xref: /lighttpd1.4/src/http_header.c (revision 3fbb5773) 
1 /*
2  * http_header - HTTP header manipulation interfaces
3  *
4  * Copyright(c) 2018 Glenn Strauss gstrauss()gluelogic.com  All rights reserved
5  * License: BSD 3-clause (same as lighttpd)
6  */
7 #include "first.h"
8 
9 #include <string.h>
10 #include "sys-strings.h"
11 
12 #include "http_header.h"
13 #include "base.h"
14 #include "array.h"
15 #include "buffer.h"
16 
17 
18 typedef struct keyvlenvalue {
19     const  int16_t key;
20     const uint16_t vlen;
21     const char value[28];
22 } keyvlenvalue;
23 
24 /* Note: must be sorted by length */
25 /* Note: must be kept in sync with http_header.h enum http_header_e */
26 /* Note: must be kept in sync http_headers[] and http_headers_off[] */
27 /* Note: must be kept in sync h2.c:http_header_lc[] */
28 /* Note: must be kept in sync h2.c:http_header_lshpack_idx[] */
29 /* Note: must be kept in sync h2.c:lshpack_idx_http_header[] */
30 /* http_headers_off lists first offset at which string of specific len occur */
31 static const int8_t http_headers_off[] = {
32   -1, -1,  0,  1,  4,  9, 11, 17, 21, 25, 27, -1, 30, 31,
33   37, 40, 45, 49, -1, 52, -1, -1, 53, 54, -1, 55, -1, 57
34 };
35 static const keyvlenvalue http_headers[] = {
36   { HTTP_HEADER_TE,                          CONST_LEN_STR("te") }
37  ,{ HTTP_HEADER_AGE,                         CONST_LEN_STR("age") }
38  ,{ HTTP_HEADER_DNT,                         CONST_LEN_STR("dnt") }
39  ,{ HTTP_HEADER_P3P,                         CONST_LEN_STR("p3p") }
40  ,{ HTTP_HEADER_HOST,                        CONST_LEN_STR("host") }
41  ,{ HTTP_HEADER_DATE,                        CONST_LEN_STR("date") }
42  ,{ HTTP_HEADER_ETAG,                        CONST_LEN_STR("etag") }
43  ,{ HTTP_HEADER_VARY,                        CONST_LEN_STR("vary") }
44  ,{ HTTP_HEADER_LINK,                        CONST_LEN_STR("link") }
45  ,{ HTTP_HEADER_ALLOW,                       CONST_LEN_STR("allow") }
46  ,{ HTTP_HEADER_RANGE,                       CONST_LEN_STR("range") }
47  ,{ HTTP_HEADER_COOKIE,                      CONST_LEN_STR("cookie") }
48  ,{ HTTP_HEADER_ACCEPT,                      CONST_LEN_STR("accept") }
49  ,{ HTTP_HEADER_STATUS,                      CONST_LEN_STR("status") }
50  ,{ HTTP_HEADER_SERVER,                      CONST_LEN_STR("server") }
51  ,{ HTTP_HEADER_EXPECT,                      CONST_LEN_STR("expect") }
52  ,{ HTTP_HEADER_PRAGMA,                      CONST_LEN_STR("pragma") }
53  ,{ HTTP_HEADER_UPGRADE,                     CONST_LEN_STR("upgrade") }
54  ,{ HTTP_HEADER_REFERER,                     CONST_LEN_STR("referer") }
55  ,{ HTTP_HEADER_EXPIRES,                     CONST_LEN_STR("expires") }
56  ,{ HTTP_HEADER_ALT_SVC,                     CONST_LEN_STR("alt-svc") }
57  ,{ HTTP_HEADER_LOCATION,                    CONST_LEN_STR("location") }
58  ,{ HTTP_HEADER_IF_MATCH,                    CONST_LEN_STR("if-match") }
59  ,{ HTTP_HEADER_IF_RANGE,                    CONST_LEN_STR("if-range") }
60  ,{ HTTP_HEADER_ALT_USED,                    CONST_LEN_STR("alt-used") }
61  ,{ HTTP_HEADER_FORWARDED,                   CONST_LEN_STR("forwarded") }
62  ,{ HTTP_HEADER_EXPECT_CT,                   CONST_LEN_STR("expect-ct") }
63  ,{ HTTP_HEADER_CONNECTION,                  CONST_LEN_STR("connection") }
64  ,{ HTTP_HEADER_SET_COOKIE,                  CONST_LEN_STR("set-cookie") }
65  ,{ HTTP_HEADER_USER_AGENT,                  CONST_LEN_STR("user-agent") }
66  ,{ HTTP_HEADER_CONTENT_TYPE,                CONST_LEN_STR("content-type") }
67  ,{ HTTP_HEADER_LAST_MODIFIED,               CONST_LEN_STR("last-modified") }
68  ,{ HTTP_HEADER_AUTHORIZATION,               CONST_LEN_STR("authorization") }
69  ,{ HTTP_HEADER_IF_NONE_MATCH,               CONST_LEN_STR("if-none-match") }
70  ,{ HTTP_HEADER_CACHE_CONTROL,               CONST_LEN_STR("cache-control") }
71  ,{ HTTP_HEADER_ACCEPT_RANGES,               CONST_LEN_STR("accept-ranges") }
72  ,{ HTTP_HEADER_CONTENT_RANGE,               CONST_LEN_STR("content-range") }
73  ,{ HTTP_HEADER_CONTENT_LENGTH,              CONST_LEN_STR("content-length") }
74  ,{ HTTP_HEADER_HTTP2_SETTINGS,              CONST_LEN_STR("http2-settings") }
75  ,{ HTTP_HEADER_ONION_LOCATION,              CONST_LEN_STR("onion-location") }
76  ,{ HTTP_HEADER_ACCEPT_ENCODING,             CONST_LEN_STR("accept-encoding") }
77  ,{ HTTP_HEADER_ACCEPT_LANGUAGE,             CONST_LEN_STR("accept-language") }
78  ,{ HTTP_HEADER_REFERRER_POLICY,             CONST_LEN_STR("referrer-policy") }
79  ,{ HTTP_HEADER_X_FORWARDED_FOR,             CONST_LEN_STR("x-forwarded-for") }
80  ,{ HTTP_HEADER_X_FRAME_OPTIONS,             CONST_LEN_STR("x-frame-options") }
81  ,{ HTTP_HEADER_WWW_AUTHENTICATE,            CONST_LEN_STR("www-authenticate") }
82  ,{ HTTP_HEADER_CONTENT_ENCODING,            CONST_LEN_STR("content-encoding") }
83  ,{ HTTP_HEADER_CONTENT_LOCATION,            CONST_LEN_STR("content-location") }
84  ,{ HTTP_HEADER_X_XSS_PROTECTION,            CONST_LEN_STR("x-xss-protection") }
85  ,{ HTTP_HEADER_IF_MODIFIED_SINCE,           CONST_LEN_STR("if-modified-since") }
86  ,{ HTTP_HEADER_TRANSFER_ENCODING,           CONST_LEN_STR("transfer-encoding") }
87  ,{ HTTP_HEADER_X_FORWARDED_PROTO,           CONST_LEN_STR("x-forwarded-proto") }
88  ,{ HTTP_HEADER_IF_UNMODIFIED_SINCE,         CONST_LEN_STR("if-unmodified-since") }
89  ,{ HTTP_HEADER_X_CONTENT_TYPE_OPTIONS,      CONST_LEN_STR("x-content-type-options") }
90  ,{ HTTP_HEADER_CONTENT_SECURITY_POLICY,     CONST_LEN_STR("content-security-policy") }
91  ,{ HTTP_HEADER_STRICT_TRANSPORT_SECURITY,   CONST_LEN_STR("strict-transport-security") }
92  ,{ HTTP_HEADER_UPGRADE_INSECURE_REQUESTS,   CONST_LEN_STR("upgrade-insecure-requests") }
93  ,{ HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, CONST_LEN_STR("access-control-allow-origin") }
94  ,{ HTTP_HEADER_OTHER, 0, "" }
95 };
96 
97 enum http_header_e http_header_hkey_get(const char * const s, const uint32_t slen) {
98     const struct keyvlenvalue * const kv = http_headers;
99     int i = slen < sizeof(http_headers_off) ? http_headers_off[slen] : -1;
100     if (i < 0) return HTTP_HEADER_OTHER;
101     do {
102         if (buffer_eq_icase_ssn(s, kv[i].value, slen))
103             return (enum http_header_e)kv[i].key;
104     } while (slen == kv[++i].vlen);
105     return HTTP_HEADER_OTHER;
106 }
107 
108 enum http_header_e http_header_hkey_get_lc(const char * const s, const uint32_t slen) {
109     const struct keyvlenvalue * const kv = http_headers;
110     int i = slen < sizeof(http_headers_off) ? http_headers_off[slen] : -1;
111     if (i < 0) return HTTP_HEADER_OTHER;
112     do {
113         if (0 == memcmp(s, kv[i].value, slen))
114             return (enum http_header_e)kv[i].key;
115     } while (slen == kv[++i].vlen);
116     return HTTP_HEADER_OTHER;
117 }
118 
119 
120 int http_header_str_to_code (const char * const s)
121 {
122     /*(more strict than strtol(); exactly 3 digits followed by SP/TAB/NIL)*/
123     return (light_isdigit(s[0]) && light_isdigit(s[1]) && light_isdigit(s[2])
124             && (s[3] == '\0' || s[3] == ' ' || s[3] == '\t'))
125       ? (s[0]-'0')*100 + (s[1]-'0')*10 + (s[2]-'0')
126       : -1;
127 }
128 
129 int http_header_str_contains_token (const char * const s, const uint32_t slen, const char * const m, const uint32_t mlen)
130 {
131     /*if (slen < mlen) return 0;*//*(possible optimizations for caller)*/
132     /*if (slen == mlen && buffer_eq_icase_ssn(s, m, mlen)) return 1;*/
133     /*(note: does not handle quoted-string)*/
134     uint32_t i = 0;
135     do {
136         while (i < slen &&  (s[i]==' ' || s[i]=='\t' || s[i]==',')) ++i;
137         if (slen - i < mlen) return 0;
138         if (buffer_eq_icase_ssn(s+i, m, mlen)) {
139             i += mlen;
140             if (i == slen || s[i]==' ' || s[i]=='\t' || s[i]==',' || s[i]==';')
141                 return 1;
142         }
143         while (i < slen &&   s[i]!=',') ++i;
144     } while (i < slen);
145     return 0;
146 }
147 
148 
149 int http_header_remove_token (buffer * const b, const char * const m, const uint32_t mlen)
150 {
151     /*(remove all instance of token from string)*/
152     /*(note: does not handle quoted-string)*/
153     int rc = 0;
154     for (char *s = b->ptr; s; ) {
155         while (*s == ' ' || *s == '\t' || *s == ',') ++s;
156         if (0 == strncasecmp(s, m, mlen)) {
157             s += mlen;
158             if (*s=='\0' || *s==' ' || *s=='\t' || *s==',' || *s==';') {
159                 memset(s-mlen, ' ', mlen);
160                 while (*s != '\0' && *s != ',') ++s;
161                 rc = 1;
162                 if (*s == ',') {
163                     *s++ = ' ';
164                     continue;
165                 }
166                 else {
167                     for (s -= mlen; *s != ',' && s != b->ptr; --s) ;
168                     buffer_string_set_length(b, (size_t)(s - b->ptr));
169                     break;
170                 }
171             }
172         }
173         s = strchr(s, ',');
174     }
175     return rc;
176 }
177 
178 
179 static inline void http_header_token_append(buffer * const vb, const char * const v, const uint32_t vlen) {
180     if (!buffer_string_is_empty(vb))
181         buffer_append_string_len(vb, CONST_STR_LEN(", "));
182     buffer_append_string_len(vb, v, vlen);
183 }
184 
185 __attribute_cold__
186 static inline void http_header_token_append_cookie(buffer * const vb, const char * const v, const uint32_t vlen) {
187     /* Cookie request header must be special-cased to use ';' separator
188      * instead of ',' to combine multiple headers (if present) */
189     if (!buffer_string_is_empty(vb))
190         buffer_append_string_len(vb, CONST_STR_LEN("; "));
191     buffer_append_string_len(vb, v, vlen);
192 }
193 
194 __attribute_pure__
195 static inline buffer * http_header_generic_get_ifnotempty(const array * const a, const enum http_header_e id, const char * const k, const uint32_t klen) {
196     data_string * const ds =
197       (data_string *)array_get_element_klen_ext(a, id, k, klen);
198     return ds && !buffer_string_is_empty(&ds->value) ? &ds->value : NULL;
199 }
200 
201 static inline void http_header_set_key_value(array * const a, enum http_header_e id, const char * const k, const size_t klen, const char * const v, const size_t vlen) {
202     buffer_copy_string_len(array_get_buf_ptr_ext(a, id, k, klen), v, vlen);
203 }
204 
205 
206 buffer * http_header_response_get(const request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
207     return light_btst(r->resp_htags, id)
208       ? http_header_generic_get_ifnotempty(&r->resp_headers, id, k, klen)
209       : NULL;
210 }
211 
212 void http_header_response_unset(request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
213     if (light_btst(r->resp_htags, id)) {
214         /* (do not clear bit for HTTP_HEADER_OTHER,
215          *  as there might be addtl "other" headers) */
216         if (id > HTTP_HEADER_OTHER) light_bclr(r->resp_htags, id);
217         http_header_set_key_value(&r->resp_headers,id,k,klen,CONST_STR_LEN(""));
218     }
219 }
220 
221 void http_header_response_set(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
222     /* set value, including setting blank value if 0 == vlen
223      * (note: if 0 == vlen, header is still inserted with blank value,
224      *  which is used to indicate a "removed" header)
225      * (do not clear bit for HTTP_HEADER_OTHER if 0 == vlen,
226      *  as there might be addtl "other" headers) */
227     (vlen)
228       ? light_bset(r->resp_htags, id)
229       : (id > HTTP_HEADER_OTHER ? light_bclr(r->resp_htags, id) : 0);
230     http_header_set_key_value(&r->resp_headers, id, k, klen, v, vlen);
231 }
232 
233 void http_header_response_append(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
234     if (0 == vlen) return;
235     light_bset(r->resp_htags, id);
236     buffer * const vb = array_get_buf_ptr_ext(&r->resp_headers, id, k, klen);
237     http_header_token_append(vb, v, vlen);
238 }
239 
240 __attribute_cold__
241 static void http_header_response_insert_addtl(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, buffer * const vb, uint32_t vlen) {
242     UNUSED(id);
243     buffer_append_string_len(vb, CONST_STR_LEN("\r\n"));
244     if (r->http_version >= HTTP_VERSION_2) {
245         r->resp_header_repeated = 1;
246         char * const h = buffer_string_prepare_append(vb, klen + vlen + 2);
247         for (uint32_t i = 0; i < klen; ++i)
248             h[i] = !light_isupper(k[i]) ? k[i] : (k[i] | 0x20);
249         buffer_commit(vb, klen);
250     }
251     else
252         buffer_append_string_len(vb, k, klen);
253     buffer_append_string_len(vb, CONST_STR_LEN(": "));
254 }
255 
256 void http_header_response_insert(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
257     if (0 == vlen) return;
258     light_bset(r->resp_htags, id);
259     buffer * const vb = array_get_buf_ptr_ext(&r->resp_headers, id, k, klen);
260     if (!buffer_string_is_empty(vb)) /*append repeated field-name on new line*/
261         http_header_response_insert_addtl(r, id, k, klen, vb, vlen);
262     buffer_append_string_len(vb, v, vlen);
263 }
264 
265 
266 buffer * http_header_request_get(const request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
267     return light_btst(r->rqst_htags, id)
268       ? http_header_generic_get_ifnotempty(&r->rqst_headers, id, k, klen)
269       : NULL;
270 }
271 
272 void http_header_request_unset(request_st * const r, enum http_header_e id, const char *k, uint32_t klen) {
273     if (light_btst(r->rqst_htags, id)) {
274         /* (do not clear bit for HTTP_HEADER_OTHER,
275          *  as there might be addtl "other" headers) */
276         if (id > HTTP_HEADER_OTHER) light_bclr(r->rqst_htags, id);
277         http_header_set_key_value(&r->rqst_headers,id,k,klen,CONST_STR_LEN(""));
278     }
279 }
280 
281 void http_header_request_set(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
282     /* set value, including setting blank value if 0 == vlen
283      * (note: if 0 == vlen, header is still inserted with blank value,
284      *  which is used to indicate a "removed" header)
285      * (do not clear bit for HTTP_HEADER_OTHER if 0 == vlen,
286      *  as there might be addtl "other" headers) */
287     (vlen)
288       ? light_bset(r->rqst_htags, id)
289       : (id > HTTP_HEADER_OTHER ? light_bclr(r->rqst_htags, id) : 0);
290     http_header_set_key_value(&r->rqst_headers, id, k, klen, v, vlen);
291 }
292 
293 void http_header_request_append(request_st * const r, enum http_header_e id, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
294     if (0 == vlen) return;
295     light_bset(r->rqst_htags, id);
296     buffer * const vb = array_get_buf_ptr_ext(&r->rqst_headers, id, k, klen);
297     if (id != HTTP_HEADER_COOKIE)
298         http_header_token_append(vb, v, vlen);
299     else
300         http_header_token_append_cookie(vb, v, vlen);
301 }
302 
303 
304 buffer * http_header_env_get(const request_st * const r, const char *k, uint32_t klen) {
305     /* similar to http_header_generic_get_ifnotempty() but without id */
306     data_string * const ds =
307       (data_string *)array_get_element_klen(&r->env, k, klen);
308     return ds && !buffer_string_is_empty(&ds->value) ? &ds->value : NULL;
309 }
310 
311 void http_header_env_set(request_st * const r, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
312     array_set_key_value(&r->env, k, klen, v, vlen);
313 }
314 
315 void http_header_env_append(request_st * const r, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
316     /*if (0 == vlen) return;*//* skip check; permit env var w/ blank value */
317     buffer * const vb = array_get_buf_ptr(&r->env, k, klen);
318     if (0 == vlen) return;
319     http_header_token_append(vb, v, vlen);
320 }
321 
322 
323 uint32_t
324 http_header_parse_hoff (const char *n, const uint32_t clen, unsigned short hoff[8192])
325 {
326     uint32_t hlen = 0;
327     for (const char *b; (n = memchr((b = n),'\n',clen-hlen)); ++n) {
328         uint32_t x = (uint32_t)(n - b + 1);
329         hlen += x;
330         if (x <= 2 && (x == 1 || n[-1] == '\r')) {
331             hoff[hoff[0]+1] = hlen;
332             return hlen;
333         }
334         if (++hoff[0] >= /*sizeof(hoff)/sizeof(hoff[0])-1*/ 8192-1) break;
335         hoff[hoff[0]] = hlen;
336     }
337     return 0;
338 }
339