| /* |
| * HTTP/1 protocol analyzer |
| * |
| * Copyright 2000-2017 Willy Tarreau <w@1wt.eu> |
| * |
| * This program is free software; you can redistribute it and/or |
| * modify it under the terms of the GNU General Public License |
| * as published by the Free Software Foundation; either version |
| * 2 of the License, or (at your option) any later version. |
| * |
| */ |
| |
| #include <ctype.h> |
| #include <common/config.h> |
| #include <common/http-hdr.h> |
| |
| #include <proto/channel.h> |
| #include <proto/h1.h> |
| #include <proto/hdr_idx.h> |
| |
| /* It is about twice as fast on recent architectures to lookup a byte in a |
| * table than to perform a boolean AND or OR between two tests. Refer to |
| * RFC2616/RFC5234/RFC7230 for those chars. A token is any ASCII char that is |
| * neither a separator nor a CTL char. An http ver_token is any ASCII which can |
| * be found in an HTTP version, which includes 'H', 'T', 'P', '/', '.' and any |
| * digit. Note: please do not overwrite values in assignment since gcc-2.95 |
| * will not handle them correctly. It's worth noting that chars 128..255 are |
| * nothing, not even control chars. |
| */ |
| const unsigned char h1_char_classes[256] = { |
| [ 0] = H1_FLG_CTL, |
| [ 1] = H1_FLG_CTL, |
| [ 2] = H1_FLG_CTL, |
| [ 3] = H1_FLG_CTL, |
| [ 4] = H1_FLG_CTL, |
| [ 5] = H1_FLG_CTL, |
| [ 6] = H1_FLG_CTL, |
| [ 7] = H1_FLG_CTL, |
| [ 8] = H1_FLG_CTL, |
| [ 9] = H1_FLG_SPHT | H1_FLG_LWS | H1_FLG_SEP | H1_FLG_CTL, |
| [ 10] = H1_FLG_CRLF | H1_FLG_LWS | H1_FLG_CTL, |
| [ 11] = H1_FLG_CTL, |
| [ 12] = H1_FLG_CTL, |
| [ 13] = H1_FLG_CRLF | H1_FLG_LWS | H1_FLG_CTL, |
| [ 14] = H1_FLG_CTL, |
| [ 15] = H1_FLG_CTL, |
| [ 16] = H1_FLG_CTL, |
| [ 17] = H1_FLG_CTL, |
| [ 18] = H1_FLG_CTL, |
| [ 19] = H1_FLG_CTL, |
| [ 20] = H1_FLG_CTL, |
| [ 21] = H1_FLG_CTL, |
| [ 22] = H1_FLG_CTL, |
| [ 23] = H1_FLG_CTL, |
| [ 24] = H1_FLG_CTL, |
| [ 25] = H1_FLG_CTL, |
| [ 26] = H1_FLG_CTL, |
| [ 27] = H1_FLG_CTL, |
| [ 28] = H1_FLG_CTL, |
| [ 29] = H1_FLG_CTL, |
| [ 30] = H1_FLG_CTL, |
| [ 31] = H1_FLG_CTL, |
| [' '] = H1_FLG_SPHT | H1_FLG_LWS | H1_FLG_SEP, |
| ['!'] = H1_FLG_TOK, |
| ['"'] = H1_FLG_SEP, |
| ['#'] = H1_FLG_TOK, |
| ['$'] = H1_FLG_TOK, |
| ['%'] = H1_FLG_TOK, |
| ['&'] = H1_FLG_TOK, |
| [ 39] = H1_FLG_TOK, |
| ['('] = H1_FLG_SEP, |
| [')'] = H1_FLG_SEP, |
| ['*'] = H1_FLG_TOK, |
| ['+'] = H1_FLG_TOK, |
| [','] = H1_FLG_SEP, |
| ['-'] = H1_FLG_TOK, |
| ['.'] = H1_FLG_TOK | H1_FLG_VER, |
| ['/'] = H1_FLG_SEP | H1_FLG_VER, |
| ['0'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| ['1'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| ['2'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| ['3'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| ['4'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| ['5'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| ['6'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| ['7'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| ['8'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| ['9'] = H1_FLG_TOK | H1_FLG_VER | H1_FLG_DIG, |
| [':'] = H1_FLG_SEP, |
| [';'] = H1_FLG_SEP, |
| ['<'] = H1_FLG_SEP, |
| ['='] = H1_FLG_SEP, |
| ['>'] = H1_FLG_SEP, |
| ['?'] = H1_FLG_SEP, |
| ['@'] = H1_FLG_SEP, |
| ['A'] = H1_FLG_TOK, |
| ['B'] = H1_FLG_TOK, |
| ['C'] = H1_FLG_TOK, |
| ['D'] = H1_FLG_TOK, |
| ['E'] = H1_FLG_TOK, |
| ['F'] = H1_FLG_TOK, |
| ['G'] = H1_FLG_TOK, |
| ['H'] = H1_FLG_TOK | H1_FLG_VER, |
| ['I'] = H1_FLG_TOK, |
| ['J'] = H1_FLG_TOK, |
| ['K'] = H1_FLG_TOK, |
| ['L'] = H1_FLG_TOK, |
| ['M'] = H1_FLG_TOK, |
| ['N'] = H1_FLG_TOK, |
| ['O'] = H1_FLG_TOK, |
| ['P'] = H1_FLG_TOK | H1_FLG_VER, |
| ['Q'] = H1_FLG_TOK, |
| ['R'] = H1_FLG_TOK | H1_FLG_VER, |
| ['S'] = H1_FLG_TOK | H1_FLG_VER, |
| ['T'] = H1_FLG_TOK | H1_FLG_VER, |
| ['U'] = H1_FLG_TOK, |
| ['V'] = H1_FLG_TOK, |
| ['W'] = H1_FLG_TOK, |
| ['X'] = H1_FLG_TOK, |
| ['Y'] = H1_FLG_TOK, |
| ['Z'] = H1_FLG_TOK, |
| ['['] = H1_FLG_SEP, |
| [ 92] = H1_FLG_SEP, |
| [']'] = H1_FLG_SEP, |
| ['^'] = H1_FLG_TOK, |
| ['_'] = H1_FLG_TOK, |
| ['`'] = H1_FLG_TOK, |
| ['a'] = H1_FLG_TOK, |
| ['b'] = H1_FLG_TOK, |
| ['c'] = H1_FLG_TOK, |
| ['d'] = H1_FLG_TOK, |
| ['e'] = H1_FLG_TOK, |
| ['f'] = H1_FLG_TOK, |
| ['g'] = H1_FLG_TOK, |
| ['h'] = H1_FLG_TOK, |
| ['i'] = H1_FLG_TOK, |
| ['j'] = H1_FLG_TOK, |
| ['k'] = H1_FLG_TOK, |
| ['l'] = H1_FLG_TOK, |
| ['m'] = H1_FLG_TOK, |
| ['n'] = H1_FLG_TOK, |
| ['o'] = H1_FLG_TOK, |
| ['p'] = H1_FLG_TOK, |
| ['q'] = H1_FLG_TOK, |
| ['r'] = H1_FLG_TOK, |
| ['s'] = H1_FLG_TOK, |
| ['t'] = H1_FLG_TOK, |
| ['u'] = H1_FLG_TOK, |
| ['v'] = H1_FLG_TOK, |
| ['w'] = H1_FLG_TOK, |
| ['x'] = H1_FLG_TOK, |
| ['y'] = H1_FLG_TOK, |
| ['z'] = H1_FLG_TOK, |
| ['{'] = H1_FLG_SEP, |
| ['|'] = H1_FLG_TOK, |
| ['}'] = H1_FLG_SEP, |
| ['~'] = H1_FLG_TOK, |
| [127] = H1_FLG_CTL, |
| }; |
| |
| |
| /* |
| * This function parses a status line between <ptr> and <end>, starting with |
| * parser state <state>. Only states HTTP_MSG_RPVER, HTTP_MSG_RPVER_SP, |
| * HTTP_MSG_RPCODE, HTTP_MSG_RPCODE_SP and HTTP_MSG_RPREASON are handled. Others |
| * will give undefined results. |
| * Note that it is upon the caller's responsibility to ensure that ptr < end, |
| * and that msg->sol points to the beginning of the response. |
| * If a complete line is found (which implies that at least one CR or LF is |
| * found before <end>, the updated <ptr> is returned, otherwise NULL is |
| * returned indicating an incomplete line (which does not mean that parts have |
| * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are |
| * non-NULL, they are fed with the new <ptr> and <state> values to be passed |
| * upon next call. |
| * |
| * This function was intentionally designed to be called from |
| * http_msg_analyzer() with the lowest overhead. It should integrate perfectly |
| * within its state machine and use the same macros, hence the need for same |
| * labels and variable names. Note that msg->sol is left unchanged. |
| */ |
| const char *http_parse_stsline(struct http_msg *msg, |
| enum h1_state state, const char *ptr, const char *end, |
| unsigned int *ret_ptr, enum h1_state *ret_state) |
| { |
| const char *msg_start = ci_head(msg->chn); |
| |
| switch (state) { |
| case HTTP_MSG_RPVER: |
| http_msg_rpver: |
| if (likely(HTTP_IS_VER_TOKEN(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpver, http_msg_ood, state, HTTP_MSG_RPVER); |
| |
| if (likely(HTTP_IS_SPHT(*ptr))) { |
| msg->sl.st.v_l = ptr - msg_start; |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpver_sp, http_msg_ood, state, HTTP_MSG_RPVER_SP); |
| } |
| msg->err_state = HTTP_MSG_RPVER; |
| state = HTTP_MSG_ERROR; |
| break; |
| |
| case HTTP_MSG_RPVER_SP: |
| http_msg_rpver_sp: |
| if (likely(!HTTP_IS_LWS(*ptr))) { |
| msg->sl.st.c = ptr - msg_start; |
| goto http_msg_rpcode; |
| } |
| if (likely(HTTP_IS_SPHT(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpver_sp, http_msg_ood, state, HTTP_MSG_RPVER_SP); |
| /* so it's a CR/LF, this is invalid */ |
| msg->err_state = HTTP_MSG_RPVER_SP; |
| state = HTTP_MSG_ERROR; |
| break; |
| |
| case HTTP_MSG_RPCODE: |
| http_msg_rpcode: |
| if (likely(!HTTP_IS_LWS(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpcode, http_msg_ood, state, HTTP_MSG_RPCODE); |
| |
| if (likely(HTTP_IS_SPHT(*ptr))) { |
| msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c; |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpcode_sp, http_msg_ood, state, HTTP_MSG_RPCODE_SP); |
| } |
| |
| /* so it's a CR/LF, so there is no reason phrase */ |
| msg->sl.st.c_l = ptr - msg_start - msg->sl.st.c; |
| http_msg_rsp_reason: |
| /* FIXME: should we support HTTP responses without any reason phrase ? */ |
| msg->sl.st.r = ptr - msg_start; |
| msg->sl.st.r_l = 0; |
| goto http_msg_rpline_eol; |
| |
| case HTTP_MSG_RPCODE_SP: |
| http_msg_rpcode_sp: |
| if (likely(!HTTP_IS_LWS(*ptr))) { |
| msg->sl.st.r = ptr - msg_start; |
| goto http_msg_rpreason; |
| } |
| if (likely(HTTP_IS_SPHT(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpcode_sp, http_msg_ood, state, HTTP_MSG_RPCODE_SP); |
| /* so it's a CR/LF, so there is no reason phrase */ |
| goto http_msg_rsp_reason; |
| |
| case HTTP_MSG_RPREASON: |
| http_msg_rpreason: |
| if (likely(!HTTP_IS_CRLF(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpreason, http_msg_ood, state, HTTP_MSG_RPREASON); |
| msg->sl.st.r_l = ptr - msg_start - msg->sl.st.r; |
| http_msg_rpline_eol: |
| /* We have seen the end of line. Note that we do not |
| * necessarily have the \n yet, but at least we know that we |
| * have EITHER \r OR \n, otherwise the response would not be |
| * complete. We can then record the response length and return |
| * to the caller which will be able to register it. |
| */ |
| msg->sl.st.l = ptr - msg_start - msg->sol; |
| return ptr; |
| |
| default: |
| #ifdef DEBUG_FULL |
| fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state); |
| exit(1); |
| #endif |
| ; |
| } |
| |
| http_msg_ood: |
| /* out of valid data */ |
| if (ret_state) |
| *ret_state = state; |
| if (ret_ptr) |
| *ret_ptr = ptr - msg_start; |
| return NULL; |
| } |
| |
| /* |
| * This function parses a request line between <ptr> and <end>, starting with |
| * parser state <state>. Only states HTTP_MSG_RQMETH, HTTP_MSG_RQMETH_SP, |
| * HTTP_MSG_RQURI, HTTP_MSG_RQURI_SP and HTTP_MSG_RQVER are handled. Others |
| * will give undefined results. |
| * Note that it is upon the caller's responsibility to ensure that ptr < end, |
| * and that msg->sol points to the beginning of the request. |
| * If a complete line is found (which implies that at least one CR or LF is |
| * found before <end>, the updated <ptr> is returned, otherwise NULL is |
| * returned indicating an incomplete line (which does not mean that parts have |
| * not been updated). In the incomplete case, if <ret_ptr> or <ret_state> are |
| * non-NULL, they are fed with the new <ptr> and <state> values to be passed |
| * upon next call. |
| * |
| * This function was intentionally designed to be called from |
| * http_msg_analyzer() with the lowest overhead. It should integrate perfectly |
| * within its state machine and use the same macros, hence the need for same |
| * labels and variable names. Note that msg->sol is left unchanged. |
| */ |
| const char *http_parse_reqline(struct http_msg *msg, |
| enum h1_state state, const char *ptr, const char *end, |
| unsigned int *ret_ptr, enum h1_state *ret_state) |
| { |
| const char *msg_start = ci_head(msg->chn); |
| |
| switch (state) { |
| case HTTP_MSG_RQMETH: |
| http_msg_rqmeth: |
| if (likely(HTTP_IS_TOKEN(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rqmeth, http_msg_ood, state, HTTP_MSG_RQMETH); |
| |
| if (likely(HTTP_IS_SPHT(*ptr))) { |
| msg->sl.rq.m_l = ptr - msg_start; |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rqmeth_sp, http_msg_ood, state, HTTP_MSG_RQMETH_SP); |
| } |
| |
| if (likely(HTTP_IS_CRLF(*ptr))) { |
| /* HTTP 0.9 request */ |
| msg->sl.rq.m_l = ptr - msg_start; |
| http_msg_req09_uri: |
| msg->sl.rq.u = ptr - msg_start; |
| http_msg_req09_uri_e: |
| msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u; |
| http_msg_req09_ver: |
| msg->sl.rq.v = ptr - msg_start; |
| msg->sl.rq.v_l = 0; |
| goto http_msg_rqline_eol; |
| } |
| msg->err_state = HTTP_MSG_RQMETH; |
| state = HTTP_MSG_ERROR; |
| break; |
| |
| case HTTP_MSG_RQMETH_SP: |
| http_msg_rqmeth_sp: |
| if (likely(!HTTP_IS_LWS(*ptr))) { |
| msg->sl.rq.u = ptr - msg_start; |
| goto http_msg_rquri; |
| } |
| if (likely(HTTP_IS_SPHT(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rqmeth_sp, http_msg_ood, state, HTTP_MSG_RQMETH_SP); |
| /* so it's a CR/LF, meaning an HTTP 0.9 request */ |
| goto http_msg_req09_uri; |
| |
| case HTTP_MSG_RQURI: |
| http_msg_rquri: |
| #if defined(__x86_64__) || \ |
| defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) || \ |
| defined(__ARM_ARCH_7A__) |
| /* speedup: skip bytes not between 0x21 and 0x7e inclusive */ |
| while (ptr <= end - sizeof(int)) { |
| int x = *(int *)ptr - 0x21212121; |
| if (x & 0x80808080) |
| break; |
| |
| x -= 0x5e5e5e5e; |
| if (!(x & 0x80808080)) |
| break; |
| |
| ptr += sizeof(int); |
| } |
| #endif |
| if (ptr >= end) { |
| state = HTTP_MSG_RQURI; |
| goto http_msg_ood; |
| } |
| http_msg_rquri2: |
| if (likely((unsigned char)(*ptr - 33) <= 93)) /* 33 to 126 included */ |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rquri2, http_msg_ood, state, HTTP_MSG_RQURI); |
| |
| if (likely(HTTP_IS_SPHT(*ptr))) { |
| msg->sl.rq.u_l = ptr - msg_start - msg->sl.rq.u; |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rquri_sp, http_msg_ood, state, HTTP_MSG_RQURI_SP); |
| } |
| |
| if (likely((unsigned char)*ptr >= 128)) { |
| /* non-ASCII chars are forbidden unless option |
| * accept-invalid-http-request is enabled in the frontend. |
| * In any case, we capture the faulty char. |
| */ |
| if (msg->err_pos < -1) |
| goto invalid_char; |
| if (msg->err_pos == -1) |
| msg->err_pos = ptr - msg_start; |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rquri, http_msg_ood, state, HTTP_MSG_RQURI); |
| } |
| |
| if (likely(HTTP_IS_CRLF(*ptr))) { |
| /* so it's a CR/LF, meaning an HTTP 0.9 request */ |
| goto http_msg_req09_uri_e; |
| } |
| |
| /* OK forbidden chars, 0..31 or 127 */ |
| invalid_char: |
| msg->err_pos = ptr - msg_start; |
| msg->err_state = HTTP_MSG_RQURI; |
| state = HTTP_MSG_ERROR; |
| break; |
| |
| case HTTP_MSG_RQURI_SP: |
| http_msg_rquri_sp: |
| if (likely(!HTTP_IS_LWS(*ptr))) { |
| msg->sl.rq.v = ptr - msg_start; |
| goto http_msg_rqver; |
| } |
| if (likely(HTTP_IS_SPHT(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rquri_sp, http_msg_ood, state, HTTP_MSG_RQURI_SP); |
| /* so it's a CR/LF, meaning an HTTP 0.9 request */ |
| goto http_msg_req09_ver; |
| |
| case HTTP_MSG_RQVER: |
| http_msg_rqver: |
| if (likely(HTTP_IS_VER_TOKEN(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rqver, http_msg_ood, state, HTTP_MSG_RQVER); |
| |
| if (likely(HTTP_IS_CRLF(*ptr))) { |
| msg->sl.rq.v_l = ptr - msg_start - msg->sl.rq.v; |
| http_msg_rqline_eol: |
| /* We have seen the end of line. Note that we do not |
| * necessarily have the \n yet, but at least we know that we |
| * have EITHER \r OR \n, otherwise the request would not be |
| * complete. We can then record the request length and return |
| * to the caller which will be able to register it. |
| */ |
| msg->sl.rq.l = ptr - msg_start - msg->sol; |
| return ptr; |
| } |
| |
| /* neither an HTTP_VER token nor a CRLF */ |
| msg->err_state = HTTP_MSG_RQVER; |
| state = HTTP_MSG_ERROR; |
| break; |
| |
| default: |
| #ifdef DEBUG_FULL |
| fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state); |
| exit(1); |
| #endif |
| ; |
| } |
| |
| http_msg_ood: |
| /* out of valid data */ |
| if (ret_state) |
| *ret_state = state; |
| if (ret_ptr) |
| *ret_ptr = ptr - msg_start; |
| return NULL; |
| } |
| |
| /* |
| * This function parses an HTTP message, either a request or a response, |
| * depending on the initial msg->msg_state. The caller is responsible for |
| * ensuring that the message does not wrap. The function can be preempted |
| * everywhere when data are missing and recalled at the exact same location |
| * with no information loss. The message may even be realigned between two |
| * calls. The header index is re-initialized when switching from |
| * MSG_R[PQ]BEFORE to MSG_RPVER|MSG_RQMETH. It modifies msg->sol among other |
| * fields. Note that msg->sol will be initialized after completing the first |
| * state, so that none of the msg pointers has to be initialized prior to the |
| * first call. |
| */ |
| void http_msg_analyzer(struct http_msg *msg, struct hdr_idx *idx) |
| { |
| enum h1_state state; /* updated only when leaving the FSM */ |
| register const char *ptr, *end; /* request pointers, to avoid dereferences */ |
| char *input = (char *)ci_head(msg->chn); |
| struct buffer *buf; |
| |
| state = msg->msg_state; |
| buf = msg->chn->buf; |
| ptr = input + msg->next; |
| end = b_stop(buf); |
| |
| if (unlikely(ptr >= end)) |
| goto http_msg_ood; |
| |
| switch (state) { |
| /* |
| * First, states that are specific to the response only. |
| * We check them first so that request and headers are |
| * closer to each other (accessed more often). |
| */ |
| case HTTP_MSG_RPBEFORE: |
| http_msg_rpbefore: |
| if (likely(HTTP_IS_TOKEN(*ptr))) { |
| /* we have a start of message, but we have to check |
| * first if we need to remove some CRLF. We can only |
| * do this when o=0. |
| */ |
| if (unlikely(ptr != input)) { |
| if (co_data(msg->chn)) |
| goto http_msg_ood; |
| /* Remove empty leading lines, as recommended by RFC2616. */ |
| b_del(buf, ptr - input); |
| } |
| msg->sol = 0; |
| msg->sl.st.l = 0; /* used in debug mode */ |
| hdr_idx_init(idx); |
| state = HTTP_MSG_RPVER; |
| goto http_msg_rpver; |
| } |
| |
| if (unlikely(!HTTP_IS_CRLF(*ptr))) { |
| state = HTTP_MSG_RPBEFORE; |
| goto http_msg_invalid; |
| } |
| |
| if (unlikely(*ptr == '\n')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpbefore, http_msg_ood, state, HTTP_MSG_RPBEFORE); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpbefore_cr, http_msg_ood, state, HTTP_MSG_RPBEFORE_CR); |
| /* stop here */ |
| |
| case HTTP_MSG_RPBEFORE_CR: |
| http_msg_rpbefore_cr: |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_RPBEFORE_CR); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpbefore, http_msg_ood, state, HTTP_MSG_RPBEFORE); |
| /* stop here */ |
| |
| case HTTP_MSG_RPVER: |
| http_msg_rpver: |
| case HTTP_MSG_RPVER_SP: |
| case HTTP_MSG_RPCODE: |
| case HTTP_MSG_RPCODE_SP: |
| case HTTP_MSG_RPREASON: |
| ptr = (char *)http_parse_stsline(msg, |
| state, ptr, end, |
| &msg->next, &msg->msg_state); |
| if (unlikely(!ptr)) |
| return; |
| |
| /* we have a full response and we know that we have either a CR |
| * or an LF at <ptr>. |
| */ |
| hdr_idx_set_start(idx, msg->sl.st.l, *ptr == '\r'); |
| |
| msg->sol = ptr - input; |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpline_end, http_msg_ood, state, HTTP_MSG_RPLINE_END); |
| goto http_msg_rpline_end; |
| |
| case HTTP_MSG_RPLINE_END: |
| http_msg_rpline_end: |
| /* msg->sol must point to the first of CR or LF. */ |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_RPLINE_END); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_first, http_msg_ood, state, HTTP_MSG_HDR_FIRST); |
| /* stop here */ |
| |
| /* |
| * Second, states that are specific to the request only |
| */ |
| case HTTP_MSG_RQBEFORE: |
| http_msg_rqbefore: |
| if (likely(HTTP_IS_TOKEN(*ptr))) { |
| /* we have a start of message, but we have to check |
| * first if we need to remove some CRLF. We can only |
| * do this when o=0. |
| */ |
| if (likely(ptr != input)) { |
| if (co_data(msg->chn)) |
| goto http_msg_ood; |
| /* Remove empty leading lines, as recommended by RFC2616. */ |
| b_del(buf, ptr - input); |
| } |
| msg->sol = 0; |
| msg->sl.rq.l = 0; /* used in debug mode */ |
| state = HTTP_MSG_RQMETH; |
| goto http_msg_rqmeth; |
| } |
| |
| if (unlikely(!HTTP_IS_CRLF(*ptr))) { |
| state = HTTP_MSG_RQBEFORE; |
| goto http_msg_invalid; |
| } |
| |
| if (unlikely(*ptr == '\n')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rqbefore, http_msg_ood, state, HTTP_MSG_RQBEFORE); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rqbefore_cr, http_msg_ood, state, HTTP_MSG_RQBEFORE_CR); |
| /* stop here */ |
| |
| case HTTP_MSG_RQBEFORE_CR: |
| http_msg_rqbefore_cr: |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_RQBEFORE_CR); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rqbefore, http_msg_ood, state, HTTP_MSG_RQBEFORE); |
| /* stop here */ |
| |
| case HTTP_MSG_RQMETH: |
| http_msg_rqmeth: |
| case HTTP_MSG_RQMETH_SP: |
| case HTTP_MSG_RQURI: |
| case HTTP_MSG_RQURI_SP: |
| case HTTP_MSG_RQVER: |
| ptr = (char *)http_parse_reqline(msg, |
| state, ptr, end, |
| &msg->next, &msg->msg_state); |
| if (unlikely(!ptr)) |
| return; |
| |
| /* we have a full request and we know that we have either a CR |
| * or an LF at <ptr>. |
| */ |
| hdr_idx_set_start(idx, msg->sl.rq.l, *ptr == '\r'); |
| |
| msg->sol = ptr - input; |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rqline_end, http_msg_ood, state, HTTP_MSG_RQLINE_END); |
| goto http_msg_rqline_end; |
| |
| case HTTP_MSG_RQLINE_END: |
| http_msg_rqline_end: |
| /* check for HTTP/0.9 request : no version information available. |
| * msg->sol must point to the first of CR or LF. |
| */ |
| if (unlikely(msg->sl.rq.v_l == 0)) |
| goto http_msg_last_lf; |
| |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_RQLINE_END); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_first, http_msg_ood, state, HTTP_MSG_HDR_FIRST); |
| /* stop here */ |
| |
| /* |
| * Common states below |
| */ |
| case HTTP_MSG_HDR_FIRST: |
| http_msg_hdr_first: |
| msg->sol = ptr - input; |
| if (likely(!HTTP_IS_CRLF(*ptr))) { |
| goto http_msg_hdr_name; |
| } |
| |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_last_lf, http_msg_ood, state, HTTP_MSG_LAST_LF); |
| goto http_msg_last_lf; |
| |
| case HTTP_MSG_HDR_NAME: |
| http_msg_hdr_name: |
| /* assumes msg->sol points to the first char */ |
| if (likely(HTTP_IS_TOKEN(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_name, http_msg_ood, state, HTTP_MSG_HDR_NAME); |
| |
| if (likely(*ptr == ':')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_sp, http_msg_ood, state, HTTP_MSG_HDR_L1_SP); |
| |
| if (likely(msg->err_pos < -1) || *ptr == '\n') { |
| state = HTTP_MSG_HDR_NAME; |
| goto http_msg_invalid; |
| } |
| |
| if (msg->err_pos == -1) /* capture error pointer */ |
| msg->err_pos = ptr - input; /* >= 0 now */ |
| |
| /* and we still accept this non-token character */ |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_name, http_msg_ood, state, HTTP_MSG_HDR_NAME); |
| |
| case HTTP_MSG_HDR_L1_SP: |
| http_msg_hdr_l1_sp: |
| /* assumes msg->sol points to the first char */ |
| if (likely(HTTP_IS_SPHT(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_sp, http_msg_ood, state, HTTP_MSG_HDR_L1_SP); |
| |
| /* header value can be basically anything except CR/LF */ |
| msg->sov = ptr - input; |
| |
| if (likely(!HTTP_IS_CRLF(*ptr))) { |
| goto http_msg_hdr_val; |
| } |
| |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_lf, http_msg_ood, state, HTTP_MSG_HDR_L1_LF); |
| goto http_msg_hdr_l1_lf; |
| |
| case HTTP_MSG_HDR_L1_LF: |
| http_msg_hdr_l1_lf: |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_HDR_L1_LF); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_lws, http_msg_ood, state, HTTP_MSG_HDR_L1_LWS); |
| |
| case HTTP_MSG_HDR_L1_LWS: |
| http_msg_hdr_l1_lws: |
| if (likely(HTTP_IS_SPHT(*ptr))) { |
| /* replace HT,CR,LF with spaces */ |
| for (; input + msg->sov < ptr; msg->sov++) |
| input[msg->sov] = ' '; |
| goto http_msg_hdr_l1_sp; |
| } |
| /* we had a header consisting only in spaces ! */ |
| msg->eol = msg->sov; |
| goto http_msg_complete_header; |
| |
| case HTTP_MSG_HDR_VAL: |
| http_msg_hdr_val: |
| /* assumes msg->sol points to the first char, and msg->sov |
| * points to the first character of the value. |
| */ |
| |
| /* speedup: we'll skip packs of 4 or 8 bytes not containing bytes 0x0D |
| * and lower. In fact since most of the time is spent in the loop, we |
| * also remove the sign bit test so that bytes 0x8e..0x0d break the |
| * loop, but we don't care since they're very rare in header values. |
| */ |
| #if defined(__x86_64__) |
| while (ptr <= end - sizeof(long)) { |
| if ((*(long *)ptr - 0x0e0e0e0e0e0e0e0eULL) & 0x8080808080808080ULL) |
| goto http_msg_hdr_val2; |
| ptr += sizeof(long); |
| } |
| #endif |
| #if defined(__x86_64__) || \ |
| defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) || \ |
| defined(__ARM_ARCH_7A__) |
| while (ptr <= end - sizeof(int)) { |
| if ((*(int*)ptr - 0x0e0e0e0e) & 0x80808080) |
| goto http_msg_hdr_val2; |
| ptr += sizeof(int); |
| } |
| #endif |
| if (ptr >= end) { |
| state = HTTP_MSG_HDR_VAL; |
| goto http_msg_ood; |
| } |
| http_msg_hdr_val2: |
| if (likely(!HTTP_IS_CRLF(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_val2, http_msg_ood, state, HTTP_MSG_HDR_VAL); |
| |
| msg->eol = ptr - input; |
| /* Note: we could also copy eol into ->eoh so that we have the |
| * real header end in case it ends with lots of LWS, but is this |
| * really needed ? |
| */ |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l2_lf, http_msg_ood, state, HTTP_MSG_HDR_L2_LF); |
| goto http_msg_hdr_l2_lf; |
| |
| case HTTP_MSG_HDR_L2_LF: |
| http_msg_hdr_l2_lf: |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_HDR_L2_LF); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l2_lws, http_msg_ood, state, HTTP_MSG_HDR_L2_LWS); |
| |
| case HTTP_MSG_HDR_L2_LWS: |
| http_msg_hdr_l2_lws: |
| if (unlikely(HTTP_IS_SPHT(*ptr))) { |
| /* LWS: replace HT,CR,LF with spaces */ |
| for (; input + msg->eol < ptr; msg->eol++) |
| input[msg->eol] = ' '; |
| goto http_msg_hdr_val; |
| } |
| http_msg_complete_header: |
| /* |
| * It was a new header, so the last one is finished. |
| * Assumes msg->sol points to the first char, msg->sov points |
| * to the first character of the value and msg->eol to the |
| * first CR or LF so we know how the line ends. We insert last |
| * header into the index. |
| */ |
| if (unlikely(hdr_idx_add(msg->eol - msg->sol, input[msg->eol] == '\r', |
| idx, idx->tail) < 0)) { |
| state = HTTP_MSG_HDR_L2_LWS; |
| goto http_msg_invalid; |
| } |
| |
| msg->sol = ptr - input; |
| if (likely(!HTTP_IS_CRLF(*ptr))) { |
| goto http_msg_hdr_name; |
| } |
| |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_last_lf, http_msg_ood, state, HTTP_MSG_LAST_LF); |
| goto http_msg_last_lf; |
| |
| case HTTP_MSG_LAST_LF: |
| http_msg_last_lf: |
| /* Assumes msg->sol points to the first of either CR or LF. |
| * Sets ->sov and ->next to the total header length, ->eoh to |
| * the last CRLF, and ->eol to the last CRLF length (1 or 2). |
| */ |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_LAST_LF); |
| ptr++; |
| msg->sov = msg->next = ptr - input; |
| msg->eoh = msg->sol; |
| msg->sol = 0; |
| msg->eol = msg->sov - msg->eoh; |
| msg->msg_state = HTTP_MSG_BODY; |
| return; |
| |
| case HTTP_MSG_ERROR: |
| /* this may only happen if we call http_msg_analyser() twice with an error */ |
| break; |
| |
| default: |
| #ifdef DEBUG_FULL |
| fprintf(stderr, "FIXME !!!! impossible state at %s:%d = %d\n", __FILE__, __LINE__, state); |
| exit(1); |
| #endif |
| ; |
| } |
| http_msg_ood: |
| /* out of data */ |
| msg->msg_state = state; |
| msg->next = ptr - input; |
| return; |
| |
| http_msg_invalid: |
| /* invalid message */ |
| msg->err_state = state; |
| msg->msg_state = HTTP_MSG_ERROR; |
| msg->next = ptr - input; |
| return; |
| } |
| |
| /* This function parses a contiguous HTTP/1 headers block starting at <start> |
| * and ending before <stop>, at once, and converts it a list of (name,value) |
| * pairs representing header fields into the array <hdr> of size <hdr_num>, |
| * whose last entry will have an empty name and an empty value. If <hdr_num> is |
| * too small to represent the whole message, an error is returned. If <h1m> is |
| * not NULL, some protocol elements such as content-length and transfer-encoding |
| * will be parsed and stored there as well. |
| * |
| * For now it's limited to the response. If the header block is incomplete, |
| * 0 is returned, waiting to be called again with more data to try it again. |
| * |
| * The code derived from the main HTTP/1 parser above but was simplified and |
| * optimized to process responses produced or forwarded by haproxy. The caller |
| * is responsible for ensuring that the message doesn't wrap, and should ensure |
| * it is complete to avoid having to retry the operation after a failed |
| * attempt. The message is not supposed to be invalid, which is why a few |
| * properties such as the character set used in the header field names are not |
| * checked. In case of an unparsable response message, a negative value will be |
| * returned with h1m->err_pos and h1m->err_state matching the location and |
| * state where the error was met. Leading blank likes are tolerated but not |
| * recommended. |
| * |
| * This function returns : |
| * -1 in case of error. In this case, h1m->err_state is filled (if h1m is |
| * set) with the state the error occurred in and h2-m>err_pos with the |
| * the position relative to <start> |
| * -2 if the output is full (hdr_num reached). err_state and err_pos also |
| * indicate where it failed. |
| * 0 in case of missing data. |
| * > 0 on success, it then corresponds to the number of bytes read since |
| * <start> so that the caller can go on with the payload. |
| */ |
| int h1_headers_to_hdr_list(char *start, const char *stop, |
| struct http_hdr *hdr, unsigned int hdr_num, |
| struct h1m *h1m) |
| { |
| enum h1_state state = HTTP_MSG_RPBEFORE; |
| register char *ptr = start; |
| register const char *end = stop; |
| unsigned int hdr_count = 0; |
| unsigned int code = 0; /* status code, ASCII form */ |
| unsigned int st_c; /* beginning of status code, relative to msg_start */ |
| unsigned int st_c_l; /* length of status code */ |
| unsigned int sol = 0; /* start of line */ |
| unsigned int col = 0; /* position of the colon */ |
| unsigned int eol = 0; /* end of line */ |
| unsigned int sov = 0; /* start of value */ |
| unsigned int skip = 0; /* number of bytes skipped at the beginning */ |
| struct ist n, v; /* header name and value during parsing */ |
| |
| if (unlikely(ptr >= end)) |
| goto http_msg_ood; |
| |
| switch (state) { |
| case HTTP_MSG_RPBEFORE: |
| http_msg_rpbefore: |
| if (likely(HTTP_IS_TOKEN(*ptr))) { |
| /* we have a start of message, we may have skipped some |
| * heading CRLF. Skip them now. |
| */ |
| skip += ptr - start; |
| start = ptr; |
| |
| sol = 0; |
| hdr_count = 0; |
| state = HTTP_MSG_RPVER; |
| goto http_msg_rpver; |
| } |
| |
| if (unlikely(!HTTP_IS_CRLF(*ptr))) { |
| state = HTTP_MSG_RPBEFORE; |
| goto http_msg_invalid; |
| } |
| |
| if (unlikely(*ptr == '\n')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpbefore, http_msg_ood, state, HTTP_MSG_RPBEFORE); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpbefore_cr, http_msg_ood, state, HTTP_MSG_RPBEFORE_CR); |
| /* stop here */ |
| |
| case HTTP_MSG_RPBEFORE_CR: |
| http_msg_rpbefore_cr: |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_RPBEFORE_CR); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpbefore, http_msg_ood, state, HTTP_MSG_RPBEFORE); |
| /* stop here */ |
| |
| case HTTP_MSG_RPVER: |
| http_msg_rpver: |
| if (likely(HTTP_IS_VER_TOKEN(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpver, http_msg_ood, state, HTTP_MSG_RPVER); |
| |
| if (likely(HTTP_IS_SPHT(*ptr))) { |
| /* version length = ptr - start */ |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpver_sp, http_msg_ood, state, HTTP_MSG_RPVER_SP); |
| } |
| state = HTTP_MSG_RPVER; |
| goto http_msg_invalid; |
| |
| case HTTP_MSG_RPVER_SP: |
| http_msg_rpver_sp: |
| if (likely(!HTTP_IS_LWS(*ptr))) { |
| code = 0; |
| st_c = ptr - start; |
| goto http_msg_rpcode; |
| } |
| if (likely(HTTP_IS_SPHT(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpver_sp, http_msg_ood, state, HTTP_MSG_RPVER_SP); |
| /* so it's a CR/LF, this is invalid */ |
| state = HTTP_MSG_RPVER_SP; |
| goto http_msg_invalid; |
| |
| case HTTP_MSG_RPCODE: |
| http_msg_rpcode: |
| if (likely(HTTP_IS_DIGIT(*ptr))) { |
| code = code * 10 + *ptr - '0'; |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpcode, http_msg_ood, state, HTTP_MSG_RPCODE); |
| } |
| |
| if (unlikely(!HTTP_IS_LWS(*ptr))) { |
| state = HTTP_MSG_RPCODE; |
| goto http_msg_invalid; |
| } |
| |
| if (likely(HTTP_IS_SPHT(*ptr))) { |
| st_c_l = ptr - start - st_c; |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpcode_sp, http_msg_ood, state, HTTP_MSG_RPCODE_SP); |
| } |
| |
| /* so it's a CR/LF, so there is no reason phrase */ |
| st_c_l = ptr - start - st_c; |
| |
| http_msg_rsp_reason: |
| /* reason = ptr - start; */ |
| /* reason length = 0 */ |
| goto http_msg_rpline_eol; |
| |
| case HTTP_MSG_RPCODE_SP: |
| http_msg_rpcode_sp: |
| if (likely(!HTTP_IS_LWS(*ptr))) { |
| /* reason = ptr - start */ |
| goto http_msg_rpreason; |
| } |
| if (likely(HTTP_IS_SPHT(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpcode_sp, http_msg_ood, state, HTTP_MSG_RPCODE_SP); |
| /* so it's a CR/LF, so there is no reason phrase */ |
| goto http_msg_rsp_reason; |
| |
| case HTTP_MSG_RPREASON: |
| http_msg_rpreason: |
| if (likely(!HTTP_IS_CRLF(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpreason, http_msg_ood, state, HTTP_MSG_RPREASON); |
| /* reason length = ptr - start - reason */ |
| http_msg_rpline_eol: |
| /* We have seen the end of line. Note that we do not |
| * necessarily have the \n yet, but at least we know that we |
| * have EITHER \r OR \n, otherwise the response would not be |
| * complete. We can then record the response length and return |
| * to the caller which will be able to register it. |
| */ |
| |
| if (unlikely(hdr_count >= hdr_num)) { |
| state = HTTP_MSG_RPREASON; |
| goto http_output_full; |
| } |
| http_set_hdr(&hdr[hdr_count++], ist(":status"), ist2(start + st_c, st_c_l)); |
| if (h1m) |
| h1m->status = code; |
| |
| sol = ptr - start; |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_rpline_end, http_msg_ood, state, HTTP_MSG_RPLINE_END); |
| goto http_msg_rpline_end; |
| |
| case HTTP_MSG_RPLINE_END: |
| http_msg_rpline_end: |
| /* sol must point to the first of CR or LF. */ |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_RPLINE_END); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_first, http_msg_ood, state, HTTP_MSG_HDR_FIRST); |
| /* stop here */ |
| |
| case HTTP_MSG_HDR_FIRST: |
| http_msg_hdr_first: |
| sol = ptr - start; |
| if (likely(!HTTP_IS_CRLF(*ptr))) { |
| goto http_msg_hdr_name; |
| } |
| |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_last_lf, http_msg_ood, state, HTTP_MSG_LAST_LF); |
| goto http_msg_last_lf; |
| |
| case HTTP_MSG_HDR_NAME: |
| http_msg_hdr_name: |
| /* assumes sol points to the first char */ |
| if (likely(HTTP_IS_TOKEN(*ptr))) { |
| /* turn it to lower case if needed */ |
| if (isupper((unsigned char)*ptr)) |
| *ptr = tolower(*ptr); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_name, http_msg_ood, state, HTTP_MSG_HDR_NAME); |
| } |
| |
| if (likely(*ptr == ':')) { |
| col = ptr - start; |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_sp, http_msg_ood, state, HTTP_MSG_HDR_L1_SP); |
| } |
| |
| if (HTTP_IS_LWS(*ptr)) { |
| state = HTTP_MSG_HDR_NAME; |
| goto http_msg_invalid; |
| } |
| |
| /* now we have a non-token character in the header field name, |
| * it's up to the H1 layer to have decided whether or not it |
| * was acceptable. If we find it here, it was considered |
| * acceptable due to configuration rules so we obey. |
| */ |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_name, http_msg_ood, state, HTTP_MSG_HDR_NAME); |
| |
| case HTTP_MSG_HDR_L1_SP: |
| http_msg_hdr_l1_sp: |
| /* assumes sol points to the first char */ |
| if (likely(HTTP_IS_SPHT(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_sp, http_msg_ood, state, HTTP_MSG_HDR_L1_SP); |
| |
| /* header value can be basically anything except CR/LF */ |
| sov = ptr - start; |
| |
| if (likely(!HTTP_IS_CRLF(*ptr))) { |
| goto http_msg_hdr_val; |
| } |
| |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_lf, http_msg_ood, state, HTTP_MSG_HDR_L1_LF); |
| goto http_msg_hdr_l1_lf; |
| |
| case HTTP_MSG_HDR_L1_LF: |
| http_msg_hdr_l1_lf: |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_HDR_L1_LF); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l1_lws, http_msg_ood, state, HTTP_MSG_HDR_L1_LWS); |
| |
| case HTTP_MSG_HDR_L1_LWS: |
| http_msg_hdr_l1_lws: |
| if (likely(HTTP_IS_SPHT(*ptr))) { |
| /* replace HT,CR,LF with spaces */ |
| for (; start + sov < ptr; sov++) |
| start[sov] = ' '; |
| goto http_msg_hdr_l1_sp; |
| } |
| /* we had a header consisting only in spaces ! */ |
| eol = sov; |
| goto http_msg_complete_header; |
| |
| case HTTP_MSG_HDR_VAL: |
| http_msg_hdr_val: |
| /* assumes sol points to the first char, and sov |
| * points to the first character of the value. |
| */ |
| |
| /* speedup: we'll skip packs of 4 or 8 bytes not containing bytes 0x0D |
| * and lower. In fact since most of the time is spent in the loop, we |
| * also remove the sign bit test so that bytes 0x8e..0x0d break the |
| * loop, but we don't care since they're very rare in header values. |
| */ |
| #if defined(__x86_64__) |
| while (ptr <= end - sizeof(long)) { |
| if ((*(long *)ptr - 0x0e0e0e0e0e0e0e0eULL) & 0x8080808080808080ULL) |
| goto http_msg_hdr_val2; |
| ptr += sizeof(long); |
| } |
| #endif |
| #if defined(__x86_64__) || \ |
| defined(__i386__) || defined(__i486__) || defined(__i586__) || defined(__i686__) || \ |
| defined(__ARM_ARCH_7A__) |
| while (ptr <= end - sizeof(int)) { |
| if ((*(int*)ptr - 0x0e0e0e0e) & 0x80808080) |
| goto http_msg_hdr_val2; |
| ptr += sizeof(int); |
| } |
| #endif |
| if (ptr >= end) { |
| state = HTTP_MSG_HDR_VAL; |
| goto http_msg_ood; |
| } |
| http_msg_hdr_val2: |
| if (likely(!HTTP_IS_CRLF(*ptr))) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_val2, http_msg_ood, state, HTTP_MSG_HDR_VAL); |
| |
| eol = ptr - start; |
| /* Note: we could also copy eol into ->eoh so that we have the |
| * real header end in case it ends with lots of LWS, but is this |
| * really needed ? |
| */ |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l2_lf, http_msg_ood, state, HTTP_MSG_HDR_L2_LF); |
| goto http_msg_hdr_l2_lf; |
| |
| case HTTP_MSG_HDR_L2_LF: |
| http_msg_hdr_l2_lf: |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_HDR_L2_LF); |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_hdr_l2_lws, http_msg_ood, state, HTTP_MSG_HDR_L2_LWS); |
| |
| case HTTP_MSG_HDR_L2_LWS: |
| http_msg_hdr_l2_lws: |
| if (unlikely(HTTP_IS_SPHT(*ptr))) { |
| /* LWS: replace HT,CR,LF with spaces */ |
| for (; start + eol < ptr; eol++) |
| start[eol] = ' '; |
| goto http_msg_hdr_val; |
| } |
| http_msg_complete_header: |
| /* |
| * It was a new header, so the last one is finished. Assumes |
| * <sol> points to the first char of the name, <col> to the |
| * colon, <sov> points to the first character of the value and |
| * <eol> to the first CR or LF so we know how the line ends. We |
| * will trim spaces around the value. It's possible to do it by |
| * adjusting <eol> and <sov> which are no more used after this. |
| * We can add the header field to the list. |
| */ |
| while (sov < eol && HTTP_IS_LWS(start[sov])) |
| sov++; |
| |
| while (eol - 1 > sov && HTTP_IS_LWS(start[eol - 1])) |
| eol--; |
| |
| |
| n = ist2(start + sol, col - sol); |
| v = ist2(start + sov, eol - sov); |
| |
| if (unlikely(hdr_count >= hdr_num)) { |
| state = HTTP_MSG_HDR_L2_LWS; |
| goto http_output_full; |
| } |
| http_set_hdr(&hdr[hdr_count++], n, v); |
| |
| if (h1m) { |
| long long cl; |
| |
| if (h1m->status >= 100 && h1m->status < 200) |
| h1m->curr_len = h1m->body_len = 0; |
| else if (h1m->status == 304 || h1m->status == 204) { |
| /* no contents, claim c-len is present and set to zero */ |
| h1m->flags |= H1_MF_CLEN; |
| h1m->curr_len = h1m->body_len = 0; |
| } |
| else if (isteq(n, ist("transfer-encoding"))) { |
| h1m->flags &= ~H1_MF_CLEN; |
| h1m->flags |= H1_MF_CHNK; |
| } |
| else if (isteq(n, ist("content-length")) && !(h1m->flags & H1_MF_CHNK)) { |
| h1m->flags |= H1_MF_CLEN; |
| strl2llrc(v.ptr, v.len, &cl); |
| h1m->curr_len = h1m->body_len = cl; |
| } |
| } |
| |
| sol = ptr - start; |
| if (likely(!HTTP_IS_CRLF(*ptr))) |
| goto http_msg_hdr_name; |
| |
| if (likely(*ptr == '\r')) |
| EAT_AND_JUMP_OR_RETURN(ptr, end, http_msg_last_lf, http_msg_ood, state, HTTP_MSG_LAST_LF); |
| goto http_msg_last_lf; |
| |
| case HTTP_MSG_LAST_LF: |
| http_msg_last_lf: |
| EXPECT_LF_HERE(ptr, http_msg_invalid, state, HTTP_MSG_LAST_LF); |
| ptr++; |
| /* <ptr> now points to the first byte of payload. If needed sol |
| * still points to the first of either CR or LF of the empty |
| * line ending the headers block. |
| */ |
| if (unlikely(hdr_count >= hdr_num)) { |
| state = HTTP_MSG_LAST_LF; |
| goto http_output_full; |
| } |
| http_set_hdr(&hdr[hdr_count++], ist(""), ist("")); |
| state = HTTP_MSG_BODY; |
| break; |
| |
| default: |
| /* impossible states */ |
| goto http_msg_invalid; |
| } |
| |
| /* reaching here, we've parsed the whole message and the state is |
| * HTTP_MSG_BODY. |
| */ |
| return ptr - start + skip; |
| |
| http_msg_ood: |
| /* out of data at <ptr> during state <state> */ |
| return 0; |
| |
| http_msg_invalid: |
| /* invalid message, error at <ptr> */ |
| if (h1m) { |
| h1m->err_state = state; |
| h1m->err_pos = ptr - start + skip; |
| } |
| return -1; |
| |
| http_output_full: |
| /* no more room to store the current header, error at <ptr> */ |
| if (h1m) { |
| h1m->err_state = state; |
| h1m->err_pos = ptr - start + skip; |
| } |
| return -2; |
| } |
| |
| /* This function performs a very minimal parsing of the trailers block present |
| * at offset <ofs> in <buf> for up to <max> bytes, and returns the number of |
| * bytes to delete to skip the trailers. It may return 0 if it's missing some |
| * input data, or < 0 in case of parse error (in which case the caller may have |
| * to decide how to proceed, possibly eating everything). |
| */ |
| int h1_measure_trailers(const struct buffer *buf, unsigned int ofs, unsigned int max) |
| { |
| const char *stop = b_peek(buf, ofs + max); |
| int count = ofs; |
| |
| while (1) { |
| const char *p1 = NULL, *p2 = NULL; |
| const char *start = b_peek(buf, count); |
| const char *ptr = start; |
| |
| /* scan current line and stop at LF or CRLF */ |
| while (1) { |
| if (ptr == stop) |
| return 0; |
| |
| if (*ptr == '\n') { |
| if (!p1) |
| p1 = ptr; |
| p2 = ptr; |
| break; |
| } |
| |
| if (*ptr == '\r') { |
| if (p1) |
| return -1; |
| p1 = ptr; |
| } |
| |
| ptr = b_next(buf, ptr); |
| } |
| |
| /* after LF; point to beginning of next line */ |
| p2 = b_next(buf, p2); |
| count += b_dist(buf, start, p2); |
| |
| /* LF/CRLF at beginning of line => end of trailers at p2. |
| * Everything was scheduled for forwarding, there's nothing left |
| * from this message. */ |
| if (p1 == start) |
| break; |
| /* OK, next line then */ |
| } |
| return count - ofs; |
| } |
| |
| /* This function skips trailers in the buffer associated with HTTP message |
| * <msg>. The first visited position is msg->next. If the end of the trailers is |
| * found, the function returns >0. So, the caller can automatically schedul it |
| * to be forwarded, and switch msg->msg_state to HTTP_MSG_DONE. If not enough |
| * data are available, the function does not change anything except maybe |
| * msg->sol if it could parse some lines, and returns zero. If a parse error |
| * is encountered, the function returns < 0 and does not change anything except |
| * maybe msg->sol. Note that the message must already be in HTTP_MSG_TRAILERS |
| * state before calling this function, which implies that all non-trailers data |
| * have already been scheduled for forwarding, and that msg->next exactly |
| * matches the length of trailers already parsed and not forwarded. It is also |
| * important to note that this function is designed to be able to parse wrapped |
| * headers at end of buffer. |
| */ |
| int http_forward_trailers(struct http_msg *msg) |
| { |
| const struct buffer *buf = msg->chn->buf; |
| const char *parse = ci_head(msg->chn); |
| const char *stop = b_tail(buf); |
| |
| /* we have msg->next which points to next line. Look for CRLF. But |
| * first, we reset msg->sol */ |
| msg->sol = 0; |
| while (1) { |
| const char *p1 = NULL, *p2 = NULL; |
| const char *start = c_ptr(msg->chn, msg->next + msg->sol); |
| const char *ptr = start; |
| |
| /* scan current line and stop at LF or CRLF */ |
| while (1) { |
| if (ptr == stop) |
| return 0; |
| |
| if (*ptr == '\n') { |
| if (!p1) |
| p1 = ptr; |
| p2 = ptr; |
| break; |
| } |
| |
| if (*ptr == '\r') { |
| if (p1) { |
| msg->err_pos = b_dist(buf, parse, ptr); |
| return -1; |
| } |
| p1 = ptr; |
| } |
| |
| ptr = b_next(buf, ptr); |
| } |
| |
| /* after LF; point to beginning of next line */ |
| p2 = b_next(buf, p2); |
| msg->sol += b_dist(buf, start, p2); |
| |
| /* LF/CRLF at beginning of line => end of trailers at p2. |
| * Everything was scheduled for forwarding, there's nothing left |
| * from this message. */ |
| if (p1 == start) |
| return 1; |
| |
| /* OK, next line then */ |
| } |
| } |