Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 1 | /* |
| 2 | * HTTP/2 protocol processing |
| 3 | * |
| 4 | * Copyright 2017 Willy Tarreau <w@1wt.eu> |
| 5 | * Copyright (C) 2017 HAProxy Technologies |
| 6 | * |
| 7 | * Permission is hereby granted, free of charge, to any person obtaining |
| 8 | * a copy of this software and associated documentation files (the |
| 9 | * "Software"), to deal in the Software without restriction, including |
| 10 | * without limitation the rights to use, copy, modify, merge, publish, |
| 11 | * distribute, sublicense, and/or sell copies of the Software, and to |
| 12 | * permit persons to whom the Software is furnished to do so, subject to |
| 13 | * the following conditions: |
| 14 | * |
| 15 | * The above copyright notice and this permission notice shall be |
| 16 | * included in all copies or substantial portions of the Software. |
| 17 | * |
| 18 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| 19 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES |
| 20 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| 21 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
| 22 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
| 23 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| 24 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
| 25 | * OTHER DEALINGS IN THE SOFTWARE. |
| 26 | */ |
| 27 | |
Willy Tarreau | a1bd1fa | 2019-03-29 17:26:33 +0100 | [diff] [blame] | 28 | #include <inttypes.h> |
Willy Tarreau | 4c7e4b7 | 2020-05-27 12:58:42 +0200 | [diff] [blame] | 29 | #include <haproxy/api.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 30 | #include <haproxy/global.h> |
Willy Tarreau | bf07314 | 2020-06-03 12:04:01 +0200 | [diff] [blame] | 31 | #include <haproxy/h2.h> |
Willy Tarreau | 0017be0 | 2020-06-02 19:25:28 +0200 | [diff] [blame] | 32 | #include <haproxy/http-hdr-t.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 33 | #include <haproxy/http.h> |
Amaury Denoyelle | 0353410 | 2021-07-07 10:49:28 +0200 | [diff] [blame] | 34 | #include <haproxy/http_htx.h> |
Willy Tarreau | 16f958c | 2020-06-03 08:44:35 +0200 | [diff] [blame] | 35 | #include <haproxy/htx.h> |
Willy Tarreau | eb6f701 | 2020-05-27 16:21:26 +0200 | [diff] [blame] | 36 | #include <import/ist.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 37 | |
Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 38 | |
Willy Tarreau | 9c84d82 | 2019-01-30 15:09:21 +0100 | [diff] [blame] | 39 | struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = { |
| 40 | [H2_FT_DATA ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 41 | [H2_FT_HEADERS ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 1, .max_len = H2_MAX_FRAME_LEN, }, |
| 42 | [H2_FT_PRIORITY ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 5, .max_len = 5, }, |
| 43 | [H2_FT_RST_STREAM ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, }, |
| 44 | [H2_FT_SETTINGS ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 45 | [H2_FT_PUSH_PROMISE ] = { .dir = 0, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = H2_MAX_FRAME_LEN, }, |
| 46 | [H2_FT_PING ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = 8, }, |
| 47 | [H2_FT_GOAWAY ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = H2_MAX_FRAME_LEN, }, |
| 48 | [H2_FT_WINDOW_UPDATE] = { .dir = 3, .min_id = 0, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, }, |
| 49 | [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 50 | }; |
Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 51 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 52 | /* Looks into <ist> for forbidden characters for header values (0x00, 0x0A, |
| 53 | * 0x0D), starting at pointer <start> which must be within <ist>. Returns |
| 54 | * non-zero if such a character is found, 0 otherwise. When run on unlikely |
| 55 | * header match, it's recommended to first check for the presence of control |
| 56 | * chars using ist_find_ctl(). |
| 57 | */ |
| 58 | static int has_forbidden_char(const struct ist ist, const char *start) |
| 59 | { |
| 60 | do { |
| 61 | if ((uint8_t)*start <= 0x0d && |
| 62 | (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0))) |
| 63 | return 1; |
| 64 | start++; |
| 65 | } while (start < ist.ptr + ist.len); |
| 66 | return 0; |
| 67 | } |
| 68 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 69 | /* Parse the Content-Length header field of an HTTP/2 request. The function |
| 70 | * checks all possible occurrences of a comma-delimited value, and verifies |
| 71 | * if any of them doesn't match a previous value. It returns <0 if a value |
| 72 | * differs, 0 if the whole header can be dropped (i.e. already known), or >0 |
| 73 | * if the value can be indexed (first one). In the last case, the value might |
| 74 | * be adjusted and the caller must only add the updated value. |
| 75 | */ |
| 76 | int h2_parse_cont_len_header(unsigned int *msgf, struct ist *value, unsigned long long *body_len) |
| 77 | { |
| 78 | char *e, *n; |
| 79 | unsigned long long cl; |
| 80 | int not_first = !!(*msgf & H2_MSGF_BODY_CL); |
| 81 | struct ist word; |
| 82 | |
| 83 | word.ptr = value->ptr - 1; // -1 for next loop's pre-increment |
| 84 | e = value->ptr + value->len; |
| 85 | |
| 86 | while (++word.ptr < e) { |
Ilya Shipitsin | 6fb0f21 | 2020-04-02 15:25:26 +0500 | [diff] [blame] | 87 | /* skip leading delimiter and blanks */ |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 88 | if (unlikely(HTTP_IS_LWS(*word.ptr))) |
| 89 | continue; |
| 90 | |
| 91 | /* digits only now */ |
| 92 | for (cl = 0, n = word.ptr; n < e; n++) { |
| 93 | unsigned int c = *n - '0'; |
| 94 | if (unlikely(c > 9)) { |
| 95 | /* non-digit */ |
| 96 | if (unlikely(n == word.ptr)) // spaces only |
| 97 | goto fail; |
| 98 | break; |
| 99 | } |
| 100 | if (unlikely(cl > ULLONG_MAX / 10ULL)) |
| 101 | goto fail; /* multiply overflow */ |
| 102 | cl = cl * 10ULL; |
| 103 | if (unlikely(cl + c < cl)) |
| 104 | goto fail; /* addition overflow */ |
| 105 | cl = cl + c; |
| 106 | } |
| 107 | |
| 108 | /* keep a copy of the exact cleaned value */ |
| 109 | word.len = n - word.ptr; |
| 110 | |
| 111 | /* skip trailing LWS till next comma or EOL */ |
| 112 | for (; n < e; n++) { |
| 113 | if (!HTTP_IS_LWS(*n)) { |
| 114 | if (unlikely(*n != ',')) |
| 115 | goto fail; |
| 116 | break; |
| 117 | } |
| 118 | } |
| 119 | |
| 120 | /* if duplicate, must be equal */ |
| 121 | if (*msgf & H2_MSGF_BODY_CL && cl != *body_len) |
| 122 | goto fail; |
| 123 | |
| 124 | /* OK, store this result as the one to be indexed */ |
| 125 | *msgf |= H2_MSGF_BODY_CL; |
| 126 | *body_len = cl; |
| 127 | *value = word; |
| 128 | word.ptr = n; |
| 129 | } |
| 130 | /* here we've reached the end with a single value or a series of |
| 131 | * identical values, all matching previous series if any. The last |
| 132 | * parsed value was sent back into <value>. We just have to decide |
| 133 | * if this occurrence has to be indexed (it's the first one) or |
| 134 | * silently skipped (it's not the first one) |
| 135 | */ |
| 136 | return !not_first; |
| 137 | fail: |
| 138 | return -1; |
| 139 | } |
| 140 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 141 | /* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>. |
| 142 | * <fields> indicates what was found so far. This should be called once at the |
| 143 | * detection of the first general header field or at the end of the request if |
| 144 | * no general header field was found yet. Returns the created start line on |
| 145 | * success, or NULL on failure. Upon success, <msgf> is updated with a few |
| 146 | * H2_MSGF_* flags indicating what was found while parsing. |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 147 | * |
| 148 | * The rules below deserve a bit of explanation. There tends to be some |
| 149 | * confusion regarding H2's authority vs the Host header. They are different |
| 150 | * though may sometimes be exchanged. In H2, the request line is broken into : |
| 151 | * - :method |
| 152 | * - :scheme |
| 153 | * - :authority |
| 154 | * - :path |
| 155 | * |
| 156 | * An equivalent HTTP/1.x absolute-form request would then look like : |
| 157 | * <:method> <:scheme>://<:authority><:path> HTTP/x.y |
| 158 | * |
| 159 | * Except for CONNECT which doesn't have scheme nor path and looks like : |
| 160 | * <:method> <:authority> HTTP/x.y |
| 161 | * |
| 162 | * It's worth noting that H2 still supports an encoding to map H1 origin-form |
| 163 | * and asterisk-form requests. These ones do not specify the authority. However |
| 164 | * in H2 they must still specify the scheme, which is not present in H1. Also, |
| 165 | * when encoding an absolute-form H1 request without a path, the path |
| 166 | * automatically becomes "/" except for the OPTIONS method where it |
| 167 | * becomes "*". |
| 168 | * |
| 169 | * As such it is explicitly permitted for an H2 client to send a request |
| 170 | * featuring a Host header and no :authority, though it's not the recommended |
| 171 | * way to use H2 for a client. It is however the only permitted way to encode |
| 172 | * an origin-form H1 request over H2. Thus we need to respect such differences |
| 173 | * as much as possible when re-encoding the H2 request into HTX. |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 174 | */ |
| 175 | static struct htx_sl *h2_prepare_htx_reqline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf) |
| 176 | { |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 177 | struct ist uri, meth_sl; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 178 | unsigned int flags = HTX_SL_F_NONE; |
| 179 | struct htx_sl *sl; |
Willy Tarreau | 9255e7e | 2019-03-05 10:47:37 +0100 | [diff] [blame] | 180 | size_t i; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 181 | |
| 182 | if ((fields & H2_PHDR_FND_METH) && isteq(phdr[H2_PHDR_IDX_METH], ist("CONNECT"))) { |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 183 | if (fields & H2_PHDR_FND_PROT) { |
| 184 | /* rfc 8441 Extended Connect Protocol |
| 185 | * #4 :scheme and :path must be present, as well as |
| 186 | * :authority like all h2 requests |
| 187 | */ |
| 188 | if (!(fields & H2_PHDR_FND_SCHM)) { |
| 189 | /* missing scheme */ |
| 190 | goto fail; |
| 191 | } |
| 192 | else if (!(fields & H2_PHDR_FND_PATH)) { |
| 193 | /* missing path */ |
| 194 | goto fail; |
| 195 | } |
| 196 | else if (!(fields & H2_PHDR_FND_AUTH)) { |
| 197 | /* missing authority */ |
| 198 | goto fail; |
| 199 | } |
| 200 | |
| 201 | flags |= HTX_SL_F_HAS_SCHM; |
| 202 | if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http"))) |
| 203 | flags |= HTX_SL_F_SCHM_HTTP; |
| 204 | else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https"))) |
| 205 | flags |= HTX_SL_F_SCHM_HTTPS; |
| 206 | |
| 207 | meth_sl = ist("GET"); |
| 208 | |
| 209 | *msgf |= H2_MSGF_EXT_CONNECT; |
| 210 | /* no ES on the HEADERS frame but no body either for |
| 211 | * Extended CONNECT */ |
| 212 | *msgf &= ~H2_MSGF_BODY; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 213 | } |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 214 | else { |
| 215 | /* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path" |
| 216 | * MUST be omitted ; ":authority" contains the host and port |
| 217 | * to connect to. |
| 218 | */ |
| 219 | if (fields & H2_PHDR_FND_SCHM) { |
| 220 | /* scheme not allowed */ |
| 221 | goto fail; |
| 222 | } |
| 223 | else if (fields & H2_PHDR_FND_PATH) { |
| 224 | /* path not allowed */ |
| 225 | goto fail; |
| 226 | } |
| 227 | else if (!(fields & H2_PHDR_FND_AUTH)) { |
| 228 | /* missing authority */ |
| 229 | goto fail; |
| 230 | } |
| 231 | |
| 232 | meth_sl = phdr[H2_PHDR_IDX_METH]; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 233 | } |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 234 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 235 | *msgf |= H2_MSGF_BODY_TUNNEL; |
| 236 | } |
| 237 | else if ((fields & (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) != |
| 238 | (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) { |
| 239 | /* RFC 7540 #8.1.2.3 : all requests MUST include exactly one |
| 240 | * valid value for the ":method", ":scheme" and ":path" phdr |
| 241 | * unless it is a CONNECT request. |
| 242 | */ |
| 243 | if (!(fields & H2_PHDR_FND_METH)) { |
| 244 | /* missing method */ |
| 245 | goto fail; |
| 246 | } |
| 247 | else if (!(fields & H2_PHDR_FND_SCHM)) { |
| 248 | /* missing scheme */ |
| 249 | goto fail; |
| 250 | } |
| 251 | else { |
| 252 | /* missing path */ |
| 253 | goto fail; |
| 254 | } |
| 255 | } |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 256 | else { /* regular methods */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 257 | /* RFC3986#6.2.2.1: scheme is case-insensitive. We need to |
| 258 | * classify the scheme as "present/http", "present/https", |
| 259 | * "present/other", "absent" so as to decide whether or not |
| 260 | * we're facing a normalized URI that will have to be encoded |
| 261 | * in origin or absolute form. Indeed, 7540#8.1.2.3 says that |
| 262 | * clients should use the absolute form, thus we cannot infer |
| 263 | * whether or not the client wanted to use a proxy here. |
| 264 | */ |
| 265 | flags |= HTX_SL_F_HAS_SCHM; |
| 266 | if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http"))) |
| 267 | flags |= HTX_SL_F_SCHM_HTTP; |
| 268 | else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https"))) |
| 269 | flags |= HTX_SL_F_SCHM_HTTPS; |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 270 | |
| 271 | meth_sl = phdr[H2_PHDR_IDX_METH]; |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 272 | } |
| 273 | |
| 274 | if (!(flags & HTX_SL_F_HAS_SCHM)) { |
| 275 | /* no scheme, use authority only (CONNECT) */ |
| 276 | uri = phdr[H2_PHDR_IDX_AUTH]; |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 277 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 278 | } |
Willy Tarreau | 30ee1ef | 2019-10-08 18:33:19 +0200 | [diff] [blame] | 279 | else if (fields & H2_PHDR_FND_AUTH) { |
| 280 | /* authority is present, let's use the absolute form. We simply |
| 281 | * use the trash to concatenate them since all of them MUST fit |
| 282 | * in a bufsize since it's where they come from. |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 283 | */ |
Willy Tarreau | fd2658c | 2020-02-26 13:51:38 +0100 | [diff] [blame] | 284 | if (unlikely(!phdr[H2_PHDR_IDX_PATH].len)) |
| 285 | goto fail; // 7540#8.1.2.3: :path must not be empty |
| 286 | |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 287 | uri = ist2bin(trash.area, phdr[H2_PHDR_IDX_SCHM]); |
| 288 | istcat(&uri, ist("://"), trash.size); |
| 289 | istcat(&uri, phdr[H2_PHDR_IDX_AUTH], trash.size); |
| 290 | if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*"))) |
| 291 | istcat(&uri, phdr[H2_PHDR_IDX_PATH], trash.size); |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 292 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 30ee1ef | 2019-10-08 18:33:19 +0200 | [diff] [blame] | 293 | |
| 294 | if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) { |
| 295 | /* we don't know if it was originally an absolute or a |
| 296 | * relative request because newer versions of HTTP use |
| 297 | * the absolute URI format by default, which we call |
| 298 | * the normalized URI format internally. This is the |
| 299 | * strongly recommended way of sending a request for |
| 300 | * a regular client, so we cannot distinguish this |
| 301 | * from a request intended for a proxy. For other |
| 302 | * schemes however there is no doubt. |
| 303 | */ |
| 304 | flags |= HTX_SL_F_NORMALIZED_URI; |
| 305 | } |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 306 | } |
| 307 | else { |
| 308 | /* usual schemes with or without authority, use origin form */ |
| 309 | uri = phdr[H2_PHDR_IDX_PATH]; |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 310 | if (fields & H2_PHDR_FND_AUTH) |
| 311 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 312 | } |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 313 | |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 314 | /* make sure the final URI isn't empty. Note that 7540#8.1.2.3 states |
| 315 | * that :path must not be empty. |
| 316 | */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 317 | if (!uri.len) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 318 | goto fail; |
| 319 | |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 320 | /* The final URI must not contain LWS nor CTL characters */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 321 | for (i = 0; i < uri.len; i++) { |
| 322 | unsigned char c = uri.ptr[i]; |
Willy Tarreau | 9255e7e | 2019-03-05 10:47:37 +0100 | [diff] [blame] | 323 | if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c)) |
| 324 | htx->flags |= HTX_FL_PARSING_ERROR; |
| 325 | } |
| 326 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 327 | /* Set HTX start-line flags */ |
| 328 | flags |= HTX_SL_F_VER_11; // V2 in fact |
| 329 | flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2 |
| 330 | |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 331 | sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, meth_sl, uri, ist("HTTP/2.0")); |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 332 | if (!sl) |
| 333 | goto fail; |
| 334 | |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 335 | sl->info.req.meth = find_http_meth(meth_sl.ptr, meth_sl.len); |
Christopher Faulet | 7d247f0 | 2020-12-02 14:26:36 +0100 | [diff] [blame] | 336 | if (sl->info.req.meth == HTTP_METH_HEAD) |
| 337 | *msgf |= H2_MSGF_BODYLESS_RSP; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 338 | return sl; |
| 339 | fail: |
| 340 | return NULL; |
| 341 | } |
| 342 | |
| 343 | /* Takes an H2 request present in the headers list <list> terminated by a name |
| 344 | * being <NULL,0> and emits the equivalent HTX request according to the rules |
| 345 | * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and |
| 346 | * non-zero is returned if some bytes were emitted. In case of error, a |
| 347 | * negative error code is returned. |
| 348 | * |
| 349 | * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what |
| 350 | * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY |
| 351 | * if a body is detected (!ES). |
| 352 | * |
| 353 | * The headers list <list> must be composed of : |
| 354 | * - n.name != NULL, n.len > 0 : literal header name |
| 355 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 356 | * among H2_PHDR_IDX_* |
| 357 | * - n.name ignored, n.len == 0 : end of list |
| 358 | * - in all cases except the end of list, v.name and v.len must designate a |
| 359 | * valid value. |
| 360 | * |
| 361 | * The Cookie header will be reassembled at the end, and for this, the <list> |
| 362 | * will be used to create a linked list, so its contents may be destroyed. |
| 363 | */ |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 364 | int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 365 | { |
| 366 | struct ist phdr_val[H2_PHDR_NUM_ENTRIES]; |
| 367 | uint32_t fields; /* bit mask of H2_PHDR_FND_* */ |
| 368 | uint32_t idx; |
| 369 | int ck, lck; /* cookie index and last cookie index */ |
| 370 | int phdr; |
| 371 | int ret; |
| 372 | int i; |
| 373 | struct htx_sl *sl = NULL; |
| 374 | unsigned int sl_flags = 0; |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 375 | const char *ctl; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 376 | |
| 377 | lck = ck = -1; // no cookie for now |
| 378 | fields = 0; |
| 379 | for (idx = 0; list[idx].n.len != 0; idx++) { |
| 380 | if (!list[idx].n.ptr) { |
| 381 | /* this is an indexed pseudo-header */ |
| 382 | phdr = list[idx].n.len; |
| 383 | } |
| 384 | else { |
| 385 | /* this can be any type of header */ |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 386 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 387 | * #10.3: header names must be valid (i.e. match a token). |
| 388 | * For pseudo-headers we check from 2nd char and for other ones |
| 389 | * from the first char, because HTTP_IS_TOKEN() also excludes |
| 390 | * the colon. |
| 391 | */ |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 392 | phdr = h2_str_to_phdr(list[idx].n); |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 393 | |
| 394 | for (i = !!phdr; i < list[idx].n.len; i++) |
| 395 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
| 396 | goto fail; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 397 | } |
| 398 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 399 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 400 | * rejecting NUL, CR and LF characters. |
| 401 | */ |
| 402 | ctl = ist_find_ctl(list[idx].v); |
| 403 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 404 | goto fail; |
| 405 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 406 | if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { |
| 407 | /* insert a pseudo header by its index (in phdr) and value (in value) */ |
| 408 | if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) { |
| 409 | if (fields & H2_PHDR_FND_NONE) { |
| 410 | /* pseudo header field after regular headers */ |
| 411 | goto fail; |
| 412 | } |
| 413 | else { |
| 414 | /* repeated pseudo header field */ |
| 415 | goto fail; |
| 416 | } |
| 417 | } |
| 418 | fields |= 1 << phdr; |
| 419 | phdr_val[phdr] = list[idx].v; |
| 420 | continue; |
| 421 | } |
| 422 | else if (phdr != 0) { |
| 423 | /* invalid pseudo header -- should never happen here */ |
| 424 | goto fail; |
| 425 | } |
| 426 | |
| 427 | /* regular header field in (name,value) */ |
| 428 | if (unlikely(!(fields & H2_PHDR_FND_NONE))) { |
| 429 | /* no more pseudo-headers, time to build the request line */ |
| 430 | sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf); |
| 431 | if (!sl) |
| 432 | goto fail; |
| 433 | fields |= H2_PHDR_FND_NONE; |
| 434 | } |
| 435 | |
| 436 | if (isteq(list[idx].n, ist("host"))) |
| 437 | fields |= H2_PHDR_FND_HOST; |
| 438 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 439 | if (isteq(list[idx].n, ist("content-length"))) { |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 440 | ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len); |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 441 | if (ret < 0) |
| 442 | goto fail; |
| 443 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 444 | sl_flags |= HTX_SL_F_CLEN; |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 445 | if (ret == 0) |
| 446 | continue; // skip this duplicate |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 447 | } |
| 448 | |
| 449 | /* these ones are forbidden in requests (RFC7540#8.1.2.2) */ |
| 450 | if (isteq(list[idx].n, ist("connection")) || |
| 451 | isteq(list[idx].n, ist("proxy-connection")) || |
| 452 | isteq(list[idx].n, ist("keep-alive")) || |
| 453 | isteq(list[idx].n, ist("upgrade")) || |
| 454 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 455 | goto fail; |
| 456 | |
| 457 | if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers"))) |
| 458 | goto fail; |
| 459 | |
| 460 | /* cookie requires special processing at the end */ |
| 461 | if (isteq(list[idx].n, ist("cookie"))) { |
| 462 | list[idx].n.len = -1; |
| 463 | |
| 464 | if (ck < 0) |
| 465 | ck = idx; |
| 466 | else |
| 467 | list[lck].n.len = idx; |
| 468 | |
| 469 | lck = idx; |
| 470 | continue; |
| 471 | } |
| 472 | |
| 473 | if (!htx_add_header(htx, list[idx].n, list[idx].v)) |
| 474 | goto fail; |
| 475 | } |
| 476 | |
| 477 | /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */ |
| 478 | if (fields & H2_PHDR_FND_STAT) |
| 479 | goto fail; |
| 480 | |
| 481 | /* Let's dump the request now if not yet emitted. */ |
| 482 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 483 | sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf); |
| 484 | if (!sl) |
| 485 | goto fail; |
| 486 | } |
| 487 | |
Christopher Faulet | d0db423 | 2021-01-22 11:46:30 +0100 | [diff] [blame] | 488 | if (*msgf & H2_MSGF_BODY_TUNNEL) |
| 489 | *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL); |
| 490 | |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 491 | if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) || |
| 492 | (*msgf & H2_MSGF_BODY_TUNNEL)) { |
| 493 | /* Request without body or tunnel requested */ |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 494 | sl_flags |= HTX_SL_F_BODYLESS; |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 495 | htx->flags |= HTX_FL_EOM; |
| 496 | } |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 497 | |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 498 | if (*msgf & H2_MSGF_EXT_CONNECT) { |
| 499 | if (!htx_add_header(htx, ist("upgrade"), phdr_val[H2_PHDR_IDX_PROT])) |
| 500 | goto fail; |
| 501 | if (!htx_add_header(htx, ist("connection"), ist("upgrade"))) |
| 502 | goto fail; |
| 503 | sl_flags |= HTX_SL_F_CONN_UPG; |
| 504 | } |
| 505 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 506 | /* update the start line with last detected header info */ |
| 507 | sl->flags |= sl_flags; |
| 508 | |
| 509 | /* complete with missing Host if needed */ |
| 510 | if ((fields & (H2_PHDR_FND_HOST|H2_PHDR_FND_AUTH)) == H2_PHDR_FND_AUTH) { |
| 511 | /* missing Host field, use :authority instead */ |
| 512 | if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH])) |
| 513 | goto fail; |
| 514 | } |
| 515 | |
| 516 | /* now we may have to build a cookie list. We'll dump the values of all |
| 517 | * visited headers. |
| 518 | */ |
| 519 | if (ck >= 0) { |
| 520 | uint32_t fs; // free space |
| 521 | uint32_t bs; // block size |
| 522 | uint32_t vl; // value len |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 523 | uint32_t tl; // total length |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 524 | struct htx_blk *blk; |
| 525 | |
| 526 | blk = htx_add_header(htx, ist("cookie"), list[ck].v); |
| 527 | if (!blk) |
| 528 | goto fail; |
| 529 | |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 530 | tl = list[ck].v.len; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 531 | fs = htx_free_data_space(htx); |
| 532 | bs = htx_get_blksz(blk); |
| 533 | |
| 534 | /* for each extra cookie, we'll extend the cookie's value and |
| 535 | * insert "; " before the new value. |
| 536 | */ |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 537 | fs += tl; // first one is already counted |
Tim Duesterhus | 1568355 | 2021-03-04 23:50:13 +0100 | [diff] [blame] | 538 | while ((ck = list[ck].n.len) >= 0) { |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 539 | vl = list[ck].v.len; |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 540 | tl += vl + 2; |
| 541 | if (tl > fs) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 542 | goto fail; |
| 543 | |
Christopher Faulet | 3e2638e | 2019-06-18 09:49:16 +0200 | [diff] [blame] | 544 | htx_change_blk_value_len(htx, blk, tl); |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 545 | *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';'; |
| 546 | *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' '; |
| 547 | memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl); |
| 548 | bs += vl + 2; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 549 | } |
| 550 | |
| 551 | } |
| 552 | |
| 553 | /* now send the end of headers marker */ |
Christopher Faulet | 5be651d | 2021-01-22 15:28:03 +0100 | [diff] [blame] | 554 | if (!htx_add_endof(htx, HTX_BLK_EOH)) |
| 555 | goto fail; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 556 | |
Amaury Denoyelle | 0353410 | 2021-07-07 10:49:28 +0200 | [diff] [blame] | 557 | /* proceed to scheme-based normalization on target-URI */ |
| 558 | if (fields & H2_PHDR_FND_SCHM) |
| 559 | http_scheme_based_normalize(htx); |
| 560 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 561 | ret = 1; |
| 562 | return ret; |
| 563 | |
| 564 | fail: |
| 565 | return -1; |
| 566 | } |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 567 | |
| 568 | /* Prepare the status line into <htx> from pseudo headers stored in <phdr[]>. |
| 569 | * <fields> indicates what was found so far. This should be called once at the |
| 570 | * detection of the first general header field or at the end of the message if |
| 571 | * no general header field was found yet. Returns the created start line on |
| 572 | * success, or NULL on failure. Upon success, <msgf> is updated with a few |
| 573 | * H2_MSGF_* flags indicating what was found while parsing. |
| 574 | */ |
| 575 | static struct htx_sl *h2_prepare_htx_stsline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf) |
| 576 | { |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 577 | unsigned int status, flags = HTX_SL_F_NONE; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 578 | struct htx_sl *sl; |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 579 | struct ist stat; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 580 | |
| 581 | /* only :status is allowed as a pseudo header */ |
| 582 | if (!(fields & H2_PHDR_FND_STAT)) |
| 583 | goto fail; |
| 584 | |
| 585 | if (phdr[H2_PHDR_IDX_STAT].len != 3) |
| 586 | goto fail; |
| 587 | |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 588 | /* if Extended CONNECT is used, convert status code from 200 to htx 101 |
| 589 | * following rfc 8441 */ |
| 590 | if (unlikely(*msgf & H2_MSGF_EXT_CONNECT) && |
| 591 | isteq(phdr[H2_PHDR_IDX_STAT], ist("200"))) { |
| 592 | stat = ist("101"); |
| 593 | status = 101; |
| 594 | } |
| 595 | else { |
| 596 | unsigned char h, t, u; |
| 597 | |
| 598 | stat = phdr[H2_PHDR_IDX_STAT]; |
| 599 | |
| 600 | h = stat.ptr[0] - '0'; |
| 601 | t = stat.ptr[1] - '0'; |
| 602 | u = stat.ptr[2] - '0'; |
| 603 | if (h > 9 || t > 9 || u > 9) |
| 604 | goto fail; |
| 605 | status = h * 100 + t * 10 + u; |
| 606 | } |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 607 | |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 608 | /* 101 responses are not supported in H2, so return a error. |
| 609 | * On 1xx responses there is no ES on the HEADERS frame but there is no |
| 610 | * body. So remove the flag H2_MSGF_BODY and add H2_MSGF_RSP_1XX to |
| 611 | * notify the decoder another HEADERS frame is expected. |
Ilya Shipitsin | acf8459 | 2021-02-06 22:29:08 +0500 | [diff] [blame] | 612 | * 204/304 response have no body by definition. So remove the flag |
Christopher Faulet | 7d247f0 | 2020-12-02 14:26:36 +0100 | [diff] [blame] | 613 | * H2_MSGF_BODY and set H2_MSGF_BODYLESS_RSP. |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 614 | * |
| 615 | * Note however that there is a special condition for Extended CONNECT. |
| 616 | * In this case, we explicitly convert it to HTX 101 to mimic |
| 617 | * Get+Upgrade HTTP/1.1 mechanism |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 618 | */ |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 619 | if (status == 101) { |
| 620 | if (!(*msgf & H2_MSGF_EXT_CONNECT)) |
| 621 | goto fail; |
| 622 | } |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 623 | else if (status < 200) { |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 624 | *msgf |= H2_MSGF_RSP_1XX; |
| 625 | *msgf &= ~H2_MSGF_BODY; |
| 626 | } |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 627 | else if (status == 204 || status == 304) { |
Christopher Faulet | 7d247f0 | 2020-12-02 14:26:36 +0100 | [diff] [blame] | 628 | *msgf &= ~H2_MSGF_BODY; |
| 629 | *msgf |= H2_MSGF_BODYLESS_RSP; |
| 630 | } |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 631 | |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 632 | /* Set HTX start-line flags */ |
| 633 | flags |= HTX_SL_F_VER_11; // V2 in fact |
| 634 | flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2 |
| 635 | |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 636 | sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, ist("HTTP/2.0"), stat, ist("")); |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 637 | if (!sl) |
| 638 | goto fail; |
| 639 | sl->info.res.status = status; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 640 | return sl; |
| 641 | fail: |
| 642 | return NULL; |
| 643 | } |
| 644 | |
| 645 | /* Takes an H2 response present in the headers list <list> terminated by a name |
| 646 | * being <NULL,0> and emits the equivalent HTX response according to the rules |
| 647 | * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and |
| 648 | * a positive value is returned if some bytes were emitted. In case of error, a |
| 649 | * negative error code is returned. |
| 650 | * |
| 651 | * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what |
| 652 | * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY |
| 653 | * if a body is detected (!ES). |
| 654 | * |
| 655 | * The headers list <list> must be composed of : |
| 656 | * - n.name != NULL, n.len > 0 : literal header name |
| 657 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 658 | * among H2_PHDR_IDX_* |
| 659 | * - n.name ignored, n.len == 0 : end of list |
| 660 | * - in all cases except the end of list, v.name and v.len must designate a |
| 661 | * valid value. |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 662 | * |
| 663 | * <upgrade_protocol> is only used if the htx status code is 101 indicating a |
| 664 | * response to an upgrade or h2-equivalent request. |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 665 | */ |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 666 | int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len, char *upgrade_protocol) |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 667 | { |
| 668 | struct ist phdr_val[H2_PHDR_NUM_ENTRIES]; |
| 669 | uint32_t fields; /* bit mask of H2_PHDR_FND_* */ |
| 670 | uint32_t idx; |
| 671 | int phdr; |
| 672 | int ret; |
| 673 | int i; |
| 674 | struct htx_sl *sl = NULL; |
| 675 | unsigned int sl_flags = 0; |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 676 | const char *ctl; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 677 | |
| 678 | fields = 0; |
| 679 | for (idx = 0; list[idx].n.len != 0; idx++) { |
| 680 | if (!list[idx].n.ptr) { |
| 681 | /* this is an indexed pseudo-header */ |
| 682 | phdr = list[idx].n.len; |
| 683 | } |
| 684 | else { |
| 685 | /* this can be any type of header */ |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 686 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 687 | * #10.3: header names must be valid (i.e. match a token). |
| 688 | * For pseudo-headers we check from 2nd char and for other ones |
| 689 | * from the first char, because HTTP_IS_TOKEN() also excludes |
| 690 | * the colon. |
| 691 | */ |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 692 | phdr = h2_str_to_phdr(list[idx].n); |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 693 | |
| 694 | for (i = !!phdr; i < list[idx].n.len; i++) |
| 695 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
| 696 | goto fail; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 697 | } |
| 698 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 699 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 700 | * rejecting NUL, CR and LF characters. |
| 701 | */ |
| 702 | ctl = ist_find_ctl(list[idx].v); |
| 703 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 704 | goto fail; |
| 705 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 706 | if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { |
| 707 | /* insert a pseudo header by its index (in phdr) and value (in value) */ |
| 708 | if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) { |
| 709 | if (fields & H2_PHDR_FND_NONE) { |
| 710 | /* pseudo header field after regular headers */ |
| 711 | goto fail; |
| 712 | } |
| 713 | else { |
| 714 | /* repeated pseudo header field */ |
| 715 | goto fail; |
| 716 | } |
| 717 | } |
| 718 | fields |= 1 << phdr; |
| 719 | phdr_val[phdr] = list[idx].v; |
| 720 | continue; |
| 721 | } |
| 722 | else if (phdr != 0) { |
| 723 | /* invalid pseudo header -- should never happen here */ |
| 724 | goto fail; |
| 725 | } |
| 726 | |
| 727 | /* regular header field in (name,value) */ |
| 728 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 729 | /* no more pseudo-headers, time to build the status line */ |
| 730 | sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf); |
| 731 | if (!sl) |
| 732 | goto fail; |
| 733 | fields |= H2_PHDR_FND_NONE; |
| 734 | } |
| 735 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 736 | if (isteq(list[idx].n, ist("content-length"))) { |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 737 | ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len); |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 738 | if (ret < 0) |
| 739 | goto fail; |
| 740 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 741 | sl_flags |= HTX_SL_F_CLEN; |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 742 | if (ret == 0) |
| 743 | continue; // skip this duplicate |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 744 | } |
| 745 | |
| 746 | /* these ones are forbidden in responses (RFC7540#8.1.2.2) */ |
| 747 | if (isteq(list[idx].n, ist("connection")) || |
| 748 | isteq(list[idx].n, ist("proxy-connection")) || |
| 749 | isteq(list[idx].n, ist("keep-alive")) || |
| 750 | isteq(list[idx].n, ist("upgrade")) || |
| 751 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 752 | goto fail; |
| 753 | |
| 754 | if (!htx_add_header(htx, list[idx].n, list[idx].v)) |
| 755 | goto fail; |
| 756 | } |
| 757 | |
| 758 | /* RFC7540#8.1.2.1 mandates to reject request pseudo-headers */ |
| 759 | if (fields & (H2_PHDR_FND_AUTH|H2_PHDR_FND_METH|H2_PHDR_FND_PATH|H2_PHDR_FND_SCHM)) |
| 760 | goto fail; |
| 761 | |
| 762 | /* Let's dump the request now if not yet emitted. */ |
| 763 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 764 | sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf); |
| 765 | if (!sl) |
| 766 | goto fail; |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 767 | } |
| 768 | |
| 769 | if (sl->info.res.status == 101 && upgrade_protocol) { |
| 770 | if (!htx_add_header(htx, ist("connection"), ist("upgrade"))) |
| 771 | goto fail; |
| 772 | if (!htx_add_header(htx, ist("upgrade"), ist(upgrade_protocol))) |
| 773 | goto fail; |
| 774 | sl_flags |= HTX_SL_F_CONN_UPG; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 775 | } |
| 776 | |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 777 | if ((*msgf & H2_MSGF_BODY_TUNNEL) && |
| 778 | ((sl->info.res.status >= 200 && sl->info.res.status < 300) || sl->info.res.status == 101)) |
Christopher Faulet | d0db423 | 2021-01-22 11:46:30 +0100 | [diff] [blame] | 779 | *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL); |
| 780 | else |
| 781 | *msgf &= ~H2_MSGF_BODY_TUNNEL; |
| 782 | |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 783 | if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) || |
| 784 | (*msgf & H2_MSGF_BODY_TUNNEL)) { |
Ilya Shipitsin | acf8459 | 2021-02-06 22:29:08 +0500 | [diff] [blame] | 785 | /* Response without body or tunnel successfully established */ |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 786 | sl_flags |= HTX_SL_F_BODYLESS; |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 787 | htx->flags |= HTX_FL_EOM; |
| 788 | } |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 789 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 790 | /* update the start line with last detected header info */ |
| 791 | sl->flags |= sl_flags; |
| 792 | |
| 793 | if ((*msgf & (H2_MSGF_BODY|H2_MSGF_BODY_TUNNEL|H2_MSGF_BODY_CL)) == H2_MSGF_BODY) { |
| 794 | /* FIXME: Do we need to signal anything when we have a body and |
| 795 | * no content-length, to have the equivalent of H1's chunked |
| 796 | * encoding? |
| 797 | */ |
| 798 | } |
| 799 | |
| 800 | /* now send the end of headers marker */ |
Christopher Faulet | 5be651d | 2021-01-22 15:28:03 +0100 | [diff] [blame] | 801 | if (!htx_add_endof(htx, HTX_BLK_EOH)) |
| 802 | goto fail; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 803 | |
| 804 | ret = 1; |
| 805 | return ret; |
| 806 | |
| 807 | fail: |
| 808 | return -1; |
| 809 | } |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 810 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 811 | /* Takes an H2 headers list <list> terminated by a name being <NULL,0> and emits |
| 812 | * the equivalent HTX trailers blocks. The output contents are emitted in <htx>, |
| 813 | * and a positive value is returned if some bytes were emitted. In case of |
| 814 | * error, a negative error code is returned. The caller must have verified that |
| 815 | * the message in the buffer is compatible with receipt of trailers. |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 816 | * |
| 817 | * The headers list <list> must be composed of : |
| 818 | * - n.name != NULL, n.len > 0 : literal header name |
| 819 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 820 | * among H2_PHDR_IDX_* (illegal here) |
| 821 | * - n.name ignored, n.len == 0 : end of list |
| 822 | * - in all cases except the end of list, v.name and v.len must designate a |
| 823 | * valid value. |
| 824 | */ |
| 825 | int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx) |
| 826 | { |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 827 | const char *ctl; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 828 | uint32_t idx; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 829 | int i; |
| 830 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 831 | for (idx = 0; list[idx].n.len != 0; idx++) { |
| 832 | if (!list[idx].n.ptr) { |
| 833 | /* This is an indexed pseudo-header (RFC7540#8.1.2.1) */ |
| 834 | goto fail; |
| 835 | } |
| 836 | |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 837 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 838 | * #10.3: header names must be valid (i.e. match a token). This |
| 839 | * also catches pseudo-headers which are forbidden in trailers. |
| 840 | */ |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 841 | for (i = 0; i < list[idx].n.len; i++) |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 842 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 843 | goto fail; |
| 844 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 845 | /* these ones are forbidden in trailers (RFC7540#8.1.2.2) */ |
| 846 | if (isteq(list[idx].n, ist("host")) || |
| 847 | isteq(list[idx].n, ist("content-length")) || |
| 848 | isteq(list[idx].n, ist("connection")) || |
| 849 | isteq(list[idx].n, ist("proxy-connection")) || |
| 850 | isteq(list[idx].n, ist("keep-alive")) || |
| 851 | isteq(list[idx].n, ist("upgrade")) || |
| 852 | isteq(list[idx].n, ist("te")) || |
| 853 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 854 | goto fail; |
| 855 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 856 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 857 | * rejecting NUL, CR and LF characters. |
| 858 | */ |
| 859 | ctl = ist_find_ctl(list[idx].v); |
| 860 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 861 | goto fail; |
| 862 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 863 | if (!htx_add_trailer(htx, list[idx].n, list[idx].v)) |
| 864 | goto fail; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 865 | } |
| 866 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 867 | if (!htx_add_endof(htx, HTX_BLK_EOT)) |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 868 | goto fail; |
| 869 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 870 | return 1; |
| 871 | |
| 872 | fail: |
| 873 | return -1; |
| 874 | } |