Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 3a9c000738e90f73e5479658dc3987483d8a0f1b / . / src / h2.c
blob: ec8e2fe975c8d4511af642764cf7f60f88f16f70 [file] [log] [blame]
Willy Tarreauf24ea8e2017-11-21 19:55:27 +0100[diff] [blame]1/*
2 * HTTP/2 protocol processing
3 *
4 * Copyright 2017 Willy Tarreau <w@1wt.eu>
5 * Copyright (C) 2017 HAProxy Technologies
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining
8 * a copy of this software and associated documentation files (the
9 * "Software"), to deal in the Software without restriction, including
10 * without limitation the rights to use, copy, modify, merge, publish,
11 * distribute, sublicense, and/or sell copies of the Software, and to
12 * permit persons to whom the Software is furnished to do so, subject to
13 * the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be
16 * included in all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
20 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
23 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
26 */
27
Willy Tarreaua1bd1fa2019-03-29 17:26:33 +0100[diff] [blame]28#include <inttypes.h>
Willy Tarreau4c7e4b72020-05-27 12:58:42 +0200[diff] [blame]29#include <haproxy/api.h>
Willy Tarreaub2551052020-06-09 09:07:15 +0200[diff] [blame]30#include <haproxy/global.h>
Willy Tarreaubf073142020-06-03 12:04:01 +0200[diff] [blame]31#include <haproxy/h2.h>
Willy Tarreau0017be02020-06-02 19:25:28 +0200[diff] [blame]32#include <haproxy/http-hdr-t.h>
Willy Tarreaub2551052020-06-09 09:07:15 +0200[diff] [blame]33#include <haproxy/http.h>
Amaury Denoyelle03534102021-07-07 10:49:28 +0200[diff] [blame]34#include <haproxy/http_htx.h>
Willy Tarreau16f958c2020-06-03 08:44:35 +0200[diff] [blame]35#include <haproxy/htx.h>
Willy Tarreaueb6f7012020-05-27 16:21:26 +0200[diff] [blame]36#include <import/ist.h>
Willy Tarreaub2551052020-06-09 09:07:15 +0200[diff] [blame]37
Willy Tarreauf24ea8e2017-11-21 19:55:27 +0100[diff] [blame]38
Willy Tarreau9c84d822019-01-30 15:09:21 +0100[diff] [blame]39struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = {
40 [H2_FT_DATA ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
41 [H2_FT_HEADERS ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 1, .max_len = H2_MAX_FRAME_LEN, },
42 [H2_FT_PRIORITY ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 5, .max_len = 5, },
43 [H2_FT_RST_STREAM ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
44 [H2_FT_SETTINGS ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
45 [H2_FT_PUSH_PROMISE ] = { .dir = 0, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = H2_MAX_FRAME_LEN, },
46 [H2_FT_PING ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = 8, },
47 [H2_FT_GOAWAY ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = H2_MAX_FRAME_LEN, },
48 [H2_FT_WINDOW_UPDATE] = { .dir = 3, .min_id = 0, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
49 [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
50};
Willy Tarreauf24ea8e2017-11-21 19:55:27 +0100[diff] [blame]51
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]52/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A,
53 * 0x0D), starting at pointer <start> which must be within <ist>. Returns
54 * non-zero if such a character is found, 0 otherwise. When run on unlikely
55 * header match, it's recommended to first check for the presence of control
56 * chars using ist_find_ctl().
57 */
58static int has_forbidden_char(const struct ist ist, const char *start)
59{
60 do {
61 if ((uint8_t)*start <= 0x0d &&
62 (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0)))
63 return 1;
64 start++;
65 } while (start < ist.ptr + ist.len);
66 return 0;
67}
68
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]69/* Parse the Content-Length header field of an HTTP/2 request. The function
70 * checks all possible occurrences of a comma-delimited value, and verifies
71 * if any of them doesn't match a previous value. It returns <0 if a value
72 * differs, 0 if the whole header can be dropped (i.e. already known), or >0
73 * if the value can be indexed (first one). In the last case, the value might
74 * be adjusted and the caller must only add the updated value.
75 */
76int h2_parse_cont_len_header(unsigned int *msgf, struct ist *value, unsigned long long *body_len)
77{
78 char *e, *n;
79 unsigned long long cl;
80 int not_first = !!(*msgf & H2_MSGF_BODY_CL);
81 struct ist word;
82
83 word.ptr = value->ptr - 1; // -1 for next loop's pre-increment
84 e = value->ptr + value->len;
85
86 while (++word.ptr < e) {
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +0500[diff] [blame]87 /* skip leading delimiter and blanks */
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]88 if (unlikely(HTTP_IS_LWS(*word.ptr)))
89 continue;
90
91 /* digits only now */
92 for (cl = 0, n = word.ptr; n < e; n++) {
93 unsigned int c = *n - '0';
94 if (unlikely(c > 9)) {
95 /* non-digit */
96 if (unlikely(n == word.ptr)) // spaces only
97 goto fail;
98 break;
99 }
100 if (unlikely(cl > ULLONG_MAX / 10ULL))
101 goto fail; /* multiply overflow */
102 cl = cl * 10ULL;
103 if (unlikely(cl + c < cl))
104 goto fail; /* addition overflow */
105 cl = cl + c;
106 }
107
108 /* keep a copy of the exact cleaned value */
109 word.len = n - word.ptr;
110
111 /* skip trailing LWS till next comma or EOL */
112 for (; n < e; n++) {
113 if (!HTTP_IS_LWS(*n)) {
114 if (unlikely(*n != ','))
115 goto fail;
116 break;
117 }
118 }
119
120 /* if duplicate, must be equal */
121 if (*msgf & H2_MSGF_BODY_CL && cl != *body_len)
122 goto fail;
123
124 /* OK, store this result as the one to be indexed */
125 *msgf |= H2_MSGF_BODY_CL;
126 *body_len = cl;
127 *value = word;
128 word.ptr = n;
129 }
130 /* here we've reached the end with a single value or a series of
131 * identical values, all matching previous series if any. The last
132 * parsed value was sent back into <value>. We just have to decide
133 * if this occurrence has to be indexed (it's the first one) or
134 * silently skipped (it's not the first one)
135 */
136 return !not_first;
137 fail:
138 return -1;
139}
140
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]141/* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>.
142 * <fields> indicates what was found so far. This should be called once at the
143 * detection of the first general header field or at the end of the request if
144 * no general header field was found yet. Returns the created start line on
145 * success, or NULL on failure. Upon success, <msgf> is updated with a few
146 * H2_MSGF_* flags indicating what was found while parsing.
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]147 *
148 * The rules below deserve a bit of explanation. There tends to be some
149 * confusion regarding H2's authority vs the Host header. They are different
150 * though may sometimes be exchanged. In H2, the request line is broken into :
151 * - :method
152 * - :scheme
153 * - :authority
154 * - :path
155 *
156 * An equivalent HTTP/1.x absolute-form request would then look like :
157 * <:method> <:scheme>://<:authority><:path> HTTP/x.y
158 *
159 * Except for CONNECT which doesn't have scheme nor path and looks like :
160 * <:method> <:authority> HTTP/x.y
161 *
162 * It's worth noting that H2 still supports an encoding to map H1 origin-form
163 * and asterisk-form requests. These ones do not specify the authority. However
164 * in H2 they must still specify the scheme, which is not present in H1. Also,
165 * when encoding an absolute-form H1 request without a path, the path
166 * automatically becomes "/" except for the OPTIONS method where it
167 * becomes "*".
168 *
169 * As such it is explicitly permitted for an H2 client to send a request
170 * featuring a Host header and no :authority, though it's not the recommended
171 * way to use H2 for a client. It is however the only permitted way to encode
172 * an origin-form H1 request over H2. Thus we need to respect such differences
173 * as much as possible when re-encoding the H2 request into HTX.
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]174 */
175static struct htx_sl *h2_prepare_htx_reqline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
176{
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100[diff] [blame]177 struct ist uri, meth_sl;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]178 unsigned int flags = HTX_SL_F_NONE;
179 struct htx_sl *sl;
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100[diff] [blame]180 size_t i;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]181
182 if ((fields & H2_PHDR_FND_METH) && isteq(phdr[H2_PHDR_IDX_METH], ist("CONNECT"))) {
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100[diff] [blame]183 if (fields & H2_PHDR_FND_PROT) {
184 /* rfc 8441 Extended Connect Protocol
185 * #4 :scheme and :path must be present, as well as
186 * :authority like all h2 requests
187 */
188 if (!(fields & H2_PHDR_FND_SCHM)) {
189 /* missing scheme */
190 goto fail;
191 }
192 else if (!(fields & H2_PHDR_FND_PATH)) {
193 /* missing path */
194 goto fail;
195 }
196 else if (!(fields & H2_PHDR_FND_AUTH)) {
197 /* missing authority */
198 goto fail;
199 }
200
201 flags |= HTX_SL_F_HAS_SCHM;
202 if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http")))
203 flags |= HTX_SL_F_SCHM_HTTP;
204 else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https")))
205 flags |= HTX_SL_F_SCHM_HTTPS;
206
207 meth_sl = ist("GET");
208
209 *msgf |= H2_MSGF_EXT_CONNECT;
210 /* no ES on the HEADERS frame but no body either for
211 * Extended CONNECT */
212 *msgf &= ~H2_MSGF_BODY;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]213 }
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100[diff] [blame]214 else {
215 /* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path"
216 * MUST be omitted ; ":authority" contains the host and port
217 * to connect to.
218 */
219 if (fields & H2_PHDR_FND_SCHM) {
220 /* scheme not allowed */
221 goto fail;
222 }
223 else if (fields & H2_PHDR_FND_PATH) {
224 /* path not allowed */
225 goto fail;
226 }
227 else if (!(fields & H2_PHDR_FND_AUTH)) {
228 /* missing authority */
229 goto fail;
230 }
231
232 meth_sl = phdr[H2_PHDR_IDX_METH];
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]233 }
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100[diff] [blame]234
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]235 *msgf |= H2_MSGF_BODY_TUNNEL;
236 }
237 else if ((fields & (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) !=
238 (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) {
239 /* RFC 7540 #8.1.2.3 : all requests MUST include exactly one
240 * valid value for the ":method", ":scheme" and ":path" phdr
241 * unless it is a CONNECT request.
242 */
243 if (!(fields & H2_PHDR_FND_METH)) {
244 /* missing method */
245 goto fail;
246 }
247 else if (!(fields & H2_PHDR_FND_SCHM)) {
248 /* missing scheme */
249 goto fail;
250 }
251 else {
252 /* missing path */
253 goto fail;
254 }
255 }
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]256 else { /* regular methods */
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]257 /* RFC3986#6.2.2.1: scheme is case-insensitive. We need to
258 * classify the scheme as "present/http", "present/https",
259 * "present/other", "absent" so as to decide whether or not
260 * we're facing a normalized URI that will have to be encoded
261 * in origin or absolute form. Indeed, 7540#8.1.2.3 says that
262 * clients should use the absolute form, thus we cannot infer
263 * whether or not the client wanted to use a proxy here.
264 */
265 flags |= HTX_SL_F_HAS_SCHM;
266 if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http")))
267 flags |= HTX_SL_F_SCHM_HTTP;
268 else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https")))
269 flags |= HTX_SL_F_SCHM_HTTPS;
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100[diff] [blame]270
271 meth_sl = phdr[H2_PHDR_IDX_METH];
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]272 }
273
274 if (!(flags & HTX_SL_F_HAS_SCHM)) {
275 /* no scheme, use authority only (CONNECT) */
276 uri = phdr[H2_PHDR_IDX_AUTH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200[diff] [blame]277 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]278 }
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200[diff] [blame]279 else if (fields & H2_PHDR_FND_AUTH) {
280 /* authority is present, let's use the absolute form. We simply
281 * use the trash to concatenate them since all of them MUST fit
282 * in a bufsize since it's where they come from.
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]283 */
Willy Tarreaufd2658c2020-02-26 13:51:38 +0100[diff] [blame]284 if (unlikely(!phdr[H2_PHDR_IDX_PATH].len))
285 goto fail; // 7540#8.1.2.3: :path must not be empty
286
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]287 uri = ist2bin(trash.area, phdr[H2_PHDR_IDX_SCHM]);
288 istcat(&uri, ist("://"), trash.size);
289 istcat(&uri, phdr[H2_PHDR_IDX_AUTH], trash.size);
290 if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*")))
291 istcat(&uri, phdr[H2_PHDR_IDX_PATH], trash.size);
Willy Tarreau1440fe82019-10-08 17:34:50 +0200[diff] [blame]292 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200[diff] [blame]293
294 if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) {
295 /* we don't know if it was originally an absolute or a
296 * relative request because newer versions of HTTP use
297 * the absolute URI format by default, which we call
298 * the normalized URI format internally. This is the
299 * strongly recommended way of sending a request for
300 * a regular client, so we cannot distinguish this
301 * from a request intended for a proxy. For other
302 * schemes however there is no doubt.
303 */
304 flags |= HTX_SL_F_NORMALIZED_URI;
305 }
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]306 }
307 else {
308 /* usual schemes with or without authority, use origin form */
309 uri = phdr[H2_PHDR_IDX_PATH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200[diff] [blame]310 if (fields & H2_PHDR_FND_AUTH)
311 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]312 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]313
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]314 /* make sure the final URI isn't empty. Note that 7540#8.1.2.3 states
315 * that :path must not be empty.
316 */
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]317 if (!uri.len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]318 goto fail;
319
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]320 /* The final URI must not contain LWS nor CTL characters */
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]321 for (i = 0; i < uri.len; i++) {
322 unsigned char c = uri.ptr[i];
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100[diff] [blame]323 if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c))
324 htx->flags |= HTX_FL_PARSING_ERROR;
325 }
326
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]327 /* Set HTX start-line flags */
328 flags |= HTX_SL_F_VER_11; // V2 in fact
329 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
330
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100[diff] [blame]331 sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, meth_sl, uri, ist("HTTP/2.0"));
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]332 if (!sl)
333 goto fail;
334
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100[diff] [blame]335 sl->info.req.meth = find_http_meth(meth_sl.ptr, meth_sl.len);
Christopher Faulet7d247f02020-12-02 14:26:36 +0100[diff] [blame]336 if (sl->info.req.meth == HTTP_METH_HEAD)
337 *msgf |= H2_MSGF_BODYLESS_RSP;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]338 return sl;
339 fail:
340 return NULL;
341}
342
343/* Takes an H2 request present in the headers list <list> terminated by a name
344 * being <NULL,0> and emits the equivalent HTX request according to the rules
345 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
346 * non-zero is returned if some bytes were emitted. In case of error, a
347 * negative error code is returned.
348 *
349 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
350 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
351 * if a body is detected (!ES).
352 *
353 * The headers list <list> must be composed of :
354 * - n.name != NULL, n.len > 0 : literal header name
355 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
356 * among H2_PHDR_IDX_*
357 * - n.name ignored, n.len == 0 : end of list
358 * - in all cases except the end of list, v.name and v.len must designate a
359 * valid value.
360 *
361 * The Cookie header will be reassembled at the end, and for this, the <list>
362 * will be used to create a linked list, so its contents may be destroyed.
363 */
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100[diff] [blame]364int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]365{
366 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
367 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
368 uint32_t idx;
369 int ck, lck; /* cookie index and last cookie index */
370 int phdr;
371 int ret;
372 int i;
373 struct htx_sl *sl = NULL;
374 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]375 const char *ctl;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]376
377 lck = ck = -1; // no cookie for now
378 fields = 0;
379 for (idx = 0; list[idx].n.len != 0; idx++) {
380 if (!list[idx].n.ptr) {
381 /* this is an indexed pseudo-header */
382 phdr = list[idx].n.len;
383 }
384 else {
385 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]386 /* RFC7540#8.1.2: upper case not allowed in header field names.
387 * #10.3: header names must be valid (i.e. match a token).
388 * For pseudo-headers we check from 2nd char and for other ones
389 * from the first char, because HTTP_IS_TOKEN() also excludes
390 * the colon.
391 */
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]392 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]393
394 for (i = !!phdr; i < list[idx].n.len; i++)
395 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
396 goto fail;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]397 }
398
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]399 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
400 * rejecting NUL, CR and LF characters.
401 */
402 ctl = ist_find_ctl(list[idx].v);
403 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
404 goto fail;
405
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]406 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
407 /* insert a pseudo header by its index (in phdr) and value (in value) */
408 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
409 if (fields & H2_PHDR_FND_NONE) {
410 /* pseudo header field after regular headers */
411 goto fail;
412 }
413 else {
414 /* repeated pseudo header field */
415 goto fail;
416 }
417 }
418 fields |= 1 << phdr;
419 phdr_val[phdr] = list[idx].v;
420 continue;
421 }
422 else if (phdr != 0) {
423 /* invalid pseudo header -- should never happen here */
424 goto fail;
425 }
426
427 /* regular header field in (name,value) */
428 if (unlikely(!(fields & H2_PHDR_FND_NONE))) {
429 /* no more pseudo-headers, time to build the request line */
430 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
431 if (!sl)
432 goto fail;
433 fields |= H2_PHDR_FND_NONE;
434 }
435
436 if (isteq(list[idx].n, ist("host")))
437 fields |= H2_PHDR_FND_HOST;
438
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]439 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100[diff] [blame]440 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]441 if (ret < 0)
442 goto fail;
443
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]444 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]445 if (ret == 0)
446 continue; // skip this duplicate
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]447 }
448
449 /* these ones are forbidden in requests (RFC7540#8.1.2.2) */
450 if (isteq(list[idx].n, ist("connection")) ||
451 isteq(list[idx].n, ist("proxy-connection")) ||
452 isteq(list[idx].n, ist("keep-alive")) ||
453 isteq(list[idx].n, ist("upgrade")) ||
454 isteq(list[idx].n, ist("transfer-encoding")))
455 goto fail;
456
457 if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers")))
458 goto fail;
459
460 /* cookie requires special processing at the end */
461 if (isteq(list[idx].n, ist("cookie"))) {
462 list[idx].n.len = -1;
463
464 if (ck < 0)
465 ck = idx;
466 else
467 list[lck].n.len = idx;
468
469 lck = idx;
470 continue;
471 }
472
473 if (!htx_add_header(htx, list[idx].n, list[idx].v))
474 goto fail;
475 }
476
477 /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */
478 if (fields & H2_PHDR_FND_STAT)
479 goto fail;
480
481 /* Let's dump the request now if not yet emitted. */
482 if (!(fields & H2_PHDR_FND_NONE)) {
483 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
484 if (!sl)
485 goto fail;
486 }
487
Christopher Fauletd0db4232021-01-22 11:46:30 +0100[diff] [blame]488 if (*msgf & H2_MSGF_BODY_TUNNEL)
489 *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL);
490
Christopher Fauletd1ac2b92020-12-02 19:12:22 +0100[diff] [blame]491 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) ||
492 (*msgf & H2_MSGF_BODY_TUNNEL)) {
493 /* Request without body or tunnel requested */
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100[diff] [blame]494 sl_flags |= HTX_SL_F_BODYLESS;
Christopher Fauletd1ac2b92020-12-02 19:12:22 +0100[diff] [blame]495 htx->flags |= HTX_FL_EOM;
496 }
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100[diff] [blame]497
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100[diff] [blame]498 if (*msgf & H2_MSGF_EXT_CONNECT) {
499 if (!htx_add_header(htx, ist("upgrade"), phdr_val[H2_PHDR_IDX_PROT]))
500 goto fail;
501 if (!htx_add_header(htx, ist("connection"), ist("upgrade")))
502 goto fail;
503 sl_flags |= HTX_SL_F_CONN_UPG;
504 }
505
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]506 /* update the start line with last detected header info */
507 sl->flags |= sl_flags;
508
509 /* complete with missing Host if needed */
510 if ((fields & (H2_PHDR_FND_HOST|H2_PHDR_FND_AUTH)) == H2_PHDR_FND_AUTH) {
511 /* missing Host field, use :authority instead */
512 if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH]))
513 goto fail;
514 }
515
516 /* now we may have to build a cookie list. We'll dump the values of all
517 * visited headers.
518 */
519 if (ck >= 0) {
520 uint32_t fs; // free space
521 uint32_t bs; // block size
522 uint32_t vl; // value len
Willy Tarreau164e0612018-12-18 11:00:41 +0100[diff] [blame]523 uint32_t tl; // total length
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]524 struct htx_blk *blk;
525
526 blk = htx_add_header(htx, ist("cookie"), list[ck].v);
527 if (!blk)
528 goto fail;
529
Willy Tarreau164e0612018-12-18 11:00:41 +0100[diff] [blame]530 tl = list[ck].v.len;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]531 fs = htx_free_data_space(htx);
532 bs = htx_get_blksz(blk);
533
534 /* for each extra cookie, we'll extend the cookie's value and
535 * insert "; " before the new value.
536 */
Willy Tarreau164e0612018-12-18 11:00:41 +0100[diff] [blame]537 fs += tl; // first one is already counted
Tim Duesterhus15683552021-03-04 23:50:13 +0100[diff] [blame]538 while ((ck = list[ck].n.len) >= 0) {
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]539 vl = list[ck].v.len;
Willy Tarreau164e0612018-12-18 11:00:41 +0100[diff] [blame]540 tl += vl + 2;
541 if (tl > fs)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]542 goto fail;
543
Christopher Faulet3e2638e2019-06-18 09:49:16 +0200[diff] [blame]544 htx_change_blk_value_len(htx, blk, tl);
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]545 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';';
546 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' ';
547 memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl);
548 bs += vl + 2;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]549 }
550
551 }
552
553 /* now send the end of headers marker */
Christopher Faulet5be651d2021-01-22 15:28:03 +0100[diff] [blame]554 if (!htx_add_endof(htx, HTX_BLK_EOH))
555 goto fail;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]556
Amaury Denoyelle03534102021-07-07 10:49:28 +0200[diff] [blame]557 /* proceed to scheme-based normalization on target-URI */
558 if (fields & H2_PHDR_FND_SCHM)
559 http_scheme_based_normalize(htx);
560
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]561 ret = 1;
562 return ret;
563
564 fail:
565 return -1;
566}
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]567
568/* Prepare the status line into <htx> from pseudo headers stored in <phdr[]>.
569 * <fields> indicates what was found so far. This should be called once at the
570 * detection of the first general header field or at the end of the message if
571 * no general header field was found yet. Returns the created start line on
572 * success, or NULL on failure. Upon success, <msgf> is updated with a few
573 * H2_MSGF_* flags indicating what was found while parsing.
574 */
575static struct htx_sl *h2_prepare_htx_stsline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
576{
Christopher Faulet89899422020-12-07 18:24:43 +0100[diff] [blame]577 unsigned int status, flags = HTX_SL_F_NONE;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]578 struct htx_sl *sl;
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]579 struct ist stat;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]580
581 /* only :status is allowed as a pseudo header */
582 if (!(fields & H2_PHDR_FND_STAT))
583 goto fail;
584
585 if (phdr[H2_PHDR_IDX_STAT].len != 3)
586 goto fail;
587
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]588 /* if Extended CONNECT is used, convert status code from 200 to htx 101
589 * following rfc 8441 */
590 if (unlikely(*msgf & H2_MSGF_EXT_CONNECT) &&
591 isteq(phdr[H2_PHDR_IDX_STAT], ist("200"))) {
592 stat = ist("101");
593 status = 101;
594 }
595 else {
596 unsigned char h, t, u;
597
598 stat = phdr[H2_PHDR_IDX_STAT];
599
600 h = stat.ptr[0] - '0';
601 t = stat.ptr[1] - '0';
602 u = stat.ptr[2] - '0';
603 if (h > 9 || t > 9 || u > 9)
604 goto fail;
605 status = h * 100 + t * 10 + u;
606 }
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]607
Christopher Faulet89899422020-12-07 18:24:43 +0100[diff] [blame]608 /* 101 responses are not supported in H2, so return a error.
609 * On 1xx responses there is no ES on the HEADERS frame but there is no
610 * body. So remove the flag H2_MSGF_BODY and add H2_MSGF_RSP_1XX to
611 * notify the decoder another HEADERS frame is expected.
Ilya Shipitsinacf84592021-02-06 22:29:08 +0500[diff] [blame]612 * 204/304 response have no body by definition. So remove the flag
Christopher Faulet7d247f02020-12-02 14:26:36 +0100[diff] [blame]613 * H2_MSGF_BODY and set H2_MSGF_BODYLESS_RSP.
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]614 *
615 * Note however that there is a special condition for Extended CONNECT.
616 * In this case, we explicitly convert it to HTX 101 to mimic
617 * Get+Upgrade HTTP/1.1 mechanism
Christopher Faulet0b465482019-02-19 15:14:23 +0100[diff] [blame]618 */
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]619 if (status == 101) {
620 if (!(*msgf & H2_MSGF_EXT_CONNECT))
621 goto fail;
622 }
Christopher Faulet89899422020-12-07 18:24:43 +0100[diff] [blame]623 else if (status < 200) {
Christopher Faulet0b465482019-02-19 15:14:23 +0100[diff] [blame]624 *msgf |= H2_MSGF_RSP_1XX;
625 *msgf &= ~H2_MSGF_BODY;
626 }
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]627 else if (status == 204 || status == 304) {
Christopher Faulet7d247f02020-12-02 14:26:36 +0100[diff] [blame]628 *msgf &= ~H2_MSGF_BODY;
629 *msgf |= H2_MSGF_BODYLESS_RSP;
630 }
Christopher Faulet0b465482019-02-19 15:14:23 +0100[diff] [blame]631
Christopher Faulet89899422020-12-07 18:24:43 +0100[diff] [blame]632 /* Set HTX start-line flags */
633 flags |= HTX_SL_F_VER_11; // V2 in fact
634 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
635
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]636 sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, ist("HTTP/2.0"), stat, ist(""));
Christopher Faulet89899422020-12-07 18:24:43 +0100[diff] [blame]637 if (!sl)
638 goto fail;
639 sl->info.res.status = status;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]640 return sl;
641 fail:
642 return NULL;
643}
644
645/* Takes an H2 response present in the headers list <list> terminated by a name
646 * being <NULL,0> and emits the equivalent HTX response according to the rules
647 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
648 * a positive value is returned if some bytes were emitted. In case of error, a
649 * negative error code is returned.
650 *
651 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
652 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
653 * if a body is detected (!ES).
654 *
655 * The headers list <list> must be composed of :
656 * - n.name != NULL, n.len > 0 : literal header name
657 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
658 * among H2_PHDR_IDX_*
659 * - n.name ignored, n.len == 0 : end of list
660 * - in all cases except the end of list, v.name and v.len must designate a
661 * valid value.
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]662 *
663 * <upgrade_protocol> is only used if the htx status code is 101 indicating a
664 * response to an upgrade or h2-equivalent request.
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]665 */
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]666int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len, char *upgrade_protocol)
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]667{
668 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
669 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
670 uint32_t idx;
671 int phdr;
672 int ret;
673 int i;
674 struct htx_sl *sl = NULL;
675 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]676 const char *ctl;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]677
678 fields = 0;
679 for (idx = 0; list[idx].n.len != 0; idx++) {
680 if (!list[idx].n.ptr) {
681 /* this is an indexed pseudo-header */
682 phdr = list[idx].n.len;
683 }
684 else {
685 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]686 /* RFC7540#8.1.2: upper case not allowed in header field names.
687 * #10.3: header names must be valid (i.e. match a token).
688 * For pseudo-headers we check from 2nd char and for other ones
689 * from the first char, because HTTP_IS_TOKEN() also excludes
690 * the colon.
691 */
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]692 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]693
694 for (i = !!phdr; i < list[idx].n.len; i++)
695 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
696 goto fail;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]697 }
698
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]699 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
700 * rejecting NUL, CR and LF characters.
701 */
702 ctl = ist_find_ctl(list[idx].v);
703 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
704 goto fail;
705
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]706 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
707 /* insert a pseudo header by its index (in phdr) and value (in value) */
708 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
709 if (fields & H2_PHDR_FND_NONE) {
710 /* pseudo header field after regular headers */
711 goto fail;
712 }
713 else {
714 /* repeated pseudo header field */
715 goto fail;
716 }
717 }
718 fields |= 1 << phdr;
719 phdr_val[phdr] = list[idx].v;
720 continue;
721 }
722 else if (phdr != 0) {
723 /* invalid pseudo header -- should never happen here */
724 goto fail;
725 }
726
727 /* regular header field in (name,value) */
728 if (!(fields & H2_PHDR_FND_NONE)) {
729 /* no more pseudo-headers, time to build the status line */
730 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
731 if (!sl)
732 goto fail;
733 fields |= H2_PHDR_FND_NONE;
734 }
735
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]736 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100[diff] [blame]737 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]738 if (ret < 0)
739 goto fail;
740
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]741 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]742 if (ret == 0)
743 continue; // skip this duplicate
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]744 }
745
746 /* these ones are forbidden in responses (RFC7540#8.1.2.2) */
747 if (isteq(list[idx].n, ist("connection")) ||
748 isteq(list[idx].n, ist("proxy-connection")) ||
749 isteq(list[idx].n, ist("keep-alive")) ||
750 isteq(list[idx].n, ist("upgrade")) ||
751 isteq(list[idx].n, ist("transfer-encoding")))
752 goto fail;
753
754 if (!htx_add_header(htx, list[idx].n, list[idx].v))
755 goto fail;
756 }
757
758 /* RFC7540#8.1.2.1 mandates to reject request pseudo-headers */
759 if (fields & (H2_PHDR_FND_AUTH|H2_PHDR_FND_METH|H2_PHDR_FND_PATH|H2_PHDR_FND_SCHM))
760 goto fail;
761
762 /* Let's dump the request now if not yet emitted. */
763 if (!(fields & H2_PHDR_FND_NONE)) {
764 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
765 if (!sl)
766 goto fail;
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]767 }
768
769 if (sl->info.res.status == 101 && upgrade_protocol) {
770 if (!htx_add_header(htx, ist("connection"), ist("upgrade")))
771 goto fail;
772 if (!htx_add_header(htx, ist("upgrade"), ist(upgrade_protocol)))
773 goto fail;
774 sl_flags |= HTX_SL_F_CONN_UPG;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]775 }
776
Amaury Denoyelle74162742020-12-11 17:53:05 +0100[diff] [blame]777 if ((*msgf & H2_MSGF_BODY_TUNNEL) &&
778 ((sl->info.res.status >= 200 && sl->info.res.status < 300) || sl->info.res.status == 101))
Christopher Fauletd0db4232021-01-22 11:46:30 +0100[diff] [blame]779 *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL);
780 else
781 *msgf &= ~H2_MSGF_BODY_TUNNEL;
782
Christopher Fauletd1ac2b92020-12-02 19:12:22 +0100[diff] [blame]783 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) ||
784 (*msgf & H2_MSGF_BODY_TUNNEL)) {
Ilya Shipitsinacf84592021-02-06 22:29:08 +0500[diff] [blame]785 /* Response without body or tunnel successfully established */
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100[diff] [blame]786 sl_flags |= HTX_SL_F_BODYLESS;
Christopher Fauletd1ac2b92020-12-02 19:12:22 +0100[diff] [blame]787 htx->flags |= HTX_FL_EOM;
788 }
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100[diff] [blame]789
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]790 /* update the start line with last detected header info */
791 sl->flags |= sl_flags;
792
793 if ((*msgf & (H2_MSGF_BODY|H2_MSGF_BODY_TUNNEL|H2_MSGF_BODY_CL)) == H2_MSGF_BODY) {
794 /* FIXME: Do we need to signal anything when we have a body and
795 * no content-length, to have the equivalent of H1's chunked
796 * encoding?
797 */
798 }
799
800 /* now send the end of headers marker */
Christopher Faulet5be651d2021-01-22 15:28:03 +0100[diff] [blame]801 if (!htx_add_endof(htx, HTX_BLK_EOH))
802 goto fail;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]803
804 ret = 1;
805 return ret;
806
807 fail:
808 return -1;
809}
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]810
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200[diff] [blame]811/* Takes an H2 headers list <list> terminated by a name being <NULL,0> and emits
812 * the equivalent HTX trailers blocks. The output contents are emitted in <htx>,
813 * and a positive value is returned if some bytes were emitted. In case of
814 * error, a negative error code is returned. The caller must have verified that
815 * the message in the buffer is compatible with receipt of trailers.
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]816 *
817 * The headers list <list> must be composed of :
818 * - n.name != NULL, n.len > 0 : literal header name
819 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
820 * among H2_PHDR_IDX_* (illegal here)
821 * - n.name ignored, n.len == 0 : end of list
822 * - in all cases except the end of list, v.name and v.len must designate a
823 * valid value.
824 */
825int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx)
826{
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]827 const char *ctl;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]828 uint32_t idx;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]829 int i;
830
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]831 for (idx = 0; list[idx].n.len != 0; idx++) {
832 if (!list[idx].n.ptr) {
833 /* This is an indexed pseudo-header (RFC7540#8.1.2.1) */
834 goto fail;
835 }
836
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]837 /* RFC7540#8.1.2: upper case not allowed in header field names.
838 * #10.3: header names must be valid (i.e. match a token). This
839 * also catches pseudo-headers which are forbidden in trailers.
840 */
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]841 for (i = 0; i < list[idx].n.len; i++)
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]842 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]843 goto fail;
844
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]845 /* these ones are forbidden in trailers (RFC7540#8.1.2.2) */
846 if (isteq(list[idx].n, ist("host")) ||
847 isteq(list[idx].n, ist("content-length")) ||
848 isteq(list[idx].n, ist("connection")) ||
849 isteq(list[idx].n, ist("proxy-connection")) ||
850 isteq(list[idx].n, ist("keep-alive")) ||
851 isteq(list[idx].n, ist("upgrade")) ||
852 isteq(list[idx].n, ist("te")) ||
853 isteq(list[idx].n, ist("transfer-encoding")))
854 goto fail;
855
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]856 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
857 * rejecting NUL, CR and LF characters.
858 */
859 ctl = ist_find_ctl(list[idx].v);
860 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
861 goto fail;
862
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200[diff] [blame]863 if (!htx_add_trailer(htx, list[idx].n, list[idx].v))
864 goto fail;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]865 }
866
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200[diff] [blame]867 if (!htx_add_endof(htx, HTX_BLK_EOT))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]868 goto fail;
869
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]870 return 1;
871
872 fail:
873 return -1;
874}