projects / project / uhttpd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
fix use-after-realloc issue with the request url
[project/uhttpd.git] / proc.c
1 /*
2 * uhttpd - Tiny single-threaded httpd
3 *
4 * Copyright (C) 2010-2012 Jo-Philipp Wich <xm@subsignal.org>
5 * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org>
6 *
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 */
19
20 #include <arpa/inet.h>
21 #include <libubox/blobmsg.h>
22 #include "uhttpd.h"
23
24 #define __headers \
25 __header(accept) \
26 __header(accept_charset) \
27 __header(accept_encoding) \
28 __header(accept_language) \
29 __header(authorization) \
30 __header(connection) \
31 __header(cookie) \
32 __header(host) \
33 __header(referer) \
34 __header(user_agent) \
35 __header(content_type) \
36 __header(content_length)
37
38 #undef __header
39 #define __header __enum_header
40 enum client_hdr {
41 __headers
42 __HDR_MAX,
43 };
44
45 #undef __header
46 #define __header __blobmsg_header
47 static const struct blobmsg_policy hdr_policy[__HDR_MAX] = {
48 __headers
49 };
50
51 static const struct {
52 const char *name;
53 int idx;
54 } proc_header_env[] = {
55 { "HTTP_ACCEPT", HDR_accept },
56 { "HTTP_ACCEPT_CHARSET", HDR_accept_charset },
57 { "HTTP_ACCEPT_ENCODING", HDR_accept_encoding },
58 { "HTTP_ACCEPT_LANGUAGE", HDR_accept_language },
59 { "HTTP_AUTHORIZATION", HDR_authorization },
60 { "HTTP_CONNECTION", HDR_connection },
61 { "HTTP_COOKIE", HDR_cookie },
62 { "HTTP_HOST", HDR_host },
63 { "HTTP_REFERER", HDR_referer },
64 { "HTTP_USER_AGENT", HDR_user_agent },
65 { "CONTENT_TYPE", HDR_content_type },
66 { "CONTENT_LENGTH", HDR_content_length },
67 };
68
69 enum extra_vars {
70 /* no update needed */
71 _VAR_GW,
72 _VAR_SOFTWARE,
73
74 /* updated by uh_get_process_vars */
75 VAR_SCRIPT_NAME,
76 VAR_SCRIPT_FILE,
77 VAR_DOCROOT,
78 VAR_QUERY,
79 VAR_REQUEST,
80 VAR_PROTO,
81 VAR_METHOD,
82 VAR_PATH_INFO,
83 VAR_USER,
84 VAR_REDIRECT,
85 VAR_SERVER_NAME,
86 VAR_SERVER_ADDR,
87 VAR_SERVER_PORT,
88 VAR_REMOTE_NAME,
89 VAR_REMOTE_ADDR,
90 VAR_REMOTE_PORT,
91
92 __VAR_MAX,
93 };
94
95 static char local_addr[INET6_ADDRSTRLEN], remote_addr[INET6_ADDRSTRLEN];
96 static char local_port[6], remote_port[6];
97 static char redirect_status[4];
98
99 static struct env_var extra_vars[] = {
100 [_VAR_GW] = { "GATEWAY_INTERFACE", "CGI/1.1" },
101 [_VAR_SOFTWARE] = { "SERVER_SOFTWARE", "uhttpd" },
102 [VAR_SCRIPT_NAME] = { "SCRIPT_NAME" },
103 [VAR_SCRIPT_FILE] = { "SCRIPT_FILENAME" },
104 [VAR_DOCROOT] = { "DOCUMENT_ROOT" },
105 [VAR_QUERY] = { "QUERY_STRING" },
106 [VAR_REQUEST] = { "REQUEST_URI" },
107 [VAR_PROTO] = { "SERVER_PROTOCOL" },
108 [VAR_METHOD] = { "REQUEST_METHOD" },
109 [VAR_PATH_INFO] = { "PATH_INFO" },
110 [VAR_USER] = { "REMOTE_USER" },
111 [VAR_REDIRECT] = { "REDIRECT_STATUS", redirect_status },
112 [VAR_SERVER_NAME] = { "SERVER_NAME", local_addr },
113 [VAR_SERVER_ADDR] = { "SERVER_ADDR", local_addr },
114 [VAR_SERVER_PORT] = { "SERVER_PORT", local_port },
115 [VAR_REMOTE_NAME] = { "REMOTE_HOST", remote_addr },
116 [VAR_REMOTE_ADDR] = { "REMOTE_ADDR", remote_addr },
117 [VAR_REMOTE_PORT] = { "REMOTE_PORT", remote_port },
118 };
119
120 struct env_var *uh_get_process_vars(struct client *cl, struct path_info *pi)
121 {
122 struct http_request *req = &cl->request;
123 struct blob_attr *data = cl->hdr.head;
124 struct env_var *vars = (void *) uh_buf;
125 struct blob_attr *tb[__HDR_MAX];
126 const char *url;
127 int len;
128 int i;
129
130 url = blobmsg_data(blob_data(cl->hdr.head));
131 len = ARRAY_SIZE(proc_header_env);
132 len += ARRAY_SIZE(extra_vars);
133 len *= sizeof(struct env_var);
134
135 BUILD_BUG_ON(sizeof(uh_buf) < len);
136
137 extra_vars[VAR_SCRIPT_NAME].value = pi->name;
138 extra_vars[VAR_SCRIPT_FILE].value = pi->phys;
139 extra_vars[VAR_DOCROOT].value = pi->root;
140 extra_vars[VAR_QUERY].value = pi->query ? pi->query : "";
141 extra_vars[VAR_REQUEST].value = url;
142 extra_vars[VAR_PROTO].value = http_versions[req->version];
143 extra_vars[VAR_METHOD].value = http_methods[req->method];
144 extra_vars[VAR_PATH_INFO].value = pi->info;
145 extra_vars[VAR_USER].value = req->realm ? req->realm->user : NULL;
146
147 snprintf(redirect_status, sizeof(redirect_status),
148 "%d", req->redirect_status);
149 inet_ntop(cl->srv_addr.family, &cl->srv_addr.in, local_addr, sizeof(local_addr));
150 inet_ntop(cl->peer_addr.family, &cl->peer_addr.in, remote_addr, sizeof(remote_addr));
151
152 blobmsg_parse(hdr_policy, __HDR_MAX, tb, blob_data(data), blob_len(data));
153 for (i = 0; i < ARRAY_SIZE(proc_header_env); i++) {
154 struct blob_attr *cur;
155
156 cur = tb[proc_header_env[i].idx];
157 vars[i].name = proc_header_env[i].name;
158 vars[i].value = cur ? blobmsg_data(cur) : "";
159 }
160
161 memcpy(&vars[i], extra_vars, sizeof(extra_vars));
162 i += ARRAY_SIZE(extra_vars);
163 vars[i].name = NULL;
164 vars[i].value = NULL;
165
166 return vars;
167 }
168
169 static void proc_close_fds(struct client *cl)
170 {
171 close(cl->dispatch.proc.r.sfd.fd.fd);
172 }
173
174 static void proc_handle_close(struct relay *r, int ret)
175 {
176 if (r->header_cb) {
177 uh_client_error(r->cl, 502, "Bad Gateway",
178 "The process did not produce any response");
179 return;
180 }
181
182 uh_request_done(r->cl);
183 }
184
185 static void proc_handle_header(struct relay *r, const char *name, const char *val)
186 {
187 static char status_buf[64];
188 struct client *cl = r->cl;
189 char *sep;
190 char buf[4];
191
192 if (!strcmp(name, "Status")) {
193 sep = strchr(val, ' ');
194 if (sep != val + 3)
195 return;
196
197 memcpy(buf, val, 3);
198 buf[3] = 0;
199 snprintf(status_buf, sizeof(status_buf), "%s", sep + 1);
200 cl->dispatch.proc.status_msg = status_buf;
201 cl->dispatch.proc.status_code = atoi(buf);
202 return;
203 }
204
205 blobmsg_add_string(&cl->dispatch.proc.hdr, name, val);
206 }
207
208 static void proc_handle_header_end(struct relay *r)
209 {
210 struct client *cl = r->cl;
211 struct blob_attr *cur;
212 int rem;
213
214 uh_http_header(cl, cl->dispatch.proc.status_code, cl->dispatch.proc.status_msg);
215 blob_for_each_attr(cur, cl->dispatch.proc.hdr.head, rem)
216 ustream_printf(cl->us, "%s: %s\r\n", blobmsg_name(cur), blobmsg_data(cur));
217
218 ustream_printf(cl->us, "\r\n");
219 }
220
221 static void proc_free(struct client *cl)
222 {
223 uh_relay_free(&cl->dispatch.proc.r);
224 }
225
226 static void proc_write_close(struct client *cl)
227 {
228 shutdown(cl->dispatch.proc.r.sfd.fd.fd, SHUT_WR);
229 }
230
231 static void proc_relay_write_cb(struct ustream *us, int bytes)
232 {
233 struct client *cl = container_of(us, struct client, dispatch.proc.r.sfd.stream);
234
235 if (ustream_pending_data(us, true))
236 return;
237
238 proc_write_close(cl);
239 }
240
241 static void proc_data_send(struct client *cl, const char *data, int len)
242 {
243 struct ustream *us = &cl->dispatch.proc.r.sfd.stream;
244
245 ustream_write(us, data, len, false);
246 }
247
248 static void proc_data_done(struct client *cl)
249 {
250 struct ustream *us = &cl->dispatch.proc.r.sfd.stream;
251
252 if (ustream_pending_data(us, true)) {
253 us->notify_write = proc_relay_write_cb;
254 return;
255 }
256
257 proc_write_close(cl);
258 }
259
260 bool uh_create_process(struct client *cl, struct path_info *pi,
261 void (*cb)(struct client *cl, struct path_info *pi, int fd))
262 {
263 struct dispatch *d = &cl->dispatch;
264 int fds[2];
265 int pid;
266
267 blob_buf_init(&cl->dispatch.proc.hdr, 0);
268 d->proc.status_code = 200;
269 d->proc.status_msg = "OK";
270
271 if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds))
272 return false;
273
274 pid = fork();
275 if (pid < 0) {
276 close(fds[0]);
277 close(fds[1]);
278 return false;
279 }
280
281 if (!pid) {
282 close(fds[0]);
283 uh_close_fds();
284 cb(cl, pi, fds[1]);
285 exit(0);
286 }
287
288 close(fds[1]);
289 uh_relay_open(cl, &cl->dispatch.proc.r, fds[0], pid);
290 d->free = proc_free;
291 d->close_fds = proc_close_fds;
292 d->data_send = proc_data_send;
293 d->data_done = proc_data_done;
294 d->proc.r.header_cb = proc_handle_header;
295 d->proc.r.header_end = proc_handle_header_end;
296 d->proc.r.close = proc_handle_close;
297
298 return true;
299 }
Tiny HTTP server