Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / f13ef96e70fc6365fa7bbc078df2393a70bfb2d2 / . / src / hpack-dec.c
blob: 6620570e0dadc8efc8547ae933718056788b7d8c [file] [log] [blame]
/*
* HPACK decompressor (RFC7541)
*
* Copyright (C) 2014-2017 Willy Tarreau <willy@haproxy.org>
* Copyright (C) 2017 HAProxy Technologies
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*/
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <common/hpack-dec.h>
#include <common/hpack-huff.h>
#include <common/hpack-tbl.h>
#include <common/ist.h>
#include <types/global.h>
/* indexes of most important pseudo headers can be simplified to an almost
* linear array by dividing the index by 2 for all values from 1 to 9, and
* caping to 4 for values up to 14 ; thus it fits in a single 24-bit array
* shifted by 3 times the index value/2, or a 32-bit array shifted by 4x.
* Don't change these values, they are assumed by get_pseudo_hdr(). There
* is an entry for the Host header field which is not a pseudo-header but
* need to be tracked as we should only use :authority if it's absent.
*/
enum {
PHDR_IDX_NONE = 0,
PHDR_IDX_AUTH = 1, /* :authority = 1 */
PHDR_IDX_METH = 2, /* :method = 2..3 */
PHDR_IDX_PATH = 3, /* :path = 4..5 */
PHDR_IDX_SCHM = 4, /* :scheme = 6..7 */
PHDR_IDX_STAT = 5, /* :status = 8..14 */
PHDR_IDX_HOST = 6, /* Host, never returned, just a place-holder */
PHDR_NUM_ENTRIES /* must be last */
};
/* bit fields indicating the pseudo-headers found. It also covers the HOST
* header field ad well as any non-pseudo-header field (NONE).
*/
enum {
PHDR_FND_NONE = 1 << PHDR_IDX_NONE, /* found a regular header */
PHDR_FND_AUTH = 1 << PHDR_IDX_AUTH,
PHDR_FND_METH = 1 << PHDR_IDX_METH,
PHDR_FND_PATH = 1 << PHDR_IDX_PATH,
PHDR_FND_SCHM = 1 << PHDR_IDX_SCHM,
PHDR_FND_STAT = 1 << PHDR_IDX_STAT,
PHDR_FND_HOST = 1 << PHDR_IDX_HOST,
};
static const struct ist phdr_names[PHDR_NUM_ENTRIES] = {
{ "", 0},
{ ":authority", 10},
{ ":method", 7},
{ ":path", 5},
{ ":scheme", 7},
{ ":status", 7},
{ "Host", 4},
};
#if defined(DEBUG_HPACK)
#define hpack_debug_printf printf
#else
#define hpack_debug_printf(...) do { } while (0)
#endif
/* reads a varint from <raw>'s lowest <b> bits and <len> bytes max (raw included).
* returns the 32-bit value on success after updating raw_in and len_in. Forces
* len_in to (uint32_t)-1 on truncated input.
*/
static uint32_t get_var_int(const uint8_t **raw_in, uint32_t *len_in, int b)
{
uint32_t ret = 0;
int len = *len_in;
const uint8_t *raw = *raw_in;
uint8_t shift = 0;
len--;
ret = *(raw++) & ((1 << b) - 1);
if (ret != (uint32_t)((1 << b) - 1))
goto end;
while (1) {
if (!len)
goto too_short;
if (!(*raw & 128))
break;
ret += ((uint32_t)(*raw++) & 127) << shift;
shift += 7;
len--;
}
/* last 7 bits */
if (!len)
goto too_short;
len--;
ret += ((uint32_t)(*raw++) & 127) << shift;
end:
*raw_in = raw;
*len_in = len;
return ret;
too_short:
*len_in = (uint32_t)-1;
return 0;
}
/* returns the pseudo-header <str> corresponds to among PHDR_IDX_*, 0 if not a
* pseudo-header, or -1 if not a valid pseudo-header.
*/
static inline int hpack_str_to_phdr(const struct ist str)
{
if (*str.ptr == ':') {
if (isteq(str, ist(":path"))) return PHDR_IDX_PATH;
else if (isteq(str, ist(":method"))) return PHDR_IDX_METH;
else if (isteq(str, ist(":scheme"))) return PHDR_IDX_SCHM;
else if (isteq(str, ist(":status"))) return PHDR_IDX_STAT;
else if (isteq(str, ist(":authority"))) return PHDR_IDX_AUTH;
/* all other names starting with ':' */
return -1;
}
/* not a pseudo header */
return 0;
}
/* returns the pseudo-header <idx> corresponds to among PHDR_IDX_*, or 0 the
* header's string has to be parsed. The magic value at the end comes from
* PHDR_IDX_* values.
*/
static inline int hpack_idx_to_phdr(uint32_t idx)
{
if (idx > 14)
return 0;
idx >>= 1;
idx <<= 2;
return (0x55554321U >> idx) & 0xF;
}
/* Prepare the request line into <*ptr> (stopping at <end>) from pseudo headers
* stored in <phdr[]>. <fields> indicates what was found so far. This should be
* called once at the detection of the first general header field or at the end
* of the request if no general header field was found yet. Returns 0 on success
* or a negative HPACK_ERR_* error code.
*/
static int hpack_prepare_reqline(uint32_t fields, struct ist *phdr, char **ptr, char *end)
{
char *out = *ptr;
int uri_idx = PHDR_IDX_PATH;
if ((fields & PHDR_FND_METH) && isteq(phdr[PHDR_IDX_METH], ist("CONNECT"))) {
/* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path"
* MUST be omitted ; ":authority" contains the host and port
* to connect to.
*/
if (fields & PHDR_FND_SCHM) {
hpack_debug_printf("--:scheme not allowed with CONNECT--\n");
return -HPACK_ERR_SCHEME_NOT_ALLOWED;
}
else if (fields & PHDR_FND_PATH) {
hpack_debug_printf("--:path not allowed with CONNECT--\n");
return -HPACK_ERR_PATH_NOT_ALLOWED;
}
else if (!(fields & PHDR_FND_AUTH)) {
hpack_debug_printf("--CONNECT: missing :authority--\n");
return -HPACK_ERR_MISSING_AUTHORITY;
}
// otherwise OK ; let's use the authority instead of the URI
uri_idx = PHDR_IDX_AUTH;
}
else if ((fields & (PHDR_FND_METH|PHDR_FND_SCHM|PHDR_FND_PATH)) !=
(PHDR_FND_METH|PHDR_FND_SCHM|PHDR_FND_PATH)) {
/* RFC 7540 #8.1.2.3 : all requests MUST include exactly one
* valid value for the ":method", ":scheme" and ":path" phdr
* unless it is a CONNECT request.
*/
if (!(fields & PHDR_FND_METH)) {
hpack_debug_printf("--missing :method--\n");
return -HPACK_ERR_MISSING_METHOD;
}
else if (!(fields & PHDR_FND_SCHM)) {
hpack_debug_printf("--missing :scheme--\n");
return -HPACK_ERR_MISSING_SCHEME;
}
else {
hpack_debug_printf("--missing :path--\n");
return -HPACK_ERR_MISSING_PATH;
}
}
hpack_debug_printf("%s ", istpad(trash.str, phdr[PHDR_IDX_METH]).ptr);
hpack_debug_printf("%s HTTP/1.1\r\n", istpad(trash.str, phdr[uri_idx]).ptr);
if (out + phdr[uri_idx].len + 1 + phdr[uri_idx].len + 11 > end) {
hpack_debug_printf("too large request\n");
return -HPACK_ERR_TOO_LARGE;
}
memcpy(out, phdr[PHDR_IDX_METH].ptr, phdr[PHDR_IDX_METH].len);
out += phdr[PHDR_IDX_METH].len;
*(out++) = ' ';
memcpy(out, phdr[uri_idx].ptr, phdr[uri_idx].len);
out += phdr[uri_idx].len;
memcpy(out, " HTTP/1.1\r\n", 11);
out += 11;
*ptr = out;
return 0;
}
/* only takes care of frames affecting the dynamic table for now and directly
* prints the output on stdout. Writes the output to <out> for at most <osize>
* bytes. Returns the number of bytes written, or < 0 on error, in which case
* the value is the negative of HPACK_ERR_*.
*/
int hpack_decode_frame(struct hpack_dht *dht, const uint8_t *raw, uint32_t len, char *out, int osize)
{
uint32_t idx;
uint32_t nlen;
uint32_t vlen;
uint8_t huff;
uint32_t fields; /* bit mask of PHDR_FND_* */
struct ist name;
struct ist value;
struct ist phdr_str[PHDR_NUM_ENTRIES];
struct chunk *phdr_trash = get_trash_chunk();
struct chunk *tmp = get_trash_chunk();
char *phdr_next = phdr_trash->str;
int phdr;
int must_index;
int ret;
char *out_end = out + osize;
fields = 0;
while (len) {
int code __attribute__((unused)) = *raw; /* first byte, only for debugging */
must_index = 0;
if (*raw >= 0x80) {
/* indexed header field */
if (*raw == 0x80) {
hpack_debug_printf("unhandled code 0x%02x (raw=%p, len=%d)\n", *raw, raw, len);
ret = -HPACK_ERR_UNKNOWN_OPCODE;
goto leave;
}
hpack_debug_printf("%02x: p14: indexed header field : ", code);
idx = get_var_int(&raw, &len, 7);
if (len == (uint32_t)-1) { // truncated
ret = -HPACK_ERR_TRUNCATED;
goto leave;
}
value = hpack_idx_to_value(dht, idx);
phdr = hpack_idx_to_phdr(idx);
if (phdr > 0)
goto phdr_by_idx;
name = hpack_idx_to_name(dht, idx);
phdr = hpack_str_to_phdr(name);
if (phdr > 0)
goto phdr_by_idx;
if (phdr == 0)
goto regular_hdr;
/* invalid pseudo header -- should never happen here */
goto bad_phdr;
}
else if (*raw >= 0x20 && *raw <= 0x3f) {
/* max dyn table size change */
idx = get_var_int(&raw, &len, 5);
if (len == (uint32_t)-1) { // truncated
ret = -HPACK_ERR_TRUNCATED;
goto leave;
}
continue;
}
else if (!(*raw & (*raw - 0x10))) {
/* 0x00, 0x10, and 0x40 (0x20 and 0x80 were already handled above) */
/* literal header field without/never/with incremental indexing -- literal name */
if (*raw == 0x00)
hpack_debug_printf("%02x: p17: literal without indexing : ", code);
else if (*raw == 0x10)
hpack_debug_printf("%02x: p18: literal never indexed : ", code);
else if (*raw == 0x40)
hpack_debug_printf("%02x: p16: literal with indexing : ", code);
if (*raw == 0x40)
must_index = 1;
raw++; len--;
/* retrieve name */
if (!len) { // truncated
ret = -HPACK_ERR_TRUNCATED;
goto leave;
}
huff = *raw & 0x80;
nlen = get_var_int(&raw, &len, 7);
if (len == (uint32_t)-1 || len < nlen) { // truncated
ret = -HPACK_ERR_TRUNCATED;
goto leave;
}
name = ist2(raw, nlen);
raw += nlen;
len -= nlen;
chunk_reset(tmp);
if (huff) {
nlen = huff_dec((const uint8_t *)name.ptr, name.len, tmp->str, tmp->size);
if (nlen == (uint32_t)-1) {
hpack_debug_printf("2: can't decode huffman.\n");
ret = -HPACK_ERR_HUFFMAN;
goto leave;
}
tmp->len += nlen; // make room for the value
name = ist2(tmp->str, nlen);
}
/* retrieve value */
if (!len) { // truncated
ret = -HPACK_ERR_TRUNCATED;
goto leave;
}
huff = *raw & 0x80;
vlen = get_var_int(&raw, &len, 7);
if (len == (uint32_t)-1 || len < vlen) { // truncated
ret = -HPACK_ERR_TRUNCATED;
goto leave;
}
value = ist2(raw, vlen);
raw += vlen;
len -= vlen;
if (huff) {
char *vtrash = chunk_newstr(tmp);
if (!vtrash) {
ret = HPACK_ERR_TOO_LARGE;
goto leave;
}
vlen = huff_dec((const uint8_t *)value.ptr, value.len, vtrash, tmp->str + tmp->size - vtrash);
if (vlen == (uint32_t)-1) {
hpack_debug_printf("3: can't decode huffman.\n");
ret = -HPACK_ERR_HUFFMAN;
goto leave;
}
value = ist2(vtrash, vlen);
}
phdr = hpack_str_to_phdr(name);
if (phdr > 0)
goto phdr_by_idx;
if (phdr == 0)
goto regular_hdr;
/* invalid pseudo header -- should never happen here */
goto bad_phdr;
}
else {
/* 0x01..0x0f : literal header field without indexing -- indexed name */
/* 0x11..0x1f : literal header field never indexed -- indexed name */
/* 0x41..0x7f : literal header field with incremental indexing -- indexed name */
if (*raw <= 0x0f)
hpack_debug_printf("%02x: p16: literal without indexing -- indexed name : ", code);
else if (*raw >= 0x41)
hpack_debug_printf("%02x: p15: literal with indexing -- indexed name : ", code);
else
hpack_debug_printf("%02x: p16: literal never indexed -- indexed name : ", code);
/* retrieve name index */
if (*raw >= 0x41) {
must_index = 1;
idx = get_var_int(&raw, &len, 6);
}
else
idx = get_var_int(&raw, &len, 4);
if (len == (uint32_t)-1 || !len) { // truncated
ret = -HPACK_ERR_TRUNCATED;
goto leave;
}
/* retrieve value */
huff = *raw & 0x80;
vlen = get_var_int(&raw, &len, 7);
if (len == (uint32_t)-1 || len < vlen) { // truncated
ret = -HPACK_ERR_TRUNCATED;
goto leave;
}
value = ist2(raw, vlen);
raw += vlen;
len -= vlen;
if (huff) {
vlen = huff_dec((const uint8_t *)value.ptr, value.len, tmp->str, tmp->size);
if (vlen == (uint32_t)-1) {
hpack_debug_printf("1: can't decode huffman.\n");
ret = -HPACK_ERR_HUFFMAN;
goto leave;
}
value = ist2(tmp->str, vlen);
}
phdr = hpack_idx_to_phdr(idx);
if (phdr > 0)
goto phdr_by_idx;
name = hpack_idx_to_name(dht, idx);
phdr = hpack_str_to_phdr(name);
if (phdr > 0)
goto phdr_by_idx;
if (phdr == 0)
goto regular_hdr;
/* invalid pseudo header -- should never happen here */
goto bad_phdr;
}
phdr_by_idx:
/* insert a pseudo header by its index (in phdr) and value (in value) */
if (fields & ((1 << phdr) | PHDR_FND_NONE)) {
if (fields & PHDR_FND_NONE) {
hpack_debug_printf("%02x: pseudo header field after regular headers : %d\n", code, phdr);
ret = -HPACK_ERR_MISPLACED_PHDR;
goto leave;
}
else {
hpack_debug_printf("%02x: repeated pseudo header field %d\n", code, phdr);
ret = -HPACK_ERR_DUPLICATE_PHDR;
goto leave;
}
}
fields |= 1 << phdr;
if (phdr_next + value.len > phdr_trash->str + phdr_trash->size) {
hpack_debug_printf("too large request\n");
ret = -HPACK_ERR_TOO_LARGE;
goto leave;
}
memcpy(phdr_next, value.ptr, value.len);
phdr_str[phdr].ptr = phdr_next;
phdr_str[phdr].len = value.len;
phdr_next += value.len;
if (must_index && hpack_dht_insert(dht, phdr_names[phdr], value) < 0) {
hpack_debug_printf("failed to find some room in the dynamic table\n");
ret = -HPACK_ERR_DHT_INSERT_FAIL;
goto leave;
}
hpack_debug_printf("phdr=%d(\e[1;34m%s\e[0m) ptr=%d len=%d (\e[1;35m%s\e[0m) [idx=%d, used=%d]\n",
phdr, phdr_names[phdr].ptr,
(int)(phdr_str[phdr].ptr - phdr_trash->str), (int)phdr_str[phdr].len,
istpad(trash.str, phdr_str[phdr]).ptr, must_index, dht->used);
continue;
regular_hdr:
/* regular header field in (name,value) */
if (!(fields & PHDR_FND_NONE)) {
hpack_debug_printf("--end of pseudo-headers--\n");
ret = hpack_prepare_reqline(fields, phdr_str, &out, out_end);
if (ret)
goto leave;
fields |= PHDR_FND_NONE;
}
if (must_index && hpack_dht_insert(dht, name, value) < 0) {
hpack_debug_printf("failed to find some room in the dynamic table\n");
ret = -HPACK_ERR_DHT_INSERT_FAIL;
goto leave;
}
if (isteq(name, ist("host")))
fields |= PHDR_FND_HOST;
if (out + name.len + 2 + value.len + 2 > out_end) {
hpack_debug_printf("too large request\n");
ret = -HPACK_ERR_TOO_LARGE;
goto leave;
}
memcpy(out, name.ptr, name.len);
out += name.len;
*(out++) = ':';
*(out++) = ' ';
memcpy(out, value.ptr, value.len);
out += value.len;
*(out++) = '\r';
*(out++) = '\n';
hpack_debug_printf("\e[1;34m%s\e[0m: ",
istpad(trash.str, name).ptr);
hpack_debug_printf("\e[1;35m%s\e[0m [idx=%d, used=%d]\n",
istpad(trash.str, value).ptr,
must_index, dht->used);
continue;
bad_phdr:
hpack_debug_printf("%02x: invalid pseudo header field %d\n", code, phdr);
ret = -HPACK_ERR_INVALID_PHDR;
goto leave;
}
/* Let's dump the request now if not yet emitted. */
if (!(fields & PHDR_FND_NONE)) {
ret = hpack_prepare_reqline(fields, phdr_str, &out, out_end);
if (ret)
goto leave;
}
/* complete with missing Host if needed */
if ((fields & (PHDR_FND_HOST|PHDR_FND_AUTH)) == PHDR_FND_AUTH) {
/* missing Host field, use :authority instead */
hpack_debug_printf("\e[1;34m%s\e[0m: \e[1;35m%s\e[0m\n", "Host", istpad(trash.str, phdr_str[PHDR_IDX_AUTH]).ptr);
if (out + 6 + phdr_str[PHDR_IDX_AUTH].len + 2 > out_end) {
hpack_debug_printf("too large request\n");
ret = -HPACK_ERR_TOO_LARGE;
goto leave;
}
memcpy(out, "host: ", 6);
memcpy(out + 6, phdr_str[PHDR_IDX_AUTH].ptr, phdr_str[PHDR_IDX_AUTH].len);
out += 6 + phdr_str[PHDR_IDX_AUTH].len;
*(out++) = '\r';
*(out++) = '\n';
}
/* And finish */
if (out + 2 > out_end) {
hpack_debug_printf("too large request\n");
ret = -HPACK_ERR_TOO_LARGE;
goto leave;
}
*(out++) = '\r';
*(out++) = '\n';
hpack_debug_printf("done : %d bytes emitted\n", (int)(out + osize - out_end));
ret = out + osize - out_end;
leave:
return ret;
}