/*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "internal/sockets.h"
#include <openssl/err.h>
#include <openssl/rand.h>
+#include "s_apps.h"
-int multi = 0; /* run multiple responder processes */
+#if defined(__TANDEM)
+# if defined(OPENSSL_TANDEM_FLOSS)
+# include <floss.h(floss_fork)>
+# endif
+#endif
+
+static int verbosity = LOG_INFO;
+
+#define HTTP_PREFIX "HTTP/"
+#define HTTP_VERSION_PATT "1." /* allow 1.x */
+#define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
+#define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */
+#define HTTP_VERSION_STR " "HTTP_PREFIX_VERSION
#ifdef HTTP_DAEMON
+
+int multi = 0; /* run multiple responder processes */
int acfd = (int) INVALID_SOCKET;
-#endif
-#ifdef HTTP_DAEMON
static int print_syslog(const char *str, size_t len, void *levPtr)
{
int level = *(int *)levPtr;
{
va_list ap;
+ if (verbosity < level)
+ return;
+
va_start(ap, fmt);
#ifdef HTTP_DAEMON
if (multi) {
if (vsnprintf(buf, sizeof(buf), fmt, ap) > 0)
syslog(level, "%s", buf);
- if (level >= LOG_ERR)
+ if (level <= LOG_ERR)
ERR_print_errors_cb(print_syslog, &level);
- }
+ } else
#endif
- if (!multi) {
+ {
BIO_printf(bio_err, "%s: ", prog);
BIO_vprintf(bio_err, fmt, ap);
BIO_printf(bio_err, "\n");
+ (void)BIO_flush(bio_err);
}
va_end(ap);
}
if (kidpids[i] != 0)
(void)kill(kidpids[i], SIGTERM);
OPENSSL_free(kidpids);
- sleep(1);
+ ossl_sleep(1000);
exit(ret);
}
WCOREDUMP(status) ? " (core dumped)" :
# endif
"");
- sleep(1);
+ ossl_sleep(1000);
}
break;
} else if (errno != EINTR) {
switch (fpid = fork()) {
case -1: /* error */
/* System critically low on memory, pause and try again later */
- sleep(30);
+ ossl_sleep(30000);
break;
case 0: /* child */
OPENSSL_free(kidpids);
#endif
#ifndef OPENSSL_NO_SOCK
-BIO *http_server_init_bio(const char *prog, const char *port)
+BIO *http_server_init(const char *prog, const char *port, int verb)
{
BIO *acbio = NULL, *bufbio;
+ int asock;
+ int port_num;
+ if (verb >= 0) {
+ if (verb > LOG_TRACE) {
+ log_message(prog, LOG_ERR,
+ "Logging verbosity level %d too high", verb);
+ return NULL;
+ }
+ verbosity = verb;
+ }
bufbio = BIO_new(BIO_f_buffer());
if (bufbio == NULL)
goto err;
acbio = BIO_new(BIO_s_accept());
if (acbio == NULL
|| BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
- || BIO_set_accept_port(acbio, port) < 0) {
+ || BIO_set_accept_port(acbio, port /* may be "0" */) < 0) {
log_message(prog, LOG_ERR, "Error setting up accept BIO");
goto err;
}
goto err;
}
+ /* Report back what address and port are used */
+ BIO_get_fd(acbio, &asock);
+ port_num = report_server_accept(bio_out, asock, 1, 1);
+ if (port_num == 0) {
+ log_message(prog, LOG_ERR, "Error printing ACCEPT string");
+ goto err;
+ }
+
return acbio;
err:
return (int)(out - save);
}
+/* if *pcbio != NULL, continue given connected session, else accept new */
+/* if found_keep_alive != NULL, return this way connection persistence state */
int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
- BIO **pcbio, BIO *acbio,
+ char **ppath, BIO **pcbio, BIO *acbio,
+ int *found_keep_alive,
const char *prog, int accept_get, int timeout)
{
- BIO *cbio = NULL, *getbio = NULL, *b64 = NULL;
+ BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL;
int len;
char reqbuf[2048], inbuf[2048];
- char *url, *end;
+ char *meth, *url, *end;
ASN1_VALUE *req;
- int ret = 1;
+ int ret = 0;
*preq = NULL;
- *pcbio = NULL;
+ if (ppath != NULL)
+ *ppath = NULL;
- /* Connection loss before accept() is routine, ignore silently */
- if (BIO_do_accept(acbio) <= 0)
- return 0;
+ if (cbio == NULL) {
+ char *port;
- cbio = BIO_pop(acbio);
- *pcbio = cbio;
+ get_sock_info_address(BIO_get_fd(acbio, NULL), NULL, &port);
+ if (port == NULL) {
+ log_message(prog, LOG_ERR, "Cannot get port listening on");
+ goto fatal;
+ }
+ log_message(prog, LOG_DEBUG,
+ "Awaiting new connection on port %s ...", port);
+ OPENSSL_free(port);
+
+ if (BIO_do_accept(acbio) <= 0)
+ /* Connection loss before accept() is routine, ignore silently */
+ return ret;
+
+ *pcbio = cbio = BIO_pop(acbio);
+ } else {
+ log_message(prog, LOG_DEBUG, "Awaiting next request ...");
+ }
if (cbio == NULL) {
+ /* Cannot call http_server_send_status(cbio, ...) */
ret = -1;
goto out;
}
/* Read the request line. */
len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
- if (len <= 0)
+ if (len == 0)
+ return ret;
+ ret = 1;
+ if (len < 0) {
+ log_message(prog, LOG_WARNING, "Request line read error");
+ (void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
+ }
+ if ((end = strchr(reqbuf, '\r')) != NULL
+ || (end = strchr(reqbuf, '\n')) != NULL)
+ *end = '\0';
+ log_message(prog, LOG_INFO, "Received request, 1st line: %s", reqbuf);
+
+ url = meth = reqbuf;
+ if ((accept_get && CHECK_AND_SKIP_PREFIX(url, "GET "))
+ || CHECK_AND_SKIP_PREFIX(url, "POST ")) {
- if (accept_get && strncmp(reqbuf, "GET ", 4) == 0) {
- /* Expecting GET {sp} /URL {sp} HTTP/1.x */
- for (url = reqbuf + 4; *url == ' '; ++url)
- continue;
+ /* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */
+ url[-1] = '\0';
+ while (*url == ' ')
+ url++;
if (*url != '/') {
- log_message(prog, LOG_INFO,
- "Invalid GET -- URL does not begin with '/': %s", url);
+ log_message(prog, LOG_WARNING,
+ "Invalid %s -- URL does not begin with '/': %s",
+ meth, url);
+ (void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
url++;
for (end = url; *end != '\0'; end++)
if (*end == ' ')
break;
- if (strncmp(end, " HTTP/1.", 7) != 0) {
- log_message(prog, LOG_INFO,
- "Invalid GET -- bad HTTP/version string: %s", end + 1);
+ if (!HAS_PREFIX(end, HTTP_VERSION_STR)) {
+ log_message(prog, LOG_WARNING,
+ "Invalid %s -- bad HTTP/version string: %s",
+ meth, end + 1);
+ (void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
*end = '\0';
+ /* above HTTP 1.0, connection persistence is the default */
+ if (found_keep_alive != NULL)
+ *found_keep_alive = end[sizeof(HTTP_VERSION_STR) - 1] > '0';
/*-
* Skip "GET / HTTP..." requests often used by load-balancers.
* 'url' was incremented above to point to the first byte *after*
* the leading slash, so in case 'GET / ' it is now an empty string.
*/
- if (url[0] == '\0')
+ if (strlen(meth) == 3 && url[0] == '\0') {
+ (void)http_server_send_status(cbio, 200, "OK");
goto out;
+ }
len = urldecode(url);
- if (len <= 0) {
- log_message(prog, LOG_INFO,
- "Invalid GET request -- bad URL encoding: %s", url);
+ if (len < 0) {
+ log_message(prog, LOG_WARNING,
+ "Invalid %s request -- bad URL encoding: %s",
+ meth, url);
+ (void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
- if ((getbio = BIO_new_mem_buf(url, len)) == NULL
- || (b64 = BIO_new(BIO_f_base64())) == NULL) {
- log_message(prog, LOG_ERR,
- "Could not allocate base64 bio with size = %d", len);
- BIO_free_all(cbio);
- *pcbio = NULL;
- ret = -1;
- goto out;
+ if (strlen(meth) == 3) { /* GET */
+ if ((getbio = BIO_new_mem_buf(url, len)) == NULL
+ || (b64 = BIO_new(BIO_f_base64())) == NULL) {
+ log_message(prog, LOG_ERR,
+ "Could not allocate base64 bio with size = %d",
+ len);
+ goto fatal;
+ }
+ BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
+ getbio = BIO_push(b64, getbio);
}
- BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
- getbio = BIO_push(b64, getbio);
- } else if (strncmp(reqbuf, "POST ", 5) != 0) {
- log_message(prog, LOG_INFO,
- "HTTP request does not start with GET/POST: %s", reqbuf);
- /* TODO provide better diagnosis in case client tries TLS */
+ } else {
+ log_message(prog, LOG_WARNING,
+ "HTTP request does not begin with %sPOST: %s",
+ accept_get ? "GET or " : "", reqbuf);
+ (void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
+ /* chop any further/duplicate leading or trailing '/' */
+ while (*url == '/')
+ url++;
+ while (end >= url + 2 && end[-2] == '/' && end[-1] == '/')
+ end--;
+ *end = '\0';
+
/* Read and skip past the headers. */
for (;;) {
+ char *key, *value, *line_end = NULL;
+
len = BIO_gets(cbio, inbuf, sizeof(inbuf));
if (len <= 0) {
- log_message(prog, LOG_ERR,
- "Error skipping remaining HTTP headers");
+ log_message(prog, LOG_WARNING, "Error reading HTTP header");
+ (void)http_server_send_status(cbio, 400, "Bad Request");
goto out;
}
- if ((inbuf[0] == '\r') || (inbuf[0] == '\n'))
+
+ if (inbuf[0] == '\r' || inbuf[0] == '\n')
break;
+
+ key = inbuf;
+ value = strchr(key, ':');
+ if (value == NULL) {
+ log_message(prog, LOG_WARNING,
+ "Error parsing HTTP header: missing ':'");
+ (void)http_server_send_status(cbio, 400, "Bad Request");
+ goto out;
+ }
+ *(value++) = '\0';
+ while (*value == ' ')
+ value++;
+ line_end = strchr(value, '\r');
+ if (line_end == NULL) {
+ line_end = strchr(value, '\n');
+ if (line_end == NULL) {
+ log_message(prog, LOG_WARNING,
+ "Error parsing HTTP header: missing end of line");
+ (void)http_server_send_status(cbio, 400, "Bad Request");
+ goto out;
+ }
+ }
+ *line_end = '\0';
+ /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
+ if (found_keep_alive != NULL
+ && OPENSSL_strcasecmp(key, "Connection") == 0) {
+ if (OPENSSL_strcasecmp(value, "keep-alive") == 0)
+ *found_keep_alive = 1;
+ else if (OPENSSL_strcasecmp(value, "close") == 0)
+ *found_keep_alive = 0;
+ }
}
# ifdef HTTP_DAEMON
/* Try to read and parse request */
req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL);
- if (req == NULL)
- log_message(prog, LOG_ERR, "Error parsing request");
+ if (req == NULL) {
+ log_message(prog, LOG_WARNING,
+ "Error parsing DER-encoded request content");
+ (void)http_server_send_status(cbio, 400, "Bad Request");
+ } else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) {
+ log_message(prog, LOG_ERR,
+ "Out of memory allocating %zu bytes", strlen(url) + 1);
+ ASN1_item_free(req, it);
+ goto fatal;
+ }
*preq = req;
acfd = (int)INVALID_SOCKET;
# endif
return ret;
+
+ fatal:
+ (void)http_server_send_status(cbio, 500, "Internal Server Error");
+ if (ppath != NULL) {
+ OPENSSL_free(*ppath);
+ *ppath = NULL;
+ }
+ BIO_free_all(cbio);
+ *pcbio = NULL;
+ ret = -1;
+ goto out;
}
/* assumes that cbio does not do an encoding that changes the output length */
-int http_server_send_asn1_resp(BIO *cbio, const char *content_type,
+int http_server_send_asn1_resp(BIO *cbio, int keep_alive,
+ const char *content_type,
const ASN1_ITEM *it, const ASN1_VALUE *resp)
{
- int ret = BIO_printf(cbio, "HTTP/1.0 200 OK\r\nContent-type: %s\r\n"
- "Content-Length: %d\r\n\r\n", content_type,
+ int ret = BIO_printf(cbio, HTTP_1_0" 200 OK\r\n%s"
+ "Content-type: %s\r\n"
+ "Content-Length: %d\r\n\r\n",
+ keep_alive ? "Connection: keep-alive\r\n" : "",
+ content_type,
ASN1_item_i2d(resp, NULL, it)) > 0
&& ASN1_item_i2d_bio(it, cbio, resp) > 0;
(void)BIO_flush(cbio);
return ret;
}
+
+int http_server_send_status(BIO *cbio, int status, const char *reason)
+{
+ int ret = BIO_printf(cbio, HTTP_1_0" %d %s\r\n\r\n",
+ /* This implicitly cancels keep-alive */
+ status, reason) > 0;
+
+ (void)BIO_flush(cbio);
+ return ret;
+}
#endif
projects / thirdparty / openssl.git / blobdiff