Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 1 | /* |
| 2 | * HTTP/2 protocol processing |
| 3 | * |
| 4 | * Copyright 2017 Willy Tarreau <w@1wt.eu> |
| 5 | * Copyright (C) 2017 HAProxy Technologies |
| 6 | * |
| 7 | * Permission is hereby granted, free of charge, to any person obtaining |
| 8 | * a copy of this software and associated documentation files (the |
| 9 | * "Software"), to deal in the Software without restriction, including |
| 10 | * without limitation the rights to use, copy, modify, merge, publish, |
| 11 | * distribute, sublicense, and/or sell copies of the Software, and to |
| 12 | * permit persons to whom the Software is furnished to do so, subject to |
| 13 | * the following conditions: |
| 14 | * |
| 15 | * The above copyright notice and this permission notice shall be |
| 16 | * included in all copies or substantial portions of the Software. |
| 17 | * |
| 18 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| 19 | * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES |
| 20 | * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| 21 | * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
| 22 | * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
| 23 | * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| 24 | * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
| 25 | * OTHER DEALINGS IN THE SOFTWARE. |
| 26 | */ |
| 27 | |
Willy Tarreau | a1bd1fa | 2019-03-29 17:26:33 +0100 | [diff] [blame] | 28 | #include <inttypes.h> |
Willy Tarreau | 4c7e4b7 | 2020-05-27 12:58:42 +0200 | [diff] [blame] | 29 | #include <haproxy/api.h> |
Willy Tarreau | cd72d8c | 2020-06-02 19:11:26 +0200 | [diff] [blame] | 30 | #include <haproxy/http.h> |
Willy Tarreau | bf07314 | 2020-06-03 12:04:01 +0200 | [diff] [blame] | 31 | #include <haproxy/h2.h> |
Willy Tarreau | 0017be0 | 2020-06-02 19:25:28 +0200 | [diff] [blame] | 32 | #include <haproxy/http-hdr-t.h> |
Willy Tarreau | 16f958c | 2020-06-03 08:44:35 +0200 | [diff] [blame] | 33 | #include <haproxy/htx.h> |
Willy Tarreau | eb6f701 | 2020-05-27 16:21:26 +0200 | [diff] [blame] | 34 | #include <import/ist.h> |
Willy Tarreau | f268ee8 | 2020-06-04 17:05:57 +0200 | [diff] [blame] | 35 | #include <haproxy/global.h> |
Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 36 | |
Willy Tarreau | 9c84d82 | 2019-01-30 15:09:21 +0100 | [diff] [blame] | 37 | struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = { |
| 38 | [H2_FT_DATA ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 39 | [H2_FT_HEADERS ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 1, .max_len = H2_MAX_FRAME_LEN, }, |
| 40 | [H2_FT_PRIORITY ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 5, .max_len = 5, }, |
| 41 | [H2_FT_RST_STREAM ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, }, |
| 42 | [H2_FT_SETTINGS ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 43 | [H2_FT_PUSH_PROMISE ] = { .dir = 0, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = H2_MAX_FRAME_LEN, }, |
| 44 | [H2_FT_PING ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = 8, }, |
| 45 | [H2_FT_GOAWAY ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = H2_MAX_FRAME_LEN, }, |
| 46 | [H2_FT_WINDOW_UPDATE] = { .dir = 3, .min_id = 0, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, }, |
| 47 | [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, }, |
| 48 | }; |
Willy Tarreau | f24ea8e | 2017-11-21 19:55:27 +0100 | [diff] [blame] | 49 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 50 | /* Looks into <ist> for forbidden characters for header values (0x00, 0x0A, |
| 51 | * 0x0D), starting at pointer <start> which must be within <ist>. Returns |
| 52 | * non-zero if such a character is found, 0 otherwise. When run on unlikely |
| 53 | * header match, it's recommended to first check for the presence of control |
| 54 | * chars using ist_find_ctl(). |
| 55 | */ |
| 56 | static int has_forbidden_char(const struct ist ist, const char *start) |
| 57 | { |
| 58 | do { |
| 59 | if ((uint8_t)*start <= 0x0d && |
| 60 | (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0))) |
| 61 | return 1; |
| 62 | start++; |
| 63 | } while (start < ist.ptr + ist.len); |
| 64 | return 0; |
| 65 | } |
| 66 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 67 | /* Parse the Content-Length header field of an HTTP/2 request. The function |
| 68 | * checks all possible occurrences of a comma-delimited value, and verifies |
| 69 | * if any of them doesn't match a previous value. It returns <0 if a value |
| 70 | * differs, 0 if the whole header can be dropped (i.e. already known), or >0 |
| 71 | * if the value can be indexed (first one). In the last case, the value might |
| 72 | * be adjusted and the caller must only add the updated value. |
| 73 | */ |
| 74 | int h2_parse_cont_len_header(unsigned int *msgf, struct ist *value, unsigned long long *body_len) |
| 75 | { |
| 76 | char *e, *n; |
| 77 | unsigned long long cl; |
| 78 | int not_first = !!(*msgf & H2_MSGF_BODY_CL); |
| 79 | struct ist word; |
| 80 | |
| 81 | word.ptr = value->ptr - 1; // -1 for next loop's pre-increment |
| 82 | e = value->ptr + value->len; |
| 83 | |
| 84 | while (++word.ptr < e) { |
Ilya Shipitsin | 6fb0f21 | 2020-04-02 15:25:26 +0500 | [diff] [blame] | 85 | /* skip leading delimiter and blanks */ |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 86 | if (unlikely(HTTP_IS_LWS(*word.ptr))) |
| 87 | continue; |
| 88 | |
| 89 | /* digits only now */ |
| 90 | for (cl = 0, n = word.ptr; n < e; n++) { |
| 91 | unsigned int c = *n - '0'; |
| 92 | if (unlikely(c > 9)) { |
| 93 | /* non-digit */ |
| 94 | if (unlikely(n == word.ptr)) // spaces only |
| 95 | goto fail; |
| 96 | break; |
| 97 | } |
| 98 | if (unlikely(cl > ULLONG_MAX / 10ULL)) |
| 99 | goto fail; /* multiply overflow */ |
| 100 | cl = cl * 10ULL; |
| 101 | if (unlikely(cl + c < cl)) |
| 102 | goto fail; /* addition overflow */ |
| 103 | cl = cl + c; |
| 104 | } |
| 105 | |
| 106 | /* keep a copy of the exact cleaned value */ |
| 107 | word.len = n - word.ptr; |
| 108 | |
| 109 | /* skip trailing LWS till next comma or EOL */ |
| 110 | for (; n < e; n++) { |
| 111 | if (!HTTP_IS_LWS(*n)) { |
| 112 | if (unlikely(*n != ',')) |
| 113 | goto fail; |
| 114 | break; |
| 115 | } |
| 116 | } |
| 117 | |
| 118 | /* if duplicate, must be equal */ |
| 119 | if (*msgf & H2_MSGF_BODY_CL && cl != *body_len) |
| 120 | goto fail; |
| 121 | |
| 122 | /* OK, store this result as the one to be indexed */ |
| 123 | *msgf |= H2_MSGF_BODY_CL; |
| 124 | *body_len = cl; |
| 125 | *value = word; |
| 126 | word.ptr = n; |
| 127 | } |
| 128 | /* here we've reached the end with a single value or a series of |
| 129 | * identical values, all matching previous series if any. The last |
| 130 | * parsed value was sent back into <value>. We just have to decide |
| 131 | * if this occurrence has to be indexed (it's the first one) or |
| 132 | * silently skipped (it's not the first one) |
| 133 | */ |
| 134 | return !not_first; |
| 135 | fail: |
| 136 | return -1; |
| 137 | } |
| 138 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 139 | /* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>. |
| 140 | * <fields> indicates what was found so far. This should be called once at the |
| 141 | * detection of the first general header field or at the end of the request if |
| 142 | * no general header field was found yet. Returns the created start line on |
| 143 | * success, or NULL on failure. Upon success, <msgf> is updated with a few |
| 144 | * H2_MSGF_* flags indicating what was found while parsing. |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 145 | * |
| 146 | * The rules below deserve a bit of explanation. There tends to be some |
| 147 | * confusion regarding H2's authority vs the Host header. They are different |
| 148 | * though may sometimes be exchanged. In H2, the request line is broken into : |
| 149 | * - :method |
| 150 | * - :scheme |
| 151 | * - :authority |
| 152 | * - :path |
| 153 | * |
| 154 | * An equivalent HTTP/1.x absolute-form request would then look like : |
| 155 | * <:method> <:scheme>://<:authority><:path> HTTP/x.y |
| 156 | * |
| 157 | * Except for CONNECT which doesn't have scheme nor path and looks like : |
| 158 | * <:method> <:authority> HTTP/x.y |
| 159 | * |
| 160 | * It's worth noting that H2 still supports an encoding to map H1 origin-form |
| 161 | * and asterisk-form requests. These ones do not specify the authority. However |
| 162 | * in H2 they must still specify the scheme, which is not present in H1. Also, |
| 163 | * when encoding an absolute-form H1 request without a path, the path |
| 164 | * automatically becomes "/" except for the OPTIONS method where it |
| 165 | * becomes "*". |
| 166 | * |
| 167 | * As such it is explicitly permitted for an H2 client to send a request |
| 168 | * featuring a Host header and no :authority, though it's not the recommended |
| 169 | * way to use H2 for a client. It is however the only permitted way to encode |
| 170 | * an origin-form H1 request over H2. Thus we need to respect such differences |
| 171 | * as much as possible when re-encoding the H2 request into HTX. |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 172 | */ |
| 173 | static struct htx_sl *h2_prepare_htx_reqline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf) |
| 174 | { |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 175 | struct ist uri; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 176 | unsigned int flags = HTX_SL_F_NONE; |
| 177 | struct htx_sl *sl; |
Willy Tarreau | 9255e7e | 2019-03-05 10:47:37 +0100 | [diff] [blame] | 178 | size_t i; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 179 | |
| 180 | if ((fields & H2_PHDR_FND_METH) && isteq(phdr[H2_PHDR_IDX_METH], ist("CONNECT"))) { |
| 181 | /* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path" |
| 182 | * MUST be omitted ; ":authority" contains the host and port |
| 183 | * to connect to. |
| 184 | */ |
| 185 | if (fields & H2_PHDR_FND_SCHM) { |
| 186 | /* scheme not allowed */ |
| 187 | goto fail; |
| 188 | } |
| 189 | else if (fields & H2_PHDR_FND_PATH) { |
| 190 | /* path not allowed */ |
| 191 | goto fail; |
| 192 | } |
| 193 | else if (!(fields & H2_PHDR_FND_AUTH)) { |
| 194 | /* missing authority */ |
| 195 | goto fail; |
| 196 | } |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 197 | *msgf |= H2_MSGF_BODY_TUNNEL; |
| 198 | } |
| 199 | else if ((fields & (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) != |
| 200 | (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) { |
| 201 | /* RFC 7540 #8.1.2.3 : all requests MUST include exactly one |
| 202 | * valid value for the ":method", ":scheme" and ":path" phdr |
| 203 | * unless it is a CONNECT request. |
| 204 | */ |
| 205 | if (!(fields & H2_PHDR_FND_METH)) { |
| 206 | /* missing method */ |
| 207 | goto fail; |
| 208 | } |
| 209 | else if (!(fields & H2_PHDR_FND_SCHM)) { |
| 210 | /* missing scheme */ |
| 211 | goto fail; |
| 212 | } |
| 213 | else { |
| 214 | /* missing path */ |
| 215 | goto fail; |
| 216 | } |
| 217 | } |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 218 | else { /* regular methods */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 219 | /* RFC3986#6.2.2.1: scheme is case-insensitive. We need to |
| 220 | * classify the scheme as "present/http", "present/https", |
| 221 | * "present/other", "absent" so as to decide whether or not |
| 222 | * we're facing a normalized URI that will have to be encoded |
| 223 | * in origin or absolute form. Indeed, 7540#8.1.2.3 says that |
| 224 | * clients should use the absolute form, thus we cannot infer |
| 225 | * whether or not the client wanted to use a proxy here. |
| 226 | */ |
| 227 | flags |= HTX_SL_F_HAS_SCHM; |
| 228 | if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http"))) |
| 229 | flags |= HTX_SL_F_SCHM_HTTP; |
| 230 | else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https"))) |
| 231 | flags |= HTX_SL_F_SCHM_HTTPS; |
| 232 | } |
| 233 | |
| 234 | if (!(flags & HTX_SL_F_HAS_SCHM)) { |
| 235 | /* no scheme, use authority only (CONNECT) */ |
| 236 | uri = phdr[H2_PHDR_IDX_AUTH]; |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 237 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 238 | } |
Willy Tarreau | 30ee1ef | 2019-10-08 18:33:19 +0200 | [diff] [blame] | 239 | else if (fields & H2_PHDR_FND_AUTH) { |
| 240 | /* authority is present, let's use the absolute form. We simply |
| 241 | * use the trash to concatenate them since all of them MUST fit |
| 242 | * in a bufsize since it's where they come from. |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 243 | */ |
Willy Tarreau | fd2658c | 2020-02-26 13:51:38 +0100 | [diff] [blame] | 244 | if (unlikely(!phdr[H2_PHDR_IDX_PATH].len)) |
| 245 | goto fail; // 7540#8.1.2.3: :path must not be empty |
| 246 | |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 247 | uri = ist2bin(trash.area, phdr[H2_PHDR_IDX_SCHM]); |
| 248 | istcat(&uri, ist("://"), trash.size); |
| 249 | istcat(&uri, phdr[H2_PHDR_IDX_AUTH], trash.size); |
| 250 | if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*"))) |
| 251 | istcat(&uri, phdr[H2_PHDR_IDX_PATH], trash.size); |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 252 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 30ee1ef | 2019-10-08 18:33:19 +0200 | [diff] [blame] | 253 | |
| 254 | if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) { |
| 255 | /* we don't know if it was originally an absolute or a |
| 256 | * relative request because newer versions of HTTP use |
| 257 | * the absolute URI format by default, which we call |
| 258 | * the normalized URI format internally. This is the |
| 259 | * strongly recommended way of sending a request for |
| 260 | * a regular client, so we cannot distinguish this |
| 261 | * from a request intended for a proxy. For other |
| 262 | * schemes however there is no doubt. |
| 263 | */ |
| 264 | flags |= HTX_SL_F_NORMALIZED_URI; |
| 265 | } |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 266 | } |
| 267 | else { |
| 268 | /* usual schemes with or without authority, use origin form */ |
| 269 | uri = phdr[H2_PHDR_IDX_PATH]; |
Willy Tarreau | 1440fe8 | 2019-10-08 17:34:50 +0200 | [diff] [blame] | 270 | if (fields & H2_PHDR_FND_AUTH) |
| 271 | flags |= HTX_SL_F_HAS_AUTHORITY; |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 272 | } |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 273 | |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 274 | /* make sure the final URI isn't empty. Note that 7540#8.1.2.3 states |
| 275 | * that :path must not be empty. |
| 276 | */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 277 | if (!uri.len) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 278 | goto fail; |
| 279 | |
Willy Tarreau | 2be362c | 2019-10-08 11:59:37 +0200 | [diff] [blame] | 280 | /* The final URI must not contain LWS nor CTL characters */ |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 281 | for (i = 0; i < uri.len; i++) { |
| 282 | unsigned char c = uri.ptr[i]; |
Willy Tarreau | 9255e7e | 2019-03-05 10:47:37 +0100 | [diff] [blame] | 283 | if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c)) |
| 284 | htx->flags |= HTX_FL_PARSING_ERROR; |
| 285 | } |
| 286 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 287 | /* Set HTX start-line flags */ |
| 288 | flags |= HTX_SL_F_VER_11; // V2 in fact |
| 289 | flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2 |
| 290 | |
Willy Tarreau | 92919f7 | 2019-10-08 16:53:07 +0200 | [diff] [blame] | 291 | sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, phdr[H2_PHDR_IDX_METH], uri, ist("HTTP/2.0")); |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 292 | if (!sl) |
| 293 | goto fail; |
| 294 | |
| 295 | sl->info.req.meth = find_http_meth(phdr[H2_PHDR_IDX_METH].ptr, phdr[H2_PHDR_IDX_METH].len); |
| 296 | return sl; |
| 297 | fail: |
| 298 | return NULL; |
| 299 | } |
| 300 | |
| 301 | /* Takes an H2 request present in the headers list <list> terminated by a name |
| 302 | * being <NULL,0> and emits the equivalent HTX request according to the rules |
| 303 | * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and |
| 304 | * non-zero is returned if some bytes were emitted. In case of error, a |
| 305 | * negative error code is returned. |
| 306 | * |
| 307 | * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what |
| 308 | * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY |
| 309 | * if a body is detected (!ES). |
| 310 | * |
| 311 | * The headers list <list> must be composed of : |
| 312 | * - n.name != NULL, n.len > 0 : literal header name |
| 313 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 314 | * among H2_PHDR_IDX_* |
| 315 | * - n.name ignored, n.len == 0 : end of list |
| 316 | * - in all cases except the end of list, v.name and v.len must designate a |
| 317 | * valid value. |
| 318 | * |
| 319 | * The Cookie header will be reassembled at the end, and for this, the <list> |
| 320 | * will be used to create a linked list, so its contents may be destroyed. |
| 321 | */ |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 322 | int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 323 | { |
| 324 | struct ist phdr_val[H2_PHDR_NUM_ENTRIES]; |
| 325 | uint32_t fields; /* bit mask of H2_PHDR_FND_* */ |
| 326 | uint32_t idx; |
| 327 | int ck, lck; /* cookie index and last cookie index */ |
| 328 | int phdr; |
| 329 | int ret; |
| 330 | int i; |
Christopher Faulet | 33543e7 | 2019-05-15 15:53:20 +0200 | [diff] [blame] | 331 | uint32_t used = htx_used_space(htx); |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 332 | struct htx_sl *sl = NULL; |
| 333 | unsigned int sl_flags = 0; |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 334 | const char *ctl; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 335 | |
| 336 | lck = ck = -1; // no cookie for now |
| 337 | fields = 0; |
| 338 | for (idx = 0; list[idx].n.len != 0; idx++) { |
| 339 | if (!list[idx].n.ptr) { |
| 340 | /* this is an indexed pseudo-header */ |
| 341 | phdr = list[idx].n.len; |
| 342 | } |
| 343 | else { |
| 344 | /* this can be any type of header */ |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 345 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 346 | * #10.3: header names must be valid (i.e. match a token). |
| 347 | * For pseudo-headers we check from 2nd char and for other ones |
| 348 | * from the first char, because HTTP_IS_TOKEN() also excludes |
| 349 | * the colon. |
| 350 | */ |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 351 | phdr = h2_str_to_phdr(list[idx].n); |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 352 | |
| 353 | for (i = !!phdr; i < list[idx].n.len; i++) |
| 354 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
| 355 | goto fail; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 356 | } |
| 357 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 358 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 359 | * rejecting NUL, CR and LF characters. |
| 360 | */ |
| 361 | ctl = ist_find_ctl(list[idx].v); |
| 362 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 363 | goto fail; |
| 364 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 365 | if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { |
| 366 | /* insert a pseudo header by its index (in phdr) and value (in value) */ |
| 367 | if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) { |
| 368 | if (fields & H2_PHDR_FND_NONE) { |
| 369 | /* pseudo header field after regular headers */ |
| 370 | goto fail; |
| 371 | } |
| 372 | else { |
| 373 | /* repeated pseudo header field */ |
| 374 | goto fail; |
| 375 | } |
| 376 | } |
| 377 | fields |= 1 << phdr; |
| 378 | phdr_val[phdr] = list[idx].v; |
| 379 | continue; |
| 380 | } |
| 381 | else if (phdr != 0) { |
| 382 | /* invalid pseudo header -- should never happen here */ |
| 383 | goto fail; |
| 384 | } |
| 385 | |
| 386 | /* regular header field in (name,value) */ |
| 387 | if (unlikely(!(fields & H2_PHDR_FND_NONE))) { |
| 388 | /* no more pseudo-headers, time to build the request line */ |
| 389 | sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf); |
| 390 | if (!sl) |
| 391 | goto fail; |
| 392 | fields |= H2_PHDR_FND_NONE; |
| 393 | } |
| 394 | |
| 395 | if (isteq(list[idx].n, ist("host"))) |
| 396 | fields |= H2_PHDR_FND_HOST; |
| 397 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 398 | if (isteq(list[idx].n, ist("content-length"))) { |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 399 | ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len); |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 400 | if (ret < 0) |
| 401 | goto fail; |
| 402 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 403 | sl_flags |= HTX_SL_F_CLEN; |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 404 | if (ret == 0) |
| 405 | continue; // skip this duplicate |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 406 | } |
| 407 | |
| 408 | /* these ones are forbidden in requests (RFC7540#8.1.2.2) */ |
| 409 | if (isteq(list[idx].n, ist("connection")) || |
| 410 | isteq(list[idx].n, ist("proxy-connection")) || |
| 411 | isteq(list[idx].n, ist("keep-alive")) || |
| 412 | isteq(list[idx].n, ist("upgrade")) || |
| 413 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 414 | goto fail; |
| 415 | |
| 416 | if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers"))) |
| 417 | goto fail; |
| 418 | |
| 419 | /* cookie requires special processing at the end */ |
| 420 | if (isteq(list[idx].n, ist("cookie"))) { |
| 421 | list[idx].n.len = -1; |
| 422 | |
| 423 | if (ck < 0) |
| 424 | ck = idx; |
| 425 | else |
| 426 | list[lck].n.len = idx; |
| 427 | |
| 428 | lck = idx; |
| 429 | continue; |
| 430 | } |
| 431 | |
| 432 | if (!htx_add_header(htx, list[idx].n, list[idx].v)) |
| 433 | goto fail; |
| 434 | } |
| 435 | |
| 436 | /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */ |
| 437 | if (fields & H2_PHDR_FND_STAT) |
| 438 | goto fail; |
| 439 | |
| 440 | /* Let's dump the request now if not yet emitted. */ |
| 441 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 442 | sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf); |
| 443 | if (!sl) |
| 444 | goto fail; |
| 445 | } |
| 446 | |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 447 | if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0)) |
| 448 | sl_flags |= HTX_SL_F_BODYLESS; |
| 449 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 450 | /* update the start line with last detected header info */ |
| 451 | sl->flags |= sl_flags; |
| 452 | |
| 453 | /* complete with missing Host if needed */ |
| 454 | if ((fields & (H2_PHDR_FND_HOST|H2_PHDR_FND_AUTH)) == H2_PHDR_FND_AUTH) { |
| 455 | /* missing Host field, use :authority instead */ |
| 456 | if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH])) |
| 457 | goto fail; |
| 458 | } |
| 459 | |
| 460 | /* now we may have to build a cookie list. We'll dump the values of all |
| 461 | * visited headers. |
| 462 | */ |
| 463 | if (ck >= 0) { |
| 464 | uint32_t fs; // free space |
| 465 | uint32_t bs; // block size |
| 466 | uint32_t vl; // value len |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 467 | uint32_t tl; // total length |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 468 | struct htx_blk *blk; |
| 469 | |
| 470 | blk = htx_add_header(htx, ist("cookie"), list[ck].v); |
| 471 | if (!blk) |
| 472 | goto fail; |
| 473 | |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 474 | tl = list[ck].v.len; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 475 | fs = htx_free_data_space(htx); |
| 476 | bs = htx_get_blksz(blk); |
| 477 | |
| 478 | /* for each extra cookie, we'll extend the cookie's value and |
| 479 | * insert "; " before the new value. |
| 480 | */ |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 481 | fs += tl; // first one is already counted |
| 482 | for (; (ck = list[ck].n.len) >= 0 ; ) { |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 483 | vl = list[ck].v.len; |
Willy Tarreau | 164e061 | 2018-12-18 11:00:41 +0100 | [diff] [blame] | 484 | tl += vl + 2; |
| 485 | if (tl > fs) |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 486 | goto fail; |
| 487 | |
Christopher Faulet | 3e2638e | 2019-06-18 09:49:16 +0200 | [diff] [blame] | 488 | htx_change_blk_value_len(htx, blk, tl); |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 489 | *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';'; |
| 490 | *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' '; |
| 491 | memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl); |
| 492 | bs += vl + 2; |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 493 | } |
| 494 | |
| 495 | } |
| 496 | |
| 497 | /* now send the end of headers marker */ |
| 498 | htx_add_endof(htx, HTX_BLK_EOH); |
| 499 | |
Ilya Shipitsin | 6fb0f21 | 2020-04-02 15:25:26 +0500 | [diff] [blame] | 500 | /* Set bytes used in the HTX message for the headers now */ |
Christopher Faulet | 33543e7 | 2019-05-15 15:53:20 +0200 | [diff] [blame] | 501 | sl->hdrs_bytes = htx_used_space(htx) - used; |
| 502 | |
Willy Tarreau | 6deb412 | 2018-11-27 15:34:18 +0100 | [diff] [blame] | 503 | ret = 1; |
| 504 | return ret; |
| 505 | |
| 506 | fail: |
| 507 | return -1; |
| 508 | } |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 509 | |
| 510 | /* Prepare the status line into <htx> from pseudo headers stored in <phdr[]>. |
| 511 | * <fields> indicates what was found so far. This should be called once at the |
| 512 | * detection of the first general header field or at the end of the message if |
| 513 | * no general header field was found yet. Returns the created start line on |
| 514 | * success, or NULL on failure. Upon success, <msgf> is updated with a few |
| 515 | * H2_MSGF_* flags indicating what was found while parsing. |
| 516 | */ |
| 517 | static struct htx_sl *h2_prepare_htx_stsline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf) |
| 518 | { |
| 519 | unsigned int flags = HTX_SL_F_NONE; |
| 520 | struct htx_sl *sl; |
| 521 | unsigned char h, t, u; |
| 522 | |
| 523 | /* only :status is allowed as a pseudo header */ |
| 524 | if (!(fields & H2_PHDR_FND_STAT)) |
| 525 | goto fail; |
| 526 | |
| 527 | if (phdr[H2_PHDR_IDX_STAT].len != 3) |
| 528 | goto fail; |
| 529 | |
| 530 | /* Set HTX start-line flags */ |
| 531 | flags |= HTX_SL_F_VER_11; // V2 in fact |
| 532 | flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2 |
| 533 | |
| 534 | sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, ist("HTTP/2.0"), phdr[H2_PHDR_IDX_STAT], ist("")); |
| 535 | if (!sl) |
| 536 | goto fail; |
| 537 | |
| 538 | h = phdr[H2_PHDR_IDX_STAT].ptr[0] - '0'; |
| 539 | t = phdr[H2_PHDR_IDX_STAT].ptr[1] - '0'; |
| 540 | u = phdr[H2_PHDR_IDX_STAT].ptr[2] - '0'; |
| 541 | if (h > 9 || t > 9 || u > 9) |
| 542 | goto fail; |
| 543 | |
| 544 | sl->info.res.status = h * 100 + t * 10 + u; |
| 545 | |
Christopher Faulet | 0b46548 | 2019-02-19 15:14:23 +0100 | [diff] [blame] | 546 | /* On 1xx responses (except 101) there is no ES on the HEADERS frame but |
| 547 | * there is no body. So remove the flag H2_MSGF_BODY and add |
| 548 | * H2_MSGF_RSP_1XX to notify the decoder another HEADERS frame is |
| 549 | * expected. |
| 550 | */ |
| 551 | if (sl->info.res.status < 200 && |
| 552 | (sl->info.res.status == 100 || sl->info.res.status >= 102)) { |
| 553 | *msgf |= H2_MSGF_RSP_1XX; |
| 554 | *msgf &= ~H2_MSGF_BODY; |
| 555 | } |
| 556 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 557 | return sl; |
| 558 | fail: |
| 559 | return NULL; |
| 560 | } |
| 561 | |
| 562 | /* Takes an H2 response present in the headers list <list> terminated by a name |
| 563 | * being <NULL,0> and emits the equivalent HTX response according to the rules |
| 564 | * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and |
| 565 | * a positive value is returned if some bytes were emitted. In case of error, a |
| 566 | * negative error code is returned. |
| 567 | * |
| 568 | * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what |
| 569 | * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY |
| 570 | * if a body is detected (!ES). |
| 571 | * |
| 572 | * The headers list <list> must be composed of : |
| 573 | * - n.name != NULL, n.len > 0 : literal header name |
| 574 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 575 | * among H2_PHDR_IDX_* |
| 576 | * - n.name ignored, n.len == 0 : end of list |
| 577 | * - in all cases except the end of list, v.name and v.len must designate a |
| 578 | * valid value. |
| 579 | */ |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 580 | int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len) |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 581 | { |
| 582 | struct ist phdr_val[H2_PHDR_NUM_ENTRIES]; |
| 583 | uint32_t fields; /* bit mask of H2_PHDR_FND_* */ |
| 584 | uint32_t idx; |
| 585 | int phdr; |
| 586 | int ret; |
| 587 | int i; |
Christopher Faulet | 33543e7 | 2019-05-15 15:53:20 +0200 | [diff] [blame] | 588 | uint32_t used = htx_used_space(htx); |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 589 | struct htx_sl *sl = NULL; |
| 590 | unsigned int sl_flags = 0; |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 591 | const char *ctl; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 592 | |
| 593 | fields = 0; |
| 594 | for (idx = 0; list[idx].n.len != 0; idx++) { |
| 595 | if (!list[idx].n.ptr) { |
| 596 | /* this is an indexed pseudo-header */ |
| 597 | phdr = list[idx].n.len; |
| 598 | } |
| 599 | else { |
| 600 | /* this can be any type of header */ |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 601 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 602 | * #10.3: header names must be valid (i.e. match a token). |
| 603 | * For pseudo-headers we check from 2nd char and for other ones |
| 604 | * from the first char, because HTTP_IS_TOKEN() also excludes |
| 605 | * the colon. |
| 606 | */ |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 607 | phdr = h2_str_to_phdr(list[idx].n); |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 608 | |
| 609 | for (i = !!phdr; i < list[idx].n.len; i++) |
| 610 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
| 611 | goto fail; |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 612 | } |
| 613 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 614 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 615 | * rejecting NUL, CR and LF characters. |
| 616 | */ |
| 617 | ctl = ist_find_ctl(list[idx].v); |
| 618 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 619 | goto fail; |
| 620 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 621 | if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) { |
| 622 | /* insert a pseudo header by its index (in phdr) and value (in value) */ |
| 623 | if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) { |
| 624 | if (fields & H2_PHDR_FND_NONE) { |
| 625 | /* pseudo header field after regular headers */ |
| 626 | goto fail; |
| 627 | } |
| 628 | else { |
| 629 | /* repeated pseudo header field */ |
| 630 | goto fail; |
| 631 | } |
| 632 | } |
| 633 | fields |= 1 << phdr; |
| 634 | phdr_val[phdr] = list[idx].v; |
| 635 | continue; |
| 636 | } |
| 637 | else if (phdr != 0) { |
| 638 | /* invalid pseudo header -- should never happen here */ |
| 639 | goto fail; |
| 640 | } |
| 641 | |
| 642 | /* regular header field in (name,value) */ |
| 643 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 644 | /* no more pseudo-headers, time to build the status line */ |
| 645 | sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf); |
| 646 | if (!sl) |
| 647 | goto fail; |
| 648 | fields |= H2_PHDR_FND_NONE; |
| 649 | } |
| 650 | |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 651 | if (isteq(list[idx].n, ist("content-length"))) { |
Willy Tarreau | 4790f7c | 2019-01-24 11:33:02 +0100 | [diff] [blame] | 652 | ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len); |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 653 | if (ret < 0) |
| 654 | goto fail; |
| 655 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 656 | sl_flags |= HTX_SL_F_CLEN; |
Willy Tarreau | beefaee | 2018-12-19 13:08:08 +0100 | [diff] [blame] | 657 | if (ret == 0) |
| 658 | continue; // skip this duplicate |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 659 | } |
| 660 | |
| 661 | /* these ones are forbidden in responses (RFC7540#8.1.2.2) */ |
| 662 | if (isteq(list[idx].n, ist("connection")) || |
| 663 | isteq(list[idx].n, ist("proxy-connection")) || |
| 664 | isteq(list[idx].n, ist("keep-alive")) || |
| 665 | isteq(list[idx].n, ist("upgrade")) || |
| 666 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 667 | goto fail; |
| 668 | |
| 669 | if (!htx_add_header(htx, list[idx].n, list[idx].v)) |
| 670 | goto fail; |
| 671 | } |
| 672 | |
| 673 | /* RFC7540#8.1.2.1 mandates to reject request pseudo-headers */ |
| 674 | if (fields & (H2_PHDR_FND_AUTH|H2_PHDR_FND_METH|H2_PHDR_FND_PATH|H2_PHDR_FND_SCHM)) |
| 675 | goto fail; |
| 676 | |
| 677 | /* Let's dump the request now if not yet emitted. */ |
| 678 | if (!(fields & H2_PHDR_FND_NONE)) { |
| 679 | sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf); |
| 680 | if (!sl) |
| 681 | goto fail; |
| 682 | } |
| 683 | |
Christopher Faulet | 44af3cf | 2019-02-18 10:12:56 +0100 | [diff] [blame] | 684 | if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0)) |
| 685 | sl_flags |= HTX_SL_F_BODYLESS; |
| 686 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 687 | /* update the start line with last detected header info */ |
| 688 | sl->flags |= sl_flags; |
| 689 | |
| 690 | if ((*msgf & (H2_MSGF_BODY|H2_MSGF_BODY_TUNNEL|H2_MSGF_BODY_CL)) == H2_MSGF_BODY) { |
| 691 | /* FIXME: Do we need to signal anything when we have a body and |
| 692 | * no content-length, to have the equivalent of H1's chunked |
| 693 | * encoding? |
| 694 | */ |
| 695 | } |
| 696 | |
| 697 | /* now send the end of headers marker */ |
| 698 | htx_add_endof(htx, HTX_BLK_EOH); |
| 699 | |
Ilya Shipitsin | 6fb0f21 | 2020-04-02 15:25:26 +0500 | [diff] [blame] | 700 | /* Set bytes used in the HTX message for the headers now */ |
Christopher Faulet | 33543e7 | 2019-05-15 15:53:20 +0200 | [diff] [blame] | 701 | sl->hdrs_bytes = htx_used_space(htx) - used; |
| 702 | |
Willy Tarreau | 1329b5b | 2018-10-08 14:49:20 +0200 | [diff] [blame] | 703 | ret = 1; |
| 704 | return ret; |
| 705 | |
| 706 | fail: |
| 707 | return -1; |
| 708 | } |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 709 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 710 | /* Takes an H2 headers list <list> terminated by a name being <NULL,0> and emits |
| 711 | * the equivalent HTX trailers blocks. The output contents are emitted in <htx>, |
| 712 | * and a positive value is returned if some bytes were emitted. In case of |
| 713 | * error, a negative error code is returned. The caller must have verified that |
| 714 | * the message in the buffer is compatible with receipt of trailers. |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 715 | * |
| 716 | * The headers list <list> must be composed of : |
| 717 | * - n.name != NULL, n.len > 0 : literal header name |
| 718 | * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len> |
| 719 | * among H2_PHDR_IDX_* (illegal here) |
| 720 | * - n.name ignored, n.len == 0 : end of list |
| 721 | * - in all cases except the end of list, v.name and v.len must designate a |
| 722 | * valid value. |
| 723 | */ |
| 724 | int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx) |
| 725 | { |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 726 | const char *ctl; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 727 | uint32_t idx; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 728 | int i; |
| 729 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 730 | for (idx = 0; list[idx].n.len != 0; idx++) { |
| 731 | if (!list[idx].n.ptr) { |
| 732 | /* This is an indexed pseudo-header (RFC7540#8.1.2.1) */ |
| 733 | goto fail; |
| 734 | } |
| 735 | |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 736 | /* RFC7540#8.1.2: upper case not allowed in header field names. |
| 737 | * #10.3: header names must be valid (i.e. match a token). This |
| 738 | * also catches pseudo-headers which are forbidden in trailers. |
| 739 | */ |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 740 | for (i = 0; i < list[idx].n.len; i++) |
Willy Tarreau | 146f53a | 2019-11-24 10:34:39 +0100 | [diff] [blame] | 741 | if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i])) |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 742 | goto fail; |
| 743 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 744 | /* these ones are forbidden in trailers (RFC7540#8.1.2.2) */ |
| 745 | if (isteq(list[idx].n, ist("host")) || |
| 746 | isteq(list[idx].n, ist("content-length")) || |
| 747 | isteq(list[idx].n, ist("connection")) || |
| 748 | isteq(list[idx].n, ist("proxy-connection")) || |
| 749 | isteq(list[idx].n, ist("keep-alive")) || |
| 750 | isteq(list[idx].n, ist("upgrade")) || |
| 751 | isteq(list[idx].n, ist("te")) || |
| 752 | isteq(list[idx].n, ist("transfer-encoding"))) |
| 753 | goto fail; |
| 754 | |
Willy Tarreau | 54f53ef | 2019-11-22 16:02:43 +0100 | [diff] [blame] | 755 | /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of |
| 756 | * rejecting NUL, CR and LF characters. |
| 757 | */ |
| 758 | ctl = ist_find_ctl(list[idx].v); |
| 759 | if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl)) |
| 760 | goto fail; |
| 761 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 762 | if (!htx_add_trailer(htx, list[idx].n, list[idx].v)) |
| 763 | goto fail; |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 764 | } |
| 765 | |
Christopher Faulet | 2d7c539 | 2019-06-03 10:41:26 +0200 | [diff] [blame] | 766 | if (!htx_add_endof(htx, HTX_BLK_EOT)) |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 767 | goto fail; |
| 768 | |
Willy Tarreau | 1e1f27c | 2019-01-03 18:39:54 +0100 | [diff] [blame] | 769 | return 1; |
| 770 | |
| 771 | fail: |
| 772 | return -1; |
| 773 | } |