Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 1 | /* |
| 2 | * HTTP/2 protocol processing |
| 3 | * |
| 4 | * Copyright 2017 Willy Tarreau <w@1wt.eu> |
| 5 | * Copyright (C) 2017 HAProxy Technologies |
| 6 | * |
| 7 | * Permission is hereby granted, free of charge, to any person obtaining |
| 8 | * a copy of this software and associated documentation files (the |
| 9 | * "Software"), to deal in the Software without restriction, including |
| 10 | * without limitation the rights to use, copy, modify, merge, publish, |
| 11 | * distribute, sublicense, and/or sell copies of the Software, and to |
| 12 | * permit persons to whom the Software is furnished to do so, subject to |
| 13 | * the following conditions: |
| 14 | * |
| 15 | * The above copyright notice and this permission notice shall be |
| 16 | * included in all copies or substantial portions of the Software. |
| 17 | * |
| 18 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| 19 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES |
| 20 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| 21 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
| 22 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
| 23 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| 24 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
| 25 | * OTHER DEALINGS IN THE SOFTWARE. |
| 26 | */ |
| 27 | |
Willy Tarreau | a1bd1fa | 2019-03-29 17:26:33 +0100 | [diff] [blame] | 28 | #include <inttypes.h> |
Willy Tarreau | 4c7e4b7 | 2020-05-27 12:58:42 +0200 | [diff] [blame] | 29 | #include <haproxy/api.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 30 | #include <haproxy/global.h> |
Willy Tarreau | bf07314 | 2020-06-03 12:04:01 +0200 | [diff] [blame] | 31 | #include <haproxy/h2.h> |
Willy Tarreau | 0017be0 | 2020-06-02 19:25:28 +0200 | [diff] [blame] | 32 | #include <haproxy/http-hdr-t.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 33 | #include <haproxy/http.h> |
Amaury Denoyelle | 4ca0f36 | 2021-07-07 10:49:28 +0200 | [diff] [blame] | 34 | #include <haproxy/http_htx.h> |
Willy Tarreau | 16f958c | 2020-06-03 08:44:35 +0200 | [diff] [blame] | 35 | #include <haproxy/htx.h> |
Willy Tarreau | eb6f701 | 2020-05-27 16:21:26 +0200 | [diff] [blame] | 36 | #include <import/ist.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 37 | |
Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 38 | |
Willy Tarreau | 9c84d82 | 2019-01-30 15:09:21 +0100 | [diff] [blame] | 39 | struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = { |
| 40 | [H2_FT_DATA ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 41 | [H2_FT_HEADERS ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 1, .max_len = H2_MAX_FRAME_LEN, }, |
| 42 | [H2_FT_PRIORITY ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 5, .max_len = 5, }, |
| 43 | [H2_FT_RST_STREAM ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, }, |
| 44 | [H2_FT_SETTINGS ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 45 | [H2_FT_PUSH_PROMISE ] = { .dir = 0, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = H2_MAX_FRAME_LEN, }, |
| 46 | [H2_FT_PING ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = 8, }, |
| 47 | [H2_FT_GOAWAY ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = H2_MAX_FRAME_LEN, }, |
| 48 | [H2_FT_WINDOW_UPDATE] = { .dir = 3, .min_id = 0, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, }, |
| 49 | [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 50 | }; |
Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 51 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 52 | /* Looks into <ist> for forbidden characters for header values (0x00, 0x0A, |
| 53 | * 0x0D), starting at pointer <start> which must be within <ist>. Returns |
| 54 | * non-zero if such a character is found, 0 otherwise. When run on unlikely |
| 55 | * header match, it's recommended to first check for the presence of control |
| 56 | * chars using ist_find_ctl(). |
| 57 | */ |
| 58 | static int has_forbidden_char(const struct ist ist, const char *start) |
| 59 | { |
| 60 | do { |
| 61 | if ((uint8_t)*start <= 0x0d && |
| 62 | (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0))) |
| 63 | return 1; |
| 64 | start++; |
Tim Duesterhus | 4c8f75f | 2021-11-06 15:14:44 +0100 | [diff] [blame] | 65 | } while (start < istend(ist)); |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 66 | return 0; |
| 67 | } |
| 68 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 69 | /* Parse the Content-Length header field of an HTTP/2 request. The function |
| 70 | * checks all possible occurrences of a comma-delimited value, and verifies |
| 71 | * if any of them doesn't match a previous value. It returns <0 if a value |
| 72 | * differs, 0 if the whole header can be dropped (i.e. already known), or >0 |
| 73 | * if the value can be indexed (first one). In the last case, the value might |
| 74 | * be adjusted and the caller must only add the updated value. |
| 75 | */ |
| 76 | int h2_parse_cont_len_header(unsigned int *msgf, struct ist *value, unsigned long long *body_len) |
| 77 | { |
| 78 | char *e, *n; |
| 79 | unsigned long long cl; |
| 80 | int not_first = !!(*msgf & H2_MSGF_BODY_CL); |
| 81 | struct ist word; |
| 82 | |
| 83 | word.ptr = value->ptr - 1; // -1 for next loop's pre-increment |
| 84 | e = value->ptr + value->len; |
| 85 | |
| 86 | while (++word.ptr < e) { |
Ilya Shipitsin | 6fb0f21 | 2020-04-02 15:25:26 +0500 | [diff] [blame] | 87 | /* skip leading delimiter and blanks */ |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 88 | if (unlikely(HTTP_IS_LWS(*word.ptr))) |
| 89 | continue; |
| 90 | |
| 91 | /* digits only now */ |
| 92 | for (cl = 0, n = word.ptr; n < e; n++) { |
| 93 | unsigned int c = *n - '0'; |
| 94 | if (unlikely(c > 9)) { |
| 95 | /* non-digit */ |
| 96 | if (unlikely(n == word.ptr)) // spaces only |
| 97 | goto fail; |
| 98 | break; |
| 99 | } |
| 100 | if (unlikely(cl > ULLONG_MAX / 10ULL)) |
| 101 | goto fail; /* multiply overflow */ |
| 102 | cl = cl * 10ULL; |
| 103 | if (unlikely(cl + c < cl)) |
| 104 | goto fail; /* addition overflow */ |
| 105 | cl = cl + c; |
| 106 | } |
| 107 | |
| 108 | /* keep a copy of the exact cleaned value */ |
| 109 | word.len = n - word.ptr; |
| 110 | |
| 111 | /* skip trailing LWS till next comma or EOL */ |
| 112 | for (; n < e; n++) { |
| 113 | if (!HTTP_IS_LWS(*n)) { |
| 114 | if (unlikely(*n != ',')) |
| 115 | goto fail; |
| 116 | break; |
| 117 | } |
| 118 | } |
| 119 | |
| 120 | /* if duplicate, must be equal */ |
| 121 | if (*msgf & H2_MSGF_BODY_CL && cl != *body_len) |
| 122 | goto fail; |
| 123 | |
| 124 | /* OK, store this result as the one to be indexed */ |
| 125 | *msgf |= H2_MSGF_BODY_CL; |
| 126 | *body_len = cl; |
| 127 | *value = word; |
| 128 | word.ptr = n; |
| 129 | } |
| 130 | /* here we've reached the end with a single value or a series of |
| 131 | * identical values, all matching previous series if any. The last |
| 132 | * parsed value was sent back into <value>. We just have to decide |
| 133 | * if this occurrence has to be indexed (it's the first one) or |
| 134 | * silently skipped (it's not the first one) |
| 135 | */ |
| 136 | return !not_first; |
| 137 | fail: |
| 138 | return -1; |
| 139 | } |
| 140 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 141 | /* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>. |
| 142 | * <fields> indicates what was found so far. This should be called once at the |
| 143 | * detection of the first general header field or at the end of the request if |
| 144 | * no general header field was found yet. Returns the created start line on |
| 145 | * success, or NULL on failure. Upon success, <msgf> is updated with a few |
| 146 | * H2_MSGF_* flags indicating what was found while parsing. |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 147 | * |
| 148 | * The rules below deserve a bit of explanation. There tends to be some |
| 149 | * confusion regarding H2's authority vs the Host header. They are different |
| 150 | * though may sometimes be exchanged. In H2, the request line is broken into : |
| 151 | * - :method |
| 152 | * - :scheme |
| 153 | * - :authority |
| 154 | * - :path |
| 155 | * |
| 156 | * An equivalent HTTP/1.x absolute-form request would then look like : |
| 157 | * <:method> <:scheme>://<:authority><:path> HTTP/x.y |
| 158 | * |
| 159 | * Except for CONNECT which doesn't have scheme nor path and looks like : |
| 160 | * <:method> <:authority> HTTP/x.y |
| 161 | * |
| 162 | * It's worth noting that H2 still supports an encoding to map H1 origin-form |
| 163 | * and asterisk-form requests. These ones do not specify the authority. However |
| 164 | * in H2 they must still specify the scheme, which is not present in H1. Also, |
| 165 | * when encoding an absolute-form H1 request without a path, the path |
| 166 | * automatically becomes "/" except for the OPTIONS method where it |
| 167 | * becomes "*". |
| 168 | * |
| 169 | * As such it is explicitly permitted for an H2 client to send a request |
| 170 | * featuring a Host header and no :authority, though it's not the recommended |
| 171 | * way to use H2 for a client. It is however the only permitted way to encode |
| 172 | * an origin-form H1 request over H2. Thus we need to respect such differences |
| 173 | * as much as possible when re-encoding the H2 request into HTX. |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 174 | */ |
| 175 | static struct htx_sl *h2_prepare_htx_reqline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf) |
| 176 | { |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 177 | struct ist uri, meth_sl; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 178 | unsigned int flags = HTX_SL_F_NONE; |
| 179 | struct htx_sl *sl; |
Willy Tarreau | 9255e7e | 2019-03-05 10:47:37 +0100 | [diff] [blame] | 180 | size_t i; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 181 | |
| 182 | if ((fields & H2_PHDR_FND_METH) && isteq(phdr[H2_PHDR_IDX_METH], ist("CONNECT"))) { |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 183 | if (fields & H2_PHDR_FND_PROT) { |
| 184 | /* rfc 8441 Extended Connect Protocol |
| 185 | * #4 :scheme and :path must be present, as well as |
| 186 | * :authority like all h2 requests |
| 187 | */ |
| 188 | if (!(fields & H2_PHDR_FND_SCHM)) { |
| 189 | /* missing scheme */ |
| 190 | goto fail; |
| 191 | } |
| 192 | else if (!(fields & H2_PHDR_FND_PATH)) { |
| 193 | /* missing path */ |
| 194 | goto fail; |
| 195 | } |
| 196 | else if (!(fields & H2_PHDR_FND_AUTH)) { |
| 197 | /* missing authority */ |
| 198 | goto fail; |
| 199 | } |
| 200 | |
| 201 | flags |= HTX_SL_F_HAS_SCHM; |
| 202 | if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http"))) |
| 203 | flags |= HTX_SL_F_SCHM_HTTP; |
| 204 | else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https"))) |
| 205 | flags |= HTX_SL_F_SCHM_HTTPS; |
Willy Tarreau | a495e0d | 2021-08-10 15:37:34 +0200 | [diff] [blame] | 206 | else if (!http_validate_scheme(phdr[H2_PHDR_IDX_SCHM])) |
| 207 | htx->flags |= HTX_FL_PARSING_ERROR; |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 208 | |
| 209 | meth_sl = ist("GET"); |
| 210 | |
| 211 | *msgf |= H2_MSGF_EXT_CONNECT; |
| 212 | /* no ES on the HEADERS frame but no body either for |
| 213 | * Extended CONNECT */ |
| 214 | *msgf &= ~H2_MSGF_BODY; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 215 | } |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 216 | else { |
| 217 | /* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path" |
| 218 | * MUST be omitted ; ":authority" contains the host and port |
| 219 | * to connect to. |
| 220 | */ |
| 221 | if (fields & H2_PHDR_FND_SCHM) { |
| 222 | /* scheme not allowed */ |
| 223 | goto fail; |
| 224 | } |
| 225 | else if (fields & H2_PHDR_FND_PATH) { |
| 226 | /* path not allowed */ |
| 227 | goto fail; |
| 228 | } |
| 229 | else if (!(fields & H2_PHDR_FND_AUTH)) { |
| 230 | /* missing authority */ |
| 231 | goto fail; |
| 232 | } |
| 233 | |
| 234 | meth_sl = phdr[H2_PHDR_IDX_METH]; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 235 | } |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 236 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 237 | *msgf |= H2_MSGF_BODY_TUNNEL; |
| 238 | } |
| 239 | else if ((fields & (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) != |
| 240 | (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) { |
| 241 | /* RFC 7540 #8.1.2.3 : all requests MUST include exactly one |
| 242 | * valid value for the ":method", ":scheme" and ":path" phdr |
| 243 | * unless it is a CONNECT request. |
| 244 | */ |
| 245 | if (!(fields & H2_PHDR_FND_METH)) { |
| 246 | /* missing method */ |
| 247 | goto fail; |
| 248 | } |
| 249 | else if (!(fields & H2_PHDR_FND_SCHM)) { |
| 250 | /* missing scheme */ |
| 251 | goto fail; |
| 252 | } |
| 253 | else { |
| 254 | /* missing path */ |
| 255 | goto fail; |
| 256 | } |
| 257 | } |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 258 | else { /* regular methods */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 259 | /* RFC3986#6.2.2.1: scheme is case-insensitive. We need to |
| 260 | * classify the scheme as "present/http", "present/https", |
| 261 | * "present/other", "absent" so as to decide whether or not |
| 262 | * we're facing a normalized URI that will have to be encoded |
| 263 | * in origin or absolute form. Indeed, 7540#8.1.2.3 says that |
| 264 | * clients should use the absolute form, thus we cannot infer |
| 265 | * whether or not the client wanted to use a proxy here. |
| 266 | */ |
| 267 | flags |= HTX_SL_F_HAS_SCHM; |
| 268 | if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http"))) |
| 269 | flags |= HTX_SL_F_SCHM_HTTP; |
| 270 | else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https"))) |
| 271 | flags |= HTX_SL_F_SCHM_HTTPS; |
Willy Tarreau | a495e0d | 2021-08-10 15:37:34 +0200 | [diff] [blame] | 272 | else if (!http_validate_scheme(phdr[H2_PHDR_IDX_SCHM])) |
| 273 | htx->flags |= HTX_FL_PARSING_ERROR; |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 274 | |
| 275 | meth_sl = phdr[H2_PHDR_IDX_METH]; |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 276 | } |
| 277 | |
Willy Tarreau | 4b8852c | 2021-08-10 16:30:55 +0200 | [diff] [blame] | 278 | if (fields & H2_PHDR_FND_PATH) { |
| 279 | /* 7540#8.1.2.3: :path must not be empty, and must be either |
| 280 | * '*' or an RFC3986 "path-absolute" starting with a "/" but |
| 281 | * not with "//". |
Willy Tarreau | 46b7dff | 2021-08-19 23:06:58 +0200 | [diff] [blame] | 282 | * However, this "path-absolute" was a mistake which was |
| 283 | * later fixed in http2bis as "absolute-path" to match |
| 284 | * HTTP/1, thus also allowing "//". |
Willy Tarreau | 4b8852c | 2021-08-10 16:30:55 +0200 | [diff] [blame] | 285 | */ |
| 286 | if (unlikely(!phdr[H2_PHDR_IDX_PATH].len)) |
| 287 | goto fail; |
| 288 | else if (unlikely(phdr[H2_PHDR_IDX_PATH].ptr[0] != '/')) { |
| 289 | if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*"))) |
| 290 | goto fail; |
| 291 | } |
Willy Tarreau | 4b8852c | 2021-08-10 16:30:55 +0200 | [diff] [blame] | 292 | } |
| 293 | |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 294 | if (!(flags & HTX_SL_F_HAS_SCHM)) { |
| 295 | /* no scheme, use authority only (CONNECT) */ |
| 296 | uri = phdr[H2_PHDR_IDX_AUTH]; |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 297 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 298 | } |
Willy Tarreau | 30ee1ef | 2019-10-08 18:33:19 +0200 | [diff] [blame] | 299 | else if (fields & H2_PHDR_FND_AUTH) { |
| 300 | /* authority is present, let's use the absolute form. We simply |
| 301 | * use the trash to concatenate them since all of them MUST fit |
| 302 | * in a bufsize since it's where they come from. |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 303 | */ |
| 304 | uri = ist2bin(trash.area, phdr[H2_PHDR_IDX_SCHM]); |
| 305 | istcat(&uri, ist("://"), trash.size); |
| 306 | istcat(&uri, phdr[H2_PHDR_IDX_AUTH], trash.size); |
| 307 | if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*"))) |
| 308 | istcat(&uri, phdr[H2_PHDR_IDX_PATH], trash.size); |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 309 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 30ee1ef | 2019-10-08 18:33:19 +0200 | [diff] [blame] | 310 | |
| 311 | if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) { |
| 312 | /* we don't know if it was originally an absolute or a |
| 313 | * relative request because newer versions of HTTP use |
| 314 | * the absolute URI format by default, which we call |
| 315 | * the normalized URI format internally. This is the |
| 316 | * strongly recommended way of sending a request for |
| 317 | * a regular client, so we cannot distinguish this |
| 318 | * from a request intended for a proxy. For other |
| 319 | * schemes however there is no doubt. |
| 320 | */ |
| 321 | flags |= HTX_SL_F_NORMALIZED_URI; |
| 322 | } |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 323 | } |
| 324 | else { |
| 325 | /* usual schemes with or without authority, use origin form */ |
| 326 | uri = phdr[H2_PHDR_IDX_PATH]; |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 327 | if (fields & H2_PHDR_FND_AUTH) |
| 328 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 329 | } |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 330 | |
Willy Tarreau | 8926522 | 2021-08-11 11:12:46 +0200 | [diff] [blame] | 331 | /* The method is a non-empty token (RFC7231#4.1) */ |
| 332 | if (!meth_sl.len) |
| 333 | goto fail; |
| 334 | for (i = 0; i < meth_sl.len; i++) { |
| 335 | if (!HTTP_IS_TOKEN(meth_sl.ptr[i])) |
| 336 | htx->flags |= HTX_FL_PARSING_ERROR; |
| 337 | } |
| 338 | |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 339 | /* make sure the final URI isn't empty. Note that 7540#8.1.2.3 states |
| 340 | * that :path must not be empty. |
| 341 | */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 342 | if (!uri.len) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 343 | goto fail; |
| 344 | |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 345 | /* The final URI must not contain LWS nor CTL characters */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 346 | for (i = 0; i < uri.len; i++) { |
| 347 | unsigned char c = uri.ptr[i]; |
Willy Tarreau | 9255e7e | 2019-03-05 10:47:37 +0100 | [diff] [blame] | 348 | if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c)) |
| 349 | htx->flags |= HTX_FL_PARSING_ERROR; |
| 350 | } |
| 351 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 352 | /* Set HTX start-line flags */ |
| 353 | flags |= HTX_SL_F_VER_11; // V2 in fact |
| 354 | flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2 |
| 355 | |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 356 | sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, meth_sl, uri, ist("HTTP/2.0")); |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 357 | if (!sl) |
| 358 | goto fail; |
| 359 | |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 360 | sl->info.req.meth = find_http_meth(meth_sl.ptr, meth_sl.len); |
Christopher Faulet | 7d247f0 | 2020-12-02 14:26:36 +0100 | [diff] [blame] | 361 | if (sl->info.req.meth == HTTP_METH_HEAD) |
| 362 | *msgf |= H2_MSGF_BODYLESS_RSP; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 363 | return sl; |
| 364 | fail: |
| 365 | return NULL; |
| 366 | } |
| 367 | |
| 368 | /* Takes an H2 request present in the headers list <list> terminated by a name |
| 369 | * being <NULL,0> and emits the equivalent HTX request according to the rules |
| 370 | * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and |
| 371 | * non-zero is returned if some bytes were emitted. In case of error, a |
| 372 | * negative error code is returned. |
| 373 | * |
| 374 | * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what |
| 375 | * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY |
| 376 | * if a body is detected (!ES). |
| 377 | * |
| 378 | * The headers list <list> must be composed of : |
| 379 | * - n.name != NULL, n.len > 0 : literal header name |
| 380 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 381 | * among H2_PHDR_IDX_* |
| 382 | * - n.name ignored, n.len == 0 : end of list |
| 383 | * - in all cases except the end of list, v.name and v.len must designate a |
| 384 | * valid value. |
| 385 | * |
| 386 | * The Cookie header will be reassembled at the end, and for this, the <list> |
| 387 | * will be used to create a linked list, so its contents may be destroyed. |
| 388 | */ |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 389 | int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 390 | { |
| 391 | struct ist phdr_val[H2_PHDR_NUM_ENTRIES]; |
| 392 | uint32_t fields; /* bit mask of H2_PHDR_FND_* */ |
| 393 | uint32_t idx; |
| 394 | int ck, lck; /* cookie index and last cookie index */ |
| 395 | int phdr; |
| 396 | int ret; |
| 397 | int i; |
| 398 | struct htx_sl *sl = NULL; |
| 399 | unsigned int sl_flags = 0; |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 400 | const char *ctl; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 401 | |
| 402 | lck = ck = -1; // no cookie for now |
| 403 | fields = 0; |
| 404 | for (idx = 0; list[idx].n.len != 0; idx++) { |
Tim Duesterhus | 7750850 | 2022-03-15 13:11:06 +0100 | [diff] [blame] | 405 | if (!isttest(list[idx].n)) { |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 406 | /* this is an indexed pseudo-header */ |
| 407 | phdr = list[idx].n.len; |
| 408 | } |
| 409 | else { |
| 410 | /* this can be any type of header */ |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 411 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 412 | * #10.3: header names must be valid (i.e. match a token). |
| 413 | * For pseudo-headers we check from 2nd char and for other ones |
| 414 | * from the first char, because HTTP_IS_TOKEN() also excludes |
| 415 | * the colon. |
| 416 | */ |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 417 | phdr = h2_str_to_phdr(list[idx].n); |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 418 | |
| 419 | for (i = !!phdr; i < list[idx].n.len; i++) |
| 420 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
| 421 | goto fail; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 422 | } |
| 423 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 424 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 425 | * rejecting NUL, CR and LF characters. |
| 426 | */ |
| 427 | ctl = ist_find_ctl(list[idx].v); |
| 428 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 429 | goto fail; |
| 430 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 431 | if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { |
| 432 | /* insert a pseudo header by its index (in phdr) and value (in value) */ |
| 433 | if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) { |
| 434 | if (fields & H2_PHDR_FND_NONE) { |
| 435 | /* pseudo header field after regular headers */ |
| 436 | goto fail; |
| 437 | } |
| 438 | else { |
| 439 | /* repeated pseudo header field */ |
| 440 | goto fail; |
| 441 | } |
| 442 | } |
| 443 | fields |= 1 << phdr; |
| 444 | phdr_val[phdr] = list[idx].v; |
| 445 | continue; |
| 446 | } |
| 447 | else if (phdr != 0) { |
| 448 | /* invalid pseudo header -- should never happen here */ |
| 449 | goto fail; |
| 450 | } |
| 451 | |
| 452 | /* regular header field in (name,value) */ |
| 453 | if (unlikely(!(fields & H2_PHDR_FND_NONE))) { |
| 454 | /* no more pseudo-headers, time to build the request line */ |
| 455 | sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf); |
| 456 | if (!sl) |
| 457 | goto fail; |
| 458 | fields |= H2_PHDR_FND_NONE; |
Willy Tarreau | b5d2b9e | 2021-08-11 15:39:13 +0200 | [diff] [blame] | 459 | |
| 460 | /* http2bis draft recommends to drop Host in favor of :authority when |
| 461 | * the latter is present. This is required to make sure there is no |
| 462 | * discrepancy between the authority and the host header, especially |
| 463 | * since routing rules usually involve Host. Here we already know if |
| 464 | * :authority was found so we can emit it right now and mark the host |
| 465 | * as filled so that it's skipped later. |
| 466 | */ |
| 467 | if (fields & H2_PHDR_FND_AUTH) { |
| 468 | if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH])) |
| 469 | goto fail; |
| 470 | fields |= H2_PHDR_FND_HOST; |
| 471 | } |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 472 | } |
| 473 | |
Willy Tarreau | b5d2b9e | 2021-08-11 15:39:13 +0200 | [diff] [blame] | 474 | if (isteq(list[idx].n, ist("host"))) { |
| 475 | if (fields & H2_PHDR_FND_HOST) |
| 476 | continue; |
| 477 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 478 | fields |= H2_PHDR_FND_HOST; |
Willy Tarreau | b5d2b9e | 2021-08-11 15:39:13 +0200 | [diff] [blame] | 479 | } |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 480 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 481 | if (isteq(list[idx].n, ist("content-length"))) { |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 482 | ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len); |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 483 | if (ret < 0) |
| 484 | goto fail; |
| 485 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 486 | sl_flags |= HTX_SL_F_CLEN; |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 487 | if (ret == 0) |
| 488 | continue; // skip this duplicate |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 489 | } |
| 490 | |
| 491 | /* these ones are forbidden in requests (RFC7540#8.1.2.2) */ |
| 492 | if (isteq(list[idx].n, ist("connection")) || |
| 493 | isteq(list[idx].n, ist("proxy-connection")) || |
| 494 | isteq(list[idx].n, ist("keep-alive")) || |
| 495 | isteq(list[idx].n, ist("upgrade")) || |
| 496 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 497 | goto fail; |
| 498 | |
| 499 | if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers"))) |
| 500 | goto fail; |
| 501 | |
| 502 | /* cookie requires special processing at the end */ |
| 503 | if (isteq(list[idx].n, ist("cookie"))) { |
| 504 | list[idx].n.len = -1; |
| 505 | |
| 506 | if (ck < 0) |
| 507 | ck = idx; |
| 508 | else |
| 509 | list[lck].n.len = idx; |
| 510 | |
| 511 | lck = idx; |
| 512 | continue; |
| 513 | } |
| 514 | |
| 515 | if (!htx_add_header(htx, list[idx].n, list[idx].v)) |
| 516 | goto fail; |
| 517 | } |
| 518 | |
| 519 | /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */ |
| 520 | if (fields & H2_PHDR_FND_STAT) |
| 521 | goto fail; |
| 522 | |
| 523 | /* Let's dump the request now if not yet emitted. */ |
| 524 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 525 | sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf); |
| 526 | if (!sl) |
| 527 | goto fail; |
| 528 | } |
| 529 | |
Christopher Faulet | d0db423 | 2021-01-22 11:46:30 +0100 | [diff] [blame] | 530 | if (*msgf & H2_MSGF_BODY_TUNNEL) |
| 531 | *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL); |
| 532 | |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 533 | if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) || |
| 534 | (*msgf & H2_MSGF_BODY_TUNNEL)) { |
| 535 | /* Request without body or tunnel requested */ |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 536 | sl_flags |= HTX_SL_F_BODYLESS; |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 537 | htx->flags |= HTX_FL_EOM; |
| 538 | } |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 539 | |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 540 | if (*msgf & H2_MSGF_EXT_CONNECT) { |
| 541 | if (!htx_add_header(htx, ist("upgrade"), phdr_val[H2_PHDR_IDX_PROT])) |
| 542 | goto fail; |
| 543 | if (!htx_add_header(htx, ist("connection"), ist("upgrade"))) |
| 544 | goto fail; |
| 545 | sl_flags |= HTX_SL_F_CONN_UPG; |
| 546 | } |
| 547 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 548 | /* update the start line with last detected header info */ |
| 549 | sl->flags |= sl_flags; |
| 550 | |
Willy Tarreau | b5d2b9e | 2021-08-11 15:39:13 +0200 | [diff] [blame] | 551 | /* complete with missing Host if needed (we may validate this test if |
| 552 | * no regular header was found). |
| 553 | */ |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 554 | if ((fields & (H2_PHDR_FND_HOST|H2_PHDR_FND_AUTH)) == H2_PHDR_FND_AUTH) { |
| 555 | /* missing Host field, use :authority instead */ |
| 556 | if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH])) |
| 557 | goto fail; |
| 558 | } |
| 559 | |
| 560 | /* now we may have to build a cookie list. We'll dump the values of all |
| 561 | * visited headers. |
| 562 | */ |
| 563 | if (ck >= 0) { |
| 564 | uint32_t fs; // free space |
| 565 | uint32_t bs; // block size |
| 566 | uint32_t vl; // value len |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 567 | uint32_t tl; // total length |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 568 | struct htx_blk *blk; |
| 569 | |
| 570 | blk = htx_add_header(htx, ist("cookie"), list[ck].v); |
| 571 | if (!blk) |
| 572 | goto fail; |
| 573 | |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 574 | tl = list[ck].v.len; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 575 | fs = htx_free_data_space(htx); |
| 576 | bs = htx_get_blksz(blk); |
| 577 | |
| 578 | /* for each extra cookie, we'll extend the cookie's value and |
| 579 | * insert "; " before the new value. |
| 580 | */ |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 581 | fs += tl; // first one is already counted |
Tim Duesterhus | 1568355 | 2021-03-04 23:50:13 +0100 | [diff] [blame] | 582 | while ((ck = list[ck].n.len) >= 0) { |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 583 | vl = list[ck].v.len; |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 584 | tl += vl + 2; |
| 585 | if (tl > fs) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 586 | goto fail; |
| 587 | |
Christopher Faulet | 3e2638e | 2019-06-18 09:49:16 +0200 | [diff] [blame] | 588 | htx_change_blk_value_len(htx, blk, tl); |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 589 | *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';'; |
| 590 | *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' '; |
| 591 | memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl); |
| 592 | bs += vl + 2; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 593 | } |
| 594 | |
| 595 | } |
| 596 | |
| 597 | /* now send the end of headers marker */ |
Christopher Faulet | 5be651d | 2021-01-22 15:28:03 +0100 | [diff] [blame] | 598 | if (!htx_add_endof(htx, HTX_BLK_EOH)) |
| 599 | goto fail; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 600 | |
Amaury Denoyelle | 4ca0f36 | 2021-07-07 10:49:28 +0200 | [diff] [blame] | 601 | /* proceed to scheme-based normalization on target-URI */ |
| 602 | if (fields & H2_PHDR_FND_SCHM) |
| 603 | http_scheme_based_normalize(htx); |
| 604 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 605 | ret = 1; |
| 606 | return ret; |
| 607 | |
| 608 | fail: |
| 609 | return -1; |
| 610 | } |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 611 | |
| 612 | /* Prepare the status line into <htx> from pseudo headers stored in <phdr[]>. |
| 613 | * <fields> indicates what was found so far. This should be called once at the |
| 614 | * detection of the first general header field or at the end of the message if |
| 615 | * no general header field was found yet. Returns the created start line on |
| 616 | * success, or NULL on failure. Upon success, <msgf> is updated with a few |
| 617 | * H2_MSGF_* flags indicating what was found while parsing. |
| 618 | */ |
| 619 | static struct htx_sl *h2_prepare_htx_stsline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf) |
| 620 | { |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 621 | unsigned int status, flags = HTX_SL_F_NONE; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 622 | struct htx_sl *sl; |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 623 | struct ist stat; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 624 | |
| 625 | /* only :status is allowed as a pseudo header */ |
| 626 | if (!(fields & H2_PHDR_FND_STAT)) |
| 627 | goto fail; |
| 628 | |
| 629 | if (phdr[H2_PHDR_IDX_STAT].len != 3) |
| 630 | goto fail; |
| 631 | |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 632 | /* if Extended CONNECT is used, convert status code from 200 to htx 101 |
| 633 | * following rfc 8441 */ |
| 634 | if (unlikely(*msgf & H2_MSGF_EXT_CONNECT) && |
| 635 | isteq(phdr[H2_PHDR_IDX_STAT], ist("200"))) { |
| 636 | stat = ist("101"); |
| 637 | status = 101; |
| 638 | } |
| 639 | else { |
| 640 | unsigned char h, t, u; |
| 641 | |
| 642 | stat = phdr[H2_PHDR_IDX_STAT]; |
| 643 | |
| 644 | h = stat.ptr[0] - '0'; |
| 645 | t = stat.ptr[1] - '0'; |
| 646 | u = stat.ptr[2] - '0'; |
| 647 | if (h > 9 || t > 9 || u > 9) |
| 648 | goto fail; |
| 649 | status = h * 100 + t * 10 + u; |
| 650 | } |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 651 | |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 652 | /* 101 responses are not supported in H2, so return a error. |
| 653 | * On 1xx responses there is no ES on the HEADERS frame but there is no |
| 654 | * body. So remove the flag H2_MSGF_BODY and add H2_MSGF_RSP_1XX to |
| 655 | * notify the decoder another HEADERS frame is expected. |
Ilya Shipitsin | acf8459 | 2021-02-06 22:29:08 +0500 | [diff] [blame] | 656 | * 204/304 response have no body by definition. So remove the flag |
Christopher Faulet | 7d247f0 | 2020-12-02 14:26:36 +0100 | [diff] [blame] | 657 | * H2_MSGF_BODY and set H2_MSGF_BODYLESS_RSP. |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 658 | * |
| 659 | * Note however that there is a special condition for Extended CONNECT. |
| 660 | * In this case, we explicitly convert it to HTX 101 to mimic |
| 661 | * Get+Upgrade HTTP/1.1 mechanism |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 662 | */ |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 663 | if (status == 101) { |
| 664 | if (!(*msgf & H2_MSGF_EXT_CONNECT)) |
| 665 | goto fail; |
| 666 | } |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 667 | else if (status < 200) { |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 668 | *msgf |= H2_MSGF_RSP_1XX; |
| 669 | *msgf &= ~H2_MSGF_BODY; |
| 670 | } |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 671 | else if (status == 204 || status == 304) { |
Christopher Faulet | 7d247f0 | 2020-12-02 14:26:36 +0100 | [diff] [blame] | 672 | *msgf &= ~H2_MSGF_BODY; |
| 673 | *msgf |= H2_MSGF_BODYLESS_RSP; |
| 674 | } |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 675 | |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 676 | /* Set HTX start-line flags */ |
| 677 | flags |= HTX_SL_F_VER_11; // V2 in fact |
| 678 | flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2 |
| 679 | |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 680 | sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, ist("HTTP/2.0"), stat, ist("")); |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 681 | if (!sl) |
| 682 | goto fail; |
| 683 | sl->info.res.status = status; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 684 | return sl; |
| 685 | fail: |
| 686 | return NULL; |
| 687 | } |
| 688 | |
| 689 | /* Takes an H2 response present in the headers list <list> terminated by a name |
| 690 | * being <NULL,0> and emits the equivalent HTX response according to the rules |
| 691 | * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and |
| 692 | * a positive value is returned if some bytes were emitted. In case of error, a |
| 693 | * negative error code is returned. |
| 694 | * |
| 695 | * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what |
| 696 | * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY |
| 697 | * if a body is detected (!ES). |
| 698 | * |
| 699 | * The headers list <list> must be composed of : |
| 700 | * - n.name != NULL, n.len > 0 : literal header name |
| 701 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 702 | * among H2_PHDR_IDX_* |
| 703 | * - n.name ignored, n.len == 0 : end of list |
| 704 | * - in all cases except the end of list, v.name and v.len must designate a |
| 705 | * valid value. |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 706 | * |
| 707 | * <upgrade_protocol> is only used if the htx status code is 101 indicating a |
| 708 | * response to an upgrade or h2-equivalent request. |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 709 | */ |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 710 | int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len, char *upgrade_protocol) |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 711 | { |
| 712 | struct ist phdr_val[H2_PHDR_NUM_ENTRIES]; |
| 713 | uint32_t fields; /* bit mask of H2_PHDR_FND_* */ |
| 714 | uint32_t idx; |
| 715 | int phdr; |
| 716 | int ret; |
| 717 | int i; |
| 718 | struct htx_sl *sl = NULL; |
| 719 | unsigned int sl_flags = 0; |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 720 | const char *ctl; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 721 | |
| 722 | fields = 0; |
| 723 | for (idx = 0; list[idx].n.len != 0; idx++) { |
Tim Duesterhus | 7750850 | 2022-03-15 13:11:06 +0100 | [diff] [blame] | 724 | if (!isttest(list[idx].n)) { |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 725 | /* this is an indexed pseudo-header */ |
| 726 | phdr = list[idx].n.len; |
| 727 | } |
| 728 | else { |
| 729 | /* this can be any type of header */ |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 730 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 731 | * #10.3: header names must be valid (i.e. match a token). |
| 732 | * For pseudo-headers we check from 2nd char and for other ones |
| 733 | * from the first char, because HTTP_IS_TOKEN() also excludes |
| 734 | * the colon. |
| 735 | */ |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 736 | phdr = h2_str_to_phdr(list[idx].n); |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 737 | |
| 738 | for (i = !!phdr; i < list[idx].n.len; i++) |
| 739 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
| 740 | goto fail; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 741 | } |
| 742 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 743 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 744 | * rejecting NUL, CR and LF characters. |
| 745 | */ |
| 746 | ctl = ist_find_ctl(list[idx].v); |
| 747 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 748 | goto fail; |
| 749 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 750 | if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { |
| 751 | /* insert a pseudo header by its index (in phdr) and value (in value) */ |
| 752 | if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) { |
| 753 | if (fields & H2_PHDR_FND_NONE) { |
| 754 | /* pseudo header field after regular headers */ |
| 755 | goto fail; |
| 756 | } |
| 757 | else { |
| 758 | /* repeated pseudo header field */ |
| 759 | goto fail; |
| 760 | } |
| 761 | } |
| 762 | fields |= 1 << phdr; |
| 763 | phdr_val[phdr] = list[idx].v; |
| 764 | continue; |
| 765 | } |
| 766 | else if (phdr != 0) { |
| 767 | /* invalid pseudo header -- should never happen here */ |
| 768 | goto fail; |
| 769 | } |
| 770 | |
| 771 | /* regular header field in (name,value) */ |
| 772 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 773 | /* no more pseudo-headers, time to build the status line */ |
| 774 | sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf); |
| 775 | if (!sl) |
| 776 | goto fail; |
| 777 | fields |= H2_PHDR_FND_NONE; |
| 778 | } |
| 779 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 780 | if (isteq(list[idx].n, ist("content-length"))) { |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 781 | ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len); |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 782 | if (ret < 0) |
| 783 | goto fail; |
| 784 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 785 | sl_flags |= HTX_SL_F_CLEN; |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 786 | if (ret == 0) |
| 787 | continue; // skip this duplicate |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 788 | } |
| 789 | |
| 790 | /* these ones are forbidden in responses (RFC7540#8.1.2.2) */ |
| 791 | if (isteq(list[idx].n, ist("connection")) || |
| 792 | isteq(list[idx].n, ist("proxy-connection")) || |
| 793 | isteq(list[idx].n, ist("keep-alive")) || |
| 794 | isteq(list[idx].n, ist("upgrade")) || |
| 795 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 796 | goto fail; |
| 797 | |
| 798 | if (!htx_add_header(htx, list[idx].n, list[idx].v)) |
| 799 | goto fail; |
| 800 | } |
| 801 | |
| 802 | /* RFC7540#8.1.2.1 mandates to reject request pseudo-headers */ |
| 803 | if (fields & (H2_PHDR_FND_AUTH|H2_PHDR_FND_METH|H2_PHDR_FND_PATH|H2_PHDR_FND_SCHM)) |
| 804 | goto fail; |
| 805 | |
| 806 | /* Let's dump the request now if not yet emitted. */ |
| 807 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 808 | sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf); |
| 809 | if (!sl) |
| 810 | goto fail; |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 811 | } |
| 812 | |
| 813 | if (sl->info.res.status == 101 && upgrade_protocol) { |
| 814 | if (!htx_add_header(htx, ist("connection"), ist("upgrade"))) |
| 815 | goto fail; |
| 816 | if (!htx_add_header(htx, ist("upgrade"), ist(upgrade_protocol))) |
| 817 | goto fail; |
| 818 | sl_flags |= HTX_SL_F_CONN_UPG; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 819 | } |
| 820 | |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 821 | if ((*msgf & H2_MSGF_BODY_TUNNEL) && |
| 822 | ((sl->info.res.status >= 200 && sl->info.res.status < 300) || sl->info.res.status == 101)) |
Christopher Faulet | d0db423 | 2021-01-22 11:46:30 +0100 | [diff] [blame] | 823 | *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL); |
| 824 | else |
| 825 | *msgf &= ~H2_MSGF_BODY_TUNNEL; |
| 826 | |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 827 | if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) || |
| 828 | (*msgf & H2_MSGF_BODY_TUNNEL)) { |
Ilya Shipitsin | acf8459 | 2021-02-06 22:29:08 +0500 | [diff] [blame] | 829 | /* Response without body or tunnel successfully established */ |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 830 | sl_flags |= HTX_SL_F_BODYLESS; |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 831 | htx->flags |= HTX_FL_EOM; |
| 832 | } |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 833 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 834 | /* update the start line with last detected header info */ |
| 835 | sl->flags |= sl_flags; |
| 836 | |
| 837 | if ((*msgf & (H2_MSGF_BODY|H2_MSGF_BODY_TUNNEL|H2_MSGF_BODY_CL)) == H2_MSGF_BODY) { |
| 838 | /* FIXME: Do we need to signal anything when we have a body and |
| 839 | * no content-length, to have the equivalent of H1's chunked |
| 840 | * encoding? |
| 841 | */ |
| 842 | } |
| 843 | |
| 844 | /* now send the end of headers marker */ |
Christopher Faulet | 5be651d | 2021-01-22 15:28:03 +0100 | [diff] [blame] | 845 | if (!htx_add_endof(htx, HTX_BLK_EOH)) |
| 846 | goto fail; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 847 | |
| 848 | ret = 1; |
| 849 | return ret; |
| 850 | |
| 851 | fail: |
| 852 | return -1; |
| 853 | } |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 854 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 855 | /* Takes an H2 headers list <list> terminated by a name being <NULL,0> and emits |
| 856 | * the equivalent HTX trailers blocks. The output contents are emitted in <htx>, |
| 857 | * and a positive value is returned if some bytes were emitted. In case of |
| 858 | * error, a negative error code is returned. The caller must have verified that |
| 859 | * the message in the buffer is compatible with receipt of trailers. |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 860 | * |
| 861 | * The headers list <list> must be composed of : |
| 862 | * - n.name != NULL, n.len > 0 : literal header name |
| 863 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 864 | * among H2_PHDR_IDX_* (illegal here) |
| 865 | * - n.name ignored, n.len == 0 : end of list |
| 866 | * - in all cases except the end of list, v.name and v.len must designate a |
| 867 | * valid value. |
| 868 | */ |
| 869 | int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx) |
| 870 | { |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 871 | const char *ctl; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 872 | uint32_t idx; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 873 | int i; |
| 874 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 875 | for (idx = 0; list[idx].n.len != 0; idx++) { |
Tim Duesterhus | 7750850 | 2022-03-15 13:11:06 +0100 | [diff] [blame] | 876 | if (!isttest(list[idx].n)) { |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 877 | /* This is an indexed pseudo-header (RFC7540#8.1.2.1) */ |
| 878 | goto fail; |
| 879 | } |
| 880 | |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 881 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 882 | * #10.3: header names must be valid (i.e. match a token). This |
| 883 | * also catches pseudo-headers which are forbidden in trailers. |
| 884 | */ |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 885 | for (i = 0; i < list[idx].n.len; i++) |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 886 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 887 | goto fail; |
| 888 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 889 | /* these ones are forbidden in trailers (RFC7540#8.1.2.2) */ |
| 890 | if (isteq(list[idx].n, ist("host")) || |
| 891 | isteq(list[idx].n, ist("content-length")) || |
| 892 | isteq(list[idx].n, ist("connection")) || |
| 893 | isteq(list[idx].n, ist("proxy-connection")) || |
| 894 | isteq(list[idx].n, ist("keep-alive")) || |
| 895 | isteq(list[idx].n, ist("upgrade")) || |
| 896 | isteq(list[idx].n, ist("te")) || |
| 897 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 898 | goto fail; |
| 899 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 900 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 901 | * rejecting NUL, CR and LF characters. |
| 902 | */ |
| 903 | ctl = ist_find_ctl(list[idx].v); |
| 904 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 905 | goto fail; |
| 906 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 907 | if (!htx_add_trailer(htx, list[idx].n, list[idx].v)) |
| 908 | goto fail; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 909 | } |
| 910 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 911 | if (!htx_add_endof(htx, HTX_BLK_EOT)) |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 912 | goto fail; |
| 913 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 914 | return 1; |
| 915 | |
| 916 | fail: |
| 917 | return -1; |
| 918 | } |