blob: 5c3a6aeaf8ecba1911c0448072ab6054b0e707ad [file] [log] [blame]
Willy Tarreauf24ea8e2017-11-21 19:55:27 +01001/*
2 * HTTP/2 protocol processing
3 *
4 * Copyright 2017 Willy Tarreau <w@1wt.eu>
5 * Copyright (C) 2017 HAProxy Technologies
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining
8 * a copy of this software and associated documentation files (the
9 * "Software"), to deal in the Software without restriction, including
10 * without limitation the rights to use, copy, modify, merge, publish,
11 * distribute, sublicense, and/or sell copies of the Software, and to
12 * permit persons to whom the Software is furnished to do so, subject to
13 * the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be
16 * included in all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
20 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
23 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
26 */
27
Willy Tarreaua1bd1fa2019-03-29 17:26:33 +010028#include <inttypes.h>
Willy Tarreau4c7e4b72020-05-27 12:58:42 +020029#include <haproxy/api.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020030#include <haproxy/global.h>
Willy Tarreaubf073142020-06-03 12:04:01 +020031#include <haproxy/h2.h>
Willy Tarreau0017be02020-06-02 19:25:28 +020032#include <haproxy/http-hdr-t.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020033#include <haproxy/http.h>
Amaury Denoyelle4ca0f362021-07-07 10:49:28 +020034#include <haproxy/http_htx.h>
Willy Tarreau16f958c2020-06-03 08:44:35 +020035#include <haproxy/htx.h>
Willy Tarreaueb6f7012020-05-27 16:21:26 +020036#include <import/ist.h>
Willy Tarreaub2551052020-06-09 09:07:15 +020037
Willy Tarreauf24ea8e2017-11-21 19:55:27 +010038
Willy Tarreau9c84d822019-01-30 15:09:21 +010039struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = {
40 [H2_FT_DATA ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
41 [H2_FT_HEADERS ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 1, .max_len = H2_MAX_FRAME_LEN, },
42 [H2_FT_PRIORITY ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 5, .max_len = 5, },
43 [H2_FT_RST_STREAM ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
44 [H2_FT_SETTINGS ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
45 [H2_FT_PUSH_PROMISE ] = { .dir = 0, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = H2_MAX_FRAME_LEN, },
46 [H2_FT_PING ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = 8, },
47 [H2_FT_GOAWAY ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = H2_MAX_FRAME_LEN, },
48 [H2_FT_WINDOW_UPDATE] = { .dir = 3, .min_id = 0, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
49 [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
50};
Willy Tarreauf24ea8e2017-11-21 19:55:27 +010051
Willy Tarreau54f53ef2019-11-22 16:02:43 +010052/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A,
53 * 0x0D), starting at pointer <start> which must be within <ist>. Returns
54 * non-zero if such a character is found, 0 otherwise. When run on unlikely
55 * header match, it's recommended to first check for the presence of control
56 * chars using ist_find_ctl().
57 */
58static int has_forbidden_char(const struct ist ist, const char *start)
59{
60 do {
61 if ((uint8_t)*start <= 0x0d &&
62 (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0)))
63 return 1;
64 start++;
Tim Duesterhus4c8f75f2021-11-06 15:14:44 +010065 } while (start < istend(ist));
Willy Tarreau54f53ef2019-11-22 16:02:43 +010066 return 0;
67}
68
Willy Tarreaubeefaee2018-12-19 13:08:08 +010069/* Parse the Content-Length header field of an HTTP/2 request. The function
70 * checks all possible occurrences of a comma-delimited value, and verifies
71 * if any of them doesn't match a previous value. It returns <0 if a value
72 * differs, 0 if the whole header can be dropped (i.e. already known), or >0
73 * if the value can be indexed (first one). In the last case, the value might
74 * be adjusted and the caller must only add the updated value.
75 */
76int h2_parse_cont_len_header(unsigned int *msgf, struct ist *value, unsigned long long *body_len)
77{
78 char *e, *n;
79 unsigned long long cl;
80 int not_first = !!(*msgf & H2_MSGF_BODY_CL);
81 struct ist word;
82
83 word.ptr = value->ptr - 1; // -1 for next loop's pre-increment
84 e = value->ptr + value->len;
85
86 while (++word.ptr < e) {
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +050087 /* skip leading delimiter and blanks */
Willy Tarreaubeefaee2018-12-19 13:08:08 +010088 if (unlikely(HTTP_IS_LWS(*word.ptr)))
89 continue;
90
91 /* digits only now */
92 for (cl = 0, n = word.ptr; n < e; n++) {
93 unsigned int c = *n - '0';
94 if (unlikely(c > 9)) {
95 /* non-digit */
96 if (unlikely(n == word.ptr)) // spaces only
97 goto fail;
98 break;
99 }
100 if (unlikely(cl > ULLONG_MAX / 10ULL))
101 goto fail; /* multiply overflow */
102 cl = cl * 10ULL;
103 if (unlikely(cl + c < cl))
104 goto fail; /* addition overflow */
105 cl = cl + c;
106 }
107
108 /* keep a copy of the exact cleaned value */
109 word.len = n - word.ptr;
110
111 /* skip trailing LWS till next comma or EOL */
112 for (; n < e; n++) {
113 if (!HTTP_IS_LWS(*n)) {
114 if (unlikely(*n != ','))
115 goto fail;
116 break;
117 }
118 }
119
120 /* if duplicate, must be equal */
121 if (*msgf & H2_MSGF_BODY_CL && cl != *body_len)
122 goto fail;
123
124 /* OK, store this result as the one to be indexed */
125 *msgf |= H2_MSGF_BODY_CL;
126 *body_len = cl;
127 *value = word;
128 word.ptr = n;
129 }
130 /* here we've reached the end with a single value or a series of
131 * identical values, all matching previous series if any. The last
132 * parsed value was sent back into <value>. We just have to decide
133 * if this occurrence has to be indexed (it's the first one) or
134 * silently skipped (it's not the first one)
135 */
136 return !not_first;
137 fail:
138 return -1;
139}
140
Willy Tarreau6deb4122018-11-27 15:34:18 +0100141/* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>.
142 * <fields> indicates what was found so far. This should be called once at the
143 * detection of the first general header field or at the end of the request if
144 * no general header field was found yet. Returns the created start line on
145 * success, or NULL on failure. Upon success, <msgf> is updated with a few
146 * H2_MSGF_* flags indicating what was found while parsing.
Willy Tarreau2be362c2019-10-08 11:59:37 +0200147 *
148 * The rules below deserve a bit of explanation. There tends to be some
149 * confusion regarding H2's authority vs the Host header. They are different
150 * though may sometimes be exchanged. In H2, the request line is broken into :
151 * - :method
152 * - :scheme
153 * - :authority
154 * - :path
155 *
156 * An equivalent HTTP/1.x absolute-form request would then look like :
157 * <:method> <:scheme>://<:authority><:path> HTTP/x.y
158 *
159 * Except for CONNECT which doesn't have scheme nor path and looks like :
160 * <:method> <:authority> HTTP/x.y
161 *
162 * It's worth noting that H2 still supports an encoding to map H1 origin-form
163 * and asterisk-form requests. These ones do not specify the authority. However
164 * in H2 they must still specify the scheme, which is not present in H1. Also,
165 * when encoding an absolute-form H1 request without a path, the path
166 * automatically becomes "/" except for the OPTIONS method where it
167 * becomes "*".
168 *
169 * As such it is explicitly permitted for an H2 client to send a request
170 * featuring a Host header and no :authority, though it's not the recommended
171 * way to use H2 for a client. It is however the only permitted way to encode
172 * an origin-form H1 request over H2. Thus we need to respect such differences
173 * as much as possible when re-encoding the H2 request into HTX.
Willy Tarreau6deb4122018-11-27 15:34:18 +0100174 */
175static struct htx_sl *h2_prepare_htx_reqline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
176{
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100177 struct ist uri, meth_sl;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100178 unsigned int flags = HTX_SL_F_NONE;
179 struct htx_sl *sl;
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100180 size_t i;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100181
182 if ((fields & H2_PHDR_FND_METH) && isteq(phdr[H2_PHDR_IDX_METH], ist("CONNECT"))) {
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100183 if (fields & H2_PHDR_FND_PROT) {
184 /* rfc 8441 Extended Connect Protocol
185 * #4 :scheme and :path must be present, as well as
186 * :authority like all h2 requests
187 */
188 if (!(fields & H2_PHDR_FND_SCHM)) {
189 /* missing scheme */
190 goto fail;
191 }
192 else if (!(fields & H2_PHDR_FND_PATH)) {
193 /* missing path */
194 goto fail;
195 }
196 else if (!(fields & H2_PHDR_FND_AUTH)) {
197 /* missing authority */
198 goto fail;
199 }
200
201 flags |= HTX_SL_F_HAS_SCHM;
202 if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http")))
203 flags |= HTX_SL_F_SCHM_HTTP;
204 else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https")))
205 flags |= HTX_SL_F_SCHM_HTTPS;
Willy Tarreaua495e0d2021-08-10 15:37:34 +0200206 else if (!http_validate_scheme(phdr[H2_PHDR_IDX_SCHM]))
207 htx->flags |= HTX_FL_PARSING_ERROR;
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100208
209 meth_sl = ist("GET");
210
211 *msgf |= H2_MSGF_EXT_CONNECT;
212 /* no ES on the HEADERS frame but no body either for
213 * Extended CONNECT */
214 *msgf &= ~H2_MSGF_BODY;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100215 }
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100216 else {
217 /* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path"
218 * MUST be omitted ; ":authority" contains the host and port
219 * to connect to.
220 */
221 if (fields & H2_PHDR_FND_SCHM) {
222 /* scheme not allowed */
223 goto fail;
224 }
225 else if (fields & H2_PHDR_FND_PATH) {
226 /* path not allowed */
227 goto fail;
228 }
229 else if (!(fields & H2_PHDR_FND_AUTH)) {
230 /* missing authority */
231 goto fail;
232 }
233
234 meth_sl = phdr[H2_PHDR_IDX_METH];
Willy Tarreau6deb4122018-11-27 15:34:18 +0100235 }
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100236
Willy Tarreau6deb4122018-11-27 15:34:18 +0100237 *msgf |= H2_MSGF_BODY_TUNNEL;
238 }
239 else if ((fields & (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) !=
240 (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) {
241 /* RFC 7540 #8.1.2.3 : all requests MUST include exactly one
242 * valid value for the ":method", ":scheme" and ":path" phdr
243 * unless it is a CONNECT request.
244 */
245 if (!(fields & H2_PHDR_FND_METH)) {
246 /* missing method */
247 goto fail;
248 }
249 else if (!(fields & H2_PHDR_FND_SCHM)) {
250 /* missing scheme */
251 goto fail;
252 }
253 else {
254 /* missing path */
255 goto fail;
256 }
257 }
Willy Tarreau2be362c2019-10-08 11:59:37 +0200258 else { /* regular methods */
Willy Tarreau92919f72019-10-08 16:53:07 +0200259 /* RFC3986#6.2.2.1: scheme is case-insensitive. We need to
260 * classify the scheme as "present/http", "present/https",
261 * "present/other", "absent" so as to decide whether or not
262 * we're facing a normalized URI that will have to be encoded
263 * in origin or absolute form. Indeed, 7540#8.1.2.3 says that
264 * clients should use the absolute form, thus we cannot infer
265 * whether or not the client wanted to use a proxy here.
266 */
267 flags |= HTX_SL_F_HAS_SCHM;
268 if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http")))
269 flags |= HTX_SL_F_SCHM_HTTP;
270 else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https")))
271 flags |= HTX_SL_F_SCHM_HTTPS;
Willy Tarreaua495e0d2021-08-10 15:37:34 +0200272 else if (!http_validate_scheme(phdr[H2_PHDR_IDX_SCHM]))
273 htx->flags |= HTX_FL_PARSING_ERROR;
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100274
275 meth_sl = phdr[H2_PHDR_IDX_METH];
Willy Tarreau92919f72019-10-08 16:53:07 +0200276 }
277
Willy Tarreau4b8852c2021-08-10 16:30:55 +0200278 if (fields & H2_PHDR_FND_PATH) {
279 /* 7540#8.1.2.3: :path must not be empty, and must be either
280 * '*' or an RFC3986 "path-absolute" starting with a "/" but
281 * not with "//".
Willy Tarreau46b7dff2021-08-19 23:06:58 +0200282 * However, this "path-absolute" was a mistake which was
283 * later fixed in http2bis as "absolute-path" to match
284 * HTTP/1, thus also allowing "//".
Willy Tarreau4b8852c2021-08-10 16:30:55 +0200285 */
286 if (unlikely(!phdr[H2_PHDR_IDX_PATH].len))
287 goto fail;
288 else if (unlikely(phdr[H2_PHDR_IDX_PATH].ptr[0] != '/')) {
289 if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*")))
290 goto fail;
291 }
Willy Tarreau4b8852c2021-08-10 16:30:55 +0200292 }
293
Willy Tarreau92919f72019-10-08 16:53:07 +0200294 if (!(flags & HTX_SL_F_HAS_SCHM)) {
295 /* no scheme, use authority only (CONNECT) */
296 uri = phdr[H2_PHDR_IDX_AUTH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200297 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau92919f72019-10-08 16:53:07 +0200298 }
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200299 else if (fields & H2_PHDR_FND_AUTH) {
300 /* authority is present, let's use the absolute form. We simply
301 * use the trash to concatenate them since all of them MUST fit
302 * in a bufsize since it's where they come from.
Willy Tarreau92919f72019-10-08 16:53:07 +0200303 */
304 uri = ist2bin(trash.area, phdr[H2_PHDR_IDX_SCHM]);
305 istcat(&uri, ist("://"), trash.size);
306 istcat(&uri, phdr[H2_PHDR_IDX_AUTH], trash.size);
307 if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*")))
308 istcat(&uri, phdr[H2_PHDR_IDX_PATH], trash.size);
Willy Tarreau1440fe82019-10-08 17:34:50 +0200309 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200310
311 if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) {
312 /* we don't know if it was originally an absolute or a
313 * relative request because newer versions of HTTP use
314 * the absolute URI format by default, which we call
315 * the normalized URI format internally. This is the
316 * strongly recommended way of sending a request for
317 * a regular client, so we cannot distinguish this
318 * from a request intended for a proxy. For other
319 * schemes however there is no doubt.
320 */
321 flags |= HTX_SL_F_NORMALIZED_URI;
322 }
Willy Tarreau92919f72019-10-08 16:53:07 +0200323 }
324 else {
325 /* usual schemes with or without authority, use origin form */
326 uri = phdr[H2_PHDR_IDX_PATH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200327 if (fields & H2_PHDR_FND_AUTH)
328 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau2be362c2019-10-08 11:59:37 +0200329 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100330
Willy Tarreau89265222021-08-11 11:12:46 +0200331 /* The method is a non-empty token (RFC7231#4.1) */
332 if (!meth_sl.len)
333 goto fail;
334 for (i = 0; i < meth_sl.len; i++) {
335 if (!HTTP_IS_TOKEN(meth_sl.ptr[i]))
336 htx->flags |= HTX_FL_PARSING_ERROR;
337 }
338
Willy Tarreau2be362c2019-10-08 11:59:37 +0200339 /* make sure the final URI isn't empty. Note that 7540#8.1.2.3 states
340 * that :path must not be empty.
341 */
Willy Tarreau92919f72019-10-08 16:53:07 +0200342 if (!uri.len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100343 goto fail;
344
Willy Tarreau2be362c2019-10-08 11:59:37 +0200345 /* The final URI must not contain LWS nor CTL characters */
Willy Tarreau92919f72019-10-08 16:53:07 +0200346 for (i = 0; i < uri.len; i++) {
347 unsigned char c = uri.ptr[i];
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100348 if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c))
349 htx->flags |= HTX_FL_PARSING_ERROR;
350 }
351
Willy Tarreau6deb4122018-11-27 15:34:18 +0100352 /* Set HTX start-line flags */
353 flags |= HTX_SL_F_VER_11; // V2 in fact
354 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
355
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100356 sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, meth_sl, uri, ist("HTTP/2.0"));
Willy Tarreau6deb4122018-11-27 15:34:18 +0100357 if (!sl)
358 goto fail;
359
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100360 sl->info.req.meth = find_http_meth(meth_sl.ptr, meth_sl.len);
Christopher Faulet7d247f02020-12-02 14:26:36 +0100361 if (sl->info.req.meth == HTTP_METH_HEAD)
362 *msgf |= H2_MSGF_BODYLESS_RSP;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100363 return sl;
364 fail:
365 return NULL;
366}
367
368/* Takes an H2 request present in the headers list <list> terminated by a name
369 * being <NULL,0> and emits the equivalent HTX request according to the rules
370 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
371 * non-zero is returned if some bytes were emitted. In case of error, a
372 * negative error code is returned.
373 *
374 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
375 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
376 * if a body is detected (!ES).
377 *
378 * The headers list <list> must be composed of :
379 * - n.name != NULL, n.len > 0 : literal header name
380 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
381 * among H2_PHDR_IDX_*
382 * - n.name ignored, n.len == 0 : end of list
383 * - in all cases except the end of list, v.name and v.len must designate a
384 * valid value.
385 *
386 * The Cookie header will be reassembled at the end, and for this, the <list>
387 * will be used to create a linked list, so its contents may be destroyed.
388 */
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100389int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100390{
391 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
392 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
393 uint32_t idx;
394 int ck, lck; /* cookie index and last cookie index */
395 int phdr;
396 int ret;
397 int i;
398 struct htx_sl *sl = NULL;
399 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100400 const char *ctl;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100401
402 lck = ck = -1; // no cookie for now
403 fields = 0;
404 for (idx = 0; list[idx].n.len != 0; idx++) {
Tim Duesterhus77508502022-03-15 13:11:06 +0100405 if (!isttest(list[idx].n)) {
Willy Tarreau6deb4122018-11-27 15:34:18 +0100406 /* this is an indexed pseudo-header */
407 phdr = list[idx].n.len;
408 }
409 else {
410 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100411 /* RFC7540#8.1.2: upper case not allowed in header field names.
412 * #10.3: header names must be valid (i.e. match a token).
413 * For pseudo-headers we check from 2nd char and for other ones
414 * from the first char, because HTTP_IS_TOKEN() also excludes
415 * the colon.
416 */
Willy Tarreau6deb4122018-11-27 15:34:18 +0100417 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100418
419 for (i = !!phdr; i < list[idx].n.len; i++)
420 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
421 goto fail;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100422 }
423
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100424 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
425 * rejecting NUL, CR and LF characters.
426 */
427 ctl = ist_find_ctl(list[idx].v);
428 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
429 goto fail;
430
Willy Tarreau6deb4122018-11-27 15:34:18 +0100431 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
432 /* insert a pseudo header by its index (in phdr) and value (in value) */
433 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
434 if (fields & H2_PHDR_FND_NONE) {
435 /* pseudo header field after regular headers */
436 goto fail;
437 }
438 else {
439 /* repeated pseudo header field */
440 goto fail;
441 }
442 }
443 fields |= 1 << phdr;
444 phdr_val[phdr] = list[idx].v;
445 continue;
446 }
447 else if (phdr != 0) {
448 /* invalid pseudo header -- should never happen here */
449 goto fail;
450 }
451
452 /* regular header field in (name,value) */
453 if (unlikely(!(fields & H2_PHDR_FND_NONE))) {
454 /* no more pseudo-headers, time to build the request line */
455 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
456 if (!sl)
457 goto fail;
458 fields |= H2_PHDR_FND_NONE;
Willy Tarreaub5d2b9e2021-08-11 15:39:13 +0200459
460 /* http2bis draft recommends to drop Host in favor of :authority when
461 * the latter is present. This is required to make sure there is no
462 * discrepancy between the authority and the host header, especially
463 * since routing rules usually involve Host. Here we already know if
464 * :authority was found so we can emit it right now and mark the host
465 * as filled so that it's skipped later.
466 */
467 if (fields & H2_PHDR_FND_AUTH) {
468 if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH]))
469 goto fail;
470 fields |= H2_PHDR_FND_HOST;
471 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100472 }
473
Willy Tarreaub5d2b9e2021-08-11 15:39:13 +0200474 if (isteq(list[idx].n, ist("host"))) {
475 if (fields & H2_PHDR_FND_HOST)
476 continue;
477
Willy Tarreau6deb4122018-11-27 15:34:18 +0100478 fields |= H2_PHDR_FND_HOST;
Willy Tarreaub5d2b9e2021-08-11 15:39:13 +0200479 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100480
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100481 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100482 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100483 if (ret < 0)
484 goto fail;
485
Willy Tarreau6deb4122018-11-27 15:34:18 +0100486 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100487 if (ret == 0)
488 continue; // skip this duplicate
Willy Tarreau6deb4122018-11-27 15:34:18 +0100489 }
490
491 /* these ones are forbidden in requests (RFC7540#8.1.2.2) */
492 if (isteq(list[idx].n, ist("connection")) ||
493 isteq(list[idx].n, ist("proxy-connection")) ||
494 isteq(list[idx].n, ist("keep-alive")) ||
495 isteq(list[idx].n, ist("upgrade")) ||
496 isteq(list[idx].n, ist("transfer-encoding")))
497 goto fail;
498
499 if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers")))
500 goto fail;
501
502 /* cookie requires special processing at the end */
503 if (isteq(list[idx].n, ist("cookie"))) {
504 list[idx].n.len = -1;
505
506 if (ck < 0)
507 ck = idx;
508 else
509 list[lck].n.len = idx;
510
511 lck = idx;
512 continue;
513 }
514
515 if (!htx_add_header(htx, list[idx].n, list[idx].v))
516 goto fail;
517 }
518
519 /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */
520 if (fields & H2_PHDR_FND_STAT)
521 goto fail;
522
523 /* Let's dump the request now if not yet emitted. */
524 if (!(fields & H2_PHDR_FND_NONE)) {
525 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
526 if (!sl)
527 goto fail;
528 }
529
Christopher Fauletd0db4232021-01-22 11:46:30 +0100530 if (*msgf & H2_MSGF_BODY_TUNNEL)
531 *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL);
532
Christopher Fauletd1ac2b92020-12-02 19:12:22 +0100533 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) ||
534 (*msgf & H2_MSGF_BODY_TUNNEL)) {
535 /* Request without body or tunnel requested */
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100536 sl_flags |= HTX_SL_F_BODYLESS;
Christopher Fauletd1ac2b92020-12-02 19:12:22 +0100537 htx->flags |= HTX_FL_EOM;
538 }
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100539
Amaury Denoyellec9a0afc2020-12-11 17:53:09 +0100540 if (*msgf & H2_MSGF_EXT_CONNECT) {
541 if (!htx_add_header(htx, ist("upgrade"), phdr_val[H2_PHDR_IDX_PROT]))
542 goto fail;
543 if (!htx_add_header(htx, ist("connection"), ist("upgrade")))
544 goto fail;
545 sl_flags |= HTX_SL_F_CONN_UPG;
546 }
547
Willy Tarreau6deb4122018-11-27 15:34:18 +0100548 /* update the start line with last detected header info */
549 sl->flags |= sl_flags;
550
Willy Tarreaub5d2b9e2021-08-11 15:39:13 +0200551 /* complete with missing Host if needed (we may validate this test if
552 * no regular header was found).
553 */
Willy Tarreau6deb4122018-11-27 15:34:18 +0100554 if ((fields & (H2_PHDR_FND_HOST|H2_PHDR_FND_AUTH)) == H2_PHDR_FND_AUTH) {
555 /* missing Host field, use :authority instead */
556 if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH]))
557 goto fail;
558 }
559
560 /* now we may have to build a cookie list. We'll dump the values of all
561 * visited headers.
562 */
563 if (ck >= 0) {
564 uint32_t fs; // free space
565 uint32_t bs; // block size
566 uint32_t vl; // value len
Willy Tarreau164e0612018-12-18 11:00:41 +0100567 uint32_t tl; // total length
Willy Tarreau6deb4122018-11-27 15:34:18 +0100568 struct htx_blk *blk;
569
570 blk = htx_add_header(htx, ist("cookie"), list[ck].v);
571 if (!blk)
572 goto fail;
573
Willy Tarreau164e0612018-12-18 11:00:41 +0100574 tl = list[ck].v.len;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100575 fs = htx_free_data_space(htx);
576 bs = htx_get_blksz(blk);
577
578 /* for each extra cookie, we'll extend the cookie's value and
579 * insert "; " before the new value.
580 */
Willy Tarreau164e0612018-12-18 11:00:41 +0100581 fs += tl; // first one is already counted
Tim Duesterhus15683552021-03-04 23:50:13 +0100582 while ((ck = list[ck].n.len) >= 0) {
Willy Tarreau6deb4122018-11-27 15:34:18 +0100583 vl = list[ck].v.len;
Willy Tarreau164e0612018-12-18 11:00:41 +0100584 tl += vl + 2;
585 if (tl > fs)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100586 goto fail;
587
Christopher Faulet3e2638e2019-06-18 09:49:16 +0200588 htx_change_blk_value_len(htx, blk, tl);
Willy Tarreau6deb4122018-11-27 15:34:18 +0100589 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';';
590 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' ';
591 memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl);
592 bs += vl + 2;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100593 }
594
595 }
596
597 /* now send the end of headers marker */
Christopher Faulet5be651d2021-01-22 15:28:03 +0100598 if (!htx_add_endof(htx, HTX_BLK_EOH))
599 goto fail;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100600
Amaury Denoyelle4ca0f362021-07-07 10:49:28 +0200601 /* proceed to scheme-based normalization on target-URI */
602 if (fields & H2_PHDR_FND_SCHM)
603 http_scheme_based_normalize(htx);
604
Willy Tarreau6deb4122018-11-27 15:34:18 +0100605 ret = 1;
606 return ret;
607
608 fail:
609 return -1;
610}
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200611
612/* Prepare the status line into <htx> from pseudo headers stored in <phdr[]>.
613 * <fields> indicates what was found so far. This should be called once at the
614 * detection of the first general header field or at the end of the message if
615 * no general header field was found yet. Returns the created start line on
616 * success, or NULL on failure. Upon success, <msgf> is updated with a few
617 * H2_MSGF_* flags indicating what was found while parsing.
618 */
619static struct htx_sl *h2_prepare_htx_stsline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
620{
Christopher Faulet89899422020-12-07 18:24:43 +0100621 unsigned int status, flags = HTX_SL_F_NONE;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200622 struct htx_sl *sl;
Amaury Denoyelle74162742020-12-11 17:53:05 +0100623 struct ist stat;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200624
625 /* only :status is allowed as a pseudo header */
626 if (!(fields & H2_PHDR_FND_STAT))
627 goto fail;
628
629 if (phdr[H2_PHDR_IDX_STAT].len != 3)
630 goto fail;
631
Amaury Denoyelle74162742020-12-11 17:53:05 +0100632 /* if Extended CONNECT is used, convert status code from 200 to htx 101
633 * following rfc 8441 */
634 if (unlikely(*msgf & H2_MSGF_EXT_CONNECT) &&
635 isteq(phdr[H2_PHDR_IDX_STAT], ist("200"))) {
636 stat = ist("101");
637 status = 101;
638 }
639 else {
640 unsigned char h, t, u;
641
642 stat = phdr[H2_PHDR_IDX_STAT];
643
644 h = stat.ptr[0] - '0';
645 t = stat.ptr[1] - '0';
646 u = stat.ptr[2] - '0';
647 if (h > 9 || t > 9 || u > 9)
648 goto fail;
649 status = h * 100 + t * 10 + u;
650 }
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200651
Christopher Faulet89899422020-12-07 18:24:43 +0100652 /* 101 responses are not supported in H2, so return a error.
653 * On 1xx responses there is no ES on the HEADERS frame but there is no
654 * body. So remove the flag H2_MSGF_BODY and add H2_MSGF_RSP_1XX to
655 * notify the decoder another HEADERS frame is expected.
Ilya Shipitsinacf84592021-02-06 22:29:08 +0500656 * 204/304 response have no body by definition. So remove the flag
Christopher Faulet7d247f02020-12-02 14:26:36 +0100657 * H2_MSGF_BODY and set H2_MSGF_BODYLESS_RSP.
Amaury Denoyelle74162742020-12-11 17:53:05 +0100658 *
659 * Note however that there is a special condition for Extended CONNECT.
660 * In this case, we explicitly convert it to HTX 101 to mimic
661 * Get+Upgrade HTTP/1.1 mechanism
Christopher Faulet0b465482019-02-19 15:14:23 +0100662 */
Amaury Denoyelle74162742020-12-11 17:53:05 +0100663 if (status == 101) {
664 if (!(*msgf & H2_MSGF_EXT_CONNECT))
665 goto fail;
666 }
Christopher Faulet89899422020-12-07 18:24:43 +0100667 else if (status < 200) {
Christopher Faulet0b465482019-02-19 15:14:23 +0100668 *msgf |= H2_MSGF_RSP_1XX;
669 *msgf &= ~H2_MSGF_BODY;
670 }
Amaury Denoyelle74162742020-12-11 17:53:05 +0100671 else if (status == 204 || status == 304) {
Christopher Faulet7d247f02020-12-02 14:26:36 +0100672 *msgf &= ~H2_MSGF_BODY;
673 *msgf |= H2_MSGF_BODYLESS_RSP;
674 }
Christopher Faulet0b465482019-02-19 15:14:23 +0100675
Christopher Faulet89899422020-12-07 18:24:43 +0100676 /* Set HTX start-line flags */
677 flags |= HTX_SL_F_VER_11; // V2 in fact
678 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
679
Amaury Denoyelle74162742020-12-11 17:53:05 +0100680 sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, ist("HTTP/2.0"), stat, ist(""));
Christopher Faulet89899422020-12-07 18:24:43 +0100681 if (!sl)
682 goto fail;
683 sl->info.res.status = status;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200684 return sl;
685 fail:
686 return NULL;
687}
688
689/* Takes an H2 response present in the headers list <list> terminated by a name
690 * being <NULL,0> and emits the equivalent HTX response according to the rules
691 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
692 * a positive value is returned if some bytes were emitted. In case of error, a
693 * negative error code is returned.
694 *
695 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
696 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
697 * if a body is detected (!ES).
698 *
699 * The headers list <list> must be composed of :
700 * - n.name != NULL, n.len > 0 : literal header name
701 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
702 * among H2_PHDR_IDX_*
703 * - n.name ignored, n.len == 0 : end of list
704 * - in all cases except the end of list, v.name and v.len must designate a
705 * valid value.
Amaury Denoyelle74162742020-12-11 17:53:05 +0100706 *
707 * <upgrade_protocol> is only used if the htx status code is 101 indicating a
708 * response to an upgrade or h2-equivalent request.
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200709 */
Amaury Denoyelle74162742020-12-11 17:53:05 +0100710int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len, char *upgrade_protocol)
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200711{
712 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
713 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
714 uint32_t idx;
715 int phdr;
716 int ret;
717 int i;
718 struct htx_sl *sl = NULL;
719 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100720 const char *ctl;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200721
722 fields = 0;
723 for (idx = 0; list[idx].n.len != 0; idx++) {
Tim Duesterhus77508502022-03-15 13:11:06 +0100724 if (!isttest(list[idx].n)) {
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200725 /* this is an indexed pseudo-header */
726 phdr = list[idx].n.len;
727 }
728 else {
729 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100730 /* RFC7540#8.1.2: upper case not allowed in header field names.
731 * #10.3: header names must be valid (i.e. match a token).
732 * For pseudo-headers we check from 2nd char and for other ones
733 * from the first char, because HTTP_IS_TOKEN() also excludes
734 * the colon.
735 */
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200736 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100737
738 for (i = !!phdr; i < list[idx].n.len; i++)
739 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
740 goto fail;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200741 }
742
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100743 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
744 * rejecting NUL, CR and LF characters.
745 */
746 ctl = ist_find_ctl(list[idx].v);
747 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
748 goto fail;
749
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200750 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
751 /* insert a pseudo header by its index (in phdr) and value (in value) */
752 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
753 if (fields & H2_PHDR_FND_NONE) {
754 /* pseudo header field after regular headers */
755 goto fail;
756 }
757 else {
758 /* repeated pseudo header field */
759 goto fail;
760 }
761 }
762 fields |= 1 << phdr;
763 phdr_val[phdr] = list[idx].v;
764 continue;
765 }
766 else if (phdr != 0) {
767 /* invalid pseudo header -- should never happen here */
768 goto fail;
769 }
770
771 /* regular header field in (name,value) */
772 if (!(fields & H2_PHDR_FND_NONE)) {
773 /* no more pseudo-headers, time to build the status line */
774 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
775 if (!sl)
776 goto fail;
777 fields |= H2_PHDR_FND_NONE;
778 }
779
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100780 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100781 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100782 if (ret < 0)
783 goto fail;
784
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200785 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100786 if (ret == 0)
787 continue; // skip this duplicate
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200788 }
789
790 /* these ones are forbidden in responses (RFC7540#8.1.2.2) */
791 if (isteq(list[idx].n, ist("connection")) ||
792 isteq(list[idx].n, ist("proxy-connection")) ||
793 isteq(list[idx].n, ist("keep-alive")) ||
794 isteq(list[idx].n, ist("upgrade")) ||
795 isteq(list[idx].n, ist("transfer-encoding")))
796 goto fail;
797
798 if (!htx_add_header(htx, list[idx].n, list[idx].v))
799 goto fail;
800 }
801
802 /* RFC7540#8.1.2.1 mandates to reject request pseudo-headers */
803 if (fields & (H2_PHDR_FND_AUTH|H2_PHDR_FND_METH|H2_PHDR_FND_PATH|H2_PHDR_FND_SCHM))
804 goto fail;
805
806 /* Let's dump the request now if not yet emitted. */
807 if (!(fields & H2_PHDR_FND_NONE)) {
808 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
809 if (!sl)
810 goto fail;
Amaury Denoyelle74162742020-12-11 17:53:05 +0100811 }
812
813 if (sl->info.res.status == 101 && upgrade_protocol) {
814 if (!htx_add_header(htx, ist("connection"), ist("upgrade")))
815 goto fail;
816 if (!htx_add_header(htx, ist("upgrade"), ist(upgrade_protocol)))
817 goto fail;
818 sl_flags |= HTX_SL_F_CONN_UPG;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200819 }
820
Amaury Denoyelle74162742020-12-11 17:53:05 +0100821 if ((*msgf & H2_MSGF_BODY_TUNNEL) &&
822 ((sl->info.res.status >= 200 && sl->info.res.status < 300) || sl->info.res.status == 101))
Christopher Fauletd0db4232021-01-22 11:46:30 +0100823 *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL);
824 else
825 *msgf &= ~H2_MSGF_BODY_TUNNEL;
826
Christopher Fauletd1ac2b92020-12-02 19:12:22 +0100827 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) ||
828 (*msgf & H2_MSGF_BODY_TUNNEL)) {
Ilya Shipitsinacf84592021-02-06 22:29:08 +0500829 /* Response without body or tunnel successfully established */
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100830 sl_flags |= HTX_SL_F_BODYLESS;
Christopher Fauletd1ac2b92020-12-02 19:12:22 +0100831 htx->flags |= HTX_FL_EOM;
832 }
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100833
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200834 /* update the start line with last detected header info */
835 sl->flags |= sl_flags;
836
837 if ((*msgf & (H2_MSGF_BODY|H2_MSGF_BODY_TUNNEL|H2_MSGF_BODY_CL)) == H2_MSGF_BODY) {
838 /* FIXME: Do we need to signal anything when we have a body and
839 * no content-length, to have the equivalent of H1's chunked
840 * encoding?
841 */
842 }
843
844 /* now send the end of headers marker */
Christopher Faulet5be651d2021-01-22 15:28:03 +0100845 if (!htx_add_endof(htx, HTX_BLK_EOH))
846 goto fail;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200847
848 ret = 1;
849 return ret;
850
851 fail:
852 return -1;
853}
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100854
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200855/* Takes an H2 headers list <list> terminated by a name being <NULL,0> and emits
856 * the equivalent HTX trailers blocks. The output contents are emitted in <htx>,
857 * and a positive value is returned if some bytes were emitted. In case of
858 * error, a negative error code is returned. The caller must have verified that
859 * the message in the buffer is compatible with receipt of trailers.
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100860 *
861 * The headers list <list> must be composed of :
862 * - n.name != NULL, n.len > 0 : literal header name
863 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
864 * among H2_PHDR_IDX_* (illegal here)
865 * - n.name ignored, n.len == 0 : end of list
866 * - in all cases except the end of list, v.name and v.len must designate a
867 * valid value.
868 */
869int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx)
870{
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100871 const char *ctl;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100872 uint32_t idx;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100873 int i;
874
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100875 for (idx = 0; list[idx].n.len != 0; idx++) {
Tim Duesterhus77508502022-03-15 13:11:06 +0100876 if (!isttest(list[idx].n)) {
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100877 /* This is an indexed pseudo-header (RFC7540#8.1.2.1) */
878 goto fail;
879 }
880
Willy Tarreau146f53a2019-11-24 10:34:39 +0100881 /* RFC7540#8.1.2: upper case not allowed in header field names.
882 * #10.3: header names must be valid (i.e. match a token). This
883 * also catches pseudo-headers which are forbidden in trailers.
884 */
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100885 for (i = 0; i < list[idx].n.len; i++)
Willy Tarreau146f53a2019-11-24 10:34:39 +0100886 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100887 goto fail;
888
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100889 /* these ones are forbidden in trailers (RFC7540#8.1.2.2) */
890 if (isteq(list[idx].n, ist("host")) ||
891 isteq(list[idx].n, ist("content-length")) ||
892 isteq(list[idx].n, ist("connection")) ||
893 isteq(list[idx].n, ist("proxy-connection")) ||
894 isteq(list[idx].n, ist("keep-alive")) ||
895 isteq(list[idx].n, ist("upgrade")) ||
896 isteq(list[idx].n, ist("te")) ||
897 isteq(list[idx].n, ist("transfer-encoding")))
898 goto fail;
899
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100900 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
901 * rejecting NUL, CR and LF characters.
902 */
903 ctl = ist_find_ctl(list[idx].v);
904 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
905 goto fail;
906
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200907 if (!htx_add_trailer(htx, list[idx].n, list[idx].v))
908 goto fail;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100909 }
910
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200911 if (!htx_add_endof(htx, HTX_BLK_EOT))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100912 goto fail;
913
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100914 return 1;
915
916 fail:
917 return -1;
918}