Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 1 | /* |
| 2 | * HTTP/2 protocol processing |
| 3 | * |
| 4 | * Copyright 2017 Willy Tarreau <w@1wt.eu> |
| 5 | * Copyright (C) 2017 HAProxy Technologies |
| 6 | * |
| 7 | * Permission is hereby granted, free of charge, to any person obtaining |
| 8 | * a copy of this software and associated documentation files (the |
| 9 | * "Software"), to deal in the Software without restriction, including |
| 10 | * without limitation the rights to use, copy, modify, merge, publish, |
| 11 | * distribute, sublicense, and/or sell copies of the Software, and to |
| 12 | * permit persons to whom the Software is furnished to do so, subject to |
| 13 | * the following conditions: |
| 14 | * |
| 15 | * The above copyright notice and this permission notice shall be |
| 16 | * included in all copies or substantial portions of the Software. |
| 17 | * |
| 18 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| 19 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES |
| 20 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| 21 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
| 22 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
| 23 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| 24 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
| 25 | * OTHER DEALINGS IN THE SOFTWARE. |
| 26 | */ |
| 27 | |
Willy Tarreau | a1bd1fa | 2019-03-29 17:26:33 +0100 | [diff] [blame] | 28 | #include <inttypes.h> |
Willy Tarreau | 4c7e4b7 | 2020-05-27 12:58:42 +0200 | [diff] [blame] | 29 | #include <haproxy/api.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 30 | #include <haproxy/global.h> |
Willy Tarreau | bf07314 | 2020-06-03 12:04:01 +0200 | [diff] [blame] | 31 | #include <haproxy/h2.h> |
Willy Tarreau | 0017be0 | 2020-06-02 19:25:28 +0200 | [diff] [blame] | 32 | #include <haproxy/http-hdr-t.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 33 | #include <haproxy/http.h> |
Amaury Denoyelle | 4ca0f36 | 2021-07-07 10:49:28 +0200 | [diff] [blame] | 34 | #include <haproxy/http_htx.h> |
Willy Tarreau | 16f958c | 2020-06-03 08:44:35 +0200 | [diff] [blame] | 35 | #include <haproxy/htx.h> |
Willy Tarreau | eb6f701 | 2020-05-27 16:21:26 +0200 | [diff] [blame] | 36 | #include <import/ist.h> |
Willy Tarreau | b255105 | 2020-06-09 09:07:15 +0200 | [diff] [blame] | 37 | |
Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 38 | |
Willy Tarreau | 9c84d82 | 2019-01-30 15:09:21 +0100 | [diff] [blame] | 39 | struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = { |
| 40 | [H2_FT_DATA ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 41 | [H2_FT_HEADERS ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 1, .max_len = H2_MAX_FRAME_LEN, }, |
| 42 | [H2_FT_PRIORITY ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 5, .max_len = 5, }, |
| 43 | [H2_FT_RST_STREAM ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, }, |
| 44 | [H2_FT_SETTINGS ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 45 | [H2_FT_PUSH_PROMISE ] = { .dir = 0, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = H2_MAX_FRAME_LEN, }, |
| 46 | [H2_FT_PING ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = 8, }, |
| 47 | [H2_FT_GOAWAY ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = H2_MAX_FRAME_LEN, }, |
| 48 | [H2_FT_WINDOW_UPDATE] = { .dir = 3, .min_id = 0, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, }, |
| 49 | [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 50 | }; |
Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 51 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 52 | /* Looks into <ist> for forbidden characters for header values (0x00, 0x0A, |
| 53 | * 0x0D), starting at pointer <start> which must be within <ist>. Returns |
| 54 | * non-zero if such a character is found, 0 otherwise. When run on unlikely |
| 55 | * header match, it's recommended to first check for the presence of control |
| 56 | * chars using ist_find_ctl(). |
| 57 | */ |
| 58 | static int has_forbidden_char(const struct ist ist, const char *start) |
| 59 | { |
| 60 | do { |
| 61 | if ((uint8_t)*start <= 0x0d && |
| 62 | (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0))) |
| 63 | return 1; |
| 64 | start++; |
Tim Duesterhus | 4c8f75f | 2021-11-06 15:14:44 +0100 | [diff] [blame] | 65 | } while (start < istend(ist)); |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 66 | return 0; |
| 67 | } |
| 68 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 69 | /* Parse the Content-Length header field of an HTTP/2 request. The function |
| 70 | * checks all possible occurrences of a comma-delimited value, and verifies |
| 71 | * if any of them doesn't match a previous value. It returns <0 if a value |
| 72 | * differs, 0 if the whole header can be dropped (i.e. already known), or >0 |
| 73 | * if the value can be indexed (first one). In the last case, the value might |
| 74 | * be adjusted and the caller must only add the updated value. |
| 75 | */ |
| 76 | int h2_parse_cont_len_header(unsigned int *msgf, struct ist *value, unsigned long long *body_len) |
| 77 | { |
| 78 | char *e, *n; |
| 79 | unsigned long long cl; |
| 80 | int not_first = !!(*msgf & H2_MSGF_BODY_CL); |
| 81 | struct ist word; |
| 82 | |
| 83 | word.ptr = value->ptr - 1; // -1 for next loop's pre-increment |
| 84 | e = value->ptr + value->len; |
| 85 | |
| 86 | while (++word.ptr < e) { |
Ilya Shipitsin | 6fb0f21 | 2020-04-02 15:25:26 +0500 | [diff] [blame] | 87 | /* skip leading delimiter and blanks */ |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 88 | if (unlikely(HTTP_IS_LWS(*word.ptr))) |
| 89 | continue; |
| 90 | |
| 91 | /* digits only now */ |
| 92 | for (cl = 0, n = word.ptr; n < e; n++) { |
| 93 | unsigned int c = *n - '0'; |
| 94 | if (unlikely(c > 9)) { |
| 95 | /* non-digit */ |
| 96 | if (unlikely(n == word.ptr)) // spaces only |
| 97 | goto fail; |
| 98 | break; |
| 99 | } |
| 100 | if (unlikely(cl > ULLONG_MAX / 10ULL)) |
| 101 | goto fail; /* multiply overflow */ |
| 102 | cl = cl * 10ULL; |
| 103 | if (unlikely(cl + c < cl)) |
| 104 | goto fail; /* addition overflow */ |
| 105 | cl = cl + c; |
| 106 | } |
| 107 | |
| 108 | /* keep a copy of the exact cleaned value */ |
| 109 | word.len = n - word.ptr; |
| 110 | |
| 111 | /* skip trailing LWS till next comma or EOL */ |
| 112 | for (; n < e; n++) { |
| 113 | if (!HTTP_IS_LWS(*n)) { |
| 114 | if (unlikely(*n != ',')) |
| 115 | goto fail; |
| 116 | break; |
| 117 | } |
| 118 | } |
| 119 | |
| 120 | /* if duplicate, must be equal */ |
| 121 | if (*msgf & H2_MSGF_BODY_CL && cl != *body_len) |
| 122 | goto fail; |
| 123 | |
| 124 | /* OK, store this result as the one to be indexed */ |
| 125 | *msgf |= H2_MSGF_BODY_CL; |
| 126 | *body_len = cl; |
| 127 | *value = word; |
| 128 | word.ptr = n; |
| 129 | } |
| 130 | /* here we've reached the end with a single value or a series of |
| 131 | * identical values, all matching previous series if any. The last |
| 132 | * parsed value was sent back into <value>. We just have to decide |
| 133 | * if this occurrence has to be indexed (it's the first one) or |
| 134 | * silently skipped (it's not the first one) |
| 135 | */ |
| 136 | return !not_first; |
| 137 | fail: |
| 138 | return -1; |
| 139 | } |
| 140 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 141 | /* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>. |
| 142 | * <fields> indicates what was found so far. This should be called once at the |
| 143 | * detection of the first general header field or at the end of the request if |
| 144 | * no general header field was found yet. Returns the created start line on |
| 145 | * success, or NULL on failure. Upon success, <msgf> is updated with a few |
| 146 | * H2_MSGF_* flags indicating what was found while parsing. |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 147 | * |
| 148 | * The rules below deserve a bit of explanation. There tends to be some |
| 149 | * confusion regarding H2's authority vs the Host header. They are different |
| 150 | * though may sometimes be exchanged. In H2, the request line is broken into : |
| 151 | * - :method |
| 152 | * - :scheme |
| 153 | * - :authority |
| 154 | * - :path |
| 155 | * |
| 156 | * An equivalent HTTP/1.x absolute-form request would then look like : |
| 157 | * <:method> <:scheme>://<:authority><:path> HTTP/x.y |
| 158 | * |
| 159 | * Except for CONNECT which doesn't have scheme nor path and looks like : |
| 160 | * <:method> <:authority> HTTP/x.y |
| 161 | * |
| 162 | * It's worth noting that H2 still supports an encoding to map H1 origin-form |
| 163 | * and asterisk-form requests. These ones do not specify the authority. However |
| 164 | * in H2 they must still specify the scheme, which is not present in H1. Also, |
| 165 | * when encoding an absolute-form H1 request without a path, the path |
| 166 | * automatically becomes "/" except for the OPTIONS method where it |
| 167 | * becomes "*". |
| 168 | * |
| 169 | * As such it is explicitly permitted for an H2 client to send a request |
| 170 | * featuring a Host header and no :authority, though it's not the recommended |
| 171 | * way to use H2 for a client. It is however the only permitted way to encode |
| 172 | * an origin-form H1 request over H2. Thus we need to respect such differences |
| 173 | * as much as possible when re-encoding the H2 request into HTX. |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 174 | */ |
| 175 | static struct htx_sl *h2_prepare_htx_reqline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf) |
| 176 | { |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 177 | struct ist uri, meth_sl; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 178 | unsigned int flags = HTX_SL_F_NONE; |
| 179 | struct htx_sl *sl; |
Willy Tarreau | 9255e7e | 2019-03-05 10:47:37 +0100 | [diff] [blame] | 180 | size_t i; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 181 | |
| 182 | if ((fields & H2_PHDR_FND_METH) && isteq(phdr[H2_PHDR_IDX_METH], ist("CONNECT"))) { |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 183 | if (fields & H2_PHDR_FND_PROT) { |
| 184 | /* rfc 8441 Extended Connect Protocol |
| 185 | * #4 :scheme and :path must be present, as well as |
| 186 | * :authority like all h2 requests |
| 187 | */ |
| 188 | if (!(fields & H2_PHDR_FND_SCHM)) { |
| 189 | /* missing scheme */ |
| 190 | goto fail; |
| 191 | } |
| 192 | else if (!(fields & H2_PHDR_FND_PATH)) { |
| 193 | /* missing path */ |
| 194 | goto fail; |
| 195 | } |
| 196 | else if (!(fields & H2_PHDR_FND_AUTH)) { |
| 197 | /* missing authority */ |
| 198 | goto fail; |
| 199 | } |
| 200 | |
| 201 | flags |= HTX_SL_F_HAS_SCHM; |
| 202 | if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http"))) |
| 203 | flags |= HTX_SL_F_SCHM_HTTP; |
| 204 | else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https"))) |
| 205 | flags |= HTX_SL_F_SCHM_HTTPS; |
Willy Tarreau | a495e0d | 2021-08-10 15:37:34 +0200 | [diff] [blame] | 206 | else if (!http_validate_scheme(phdr[H2_PHDR_IDX_SCHM])) |
| 207 | htx->flags |= HTX_FL_PARSING_ERROR; |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 208 | |
| 209 | meth_sl = ist("GET"); |
| 210 | |
| 211 | *msgf |= H2_MSGF_EXT_CONNECT; |
| 212 | /* no ES on the HEADERS frame but no body either for |
| 213 | * Extended CONNECT */ |
| 214 | *msgf &= ~H2_MSGF_BODY; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 215 | } |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 216 | else { |
| 217 | /* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path" |
| 218 | * MUST be omitted ; ":authority" contains the host and port |
| 219 | * to connect to. |
| 220 | */ |
| 221 | if (fields & H2_PHDR_FND_SCHM) { |
| 222 | /* scheme not allowed */ |
| 223 | goto fail; |
| 224 | } |
| 225 | else if (fields & H2_PHDR_FND_PATH) { |
| 226 | /* path not allowed */ |
| 227 | goto fail; |
| 228 | } |
| 229 | else if (!(fields & H2_PHDR_FND_AUTH)) { |
| 230 | /* missing authority */ |
| 231 | goto fail; |
| 232 | } |
| 233 | |
| 234 | meth_sl = phdr[H2_PHDR_IDX_METH]; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 235 | } |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 236 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 237 | *msgf |= H2_MSGF_BODY_TUNNEL; |
| 238 | } |
| 239 | else if ((fields & (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) != |
| 240 | (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) { |
| 241 | /* RFC 7540 #8.1.2.3 : all requests MUST include exactly one |
| 242 | * valid value for the ":method", ":scheme" and ":path" phdr |
| 243 | * unless it is a CONNECT request. |
| 244 | */ |
| 245 | if (!(fields & H2_PHDR_FND_METH)) { |
| 246 | /* missing method */ |
| 247 | goto fail; |
| 248 | } |
| 249 | else if (!(fields & H2_PHDR_FND_SCHM)) { |
| 250 | /* missing scheme */ |
| 251 | goto fail; |
| 252 | } |
| 253 | else { |
| 254 | /* missing path */ |
| 255 | goto fail; |
| 256 | } |
| 257 | } |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 258 | else { /* regular methods */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 259 | /* RFC3986#6.2.2.1: scheme is case-insensitive. We need to |
| 260 | * classify the scheme as "present/http", "present/https", |
| 261 | * "present/other", "absent" so as to decide whether or not |
| 262 | * we're facing a normalized URI that will have to be encoded |
| 263 | * in origin or absolute form. Indeed, 7540#8.1.2.3 says that |
| 264 | * clients should use the absolute form, thus we cannot infer |
| 265 | * whether or not the client wanted to use a proxy here. |
| 266 | */ |
| 267 | flags |= HTX_SL_F_HAS_SCHM; |
| 268 | if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http"))) |
| 269 | flags |= HTX_SL_F_SCHM_HTTP; |
| 270 | else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https"))) |
| 271 | flags |= HTX_SL_F_SCHM_HTTPS; |
Willy Tarreau | a495e0d | 2021-08-10 15:37:34 +0200 | [diff] [blame] | 272 | else if (!http_validate_scheme(phdr[H2_PHDR_IDX_SCHM])) |
| 273 | htx->flags |= HTX_FL_PARSING_ERROR; |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 274 | |
| 275 | meth_sl = phdr[H2_PHDR_IDX_METH]; |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 276 | } |
| 277 | |
Willy Tarreau | 4b8852c | 2021-08-10 16:30:55 +0200 | [diff] [blame] | 278 | if (fields & H2_PHDR_FND_PATH) { |
| 279 | /* 7540#8.1.2.3: :path must not be empty, and must be either |
| 280 | * '*' or an RFC3986 "path-absolute" starting with a "/" but |
| 281 | * not with "//". |
Willy Tarreau | 46b7dff | 2021-08-19 23:06:58 +0200 | [diff] [blame] | 282 | * However, this "path-absolute" was a mistake which was |
| 283 | * later fixed in http2bis as "absolute-path" to match |
| 284 | * HTTP/1, thus also allowing "//". |
Willy Tarreau | 4b8852c | 2021-08-10 16:30:55 +0200 | [diff] [blame] | 285 | */ |
| 286 | if (unlikely(!phdr[H2_PHDR_IDX_PATH].len)) |
| 287 | goto fail; |
| 288 | else if (unlikely(phdr[H2_PHDR_IDX_PATH].ptr[0] != '/')) { |
| 289 | if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*"))) |
| 290 | goto fail; |
| 291 | } |
Willy Tarreau | 4b8852c | 2021-08-10 16:30:55 +0200 | [diff] [blame] | 292 | } |
| 293 | |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 294 | if (!(flags & HTX_SL_F_HAS_SCHM)) { |
| 295 | /* no scheme, use authority only (CONNECT) */ |
| 296 | uri = phdr[H2_PHDR_IDX_AUTH]; |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 297 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 298 | } |
Willy Tarreau | 30ee1ef | 2019-10-08 18:33:19 +0200 | [diff] [blame] | 299 | else if (fields & H2_PHDR_FND_AUTH) { |
| 300 | /* authority is present, let's use the absolute form. We simply |
| 301 | * use the trash to concatenate them since all of them MUST fit |
| 302 | * in a bufsize since it's where they come from. |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 303 | */ |
| 304 | uri = ist2bin(trash.area, phdr[H2_PHDR_IDX_SCHM]); |
| 305 | istcat(&uri, ist("://"), trash.size); |
| 306 | istcat(&uri, phdr[H2_PHDR_IDX_AUTH], trash.size); |
| 307 | if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*"))) |
| 308 | istcat(&uri, phdr[H2_PHDR_IDX_PATH], trash.size); |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 309 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 30ee1ef | 2019-10-08 18:33:19 +0200 | [diff] [blame] | 310 | |
| 311 | if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) { |
| 312 | /* we don't know if it was originally an absolute or a |
| 313 | * relative request because newer versions of HTTP use |
| 314 | * the absolute URI format by default, which we call |
| 315 | * the normalized URI format internally. This is the |
| 316 | * strongly recommended way of sending a request for |
| 317 | * a regular client, so we cannot distinguish this |
| 318 | * from a request intended for a proxy. For other |
| 319 | * schemes however there is no doubt. |
| 320 | */ |
| 321 | flags |= HTX_SL_F_NORMALIZED_URI; |
| 322 | } |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 323 | } |
| 324 | else { |
| 325 | /* usual schemes with or without authority, use origin form */ |
| 326 | uri = phdr[H2_PHDR_IDX_PATH]; |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 327 | if (fields & H2_PHDR_FND_AUTH) |
| 328 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 329 | } |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 330 | |
Willy Tarreau | 8926522 | 2021-08-11 11:12:46 +0200 | [diff] [blame] | 331 | /* The method is a non-empty token (RFC7231#4.1) */ |
| 332 | if (!meth_sl.len) |
| 333 | goto fail; |
| 334 | for (i = 0; i < meth_sl.len; i++) { |
| 335 | if (!HTTP_IS_TOKEN(meth_sl.ptr[i])) |
| 336 | htx->flags |= HTX_FL_PARSING_ERROR; |
| 337 | } |
| 338 | |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 339 | /* make sure the final URI isn't empty. Note that 7540#8.1.2.3 states |
| 340 | * that :path must not be empty. |
| 341 | */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 342 | if (!uri.len) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 343 | goto fail; |
| 344 | |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 345 | /* The final URI must not contain LWS nor CTL characters */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 346 | for (i = 0; i < uri.len; i++) { |
| 347 | unsigned char c = uri.ptr[i]; |
Willy Tarreau | 9255e7e | 2019-03-05 10:47:37 +0100 | [diff] [blame] | 348 | if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c)) |
| 349 | htx->flags |= HTX_FL_PARSING_ERROR; |
| 350 | } |
| 351 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 352 | /* Set HTX start-line flags */ |
| 353 | flags |= HTX_SL_F_VER_11; // V2 in fact |
| 354 | flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2 |
| 355 | |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 356 | sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, meth_sl, uri, ist("HTTP/2.0")); |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 357 | if (!sl) |
| 358 | goto fail; |
| 359 | |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 360 | sl->info.req.meth = find_http_meth(meth_sl.ptr, meth_sl.len); |
Christopher Faulet | 7d247f0 | 2020-12-02 14:26:36 +0100 | [diff] [blame] | 361 | if (sl->info.req.meth == HTTP_METH_HEAD) |
| 362 | *msgf |= H2_MSGF_BODYLESS_RSP; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 363 | return sl; |
| 364 | fail: |
| 365 | return NULL; |
| 366 | } |
| 367 | |
| 368 | /* Takes an H2 request present in the headers list <list> terminated by a name |
| 369 | * being <NULL,0> and emits the equivalent HTX request according to the rules |
| 370 | * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and |
| 371 | * non-zero is returned if some bytes were emitted. In case of error, a |
| 372 | * negative error code is returned. |
| 373 | * |
| 374 | * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what |
| 375 | * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY |
| 376 | * if a body is detected (!ES). |
| 377 | * |
| 378 | * The headers list <list> must be composed of : |
| 379 | * - n.name != NULL, n.len > 0 : literal header name |
| 380 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 381 | * among H2_PHDR_IDX_* |
| 382 | * - n.name ignored, n.len == 0 : end of list |
| 383 | * - in all cases except the end of list, v.name and v.len must designate a |
| 384 | * valid value. |
| 385 | * |
| 386 | * The Cookie header will be reassembled at the end, and for this, the <list> |
| 387 | * will be used to create a linked list, so its contents may be destroyed. |
| 388 | */ |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 389 | int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 390 | { |
| 391 | struct ist phdr_val[H2_PHDR_NUM_ENTRIES]; |
| 392 | uint32_t fields; /* bit mask of H2_PHDR_FND_* */ |
| 393 | uint32_t idx; |
| 394 | int ck, lck; /* cookie index and last cookie index */ |
| 395 | int phdr; |
| 396 | int ret; |
| 397 | int i; |
| 398 | struct htx_sl *sl = NULL; |
| 399 | unsigned int sl_flags = 0; |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 400 | const char *ctl; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 401 | |
| 402 | lck = ck = -1; // no cookie for now |
| 403 | fields = 0; |
| 404 | for (idx = 0; list[idx].n.len != 0; idx++) { |
Tim Duesterhus | 7750850 | 2022-03-15 13:11:06 +0100 | [diff] [blame] | 405 | if (!isttest(list[idx].n)) { |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 406 | /* this is an indexed pseudo-header */ |
| 407 | phdr = list[idx].n.len; |
| 408 | } |
| 409 | else { |
| 410 | /* this can be any type of header */ |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 411 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 412 | * #10.3: header names must be valid (i.e. match a token). |
| 413 | * For pseudo-headers we check from 2nd char and for other ones |
| 414 | * from the first char, because HTTP_IS_TOKEN() also excludes |
| 415 | * the colon. |
| 416 | */ |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 417 | phdr = h2_str_to_phdr(list[idx].n); |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 418 | |
| 419 | for (i = !!phdr; i < list[idx].n.len; i++) |
| 420 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
| 421 | goto fail; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 422 | } |
| 423 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 424 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 425 | * rejecting NUL, CR and LF characters. |
| 426 | */ |
| 427 | ctl = ist_find_ctl(list[idx].v); |
| 428 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 429 | goto fail; |
| 430 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 431 | if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { |
| 432 | /* insert a pseudo header by its index (in phdr) and value (in value) */ |
| 433 | if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) { |
| 434 | if (fields & H2_PHDR_FND_NONE) { |
| 435 | /* pseudo header field after regular headers */ |
| 436 | goto fail; |
| 437 | } |
| 438 | else { |
| 439 | /* repeated pseudo header field */ |
| 440 | goto fail; |
| 441 | } |
| 442 | } |
| 443 | fields |= 1 << phdr; |
| 444 | phdr_val[phdr] = list[idx].v; |
| 445 | continue; |
| 446 | } |
| 447 | else if (phdr != 0) { |
| 448 | /* invalid pseudo header -- should never happen here */ |
| 449 | goto fail; |
| 450 | } |
| 451 | |
| 452 | /* regular header field in (name,value) */ |
| 453 | if (unlikely(!(fields & H2_PHDR_FND_NONE))) { |
| 454 | /* no more pseudo-headers, time to build the request line */ |
| 455 | sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf); |
| 456 | if (!sl) |
| 457 | goto fail; |
| 458 | fields |= H2_PHDR_FND_NONE; |
Willy Tarreau | b5d2b9e | 2021-08-11 15:39:13 +0200 | [diff] [blame] | 459 | |
| 460 | /* http2bis draft recommends to drop Host in favor of :authority when |
| 461 | * the latter is present. This is required to make sure there is no |
| 462 | * discrepancy between the authority and the host header, especially |
| 463 | * since routing rules usually involve Host. Here we already know if |
| 464 | * :authority was found so we can emit it right now and mark the host |
| 465 | * as filled so that it's skipped later. |
| 466 | */ |
| 467 | if (fields & H2_PHDR_FND_AUTH) { |
| 468 | if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH])) |
| 469 | goto fail; |
| 470 | fields |= H2_PHDR_FND_HOST; |
| 471 | } |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 472 | } |
| 473 | |
Willy Tarreau | b5d2b9e | 2021-08-11 15:39:13 +0200 | [diff] [blame] | 474 | if (isteq(list[idx].n, ist("host"))) { |
| 475 | if (fields & H2_PHDR_FND_HOST) |
| 476 | continue; |
| 477 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 478 | fields |= H2_PHDR_FND_HOST; |
Willy Tarreau | b5d2b9e | 2021-08-11 15:39:13 +0200 | [diff] [blame] | 479 | } |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 480 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 481 | if (isteq(list[idx].n, ist("content-length"))) { |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 482 | ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len); |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 483 | if (ret < 0) |
| 484 | goto fail; |
| 485 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 486 | sl_flags |= HTX_SL_F_CLEN; |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 487 | if (ret == 0) |
| 488 | continue; // skip this duplicate |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 489 | } |
| 490 | |
| 491 | /* these ones are forbidden in requests (RFC7540#8.1.2.2) */ |
| 492 | if (isteq(list[idx].n, ist("connection")) || |
| 493 | isteq(list[idx].n, ist("proxy-connection")) || |
| 494 | isteq(list[idx].n, ist("keep-alive")) || |
| 495 | isteq(list[idx].n, ist("upgrade")) || |
| 496 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 497 | goto fail; |
| 498 | |
| 499 | if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers"))) |
| 500 | goto fail; |
| 501 | |
| 502 | /* cookie requires special processing at the end */ |
| 503 | if (isteq(list[idx].n, ist("cookie"))) { |
Amaury Denoyelle | 2c5a7ee | 2022-08-17 16:33:53 +0200 | [diff] [blame] | 504 | http_cookie_register(list, idx, &ck, &lck); |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 505 | continue; |
| 506 | } |
| 507 | |
| 508 | if (!htx_add_header(htx, list[idx].n, list[idx].v)) |
| 509 | goto fail; |
| 510 | } |
| 511 | |
| 512 | /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */ |
| 513 | if (fields & H2_PHDR_FND_STAT) |
| 514 | goto fail; |
| 515 | |
| 516 | /* Let's dump the request now if not yet emitted. */ |
| 517 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 518 | sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf); |
| 519 | if (!sl) |
| 520 | goto fail; |
| 521 | } |
| 522 | |
Christopher Faulet | d0db423 | 2021-01-22 11:46:30 +0100 | [diff] [blame] | 523 | if (*msgf & H2_MSGF_BODY_TUNNEL) |
| 524 | *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL); |
| 525 | |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 526 | if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) || |
| 527 | (*msgf & H2_MSGF_BODY_TUNNEL)) { |
| 528 | /* Request without body or tunnel requested */ |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 529 | sl_flags |= HTX_SL_F_BODYLESS; |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 530 | htx->flags |= HTX_FL_EOM; |
| 531 | } |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 532 | |
Amaury Denoyelle | c9a0afc | 2020-12-11 17:53:09 +0100 | [diff] [blame] | 533 | if (*msgf & H2_MSGF_EXT_CONNECT) { |
| 534 | if (!htx_add_header(htx, ist("upgrade"), phdr_val[H2_PHDR_IDX_PROT])) |
| 535 | goto fail; |
| 536 | if (!htx_add_header(htx, ist("connection"), ist("upgrade"))) |
| 537 | goto fail; |
| 538 | sl_flags |= HTX_SL_F_CONN_UPG; |
| 539 | } |
| 540 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 541 | /* update the start line with last detected header info */ |
| 542 | sl->flags |= sl_flags; |
| 543 | |
Willy Tarreau | b5d2b9e | 2021-08-11 15:39:13 +0200 | [diff] [blame] | 544 | /* complete with missing Host if needed (we may validate this test if |
| 545 | * no regular header was found). |
| 546 | */ |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 547 | if ((fields & (H2_PHDR_FND_HOST|H2_PHDR_FND_AUTH)) == H2_PHDR_FND_AUTH) { |
| 548 | /* missing Host field, use :authority instead */ |
| 549 | if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH])) |
| 550 | goto fail; |
| 551 | } |
| 552 | |
| 553 | /* now we may have to build a cookie list. We'll dump the values of all |
| 554 | * visited headers. |
| 555 | */ |
| 556 | if (ck >= 0) { |
Amaury Denoyelle | 2c5a7ee | 2022-08-17 16:33:53 +0200 | [diff] [blame] | 557 | if (http_cookie_merge(htx, list, ck)) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 558 | goto fail; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 559 | } |
| 560 | |
| 561 | /* now send the end of headers marker */ |
Christopher Faulet | 5be651d | 2021-01-22 15:28:03 +0100 | [diff] [blame] | 562 | if (!htx_add_endof(htx, HTX_BLK_EOH)) |
| 563 | goto fail; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 564 | |
Amaury Denoyelle | 4ca0f36 | 2021-07-07 10:49:28 +0200 | [diff] [blame] | 565 | /* proceed to scheme-based normalization on target-URI */ |
| 566 | if (fields & H2_PHDR_FND_SCHM) |
| 567 | http_scheme_based_normalize(htx); |
| 568 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 569 | ret = 1; |
| 570 | return ret; |
| 571 | |
| 572 | fail: |
| 573 | return -1; |
| 574 | } |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 575 | |
| 576 | /* Prepare the status line into <htx> from pseudo headers stored in <phdr[]>. |
| 577 | * <fields> indicates what was found so far. This should be called once at the |
| 578 | * detection of the first general header field or at the end of the message if |
| 579 | * no general header field was found yet. Returns the created start line on |
| 580 | * success, or NULL on failure. Upon success, <msgf> is updated with a few |
| 581 | * H2_MSGF_* flags indicating what was found while parsing. |
| 582 | */ |
| 583 | static struct htx_sl *h2_prepare_htx_stsline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf) |
| 584 | { |
Willy Tarreau | d8a44d0 | 2022-09-02 11:15:37 +0200 | [diff] [blame] | 585 | unsigned int status, flags = HTX_SL_F_IS_RESP; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 586 | struct htx_sl *sl; |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 587 | struct ist stat; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 588 | |
| 589 | /* only :status is allowed as a pseudo header */ |
| 590 | if (!(fields & H2_PHDR_FND_STAT)) |
| 591 | goto fail; |
| 592 | |
| 593 | if (phdr[H2_PHDR_IDX_STAT].len != 3) |
| 594 | goto fail; |
| 595 | |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 596 | /* if Extended CONNECT is used, convert status code from 200 to htx 101 |
| 597 | * following rfc 8441 */ |
| 598 | if (unlikely(*msgf & H2_MSGF_EXT_CONNECT) && |
| 599 | isteq(phdr[H2_PHDR_IDX_STAT], ist("200"))) { |
| 600 | stat = ist("101"); |
| 601 | status = 101; |
| 602 | } |
| 603 | else { |
| 604 | unsigned char h, t, u; |
| 605 | |
| 606 | stat = phdr[H2_PHDR_IDX_STAT]; |
| 607 | |
| 608 | h = stat.ptr[0] - '0'; |
| 609 | t = stat.ptr[1] - '0'; |
| 610 | u = stat.ptr[2] - '0'; |
| 611 | if (h > 9 || t > 9 || u > 9) |
| 612 | goto fail; |
| 613 | status = h * 100 + t * 10 + u; |
| 614 | } |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 615 | |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 616 | /* 101 responses are not supported in H2, so return a error. |
| 617 | * On 1xx responses there is no ES on the HEADERS frame but there is no |
| 618 | * body. So remove the flag H2_MSGF_BODY and add H2_MSGF_RSP_1XX to |
| 619 | * notify the decoder another HEADERS frame is expected. |
Ilya Shipitsin | acf8459 | 2021-02-06 22:29:08 +0500 | [diff] [blame] | 620 | * 204/304 response have no body by definition. So remove the flag |
Christopher Faulet | 7d247f0 | 2020-12-02 14:26:36 +0100 | [diff] [blame] | 621 | * H2_MSGF_BODY and set H2_MSGF_BODYLESS_RSP. |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 622 | * |
| 623 | * Note however that there is a special condition for Extended CONNECT. |
| 624 | * In this case, we explicitly convert it to HTX 101 to mimic |
| 625 | * Get+Upgrade HTTP/1.1 mechanism |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 626 | */ |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 627 | if (status == 101) { |
| 628 | if (!(*msgf & H2_MSGF_EXT_CONNECT)) |
| 629 | goto fail; |
| 630 | } |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 631 | else if (status < 200) { |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 632 | *msgf |= H2_MSGF_RSP_1XX; |
| 633 | *msgf &= ~H2_MSGF_BODY; |
| 634 | } |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 635 | else if (status == 204 || status == 304) { |
Christopher Faulet | 7d247f0 | 2020-12-02 14:26:36 +0100 | [diff] [blame] | 636 | *msgf &= ~H2_MSGF_BODY; |
| 637 | *msgf |= H2_MSGF_BODYLESS_RSP; |
| 638 | } |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 639 | |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 640 | /* Set HTX start-line flags */ |
| 641 | flags |= HTX_SL_F_VER_11; // V2 in fact |
| 642 | flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2 |
| 643 | |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 644 | sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, ist("HTTP/2.0"), stat, ist("")); |
Christopher Faulet | 8989942 | 2020-12-07 18:24:43 +0100 | [diff] [blame] | 645 | if (!sl) |
| 646 | goto fail; |
| 647 | sl->info.res.status = status; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 648 | return sl; |
| 649 | fail: |
| 650 | return NULL; |
| 651 | } |
| 652 | |
| 653 | /* Takes an H2 response present in the headers list <list> terminated by a name |
| 654 | * being <NULL,0> and emits the equivalent HTX response according to the rules |
| 655 | * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and |
| 656 | * a positive value is returned if some bytes were emitted. In case of error, a |
| 657 | * negative error code is returned. |
| 658 | * |
| 659 | * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what |
| 660 | * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY |
| 661 | * if a body is detected (!ES). |
| 662 | * |
| 663 | * The headers list <list> must be composed of : |
| 664 | * - n.name != NULL, n.len > 0 : literal header name |
| 665 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 666 | * among H2_PHDR_IDX_* |
| 667 | * - n.name ignored, n.len == 0 : end of list |
| 668 | * - in all cases except the end of list, v.name and v.len must designate a |
| 669 | * valid value. |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 670 | * |
| 671 | * <upgrade_protocol> is only used if the htx status code is 101 indicating a |
| 672 | * response to an upgrade or h2-equivalent request. |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 673 | */ |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 674 | int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len, char *upgrade_protocol) |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 675 | { |
| 676 | struct ist phdr_val[H2_PHDR_NUM_ENTRIES]; |
| 677 | uint32_t fields; /* bit mask of H2_PHDR_FND_* */ |
| 678 | uint32_t idx; |
| 679 | int phdr; |
| 680 | int ret; |
| 681 | int i; |
| 682 | struct htx_sl *sl = NULL; |
| 683 | unsigned int sl_flags = 0; |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 684 | const char *ctl; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 685 | |
| 686 | fields = 0; |
| 687 | for (idx = 0; list[idx].n.len != 0; idx++) { |
Tim Duesterhus | 7750850 | 2022-03-15 13:11:06 +0100 | [diff] [blame] | 688 | if (!isttest(list[idx].n)) { |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 689 | /* this is an indexed pseudo-header */ |
| 690 | phdr = list[idx].n.len; |
| 691 | } |
| 692 | else { |
| 693 | /* this can be any type of header */ |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 694 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 695 | * #10.3: header names must be valid (i.e. match a token). |
| 696 | * For pseudo-headers we check from 2nd char and for other ones |
| 697 | * from the first char, because HTTP_IS_TOKEN() also excludes |
| 698 | * the colon. |
| 699 | */ |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 700 | phdr = h2_str_to_phdr(list[idx].n); |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 701 | |
| 702 | for (i = !!phdr; i < list[idx].n.len; i++) |
| 703 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
| 704 | goto fail; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 705 | } |
| 706 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 707 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 708 | * rejecting NUL, CR and LF characters. |
| 709 | */ |
| 710 | ctl = ist_find_ctl(list[idx].v); |
| 711 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 712 | goto fail; |
| 713 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 714 | if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { |
| 715 | /* insert a pseudo header by its index (in phdr) and value (in value) */ |
| 716 | if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) { |
| 717 | if (fields & H2_PHDR_FND_NONE) { |
| 718 | /* pseudo header field after regular headers */ |
| 719 | goto fail; |
| 720 | } |
| 721 | else { |
| 722 | /* repeated pseudo header field */ |
| 723 | goto fail; |
| 724 | } |
| 725 | } |
| 726 | fields |= 1 << phdr; |
| 727 | phdr_val[phdr] = list[idx].v; |
| 728 | continue; |
| 729 | } |
| 730 | else if (phdr != 0) { |
| 731 | /* invalid pseudo header -- should never happen here */ |
| 732 | goto fail; |
| 733 | } |
| 734 | |
| 735 | /* regular header field in (name,value) */ |
| 736 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 737 | /* no more pseudo-headers, time to build the status line */ |
| 738 | sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf); |
| 739 | if (!sl) |
| 740 | goto fail; |
| 741 | fields |= H2_PHDR_FND_NONE; |
| 742 | } |
| 743 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 744 | if (isteq(list[idx].n, ist("content-length"))) { |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 745 | ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len); |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 746 | if (ret < 0) |
| 747 | goto fail; |
| 748 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 749 | sl_flags |= HTX_SL_F_CLEN; |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 750 | if (ret == 0) |
| 751 | continue; // skip this duplicate |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 752 | } |
| 753 | |
| 754 | /* these ones are forbidden in responses (RFC7540#8.1.2.2) */ |
| 755 | if (isteq(list[idx].n, ist("connection")) || |
| 756 | isteq(list[idx].n, ist("proxy-connection")) || |
| 757 | isteq(list[idx].n, ist("keep-alive")) || |
| 758 | isteq(list[idx].n, ist("upgrade")) || |
| 759 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 760 | goto fail; |
| 761 | |
| 762 | if (!htx_add_header(htx, list[idx].n, list[idx].v)) |
| 763 | goto fail; |
| 764 | } |
| 765 | |
| 766 | /* RFC7540#8.1.2.1 mandates to reject request pseudo-headers */ |
| 767 | if (fields & (H2_PHDR_FND_AUTH|H2_PHDR_FND_METH|H2_PHDR_FND_PATH|H2_PHDR_FND_SCHM)) |
| 768 | goto fail; |
| 769 | |
| 770 | /* Let's dump the request now if not yet emitted. */ |
| 771 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 772 | sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf); |
| 773 | if (!sl) |
| 774 | goto fail; |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 775 | } |
| 776 | |
| 777 | if (sl->info.res.status == 101 && upgrade_protocol) { |
| 778 | if (!htx_add_header(htx, ist("connection"), ist("upgrade"))) |
| 779 | goto fail; |
| 780 | if (!htx_add_header(htx, ist("upgrade"), ist(upgrade_protocol))) |
| 781 | goto fail; |
| 782 | sl_flags |= HTX_SL_F_CONN_UPG; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 783 | } |
| 784 | |
Amaury Denoyelle | 7416274 | 2020-12-11 17:53:05 +0100 | [diff] [blame] | 785 | if ((*msgf & H2_MSGF_BODY_TUNNEL) && |
| 786 | ((sl->info.res.status >= 200 && sl->info.res.status < 300) || sl->info.res.status == 101)) |
Christopher Faulet | d0db423 | 2021-01-22 11:46:30 +0100 | [diff] [blame] | 787 | *msgf &= ~(H2_MSGF_BODY|H2_MSGF_BODY_CL); |
| 788 | else |
| 789 | *msgf &= ~H2_MSGF_BODY_TUNNEL; |
| 790 | |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 791 | if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0) || |
| 792 | (*msgf & H2_MSGF_BODY_TUNNEL)) { |
Ilya Shipitsin | acf8459 | 2021-02-06 22:29:08 +0500 | [diff] [blame] | 793 | /* Response without body or tunnel successfully established */ |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 794 | sl_flags |= HTX_SL_F_BODYLESS; |
Christopher Faulet | d1ac2b9 | 2020-12-02 19:12:22 +0100 | [diff] [blame] | 795 | htx->flags |= HTX_FL_EOM; |
| 796 | } |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 797 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 798 | /* update the start line with last detected header info */ |
| 799 | sl->flags |= sl_flags; |
| 800 | |
| 801 | if ((*msgf & (H2_MSGF_BODY|H2_MSGF_BODY_TUNNEL|H2_MSGF_BODY_CL)) == H2_MSGF_BODY) { |
| 802 | /* FIXME: Do we need to signal anything when we have a body and |
| 803 | * no content-length, to have the equivalent of H1's chunked |
| 804 | * encoding? |
| 805 | */ |
| 806 | } |
| 807 | |
| 808 | /* now send the end of headers marker */ |
Christopher Faulet | 5be651d | 2021-01-22 15:28:03 +0100 | [diff] [blame] | 809 | if (!htx_add_endof(htx, HTX_BLK_EOH)) |
| 810 | goto fail; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 811 | |
| 812 | ret = 1; |
| 813 | return ret; |
| 814 | |
| 815 | fail: |
| 816 | return -1; |
| 817 | } |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 818 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 819 | /* Takes an H2 headers list <list> terminated by a name being <NULL,0> and emits |
| 820 | * the equivalent HTX trailers blocks. The output contents are emitted in <htx>, |
| 821 | * and a positive value is returned if some bytes were emitted. In case of |
| 822 | * error, a negative error code is returned. The caller must have verified that |
| 823 | * the message in the buffer is compatible with receipt of trailers. |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 824 | * |
| 825 | * The headers list <list> must be composed of : |
| 826 | * - n.name != NULL, n.len > 0 : literal header name |
| 827 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 828 | * among H2_PHDR_IDX_* (illegal here) |
| 829 | * - n.name ignored, n.len == 0 : end of list |
| 830 | * - in all cases except the end of list, v.name and v.len must designate a |
| 831 | * valid value. |
| 832 | */ |
| 833 | int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx) |
| 834 | { |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 835 | const char *ctl; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 836 | uint32_t idx; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 837 | int i; |
| 838 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 839 | for (idx = 0; list[idx].n.len != 0; idx++) { |
Tim Duesterhus | 7750850 | 2022-03-15 13:11:06 +0100 | [diff] [blame] | 840 | if (!isttest(list[idx].n)) { |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 841 | /* This is an indexed pseudo-header (RFC7540#8.1.2.1) */ |
| 842 | goto fail; |
| 843 | } |
| 844 | |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 845 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 846 | * #10.3: header names must be valid (i.e. match a token). This |
| 847 | * also catches pseudo-headers which are forbidden in trailers. |
| 848 | */ |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 849 | for (i = 0; i < list[idx].n.len; i++) |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 850 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 851 | goto fail; |
| 852 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 853 | /* these ones are forbidden in trailers (RFC7540#8.1.2.2) */ |
| 854 | if (isteq(list[idx].n, ist("host")) || |
| 855 | isteq(list[idx].n, ist("content-length")) || |
| 856 | isteq(list[idx].n, ist("connection")) || |
| 857 | isteq(list[idx].n, ist("proxy-connection")) || |
| 858 | isteq(list[idx].n, ist("keep-alive")) || |
| 859 | isteq(list[idx].n, ist("upgrade")) || |
| 860 | isteq(list[idx].n, ist("te")) || |
| 861 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 862 | goto fail; |
| 863 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 864 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 865 | * rejecting NUL, CR and LF characters. |
| 866 | */ |
| 867 | ctl = ist_find_ctl(list[idx].v); |
| 868 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 869 | goto fail; |
| 870 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 871 | if (!htx_add_trailer(htx, list[idx].n, list[idx].v)) |
| 872 | goto fail; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 873 | } |
| 874 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 875 | if (!htx_add_endof(htx, HTX_BLK_EOT)) |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 876 | goto fail; |
| 877 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 878 | return 1; |
| 879 | |
| 880 | fail: |
| 881 | return -1; |
| 882 | } |