Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / cd72d8c9813c0876866502f16cfab672346e093d / . / src / h2.c
blob: fa72e1c902bee272d4eeb6928d08f1654856f2a1 [file] [log] [blame]
Willy Tarreauf24ea8e2017-11-21 19:55:27 +0100[diff] [blame]1/*
2 * HTTP/2 protocol processing
3 *
4 * Copyright 2017 Willy Tarreau <w@1wt.eu>
5 * Copyright (C) 2017 HAProxy Technologies
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining
8 * a copy of this software and associated documentation files (the
9 * "Software"), to deal in the Software without restriction, including
10 * without limitation the rights to use, copy, modify, merge, publish,
11 * distribute, sublicense, and/or sell copies of the Software, and to
12 * permit persons to whom the Software is furnished to do so, subject to
13 * the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be
16 * included in all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
20 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
23 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
26 */
27
Willy Tarreaua1bd1fa2019-03-29 17:26:33 +0100[diff] [blame]28#include <inttypes.h>
Willy Tarreau4c7e4b72020-05-27 12:58:42 +0200[diff] [blame]29#include <haproxy/api.h>
Willy Tarreaucd72d8c2020-06-02 19:11:26 +0200[diff] [blame^]30#include <haproxy/http.h>
Willy Tarreauf24ea8e2017-11-21 19:55:27 +0100[diff] [blame]31#include <common/h2.h>
32#include <common/http-hdr.h>
Willy Tarreaueb6f7012020-05-27 16:21:26 +0200[diff] [blame]33#include <import/ist.h>
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]34#include <types/global.h>
Willy Tarreauf24ea8e2017-11-21 19:55:27 +0100[diff] [blame]35
Willy Tarreau9c84d822019-01-30 15:09:21 +0100[diff] [blame]36struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = {
37 [H2_FT_DATA ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
38 [H2_FT_HEADERS ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 1, .max_len = H2_MAX_FRAME_LEN, },
39 [H2_FT_PRIORITY ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 5, .max_len = 5, },
40 [H2_FT_RST_STREAM ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
41 [H2_FT_SETTINGS ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
42 [H2_FT_PUSH_PROMISE ] = { .dir = 0, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = H2_MAX_FRAME_LEN, },
43 [H2_FT_PING ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = 8, },
44 [H2_FT_GOAWAY ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = H2_MAX_FRAME_LEN, },
45 [H2_FT_WINDOW_UPDATE] = { .dir = 3, .min_id = 0, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
46 [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
47};
Willy Tarreauf24ea8e2017-11-21 19:55:27 +0100[diff] [blame]48
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]49/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A,
50 * 0x0D), starting at pointer <start> which must be within <ist>. Returns
51 * non-zero if such a character is found, 0 otherwise. When run on unlikely
52 * header match, it's recommended to first check for the presence of control
53 * chars using ist_find_ctl().
54 */
55static int has_forbidden_char(const struct ist ist, const char *start)
56{
57 do {
58 if ((uint8_t)*start <= 0x0d &&
59 (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0)))
60 return 1;
61 start++;
62 } while (start < ist.ptr + ist.len);
63 return 0;
64}
65
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]66/* Parse the Content-Length header field of an HTTP/2 request. The function
67 * checks all possible occurrences of a comma-delimited value, and verifies
68 * if any of them doesn't match a previous value. It returns <0 if a value
69 * differs, 0 if the whole header can be dropped (i.e. already known), or >0
70 * if the value can be indexed (first one). In the last case, the value might
71 * be adjusted and the caller must only add the updated value.
72 */
73int h2_parse_cont_len_header(unsigned int *msgf, struct ist *value, unsigned long long *body_len)
74{
75 char *e, *n;
76 unsigned long long cl;
77 int not_first = !!(*msgf & H2_MSGF_BODY_CL);
78 struct ist word;
79
80 word.ptr = value->ptr - 1; // -1 for next loop's pre-increment
81 e = value->ptr + value->len;
82
83 while (++word.ptr < e) {
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +0500[diff] [blame]84 /* skip leading delimiter and blanks */
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]85 if (unlikely(HTTP_IS_LWS(*word.ptr)))
86 continue;
87
88 /* digits only now */
89 for (cl = 0, n = word.ptr; n < e; n++) {
90 unsigned int c = *n - '0';
91 if (unlikely(c > 9)) {
92 /* non-digit */
93 if (unlikely(n == word.ptr)) // spaces only
94 goto fail;
95 break;
96 }
97 if (unlikely(cl > ULLONG_MAX / 10ULL))
98 goto fail; /* multiply overflow */
99 cl = cl * 10ULL;
100 if (unlikely(cl + c < cl))
101 goto fail; /* addition overflow */
102 cl = cl + c;
103 }
104
105 /* keep a copy of the exact cleaned value */
106 word.len = n - word.ptr;
107
108 /* skip trailing LWS till next comma or EOL */
109 for (; n < e; n++) {
110 if (!HTTP_IS_LWS(*n)) {
111 if (unlikely(*n != ','))
112 goto fail;
113 break;
114 }
115 }
116
117 /* if duplicate, must be equal */
118 if (*msgf & H2_MSGF_BODY_CL && cl != *body_len)
119 goto fail;
120
121 /* OK, store this result as the one to be indexed */
122 *msgf |= H2_MSGF_BODY_CL;
123 *body_len = cl;
124 *value = word;
125 word.ptr = n;
126 }
127 /* here we've reached the end with a single value or a series of
128 * identical values, all matching previous series if any. The last
129 * parsed value was sent back into <value>. We just have to decide
130 * if this occurrence has to be indexed (it's the first one) or
131 * silently skipped (it's not the first one)
132 */
133 return !not_first;
134 fail:
135 return -1;
136}
137
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]138/* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>.
139 * <fields> indicates what was found so far. This should be called once at the
140 * detection of the first general header field or at the end of the request if
141 * no general header field was found yet. Returns the created start line on
142 * success, or NULL on failure. Upon success, <msgf> is updated with a few
143 * H2_MSGF_* flags indicating what was found while parsing.
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]144 *
145 * The rules below deserve a bit of explanation. There tends to be some
146 * confusion regarding H2's authority vs the Host header. They are different
147 * though may sometimes be exchanged. In H2, the request line is broken into :
148 * - :method
149 * - :scheme
150 * - :authority
151 * - :path
152 *
153 * An equivalent HTTP/1.x absolute-form request would then look like :
154 * <:method> <:scheme>://<:authority><:path> HTTP/x.y
155 *
156 * Except for CONNECT which doesn't have scheme nor path and looks like :
157 * <:method> <:authority> HTTP/x.y
158 *
159 * It's worth noting that H2 still supports an encoding to map H1 origin-form
160 * and asterisk-form requests. These ones do not specify the authority. However
161 * in H2 they must still specify the scheme, which is not present in H1. Also,
162 * when encoding an absolute-form H1 request without a path, the path
163 * automatically becomes "/" except for the OPTIONS method where it
164 * becomes "*".
165 *
166 * As such it is explicitly permitted for an H2 client to send a request
167 * featuring a Host header and no :authority, though it's not the recommended
168 * way to use H2 for a client. It is however the only permitted way to encode
169 * an origin-form H1 request over H2. Thus we need to respect such differences
170 * as much as possible when re-encoding the H2 request into HTX.
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]171 */
172static struct htx_sl *h2_prepare_htx_reqline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
173{
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]174 struct ist uri;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]175 unsigned int flags = HTX_SL_F_NONE;
176 struct htx_sl *sl;
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100[diff] [blame]177 size_t i;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]178
179 if ((fields & H2_PHDR_FND_METH) && isteq(phdr[H2_PHDR_IDX_METH], ist("CONNECT"))) {
180 /* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path"
181 * MUST be omitted ; ":authority" contains the host and port
182 * to connect to.
183 */
184 if (fields & H2_PHDR_FND_SCHM) {
185 /* scheme not allowed */
186 goto fail;
187 }
188 else if (fields & H2_PHDR_FND_PATH) {
189 /* path not allowed */
190 goto fail;
191 }
192 else if (!(fields & H2_PHDR_FND_AUTH)) {
193 /* missing authority */
194 goto fail;
195 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]196 *msgf |= H2_MSGF_BODY_TUNNEL;
197 }
198 else if ((fields & (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) !=
199 (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) {
200 /* RFC 7540 #8.1.2.3 : all requests MUST include exactly one
201 * valid value for the ":method", ":scheme" and ":path" phdr
202 * unless it is a CONNECT request.
203 */
204 if (!(fields & H2_PHDR_FND_METH)) {
205 /* missing method */
206 goto fail;
207 }
208 else if (!(fields & H2_PHDR_FND_SCHM)) {
209 /* missing scheme */
210 goto fail;
211 }
212 else {
213 /* missing path */
214 goto fail;
215 }
216 }
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]217 else { /* regular methods */
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]218 /* RFC3986#6.2.2.1: scheme is case-insensitive. We need to
219 * classify the scheme as "present/http", "present/https",
220 * "present/other", "absent" so as to decide whether or not
221 * we're facing a normalized URI that will have to be encoded
222 * in origin or absolute form. Indeed, 7540#8.1.2.3 says that
223 * clients should use the absolute form, thus we cannot infer
224 * whether or not the client wanted to use a proxy here.
225 */
226 flags |= HTX_SL_F_HAS_SCHM;
227 if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http")))
228 flags |= HTX_SL_F_SCHM_HTTP;
229 else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https")))
230 flags |= HTX_SL_F_SCHM_HTTPS;
231 }
232
233 if (!(flags & HTX_SL_F_HAS_SCHM)) {
234 /* no scheme, use authority only (CONNECT) */
235 uri = phdr[H2_PHDR_IDX_AUTH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200[diff] [blame]236 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]237 }
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200[diff] [blame]238 else if (fields & H2_PHDR_FND_AUTH) {
239 /* authority is present, let's use the absolute form. We simply
240 * use the trash to concatenate them since all of them MUST fit
241 * in a bufsize since it's where they come from.
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]242 */
Willy Tarreaufd2658c2020-02-26 13:51:38 +0100[diff] [blame]243 if (unlikely(!phdr[H2_PHDR_IDX_PATH].len))
244 goto fail; // 7540#8.1.2.3: :path must not be empty
245
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]246 uri = ist2bin(trash.area, phdr[H2_PHDR_IDX_SCHM]);
247 istcat(&uri, ist("://"), trash.size);
248 istcat(&uri, phdr[H2_PHDR_IDX_AUTH], trash.size);
249 if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*")))
250 istcat(&uri, phdr[H2_PHDR_IDX_PATH], trash.size);
Willy Tarreau1440fe82019-10-08 17:34:50 +0200[diff] [blame]251 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200[diff] [blame]252
253 if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) {
254 /* we don't know if it was originally an absolute or a
255 * relative request because newer versions of HTTP use
256 * the absolute URI format by default, which we call
257 * the normalized URI format internally. This is the
258 * strongly recommended way of sending a request for
259 * a regular client, so we cannot distinguish this
260 * from a request intended for a proxy. For other
261 * schemes however there is no doubt.
262 */
263 flags |= HTX_SL_F_NORMALIZED_URI;
264 }
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]265 }
266 else {
267 /* usual schemes with or without authority, use origin form */
268 uri = phdr[H2_PHDR_IDX_PATH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200[diff] [blame]269 if (fields & H2_PHDR_FND_AUTH)
270 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]271 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]272
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]273 /* make sure the final URI isn't empty. Note that 7540#8.1.2.3 states
274 * that :path must not be empty.
275 */
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]276 if (!uri.len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]277 goto fail;
278
Willy Tarreau2be362c2019-10-08 11:59:37 +0200[diff] [blame]279 /* The final URI must not contain LWS nor CTL characters */
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]280 for (i = 0; i < uri.len; i++) {
281 unsigned char c = uri.ptr[i];
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100[diff] [blame]282 if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c))
283 htx->flags |= HTX_FL_PARSING_ERROR;
284 }
285
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]286 /* Set HTX start-line flags */
287 flags |= HTX_SL_F_VER_11; // V2 in fact
288 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
289
Willy Tarreau92919f72019-10-08 16:53:07 +0200[diff] [blame]290 sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, phdr[H2_PHDR_IDX_METH], uri, ist("HTTP/2.0"));
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]291 if (!sl)
292 goto fail;
293
294 sl->info.req.meth = find_http_meth(phdr[H2_PHDR_IDX_METH].ptr, phdr[H2_PHDR_IDX_METH].len);
295 return sl;
296 fail:
297 return NULL;
298}
299
300/* Takes an H2 request present in the headers list <list> terminated by a name
301 * being <NULL,0> and emits the equivalent HTX request according to the rules
302 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
303 * non-zero is returned if some bytes were emitted. In case of error, a
304 * negative error code is returned.
305 *
306 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
307 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
308 * if a body is detected (!ES).
309 *
310 * The headers list <list> must be composed of :
311 * - n.name != NULL, n.len > 0 : literal header name
312 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
313 * among H2_PHDR_IDX_*
314 * - n.name ignored, n.len == 0 : end of list
315 * - in all cases except the end of list, v.name and v.len must designate a
316 * valid value.
317 *
318 * The Cookie header will be reassembled at the end, and for this, the <list>
319 * will be used to create a linked list, so its contents may be destroyed.
320 */
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100[diff] [blame]321int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]322{
323 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
324 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
325 uint32_t idx;
326 int ck, lck; /* cookie index and last cookie index */
327 int phdr;
328 int ret;
329 int i;
Christopher Faulet33543e72019-05-15 15:53:20 +0200[diff] [blame]330 uint32_t used = htx_used_space(htx);
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]331 struct htx_sl *sl = NULL;
332 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]333 const char *ctl;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]334
335 lck = ck = -1; // no cookie for now
336 fields = 0;
337 for (idx = 0; list[idx].n.len != 0; idx++) {
338 if (!list[idx].n.ptr) {
339 /* this is an indexed pseudo-header */
340 phdr = list[idx].n.len;
341 }
342 else {
343 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]344 /* RFC7540#8.1.2: upper case not allowed in header field names.
345 * #10.3: header names must be valid (i.e. match a token).
346 * For pseudo-headers we check from 2nd char and for other ones
347 * from the first char, because HTTP_IS_TOKEN() also excludes
348 * the colon.
349 */
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]350 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]351
352 for (i = !!phdr; i < list[idx].n.len; i++)
353 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
354 goto fail;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]355 }
356
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]357 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
358 * rejecting NUL, CR and LF characters.
359 */
360 ctl = ist_find_ctl(list[idx].v);
361 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
362 goto fail;
363
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]364 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
365 /* insert a pseudo header by its index (in phdr) and value (in value) */
366 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
367 if (fields & H2_PHDR_FND_NONE) {
368 /* pseudo header field after regular headers */
369 goto fail;
370 }
371 else {
372 /* repeated pseudo header field */
373 goto fail;
374 }
375 }
376 fields |= 1 << phdr;
377 phdr_val[phdr] = list[idx].v;
378 continue;
379 }
380 else if (phdr != 0) {
381 /* invalid pseudo header -- should never happen here */
382 goto fail;
383 }
384
385 /* regular header field in (name,value) */
386 if (unlikely(!(fields & H2_PHDR_FND_NONE))) {
387 /* no more pseudo-headers, time to build the request line */
388 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
389 if (!sl)
390 goto fail;
391 fields |= H2_PHDR_FND_NONE;
392 }
393
394 if (isteq(list[idx].n, ist("host")))
395 fields |= H2_PHDR_FND_HOST;
396
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]397 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100[diff] [blame]398 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]399 if (ret < 0)
400 goto fail;
401
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]402 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]403 if (ret == 0)
404 continue; // skip this duplicate
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]405 }
406
407 /* these ones are forbidden in requests (RFC7540#8.1.2.2) */
408 if (isteq(list[idx].n, ist("connection")) ||
409 isteq(list[idx].n, ist("proxy-connection")) ||
410 isteq(list[idx].n, ist("keep-alive")) ||
411 isteq(list[idx].n, ist("upgrade")) ||
412 isteq(list[idx].n, ist("transfer-encoding")))
413 goto fail;
414
415 if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers")))
416 goto fail;
417
418 /* cookie requires special processing at the end */
419 if (isteq(list[idx].n, ist("cookie"))) {
420 list[idx].n.len = -1;
421
422 if (ck < 0)
423 ck = idx;
424 else
425 list[lck].n.len = idx;
426
427 lck = idx;
428 continue;
429 }
430
431 if (!htx_add_header(htx, list[idx].n, list[idx].v))
432 goto fail;
433 }
434
435 /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */
436 if (fields & H2_PHDR_FND_STAT)
437 goto fail;
438
439 /* Let's dump the request now if not yet emitted. */
440 if (!(fields & H2_PHDR_FND_NONE)) {
441 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
442 if (!sl)
443 goto fail;
444 }
445
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100[diff] [blame]446 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0))
447 sl_flags |= HTX_SL_F_BODYLESS;
448
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]449 /* update the start line with last detected header info */
450 sl->flags |= sl_flags;
451
452 /* complete with missing Host if needed */
453 if ((fields & (H2_PHDR_FND_HOST|H2_PHDR_FND_AUTH)) == H2_PHDR_FND_AUTH) {
454 /* missing Host field, use :authority instead */
455 if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH]))
456 goto fail;
457 }
458
459 /* now we may have to build a cookie list. We'll dump the values of all
460 * visited headers.
461 */
462 if (ck >= 0) {
463 uint32_t fs; // free space
464 uint32_t bs; // block size
465 uint32_t vl; // value len
Willy Tarreau164e0612018-12-18 11:00:41 +0100[diff] [blame]466 uint32_t tl; // total length
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]467 struct htx_blk *blk;
468
469 blk = htx_add_header(htx, ist("cookie"), list[ck].v);
470 if (!blk)
471 goto fail;
472
Willy Tarreau164e0612018-12-18 11:00:41 +0100[diff] [blame]473 tl = list[ck].v.len;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]474 fs = htx_free_data_space(htx);
475 bs = htx_get_blksz(blk);
476
477 /* for each extra cookie, we'll extend the cookie's value and
478 * insert "; " before the new value.
479 */
Willy Tarreau164e0612018-12-18 11:00:41 +0100[diff] [blame]480 fs += tl; // first one is already counted
481 for (; (ck = list[ck].n.len) >= 0 ; ) {
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]482 vl = list[ck].v.len;
Willy Tarreau164e0612018-12-18 11:00:41 +0100[diff] [blame]483 tl += vl + 2;
484 if (tl > fs)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]485 goto fail;
486
Christopher Faulet3e2638e2019-06-18 09:49:16 +0200[diff] [blame]487 htx_change_blk_value_len(htx, blk, tl);
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]488 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';';
489 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' ';
490 memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl);
491 bs += vl + 2;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]492 }
493
494 }
495
496 /* now send the end of headers marker */
497 htx_add_endof(htx, HTX_BLK_EOH);
498
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +0500[diff] [blame]499 /* Set bytes used in the HTX message for the headers now */
Christopher Faulet33543e72019-05-15 15:53:20 +0200[diff] [blame]500 sl->hdrs_bytes = htx_used_space(htx) - used;
501
Willy Tarreau6deb4122018-11-27 15:34:18 +0100[diff] [blame]502 ret = 1;
503 return ret;
504
505 fail:
506 return -1;
507}
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]508
509/* Prepare the status line into <htx> from pseudo headers stored in <phdr[]>.
510 * <fields> indicates what was found so far. This should be called once at the
511 * detection of the first general header field or at the end of the message if
512 * no general header field was found yet. Returns the created start line on
513 * success, or NULL on failure. Upon success, <msgf> is updated with a few
514 * H2_MSGF_* flags indicating what was found while parsing.
515 */
516static struct htx_sl *h2_prepare_htx_stsline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
517{
518 unsigned int flags = HTX_SL_F_NONE;
519 struct htx_sl *sl;
520 unsigned char h, t, u;
521
522 /* only :status is allowed as a pseudo header */
523 if (!(fields & H2_PHDR_FND_STAT))
524 goto fail;
525
526 if (phdr[H2_PHDR_IDX_STAT].len != 3)
527 goto fail;
528
529 /* Set HTX start-line flags */
530 flags |= HTX_SL_F_VER_11; // V2 in fact
531 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
532
533 sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, ist("HTTP/2.0"), phdr[H2_PHDR_IDX_STAT], ist(""));
534 if (!sl)
535 goto fail;
536
537 h = phdr[H2_PHDR_IDX_STAT].ptr[0] - '0';
538 t = phdr[H2_PHDR_IDX_STAT].ptr[1] - '0';
539 u = phdr[H2_PHDR_IDX_STAT].ptr[2] - '0';
540 if (h > 9 || t > 9 || u > 9)
541 goto fail;
542
543 sl->info.res.status = h * 100 + t * 10 + u;
544
Christopher Faulet0b465482019-02-19 15:14:23 +0100[diff] [blame]545 /* On 1xx responses (except 101) there is no ES on the HEADERS frame but
546 * there is no body. So remove the flag H2_MSGF_BODY and add
547 * H2_MSGF_RSP_1XX to notify the decoder another HEADERS frame is
548 * expected.
549 */
550 if (sl->info.res.status < 200 &&
551 (sl->info.res.status == 100 || sl->info.res.status >= 102)) {
552 *msgf |= H2_MSGF_RSP_1XX;
553 *msgf &= ~H2_MSGF_BODY;
554 }
555
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]556 return sl;
557 fail:
558 return NULL;
559}
560
561/* Takes an H2 response present in the headers list <list> terminated by a name
562 * being <NULL,0> and emits the equivalent HTX response according to the rules
563 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
564 * a positive value is returned if some bytes were emitted. In case of error, a
565 * negative error code is returned.
566 *
567 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
568 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
569 * if a body is detected (!ES).
570 *
571 * The headers list <list> must be composed of :
572 * - n.name != NULL, n.len > 0 : literal header name
573 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
574 * among H2_PHDR_IDX_*
575 * - n.name ignored, n.len == 0 : end of list
576 * - in all cases except the end of list, v.name and v.len must designate a
577 * valid value.
578 */
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100[diff] [blame]579int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len)
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]580{
581 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
582 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
583 uint32_t idx;
584 int phdr;
585 int ret;
586 int i;
Christopher Faulet33543e72019-05-15 15:53:20 +0200[diff] [blame]587 uint32_t used = htx_used_space(htx);
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]588 struct htx_sl *sl = NULL;
589 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]590 const char *ctl;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]591
592 fields = 0;
593 for (idx = 0; list[idx].n.len != 0; idx++) {
594 if (!list[idx].n.ptr) {
595 /* this is an indexed pseudo-header */
596 phdr = list[idx].n.len;
597 }
598 else {
599 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]600 /* RFC7540#8.1.2: upper case not allowed in header field names.
601 * #10.3: header names must be valid (i.e. match a token).
602 * For pseudo-headers we check from 2nd char and for other ones
603 * from the first char, because HTTP_IS_TOKEN() also excludes
604 * the colon.
605 */
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]606 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]607
608 for (i = !!phdr; i < list[idx].n.len; i++)
609 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
610 goto fail;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]611 }
612
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]613 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
614 * rejecting NUL, CR and LF characters.
615 */
616 ctl = ist_find_ctl(list[idx].v);
617 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
618 goto fail;
619
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]620 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
621 /* insert a pseudo header by its index (in phdr) and value (in value) */
622 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
623 if (fields & H2_PHDR_FND_NONE) {
624 /* pseudo header field after regular headers */
625 goto fail;
626 }
627 else {
628 /* repeated pseudo header field */
629 goto fail;
630 }
631 }
632 fields |= 1 << phdr;
633 phdr_val[phdr] = list[idx].v;
634 continue;
635 }
636 else if (phdr != 0) {
637 /* invalid pseudo header -- should never happen here */
638 goto fail;
639 }
640
641 /* regular header field in (name,value) */
642 if (!(fields & H2_PHDR_FND_NONE)) {
643 /* no more pseudo-headers, time to build the status line */
644 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
645 if (!sl)
646 goto fail;
647 fields |= H2_PHDR_FND_NONE;
648 }
649
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]650 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100[diff] [blame]651 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]652 if (ret < 0)
653 goto fail;
654
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]655 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100[diff] [blame]656 if (ret == 0)
657 continue; // skip this duplicate
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]658 }
659
660 /* these ones are forbidden in responses (RFC7540#8.1.2.2) */
661 if (isteq(list[idx].n, ist("connection")) ||
662 isteq(list[idx].n, ist("proxy-connection")) ||
663 isteq(list[idx].n, ist("keep-alive")) ||
664 isteq(list[idx].n, ist("upgrade")) ||
665 isteq(list[idx].n, ist("transfer-encoding")))
666 goto fail;
667
668 if (!htx_add_header(htx, list[idx].n, list[idx].v))
669 goto fail;
670 }
671
672 /* RFC7540#8.1.2.1 mandates to reject request pseudo-headers */
673 if (fields & (H2_PHDR_FND_AUTH|H2_PHDR_FND_METH|H2_PHDR_FND_PATH|H2_PHDR_FND_SCHM))
674 goto fail;
675
676 /* Let's dump the request now if not yet emitted. */
677 if (!(fields & H2_PHDR_FND_NONE)) {
678 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
679 if (!sl)
680 goto fail;
681 }
682
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100[diff] [blame]683 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0))
684 sl_flags |= HTX_SL_F_BODYLESS;
685
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]686 /* update the start line with last detected header info */
687 sl->flags |= sl_flags;
688
689 if ((*msgf & (H2_MSGF_BODY|H2_MSGF_BODY_TUNNEL|H2_MSGF_BODY_CL)) == H2_MSGF_BODY) {
690 /* FIXME: Do we need to signal anything when we have a body and
691 * no content-length, to have the equivalent of H1's chunked
692 * encoding?
693 */
694 }
695
696 /* now send the end of headers marker */
697 htx_add_endof(htx, HTX_BLK_EOH);
698
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +0500[diff] [blame]699 /* Set bytes used in the HTX message for the headers now */
Christopher Faulet33543e72019-05-15 15:53:20 +0200[diff] [blame]700 sl->hdrs_bytes = htx_used_space(htx) - used;
701
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200[diff] [blame]702 ret = 1;
703 return ret;
704
705 fail:
706 return -1;
707}
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]708
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200[diff] [blame]709/* Takes an H2 headers list <list> terminated by a name being <NULL,0> and emits
710 * the equivalent HTX trailers blocks. The output contents are emitted in <htx>,
711 * and a positive value is returned if some bytes were emitted. In case of
712 * error, a negative error code is returned. The caller must have verified that
713 * the message in the buffer is compatible with receipt of trailers.
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]714 *
715 * The headers list <list> must be composed of :
716 * - n.name != NULL, n.len > 0 : literal header name
717 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
718 * among H2_PHDR_IDX_* (illegal here)
719 * - n.name ignored, n.len == 0 : end of list
720 * - in all cases except the end of list, v.name and v.len must designate a
721 * valid value.
722 */
723int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx)
724{
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]725 const char *ctl;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]726 uint32_t idx;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]727 int i;
728
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]729 for (idx = 0; list[idx].n.len != 0; idx++) {
730 if (!list[idx].n.ptr) {
731 /* This is an indexed pseudo-header (RFC7540#8.1.2.1) */
732 goto fail;
733 }
734
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]735 /* RFC7540#8.1.2: upper case not allowed in header field names.
736 * #10.3: header names must be valid (i.e. match a token). This
737 * also catches pseudo-headers which are forbidden in trailers.
738 */
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]739 for (i = 0; i < list[idx].n.len; i++)
Willy Tarreau146f53a2019-11-24 10:34:39 +0100[diff] [blame]740 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]741 goto fail;
742
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]743 /* these ones are forbidden in trailers (RFC7540#8.1.2.2) */
744 if (isteq(list[idx].n, ist("host")) ||
745 isteq(list[idx].n, ist("content-length")) ||
746 isteq(list[idx].n, ist("connection")) ||
747 isteq(list[idx].n, ist("proxy-connection")) ||
748 isteq(list[idx].n, ist("keep-alive")) ||
749 isteq(list[idx].n, ist("upgrade")) ||
750 isteq(list[idx].n, ist("te")) ||
751 isteq(list[idx].n, ist("transfer-encoding")))
752 goto fail;
753
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100[diff] [blame]754 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
755 * rejecting NUL, CR and LF characters.
756 */
757 ctl = ist_find_ctl(list[idx].v);
758 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
759 goto fail;
760
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200[diff] [blame]761 if (!htx_add_trailer(htx, list[idx].n, list[idx].v))
762 goto fail;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]763 }
764
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200[diff] [blame]765 if (!htx_add_endof(htx, HTX_BLK_EOT))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]766 goto fail;
767
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100[diff] [blame]768 return 1;
769
770 fail:
771 return -1;
772}