lighttpd 1.4.x https://www.lighttpd.net/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1310 lines
51 KiB

/*
* request - HTTP request processing
*
* Fully-rewritten from original
* Copyright(c) 2018 Glenn Strauss gstrauss()gluelogic.com All rights reserved
* License: BSD 3-clause (same as lighttpd)
*/
#include "first.h"
#include "request.h"
#include "burl.h"
#include "http_header.h"
#include "http_kv.h"
#include "log.h"
#include "sock_addr.h"
#include <limits.h>
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
static int request_check_hostname(buffer * const host) {
/*
* hostport = host [ ":" port ]
* host = hostname | IPv4address | IPv6address
* hostname = *( domainlabel "." ) toplabel [ "." ]
* domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum
* toplabel = alpha | alpha *( alphanum | "-" ) alphanum
* IPv4address = 1*digit "." 1*digit "." 1*digit "." 1*digit
* IPv6address = "[" ... "]"
* port = *digit
*/
const char *h = host->ptr;
if (*h != '[') {
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
uint32_t len = buffer_clen(host);
const char * const colon = memchr(h, ':', len);
uint32_t hlen = colon ? (uint32_t)(colon - h) : len;
/* if hostname ends in ".", strip it */
if (__builtin_expect( (0 == hlen), 0)) return -1;
if (__builtin_expect( (h[hlen-1] == '.'), 0)) {
/* shift port info one left */
if (--hlen == 0) return -1;
--len;
if (NULL != colon)
memmove(host->ptr+hlen, colon, len - hlen);
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
buffer_truncate(host, len);
}
int label_len = 0;
int allnumeric = 1;
int numeric = 1;
int level = 0;
for (uint32_t i = 0; i < hlen; ++i) {
const int ch = h[i];
++label_len;
if (light_isdigit(ch))
continue;
else if ((light_isalpha(ch) || (ch == '-' && i != 0)))
numeric = 0;
else if (ch == '.' && 1 != label_len && '-' != h[i+1]) {
allnumeric &= numeric;
numeric = 1;
label_len = 0;
++level;
}
else
return -1;
}
/* (if last segment numeric, then IPv4 and must have 4 numeric parts) */
if (0 == label_len || (numeric && (level != 3 || !allnumeric)))
return -1;
h += hlen;
}
else { /* IPv6 address */
/* check the address inside [...]; note: not fully validating */
/* (note: not allowing scoped literals, e.g. %eth0 suffix) */
++h; /* step past '[' */
int cnt = 0;
while (light_isxdigit(*h) || *h == '.' || (*h == ':' && ++cnt < 8)) ++h;
/*(invalid char, too many ':', missing ']', or empty "[]")*/
if (*h != ']' || h - host->ptr == 1) return -1;
++h; /* step past ']' */
}
/* check numerical port, if present */
if (*h == ':') {
if (__builtin_expect( (h[1] == '\0'), 0)) /*(remove trailing colon)*/
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
buffer_truncate(host, h - host->ptr);
do { ++h; } while (light_isdigit(*h));
}
return (*h == '\0') ? 0 : -1;
}
int http_request_host_normalize(buffer * const b, const int scheme_port) {
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
/*
* check for and canonicalize numeric IP address and portnum (optional)
* (IP address may be followed by ":portnum" (optional))
* - IPv6: "[...]"
* - IPv4: "x.x.x.x"
* - IPv4: 12345678 (32-bit decimal number)
* - IPv4: 012345678 (32-bit octal number)
* - IPv4: 0x12345678 (32-bit hex number)
*
* allow any chars (except ':' and '\0' and stray '[' or ']')
* (other code may check chars more strictly or more pedantically)
* ':' delimits (optional) port at end of string
* "[]" wraps IPv6 address literal
* '\0' should have been rejected earlier were it present
*
* any chars includes, but is not limited to:
* - allow '-' any where, even at beginning of word
* (security caution: might be confused for cmd flag if passed to shell)
* - allow all-digit TLDs
* (might be mistaken for IPv4 addr by inet_aton()
* unless non-digits appear in subdomain)
*/
/* Note: not using getaddrinfo() since it does not support "[]" around IPv6
* and is not as lenient as inet_aton() and inet_addr() for IPv4 strings.
* Not using inet_pton() (when available) on IPv4 for similar reasons. */
const char * const p = b->ptr;
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
const size_t blen = buffer_clen(b);
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
long port = 0;
if (*p != '[') {
char * const colon = (char *)memchr(p, ':', blen);
if (colon) {
if (*p == ':') return -1; /*(empty host then port, or naked IPv6)*/
if (colon[1] != '\0') {
char *e;
port = strtol(colon+1, &e, 0); /*(allow decimal, octal, hex)*/
if (0 < port && port <= USHRT_MAX && *e == '\0') {
/* valid port */
} else {
return -1;
}
} /*(else ignore stray colon at string end)*/
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
buffer_truncate(b, (size_t)(colon - p)); /*(remove port str)*/
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
}
if (light_isdigit(*p)) do {
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
/* (IPv4 address literal or domain starting w/ digit (e.g. 3com))*/
/* (check one-element cache of normalized IPv4 address string) */
static struct { char s[INET_ADDRSTRLEN]; size_t n; } laddr;
size_t n = colon ? (size_t)(colon - p) : blen;
sock_addr addr;
if (n == laddr.n && 0 == memcmp(p, laddr.s, n)) break;
if (1 == sock_addr_inet_pton(&addr, p, AF_INET, 0)) {
sock_addr_inet_ntop_copy_buffer(b, &addr);
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
n = buffer_clen(b);
if (n < sizeof(laddr.s)) memcpy(laddr.s, b->ptr, (laddr.n = n));
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
}
} while (0);
} else do { /* IPv6 addr */
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
#if defined(HAVE_IPV6) && defined(HAVE_INET_PTON)
/* (check one-element cache of normalized IPv4 address string) */
static struct { char s[INET6_ADDRSTRLEN]; size_t n; } laddr;
sock_addr addr;
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
char *bracket = b->ptr+blen-1;
char *percent = strchr(b->ptr+1, '%');
size_t len;
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
int rc;
char buf[INET6_ADDRSTRLEN+16]; /*(+16 for potential %interface name)*/
if (blen <= 2) return -1; /*(invalid "[]")*/
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
if (*bracket != ']') {
bracket = (char *)memchr(b->ptr+1, ']', blen-1);
if (NULL == bracket || bracket[1] != ':' || bracket - b->ptr == 1){
return -1;
}
if (bracket[2] != '\0') { /*(ignore stray colon at string end)*/
char *e;
port = strtol(bracket+2, &e, 0); /*(allow decimal, octal, hex)*/
if (0 < port && port <= USHRT_MAX && *e == '\0') {
/* valid port */
} else {
return -1;
}
}
}
len = (size_t)((percent ? percent : bracket) - (b->ptr+1));
if (laddr.n == len && 0 == memcmp(laddr.s, b->ptr+1, len)) {
/* truncate after ']' and re-add normalized port, if needed */
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
buffer_truncate(b, (size_t)(bracket - b->ptr + 1));
break;
}
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
*bracket = '\0';/*(terminate IPv6 string)*/
if (percent) *percent = '\0'; /*(remove %interface from address)*/
rc = sock_addr_inet_pton(&addr, b->ptr+1, AF_INET6, 0);
if (percent) *percent = '%'; /*(restore %interface)*/
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
*bracket = ']'; /*(restore bracket)*/
if (1 != rc) return -1;
sock_addr_inet_ntop(&addr, buf, sizeof(buf));
len = strlen(buf);
if (percent) {
if (percent > bracket) return -1;
if (len + (size_t)(bracket - percent) >= sizeof(buf)) return -1;
if (len < sizeof(laddr.s)) memcpy(laddr.s, buf, (laddr.n = len));
memcpy(buf+len, percent, (size_t)(bracket - percent));
len += (size_t)(bracket - percent);
}
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
buffer_truncate(b, 1); /* truncate after '[' */
buffer_append_str2(b, buf, len, CONST_STR_LEN("]"));
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
#else
return -1;
#endif
} while (0);
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
if (0 != port && port != scheme_port) {
[config] opts for http header parsing strictness (fixes #551, fixes #1086, fixes #1184, fixes #2143, #2258, #2281, fixes #946, fixes #1330, fixes #602, #1016) server.http-parseopt-header-strict = "enable" server.http-parseopt-host-strict = "enable" (implies host-normalize) server.http-parseopt-host-normalize = "disable" defaults retain current behavior, which is strict header parsing and strict host parsing, with enhancement to normalize IPv4 address and port number strings. For lighttpd tests, these need to be enabled (and are by default) For marginally faster HTTP header parsing for benchmarks, disable these. To allow - underscores in hostname - hypen ('-') at beginning of hostname - all-numeric TLDs server.http-parseopt-host-strict = "disable" x-ref: "lighttpd doesn't allow underscores in host names" https://redmine.lighttpd.net/issues/551 "hyphen in hostname" https://redmine.lighttpd.net/issues/1086 "a numeric tld" https://redmine.lighttpd.net/issues/1184 "Numeric tld's" https://redmine.lighttpd.net/issues/2143 "Bad Request" https://redmine.lighttpd.net/issues/2258 "400 Bad Request when using Numeric TLDs" https://redmine.lighttpd.net/issues/2281 To allow a variety of numerical formats to be converted to IP addresses server.http-parseopt-host-strict = "disable" server.http-parseopt-host-normalize = "enable" x-ref: "URL encoding leads to "400 - Bad Request"" https://redmine.lighttpd.net/issues/946 "400 Bad Request when using IP's numeric value ("ip2long()")" https://redmine.lighttpd.net/issues/1330 To allow most 8-bit and 7-bit chars in headers server.http-parseopt-header-strict = "disable" (not recommended) x-ref: "Russian letters not alowed?" https://redmine.lighttpd.net/issues/602 "header Content-Disposition with russian '?' (CP1251, ascii code 255) causes error" https://redmine.lighttpd.net/issues/1016
6 years ago
buffer_append_string_len(b, CONST_STR_LEN(":"));
buffer_append_int(b, (int)port);
}
return 0;
}
int http_request_host_policy (buffer * const b, const unsigned int http_parseopts, const int scheme_port) {
/* caller should lowercase, as is done in http_request_header_set_Host(),
* for consistency in case the value is used prior to calling policy func */
/*buffer_to_lower(b);*/
return (((http_parseopts & HTTP_PARSEOPT_HOST_STRICT)
&& 0 != request_check_hostname(b))
|| ((http_parseopts & HTTP_PARSEOPT_HOST_NORMALIZE)
&& 0 != http_request_host_normalize(b, scheme_port)));
}
__attribute_const__
static int request_uri_is_valid_char(const unsigned char c) {
return (c > 32 && c != 127 && c != 255);
}
__attribute_cold__
__attribute_noinline__
static int http_request_header_line_invalid(request_st * const restrict r, const int status, const char * const restrict msg) {
if (r->conf.log_request_header_on_error) {
if (msg) log_error(r->conf.errh, __FILE__, __LINE__, "%s", msg);
}
return status;
}
__attribute_cold__
__attribute_noinline__
static int http_request_header_char_invalid(request_st * const restrict r, const char ch, const char * const restrict msg) {
if (r->conf.log_request_header_on_error) {
if ((unsigned char)ch > 32 && ch != 127) {
log_error(r->conf.errh, __FILE__, __LINE__, "%s ('%c')", msg, ch);
}
else {
log_error(r->conf.errh, __FILE__, __LINE__, "%s (0x%x)", msg, ch);
}
}
return 400;
}
__attribute_noinline__
static void http_request_header_set_Host(request_st * const restrict r, const char * const h, size_t hlen)
{
r->http_host = http_header_request_set_ptr(r, HTTP_HEADER_HOST,
CONST_STR_LEN("Host"));
buffer_copy_string_len_lc(r->http_host, h, hlen);
}
int64_t
li_restricted_strtoint64 (const char *v, const uint32_t vlen, const char ** const err)
{
/* base 10 strtoll() parsing exactly vlen chars and requiring digits 0-9 */
/* rejects negative numbers and considers values > INT64_MAX an error */
/* note: errno is not set; detect error if *err != v+vlen upon return */
/*(caller must check 0 == vlen if that is to be an error for caller)*/
int64_t rv = 0;
uint32_t i;
for (i = 0; i < vlen; ++i) {
const uint8_t c = ((uint8_t *)v)[i] - '0'; /*(unsigned; underflow ok)*/
if (c > 9) break;
if (rv > INT64_MAX/10) break;
rv *= 10;
if (rv > INT64_MAX - c) break;
rv += c;
}
*err = v+i;
return rv;
}
__attribute_cold__
static int http_request_parse_duplicate(request_st * const restrict r, const enum http_header_e id, const char * const restrict k, const size_t klen, const char * const restrict v, const size_t vlen) {
/* Proxies sometimes send dup headers
* if they are the same we ignore the second
* if not, we raise an error */
const buffer * const vb = http_header_request_get(r, id, k, klen);
if (vb && buffer_eq_icase_slen(vb, v, vlen))
return 0; /* ignore header; matches existing header */
const char *errmsg;
switch (id) {
case HTTP_HEADER_HOST:
errmsg = "duplicate Host header -> 400";
break;
case HTTP_HEADER_CONTENT_TYPE:
errmsg = "duplicate Content-Type header -> 400";
break;
case HTTP_HEADER_IF_MODIFIED_SINCE:
errmsg = "duplicate If-Modified-Since header -> 400";
break;
default:
errmsg = "duplicate header -> 400";
break;
}
return http_request_header_line_invalid(r, 400, errmsg);
}
/* add header to list of headers
* certain headers are also parsed
* might drop a header if deemed unnecessary/broken
*
* returns 0 on success, HTTP status on error
*/
static int http_request_parse_single_header(request_st * const restrict r, const enum http_header_e id, const char * const restrict k, const size_t klen, const char * const restrict v, const size_t vlen) {
/*
* Note: k might not be '\0'-terminated
* Note: v is not '\0'-terminated
* With lighttpd HTTP/1.1 parser, v ends with whitespace
* (one of '\r' '\n' ' ' '\t')
* With lighttpd HTTP/2 parser, v should not be accessed beyond vlen
* (care must be taken to avoid libc funcs which expect z-strings)
*/
/*assert(vlen);*//*(caller must not call this func with 0 klen or 0 vlen)*/
switch (id) {
/*case HTTP_HEADER_OTHER:*/
default:
break;
case HTTP_HEADER_HOST:
if (!light_btst(r->rqst_htags, HTTP_HEADER_HOST)) {
if (vlen >= 1024) { /*(expecting < 256)*/
return http_request_header_line_invalid(r, 400, "uri-authority too long -> 400");
}
/*(http_request_header_append() plus sets r->http_host)*/
http_request_header_set_Host(r, v, vlen);
return 0;
}
else if (NULL != r->http_host
&& __builtin_expect( buffer_eq_slen(r->http_host,v,vlen), 1)) {
/* ignore all Host: headers if match authority in request line */
/* (expect Host to match case in :authority of HTTP/2 request) */
return 0; /* ignore header */
}
else {
return http_request_parse_duplicate(r, id, k, klen, v, vlen);
}
break;
case HTTP_HEADER_CONNECTION:
/* "Connection: close" is common case if header is present */
if ((vlen == 5 && buffer_eq_icase_ssn(v, CONST_STR_LEN("close")))
|| http_header_str_contains_token(v,vlen,CONST_STR_LEN("close"))) {
r->keep_alive = 0;
break;
}
if (http_header_str_contains_token(v,vlen,CONST_STR_LEN("keep-alive"))){
r->keep_alive = 1;
break;
}
break;
case HTTP_HEADER_CONTENT_TYPE:
if (light_btst(r->rqst_htags, HTTP_HEADER_CONTENT_TYPE)) {
return http_request_parse_duplicate(r, id, k, klen, v, vlen);
}
break;
case HTTP_HEADER_IF_NONE_MATCH:
/* if dup, only the first one will survive */
if (light_btst(r->rqst_htags, HTTP_HEADER_IF_NONE_MATCH)) {
return 0; /* ignore header */
}
break;
case HTTP_HEADER_CONTENT_LENGTH:
if (!light_btst(r->rqst_htags, HTTP_HEADER_CONTENT_LENGTH)) {
/*(trailing whitespace was removed from vlen)*/
/*(not using strtoll() since v might not be z-string)*/
const char *err;
off_t clen = (off_t)li_restricted_strtoint64(v, vlen, &err);
if (err == v+vlen) {
/* (set only if not set to -1 by Transfer-Encoding: chunked) */
if (0 == r->reqbody_length) r->reqbody_length = clen;
}
else {
return http_request_header_line_invalid(r, 400, "invalid Content-Length header -> 400");
}
}
else {
return http_request_header_line_invalid(r, 400, "duplicate Content-Length header -> 400");
}
break;
case HTTP_HEADER_HTTP2_SETTINGS:
if (light_btst(r->rqst_htags, HTTP_HEADER_HTTP2_SETTINGS)) {
return http_request_header_line_invalid(r, 400, "duplicate HTTP2-Settings header -> 400");
}
break;
case HTTP_HEADER_IF_MODIFIED_SINCE:
if (light_btst(r->rqst_htags, HTTP_HEADER_IF_MODIFIED_SINCE)) {
return http_request_parse_duplicate(r, id, k, klen, v, vlen);
}
break;
case HTTP_HEADER_TRANSFER_ENCODING:
if (HTTP_VERSION_1_1 != r->http_version) {
return http_request_header_line_invalid(r, 400,
HTTP_VERSION_1_0 == r->http_version
? "HTTP/1.0 with Transfer-Encoding (bad HTTP/1.0 proxy?) -> 400"
: "HTTP/2 with Transfer-Encoding is invalid -> 400");
}
if (!buffer_eq_icase_ss(v, vlen, CONST_STR_LEN("chunked"))) {
/* Transfer-Encoding might contain additional encodings,
* which are not currently supported by lighttpd */
return http_request_header_line_invalid(r, 501, NULL); /* Not Implemented */
}
r->reqbody_length = -1;
/* Transfer-Encoding is a hop-by-hop header,
* which must not be blindly forwarded to backends */
return 0; /* skip header */
}
http_header_request_append(r, id, k, klen, v, vlen);
return 0;
}
__attribute_cold__
static int http_request_parse_proto_loose(request_st * const restrict r, const char * const restrict ptr, const size_t len, const unsigned int http_parseopts) {
const char * proto = memchr(ptr, ' ', len);
if (NULL == proto)
return http_request_header_line_invalid(r, 400, "incomplete request line -> 400");
proto = memchr(proto+1, ' ', len - (proto+1 - ptr));
if (NULL == proto)
return http_request_header_line_invalid(r, 400, "incomplete request line -> 400");
++proto;
if (proto[0]=='H' && proto[1]=='T' && proto[2]=='T' && proto[3]=='P' && proto[4] == '/') {
if (proto[5] == '1' && proto[6] == '.' && (proto[7] == '1' || proto[7] == '0')) {
/* length already checked before calling this routine */
/* (len != (size_t)(proto - ptr + 8)) */
if (http_parseopts & HTTP_PARSEOPT_HEADER_STRICT) /*(http_header_strict)*/
return http_request_header_line_invalid(r, 400, "incomplete request line -> 400");
r->http_version = (proto[7] == '1') ? HTTP_VERSION_1_1 : HTTP_VERSION_1_0;
}
else
return http_request_header_line_invalid(r, 505, "unknown HTTP version -> 505");
}
else
return http_request_header_line_invalid(r, 400, "unknown protocol -> 400");
/* keep-alive default: HTTP/1.1 -> true; HTTP/1.0 -> false */
r->keep_alive = (HTTP_VERSION_1_0 != r->http_version);
return 0;
}
__attribute_cold__
static const char * http_request_parse_reqline_uri(request_st * const restrict r, const char * const restrict uri, const size_t len, const unsigned int http_parseopts) {
const char *nuri;
if ((len > 7 && buffer_eq_icase_ssn(uri, "http://", 7)
&& NULL != (nuri = memchr(uri + 7, '/', len-7)))
||
(len > 8 && buffer_eq_icase_ssn(uri, "https://", 8)
&& NULL != (nuri = memchr(uri + 8, '/', len-8)))) {
const char * const host = uri + (uri[4] == ':' ? 7 : 8);
const size_t hostlen = nuri - host;
if (0 == hostlen || hostlen >= 1024) { /*(expecting < 256)*/
http_request_header_line_invalid(r, 400, "uri-authority empty or too long -> 400");
return NULL;
}
/* Insert as "Host" header */
http_request_header_set_Host(r, host, hostlen);
return nuri;
} else if (!(http_parseopts & HTTP_PARSEOPT_HEADER_STRICT) /*(!http_header_strict)*/
|| (HTTP_METHOD_CONNECT == r->http_method && (uri[0] == ':' || light_isdigit(uri[0])))
|| (HTTP_METHOD_OPTIONS == r->http_method && uri[0] == '*' && 1 == len)) {
/* (permitted) */
return uri;
} else {
http_request_header_line_invalid(r, 400, "request-URI parse error -> 400");
return NULL;
}
}
__attribute_cold__
__attribute_noinline__
static int http_request_parse_header_other(request_st * const restrict r, const char * const restrict k, const int klen, const unsigned int http_header_strict);
int
http_request_validate_pseudohdrs (request_st * const restrict r, const int scheme, const unsigned int http_parseopts)
{
/* :method is required to indicate method
* CONNECT method must have :method and :authority
* All other methods must have at least :method :scheme :path */
if (HTTP_METHOD_UNSET == r->http_method)
return http_request_header_line_invalid(r, 400,
"missing pseudo-header method -> 400");
if (__builtin_expect( (HTTP_METHOD_CONNECT != r->http_method), 1)) {
if (!scheme)
return http_request_header_line_invalid(r, 400,
"missing pseudo-header scheme -> 400");
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
if (buffer_is_blank(&r->target))
return http_request_header_line_invalid(r, 400,
"missing pseudo-header path -> 400");
const char * const uri = r->target.ptr;
if (*uri != '/') { /* (common case: (*uri == '/')) */
if (uri[0] != '*' || uri[1] != '\0'
|| HTTP_METHOD_OPTIONS != r->http_method)
return http_request_header_line_invalid(r, 400,
"invalid pseudo-header path -> 400");
}
}
else { /* HTTP_METHOD_CONNECT */
if (NULL == r->http_host)
return http_request_header_line_invalid(r, 400,
"missing pseudo-header authority -> 400");
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
if (!buffer_is_blank(&r->target) || scheme)
return http_request_header_line_invalid(r, 400,
"invalid pseudo-header with CONNECT -> 400");
/* note: this copy occurs prior to http_request_host_policy()
* so any consumer handling CONNECT should normalize r->target
* as appropriate */
buffer_copy_buffer(&r->target, r->http_host);
}
buffer_copy_buffer(&r->target_orig, &r->target);
/* r->http_host, if set, is checked with http_request_host_policy()
* in http_request_parse() */
/* copied and modified from end of http_request_parse_reqline() */
/* check uri for invalid characters */
const unsigned int http_header_strict =
(http_parseopts & HTTP_PARSEOPT_HEADER_STRICT);
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
const uint32_t ulen = buffer_clen(&r->target);
const uint8_t * const uri = (uint8_t *)r->target.ptr;
if (http_header_strict) {
[multiple] reduce redundant NULL buffer checks This commit is a large set of code changes and results in removal of hundreds, perhaps thousands, of CPU instructions, a portion of which are on hot code paths. Most (buffer *) used by lighttpd are not NULL, especially since buffers were inlined into numerous larger structs such as request_st and chunk. In the small number of instances where that is not the case, a NULL check is often performed earlier in a function where that buffer is later used with a buffer_* func. In the handful of cases that remained, a NULL check was added, e.g. with r->http_host and r->conf.server_tag. - check for empty strings at config time and set value to NULL if blank string will be ignored at runtime; at runtime, simple pointer check for NULL can be used to check for a value that has been set and is not blank ("") - use buffer_is_blank() instead of buffer_string_is_empty(), and use buffer_is_unset() instead of buffer_is_empty(), where buffer is known not to be NULL so that NULL check can be skipped - use buffer_clen() instead of buffer_string_length() when buffer is known not to be NULL (to avoid NULL check at runtime) - use buffer_truncate() instead of buffer_string_set_length() to truncate string, and use buffer_extend() to extend Examples where buffer known not to be NULL: - cpv->v.b from config_plugin_values_init is not NULL if T_CONFIG_BOOL (though we might set it to NULL if buffer_is_blank(cpv->v.b)) - address of buffer is arg (&foo) (compiler optimizer detects this in most, but not all, cases) - buffer is checked for NULL earlier in func - buffer is accessed in same scope without a NULL check (e.g. b->ptr) internal behavior change: callers must not pass a NULL buffer to some funcs. - buffer_init_buffer() requires non-null args - buffer_copy_buffer() requires non-null args - buffer_append_string_buffer() requires non-null args - buffer_string_space() requires non-null arg
1 year ago
if (http_parseopts & HTTP_PARSEOPT_URL_NORMALIZE_CTRLS_REJECT)
return 0; /* URI will be checked in http_request_parse_target() */
for (uint32_t i = 0; i < ulen; ++i) {
if (!request_uri_is_valid_char(uri[i]))
return http_request_header_char_invalid(r, uri[i],
"invalid character in URI -> 400");
}
}
else {
if (NULL != memchr(uri, '\0', ulen))
return http_request_header_char_invalid(r, '\0',