proto_http.c 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171
  1. /* Copyright (c) 2001 Matej Pfajfar.
  2. * Copyright (c) 2001-2004, Roger Dingledine.
  3. * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
  4. * Copyright (c) 2007-2017, The Tor Project, Inc. */
  5. /* See LICENSE for licensing information */
  6. #define PROTO_HTTP_PRIVATE
  7. #include "or.h"
  8. #include "buffers.h"
  9. #include "proto_http.h"
  10. /** Return true if <b>cmd</b> looks like a HTTP (proxy) request. */
  11. int
  12. peek_buf_has_http_command(const buf_t *buf)
  13. {
  14. if (buf_peek_startswith(buf, "CONNECT ") ||
  15. buf_peek_startswith(buf, "DELETE ") ||
  16. buf_peek_startswith(buf, "GET ") ||
  17. buf_peek_startswith(buf, "POST ") ||
  18. buf_peek_startswith(buf, "PUT " ))
  19. return 1;
  20. return 0;
  21. }
  22. /** There is a (possibly incomplete) http statement on <b>buf</b>, of the
  23. * form "\%s\\r\\n\\r\\n\%s", headers, body. (body may contain NULs.)
  24. * If a) the headers include a Content-Length field and all bytes in
  25. * the body are present, or b) there's no Content-Length field and
  26. * all headers are present, then:
  27. *
  28. * - strdup headers into <b>*headers_out</b>, and NUL-terminate it.
  29. * - memdup body into <b>*body_out</b>, and NUL-terminate it.
  30. * - Then remove them from <b>buf</b>, and return 1.
  31. *
  32. * - If headers or body is NULL, discard that part of the buf.
  33. * - If a headers or body doesn't fit in the arg, return -1.
  34. * (We ensure that the headers or body don't exceed max len,
  35. * _even if_ we're planning to discard them.)
  36. * - If force_complete is true, then succeed even if not all of the
  37. * content has arrived.
  38. *
  39. * Else, change nothing and return 0.
  40. */
  41. int
  42. fetch_from_buf_http(buf_t *buf,
  43. char **headers_out, size_t max_headerlen,
  44. char **body_out, size_t *body_used, size_t max_bodylen,
  45. int force_complete)
  46. {
  47. const char *headers;
  48. size_t headerlen, bodylen, contentlen=0;
  49. int crlf_offset;
  50. int r;
  51. if (buf_datalen(buf) == 0)
  52. return 0;
  53. crlf_offset = buf_find_string_offset(buf, "\r\n\r\n", 4);
  54. if (crlf_offset > (int)max_headerlen ||
  55. (crlf_offset < 0 && buf_datalen(buf) > max_headerlen)) {
  56. log_debug(LD_HTTP,"headers too long.");
  57. return -1;
  58. } else if (crlf_offset < 0) {
  59. log_debug(LD_HTTP,"headers not all here yet.");
  60. return 0;
  61. }
  62. /* Okay, we have a full header. Make sure it all appears in the first
  63. * chunk. */
  64. headerlen = crlf_offset + 4;
  65. size_t headers_in_chunk = 0;
  66. buf_pullup(buf, headerlen, &headers, &headers_in_chunk);
  67. bodylen = buf_datalen(buf) - headerlen;
  68. log_debug(LD_HTTP,"headerlen %d, bodylen %d.", (int)headerlen, (int)bodylen);
  69. if (max_headerlen <= headerlen) {
  70. log_warn(LD_HTTP,"headerlen %d larger than %d. Failing.",
  71. (int)headerlen, (int)max_headerlen-1);
  72. return -1;
  73. }
  74. if (max_bodylen <= bodylen) {
  75. log_warn(LD_HTTP,"bodylen %d larger than %d. Failing.",
  76. (int)bodylen, (int)max_bodylen-1);
  77. return -1;
  78. }
  79. r = buf_http_find_content_length(headers, headerlen, &contentlen);
  80. if (r == -1) {
  81. log_warn(LD_PROTOCOL, "Content-Length is bogus; maybe "
  82. "someone is trying to crash us.");
  83. return -1;
  84. } else if (r == 1) {
  85. /* if content-length is malformed, then our body length is 0. fine. */
  86. log_debug(LD_HTTP,"Got a contentlen of %d.",(int)contentlen);
  87. if (bodylen < contentlen) {
  88. if (!force_complete) {
  89. log_debug(LD_HTTP,"body not all here yet.");
  90. return 0; /* not all there yet */
  91. }
  92. }
  93. if (bodylen > contentlen) {
  94. bodylen = contentlen;
  95. log_debug(LD_HTTP,"bodylen reduced to %d.",(int)bodylen);
  96. }
  97. } else {
  98. tor_assert(r == 0);
  99. /* Leave bodylen alone */
  100. }
  101. /* all happy. copy into the appropriate places, and return 1 */
  102. if (headers_out) {
  103. *headers_out = tor_malloc(headerlen+1);
  104. buf_get_bytes(buf, *headers_out, headerlen);
  105. (*headers_out)[headerlen] = 0; /* NUL terminate it */
  106. }
  107. if (body_out) {
  108. tor_assert(body_used);
  109. *body_used = bodylen;
  110. *body_out = tor_malloc(bodylen+1);
  111. buf_get_bytes(buf, *body_out, bodylen);
  112. (*body_out)[bodylen] = 0; /* NUL terminate it */
  113. }
  114. return 1;
  115. }
  116. /**
  117. * Scan the HTTP headers in the <b>headerlen</b>-byte memory range at
  118. * <b>headers</b>, looking for a "Content-Length" header. Try to set
  119. * *<b>result_out</b> to the numeric value of that header if possible.
  120. * Return -1 if the header was malformed, 0 if it was missing, and 1 if
  121. * it was present and well-formed.
  122. */
  123. STATIC int
  124. buf_http_find_content_length(const char *headers, size_t headerlen,
  125. size_t *result_out)
  126. {
  127. const char *p, *newline;
  128. char *len_str, *eos=NULL;
  129. size_t remaining, result;
  130. int ok;
  131. *result_out = 0; /* The caller shouldn't look at this unless the
  132. * return value is 1, but let's prevent confusion */
  133. #define CONTENT_LENGTH "\r\nContent-Length: "
  134. p = (char*) tor_memstr(headers, headerlen, CONTENT_LENGTH);
  135. if (p == NULL)
  136. return 0;
  137. tor_assert(p >= headers && p < headers+headerlen);
  138. remaining = (headers+headerlen)-p;
  139. p += strlen(CONTENT_LENGTH);
  140. remaining -= strlen(CONTENT_LENGTH);
  141. newline = memchr(p, '\n', remaining);
  142. if (newline == NULL)
  143. return -1;
  144. len_str = tor_memdup_nulterm(p, newline-p);
  145. /* We limit the size to INT_MAX because other parts of the buffer.c
  146. * code don't like buffers to be any bigger than that. */
  147. result = (size_t) tor_parse_uint64(len_str, 10, 0, INT_MAX, &ok, &eos);
  148. if (eos && !tor_strisspace(eos)) {
  149. ok = 0;
  150. } else {
  151. *result_out = result;
  152. }
  153. tor_free(len_str);
  154. return ok ? 1 : -1;
  155. }