b, const char * const restrict s, const size_t len, const int is_http_header)
96 {
97 char * const restrict p = buffer_string_prepare_copy(b, len + 5);
98 size_t i, j = 0;
99
100 if (is_http_header) {
101 #if 0 /*(special-cased in caller that sets is_http_header)*/
102 if (len == 12 && buffer_eq_icase_ssn(s, "Content-Type", 12)) {
103 buffer_copy_string_len(b, CONST_STR_LEN("CONTENT_TYPE"));
104 return;
105 }
106 #endif
107 memcpy(p, "HTTP_", 5);
108 j = 5; /* "HTTP_" */
109 }
110
111 for (i = 0; i < len; ++i) {/* uppercase alpha, pass numeric, map rest '_' */
112 const unsigned char c = s[i];
113 p[j++] = light_isalpha(c) ? c & ~0x20 : light_isdigit(c) ? c : '_';
114 }
115 buffer_truncate(b, j);
116 }
117
118
119 int
http_cgi_headers(request_st * const r,http_cgi_opts * const opts,http_cgi_header_append_cb cb,void * vdata)120 http_cgi_headers (request_st * const r, http_cgi_opts * const opts, http_cgi_header_append_cb cb, void *vdata)
121 {
122 /* CGI-SPEC 6.1.2, FastCGI spec 6.3 and SCGI spec */
123
124 /* note: string ptrs passed to cb() func must not be NULL */
125
126 int rc = 0;
127 uint32_t len;
128 buffer * const tb = r->tmp_buf;
129 const char *s;
130 size_t n;
131 char buf[INET6_ADDRSTRLEN + 1]; /*(also larger than LI_ITOSTRING_LENGTH)*/
132
133 /* (CONTENT_LENGTH must be first for SCGI) */
134 if (!opts->authorizer)
135 rc |= cb(vdata, CONST_STR_LEN("CONTENT_LENGTH"),
136 buf, li_itostrn(buf,sizeof(buf),r->reqbody_length));
137
138 n = buffer_clen(&r->uri.query);
139 rc |= cb(vdata, CONST_STR_LEN("QUERY_STRING"),
140 n ? r->uri.query.ptr : "", n);
141
142 s = r->target_orig.ptr;
143 n = buffer_clen(&r->target_orig);
144 len = opts->strip_request_uri ? buffer_clen(opts->strip_request_uri) : 0;
145 if (len) {
146 /* e.g. /app1/index/list
147 * stripping /app1 or /app1/ should lead to /index/list
148 * (trailing slash removed from strip_request_uri at config time)*/
149 if (n < len || 0 != memcmp(s, opts->strip_request_uri->ptr, len)
150 || s[len] != '/')
151 len = 0;
152 }
153 rc |= cb(vdata, CONST_STR_LEN("REQUEST_URI"), s+len, n-len);
154
155 if (!buffer_is_equal(&r->target, &r->target_orig))
156 rc |= cb(vdata, CONST_STR_LEN("REDIRECT_URI"),
157 BUF_PTR_LEN(&r->target));
158
159 /* set REDIRECT_STATUS for php compiled with --force-redirect
160 * (if REDIRECT_STATUS has not already been set by error handler) */
161 if (0 == r->error_handler_saved_status)
162 rc |= cb(vdata, CONST_STR_LEN("REDIRECT_STATUS"),
163 CONST_STR_LEN("200"));
164
165 /*
166 * SCRIPT_NAME, PATH_INFO and PATH_TRANSLATED according to
167 * http://cgi-spec.golux.com/draft-coar-cgi-v11-03-clean.html
168 * (6.1.14, 6.1.6, 6.1.7)
169 */
170 if (!opts->authorizer) {
171 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_NAME"),
172 BUF_PTR_LEN(&r->uri.path));
173 if (!buffer_is_blank(&r->pathinfo)) {
174 rc |= cb(vdata, CONST_STR_LEN("PATH_INFO"),
175 BUF_PTR_LEN(&r->pathinfo));
176 /* PATH_TRANSLATED is only defined if PATH_INFO is set
177 * Note: not implemented: re-url-encode '?' '=' ';' for
178 * (RFC 3875 4.1.6) */
179 const buffer * const bd = (opts->docroot)
180 ? opts->docroot
181 : &r->physical.basedir;
182 buffer_copy_path_len2(tb, BUF_PTR_LEN(bd),
183 BUF_PTR_LEN(&r->pathinfo));
184 rc |= cb(vdata, CONST_STR_LEN("PATH_TRANSLATED"),
185 BUF_PTR_LEN(tb));
186 }
187 }
188
189 /*
190 * SCRIPT_FILENAME and DOCUMENT_ROOT for php
191 * The PHP manual http://www.php.net/manual/en/reserved.variables.php
192 * treatment of PATH_TRANSLATED is different from the one of CGI specs.
193 * (see php.ini cgi.fix_pathinfo = 1 config parameter)
194 */
195
196 if (opts->docroot) {
197 /* alternate docroot, e.g. for remote FastCGI or SCGI server */
198 buffer_copy_path_len2(tb, BUF_PTR_LEN(opts->docroot),
199 BUF_PTR_LEN(&r->uri.path));
200 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"),
201 BUF_PTR_LEN(tb));
202 rc |= cb(vdata, CONST_STR_LEN("DOCUMENT_ROOT"),
203 BUF_PTR_LEN(opts->docroot));
204 }
205 else {
206 if (opts->break_scriptfilename_for_php) {
207 /* php.ini config cgi.fix_pathinfo = 1 need a broken SCRIPT_FILENAME
208 * to find out what PATH_INFO is itself
209 *
210 * see src/sapi/cgi_main.c, init_request_info()
211 */
212 buffer_copy_path_len2(tb, BUF_PTR_LEN(&r->physical.path),
213 BUF_PTR_LEN(&r->pathinfo));
214 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"),
215 BUF_PTR_LEN(tb));
216 }
217 else
218 rc |= cb(vdata, CONST_STR_LEN("SCRIPT_FILENAME"),
219 BUF_PTR_LEN(&r->physical.path));
220 rc |= cb(vdata, CONST_STR_LEN("DOCUMENT_ROOT"),
221 BUF_PTR_LEN(&r->physical.basedir));
222 }
223
224 const buffer * const m = http_method_buf(r->http_method);
225 rc |= cb(vdata, CONST_STR_LEN("REQUEST_METHOD"), BUF_PTR_LEN(m));
226
227 s = get_http_version_name(r->http_version);
228 force_assert(s);
229 rc |= cb(vdata, CONST_STR_LEN("SERVER_PROTOCOL"), s, strlen(s));
230
231 if (r->conf.server_tag) {
232 s = r->conf.server_tag->ptr;
233 n = buffer_clen(r->conf.server_tag);
234 }
235 else {
236 s = "";
237 n = 0;
238 }
239 rc |= cb(vdata, CONST_STR_LEN("SERVER_SOFTWARE"), s, n);
240
241 rc |= cb(vdata, CONST_STR_LEN("GATEWAY_INTERFACE"),
242 CONST_STR_LEN("CGI/1.1"));
243
244 rc |= cb(vdata, CONST_STR_LEN("REQUEST_SCHEME"),
245 BUF_PTR_LEN(&r->uri.scheme));
246
247 if (buffer_is_equal_string(&r->uri.scheme, CONST_STR_LEN("https")))
248 rc |= cb(vdata, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
249
250 const connection * const con = r->con;
251 const server_socket * const srv_sock = con->srv_socket;
252 const size_t tlen = buffer_clen(srv_sock->srv_token);
253 n = srv_sock->srv_token_colon;
254 if (n < tlen) { /*(n != tlen)*/
255 s = srv_sock->srv_token->ptr+n+1;
256 n = tlen - (n+1);
257 }
258 else {
259 s = "0";
260 n = 1;
261 }
262 rc |= cb(vdata, CONST_STR_LEN("SERVER_PORT"), s, n);
263
264 n = 0;
265 switch (sock_addr_get_family(&srv_sock->addr)) {
266 case AF_INET:
267 case AF_INET6:
268 if (sock_addr_is_addr_wildcard(&srv_sock->addr)) {
269 sock_addr addrbuf;
270 socklen_t addrlen = sizeof(addrbuf);
271 if (0 == getsockname(con->fd,(struct sockaddr *)&addrbuf,&addrlen)){
272 /* future: might add a one- or two- element cache
273 * or use sock_addr_cache_inet_ntop_copy_buffer() into tb */
274 s = sock_addr_inet_ntop(&addrbuf, buf, sizeof(buf));
275 if (s)
276 n = strlen(s);
277 else
278 s = "";
279 }
280 else
281 s = "";
282 }
283 else {
284 s = srv_sock->srv_token->ptr;
285 n = srv_sock->srv_token_colon;
286 }
287 break;
288 default:
289 s = "";
290 break;
291 }
292 rc |= cb(vdata, CONST_STR_LEN("SERVER_ADDR"), s, n);
293
294 n = buffer_clen(r->server_name);
295 if (n) {
296 s = r->server_name->ptr;
297 if (s[0] == '[') {
298 const char *colon = strstr(s, "]:");
299 if (colon) n = (colon + 1) - s;
300 }
301 else {
302 const char *colon = strchr(s, ':');
303 if (colon) n = colon - s;
304 }
305 } /* else set to be same as SERVER_ADDR (above) */
306 rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), s, n);
307
308 rc |= cb(vdata, CONST_STR_LEN("REMOTE_ADDR"),
309 BUF_PTR_LEN(r->dst_addr_buf));
310
311 rc |= cb(vdata, CONST_STR_LEN("REMOTE_PORT"), buf,
312 li_utostrn(buf, sizeof(buf), sock_addr_get_port(r->dst_addr)));
313
314 for (n = 0; n < r->rqst_headers.used; n++) {
315 data_string *ds = (data_string *)r->rqst_headers.data[n];
316 if (!buffer_is_blank(&ds->value) && !buffer_is_unset(&ds->key)) {
317 /* Security: Do not emit HTTP_PROXY in environment.
318 * Some executables use HTTP_PROXY to configure
319 * outgoing proxy. See also https://httpoxy.org/ */
320 if (ds->ext == HTTP_HEADER_OTHER
321 && buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Proxy"))) {
322 continue;
323 }
324 else if (ds->ext == HTTP_HEADER_CONTENT_TYPE)
325 buffer_copy_string_len(tb, CONST_STR_LEN("CONTENT_TYPE"));
326 else
327 http_cgi_encode_varname(tb, BUF_PTR_LEN(&ds->key), 1);
328 rc |= cb(vdata, BUF_PTR_LEN(tb),
329 BUF_PTR_LEN(&ds->value));
330 }
331 }
332
333 con->srv->request_env(r);
334
335 for (n = 0; n < r->env.used; n++) {
336 data_string *ds = (data_string *)r->env.data[n];
337 if (!buffer_is_unset(&ds->value) && !buffer_is_unset(&ds->key)) {
338 http_cgi_encode_varname(tb, BUF_PTR_LEN(&ds->key), 0);
339 rc |= cb(vdata, BUF_PTR_LEN(tb),
340 BUF_PTR_LEN(&ds->value));
341 }
342 }
343
344 return rc;
345 }
346