1 files changed, 214 insertions, 0 deletions
diff --git a/htp/htp_parsers.c b/htp/htp_parsers.c
new file mode 100644
index 0000000..3f41abb
--- /dev/null
+++ b/htp/htp_parsers.c
@@ -0,0 +1,214 @@
+/***************************************************************************
+ * Copyright (c) 2009-2010 Open Information Security Foundation
+ * Copyright (c) 2010-2013 Qualys, Inc.
+ * All rights reserved.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are
+ * met:
+ * 
+ * - Redistributions of source code must retain the above copyright
+ *   notice, this list of conditions and the following disclaimer.
+
+ * - Redistributions in binary form must reproduce the above copyright
+ *   notice, this list of conditions and the following disclaimer in the
+ *   documentation and/or other materials provided with the distribution.
+
+ * - Neither the name of the Qualys, Inc. nor the names of its
+ *   contributors may be used to endorse or promote products derived from
+ *   this software without specific prior written permission.
+ * 
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ ***************************************************************************/
+
+/**
+ * @file
+ * @author Ivan Ristic <ivanr@webkreator.com>
+ */
+
+#include "htp_config_auto.h"
+
+#include "htp_private.h"
+
+/**
+ * Determines protocol number from a textual representation (i.e., "HTTP/1.1"). This
+ * function will only understand a properly formatted protocol information. It does
+ * not try to be flexible.
+ * 
+ * @param[in] protocol
+ * @return Protocol version or PROTOCOL_UNKNOWN.
+ */
+int htp_parse_protocol(bstr *protocol) {
+    if (protocol == NULL) return HTP_PROTOCOL_INVALID;
+    
+    // TODO This function uses a very strict approach to parsing, whereas
+    //      browsers will typically be more flexible, allowing whitespace
+    //      before and after the forward slash, as well as allowing leading
+    //      zeroes in the numbers. We should be able to parse such malformed
+    //      content correctly (but emit a warning).
+    if (bstr_len(protocol) == 8) {
+        unsigned char *ptr = bstr_ptr(protocol);
+        if ((ptr[0] == 'H') && (ptr[1] == 'T') && (ptr[2] == 'T') && (ptr[3] == 'P')
+            && (ptr[4] == '/') && (ptr[6] == '.')) {
+            // Check the version numbers
+            if (ptr[5] == '0') {
+                if (ptr[7] == '9') {
+                    return HTP_PROTOCOL_0_9;
+                }
+            } else if (ptr[5] == '1') {
+                if (ptr[7] == '0') {
+                    return HTP_PROTOCOL_1_0;
+                } else if (ptr[7] == '1') {
+                    return HTP_PROTOCOL_1_1;
+                }
+            }
+        }
+    }
+
+    return HTP_PROTOCOL_INVALID;
+}
+
+/**
+ * Determines the numerical value of a response status given as a string.
+ *
+ * @param[in] status
+ * @return Status code on success, or HTP_STATUS_INVALID on error.
+ */
+int htp_parse_status(bstr *status) {
+    int64_t r = htp_parse_positive_integer_whitespace((unsigned char *) bstr_ptr(status), bstr_len(status), 10);
+    if (r >= HTP_VALID_STATUS_MIN && r <= HTP_VALID_STATUS_MAX) {
+        return (int)r;
+    } else {
+        return HTP_STATUS_INVALID;
+    }
+}
+
+/**
+ * Parses Digest Authorization request header.
+ *
+ * @param[in] connp
+ * @param[in] auth_header
+ */
+int htp_parse_authorization_digest(htp_connp_t *connp, htp_header_t *auth_header) {    
+    // Extract the username
+    int i = bstr_index_of_c(auth_header->value, "username=");
+    if (i == -1) return HTP_DECLINED;
+
+    unsigned char *data = bstr_ptr(auth_header->value);
+    size_t len = bstr_len(auth_header->value);
+    size_t pos = i + 9;
+
+    // Ignore whitespace
+    while ((pos < len) && (isspace((int) data[pos]))) pos++;   
+    if (pos == len) return HTP_DECLINED;
+
+    if (data[pos] != '"') return HTP_DECLINED;
+
+    return htp_extract_quoted_string_as_bstr(data + pos, len - pos, &(connp->in_tx->request_auth_username), NULL);
+}
+
+/**
+ * Parses Basic Authorization request header.
+ * 
+ * @param[in] connp
+ * @param[in] auth_header
+ */
+int htp_parse_authorization_basic(htp_connp_t *connp, htp_header_t *auth_header) {
+    unsigned char *data = bstr_ptr(auth_header->value);
+    size_t len = bstr_len(auth_header->value);
+    size_t pos = 5;
+
+    // Ignore whitespace
+    while ((pos < len) && (isspace((int) data[pos]))) pos++;
+    if (pos == len) return HTP_DECLINED;
+
+    // Decode base64-encoded data
+    bstr *decoded = htp_base64_decode_mem(data + pos, len - pos);
+    if (decoded == NULL) return HTP_ERROR;
+
+    // Now extract the username and password
+    int i = bstr_index_of_c(decoded, ":");
+    if (i == -1) {
+        bstr_free(decoded);    
+        return HTP_DECLINED;
+    }
+
+    connp->in_tx->request_auth_username = bstr_dup_ex(decoded, 0, i);
+    if (connp->in_tx->request_auth_username == NULL) {
+        bstr_free(decoded);
+        return HTP_ERROR;
+    }
+    
+    connp->in_tx->request_auth_password = bstr_dup_ex(decoded, i + 1, bstr_len(decoded) - i - 1);
+    if (connp->in_tx->request_auth_password == NULL) {
+        bstr_free(decoded);
+        bstr_free(connp->in_tx->request_auth_username);
+        return HTP_ERROR;
+    }
+
+    bstr_free(decoded);
+
+    return HTP_OK;
+}
+
+/**
+ * Parses Bearer Authorization request header.
+ *
+ * @param[in] connp
+ * @param[in] auth_header
+ */
+int htp_parse_authorization_bearer(htp_connp_t *connp, htp_header_t *auth_header) {
+    unsigned char *data = bstr_ptr(auth_header->value);
+    size_t len = bstr_len(auth_header->value);
+    size_t pos = 6;
+
+    // Ignore whitespace
+    while ((pos < len) && (isspace((int) data[pos]))) pos++;
+    if (pos == len) return HTP_DECLINED;
+
+    // There is nothing much else to check with Bearer auth so we just return
+    return HTP_OK;
+}
+/**
+ * Parses Authorization request header.
+ *
+ * @param[in] connp
+ */
+int htp_parse_authorization(htp_connp_t *connp) {
+    htp_header_t *auth_header = htp_table_get_c(connp->in_tx->request_headers, "authorization");
+    if (auth_header == NULL) {
+        connp->in_tx->request_auth_type = HTP_AUTH_NONE;
+        return HTP_OK;
+    }
+
+    // TODO Need a flag to raise when failing to parse authentication headers.
+
+    if (bstr_begins_with_c_nocase(auth_header->value, "basic")) {
+        // Basic authentication
+        connp->in_tx->request_auth_type = HTP_AUTH_BASIC;
+        return htp_parse_authorization_basic(connp, auth_header);
+    } else if (bstr_begins_with_c_nocase(auth_header->value, "digest")) {
+        // Digest authentication
+        connp->in_tx->request_auth_type = HTP_AUTH_DIGEST;
+        return htp_parse_authorization_digest(connp, auth_header);
+    } else if (bstr_begins_with_c_nocase(auth_header->value, "bearer")) {
+        // OAuth Bearer authentication
+        connp->in_tx->request_auth_type = HTP_AUTH_BEARER;
+        return htp_parse_authorization_bearer(connp, auth_header);
+    } else {
+        // Unrecognized authentication method
+        connp->in_tx->request_auth_type = HTP_AUTH_UNRECOGNIZED;        
+    }
+
+    return HTP_OK;
+}