1 /*
2 * http_header - HTTP header manipulation interfaces
3 *
4 * Copyright(c) 2018 Glenn Strauss gstrauss()gluelogic.com All rights reserved
5 * License: BSD 3-clause (same as lighttpd)
6 */
7 #include "first.h"
8
9 #include <string.h>
10 #include "sys-strings.h"
11
12 #include "http_header.h"
13 #include "array.h"
14 #include "buffer.h"
15 #include "request.h"
16
17
18 typedef struct keyvlenvalue {
19 const int16_t key;
20 const uint16_t vlen;
21 const char value[28];
22 } keyvlenvalue;
23
24 /* Note: must be sorted by length */
25 /* Note: must be kept in sync with http_header.h enum http_header_e */
26 /* Note: must be kept in sync http_headers[] and http_headers_off[] */
27 /* Note: must be kept in sync h2.c:http_header_lc[] */
28 /* Note: must be kept in sync h2.c:http_header_lshpack_idx[] */
29 /* Note: must be kept in sync h2.c:lshpack_idx_http_header[] */
30 /* http_headers_off lists first offset at which string of specific len occur */
31 static const int8_t http_headers_off[] = {
32 -1, -1, 0, 1, 4, 9, 11, 17, 21, 26, 28, -1, 31, 32,
33 38, 41, 46, 50, -1, 53, -1, -1, 54, 55, -1, 56, -1, 58
34 };
35 static const keyvlenvalue http_headers[] = {
36 { HTTP_HEADER_TE, CONST_LEN_STR("te") }
37 ,{ HTTP_HEADER_AGE, CONST_LEN_STR("age") }
38 ,{ HTTP_HEADER_DNT, CONST_LEN_STR("dnt") }
39 ,{ HTTP_HEADER_P3P, CONST_LEN_STR("p3p") }
40 ,{ HTTP_HEADER_HOST, CONST_LEN_STR("host") }
41 ,{ HTTP_HEADER_DATE, CONST_LEN_STR("date") }
42 ,{ HTTP_HEADER_ETAG, CONST_LEN_STR("etag") }
43 ,{ HTTP_HEADER_VARY, CONST_LEN_STR("vary") }
44 ,{ HTTP_HEADER_LINK, CONST_LEN_STR("link") }
45 ,{ HTTP_HEADER_ALLOW, CONST_LEN_STR("allow") }
46 ,{ HTTP_HEADER_RANGE, CONST_LEN_STR("range") }
47 ,{ HTTP_HEADER_COOKIE, CONST_LEN_STR("cookie") }
48 ,{ HTTP_HEADER_ACCEPT, CONST_LEN_STR("accept") }
49 ,{ HTTP_HEADER_STATUS, CONST_LEN_STR("status") }
50 ,{ HTTP_HEADER_SERVER, CONST_LEN_STR("server") }
51 ,{ HTTP_HEADER_EXPECT, CONST_LEN_STR("expect") }
52 ,{ HTTP_HEADER_PRAGMA, CONST_LEN_STR("pragma") }
53 ,{ HTTP_HEADER_UPGRADE, CONST_LEN_STR("upgrade") }
54 ,{ HTTP_HEADER_REFERER, CONST_LEN_STR("referer") }
55 ,{ HTTP_HEADER_EXPIRES, CONST_LEN_STR("expires") }
56 ,{ HTTP_HEADER_ALT_SVC, CONST_LEN_STR("alt-svc") }
57 ,{ HTTP_HEADER_LOCATION, CONST_LEN_STR("location") }
58 ,{ HTTP_HEADER_PRIORITY, CONST_LEN_STR("priority") }
59 ,{ HTTP_HEADER_IF_MATCH, CONST_LEN_STR("if-match") }
60 ,{ HTTP_HEADER_IF_RANGE, CONST_LEN_STR("if-range") }
61 ,{ HTTP_HEADER_ALT_USED, CONST_LEN_STR("alt-used") }
62 ,{ HTTP_HEADER_FORWARDED, CONST_LEN_STR("forwarded") }
63 ,{ HTTP_HEADER_EXPECT_CT, CONST_LEN_STR("expect-ct") }
64 ,{ HTTP_HEADER_CONNECTION, CONST_LEN_STR("connection") }
65 ,{ HTTP_HEADER_SET_COOKIE, CONST_LEN_STR("set-cookie") }
66 ,{ HTTP_HEADER_USER_AGENT, CONST_LEN_STR("user-agent") }
67 ,{ HTTP_HEADER_CONTENT_TYPE, CONST_LEN_STR("content-type") }
68 ,{ HTTP_HEADER_LAST_MODIFIED, CONST_LEN_STR("last-modified") }
69 ,{ HTTP_HEADER_AUTHORIZATION, CONST_LEN_STR("authorization") }
70 ,{ HTTP_HEADER_IF_NONE_MATCH, CONST_LEN_STR("if-none-match") }
71 ,{ HTTP_HEADER_CACHE_CONTROL, CONST_LEN_STR("cache-control") }
72 ,{ HTTP_HEADER_ACCEPT_RANGES, CONST_LEN_STR("accept-ranges") }
73 ,{ HTTP_HEADER_CONTENT_RANGE, CONST_LEN_STR("content-range") }
74 ,{ HTTP_HEADER_CONTENT_LENGTH, CONST_LEN_STR("content-length") }
75 ,{ HTTP_HEADER_HTTP2_SETTINGS, CONST_LEN_STR("http2-settings") }
76 ,{ HTTP_HEADER_ONION_LOCATION, CONST_LEN_STR("onion-location") }
77 ,{ HTTP_HEADER_ACCEPT_ENCODING, CONST_LEN_STR("accept-encoding") }
78 ,{ HTTP_HEADER_ACCEPT_LANGUAGE, CONST_LEN_STR("accept-language") }
79 ,{ HTTP_HEADER_REFERRER_POLICY, CONST_LEN_STR("referrer-policy") }
80 ,{ HTTP_HEADER_X_FORWARDED_FOR, CONST_LEN_STR("x-forwarded-for") }
81 ,{ HTTP_HEADER_X_FRAME_OPTIONS, CONST_LEN_STR("x-frame-options") }
82 ,{ HTTP_HEADER_WWW_AUTHENTICATE, CONST_LEN_STR("www-authenticate") }
83 ,{ HTTP_HEADER_CONTENT_ENCODING, CONST_LEN_STR("content-encoding") }
84 ,{ HTTP_HEADER_CONTENT_LOCATION, CONST_LEN_STR("content-location") }
85 ,{ HTTP_HEADER_X_XSS_PROTECTION, CONST_LEN_STR("x-xss-protection") }
86 ,{ HTTP_HEADER_IF_MODIFIED_SINCE, CONST_LEN_STR("if-modified-since") }
87 ,{ HTTP_HEADER_TRANSFER_ENCODING, CONST_LEN_STR("transfer-encoding") }
88 ,{ HTTP_HEADER_X_FORWARDED_PROTO, CONST_LEN_STR("x-forwarded-proto") }
89 ,{ HTTP_HEADER_IF_UNMODIFIED_SINCE, CONST_LEN_STR("if-unmodified-since") }
90 ,{ HTTP_HEADER_X_CONTENT_TYPE_OPTIONS, CONST_LEN_STR("x-content-type-options") }
91 ,{ HTTP_HEADER_CONTENT_SECURITY_POLICY, CONST_LEN_STR("content-security-policy") }
92 ,{ HTTP_HEADER_STRICT_TRANSPORT_SECURITY, CONST_LEN_STR("strict-transport-security") }
93 ,{ HTTP_HEADER_UPGRADE_INSECURE_REQUESTS, CONST_LEN_STR("upgrade-insecure-requests") }
94 ,{ HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, CONST_LEN_STR("access-control-allow-origin") }
95 ,{ HTTP_HEADER_OTHER, 0, "" }
96 };
97
http_header_hkey_get(const char * const s,const size_t slen)98 enum http_header_e http_header_hkey_get(const char * const s, const size_t slen) {
99 if (__builtin_expect( (slen < sizeof(http_headers_off)), 1)) {
100 const int i = http_headers_off[slen];
101 /*(lowercase first char as all recognized headers start w/ alpha char)*/
102 const int c = s[0] | 0x20;
103 const struct keyvlenvalue * restrict kv = http_headers + i;
104 if (__builtin_expect( (i != -1), 1)) {
105 do {
106 if (__builtin_expect( (c != kv->value[0]), 1))
107 continue;
108 if (buffer_eq_icase_ssn(s+1, kv->value+1, slen-1))
109 return (enum http_header_e)kv->key;
110 } while (slen == (++kv)->vlen);
111 }
112 }
113 return HTTP_HEADER_OTHER;
114 }
115
http_header_hkey_get_lc(const char * const s,const size_t slen)116 enum http_header_e http_header_hkey_get_lc(const char * const s, const size_t slen) {
117 /* XXX: might not provide much real performance over http_header_hkey_get()
118 * (since the first-char comparison optimization was added)
119 * (and since well-known h2 headers are already mapped to hkey) */
120 if (__builtin_expect( (slen < sizeof(http_headers_off)), 1)) {
121 const int i = http_headers_off[slen];
122 const int c = s[0];
123 const struct keyvlenvalue * restrict kv = http_headers + i;
124 if (__builtin_expect( (i != -1), 1)) {
125 do {
126 if (__builtin_expect( (c != kv->value[0]), 1))
127 continue;
128 if (0 == memcmp(s+1, kv->value+1, slen-1))
129 return (enum http_header_e)kv->key;
130 } while (slen == (++kv)->vlen);
131 }
132 }
133 return HTTP_HEADER_OTHER;
134 }
135
136
http_header_str_to_code(const char * const s)137 int http_header_str_to_code (const char * const s)
138 {
139 /*(more strict than strtol(); exactly 3 digits followed by SP/TAB/NIL)*/
140 return (light_isdigit(s[0]) && light_isdigit(s[1]) && light_isdigit(s[2])
141 && (s[3] == '\0' || s[3] == ' ' || s[3] == '\t'))
142 ? (s[0]-'0')*100 + (s[1]-'0')*10 + (s[2]-'0')
143 : -1;
144 }
145
http_header_str_contains_token(const char * const s,const uint32_t slen,const char * const m,const uint32_t mlen)146 int http_header_str_contains_token (const char * const s, const uint32_t slen, const char * const m, const uint32_t mlen)
147 {
148 /*if (slen < mlen) return 0;*//*(possible optimizations for caller)*/
149 /*if (slen == mlen && buffer_eq_icase_ssn(s, m, mlen)) return 1;*/
150 /*(note: does not handle quoted-string)*/
151 uint32_t i = 0;
152 do {
153 while (i < slen && (s[i]==' ' || s[i]=='\t' || s[i]==',')) ++i;
154 if (slen - i < mlen) return 0;
155 if (buffer_eq_icase_ssn(s+i, m, mlen)) {
156 i += mlen;
157 if (i == slen || s[i]==' ' || s[i]=='\t' || s[i]==',' || s[i]==';')
158 return 1;
159 }
160 while (i < slen && s[i]!=',') ++i;
161 } while (i < slen);
162 return 0;
163 }
164
165
http_header_remove_token(buffer * const b,const char * const m,const uint32_t mlen)166 int http_header_remove_token (buffer * const b, const char * const m, const uint32_t mlen)
167 {
168 /*(remove all instance of token from string)*/
169 /*(note: does not handle quoted-string)*/
170 int rc = 0;
171 for (char *s = b->ptr; s; ) {
172 while (*s == ' ' || *s == '\t' || *s == ',') ++s;
173 if (0 == strncasecmp(s, m, mlen)) {
174 s += mlen;
175 if (*s=='\0' || *s==' ' || *s=='\t' || *s==',' || *s==';') {
176 memset(s-mlen, ' ', mlen);
177 while (*s != '\0' && *s != ',') ++s;
178 rc = 1;
179 if (*s == ',') {
180 *s++ = ' ';
181 continue;
182 }
183 else {
184 for (s -= mlen; *s != ',' && s != b->ptr; --s) ;
185 buffer_truncate(b, (size_t)(s - b->ptr));
186 break;
187 }
188 }
189 }
190 s = strchr(s, ',');
191 }
192 return rc;
193 }
194
195
http_header_token_append(buffer * const vb,const char * const v,const uint32_t vlen)196 static inline void http_header_token_append(buffer * const vb, const char * const v, const uint32_t vlen) {
197 if (!buffer_is_blank(vb))
198 buffer_append_string_len(vb, CONST_STR_LEN(", "));
199 buffer_append_string_len(vb, v, vlen);
200 }
201
202 __attribute_cold__
http_header_token_append_cookie(buffer * const vb,const char * const v,const uint32_t vlen)203 static inline void http_header_token_append_cookie(buffer * const vb, const char * const v, const uint32_t vlen) {
204 /* Cookie request header must be special-cased to use ';' separator
205 * instead of ',' to combine multiple headers (if present) */
206 if (!buffer_is_blank(vb))
207 buffer_append_string_len(vb, CONST_STR_LEN("; "));
208 buffer_append_string_len(vb, v, vlen);
209 }
210
211 __attribute_pure__
http_header_generic_get_ifnotempty(const array * const a,const enum http_header_e id,const char * const k,const uint32_t klen)212 static inline buffer * http_header_generic_get_ifnotempty(const array * const a, const enum http_header_e id, const char * const k, const uint32_t klen) {
213 data_string * const ds =
214 (data_string *)array_get_element_klen_ext(a, id, k, klen);
215 return ds && !buffer_is_blank(&ds->value) ? &ds->value : NULL;
216 }
217
http_header_set_key_value(array * const a,enum http_header_e id,const char * const k,const size_t klen,const char * const v,const size_t vlen)218 static inline void http_header_set_key_value(array * const a, enum http_header_e id, const char * const k, const size_t klen, const char * const v, const size_t vlen) {
219 buffer_copy_string_len(array_get_buf_ptr_ext(a, id, k, klen), v, vlen);
220 }
221
222
http_header_response_get(const request_st * const r,enum http_header_e id,const char * k,uint32_t klen)223 buffer * http_header_response_get(const request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
224 return light_btst(r->resp_htags, id)
225 ? http_header_generic_get_ifnotempty(&r->resp_headers, id, k, klen)
226 : NULL;
227 }
228
http_header_response_set_ptr(request_st * const r,enum http_header_e id,const char * k,uint32_t klen)229 buffer * http_header_response_set_ptr(request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
230 /* note: caller must not leave buffer empty
231 * or must call http_header_response_unset() */
232 light_bset(r->resp_htags, id);
233 buffer * const vb = array_get_buf_ptr_ext(&r->resp_headers, id, k, klen);
234 buffer_clear(vb);
235 return vb;
236 }
237
http_header_response_unset(request_st * const r,enum http_header_e id,const char * k,uint32_t klen)238 void http_header_response_unset(request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
239 if (light_btst(r->resp_htags, id)) {
240 /* (do not clear bit for HTTP_HEADER_OTHER,
241 * as there might be addtl "other" headers) */
242 if (id > HTTP_HEADER_OTHER) light_bclr(r->resp_htags, id);
243 http_header_set_key_value(&r->resp_headers,id,k,klen,CONST_STR_LEN(""));
244 }
245 }
246
http_header_response_set(request_st * const r,enum http_header_e id,const char * k,uint32_t klen,const char * v,uint32_t vlen)247 void http_header_response_set(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
248 /* set value, including setting blank value if 0 == vlen
249 * (note: if 0 == vlen, header is still inserted with blank value,
250 * which is used to indicate a "removed" header)
251 * (do not clear bit for HTTP_HEADER_OTHER if 0 == vlen,
252 * as there might be addtl "other" headers) */
253 (vlen)
254 ? light_bset(r->resp_htags, id)
255 : (id > HTTP_HEADER_OTHER ? light_bclr(r->resp_htags, id) : 0);
256 http_header_set_key_value(&r->resp_headers, id, k, klen, v, vlen);
257 }
258
http_header_response_append(request_st * const r,enum http_header_e id,const char * k,uint32_t klen,const char * v,uint32_t vlen)259 void http_header_response_append(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
260 if (0 == vlen) return;
261 light_bset(r->resp_htags, id);
262 buffer * const vb = array_get_buf_ptr_ext(&r->resp_headers, id, k, klen);
263 http_header_token_append(vb, v, vlen);
264 }
265
266 __attribute_cold__
http_header_response_insert_addtl(request_st * const r,enum http_header_e id,const char * k,uint32_t klen,buffer * const vb,uint32_t vlen)267 static void http_header_response_insert_addtl(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, buffer * const vb, uint32_t vlen) {
268 UNUSED(id);
269 char *h = buffer_string_prepare_append(vb, 2 + klen + vlen + 2);
270 buffer_append_str3(vb, CONST_STR_LEN("\r\n"), k, klen, CONST_STR_LEN(": "));
271 if (r->http_version >= HTTP_VERSION_2) {
272 r->resp_header_repeated = 1;
273 h += 2;
274 for (uint32_t i = 0; i < klen; ++i) {
275 if (light_isupper(h[i])) h[i] |= 0x20;
276 }
277 }
278 }
279
http_header_response_insert(request_st * const r,enum http_header_e id,const char * k,uint32_t klen,const char * v,uint32_t vlen)280 void http_header_response_insert(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
281 if (0 == vlen) return;
282 light_bset(r->resp_htags, id);
283 buffer * const vb = array_get_buf_ptr_ext(&r->resp_headers, id, k, klen);
284 if (!buffer_is_blank(vb)) /*append repeated field-name on new line*/
285 http_header_response_insert_addtl(r, id, k, klen, vb, vlen);
286 buffer_append_string_len(vb, v, vlen);
287 }
288
289
http_header_request_get(const request_st * const r,enum http_header_e id,const char * k,uint32_t klen)290 buffer * http_header_request_get(const request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
291 return light_btst(r->rqst_htags, id)
292 ? http_header_generic_get_ifnotempty(&r->rqst_headers, id, k, klen)
293 : NULL;
294 }
295
http_header_request_set_ptr(request_st * const r,enum http_header_e id,const char * k,uint32_t klen)296 buffer * http_header_request_set_ptr(request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
297 /* note: caller must not leave buffer empty
298 * or must call http_header_request_unset() */
299 light_bset(r->rqst_htags, id);
300 buffer * const vb = array_get_buf_ptr_ext(&r->rqst_headers, id, k, klen);
301 buffer_clear(vb);
302 return vb;
303 }
304
http_header_request_unset(request_st * const r,enum http_header_e id,const char * k,uint32_t klen)305 void http_header_request_unset(request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
306 if (light_btst(r->rqst_htags, id)) {
307 /* (do not clear bit for HTTP_HEADER_OTHER,
308 * as there might be addtl "other" headers) */
309 if (id > HTTP_HEADER_OTHER) light_bclr(r->rqst_htags, id);
310 http_header_set_key_value(&r->rqst_headers,id,k,klen,CONST_STR_LEN(""));
311 }
312 }
313
http_header_request_set(request_st * const r,enum http_header_e id,const char * k,uint32_t klen,const char * v,uint32_t vlen)314 void http_header_request_set(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
315 /* set value, including setting blank value if 0 == vlen
316 * (note: if 0 == vlen, header is still inserted with blank value,
317 * which is used to indicate a "removed" header)
318 * (do not clear bit for HTTP_HEADER_OTHER if 0 == vlen,
319 * as there might be addtl "other" headers) */
320 (vlen)
321 ? light_bset(r->rqst_htags, id)
322 : (id > HTTP_HEADER_OTHER ? light_bclr(r->rqst_htags, id) : 0);
323 http_header_set_key_value(&r->rqst_headers, id, k, klen, v, vlen);
324 }
325
http_header_request_append(request_st * const r,enum http_header_e id,const char * k,uint32_t klen,const char * v,uint32_t vlen)326 void http_header_request_append(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
327 if (0 == vlen) return;
328 light_bset(r->rqst_htags, id);
329 buffer * const vb = array_get_buf_ptr_ext(&r->rqst_headers, id, k, klen);
330 if (id != HTTP_HEADER_COOKIE)
331 http_header_token_append(vb, v, vlen);
332 else
333 http_header_token_append_cookie(vb, v, vlen);
334 }
335
336
http_header_env_get(const request_st * const r,const char * k,uint32_t klen)337 buffer * http_header_env_get(const request_st * const r, const char *k, uint32_t klen) {
338 /* similar to http_header_generic_get_ifnotempty() but without id */
339 data_string * const ds =
340 (data_string *)array_get_element_klen(&r->env, k, klen);
341 return ds && !buffer_is_blank(&ds->value) ? &ds->value : NULL;
342 }
343
http_header_env_set_ptr(request_st * r,const char * k,uint32_t klen)344 buffer * http_header_env_set_ptr(request_st *r, const char *k, uint32_t klen) {
345 buffer * const vb = array_get_buf_ptr(&r->env, k, klen);
346 buffer_clear(vb);
347 return vb;
348 }
349
http_header_env_set(request_st * const r,const char * k,uint32_t klen,const char * v,uint32_t vlen)350 void http_header_env_set(request_st * const r, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
351 array_set_key_value(&r->env, k, klen, v, vlen);
352 }
353
http_header_env_append(request_st * const r,const char * k,uint32_t klen,const char * v,uint32_t vlen)354 void http_header_env_append(request_st * const r, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
355 /*if (0 == vlen) return;*//* skip check; permit env var w/ blank value */
356 buffer * const vb = array_get_buf_ptr(&r->env, k, klen);
357 http_header_token_append(vb, v, vlen);
358 }
359
360
361 uint32_t
http_header_parse_hoff(const char * n,const uint32_t clen,unsigned short hoff[8192])362 http_header_parse_hoff (const char *n, const uint32_t clen, unsigned short hoff[8192])
363 {
364 uint32_t hlen = 0;
365 for (const char *b; (n = memchr((b = n),'\n',clen-hlen)); ++n) {
366 uint32_t x = (uint32_t)(n - b + 1);
367 hlen += x;
368 if (x <= 2 && (x == 1 || n[-1] == '\r')) {
369 hoff[hoff[0]+1] = hlen;
370 return hlen;
371 }
372 if (++hoff[0] >= /*sizeof(hoff)/sizeof(hoff[0])-1*/ 8192-1) break;
373 hoff[hoff[0]] = hlen;
374 }
375 return 0;
376 }
377