blob: 53cb0d34a21cd3d11258bb5c9192113e2d2b4126 [file] [log] [blame]
Willy Tarreauf24ea8e2017-11-21 19:55:27 +01001/*
2 * HTTP/2 protocol processing
3 *
4 * Copyright 2017 Willy Tarreau <w@1wt.eu>
5 * Copyright (C) 2017 HAProxy Technologies
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining
8 * a copy of this software and associated documentation files (the
9 * "Software"), to deal in the Software without restriction, including
10 * without limitation the rights to use, copy, modify, merge, publish,
11 * distribute, sublicense, and/or sell copies of the Software, and to
12 * permit persons to whom the Software is furnished to do so, subject to
13 * the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be
16 * included in all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
20 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
23 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
26 */
27
Willy Tarreaua1bd1fa2019-03-29 17:26:33 +010028#include <inttypes.h>
Willy Tarreauf24ea8e2017-11-21 19:55:27 +010029#include <common/config.h>
30#include <common/h2.h>
31#include <common/http-hdr.h>
32#include <common/ist.h>
Willy Tarreau92919f72019-10-08 16:53:07 +020033#include <types/global.h>
Willy Tarreauf24ea8e2017-11-21 19:55:27 +010034
Willy Tarreau9c84d822019-01-30 15:09:21 +010035struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = {
36 [H2_FT_DATA ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
37 [H2_FT_HEADERS ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 1, .max_len = H2_MAX_FRAME_LEN, },
38 [H2_FT_PRIORITY ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 5, .max_len = 5, },
39 [H2_FT_RST_STREAM ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
40 [H2_FT_SETTINGS ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
41 [H2_FT_PUSH_PROMISE ] = { .dir = 0, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = H2_MAX_FRAME_LEN, },
42 [H2_FT_PING ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = 8, },
43 [H2_FT_GOAWAY ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = H2_MAX_FRAME_LEN, },
44 [H2_FT_WINDOW_UPDATE] = { .dir = 3, .min_id = 0, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
45 [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
46};
Willy Tarreauf24ea8e2017-11-21 19:55:27 +010047
Willy Tarreau54f53ef2019-11-22 16:02:43 +010048/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A,
49 * 0x0D), starting at pointer <start> which must be within <ist>. Returns
50 * non-zero if such a character is found, 0 otherwise. When run on unlikely
51 * header match, it's recommended to first check for the presence of control
52 * chars using ist_find_ctl().
53 */
54static int has_forbidden_char(const struct ist ist, const char *start)
55{
56 do {
57 if ((uint8_t)*start <= 0x0d &&
58 (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0)))
59 return 1;
60 start++;
61 } while (start < ist.ptr + ist.len);
62 return 0;
63}
64
Willy Tarreaubeefaee2018-12-19 13:08:08 +010065/* Parse the Content-Length header field of an HTTP/2 request. The function
66 * checks all possible occurrences of a comma-delimited value, and verifies
67 * if any of them doesn't match a previous value. It returns <0 if a value
68 * differs, 0 if the whole header can be dropped (i.e. already known), or >0
69 * if the value can be indexed (first one). In the last case, the value might
70 * be adjusted and the caller must only add the updated value.
71 */
72int h2_parse_cont_len_header(unsigned int *msgf, struct ist *value, unsigned long long *body_len)
73{
74 char *e, *n;
75 unsigned long long cl;
76 int not_first = !!(*msgf & H2_MSGF_BODY_CL);
77 struct ist word;
78
79 word.ptr = value->ptr - 1; // -1 for next loop's pre-increment
80 e = value->ptr + value->len;
81
82 while (++word.ptr < e) {
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +050083 /* skip leading delimiter and blanks */
Willy Tarreaubeefaee2018-12-19 13:08:08 +010084 if (unlikely(HTTP_IS_LWS(*word.ptr)))
85 continue;
86
87 /* digits only now */
88 for (cl = 0, n = word.ptr; n < e; n++) {
89 unsigned int c = *n - '0';
90 if (unlikely(c > 9)) {
91 /* non-digit */
92 if (unlikely(n == word.ptr)) // spaces only
93 goto fail;
94 break;
95 }
96 if (unlikely(cl > ULLONG_MAX / 10ULL))
97 goto fail; /* multiply overflow */
98 cl = cl * 10ULL;
99 if (unlikely(cl + c < cl))
100 goto fail; /* addition overflow */
101 cl = cl + c;
102 }
103
104 /* keep a copy of the exact cleaned value */
105 word.len = n - word.ptr;
106
107 /* skip trailing LWS till next comma or EOL */
108 for (; n < e; n++) {
109 if (!HTTP_IS_LWS(*n)) {
110 if (unlikely(*n != ','))
111 goto fail;
112 break;
113 }
114 }
115
116 /* if duplicate, must be equal */
117 if (*msgf & H2_MSGF_BODY_CL && cl != *body_len)
118 goto fail;
119
120 /* OK, store this result as the one to be indexed */
121 *msgf |= H2_MSGF_BODY_CL;
122 *body_len = cl;
123 *value = word;
124 word.ptr = n;
125 }
126 /* here we've reached the end with a single value or a series of
127 * identical values, all matching previous series if any. The last
128 * parsed value was sent back into <value>. We just have to decide
129 * if this occurrence has to be indexed (it's the first one) or
130 * silently skipped (it's not the first one)
131 */
132 return !not_first;
133 fail:
134 return -1;
135}
136
Willy Tarreau6deb4122018-11-27 15:34:18 +0100137/* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>.
138 * <fields> indicates what was found so far. This should be called once at the
139 * detection of the first general header field or at the end of the request if
140 * no general header field was found yet. Returns the created start line on
141 * success, or NULL on failure. Upon success, <msgf> is updated with a few
142 * H2_MSGF_* flags indicating what was found while parsing.
Willy Tarreau2be362c2019-10-08 11:59:37 +0200143 *
144 * The rules below deserve a bit of explanation. There tends to be some
145 * confusion regarding H2's authority vs the Host header. They are different
146 * though may sometimes be exchanged. In H2, the request line is broken into :
147 * - :method
148 * - :scheme
149 * - :authority
150 * - :path
151 *
152 * An equivalent HTTP/1.x absolute-form request would then look like :
153 * <:method> <:scheme>://<:authority><:path> HTTP/x.y
154 *
155 * Except for CONNECT which doesn't have scheme nor path and looks like :
156 * <:method> <:authority> HTTP/x.y
157 *
158 * It's worth noting that H2 still supports an encoding to map H1 origin-form
159 * and asterisk-form requests. These ones do not specify the authority. However
160 * in H2 they must still specify the scheme, which is not present in H1. Also,
161 * when encoding an absolute-form H1 request without a path, the path
162 * automatically becomes "/" except for the OPTIONS method where it
163 * becomes "*".
164 *
165 * As such it is explicitly permitted for an H2 client to send a request
166 * featuring a Host header and no :authority, though it's not the recommended
167 * way to use H2 for a client. It is however the only permitted way to encode
168 * an origin-form H1 request over H2. Thus we need to respect such differences
169 * as much as possible when re-encoding the H2 request into HTX.
Willy Tarreau6deb4122018-11-27 15:34:18 +0100170 */
171static struct htx_sl *h2_prepare_htx_reqline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
172{
Willy Tarreau92919f72019-10-08 16:53:07 +0200173 struct ist uri;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100174 unsigned int flags = HTX_SL_F_NONE;
175 struct htx_sl *sl;
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100176 size_t i;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100177
178 if ((fields & H2_PHDR_FND_METH) && isteq(phdr[H2_PHDR_IDX_METH], ist("CONNECT"))) {
179 /* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path"
180 * MUST be omitted ; ":authority" contains the host and port
181 * to connect to.
182 */
183 if (fields & H2_PHDR_FND_SCHM) {
184 /* scheme not allowed */
185 goto fail;
186 }
187 else if (fields & H2_PHDR_FND_PATH) {
188 /* path not allowed */
189 goto fail;
190 }
191 else if (!(fields & H2_PHDR_FND_AUTH)) {
192 /* missing authority */
193 goto fail;
194 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100195 *msgf |= H2_MSGF_BODY_TUNNEL;
196 }
197 else if ((fields & (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) !=
198 (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) {
199 /* RFC 7540 #8.1.2.3 : all requests MUST include exactly one
200 * valid value for the ":method", ":scheme" and ":path" phdr
201 * unless it is a CONNECT request.
202 */
203 if (!(fields & H2_PHDR_FND_METH)) {
204 /* missing method */
205 goto fail;
206 }
207 else if (!(fields & H2_PHDR_FND_SCHM)) {
208 /* missing scheme */
209 goto fail;
210 }
211 else {
212 /* missing path */
213 goto fail;
214 }
215 }
Willy Tarreau2be362c2019-10-08 11:59:37 +0200216 else { /* regular methods */
Willy Tarreau92919f72019-10-08 16:53:07 +0200217 /* RFC3986#6.2.2.1: scheme is case-insensitive. We need to
218 * classify the scheme as "present/http", "present/https",
219 * "present/other", "absent" so as to decide whether or not
220 * we're facing a normalized URI that will have to be encoded
221 * in origin or absolute form. Indeed, 7540#8.1.2.3 says that
222 * clients should use the absolute form, thus we cannot infer
223 * whether or not the client wanted to use a proxy here.
224 */
225 flags |= HTX_SL_F_HAS_SCHM;
226 if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http")))
227 flags |= HTX_SL_F_SCHM_HTTP;
228 else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https")))
229 flags |= HTX_SL_F_SCHM_HTTPS;
230 }
231
232 if (!(flags & HTX_SL_F_HAS_SCHM)) {
233 /* no scheme, use authority only (CONNECT) */
234 uri = phdr[H2_PHDR_IDX_AUTH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200235 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau92919f72019-10-08 16:53:07 +0200236 }
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200237 else if (fields & H2_PHDR_FND_AUTH) {
238 /* authority is present, let's use the absolute form. We simply
239 * use the trash to concatenate them since all of them MUST fit
240 * in a bufsize since it's where they come from.
Willy Tarreau92919f72019-10-08 16:53:07 +0200241 */
Willy Tarreaufd2658c2020-02-26 13:51:38 +0100242 if (unlikely(!phdr[H2_PHDR_IDX_PATH].len))
243 goto fail; // 7540#8.1.2.3: :path must not be empty
244
Willy Tarreau92919f72019-10-08 16:53:07 +0200245 uri = ist2bin(trash.area, phdr[H2_PHDR_IDX_SCHM]);
246 istcat(&uri, ist("://"), trash.size);
247 istcat(&uri, phdr[H2_PHDR_IDX_AUTH], trash.size);
248 if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*")))
249 istcat(&uri, phdr[H2_PHDR_IDX_PATH], trash.size);
Willy Tarreau1440fe82019-10-08 17:34:50 +0200250 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200251
252 if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) {
253 /* we don't know if it was originally an absolute or a
254 * relative request because newer versions of HTTP use
255 * the absolute URI format by default, which we call
256 * the normalized URI format internally. This is the
257 * strongly recommended way of sending a request for
258 * a regular client, so we cannot distinguish this
259 * from a request intended for a proxy. For other
260 * schemes however there is no doubt.
261 */
262 flags |= HTX_SL_F_NORMALIZED_URI;
263 }
Willy Tarreau92919f72019-10-08 16:53:07 +0200264 }
265 else {
266 /* usual schemes with or without authority, use origin form */
267 uri = phdr[H2_PHDR_IDX_PATH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200268 if (fields & H2_PHDR_FND_AUTH)
269 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau2be362c2019-10-08 11:59:37 +0200270 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100271
Willy Tarreau2be362c2019-10-08 11:59:37 +0200272 /* make sure the final URI isn't empty. Note that 7540#8.1.2.3 states
273 * that :path must not be empty.
274 */
Willy Tarreau92919f72019-10-08 16:53:07 +0200275 if (!uri.len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100276 goto fail;
277
Willy Tarreau2be362c2019-10-08 11:59:37 +0200278 /* The final URI must not contain LWS nor CTL characters */
Willy Tarreau92919f72019-10-08 16:53:07 +0200279 for (i = 0; i < uri.len; i++) {
280 unsigned char c = uri.ptr[i];
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100281 if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c))
282 htx->flags |= HTX_FL_PARSING_ERROR;
283 }
284
Willy Tarreau6deb4122018-11-27 15:34:18 +0100285 /* Set HTX start-line flags */
286 flags |= HTX_SL_F_VER_11; // V2 in fact
287 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
288
Willy Tarreau92919f72019-10-08 16:53:07 +0200289 sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, phdr[H2_PHDR_IDX_METH], uri, ist("HTTP/2.0"));
Willy Tarreau6deb4122018-11-27 15:34:18 +0100290 if (!sl)
291 goto fail;
292
293 sl->info.req.meth = find_http_meth(phdr[H2_PHDR_IDX_METH].ptr, phdr[H2_PHDR_IDX_METH].len);
294 return sl;
295 fail:
296 return NULL;
297}
298
299/* Takes an H2 request present in the headers list <list> terminated by a name
300 * being <NULL,0> and emits the equivalent HTX request according to the rules
301 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
302 * non-zero is returned if some bytes were emitted. In case of error, a
303 * negative error code is returned.
304 *
305 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
306 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
307 * if a body is detected (!ES).
308 *
309 * The headers list <list> must be composed of :
310 * - n.name != NULL, n.len > 0 : literal header name
311 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
312 * among H2_PHDR_IDX_*
313 * - n.name ignored, n.len == 0 : end of list
314 * - in all cases except the end of list, v.name and v.len must designate a
315 * valid value.
316 *
317 * The Cookie header will be reassembled at the end, and for this, the <list>
318 * will be used to create a linked list, so its contents may be destroyed.
319 */
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100320int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100321{
322 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
323 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
324 uint32_t idx;
325 int ck, lck; /* cookie index and last cookie index */
326 int phdr;
327 int ret;
328 int i;
Christopher Faulet33543e72019-05-15 15:53:20 +0200329 uint32_t used = htx_used_space(htx);
Willy Tarreau6deb4122018-11-27 15:34:18 +0100330 struct htx_sl *sl = NULL;
331 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100332 const char *ctl;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100333
334 lck = ck = -1; // no cookie for now
335 fields = 0;
336 for (idx = 0; list[idx].n.len != 0; idx++) {
337 if (!list[idx].n.ptr) {
338 /* this is an indexed pseudo-header */
339 phdr = list[idx].n.len;
340 }
341 else {
342 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100343 /* RFC7540#8.1.2: upper case not allowed in header field names.
344 * #10.3: header names must be valid (i.e. match a token).
345 * For pseudo-headers we check from 2nd char and for other ones
346 * from the first char, because HTTP_IS_TOKEN() also excludes
347 * the colon.
348 */
Willy Tarreau6deb4122018-11-27 15:34:18 +0100349 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100350
351 for (i = !!phdr; i < list[idx].n.len; i++)
352 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
353 goto fail;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100354 }
355
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100356 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
357 * rejecting NUL, CR and LF characters.
358 */
359 ctl = ist_find_ctl(list[idx].v);
360 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
361 goto fail;
362
Willy Tarreau6deb4122018-11-27 15:34:18 +0100363 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
364 /* insert a pseudo header by its index (in phdr) and value (in value) */
365 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
366 if (fields & H2_PHDR_FND_NONE) {
367 /* pseudo header field after regular headers */
368 goto fail;
369 }
370 else {
371 /* repeated pseudo header field */
372 goto fail;
373 }
374 }
375 fields |= 1 << phdr;
376 phdr_val[phdr] = list[idx].v;
377 continue;
378 }
379 else if (phdr != 0) {
380 /* invalid pseudo header -- should never happen here */
381 goto fail;
382 }
383
384 /* regular header field in (name,value) */
385 if (unlikely(!(fields & H2_PHDR_FND_NONE))) {
386 /* no more pseudo-headers, time to build the request line */
387 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
388 if (!sl)
389 goto fail;
390 fields |= H2_PHDR_FND_NONE;
391 }
392
393 if (isteq(list[idx].n, ist("host")))
394 fields |= H2_PHDR_FND_HOST;
395
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100396 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100397 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100398 if (ret < 0)
399 goto fail;
400
Willy Tarreau6deb4122018-11-27 15:34:18 +0100401 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100402 if (ret == 0)
403 continue; // skip this duplicate
Willy Tarreau6deb4122018-11-27 15:34:18 +0100404 }
405
406 /* these ones are forbidden in requests (RFC7540#8.1.2.2) */
407 if (isteq(list[idx].n, ist("connection")) ||
408 isteq(list[idx].n, ist("proxy-connection")) ||
409 isteq(list[idx].n, ist("keep-alive")) ||
410 isteq(list[idx].n, ist("upgrade")) ||
411 isteq(list[idx].n, ist("transfer-encoding")))
412 goto fail;
413
414 if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers")))
415 goto fail;
416
417 /* cookie requires special processing at the end */
418 if (isteq(list[idx].n, ist("cookie"))) {
419 list[idx].n.len = -1;
420
421 if (ck < 0)
422 ck = idx;
423 else
424 list[lck].n.len = idx;
425
426 lck = idx;
427 continue;
428 }
429
430 if (!htx_add_header(htx, list[idx].n, list[idx].v))
431 goto fail;
432 }
433
434 /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */
435 if (fields & H2_PHDR_FND_STAT)
436 goto fail;
437
438 /* Let's dump the request now if not yet emitted. */
439 if (!(fields & H2_PHDR_FND_NONE)) {
440 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
441 if (!sl)
442 goto fail;
443 }
444
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100445 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0))
446 sl_flags |= HTX_SL_F_BODYLESS;
447
Willy Tarreau6deb4122018-11-27 15:34:18 +0100448 /* update the start line with last detected header info */
449 sl->flags |= sl_flags;
450
451 /* complete with missing Host if needed */
452 if ((fields & (H2_PHDR_FND_HOST|H2_PHDR_FND_AUTH)) == H2_PHDR_FND_AUTH) {
453 /* missing Host field, use :authority instead */
454 if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH]))
455 goto fail;
456 }
457
458 /* now we may have to build a cookie list. We'll dump the values of all
459 * visited headers.
460 */
461 if (ck >= 0) {
462 uint32_t fs; // free space
463 uint32_t bs; // block size
464 uint32_t vl; // value len
Willy Tarreau164e0612018-12-18 11:00:41 +0100465 uint32_t tl; // total length
Willy Tarreau6deb4122018-11-27 15:34:18 +0100466 struct htx_blk *blk;
467
468 blk = htx_add_header(htx, ist("cookie"), list[ck].v);
469 if (!blk)
470 goto fail;
471
Willy Tarreau164e0612018-12-18 11:00:41 +0100472 tl = list[ck].v.len;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100473 fs = htx_free_data_space(htx);
474 bs = htx_get_blksz(blk);
475
476 /* for each extra cookie, we'll extend the cookie's value and
477 * insert "; " before the new value.
478 */
Willy Tarreau164e0612018-12-18 11:00:41 +0100479 fs += tl; // first one is already counted
480 for (; (ck = list[ck].n.len) >= 0 ; ) {
Willy Tarreau6deb4122018-11-27 15:34:18 +0100481 vl = list[ck].v.len;
Willy Tarreau164e0612018-12-18 11:00:41 +0100482 tl += vl + 2;
483 if (tl > fs)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100484 goto fail;
485
Christopher Faulet3e2638e2019-06-18 09:49:16 +0200486 htx_change_blk_value_len(htx, blk, tl);
Willy Tarreau6deb4122018-11-27 15:34:18 +0100487 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';';
488 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' ';
489 memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl);
490 bs += vl + 2;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100491 }
492
493 }
494
495 /* now send the end of headers marker */
496 htx_add_endof(htx, HTX_BLK_EOH);
497
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +0500498 /* Set bytes used in the HTX message for the headers now */
Christopher Faulet33543e72019-05-15 15:53:20 +0200499 sl->hdrs_bytes = htx_used_space(htx) - used;
500
Willy Tarreau6deb4122018-11-27 15:34:18 +0100501 ret = 1;
502 return ret;
503
504 fail:
505 return -1;
506}
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200507
508/* Prepare the status line into <htx> from pseudo headers stored in <phdr[]>.
509 * <fields> indicates what was found so far. This should be called once at the
510 * detection of the first general header field or at the end of the message if
511 * no general header field was found yet. Returns the created start line on
512 * success, or NULL on failure. Upon success, <msgf> is updated with a few
513 * H2_MSGF_* flags indicating what was found while parsing.
514 */
515static struct htx_sl *h2_prepare_htx_stsline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
516{
517 unsigned int flags = HTX_SL_F_NONE;
518 struct htx_sl *sl;
519 unsigned char h, t, u;
520
521 /* only :status is allowed as a pseudo header */
522 if (!(fields & H2_PHDR_FND_STAT))
523 goto fail;
524
525 if (phdr[H2_PHDR_IDX_STAT].len != 3)
526 goto fail;
527
528 /* Set HTX start-line flags */
529 flags |= HTX_SL_F_VER_11; // V2 in fact
530 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
531
532 sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, ist("HTTP/2.0"), phdr[H2_PHDR_IDX_STAT], ist(""));
533 if (!sl)
534 goto fail;
535
536 h = phdr[H2_PHDR_IDX_STAT].ptr[0] - '0';
537 t = phdr[H2_PHDR_IDX_STAT].ptr[1] - '0';
538 u = phdr[H2_PHDR_IDX_STAT].ptr[2] - '0';
539 if (h > 9 || t > 9 || u > 9)
540 goto fail;
541
542 sl->info.res.status = h * 100 + t * 10 + u;
543
Christopher Faulet0b465482019-02-19 15:14:23 +0100544 /* On 1xx responses (except 101) there is no ES on the HEADERS frame but
545 * there is no body. So remove the flag H2_MSGF_BODY and add
546 * H2_MSGF_RSP_1XX to notify the decoder another HEADERS frame is
547 * expected.
548 */
549 if (sl->info.res.status < 200 &&
550 (sl->info.res.status == 100 || sl->info.res.status >= 102)) {
551 *msgf |= H2_MSGF_RSP_1XX;
552 *msgf &= ~H2_MSGF_BODY;
553 }
554
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200555 return sl;
556 fail:
557 return NULL;
558}
559
560/* Takes an H2 response present in the headers list <list> terminated by a name
561 * being <NULL,0> and emits the equivalent HTX response according to the rules
562 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
563 * a positive value is returned if some bytes were emitted. In case of error, a
564 * negative error code is returned.
565 *
566 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
567 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
568 * if a body is detected (!ES).
569 *
570 * The headers list <list> must be composed of :
571 * - n.name != NULL, n.len > 0 : literal header name
572 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
573 * among H2_PHDR_IDX_*
574 * - n.name ignored, n.len == 0 : end of list
575 * - in all cases except the end of list, v.name and v.len must designate a
576 * valid value.
577 */
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100578int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len)
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200579{
580 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
581 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
582 uint32_t idx;
583 int phdr;
584 int ret;
585 int i;
Christopher Faulet33543e72019-05-15 15:53:20 +0200586 uint32_t used = htx_used_space(htx);
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200587 struct htx_sl *sl = NULL;
588 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100589 const char *ctl;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200590
591 fields = 0;
592 for (idx = 0; list[idx].n.len != 0; idx++) {
593 if (!list[idx].n.ptr) {
594 /* this is an indexed pseudo-header */
595 phdr = list[idx].n.len;
596 }
597 else {
598 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100599 /* RFC7540#8.1.2: upper case not allowed in header field names.
600 * #10.3: header names must be valid (i.e. match a token).
601 * For pseudo-headers we check from 2nd char and for other ones
602 * from the first char, because HTTP_IS_TOKEN() also excludes
603 * the colon.
604 */
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200605 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100606
607 for (i = !!phdr; i < list[idx].n.len; i++)
608 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
609 goto fail;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200610 }
611
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100612 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
613 * rejecting NUL, CR and LF characters.
614 */
615 ctl = ist_find_ctl(list[idx].v);
616 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
617 goto fail;
618
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200619 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
620 /* insert a pseudo header by its index (in phdr) and value (in value) */
621 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
622 if (fields & H2_PHDR_FND_NONE) {
623 /* pseudo header field after regular headers */
624 goto fail;
625 }
626 else {
627 /* repeated pseudo header field */
628 goto fail;
629 }
630 }
631 fields |= 1 << phdr;
632 phdr_val[phdr] = list[idx].v;
633 continue;
634 }
635 else if (phdr != 0) {
636 /* invalid pseudo header -- should never happen here */
637 goto fail;
638 }
639
640 /* regular header field in (name,value) */
641 if (!(fields & H2_PHDR_FND_NONE)) {
642 /* no more pseudo-headers, time to build the status line */
643 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
644 if (!sl)
645 goto fail;
646 fields |= H2_PHDR_FND_NONE;
647 }
648
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100649 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100650 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100651 if (ret < 0)
652 goto fail;
653
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200654 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100655 if (ret == 0)
656 continue; // skip this duplicate
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200657 }
658
659 /* these ones are forbidden in responses (RFC7540#8.1.2.2) */
660 if (isteq(list[idx].n, ist("connection")) ||
661 isteq(list[idx].n, ist("proxy-connection")) ||
662 isteq(list[idx].n, ist("keep-alive")) ||
663 isteq(list[idx].n, ist("upgrade")) ||
664 isteq(list[idx].n, ist("transfer-encoding")))
665 goto fail;
666
667 if (!htx_add_header(htx, list[idx].n, list[idx].v))
668 goto fail;
669 }
670
671 /* RFC7540#8.1.2.1 mandates to reject request pseudo-headers */
672 if (fields & (H2_PHDR_FND_AUTH|H2_PHDR_FND_METH|H2_PHDR_FND_PATH|H2_PHDR_FND_SCHM))
673 goto fail;
674
675 /* Let's dump the request now if not yet emitted. */
676 if (!(fields & H2_PHDR_FND_NONE)) {
677 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
678 if (!sl)
679 goto fail;
680 }
681
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100682 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0))
683 sl_flags |= HTX_SL_F_BODYLESS;
684
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200685 /* update the start line with last detected header info */
686 sl->flags |= sl_flags;
687
688 if ((*msgf & (H2_MSGF_BODY|H2_MSGF_BODY_TUNNEL|H2_MSGF_BODY_CL)) == H2_MSGF_BODY) {
689 /* FIXME: Do we need to signal anything when we have a body and
690 * no content-length, to have the equivalent of H1's chunked
691 * encoding?
692 */
693 }
694
695 /* now send the end of headers marker */
696 htx_add_endof(htx, HTX_BLK_EOH);
697
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +0500698 /* Set bytes used in the HTX message for the headers now */
Christopher Faulet33543e72019-05-15 15:53:20 +0200699 sl->hdrs_bytes = htx_used_space(htx) - used;
700
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200701 ret = 1;
702 return ret;
703
704 fail:
705 return -1;
706}
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100707
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200708/* Takes an H2 headers list <list> terminated by a name being <NULL,0> and emits
709 * the equivalent HTX trailers blocks. The output contents are emitted in <htx>,
710 * and a positive value is returned if some bytes were emitted. In case of
711 * error, a negative error code is returned. The caller must have verified that
712 * the message in the buffer is compatible with receipt of trailers.
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100713 *
714 * The headers list <list> must be composed of :
715 * - n.name != NULL, n.len > 0 : literal header name
716 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
717 * among H2_PHDR_IDX_* (illegal here)
718 * - n.name ignored, n.len == 0 : end of list
719 * - in all cases except the end of list, v.name and v.len must designate a
720 * valid value.
721 */
722int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx)
723{
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100724 const char *ctl;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100725 uint32_t idx;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100726 int i;
727
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100728 for (idx = 0; list[idx].n.len != 0; idx++) {
729 if (!list[idx].n.ptr) {
730 /* This is an indexed pseudo-header (RFC7540#8.1.2.1) */
731 goto fail;
732 }
733
Willy Tarreau146f53a2019-11-24 10:34:39 +0100734 /* RFC7540#8.1.2: upper case not allowed in header field names.
735 * #10.3: header names must be valid (i.e. match a token). This
736 * also catches pseudo-headers which are forbidden in trailers.
737 */
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100738 for (i = 0; i < list[idx].n.len; i++)
Willy Tarreau146f53a2019-11-24 10:34:39 +0100739 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100740 goto fail;
741
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100742 /* these ones are forbidden in trailers (RFC7540#8.1.2.2) */
743 if (isteq(list[idx].n, ist("host")) ||
744 isteq(list[idx].n, ist("content-length")) ||
745 isteq(list[idx].n, ist("connection")) ||
746 isteq(list[idx].n, ist("proxy-connection")) ||
747 isteq(list[idx].n, ist("keep-alive")) ||
748 isteq(list[idx].n, ist("upgrade")) ||
749 isteq(list[idx].n, ist("te")) ||
750 isteq(list[idx].n, ist("transfer-encoding")))
751 goto fail;
752
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100753 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
754 * rejecting NUL, CR and LF characters.
755 */
756 ctl = ist_find_ctl(list[idx].v);
757 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
758 goto fail;
759
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200760 if (!htx_add_trailer(htx, list[idx].n, list[idx].v))
761 goto fail;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100762 }
763
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200764 if (!htx_add_endof(htx, HTX_BLK_EOT))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100765 goto fail;
766
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100767 return 1;
768
769 fail:
770 return -1;
771}