summaryrefslogtreecommitdiffstats
path: root/ncat/http.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--ncat/http.c1633
1 files changed, 1633 insertions, 0 deletions
diff --git a/ncat/http.c b/ncat/http.c
new file mode 100644
index 0000000..1a25988
--- /dev/null
+++ b/ncat/http.c
@@ -0,0 +1,1633 @@
+/***************************************************************************
+ * http.c -- HTTP network interaction, parsing, and construction. *
+ ***********************IMPORTANT NMAP LICENSE TERMS************************
+ *
+ * The Nmap Security Scanner is (C) 1996-2023 Nmap Software LLC ("The Nmap
+ * Project"). Nmap is also a registered trademark of the Nmap Project.
+ *
+ * This program is distributed under the terms of the Nmap Public Source
+ * License (NPSL). The exact license text applying to a particular Nmap
+ * release or source code control revision is contained in the LICENSE
+ * file distributed with that version of Nmap or source code control
+ * revision. More Nmap copyright/legal information is available from
+ * https://nmap.org/book/man-legal.html, and further information on the
+ * NPSL license itself can be found at https://nmap.org/npsl/ . This
+ * header summarizes some key points from the Nmap license, but is no
+ * substitute for the actual license text.
+ *
+ * Nmap is generally free for end users to download and use themselves,
+ * including commercial use. It is available from https://nmap.org.
+ *
+ * The Nmap license generally prohibits companies from using and
+ * redistributing Nmap in commercial products, but we sell a special Nmap
+ * OEM Edition with a more permissive license and special features for
+ * this purpose. See https://nmap.org/oem/
+ *
+ * If you have received a written Nmap license agreement or contract
+ * stating terms other than these (such as an Nmap OEM license), you may
+ * choose to use and redistribute Nmap under those terms instead.
+ *
+ * The official Nmap Windows builds include the Npcap software
+ * (https://npcap.com) for packet capture and transmission. It is under
+ * separate license terms which forbid redistribution without special
+ * permission. So the official Nmap Windows builds may not be redistributed
+ * without special permission (such as an Nmap OEM license).
+ *
+ * Source is provided to this software because we believe users have a
+ * right to know exactly what a program is going to do before they run it.
+ * This also allows you to audit the software for security holes.
+ *
+ * Source code also allows you to port Nmap to new platforms, fix bugs, and add
+ * new features. You are highly encouraged to submit your changes as a Github PR
+ * or by email to the dev@nmap.org mailing list for possible incorporation into
+ * the main distribution. Unless you specify otherwise, it is understood that
+ * you are offering us very broad rights to use your submissions as described in
+ * the Nmap Public Source License Contributor Agreement. This is important
+ * because we fund the project by selling licenses with various terms, and also
+ * because the inability to relicense code has caused devastating problems for
+ * other Free Software projects (such as KDE and NASM).
+ *
+ * The free version of Nmap is distributed in the hope that it will be
+ * useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Warranties,
+ * indemnification and commercial support are all available through the
+ * Npcap OEM program--see https://nmap.org/oem/
+ *
+ ***************************************************************************/
+
+/* $Id$ */
+
+#include <string.h>
+
+#include "base64.h"
+#include "ncat.h"
+#include "http.h"
+
+/* Limit the size of in-memory data structures to avoid certain denial of
+ service attacks (those trying to consume all available memory). */
+static const int MAX_REQUEST_LINE_LENGTH = 1024;
+static const int MAX_STATUS_LINE_LENGTH = 1024;
+static const int MAX_HEADER_LENGTH = 1024 * 10;
+
+void socket_buffer_init(struct socket_buffer *buf, int sd)
+{
+ buf->fdn.fd = sd;
+#ifdef HAVE_OPENSSL
+ buf->fdn.ssl = NULL;
+#endif
+ buf->p = buf->buffer;
+ buf->end = buf->p;
+}
+
+/* Read from a stateful socket buffer. If there is any data in the buffer it is
+ returned, otherwise data is read with recv. Return value is as for recv. */
+int socket_buffer_read(struct socket_buffer *buf, char *out, size_t size)
+{
+ int i;
+
+ /* Refill the buffer if necessary. */
+ if (buf->p >= buf->end) {
+ buf->p = buf->buffer;
+ do {
+ errno = 0;
+ i = fdinfo_recv(&buf->fdn, buf->buffer, sizeof(buf->buffer));
+ } while (i == -1 && errno == EINTR);
+ if (i <= 0)
+ return i;
+ buf->end = buf->buffer + i;
+ }
+ i = buf->end - buf->p;
+ if (i > size)
+ i = size;
+ memcpy(out, buf->p, i);
+ buf->p += i;
+
+ return i;
+}
+
+/* Read a line thorough a stateful socket buffer. The line, including its '\n',
+ is returned in a dynamically allocated buffer. The length of the line is
+ returned in *n. If the length of the line exceeds maxlen, then NULL is
+ returned and *n is greater than or equal to maxlen. On error, NULL is
+ returned and *n is less than maxlen. The returned buffer is always
+ null-terminated if the return value is not NULL. */
+char *socket_buffer_readline(struct socket_buffer *buf, size_t *n, size_t maxlen)
+{
+ char *line;
+ char *newline;
+ size_t count;
+
+ line = NULL;
+ *n = 0;
+
+ do {
+ /* Refill the buffer if necessary. */
+ if (buf->p >= buf->end) {
+ int i;
+
+ buf->p = buf->buffer;
+ do {
+ errno = 0;
+ i = fdinfo_recv(&buf->fdn, buf->buffer, sizeof(buf->buffer));
+ } while (i == -1 && errno == EINTR);
+ if (i <= 0) {
+ free(line);
+ return NULL;
+ }
+ buf->end = buf->buffer + i;
+ }
+
+ newline = (char *) memchr(buf->p, '\n', buf->end - buf->p);
+ if (newline == NULL)
+ count = buf->end - buf->p;
+ else
+ count = newline + 1 - buf->p;
+
+ if (*n + count >= maxlen) {
+ /* Line exceeds our maximum length. */
+ free(line);
+ *n += count;
+ return NULL;
+ }
+
+ line = (char *) safe_realloc(line, *n + count + 1);
+ memcpy(line + *n, buf->p, count);
+ *n += count;
+ buf->p += count;
+ } while (newline == NULL);
+
+ line[*n] = '\0';
+
+ return line;
+}
+
+/* This is like socket_buffer_read, except that it blocks until it can read all
+ size bytes. If fewer than size bytes are available, it reads them and returns
+ -1. */
+int socket_buffer_readcount(struct socket_buffer *buf, char *out, size_t size)
+{
+ size_t n = 0;
+ int i;
+
+ while (n < size) {
+ /* Refill the buffer if necessary. */
+ if (buf->p >= buf->end) {
+ buf->p = buf->buffer;
+ do {
+ errno = 0;
+ i = fdinfo_recv(&buf->fdn, buf->buffer, sizeof(buf->buffer));
+ } while (i == -1 && errno == EINTR);
+ if (i <= 0)
+ return -1;
+ buf->end = buf->buffer + i;
+ }
+ i = buf->end - buf->p;
+ if (i < size - n) {
+ memcpy(out + n, buf->p, i);
+ buf->p += i;
+ n += i;
+ } else {
+ memcpy(out + n, buf->p, size - n);
+ buf->p += size - n;
+ n += size - n;
+ }
+ }
+
+ return n;
+}
+
+/* Get whatever is left in the buffer. */
+char *socket_buffer_remainder(struct socket_buffer *buf, size_t *len)
+{
+ if (len != NULL)
+ *len = buf->end - buf->p;
+
+ return buf->p;
+}
+
+/* The URI functions have a test program in test/test-uri.c. Run the test after
+ making any changes and add tests for any new functions. */
+
+void uri_init(struct uri *uri)
+{
+ uri->scheme = NULL;
+ uri->host = NULL;
+ uri->port = -1;
+ uri->path = NULL;
+}
+
+void uri_free(struct uri *uri)
+{
+ free(uri->scheme);
+ free(uri->host);
+ free(uri->path);
+}
+
+static int hex_digit_value(char digit)
+{
+ const char *DIGITS = "0123456789abcdef";
+ const char *p;
+
+ if ((unsigned char) digit == '\0')
+ return -1;
+ p = strchr(DIGITS, tolower((int) (unsigned char) digit));
+ if (p == NULL)
+ return -1;
+
+ return p - DIGITS;
+}
+
+/* Case-insensitive string comparison. */
+static int str_cmp_i(const char *a, const char *b)
+{
+ while (*a != '\0' && *b != '\0') {
+ int ca, cb;
+
+ ca = tolower((int) (unsigned char) *a);
+ cb = tolower((int) (unsigned char) *b);
+ if (ca != cb)
+ return ca - cb;
+ a++;
+ b++;
+ }
+
+ if (*a == '\0' && *b == '\0')
+ return 0;
+ else if (*a == '\0')
+ return -1;
+ else
+ return 1;
+}
+
+static int str_equal_i(const char *a, const char *b)
+{
+ return str_cmp_i(a, b) == 0;
+}
+
+static int lowercase(char *s)
+{
+ char *p;
+
+ for (p = s; *p != '\0'; p++)
+ *p = tolower((int) (unsigned char) *p);
+
+ return p - s;
+}
+
+/* In-place percent decoding. */
+static int percent_decode(char *s)
+{
+ char *p, *q;
+
+ /* Skip to the first '%'. If there are no percent escapes, this lets us
+ return without doing any copying. */
+ q = s;
+ while (*q != '\0' && *q != '%')
+ q++;
+
+ p = q;
+ while (*q != '\0') {
+ if (*q == '%') {
+ int c, d;
+
+ q++;
+ c = hex_digit_value(*q);
+ if (c == -1)
+ return -1;
+ q++;
+ d = hex_digit_value(*q);
+ if (d == -1)
+ return -1;
+
+ *p++ = c * 16 + d;
+ q++;
+ } else {
+ *p++ = *q++;
+ }
+ }
+ *p = '\0';
+
+ return p - s;
+}
+
+/* Use these functions because isalpha and isdigit can change their meaning
+ based on the locale. */
+static int is_alpha_char(int c)
+{
+ return c != '\0' && strchr("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ", c) != NULL;
+}
+
+static int is_digit_char(int c)
+{
+ return c != '\0' && strchr("0123456789", c) != NULL;
+}
+
+/* Get the default port for the given URI scheme, or -1 if unrecognized. */
+static int scheme_default_port(const char *scheme)
+{
+ if (str_equal_i(scheme, "http"))
+ return 80;
+
+ return -1;
+}
+
+/* Parse a URI string into a struct URI. Any parts of the URI that are absent
+ will become NULL entries in the structure, except for the port which will be
+ -1. Returns NULL on error. See RFC 3986, section 3 for syntax. */
+struct uri *uri_parse(struct uri *uri, const char *uri_s)
+{
+ const char *p, *q;
+
+ uri_init(uri);
+
+ /* Scheme, section 3.1. */
+ p = uri_s;
+ if (!is_alpha_char(*p))
+ goto fail;
+ for (q = p; is_alpha_char(*q) || is_digit_char(*q) || *q == '+' || *q == '-' || *q == '.'; q++)
+ ;
+ if (*q != ':')
+ goto fail;
+ uri->scheme = mkstr(p, q);
+ /* "An implementation should accept uppercase letters as equivalent to
+ lowercase in scheme names (e.g., allow "HTTP" as well as "http") for the
+ sake of robustness..." */
+ lowercase(uri->scheme);
+
+ /* Authority, section 3.2. */
+ p = q + 1;
+ if (*p == '/' && *(p + 1) == '/') {
+ char *authority = NULL;
+
+ p += 2;
+ for (q = p; !(*q == '/' || *q == '?' || *q == '#' || *q == '\0'); q++)
+ ;
+ authority = mkstr(p, q);
+ if (uri_parse_authority(uri, authority) == NULL) {
+ free(authority);
+ goto fail;
+ }
+ free(authority);
+
+ p = q;
+ }
+ if (uri->port == -1)
+ uri->port = scheme_default_port(uri->scheme);
+
+ /* Path, section 3.3. We include the query and fragment in the path. The
+ path is also not percent-decoded because we just pass it on to the origin
+ server. */
+ q = strchr(p, '\0');
+ uri->path = mkstr(p, q);
+
+ return uri;
+
+fail:
+ uri_free(uri);
+ return NULL;
+}
+
+/* Parse the authority part of a URI. userinfo (user name and password) are not
+ supported and will cause an error if present. See RFC 3986, section 3.2.
+ Returns NULL on error. */
+struct uri *uri_parse_authority(struct uri *uri, const char *authority)
+{
+ const char *portsep;
+ const char *host_start, *host_end;
+ const char *tail;
+
+ /* We do not support "user:pass@" userinfo. The proxy has no use for it. */
+ if (strchr(authority, '@') != NULL)
+ return NULL;
+
+ /* Find the beginning and end of the host. */
+ host_start = authority;
+ if (*host_start == '[') {
+ /* IPv6 address in brackets. */
+ host_start++;
+ host_end = strchr(host_start, ']');
+ if (host_end == NULL)
+ return NULL;
+ portsep = host_end + 1;
+ if (!(*portsep == ':' || *portsep == '\0'))
+ return NULL;
+ } else {
+ portsep = strrchr(authority, ':');
+ if (portsep == NULL)
+ portsep = strchr(authority, '\0');
+ host_end = portsep;
+ }
+
+ /* Get the port number. */
+ if (*portsep == ':' && *(portsep + 1) != '\0') {
+ long n;
+
+ errno = 0;
+ n = parse_long(portsep + 1, &tail);
+ if (errno != 0 || *tail != '\0' || tail == portsep + 1 || n < 1 || n > 65535)
+ return NULL;
+ uri->port = n;
+ } else {
+ uri->port = -1;
+ }
+
+ /* Get the host. */
+ uri->host = mkstr(host_start, host_end);
+ if (percent_decode(uri->host) < 0) {
+ free(uri->host);
+ uri->host = NULL;
+ return NULL;
+ }
+
+ return uri;
+}
+
+static void http_header_node_free(struct http_header *node)
+{
+ free(node->name);
+ free(node->value);
+ free(node);
+}
+
+void http_header_free(struct http_header *header)
+{
+ struct http_header *p, *next;
+
+ for (p = header; p != NULL; p = next) {
+ next = p->next;
+ http_header_node_free(p);
+ }
+}
+
+/* RFC 2616, section 2.2; see LWS. */
+static int is_space_char(int c)
+{
+ return c == ' ' || c == '\t';
+}
+
+/* RFC 2616, section 2.2. */
+static int is_ctl_char(int c)
+{
+ return (c >= 0 && c <= 31) || c == 127;
+}
+
+/* RFC 2616, section 2.2. */
+static int is_sep_char(int c)
+{
+ return c != '\0' && strchr("()<>@,;:\\\"/[]?={} \t", c) != NULL;
+}
+
+/* RFC 2616, section 2.2. */
+static int is_token_char(char c)
+{
+ return !iscntrl((int) (unsigned char) c) && !is_sep_char((int) (unsigned char) c);
+}
+
+static int is_crlf(const char *s)
+{
+ return *s == '\n' || (*s == '\r' && *(s + 1) == '\n');
+}
+
+static const char *skip_crlf(const char *s)
+{
+ if (*s == '\n')
+ return s + 1;
+ else if (*s == '\r' && *(s + 1) == '\n')
+ return s + 2;
+
+ ncat_assert(0);
+ return NULL;
+}
+
+static int field_name_equal(const char *a, const char *b)
+{
+ return str_equal_i(a, b);
+}
+
+/* Get the value of every header with the given name, separated by commas. If
+ you only want the first value for header fields that should not be
+ concatenated in this way, use http_header_get_first. The returned string
+ must be freed. */
+char *http_header_get(const struct http_header *header, const char *name)
+{
+ const struct http_header *p;
+ char *buf = NULL;
+ size_t size = 0, offset = 0;
+ int count;
+
+ count = 0;
+ for (p = header; p != NULL; p = p->next) {
+ /* RFC 2616, section 4.2: "Multiple message-header fields with the same
+ field-name MAY be present in a message if and only if the entire
+ field-value for that header field is defined as a comma-separated
+ list [i.e., #(values)]. It MUST be possible to combine the multiple
+ header fields into one "field-name: field-value" pair, without
+ changing the semantics of the message, by appending each subsequent
+ field-value to the first, each separated by a comma." */
+ if (field_name_equal(p->name, name)) {
+ if (count > 0)
+ strbuf_append_str(&buf, &size, &offset, ", ");
+ strbuf_append_str(&buf, &size, &offset, p->value);
+ count++;
+ }
+ }
+
+ return buf;
+}
+
+const struct http_header *http_header_next(const struct http_header *header,
+ const struct http_header *p, const char *name)
+{
+ if (p == NULL)
+ p = header;
+ else
+ p = p->next;
+
+ for (; p != NULL; p = p->next) {
+ if (field_name_equal(p->name, name))
+ return p;
+ }
+
+ return NULL;
+}
+
+/* Get the value of the first header with the given name. The returned string
+ must be freed. */
+char *http_header_get_first(const struct http_header *header, const char *name)
+{
+ const struct http_header *p;
+
+ p = http_header_next(header, NULL, name);
+ if (p != NULL)
+ return Strdup(p->value);
+
+ return NULL;
+}
+
+struct http_header *http_header_set(struct http_header *header, const char *name, const char *value)
+{
+ struct http_header *node, **prev;
+
+ header = http_header_remove(header, name);
+
+ node = (struct http_header *) safe_malloc(sizeof(*node));
+ node->name = Strdup(name);
+ node->value = Strdup(value);
+ node->next = NULL;
+
+ /* Link it to the end of the list. */
+ for (prev = &header; *prev != NULL; prev = &(*prev)->next)
+ ;
+ *prev = node;
+
+ return header;
+}
+
+/* Read a token from a space-separated string. This only recognizes space as a
+ separator, so the string must already have had LWS normalized.
+ http_header_parse does this normalization. */
+static const char *read_token(const char *s, char **token)
+{
+ const char *t;
+
+ while (*s == ' ')
+ s++;
+ t = s;
+ while (is_token_char(*t))
+ t++;
+ if (s == t)
+ return NULL;
+
+ *token = mkstr(s, t);
+
+ return t;
+}
+
+static const char *read_quoted_string(const char *s, char **quoted_string)
+{
+ char *buf = NULL;
+ size_t size = 0, offset = 0;
+ const char *t;
+
+ while (is_space_char(*s))
+ s++;
+ if (*s != '"')
+ return NULL;
+ s++;
+ t = s;
+ while (*s != '"') {
+ /* Get a block of normal characters. */
+ while (*t != '"' && *t != '\\') {
+ /* This is qdtext, which is TEXT except for CTL. */
+ if (is_ctl_char(*t)) {
+ free(buf);
+ return NULL;
+ }
+ t++;
+ }
+ strbuf_append(&buf, &size, &offset, s, t - s);
+ /* Now possibly handle an escape. */
+ if (*t == '\\') {
+ t++;
+ /* You can only escape a CHAR, octets 0-127. But we disallow 0. */
+ if (*t <= 0) {
+ free(buf);
+ return NULL;
+ }
+ strbuf_append(&buf, &size, &offset, t, 1);
+ t++;
+ }
+ s = t;
+ }
+ s++;
+
+ *quoted_string = buf;
+ return s;
+}
+
+static const char *read_token_or_quoted_string(const char *s, char **token)
+{
+ while (is_space_char(*s))
+ s++;
+ if (*s == '"')
+ return read_quoted_string(s, token);
+ else
+ return read_token(s, token);
+}
+
+static const char *read_token_list(const char *s, char **tokens[], size_t *n)
+{
+ char *token;
+
+ *tokens = NULL;
+ *n = 0;
+
+ for (;;) {
+ s = read_token(s, &token);
+ if (s == NULL) {
+ int i;
+
+ for (i = 0; i < *n; i++)
+ free((*tokens)[i]);
+ free(*tokens);
+
+ return NULL;
+ }
+
+ *tokens = (char **) safe_realloc(*tokens, (*n + 1) * sizeof((*tokens)[0]));
+ (*tokens)[(*n)++] = token;
+ if (*s != ',')
+ break;
+ s++;
+ }
+
+ return s;
+}
+
+struct http_header *http_header_remove(struct http_header *header, const char *name)
+{
+ struct http_header *p, *next, **prev;
+
+ prev = &header;
+ for (p = header; p != NULL; p = next) {
+ next = p->next;
+ if (field_name_equal(p->name, name)) {
+ *prev = next;
+ http_header_node_free(p);
+ continue;
+ }
+ prev = &p->next;
+ }
+
+ return header;
+}
+
+/* Removes hop-by-hop headers listed in section 13.5.1 of RFC 2616, and
+ additionally removes any headers listed in the Connection header as described
+ in section 14.10. */
+int http_header_remove_hop_by_hop(struct http_header **header)
+{
+ static const char *HOP_BY_HOP_HEADERS[] = {
+ "Connection",
+ "Keep-Alive",
+ "Proxy-Authenticate",
+ "Proxy-Authorization",
+ "TE",
+ "Trailers",
+ "Transfer-Encoding",
+ "Upgrade",
+ };
+ char *connection;
+ char **connection_tokens;
+ size_t num_connection_tokens;
+ unsigned int i;
+
+ connection = http_header_get(*header, "Connection");
+ if (connection != NULL) {
+ const char *p;
+
+ p = read_token_list(connection, &connection_tokens, &num_connection_tokens);
+ if (p == NULL) {
+ free(connection);
+ return 400;
+ }
+ if (*p != '\0') {
+ free(connection);
+ for (i = 0; i < num_connection_tokens; i++)
+ free(connection_tokens[i]);
+ free(connection_tokens);
+ return 400;
+ }
+ free(connection);
+ } else {
+ connection_tokens = NULL;
+ num_connection_tokens = 0;
+ }
+
+ for (i = 0; i < sizeof(HOP_BY_HOP_HEADERS) / sizeof(HOP_BY_HOP_HEADERS[0]); i++)
+ *header = http_header_remove(*header, HOP_BY_HOP_HEADERS[i]);
+ for (i = 0; i < num_connection_tokens; i++)
+ *header = http_header_remove(*header, connection_tokens[i]);
+
+ for (i = 0; i < num_connection_tokens; i++)
+ free(connection_tokens[i]);
+ free(connection_tokens);
+
+ return 0;
+}
+
+char *http_header_to_string(const struct http_header *header, size_t *n)
+{
+ const struct http_header *p;
+ char *buf = NULL;
+ size_t size = 0, offset = 0;
+
+ strbuf_append_str(&buf, &size, &offset, "");
+
+ for (p = header; p != NULL; p = p->next)
+ strbuf_sprintf(&buf, &size, &offset, "%s: %s\r\n", p->name, p->value);
+
+ if (n != NULL)
+ *n = offset;
+
+ return buf;
+}
+
+void http_request_init(struct http_request *request)
+{
+ request->method = NULL;
+ uri_init(&request->uri);
+ request->version = HTTP_UNKNOWN;
+ request->header = NULL;
+ request->content_length_set = 0;
+ request->content_length = 0;
+ request->bytes_transferred = 0;
+}
+
+void http_request_free(struct http_request *request)
+{
+ free(request->method);
+ uri_free(&request->uri);
+ http_header_free(request->header);
+}
+
+char *http_request_to_string(const struct http_request *request, size_t *n)
+{
+ const char *path;
+ char *buf = NULL;
+ size_t size = 0, offset = 0;
+
+ /* RFC 2616, section 5.1.2: "the absolute path cannot be empty; if none is
+ present in the original URI, it MUST be given as "/" (the server
+ root)." */
+ path = request->uri.path;
+ if (path[0] == '\0')
+ path = "/";
+
+ if (request->version == HTTP_09) {
+ /* HTTP/0.9 doesn't have headers. See
+ http://www.w3.org/Protocols/HTTP/AsImplemented.html. */
+ strbuf_sprintf(&buf, &size, &offset, "%s %s\r\n", request->method, path);
+ } else {
+ const char *version;
+ char *header_str;
+
+ if (request->version == HTTP_10)
+ version = " HTTP/1.0";
+ else
+ version = " HTTP/1.1";
+
+ header_str = http_header_to_string(request->header, NULL);
+ strbuf_sprintf(&buf, &size, &offset, "%s %s%s\r\n%s\r\n",
+ request->method, path, version, header_str);
+ free(header_str);
+ }
+
+ if (n != NULL)
+ *n = offset;
+
+ return buf;
+}
+
+void http_response_init(struct http_response *response)
+{
+ response->version = HTTP_UNKNOWN;
+ response->code = 0;
+ response->phrase = NULL;
+ response->header = NULL;
+ response->content_length_set = 0;
+ response->content_length = 0;
+ response->bytes_transferred = 0;
+}
+
+void http_response_free(struct http_response *response)
+{
+ free(response->phrase);
+ http_header_free(response->header);
+}
+
+char *http_response_to_string(const struct http_response *response, size_t *n)
+{
+ char *buf = NULL;
+ size_t size = 0, offset = 0;
+
+ if (response->version == HTTP_09) {
+ /* HTTP/0.9 doesn't have a Status-Line or headers. See
+ http://www.w3.org/Protocols/HTTP/AsImplemented.html. */
+ return Strdup("");
+ } else {
+ const char *version;
+ char *header_str;
+
+ if (response->version == HTTP_10)
+ version = "HTTP/1.0";
+ else
+ version = "HTTP/1.1";
+
+ header_str = http_header_to_string(response->header, NULL);
+ strbuf_sprintf(&buf, &size, &offset, "%s %d %s\r\n%s\r\n",
+ version, response->code, response->phrase, header_str);
+ free(header_str);
+ }
+
+ if (n != NULL)
+ *n = offset;
+
+ return buf;
+}
+
+int http_read_header(struct socket_buffer *buf, char **result)
+{
+ char *line = NULL;
+ char *header;
+ size_t n = 0;
+ size_t count;
+ int blank;
+
+ header = NULL;
+
+ do {
+ line = socket_buffer_readline(buf, &count, MAX_HEADER_LENGTH);
+ if (line == NULL) {
+ free(header);
+ if (count >= MAX_HEADER_LENGTH)
+ /* Request Entity Too Large. */
+ return 413;
+ else
+ return 400;
+ }
+ blank = is_crlf(line);
+
+ if (n + count >= MAX_HEADER_LENGTH) {
+ free(line);
+ free(header);
+ /* Request Entity Too Large. */
+ return 413;
+ }
+
+ header = (char *) safe_realloc(header, n + count + 1);
+ memcpy(header + n, line, count);
+ n += count;
+ free(line);
+ } while (!blank);
+ header[n] = '\0';
+
+ *result = header;
+
+ return 0;
+}
+
+static const char *skip_lws(const char *s)
+{
+ for (;;) {
+ while (is_space_char(*s))
+ s++;
+
+ if (*s == '\n' && is_space_char(*(s + 1)))
+ s += 1;
+ else if (*s == '\r' && *(s + 1) == '\n' && is_space_char(*(s + 2)))
+ s += 2;
+ else
+ break;
+ }
+
+ return s;
+}
+
+/* See section 4.2 of RFC 2616 for header format. */
+int http_parse_header(struct http_header **result, const char *header)
+{
+ const char *p, *q;
+ size_t value_len, value_offset;
+ struct http_header *node, **prev;
+
+ *result = NULL;
+ prev = result;
+
+ p = header;
+ while (*p != '\0' && !is_crlf(p)) {
+ /* Get the field name. */
+ q = p;
+ while (*q != '\0' && is_token_char(*q))
+ q++;
+ if (*q != ':') {
+ http_header_free(*result);
+ return 400;
+ }
+
+ node = (struct http_header *) safe_malloc(sizeof(*node));
+ node->name = mkstr(p, q);
+ node->value = NULL;
+ node->next = NULL;
+ value_len = 0;
+ value_offset = 0;
+
+ /* Copy the header field value until we hit a CRLF. */
+ p = q + 1;
+ p = skip_lws(p);
+ for (;;) {
+ q = p;
+ while (*q != '\0' && !is_space_char(*q) && !is_crlf(q)) {
+ /* Section 2.2 of RFC 2616 disallows control characters. */
+ if (iscntrl((int) (unsigned char) *q)) {
+ http_header_node_free(node);
+ return 400;
+ }
+ q++;
+ }
+ strbuf_append(&node->value, &value_len, &value_offset, p, q - p);
+ p = skip_lws(q);
+ if (is_crlf(p))
+ break;
+ /* Replace LWS with a single space. */
+ strbuf_append_str(&node->value, &value_len, &value_offset, " ");
+ }
+ *prev = node;
+ prev = &node->next;
+
+ p = skip_crlf(p);
+ }
+
+ return 0;
+}
+
+static int http_header_get_content_length(const struct http_header *header, int *content_length_set, unsigned long *content_length)
+{
+ char *content_length_s;
+ const char *tail;
+ int code;
+
+ content_length_s = http_header_get_first(header, "Content-Length");
+ if (content_length_s == NULL) {
+ *content_length_set = 0;
+ *content_length = 0;
+ return 0;
+ }
+
+ code = 0;
+
+ errno = 0;
+ *content_length_set = 1;
+ *content_length = parse_long(content_length_s, &tail);
+ if (errno != 0 || *tail != '\0' || tail == content_length_s)
+ code = 400;
+ free(content_length_s);
+
+ return code;
+}
+
+/* Parse a header and fill in any relevant fields in the request structure. */
+int http_request_parse_header(struct http_request *request, const char *header)
+{
+ int code;
+
+ code = http_parse_header(&request->header, header);
+ if (code != 0)
+ return code;
+ code = http_header_get_content_length(request->header, &request->content_length_set, &request->content_length);
+ if (code != 0)
+ return code;
+
+ return 0;
+}
+
+/* Parse a header and fill in any relevant fields in the response structure. */
+int http_response_parse_header(struct http_response *response, const char *header)
+{
+ int code;
+
+ code = http_parse_header(&response->header, header);
+ if (code != 0)
+ return code;
+ code = http_header_get_content_length(response->header, &response->content_length_set, &response->content_length);
+ if (code != 0)
+ return code;
+
+ return 0;
+}
+
+int http_read_request_line(struct socket_buffer *buf, char **line)
+{
+ size_t n;
+
+ *line = NULL;
+
+ /* Section 4.1 of RFC 2616 says "servers SHOULD ignore any empty line(s)
+ received where a Request-Line is expected." */
+ do {
+ free(*line);
+ *line = socket_buffer_readline(buf, &n, MAX_REQUEST_LINE_LENGTH);
+ if (*line == NULL) {
+ if (n >= MAX_REQUEST_LINE_LENGTH)
+ /* Request Entity Too Large. */
+ return 413;
+ else
+ return 400;
+ }
+ } while (is_crlf(*line));
+
+ return 0;
+}
+
+/* Returns the character pointer after the HTTP version, or s if there was a
+ parse error. */
+static const char *parse_http_version(const char *s, enum http_version *version)
+{
+ const char *PREFIX = "HTTP/";
+ const char *p, *q;
+ long major, minor;
+
+ *version = HTTP_UNKNOWN;
+
+ p = s;
+ if (memcmp(p, PREFIX, strlen(PREFIX)) != 0)
+ return s;
+ p += strlen(PREFIX);
+
+ /* Major version. */
+ errno = 0;
+ major = parse_long(p, &q);
+ if (errno != 0 || q == p)
+ return s;
+
+ p = q;
+ if (*p != '.')
+ return s;
+ p++;
+
+ /* Minor version. */
+ errno = 0;
+ minor = parse_long(p, &q);
+ if (errno != 0 || q == p)
+ return s;
+
+ if (major == 1 && minor == 0)
+ *version = HTTP_10;
+ else if (major == 1 && minor == 1)
+ *version = HTTP_11;
+
+ return q;
+}
+
+int http_parse_request_line(const char *line, struct http_request *request)
+{
+ const char *p, *q;
+ struct uri *uri;
+ char *uri_s;
+
+ http_request_init(request);
+
+ p = line;
+ while (*p == ' ')
+ p++;
+
+ /* Method (CONNECT, GET, etc.). */
+ q = p;
+ while (is_token_char(*q))
+ q++;
+ if (p == q)
+ goto badreq;
+ request->method = mkstr(p, q);
+
+ /* URI. */
+ p = q;
+ while (*p == ' ')
+ p++;
+ q = p;
+ while (*q != '\0' && *q != ' ')
+ q++;
+ if (p == q)
+ goto badreq;
+ uri_s = mkstr(p, q);
+
+ /* RFC 2616, section 5.1.1: The method is case-sensitive.
+ RFC 2616, section 5.1.2:
+ Request-URI = "*" | absoluteURI | abs_path | authority
+ The absoluteURI form is REQUIRED when the request is being made to a
+ proxy... The authority form is only used by the CONNECT method. */
+ if (strcmp(request->method, "CONNECT") == 0) {
+ uri = uri_parse_authority(&request->uri, uri_s);
+ } else {
+ uri = uri_parse(&request->uri, uri_s);
+ }
+ free(uri_s);
+ if (uri == NULL)
+ /* The URI parsing failed. */
+ goto badreq;
+
+ /* Version number. */
+ p = q;
+ while (*p == ' ')
+ p++;
+ if (*p == '\0') {
+ /* No HTTP/X.X version number indicates version 0.9. */
+ request->version = HTTP_09;
+ } else {
+ q = parse_http_version(p, &request->version);
+ if (p == q)
+ goto badreq;
+ }
+
+ return 0;
+
+badreq:
+ http_request_free(request);
+ return 400;
+}
+
+int http_read_status_line(struct socket_buffer *buf, char **line)
+{
+ size_t n;
+
+ /* RFC 2616, section 6.1: "The first line of a Response message is the
+ Status-Line... No CR or LF is allowed except in the final CRLF sequence."
+ Contrast that with Request-Line, which allows leading blank lines. */
+ *line = socket_buffer_readline(buf, &n, MAX_STATUS_LINE_LENGTH);
+ if (*line == NULL) {
+ if (n >= MAX_STATUS_LINE_LENGTH)
+ /* Request Entity Too Large. */
+ return 413;
+ else
+ return 400;
+ }
+
+ return 0;
+}
+
+/* Returns 0 on success and nonzero on failure. */
+int http_parse_status_line(const char *line, struct http_response *response)
+{
+ const char *p, *q;
+
+ http_response_init(response);
+
+ /* Version. */
+ p = parse_http_version(line, &response->version);
+ if (p == line)
+ return -1;
+ while (*p == ' ')
+ p++;
+
+ /* Status code. */
+ errno = 0;
+ response->code = parse_long(p, &q);
+ if (errno != 0 || q == p)
+ return -1;
+ p = q;
+
+ /* Reason phrase. */
+ while (*p == ' ')
+ p++;
+ q = p;
+ while (!is_crlf(q))
+ q++;
+ /* We expect that the CRLF ends the string. */
+ if (*skip_crlf(q) != '\0')
+ return -1;
+ response->phrase = mkstr(p, q);
+
+ return 0;
+}
+
+/* This is a convenience wrapper around http_parse_status_line that only returns
+ the status code. Returns the status code on success or -1 on failure. */
+int http_parse_status_line_code(const char *line)
+{
+ struct http_response resp;
+ int code;
+
+ if (http_parse_status_line(line, &resp) != 0)
+ return -1;
+ code = resp.code;
+ http_response_free(&resp);
+
+ return code;
+}
+
+static const char *http_read_challenge(const char *s, struct http_challenge *challenge)
+{
+ const char *p;
+ char *scheme;
+
+ http_challenge_init(challenge);
+
+ scheme = NULL;
+ s = read_token(s, &scheme);
+ if (s == NULL)
+ goto bail;
+ if (str_equal_i(scheme, "Basic")) {
+ challenge->scheme = AUTH_BASIC;
+ } else if (str_equal_i(scheme, "Digest")) {
+ challenge->scheme = AUTH_DIGEST;
+ } else {
+ challenge->scheme = AUTH_UNKNOWN;
+ }
+ free(scheme);
+ scheme = NULL;
+
+ /* RFC 2617, section 1.2, requires at least one auth-param:
+ challenge = auth-scheme 1*SP 1#auth-param
+ But there are some schemes (NTLM and Negotiate) that can be without
+ auth-params, so we allow that here. A comma indicates the end of this
+ challenge and the beginning of the next (see the comment in the loop
+ below). */
+ while (is_space_char(*s))
+ s++;
+ if (*s == ',') {
+ s++;
+ while (is_space_char(*s))
+ s++;
+ if (*s == '\0')
+ goto bail;
+ return s;
+ }
+
+ while (*s != '\0') {
+ char *name, *value;
+
+ p = read_token(s, &name);
+ if (p == NULL)
+ goto bail;
+ while (is_space_char(*p))
+ p++;
+ /* It's possible that we've hit the end of one challenge and the
+ beginning of another. Section 14.33 says that the header value can be
+ 1#challenge, in other words several challenges separated by commas.
+ Because the auth-params are also separated by commas, the only way we
+ can tell is if we find a token not followed by an equals sign. */
+ if (*p != '=')
+ break;
+ p++;
+ while (is_space_char(*p))
+ p++;
+ p = read_token_or_quoted_string(p, &value);
+ if (p == NULL) {
+ free(name);
+ goto bail;
+ }
+ if (str_equal_i(name, "realm"))
+ challenge->realm = Strdup(value);
+ else if (challenge->scheme == AUTH_DIGEST) {
+ if (str_equal_i(name, "nonce")) {
+ if (challenge->digest.nonce != NULL)
+ goto bail;
+ challenge->digest.nonce = Strdup(value);
+ } else if (str_equal_i(name, "opaque")) {
+ if (challenge->digest.opaque != NULL)
+ goto bail;
+ challenge->digest.opaque = Strdup(value);
+ } else if (str_equal_i(name, "algorithm")) {
+ if (str_equal_i(value, "MD5"))
+ challenge->digest.algorithm = ALGORITHM_MD5;
+ else
+ challenge->digest.algorithm = ALGORITHM_UNKNOWN;
+ } else if (str_equal_i(name, "qop")) {
+ char **tokens;
+ size_t n;
+ int i;
+ const char *tmp;
+
+ tmp = read_token_list(value, &tokens, &n);
+ if (tmp == NULL) {
+ free(name);
+ free(value);
+ goto bail;
+ }
+ for (i = 0; i < n; i++) {
+ if (str_equal_i(tokens[i], "auth"))
+ challenge->digest.qop |= QOP_AUTH;
+ else if (str_equal_i(tokens[i], "auth-int"))
+ challenge->digest.qop |= QOP_AUTH_INT;
+ }
+ for (i = 0; i < n; i++)
+ free(tokens[i]);
+ free(tokens);
+ if (*tmp != '\0') {
+ free(name);
+ free(value);
+ goto bail;
+ }
+ }
+ }
+ free(name);
+ free(value);
+ while (is_space_char(*p))
+ p++;
+ if (*p == ',') {
+ p++;
+ while (is_space_char(*p))
+ p++;
+ if (*p == '\0')
+ goto bail;
+ }
+ s = p;
+ }
+
+ return s;
+
+bail:
+ if (scheme != NULL)
+ free(scheme);
+ http_challenge_free(challenge);
+
+ return NULL;
+}
+
+static const char *http_read_credentials(const char *s,
+ struct http_credentials *credentials)
+{
+ const char *p;
+ char *scheme;
+
+ credentials->scheme = AUTH_UNKNOWN;
+
+ s = read_token(s, &scheme);
+ if (s == NULL)
+ return NULL;
+ if (str_equal_i(scheme, "Basic")) {
+ http_credentials_init_basic(credentials);
+ } else if (str_equal_i(scheme, "Digest")) {
+ http_credentials_init_digest(credentials);
+ } else {
+ free(scheme);
+ return NULL;
+ }
+ free(scheme);
+
+ while (is_space_char(*s))
+ s++;
+ if (credentials->scheme == AUTH_BASIC) {
+ p = s;
+ /* Read base64. */
+ while (is_alpha_char(*p) || is_digit_char(*p) || *p == '+' || *p == '/' || *p == '=')
+ p++;
+ credentials->u.basic = mkstr(s, p);
+ while (is_space_char(*p))
+ p++;
+ s = p;
+ } else if (credentials->scheme == AUTH_DIGEST) {
+ char *name, *value;
+
+ while (*s != '\0') {
+ p = read_token(s, &name);
+ if (p == NULL)
+ goto bail;
+ while (is_space_char(*p))
+ p++;
+ /* It's not legal to combine multiple Authorization or
+ Proxy-Authorization values. The productions are
+ "Authorization" ":" credentials (section 14.8)
+ "Proxy-Authorization" ":" credentials (section 14.34)
+ Contrast this with WWW-Authenticate and Proxy-Authenticate and
+ their handling in http_read_challenge. */
+ if (*p != '=')
+ goto bail;
+ p++;
+ while (is_space_char(*p))
+ p++;
+ p = read_token_or_quoted_string(p, &value);
+ if (p == NULL) {
+ free(name);
+ goto bail;
+ }
+ if (str_equal_i(name, "username")) {
+ if (credentials->u.digest.username != NULL)
+ goto bail;
+ credentials->u.digest.username = Strdup(value);
+ } else if (str_equal_i(name, "realm")) {
+ if (credentials->u.digest.realm != NULL)
+ goto bail;
+ credentials->u.digest.realm = Strdup(value);
+ } else if (str_equal_i(name, "nonce")) {
+ if (credentials->u.digest.nonce != NULL)
+ goto bail;
+ credentials->u.digest.nonce = Strdup(value);
+ } else if (str_equal_i(name, "uri")) {
+ if (credentials->u.digest.uri != NULL)
+ goto bail;
+ credentials->u.digest.uri = Strdup(value);
+ } else if (str_equal_i(name, "response")) {
+ if (credentials->u.digest.response != NULL)
+ goto bail;
+ credentials->u.digest.response = Strdup(value);
+ } else if (str_equal_i(name, "algorithm")) {
+ if (str_equal_i(value, "MD5"))
+ credentials->u.digest.algorithm = ALGORITHM_MD5;
+ else
+ credentials->u.digest.algorithm = ALGORITHM_UNKNOWN;
+ } else if (str_equal_i(name, "qop")) {
+ if (str_equal_i(value, "auth"))
+ credentials->u.digest.qop = QOP_AUTH;
+ else if (str_equal_i(value, "auth-int"))
+ credentials->u.digest.qop = QOP_AUTH_INT;
+ else
+ credentials->u.digest.qop = QOP_NONE;
+ } else if (str_equal_i(name, "cnonce")) {
+ if (credentials->u.digest.cnonce != NULL)
+ goto bail;
+ credentials->u.digest.cnonce = Strdup(value);
+ } else if (str_equal_i(name, "nc")) {
+ if (credentials->u.digest.nc != NULL)
+ goto bail;
+ credentials->u.digest.nc = Strdup(value);
+ }
+ free(name);
+ free(value);
+ while (is_space_char(*p))
+ p++;
+ if (*p == ',') {
+ p++;
+ while (is_space_char(*p))
+ p++;
+ if (*p == '\0')
+ goto bail;
+ }
+ s = p;
+ }
+ }
+
+ return s;
+
+bail:
+ http_credentials_free(credentials);
+
+ return NULL;
+}
+
+/* Is scheme a preferred over scheme b? We prefer Digest to Basic when Digest is
+ supported. */
+static int auth_scheme_is_better(enum http_auth_scheme a,
+ enum http_auth_scheme b)
+{
+#if HAVE_HTTP_DIGEST
+ if (b == AUTH_DIGEST)
+ return 0;
+ if (b == AUTH_BASIC)
+ return a == AUTH_DIGEST;
+ if (b == AUTH_UNKNOWN)
+ return a == AUTH_BASIC || a == AUTH_DIGEST;
+#else
+ if (b == AUTH_BASIC)
+ return 0;
+ if (b == AUTH_UNKNOWN)
+ return a == AUTH_BASIC;
+#endif
+
+ return 0;
+}
+
+struct http_challenge *http_header_get_proxy_challenge(const struct http_header *header, struct http_challenge *challenge)
+{
+ const struct http_header *p;
+
+ http_challenge_init(challenge);
+
+ p = NULL;
+ while ((p = http_header_next(header, p, "Proxy-Authenticate")) != NULL) {
+ const char *tmp;
+
+ tmp = p->value;
+ while (*tmp != '\0') {
+ struct http_challenge tmp_info;
+
+ tmp = http_read_challenge(tmp, &tmp_info);
+ if (tmp == NULL) {
+ http_challenge_free(challenge);
+ return NULL;
+ }
+ if (auth_scheme_is_better(tmp_info.scheme, challenge->scheme)) {
+ http_challenge_free(challenge);
+ *challenge = tmp_info;
+ } else {
+ http_challenge_free(&tmp_info);
+ }
+ }
+ }
+
+ return challenge;
+}
+
+struct http_credentials *http_header_get_proxy_credentials(const struct http_header *header, struct http_credentials *credentials)
+{
+ const struct http_header *p;
+
+ credentials->scheme = AUTH_UNKNOWN;
+
+ p = NULL;
+ while ((p = http_header_next(header, p, "Proxy-Authorization")) != NULL) {
+ const char *tmp;
+
+ tmp = p->value;
+ while (*tmp != '\0') {
+ struct http_credentials tmp_info;
+
+ tmp = http_read_credentials(tmp, &tmp_info);
+ if (tmp == NULL) {
+ http_credentials_free(credentials);
+ return NULL;
+ }
+ if (auth_scheme_is_better(tmp_info.scheme, credentials->scheme)) {
+ http_credentials_free(credentials);
+ *credentials = tmp_info;
+ } else {
+ http_credentials_free(&tmp_info);
+ }
+ }
+ }
+
+ return credentials;
+}
+
+void http_challenge_init(struct http_challenge *challenge)
+{
+ challenge->scheme = AUTH_UNKNOWN;
+ challenge->realm = NULL;
+ challenge->digest.nonce = NULL;
+ challenge->digest.opaque = NULL;
+ challenge->digest.algorithm = ALGORITHM_MD5;
+ challenge->digest.qop = 0;
+}
+
+void http_challenge_free(struct http_challenge *challenge)
+{
+ free(challenge->realm);
+ if (challenge->scheme == AUTH_DIGEST) {
+ free(challenge->digest.nonce);
+ free(challenge->digest.opaque);
+ }
+}
+
+void http_credentials_init_basic(struct http_credentials *credentials)
+{
+ credentials->scheme = AUTH_BASIC;
+ credentials->u.basic = NULL;
+}
+
+void http_credentials_init_digest(struct http_credentials *credentials)
+{
+ credentials->scheme = AUTH_DIGEST;
+ credentials->u.digest.username = NULL;
+ credentials->u.digest.realm = NULL;
+ credentials->u.digest.nonce = NULL;
+ credentials->u.digest.uri = NULL;
+ credentials->u.digest.response = NULL;
+ credentials->u.digest.algorithm = ALGORITHM_MD5;
+ credentials->u.digest.qop = QOP_NONE;
+ credentials->u.digest.nc = NULL;
+ credentials->u.digest.cnonce = NULL;
+}
+
+void http_credentials_free(struct http_credentials *credentials)
+{
+ if (credentials->scheme == AUTH_BASIC) {
+ free(credentials->u.basic);
+ } else if (credentials->scheme == AUTH_DIGEST) {
+ free(credentials->u.digest.username);
+ free(credentials->u.digest.realm);
+ free(credentials->u.digest.nonce);
+ free(credentials->u.digest.uri);
+ free(credentials->u.digest.response);
+ free(credentials->u.digest.nc);
+ free(credentials->u.digest.cnonce);
+ }
+}