blob: bd46ffca9fba1d4850334e98c28343e94f418bb1 [file] [log] [blame]
Willy Tarreauf24ea8e2017-11-21 19:55:27 +01001/*
2 * HTTP/2 protocol processing
3 *
4 * Copyright 2017 Willy Tarreau <w@1wt.eu>
5 * Copyright (C) 2017 HAProxy Technologies
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining
8 * a copy of this software and associated documentation files (the
9 * "Software"), to deal in the Software without restriction, including
10 * without limitation the rights to use, copy, modify, merge, publish,
11 * distribute, sublicense, and/or sell copies of the Software, and to
12 * permit persons to whom the Software is furnished to do so, subject to
13 * the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be
16 * included in all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
19 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
20 * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
21 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
22 * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
23 * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
24 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
25 * OTHER DEALINGS IN THE SOFTWARE.
26 */
27
Willy Tarreaua1bd1fa2019-03-29 17:26:33 +010028#include <inttypes.h>
Willy Tarreau4c7e4b72020-05-27 12:58:42 +020029#include <haproxy/api.h>
Willy Tarreaucd72d8c2020-06-02 19:11:26 +020030#include <haproxy/http.h>
Willy Tarreaubf073142020-06-03 12:04:01 +020031#include <haproxy/h2.h>
Willy Tarreau0017be02020-06-02 19:25:28 +020032#include <haproxy/http-hdr-t.h>
Willy Tarreau16f958c2020-06-03 08:44:35 +020033#include <haproxy/htx.h>
Willy Tarreaueb6f7012020-05-27 16:21:26 +020034#include <import/ist.h>
Willy Tarreauf268ee82020-06-04 17:05:57 +020035#include <haproxy/global.h>
Willy Tarreauf24ea8e2017-11-21 19:55:27 +010036
Willy Tarreau9c84d822019-01-30 15:09:21 +010037struct h2_frame_definition h2_frame_definition[H2_FT_ENTRIES] = {
38 [H2_FT_DATA ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
39 [H2_FT_HEADERS ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 1, .max_len = H2_MAX_FRAME_LEN, },
40 [H2_FT_PRIORITY ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 5, .max_len = 5, },
41 [H2_FT_RST_STREAM ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
42 [H2_FT_SETTINGS ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
43 [H2_FT_PUSH_PROMISE ] = { .dir = 0, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = H2_MAX_FRAME_LEN, },
44 [H2_FT_PING ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = 8, },
45 [H2_FT_GOAWAY ] = { .dir = 3, .min_id = 0, .max_id = 0, .min_len = 8, .max_len = H2_MAX_FRAME_LEN, },
46 [H2_FT_WINDOW_UPDATE] = { .dir = 3, .min_id = 0, .max_id = H2_MAX_STREAM_ID, .min_len = 4, .max_len = 4, },
47 [H2_FT_CONTINUATION ] = { .dir = 3, .min_id = 1, .max_id = H2_MAX_STREAM_ID, .min_len = 0, .max_len = H2_MAX_FRAME_LEN, },
48};
Willy Tarreauf24ea8e2017-11-21 19:55:27 +010049
Willy Tarreau54f53ef2019-11-22 16:02:43 +010050/* Looks into <ist> for forbidden characters for header values (0x00, 0x0A,
51 * 0x0D), starting at pointer <start> which must be within <ist>. Returns
52 * non-zero if such a character is found, 0 otherwise. When run on unlikely
53 * header match, it's recommended to first check for the presence of control
54 * chars using ist_find_ctl().
55 */
56static int has_forbidden_char(const struct ist ist, const char *start)
57{
58 do {
59 if ((uint8_t)*start <= 0x0d &&
60 (1U << (uint8_t)*start) & ((1<<13) | (1<<10) | (1<<0)))
61 return 1;
62 start++;
63 } while (start < ist.ptr + ist.len);
64 return 0;
65}
66
Willy Tarreaubeefaee2018-12-19 13:08:08 +010067/* Parse the Content-Length header field of an HTTP/2 request. The function
68 * checks all possible occurrences of a comma-delimited value, and verifies
69 * if any of them doesn't match a previous value. It returns <0 if a value
70 * differs, 0 if the whole header can be dropped (i.e. already known), or >0
71 * if the value can be indexed (first one). In the last case, the value might
72 * be adjusted and the caller must only add the updated value.
73 */
74int h2_parse_cont_len_header(unsigned int *msgf, struct ist *value, unsigned long long *body_len)
75{
76 char *e, *n;
77 unsigned long long cl;
78 int not_first = !!(*msgf & H2_MSGF_BODY_CL);
79 struct ist word;
80
81 word.ptr = value->ptr - 1; // -1 for next loop's pre-increment
82 e = value->ptr + value->len;
83
84 while (++word.ptr < e) {
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +050085 /* skip leading delimiter and blanks */
Willy Tarreaubeefaee2018-12-19 13:08:08 +010086 if (unlikely(HTTP_IS_LWS(*word.ptr)))
87 continue;
88
89 /* digits only now */
90 for (cl = 0, n = word.ptr; n < e; n++) {
91 unsigned int c = *n - '0';
92 if (unlikely(c > 9)) {
93 /* non-digit */
94 if (unlikely(n == word.ptr)) // spaces only
95 goto fail;
96 break;
97 }
98 if (unlikely(cl > ULLONG_MAX / 10ULL))
99 goto fail; /* multiply overflow */
100 cl = cl * 10ULL;
101 if (unlikely(cl + c < cl))
102 goto fail; /* addition overflow */
103 cl = cl + c;
104 }
105
106 /* keep a copy of the exact cleaned value */
107 word.len = n - word.ptr;
108
109 /* skip trailing LWS till next comma or EOL */
110 for (; n < e; n++) {
111 if (!HTTP_IS_LWS(*n)) {
112 if (unlikely(*n != ','))
113 goto fail;
114 break;
115 }
116 }
117
118 /* if duplicate, must be equal */
119 if (*msgf & H2_MSGF_BODY_CL && cl != *body_len)
120 goto fail;
121
122 /* OK, store this result as the one to be indexed */
123 *msgf |= H2_MSGF_BODY_CL;
124 *body_len = cl;
125 *value = word;
126 word.ptr = n;
127 }
128 /* here we've reached the end with a single value or a series of
129 * identical values, all matching previous series if any. The last
130 * parsed value was sent back into <value>. We just have to decide
131 * if this occurrence has to be indexed (it's the first one) or
132 * silently skipped (it's not the first one)
133 */
134 return !not_first;
135 fail:
136 return -1;
137}
138
Willy Tarreau6deb4122018-11-27 15:34:18 +0100139/* Prepare the request line into <htx> from pseudo headers stored in <phdr[]>.
140 * <fields> indicates what was found so far. This should be called once at the
141 * detection of the first general header field or at the end of the request if
142 * no general header field was found yet. Returns the created start line on
143 * success, or NULL on failure. Upon success, <msgf> is updated with a few
144 * H2_MSGF_* flags indicating what was found while parsing.
Willy Tarreau2be362c2019-10-08 11:59:37 +0200145 *
146 * The rules below deserve a bit of explanation. There tends to be some
147 * confusion regarding H2's authority vs the Host header. They are different
148 * though may sometimes be exchanged. In H2, the request line is broken into :
149 * - :method
150 * - :scheme
151 * - :authority
152 * - :path
153 *
154 * An equivalent HTTP/1.x absolute-form request would then look like :
155 * <:method> <:scheme>://<:authority><:path> HTTP/x.y
156 *
157 * Except for CONNECT which doesn't have scheme nor path and looks like :
158 * <:method> <:authority> HTTP/x.y
159 *
160 * It's worth noting that H2 still supports an encoding to map H1 origin-form
161 * and asterisk-form requests. These ones do not specify the authority. However
162 * in H2 they must still specify the scheme, which is not present in H1. Also,
163 * when encoding an absolute-form H1 request without a path, the path
164 * automatically becomes "/" except for the OPTIONS method where it
165 * becomes "*".
166 *
167 * As such it is explicitly permitted for an H2 client to send a request
168 * featuring a Host header and no :authority, though it's not the recommended
169 * way to use H2 for a client. It is however the only permitted way to encode
170 * an origin-form H1 request over H2. Thus we need to respect such differences
171 * as much as possible when re-encoding the H2 request into HTX.
Willy Tarreau6deb4122018-11-27 15:34:18 +0100172 */
173static struct htx_sl *h2_prepare_htx_reqline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
174{
Willy Tarreau92919f72019-10-08 16:53:07 +0200175 struct ist uri;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100176 unsigned int flags = HTX_SL_F_NONE;
177 struct htx_sl *sl;
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100178 size_t i;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100179
180 if ((fields & H2_PHDR_FND_METH) && isteq(phdr[H2_PHDR_IDX_METH], ist("CONNECT"))) {
181 /* RFC 7540 #8.2.6 regarding CONNECT: ":scheme" and ":path"
182 * MUST be omitted ; ":authority" contains the host and port
183 * to connect to.
184 */
185 if (fields & H2_PHDR_FND_SCHM) {
186 /* scheme not allowed */
187 goto fail;
188 }
189 else if (fields & H2_PHDR_FND_PATH) {
190 /* path not allowed */
191 goto fail;
192 }
193 else if (!(fields & H2_PHDR_FND_AUTH)) {
194 /* missing authority */
195 goto fail;
196 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100197 *msgf |= H2_MSGF_BODY_TUNNEL;
198 }
199 else if ((fields & (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) !=
200 (H2_PHDR_FND_METH|H2_PHDR_FND_SCHM|H2_PHDR_FND_PATH)) {
201 /* RFC 7540 #8.1.2.3 : all requests MUST include exactly one
202 * valid value for the ":method", ":scheme" and ":path" phdr
203 * unless it is a CONNECT request.
204 */
205 if (!(fields & H2_PHDR_FND_METH)) {
206 /* missing method */
207 goto fail;
208 }
209 else if (!(fields & H2_PHDR_FND_SCHM)) {
210 /* missing scheme */
211 goto fail;
212 }
213 else {
214 /* missing path */
215 goto fail;
216 }
217 }
Willy Tarreau2be362c2019-10-08 11:59:37 +0200218 else { /* regular methods */
Willy Tarreau92919f72019-10-08 16:53:07 +0200219 /* RFC3986#6.2.2.1: scheme is case-insensitive. We need to
220 * classify the scheme as "present/http", "present/https",
221 * "present/other", "absent" so as to decide whether or not
222 * we're facing a normalized URI that will have to be encoded
223 * in origin or absolute form. Indeed, 7540#8.1.2.3 says that
224 * clients should use the absolute form, thus we cannot infer
225 * whether or not the client wanted to use a proxy here.
226 */
227 flags |= HTX_SL_F_HAS_SCHM;
228 if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("http")))
229 flags |= HTX_SL_F_SCHM_HTTP;
230 else if (isteqi(phdr[H2_PHDR_IDX_SCHM], ist("https")))
231 flags |= HTX_SL_F_SCHM_HTTPS;
232 }
233
234 if (!(flags & HTX_SL_F_HAS_SCHM)) {
235 /* no scheme, use authority only (CONNECT) */
236 uri = phdr[H2_PHDR_IDX_AUTH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200237 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau92919f72019-10-08 16:53:07 +0200238 }
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200239 else if (fields & H2_PHDR_FND_AUTH) {
240 /* authority is present, let's use the absolute form. We simply
241 * use the trash to concatenate them since all of them MUST fit
242 * in a bufsize since it's where they come from.
Willy Tarreau92919f72019-10-08 16:53:07 +0200243 */
Willy Tarreaufd2658c2020-02-26 13:51:38 +0100244 if (unlikely(!phdr[H2_PHDR_IDX_PATH].len))
245 goto fail; // 7540#8.1.2.3: :path must not be empty
246
Willy Tarreau92919f72019-10-08 16:53:07 +0200247 uri = ist2bin(trash.area, phdr[H2_PHDR_IDX_SCHM]);
248 istcat(&uri, ist("://"), trash.size);
249 istcat(&uri, phdr[H2_PHDR_IDX_AUTH], trash.size);
250 if (!isteq(phdr[H2_PHDR_IDX_PATH], ist("*")))
251 istcat(&uri, phdr[H2_PHDR_IDX_PATH], trash.size);
Willy Tarreau1440fe82019-10-08 17:34:50 +0200252 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau30ee1ef2019-10-08 18:33:19 +0200253
254 if (flags & (HTX_SL_F_SCHM_HTTP|HTX_SL_F_SCHM_HTTPS)) {
255 /* we don't know if it was originally an absolute or a
256 * relative request because newer versions of HTTP use
257 * the absolute URI format by default, which we call
258 * the normalized URI format internally. This is the
259 * strongly recommended way of sending a request for
260 * a regular client, so we cannot distinguish this
261 * from a request intended for a proxy. For other
262 * schemes however there is no doubt.
263 */
264 flags |= HTX_SL_F_NORMALIZED_URI;
265 }
Willy Tarreau92919f72019-10-08 16:53:07 +0200266 }
267 else {
268 /* usual schemes with or without authority, use origin form */
269 uri = phdr[H2_PHDR_IDX_PATH];
Willy Tarreau1440fe82019-10-08 17:34:50 +0200270 if (fields & H2_PHDR_FND_AUTH)
271 flags |= HTX_SL_F_HAS_AUTHORITY;
Willy Tarreau2be362c2019-10-08 11:59:37 +0200272 }
Willy Tarreau6deb4122018-11-27 15:34:18 +0100273
Willy Tarreau2be362c2019-10-08 11:59:37 +0200274 /* make sure the final URI isn't empty. Note that 7540#8.1.2.3 states
275 * that :path must not be empty.
276 */
Willy Tarreau92919f72019-10-08 16:53:07 +0200277 if (!uri.len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100278 goto fail;
279
Willy Tarreau2be362c2019-10-08 11:59:37 +0200280 /* The final URI must not contain LWS nor CTL characters */
Willy Tarreau92919f72019-10-08 16:53:07 +0200281 for (i = 0; i < uri.len; i++) {
282 unsigned char c = uri.ptr[i];
Willy Tarreau9255e7e2019-03-05 10:47:37 +0100283 if (HTTP_IS_LWS(c) || HTTP_IS_CTL(c))
284 htx->flags |= HTX_FL_PARSING_ERROR;
285 }
286
Willy Tarreau6deb4122018-11-27 15:34:18 +0100287 /* Set HTX start-line flags */
288 flags |= HTX_SL_F_VER_11; // V2 in fact
289 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
290
Willy Tarreau92919f72019-10-08 16:53:07 +0200291 sl = htx_add_stline(htx, HTX_BLK_REQ_SL, flags, phdr[H2_PHDR_IDX_METH], uri, ist("HTTP/2.0"));
Willy Tarreau6deb4122018-11-27 15:34:18 +0100292 if (!sl)
293 goto fail;
294
295 sl->info.req.meth = find_http_meth(phdr[H2_PHDR_IDX_METH].ptr, phdr[H2_PHDR_IDX_METH].len);
296 return sl;
297 fail:
298 return NULL;
299}
300
301/* Takes an H2 request present in the headers list <list> terminated by a name
302 * being <NULL,0> and emits the equivalent HTX request according to the rules
303 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
304 * non-zero is returned if some bytes were emitted. In case of error, a
305 * negative error code is returned.
306 *
307 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
308 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
309 * if a body is detected (!ES).
310 *
311 * The headers list <list> must be composed of :
312 * - n.name != NULL, n.len > 0 : literal header name
313 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
314 * among H2_PHDR_IDX_*
315 * - n.name ignored, n.len == 0 : end of list
316 * - in all cases except the end of list, v.name and v.len must designate a
317 * valid value.
318 *
319 * The Cookie header will be reassembled at the end, and for this, the <list>
320 * will be used to create a linked list, so its contents may be destroyed.
321 */
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100322int h2_make_htx_request(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100323{
324 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
325 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
326 uint32_t idx;
327 int ck, lck; /* cookie index and last cookie index */
328 int phdr;
329 int ret;
330 int i;
Christopher Faulet33543e72019-05-15 15:53:20 +0200331 uint32_t used = htx_used_space(htx);
Willy Tarreau6deb4122018-11-27 15:34:18 +0100332 struct htx_sl *sl = NULL;
333 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100334 const char *ctl;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100335
336 lck = ck = -1; // no cookie for now
337 fields = 0;
338 for (idx = 0; list[idx].n.len != 0; idx++) {
339 if (!list[idx].n.ptr) {
340 /* this is an indexed pseudo-header */
341 phdr = list[idx].n.len;
342 }
343 else {
344 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100345 /* RFC7540#8.1.2: upper case not allowed in header field names.
346 * #10.3: header names must be valid (i.e. match a token).
347 * For pseudo-headers we check from 2nd char and for other ones
348 * from the first char, because HTTP_IS_TOKEN() also excludes
349 * the colon.
350 */
Willy Tarreau6deb4122018-11-27 15:34:18 +0100351 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100352
353 for (i = !!phdr; i < list[idx].n.len; i++)
354 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
355 goto fail;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100356 }
357
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100358 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
359 * rejecting NUL, CR and LF characters.
360 */
361 ctl = ist_find_ctl(list[idx].v);
362 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
363 goto fail;
364
Willy Tarreau6deb4122018-11-27 15:34:18 +0100365 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
366 /* insert a pseudo header by its index (in phdr) and value (in value) */
367 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
368 if (fields & H2_PHDR_FND_NONE) {
369 /* pseudo header field after regular headers */
370 goto fail;
371 }
372 else {
373 /* repeated pseudo header field */
374 goto fail;
375 }
376 }
377 fields |= 1 << phdr;
378 phdr_val[phdr] = list[idx].v;
379 continue;
380 }
381 else if (phdr != 0) {
382 /* invalid pseudo header -- should never happen here */
383 goto fail;
384 }
385
386 /* regular header field in (name,value) */
387 if (unlikely(!(fields & H2_PHDR_FND_NONE))) {
388 /* no more pseudo-headers, time to build the request line */
389 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
390 if (!sl)
391 goto fail;
392 fields |= H2_PHDR_FND_NONE;
393 }
394
395 if (isteq(list[idx].n, ist("host")))
396 fields |= H2_PHDR_FND_HOST;
397
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100398 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100399 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100400 if (ret < 0)
401 goto fail;
402
Willy Tarreau6deb4122018-11-27 15:34:18 +0100403 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100404 if (ret == 0)
405 continue; // skip this duplicate
Willy Tarreau6deb4122018-11-27 15:34:18 +0100406 }
407
408 /* these ones are forbidden in requests (RFC7540#8.1.2.2) */
409 if (isteq(list[idx].n, ist("connection")) ||
410 isteq(list[idx].n, ist("proxy-connection")) ||
411 isteq(list[idx].n, ist("keep-alive")) ||
412 isteq(list[idx].n, ist("upgrade")) ||
413 isteq(list[idx].n, ist("transfer-encoding")))
414 goto fail;
415
416 if (isteq(list[idx].n, ist("te")) && !isteq(list[idx].v, ist("trailers")))
417 goto fail;
418
419 /* cookie requires special processing at the end */
420 if (isteq(list[idx].n, ist("cookie"))) {
421 list[idx].n.len = -1;
422
423 if (ck < 0)
424 ck = idx;
425 else
426 list[lck].n.len = idx;
427
428 lck = idx;
429 continue;
430 }
431
432 if (!htx_add_header(htx, list[idx].n, list[idx].v))
433 goto fail;
434 }
435
436 /* RFC7540#8.1.2.1 mandates to reject response pseudo-headers (:status) */
437 if (fields & H2_PHDR_FND_STAT)
438 goto fail;
439
440 /* Let's dump the request now if not yet emitted. */
441 if (!(fields & H2_PHDR_FND_NONE)) {
442 sl = h2_prepare_htx_reqline(fields, phdr_val, htx, msgf);
443 if (!sl)
444 goto fail;
445 }
446
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100447 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0))
448 sl_flags |= HTX_SL_F_BODYLESS;
449
Willy Tarreau6deb4122018-11-27 15:34:18 +0100450 /* update the start line with last detected header info */
451 sl->flags |= sl_flags;
452
453 /* complete with missing Host if needed */
454 if ((fields & (H2_PHDR_FND_HOST|H2_PHDR_FND_AUTH)) == H2_PHDR_FND_AUTH) {
455 /* missing Host field, use :authority instead */
456 if (!htx_add_header(htx, ist("host"), phdr_val[H2_PHDR_IDX_AUTH]))
457 goto fail;
458 }
459
460 /* now we may have to build a cookie list. We'll dump the values of all
461 * visited headers.
462 */
463 if (ck >= 0) {
464 uint32_t fs; // free space
465 uint32_t bs; // block size
466 uint32_t vl; // value len
Willy Tarreau164e0612018-12-18 11:00:41 +0100467 uint32_t tl; // total length
Willy Tarreau6deb4122018-11-27 15:34:18 +0100468 struct htx_blk *blk;
469
470 blk = htx_add_header(htx, ist("cookie"), list[ck].v);
471 if (!blk)
472 goto fail;
473
Willy Tarreau164e0612018-12-18 11:00:41 +0100474 tl = list[ck].v.len;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100475 fs = htx_free_data_space(htx);
476 bs = htx_get_blksz(blk);
477
478 /* for each extra cookie, we'll extend the cookie's value and
479 * insert "; " before the new value.
480 */
Willy Tarreau164e0612018-12-18 11:00:41 +0100481 fs += tl; // first one is already counted
482 for (; (ck = list[ck].n.len) >= 0 ; ) {
Willy Tarreau6deb4122018-11-27 15:34:18 +0100483 vl = list[ck].v.len;
Willy Tarreau164e0612018-12-18 11:00:41 +0100484 tl += vl + 2;
485 if (tl > fs)
Willy Tarreau6deb4122018-11-27 15:34:18 +0100486 goto fail;
487
Christopher Faulet3e2638e2019-06-18 09:49:16 +0200488 htx_change_blk_value_len(htx, blk, tl);
Willy Tarreau6deb4122018-11-27 15:34:18 +0100489 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 0) = ';';
490 *(char *)(htx_get_blk_ptr(htx, blk) + bs + 1) = ' ';
491 memcpy(htx_get_blk_ptr(htx, blk) + bs + 2, list[ck].v.ptr, vl);
492 bs += vl + 2;
Willy Tarreau6deb4122018-11-27 15:34:18 +0100493 }
494
495 }
496
497 /* now send the end of headers marker */
498 htx_add_endof(htx, HTX_BLK_EOH);
499
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +0500500 /* Set bytes used in the HTX message for the headers now */
Christopher Faulet33543e72019-05-15 15:53:20 +0200501 sl->hdrs_bytes = htx_used_space(htx) - used;
502
Willy Tarreau6deb4122018-11-27 15:34:18 +0100503 ret = 1;
504 return ret;
505
506 fail:
507 return -1;
508}
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200509
510/* Prepare the status line into <htx> from pseudo headers stored in <phdr[]>.
511 * <fields> indicates what was found so far. This should be called once at the
512 * detection of the first general header field or at the end of the message if
513 * no general header field was found yet. Returns the created start line on
514 * success, or NULL on failure. Upon success, <msgf> is updated with a few
515 * H2_MSGF_* flags indicating what was found while parsing.
516 */
517static struct htx_sl *h2_prepare_htx_stsline(uint32_t fields, struct ist *phdr, struct htx *htx, unsigned int *msgf)
518{
519 unsigned int flags = HTX_SL_F_NONE;
520 struct htx_sl *sl;
521 unsigned char h, t, u;
522
523 /* only :status is allowed as a pseudo header */
524 if (!(fields & H2_PHDR_FND_STAT))
525 goto fail;
526
527 if (phdr[H2_PHDR_IDX_STAT].len != 3)
528 goto fail;
529
530 /* Set HTX start-line flags */
531 flags |= HTX_SL_F_VER_11; // V2 in fact
532 flags |= HTX_SL_F_XFER_LEN; // xfer len always known with H2
533
534 sl = htx_add_stline(htx, HTX_BLK_RES_SL, flags, ist("HTTP/2.0"), phdr[H2_PHDR_IDX_STAT], ist(""));
535 if (!sl)
536 goto fail;
537
538 h = phdr[H2_PHDR_IDX_STAT].ptr[0] - '0';
539 t = phdr[H2_PHDR_IDX_STAT].ptr[1] - '0';
540 u = phdr[H2_PHDR_IDX_STAT].ptr[2] - '0';
541 if (h > 9 || t > 9 || u > 9)
542 goto fail;
543
544 sl->info.res.status = h * 100 + t * 10 + u;
545
Christopher Faulet0b465482019-02-19 15:14:23 +0100546 /* On 1xx responses (except 101) there is no ES on the HEADERS frame but
547 * there is no body. So remove the flag H2_MSGF_BODY and add
548 * H2_MSGF_RSP_1XX to notify the decoder another HEADERS frame is
549 * expected.
550 */
551 if (sl->info.res.status < 200 &&
552 (sl->info.res.status == 100 || sl->info.res.status >= 102)) {
553 *msgf |= H2_MSGF_RSP_1XX;
554 *msgf &= ~H2_MSGF_BODY;
555 }
556
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200557 return sl;
558 fail:
559 return NULL;
560}
561
562/* Takes an H2 response present in the headers list <list> terminated by a name
563 * being <NULL,0> and emits the equivalent HTX response according to the rules
564 * documented in RFC7540 #8.1.2. The output contents are emitted in <htx>, and
565 * a positive value is returned if some bytes were emitted. In case of error, a
566 * negative error code is returned.
567 *
568 * Upon success, <msgf> is filled with a few H2_MSGF_* flags indicating what
569 * was found while parsing. The caller must set it to zero in or H2_MSGF_BODY
570 * if a body is detected (!ES).
571 *
572 * The headers list <list> must be composed of :
573 * - n.name != NULL, n.len > 0 : literal header name
574 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
575 * among H2_PHDR_IDX_*
576 * - n.name ignored, n.len == 0 : end of list
577 * - in all cases except the end of list, v.name and v.len must designate a
578 * valid value.
579 */
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100580int h2_make_htx_response(struct http_hdr *list, struct htx *htx, unsigned int *msgf, unsigned long long *body_len)
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200581{
582 struct ist phdr_val[H2_PHDR_NUM_ENTRIES];
583 uint32_t fields; /* bit mask of H2_PHDR_FND_* */
584 uint32_t idx;
585 int phdr;
586 int ret;
587 int i;
Christopher Faulet33543e72019-05-15 15:53:20 +0200588 uint32_t used = htx_used_space(htx);
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200589 struct htx_sl *sl = NULL;
590 unsigned int sl_flags = 0;
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100591 const char *ctl;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200592
593 fields = 0;
594 for (idx = 0; list[idx].n.len != 0; idx++) {
595 if (!list[idx].n.ptr) {
596 /* this is an indexed pseudo-header */
597 phdr = list[idx].n.len;
598 }
599 else {
600 /* this can be any type of header */
Willy Tarreau146f53a2019-11-24 10:34:39 +0100601 /* RFC7540#8.1.2: upper case not allowed in header field names.
602 * #10.3: header names must be valid (i.e. match a token).
603 * For pseudo-headers we check from 2nd char and for other ones
604 * from the first char, because HTTP_IS_TOKEN() also excludes
605 * the colon.
606 */
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200607 phdr = h2_str_to_phdr(list[idx].n);
Willy Tarreau146f53a2019-11-24 10:34:39 +0100608
609 for (i = !!phdr; i < list[idx].n.len; i++)
610 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
611 goto fail;
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200612 }
613
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100614 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
615 * rejecting NUL, CR and LF characters.
616 */
617 ctl = ist_find_ctl(list[idx].v);
618 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
619 goto fail;
620
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200621 if (phdr > 0 && phdr < H2_PHDR_NUM_ENTRIES) {
622 /* insert a pseudo header by its index (in phdr) and value (in value) */
623 if (fields & ((1 << phdr) | H2_PHDR_FND_NONE)) {
624 if (fields & H2_PHDR_FND_NONE) {
625 /* pseudo header field after regular headers */
626 goto fail;
627 }
628 else {
629 /* repeated pseudo header field */
630 goto fail;
631 }
632 }
633 fields |= 1 << phdr;
634 phdr_val[phdr] = list[idx].v;
635 continue;
636 }
637 else if (phdr != 0) {
638 /* invalid pseudo header -- should never happen here */
639 goto fail;
640 }
641
642 /* regular header field in (name,value) */
643 if (!(fields & H2_PHDR_FND_NONE)) {
644 /* no more pseudo-headers, time to build the status line */
645 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
646 if (!sl)
647 goto fail;
648 fields |= H2_PHDR_FND_NONE;
649 }
650
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100651 if (isteq(list[idx].n, ist("content-length"))) {
Willy Tarreau4790f7c2019-01-24 11:33:02 +0100652 ret = h2_parse_cont_len_header(msgf, &list[idx].v, body_len);
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100653 if (ret < 0)
654 goto fail;
655
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200656 sl_flags |= HTX_SL_F_CLEN;
Willy Tarreaubeefaee2018-12-19 13:08:08 +0100657 if (ret == 0)
658 continue; // skip this duplicate
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200659 }
660
661 /* these ones are forbidden in responses (RFC7540#8.1.2.2) */
662 if (isteq(list[idx].n, ist("connection")) ||
663 isteq(list[idx].n, ist("proxy-connection")) ||
664 isteq(list[idx].n, ist("keep-alive")) ||
665 isteq(list[idx].n, ist("upgrade")) ||
666 isteq(list[idx].n, ist("transfer-encoding")))
667 goto fail;
668
669 if (!htx_add_header(htx, list[idx].n, list[idx].v))
670 goto fail;
671 }
672
673 /* RFC7540#8.1.2.1 mandates to reject request pseudo-headers */
674 if (fields & (H2_PHDR_FND_AUTH|H2_PHDR_FND_METH|H2_PHDR_FND_PATH|H2_PHDR_FND_SCHM))
675 goto fail;
676
677 /* Let's dump the request now if not yet emitted. */
678 if (!(fields & H2_PHDR_FND_NONE)) {
679 sl = h2_prepare_htx_stsline(fields, phdr_val, htx, msgf);
680 if (!sl)
681 goto fail;
682 }
683
Christopher Faulet44af3cf2019-02-18 10:12:56 +0100684 if (!(*msgf & H2_MSGF_BODY) || ((*msgf & H2_MSGF_BODY_CL) && *body_len == 0))
685 sl_flags |= HTX_SL_F_BODYLESS;
686
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200687 /* update the start line with last detected header info */
688 sl->flags |= sl_flags;
689
690 if ((*msgf & (H2_MSGF_BODY|H2_MSGF_BODY_TUNNEL|H2_MSGF_BODY_CL)) == H2_MSGF_BODY) {
691 /* FIXME: Do we need to signal anything when we have a body and
692 * no content-length, to have the equivalent of H1's chunked
693 * encoding?
694 */
695 }
696
697 /* now send the end of headers marker */
698 htx_add_endof(htx, HTX_BLK_EOH);
699
Ilya Shipitsin6fb0f212020-04-02 15:25:26 +0500700 /* Set bytes used in the HTX message for the headers now */
Christopher Faulet33543e72019-05-15 15:53:20 +0200701 sl->hdrs_bytes = htx_used_space(htx) - used;
702
Willy Tarreau1329b5b2018-10-08 14:49:20 +0200703 ret = 1;
704 return ret;
705
706 fail:
707 return -1;
708}
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100709
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200710/* Takes an H2 headers list <list> terminated by a name being <NULL,0> and emits
711 * the equivalent HTX trailers blocks. The output contents are emitted in <htx>,
712 * and a positive value is returned if some bytes were emitted. In case of
713 * error, a negative error code is returned. The caller must have verified that
714 * the message in the buffer is compatible with receipt of trailers.
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100715 *
716 * The headers list <list> must be composed of :
717 * - n.name != NULL, n.len > 0 : literal header name
718 * - n.name == NULL, n.len > 0 : indexed pseudo header name number <n.len>
719 * among H2_PHDR_IDX_* (illegal here)
720 * - n.name ignored, n.len == 0 : end of list
721 * - in all cases except the end of list, v.name and v.len must designate a
722 * valid value.
723 */
724int h2_make_htx_trailers(struct http_hdr *list, struct htx *htx)
725{
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100726 const char *ctl;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100727 uint32_t idx;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100728 int i;
729
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100730 for (idx = 0; list[idx].n.len != 0; idx++) {
731 if (!list[idx].n.ptr) {
732 /* This is an indexed pseudo-header (RFC7540#8.1.2.1) */
733 goto fail;
734 }
735
Willy Tarreau146f53a2019-11-24 10:34:39 +0100736 /* RFC7540#8.1.2: upper case not allowed in header field names.
737 * #10.3: header names must be valid (i.e. match a token). This
738 * also catches pseudo-headers which are forbidden in trailers.
739 */
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100740 for (i = 0; i < list[idx].n.len; i++)
Willy Tarreau146f53a2019-11-24 10:34:39 +0100741 if ((uint8_t)(list[idx].n.ptr[i] - 'A') < 'Z' - 'A' || !HTTP_IS_TOKEN(list[idx].n.ptr[i]))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100742 goto fail;
743
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100744 /* these ones are forbidden in trailers (RFC7540#8.1.2.2) */
745 if (isteq(list[idx].n, ist("host")) ||
746 isteq(list[idx].n, ist("content-length")) ||
747 isteq(list[idx].n, ist("connection")) ||
748 isteq(list[idx].n, ist("proxy-connection")) ||
749 isteq(list[idx].n, ist("keep-alive")) ||
750 isteq(list[idx].n, ist("upgrade")) ||
751 isteq(list[idx].n, ist("te")) ||
752 isteq(list[idx].n, ist("transfer-encoding")))
753 goto fail;
754
Willy Tarreau54f53ef2019-11-22 16:02:43 +0100755 /* RFC7540#10.3: intermediaries forwarding to HTTP/1 must take care of
756 * rejecting NUL, CR and LF characters.
757 */
758 ctl = ist_find_ctl(list[idx].v);
759 if (unlikely(ctl) && has_forbidden_char(list[idx].v, ctl))
760 goto fail;
761
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200762 if (!htx_add_trailer(htx, list[idx].n, list[idx].v))
763 goto fail;
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100764 }
765
Christopher Faulet2d7c5392019-06-03 10:41:26 +0200766 if (!htx_add_endof(htx, HTX_BLK_EOT))
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100767 goto fail;
768
Willy Tarreau1e1f27c2019-01-03 18:39:54 +0100769 return 1;
770
771 fail:
772 return -1;
773}