projects / project / uhttpd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix use-after-realloc issue with the request url
[project/uhttpd.git] / client.c
1 /*
2 * uhttpd - Tiny single-threaded httpd
3 *
4 * Copyright (C) 2010-2012 Jo-Philipp Wich <xm@subsignal.org>
5 * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #include <libubox/blobmsg.h>
21 #include <ctype.h>
22
23 #include "uhttpd.h"
24
25 static LIST_HEAD(clients);
26
27 int n_clients = 0;
28 struct config conf = {};
29
30 const char * const http_versions[] = {
31 [UH_HTTP_VER_0_9] = "HTTP/0.9",
32 [UH_HTTP_VER_1_0] = "HTTP/1.0",
33 [UH_HTTP_VER_1_1] = "HTTP/1.1",
34 };
35
36 const char * const http_methods[] = {
37 [UH_HTTP_MSG_GET] = "GET",
38 [UH_HTTP_MSG_POST] = "POST",
39 [UH_HTTP_MSG_HEAD] = "HEAD",
40 };
41
42 void uh_http_header(struct client *cl, int code, const char *summary)
43 {
44 const char *enc = "Transfer-Encoding: chunked\r\n";
45 const char *conn;
46
47 if (!uh_use_chunked(cl))
48 enc = "";
49
50 if (cl->request.version != UH_HTTP_VER_1_1)
51 conn = "Connection: close";
52 else
53 conn = "Connection: keep-alive";
54
55 ustream_printf(cl->us, "%s %03i %s\r\n%s\r\n%s",
56 http_versions[cl->request.version],
57 code, summary, conn, enc);
58 }
59
60 static void uh_connection_close(struct client *cl)
61 {
62 cl->state = CLIENT_STATE_CLOSE;
63 cl->us->eof = true;
64 ustream_state_change(cl->us);
65 }
66
67 static void uh_dispatch_done(struct client *cl)
68 {
69 if (cl->dispatch.free)
70 cl->dispatch.free(cl);
71 }
72
73 void uh_request_done(struct client *cl)
74 {
75 uh_chunk_eof(cl);
76 uh_dispatch_done(cl);
77 cl->us->notify_write = NULL;
78 memset(&cl->dispatch, 0, sizeof(cl->dispatch));
79
80 if (cl->request.version != UH_HTTP_VER_1_1 || !conf.http_keepalive) {
81 uh_connection_close(cl);
82 return;
83 }
84
85 cl->state = CLIENT_STATE_INIT;
86 uloop_timeout_set(&cl->timeout, conf.http_keepalive * 1000);
87 }
88
89 void __printf(4, 5)
90 uh_client_error(struct client *cl, int code, const char *summary, const char *fmt, ...)
91 {
92 va_list arg;
93
94 uh_http_header(cl, code, summary);
95 ustream_printf(cl->us, "Content-Type: text/html\r\n\r\n");
96
97 uh_chunk_printf(cl, "<h1>%s</h1>", summary);
98
99 if (fmt) {
100 va_start(arg, fmt);
101 uh_chunk_vprintf(cl, fmt, arg);
102 va_end(arg);
103 }
104
105 uh_request_done(cl);
106 }
107
108 static void uh_header_error(struct client *cl, int code, const char *summary)
109 {
110 uh_client_error(cl, code, summary, NULL);
111 uh_connection_close(cl);
112 }
113
114 static void client_timeout(struct uloop_timeout *timeout)
115 {
116 struct client *cl = container_of(timeout, struct client, timeout);
117
118 cl->state = CLIENT_STATE_CLOSE;
119 uh_connection_close(cl);
120 }
121
122 static int find_idx(const char * const *list, int max, const char *str)
123 {
124 int i;
125
126 for (i = 0; i < max; i++)
127 if (!strcmp(list[i], str))
128 return i;
129
130 return -1;
131 }
132
133 static int client_parse_request(struct client *cl, char *data)
134 {
135 struct http_request *req = &cl->request;
136 char *type, *path, *version;
137 int h_method, h_version;
138
139 type = strtok(data, " ");
140 path = strtok(NULL, " ");
141 version = strtok(NULL, " ");
142 if (!type || !path || !version)
143 return CLIENT_STATE_DONE;
144
145 blobmsg_add_string(&cl->hdr, "URL", path);
146
147 memset(&cl->request, 0, sizeof(cl->request));
148 h_method = find_idx(http_methods, ARRAY_SIZE(http_methods), type);
149 h_version = find_idx(http_versions, ARRAY_SIZE(http_versions), version);
150 if (h_method < 0 || h_version < 0) {
151 req->version = UH_HTTP_VER_1_0;
152 return CLIENT_STATE_DONE;
153 }
154
155 req->method = h_method;
156 req->version = h_version;
157
158 return CLIENT_STATE_HEADER;
159 }
160
161 static bool client_init_cb(struct client *cl, char *buf, int len)
162 {
163 char *newline;
164
165 newline = strstr(buf, "\r\n");
166 if (!newline)
167 return false;
168
169 *newline = 0;
170 blob_buf_init(&cl->hdr, 0);
171 cl->state = client_parse_request(cl, buf);
172 ustream_consume(cl->us, newline + 2 - buf);
173 if (cl->state == CLIENT_STATE_DONE)
174 uh_header_error(cl, 400, "Bad Request");
175
176 return true;
177 }
178
179 static bool rfc1918_filter_check(struct client *cl)
180 {
181 if (!conf.rfc1918_filter)
182 return true;
183
184 if (!uh_addr_rfc1918(&cl->peer_addr) || uh_addr_rfc1918(&cl->srv_addr))
185 return true;
186
187 uh_client_error(cl, 403, "Forbidden",
188 "Rejected request from RFC1918 IP "
189 "to public server address");
190 return false;
191 }
192
193 static void client_header_complete(struct client *cl)
194 {
195 if (!rfc1918_filter_check(cl))
196 return;
197
198 if (cl->request.expect_cont)
199 ustream_printf(cl->us, "HTTP/1.1 100 Continue\r\n\r\n");
200
201 uh_handle_request(cl);
202 }
203
204 static void client_parse_header(struct client *cl, char *data)
205 {
206 struct http_request *r = &cl->request;
207 char *err;
208 char *name;
209 char *val;
210
211 if (!*data) {
212 uloop_timeout_cancel(&cl->timeout);
213 cl->state = CLIENT_STATE_DATA;
214 client_header_complete(cl);
215 return;
216 }
217
218 val = uh_split_header(data);
219 if (!val) {
220 cl->state = CLIENT_STATE_DONE;
221 return;
222 }
223
224 for (name = data; *name; name++)
225 if (isupper(*name))
226 *name = tolower(*name);
227
228 if (!strcmp(data, "expect")) {
229 if (!strcasecmp(val, "100-continue"))
230 r->expect_cont = true;
231 else {
232 uh_header_error(cl, 412, "Precondition Failed");
233 return;
234 }
235 } else if (!strcmp(data, "content-length")) {
236 r->content_length = strtoul(val, &err, 0);
237 if (err && *err) {
238 uh_header_error(cl, 400, "Bad Request");
239 return;
240 }
241 } else if (!strcmp(data, "transfer-encoding")) {
242 if (!strcmp(val, "chunked"))
243 r->transfer_chunked = true;
244 }
245
246
247 blobmsg_add_string(&cl->hdr, data, val);
248
249 cl->state = CLIENT_STATE_HEADER;
250 }
251
252 static bool client_data_cb(struct client *cl, char *buf, int len)
253 {
254 struct dispatch *d = &cl->dispatch;
255 struct http_request *r = &cl->request;
256 int consumed = 0;
257 int cur_len = 0;
258
259 if (!d->data_send)
260 return false;
261
262 while (len) {
263 int offset = 0;
264 char *sep;
265
266 consumed += cur_len;
267 buf += cur_len;
268 len -= cur_len;
269 cur_len = min(r->content_length, len);
270
271 if (cur_len) {
272 r->content_length -= cur_len;
273 if (d->data_send)
274 d->data_send(cl, buf, cur_len);
275 continue;
276 }
277
278 if (!r->transfer_chunked)
279 break;
280
281 if (r->transfer_chunked > 1)
282 offset = 2;
283
284 sep = strstr(buf + offset, "\r\n");
285 if (!sep)
286 break;
287
288 *sep = 0;
289 cur_len = sep + 2 - buf;
290
291 r->content_length = strtoul(buf + offset, &sep, 16);
292 r->transfer_chunked++;
293
294 /* invalid chunk length */
295 if (sep && *sep)
296 goto abort;
297
298 /* empty chunk == eof */
299 if (!r->content_length)
300 r->transfer_chunked = false;
301
302 continue;
303
304 abort:
305 consumed = len;
306 r->content_length = 0;
307 r->transfer_chunked = 0;
308 break;
309 }
310
311 ustream_consume(cl->us, consumed);
312 if (!r->content_length && !r->transfer_chunked) {
313 if (cl->dispatch.data_done)
314 cl->dispatch.data_done(cl);
315
316 cl->state = CLIENT_STATE_DONE;
317 }
318 return false;
319 }
320
321 static bool client_header_cb(struct client *cl, char *buf, int len)
322 {
323 char *newline;
324 int line_len;
325
326 newline = strstr(buf, "\r\n");
327 if (!newline)
328 return false;
329
330 *newline = 0;
331 client_parse_header(cl, buf);
332 line_len = newline + 2 - buf;
333 ustream_consume(cl->us, line_len);
334 if (cl->state == CLIENT_STATE_DATA)
335 return client_data_cb(cl, newline + 2, len - line_len);
336
337 return true;
338 }
339
340 typedef bool (*read_cb_t)(struct client *cl, char *buf, int len);
341 static read_cb_t read_cbs[] = {
342 [CLIENT_STATE_INIT] = client_init_cb,
343 [CLIENT_STATE_HEADER] = client_header_cb,
344 [CLIENT_STATE_DATA] = client_data_cb,
345 };
346
347 static void client_read_cb(struct client *cl)
348 {
349 struct ustream *us = cl->us;
350 char *str;
351 int len;
352
353 do {
354 str = ustream_get_read_buf(us, &len);
355 if (!str || !len)
356 break;
357
358 if (cl->state >= array_size(read_cbs) || !read_cbs[cl->state])
359 break;
360
361 if (!read_cbs[cl->state](cl, str, len)) {
362 if (len == us->r.buffer_len &&
363 cl->state != CLIENT_STATE_DATA)
364 uh_header_error(cl, 413, "Request Entity Too Large");
365 break;
366 }
367 } while(1);
368 }
369
370 static void client_close(struct client *cl)
371 {
372 n_clients--;
373 uh_dispatch_done(cl);
374 uloop_timeout_cancel(&cl->timeout);
375 ustream_free(&cl->sfd.stream);
376 close(cl->sfd.fd.fd);
377 list_del(&cl->list);
378 blob_buf_free(&cl->hdr);
379 free(cl);
380
381 uh_unblock_listeners();
382 }
383
384 static void client_ustream_read_cb(struct ustream *s, int bytes)
385 {
386 struct client *cl = container_of(s, struct client, sfd);
387
388 client_read_cb(cl);
389 }
390
391 static void client_ustream_write_cb(struct ustream *s, int bytes)
392 {
393 struct client *cl = container_of(s, struct client, sfd);
394
395 if (cl->dispatch.write_cb)
396 cl->dispatch.write_cb(cl);
397 }
398
399 static void client_notify_state(struct ustream *s)
400 {
401 struct client *cl = container_of(s, struct client, sfd);
402
403 if (!s->write_error) {
404 if (cl->state == CLIENT_STATE_DATA)
405 return;
406
407 if (!s->eof || s->w.data_bytes)
408 return;
409 }
410
411 return client_close(cl);
412 }
413
414 static void set_addr(struct uh_addr *addr, void *src)
415 {
416 struct sockaddr_in *sin = src;
417 struct sockaddr_in6 *sin6 = src;
418
419 addr->family = sin->sin_family;
420 if (addr->family == AF_INET) {
421 addr->port = ntohs(sin->sin_port);
422 memcpy(&addr->in, &sin->sin_addr, sizeof(addr->in));
423 } else {
424 addr->port = ntohs(sin6->sin6_port);
425 memcpy(&addr->in6, &sin6->sin6_addr, sizeof(addr->in6));
426 }
427 }
428
429 void uh_accept_client(int fd)
430 {
431 static struct client *next_client;
432 struct client *cl;
433 unsigned int sl;
434 int sfd;
435 static int client_id = 0;
436 struct sockaddr_in6 addr;
437
438 if (!next_client)
439 next_client = calloc(1, sizeof(*next_client));
440
441 cl = next_client;
442
443 sl = sizeof(addr);
444 sfd = accept(fd, (struct sockaddr *) &addr, &sl);
445 if (sfd < 0)
446 return;
447
448 set_addr(&cl->peer_addr, &addr);
449 sl = sizeof(addr);
450 getsockname(fd, (struct sockaddr *) &addr, &sl);
451 set_addr(&cl->srv_addr, &addr);
452 cl->us = &cl->sfd.stream;
453 cl->us->string_data = true;
454 cl->us->notify_read = client_ustream_read_cb;
455 cl->us->notify_write = client_ustream_write_cb;
456 cl->us->notify_state = client_notify_state;
457 ustream_fd_init(&cl->sfd, sfd);
458
459 cl->timeout.cb = client_timeout;
460 uloop_timeout_set(&cl->timeout, conf.network_timeout * 1000);
461
462 list_add_tail(&cl->list, &clients);
463
464 next_client = NULL;
465 n_clients++;
466 cl->id = client_id++;
467 }
468
469 void uh_close_fds(void)
470 {
471 struct client *cl;
472
473 uloop_done();
474 uh_close_listen_fds();
475 list_for_each_entry(cl, &clients, list) {
476 close(cl->sfd.fd.fd);
477 if (cl->dispatch.close_fds)
478 cl->dispatch.close_fds(cl);
479 }
480 }
Tiny HTTP server