/*
- * Copyright (C) 1996-2015 The Squid Software Foundation and contributors
+ * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
/* DEBUG: section 55 HTTP Header */
#include "squid.h"
+#include "base/Assure.h"
+#include "base/CharacterSet.h"
#include "base/EnumIterator.h"
+#include "base/Raw.h"
#include "base64.h"
#include "globals.h"
+#include "http/ContentLengthInterpreter.h"
#include "HttpHdrCc.h"
#include "HttpHdrContRange.h"
#include "HttpHdrScTarget.h" // also includes HttpHdrSc.h
#include "HttpHeader.h"
-#include "HttpHeaderFieldInfo.h"
+#include "HttpHeaderFieldStat.h"
#include "HttpHeaderStat.h"
#include "HttpHeaderTools.h"
#include "MemBuf.h"
#include "mgr/Registration.h"
-#include "profiler/Profiler.h"
-#include "rfc1123.h"
+#include "mime_header.h"
+#include "sbuf/StringConvert.h"
#include "SquidConfig.h"
-//#include "SquidString.h" // pulled by HttpHdrCc.h
#include "StatHist.h"
#include "Store.h"
#include "StrList.h"
+#include "time/gadgets.h"
#include "TimeOrTag.h"
#include "util.h"
#include <algorithm>
+#include <array>
/* XXX: the whole set of API managing the entries vector should be rethought
* after the parse4r-ng effort is complete.
/* header accounting */
// NP: keep in sync with enum http_hdr_owner_type
-static HttpHeaderStat HttpHeaderStats[] = {
- HttpHeaderStat(/*hoNone*/ "all", NULL),
+static std::array<HttpHeaderStat, hoEnd> HttpHeaderStats = {{
+ HttpHeaderStat(/*hoNone*/ "all", nullptr),
#if USE_HTCP
- HttpHeaderStat(/*hoHtcpReply*/ "HTCP reply", &ReplyHeadersMask),
+ HttpHeaderStat(/*hoHtcpReply*/ "HTCP reply", &ReplyHeadersMask),
#endif
- HttpHeaderStat(/*hoRequest*/ "request", &RequestHeadersMask),
- HttpHeaderStat(/*hoReply*/ "reply", &ReplyHeadersMask)
+ HttpHeaderStat(/*hoRequest*/ "request", &RequestHeadersMask),
+ HttpHeaderStat(/*hoReply*/ "reply", &ReplyHeadersMask)
#if USE_OPENSSL
- /* hoErrorDetail */
+ , HttpHeaderStat(/*hoErrorDetail*/ "error detail templates", nullptr)
#endif
- /* hoEnd */
+ /* hoEnd */
+ }
};
-static int HttpHeaderStatCount = countof(HttpHeaderStats);
static int HeaderEntryParsedCount = 0;
CBIT_SET(ReplyHeadersMask,h);
}
- /* header stats initialized by class constructor */
- assert(HttpHeaderStatCount == hoReply + 1);
+ assert(HttpHeaderStats[0].label && "httpHeaderInitModule() called via main()");
+ assert(HttpHeaderStats[hoEnd-1].label && "HttpHeaderStats created with all elements");
/* init dependent modules */
- httpHdrCcInitModule();
httpHdrScInitModule();
httpHeaderRegisterWithCacheManager();
* HttpHeader Implementation
*/
-HttpHeader::HttpHeader() : owner (hoNone), len (0), conflictingContentLength_(false)
-{
- httpHeaderMaskInit(&mask, 0);
-}
-
HttpHeader::HttpHeader(const http_hdr_owner_type anOwner): owner(anOwner), len(0), conflictingContentLength_(false)
{
assert(anOwner > hoNone && anOwner < hoEnd);
debugs(55, 7, "init-ing hdr: " << this << " owner: " << owner);
+ entries.reserve(32);
httpHeaderMaskInit(&mask, 0);
}
+// XXX: Delete as unused, expensive, and violating copy semantics by skipping Warnings
HttpHeader::HttpHeader(const HttpHeader &other): owner(other.owner), len(other.len), conflictingContentLength_(false)
{
+ entries.reserve(other.entries.capacity());
httpHeaderMaskInit(&mask, 0);
- update(&other, NULL); // will update the mask as well
+ update(&other); // will update the mask as well
}
HttpHeader::~HttpHeader()
clean();
}
+// XXX: Delete as unused, expensive, and violating assignment semantics by skipping Warnings
HttpHeader &
HttpHeader::operator =(const HttpHeader &other)
{
// we do not really care, but the caller probably does
assert(owner == other.owner);
clean();
- update(&other, NULL); // will update the mask as well
+ update(&other); // will update the mask as well
len = other.len;
conflictingContentLength_ = other.conflictingContentLength_;
+ teUnsupported_ = other.teUnsupported_;
}
return *this;
}
assert(owner > hoNone && owner < hoEnd);
debugs(55, 7, "cleaning hdr: " << this << " owner: " << owner);
- PROF_start(HttpHeaderClean);
-
if (owner <= hoReply) {
/*
* An unfortunate bug. The entries array is initialized
if (e == nullptr)
continue;
if (!Http::any_valid_header(e->id)) {
- debugs(55, DBG_CRITICAL, "BUG: invalid entry (" << e->id << "). Ignored.");
+ debugs(55, DBG_CRITICAL, "ERROR: Squid BUG: invalid entry (" << e->id << "). Ignored.");
} else {
if (owner <= hoReply)
HttpHeaderStats[owner].fieldTypeDistr.count(e->id);
httpHeaderMaskInit(&mask, 0);
len = 0;
conflictingContentLength_ = false;
- PROF_stop(HttpHeaderClean);
+ teUnsupported_ = false;
}
/* append entries (also see httpHeaderUpdate) */
}
}
+bool
+HttpHeader::needUpdate(HttpHeader const *fresh) const
+{
+ for (const auto e: fresh->entries) {
+ if (!e || skipUpdateHeader(e->id))
+ continue;
+ String value;
+ if (!hasNamed(e->name, &value) ||
+ (value != fresh->getByName(e->name)))
+ return true;
+ }
+ return false;
+}
+
+bool
+HttpHeader::skipUpdateHeader(const Http::HdrType id) const
+{
+ return
+ // TODO: Consider updating Vary headers after comparing the magnitude of
+ // the required changes (and/or cache losses) with compliance gains.
+ (id == Http::HdrType::VARY);
+}
+
void
-HttpHeader::update (HttpHeader const *fresh, HttpHeaderMask const *denied_mask)
+HttpHeader::update(HttpHeader const *fresh)
{
- const HttpHeaderEntry *e;
- HttpHeaderPos pos = HttpHeaderInitPos;
assert(fresh);
assert(this != fresh);
+ const HttpHeaderEntry *e;
+ HttpHeaderPos pos = HttpHeaderInitPos;
+
while ((e = fresh->getEntry(&pos))) {
/* deny bad guys (ok to check for Http::HdrType::OTHER) here */
- if (denied_mask && CBIT_TEST(*denied_mask, e->id))
+ if (skipUpdateHeader(e->id))
continue;
if (e->id != Http::HdrType::OTHER)
delById(e->id);
else
- delByName(e->name.termedBuf());
+ delByName(e->name);
}
pos = HttpHeaderInitPos;
while ((e = fresh->getEntry(&pos))) {
/* deny bad guys (ok to check for Http::HdrType::OTHER) here */
- if (denied_mask && CBIT_TEST(*denied_mask, e->id))
+ if (skipUpdateHeader(e->id))
continue;
debugs(55, 7, "Updating header '" << Http::HeaderLookupTable.lookup(e->id).name << "' in cached entry");
}
}
+bool
+HttpHeader::Isolate(const char **parse_start, size_t l, const char **blk_start, const char **blk_end)
+{
+ /*
+ * parse_start points to the first line of HTTP message *headers*,
+ * not including the request or status lines
+ */
+ const size_t end = headersEnd(*parse_start, l);
+
+ if (end) {
+ *blk_start = *parse_start;
+ *blk_end = *parse_start + end - 1;
+ assert(**blk_end == '\n');
+ // Point blk_end to the first character after the last header field.
+ // In other words, blk_end should point to the CR?LF header terminator.
+ if (end > 1 && *(*blk_end - 1) == '\r')
+ --(*blk_end);
+ *parse_start += end;
+ }
+ return end;
+}
+
+int
+HttpHeader::parse(const char *buf, size_t buf_len, bool atEnd, size_t &hdr_sz, Http::ContentLengthInterpreter &clen)
+{
+ const char *parse_start = buf;
+ const char *blk_start, *blk_end;
+ hdr_sz = 0;
+
+ if (!Isolate(&parse_start, buf_len, &blk_start, &blk_end)) {
+ // XXX: do not parse non-isolated headers even if the connection is closed.
+ // Treat unterminated headers as "partial headers" framing errors.
+ if (!atEnd)
+ return 0;
+ blk_start = parse_start;
+ blk_end = blk_start + strlen(blk_start);
+ }
+
+ if (parse(blk_start, blk_end - blk_start, clen)) {
+ hdr_sz = parse_start - buf;
+ return 1;
+ }
+ return -1;
+}
+
+// XXX: callers treat this return as boolean.
+// XXX: A better mechanism is needed to signal different types of error.
+// lexicon, syntax, semantics, validation, access policy - are all (ab)using 'return 0'
int
-HttpHeader::parse(const char *header_start, size_t hdrLen)
+HttpHeader::parse(const char *header_start, size_t hdrLen, Http::ContentLengthInterpreter &clen)
{
const char *field_ptr = header_start;
const char *header_end = header_start + hdrLen; // XXX: remove
- HttpHeaderEntry *e, *e2;
int warnOnError = (Config.onoff.relaxed_header_parser <= 0 ? DBG_IMPORTANT : 2);
- PROF_start(HttpHeaderParse);
-
assert(header_start && header_end);
debugs(55, 7, "parsing hdr: (" << this << ")" << std::endl << getStringPrefix(header_start, hdrLen));
++ HttpHeaderStats[owner].parsedCount;
if ((nulpos = (char*)memchr(header_start, '\0', hdrLen))) {
debugs(55, DBG_IMPORTANT, "WARNING: HTTP header contains NULL characters {" <<
getStringPrefix(header_start, nulpos-header_start) << "}\nNULL\n{" << getStringPrefix(nulpos+1, hdrLen-(nulpos-header_start)-1));
- PROF_stop(HttpHeaderParse);
clean();
return 0;
}
const char *field_start = field_ptr;
const char *field_end;
+ const char *hasBareCr = nullptr;
+ size_t lines = 0;
do {
const char *this_line = field_ptr;
field_ptr = (const char *)memchr(field_ptr, '\n', header_end - field_ptr);
+ ++lines;
if (!field_ptr) {
// missing <LF>
- PROF_stop(HttpHeaderParse);
clean();
return 0;
}
debugs(55, DBG_IMPORTANT, "SECURITY WARNING: Rejecting HTTP request with a CR+ "
"header field to prevent request smuggling attacks: {" <<
getStringPrefix(header_start, hdrLen) << "}");
- PROF_stop(HttpHeaderParse);
clean();
return 0;
}
/* Barf on stray CR characters */
if (memchr(this_line, '\r', field_end - this_line)) {
+ hasBareCr = "bare CR";
debugs(55, warnOnError, "WARNING: suspicious CR characters in HTTP header {" <<
getStringPrefix(field_start, field_end-field_start) << "}");
if (Config.onoff.relaxed_header_parser) {
char *p = (char *) this_line; /* XXX Warning! This destroys original header content and violates specifications somewhat */
- while ((p = (char *)memchr(p, '\r', field_end - p)) != NULL) {
+ while ((p = (char *)memchr(p, '\r', field_end - p)) != nullptr) {
*p = ' ';
++p;
}
} else {
- PROF_stop(HttpHeaderParse);
clean();
return 0;
}
if (this_line + 1 == field_end && this_line > field_start) {
debugs(55, warnOnError, "WARNING: Blank continuation line in HTTP header {" <<
getStringPrefix(header_start, hdrLen) << "}");
- PROF_stop(HttpHeaderParse);
clean();
return 0;
}
if (field_start == field_end) {
if (field_ptr < header_end) {
- debugs(55, warnOnError, "WARNING: unparseable HTTP header field near {" <<
+ debugs(55, warnOnError, "WARNING: unparsable HTTP header field near {" <<
getStringPrefix(field_start, hdrLen-(field_start-header_start)) << "}");
- PROF_stop(HttpHeaderParse);
clean();
return 0;
}
break; /* terminating blank line */
}
- if ((e = HttpHeaderEntry::parse(field_start, field_end)) == NULL) {
- debugs(55, warnOnError, "WARNING: unparseable HTTP header field {" <<
+ const auto e = HttpHeaderEntry::parse(field_start, field_end, owner);
+ if (!e) {
+ debugs(55, warnOnError, "WARNING: unparsable HTTP header field {" <<
getStringPrefix(field_start, field_end-field_start) << "}");
debugs(55, warnOnError, " in {" << getStringPrefix(header_start, hdrLen) << "}");
- if (Config.onoff.relaxed_header_parser)
- continue;
-
- PROF_stop(HttpHeaderParse);
clean();
return 0;
}
- // XXX: RFC 7230 Section 3.3.3 item #4 requires sending a 502 error in
- // several cases that we do not yet cover. TODO: Rewrite to cover more.
- if (e->id == Http::HdrType::CONTENT_LENGTH && (e2 = findEntry(e->id)) != nullptr) {
- if (e->value != e2->value) {
- int64_t l1, l2;
- debugs(55, warnOnError, "WARNING: found two conflicting content-length headers in {" <<
- getStringPrefix(header_start, hdrLen) << "}");
-
- if (!Config.onoff.relaxed_header_parser) {
- delete e;
- PROF_stop(HttpHeaderParse);
- clean();
- return 0;
- }
-
- if (!httpHeaderParseOffset(e->value.termedBuf(), &l1)) {
- debugs(55, DBG_IMPORTANT, "WARNING: Unparseable content-length '" << e->value << "'");
- delete e;
- continue;
- } else if (!httpHeaderParseOffset(e2->value.termedBuf(), &l2)) {
- debugs(55, DBG_IMPORTANT, "WARNING: Unparseable content-length '" << e2->value << "'");
- delById(e2->id);
- } else {
- if (l1 != l2)
- conflictingContentLength_ = true;
- delete e;
- continue;
- }
- } else {
- debugs(55, warnOnError, "NOTICE: found double content-length header");
+ if (lines > 1 || hasBareCr) {
+ const auto framingHeader = (e->id == Http::HdrType::CONTENT_LENGTH || e->id == Http::HdrType::TRANSFER_ENCODING);
+ if (framingHeader) {
+ if (!hasBareCr) // already warned about bare CRs
+ debugs(55, warnOnError, "WARNING: obs-fold in framing-sensitive " << e->name << ": " << e->value);
delete e;
-
- if (Config.onoff.relaxed_header_parser)
- continue;
-
- PROF_stop(HttpHeaderParse);
clean();
return 0;
}
}
- if (e->id == Http::HdrType::OTHER && stringHasWhitespace(e->name.termedBuf())) {
- debugs(55, warnOnError, "WARNING: found whitespace in HTTP header name {" <<
- getStringPrefix(field_start, field_end-field_start) << "}");
+ if (e->id == Http::HdrType::CONTENT_LENGTH && !clen.checkField(e->value)) {
+ delete e;
- if (!Config.onoff.relaxed_header_parser) {
- delete e;
- PROF_stop(HttpHeaderParse);
- clean();
- return 0;
- }
+ if (Config.onoff.relaxed_header_parser)
+ continue; // clen has printed any necessary warnings
+
+ clean();
+ return 0;
}
addEntry(e);
}
- if (chunked()) {
+ if (clen.headerWideProblem) {
+ debugs(55, warnOnError, "WARNING: " << clen.headerWideProblem <<
+ " Content-Length field values in" <<
+ Raw("header", header_start, hdrLen));
+ }
+
+ String rawTe;
+ if (clen.prohibitedAndIgnored()) {
+ // prohibitedAndIgnored() includes trailer header blocks
+ // being parsed as a case to forbid/ignore these headers.
+
+ // RFC 7230 section 3.3.2: A server MUST NOT send a Content-Length
+ // header field in any response with a status code of 1xx (Informational)
+ // or 204 (No Content). And RFC 7230 3.3.3#1 tells recipients to ignore
+ // such Content-Lengths.
+ if (delById(Http::HdrType::CONTENT_LENGTH))
+ debugs(55, 3, "Content-Length is " << clen.prohibitedAndIgnored());
+
+ // The same RFC 7230 3.3.3#1-based logic applies to Transfer-Encoding
+ // banned by RFC 7230 section 3.3.1.
+ if (delById(Http::HdrType::TRANSFER_ENCODING))
+ debugs(55, 3, "Transfer-Encoding is " << clen.prohibitedAndIgnored());
+
+ } else if (getByIdIfPresent(Http::HdrType::TRANSFER_ENCODING, &rawTe)) {
// RFC 2616 section 4.4: ignore Content-Length with Transfer-Encoding
+ // RFC 7230 section 3.3.3 #3: Transfer-Encoding overwrites Content-Length
+ delById(Http::HdrType::CONTENT_LENGTH);
+ // and clen state becomes irrelevant
+
+ if (rawTe.caseCmp("chunked") == 0) {
+ ; // leave header present for chunked() method
+ } else if (rawTe.caseCmp("identity") == 0) { // deprecated. no coding
+ delById(Http::HdrType::TRANSFER_ENCODING);
+ } else {
+ // This also rejects multiple encodings until we support them properly.
+ debugs(55, warnOnError, "WARNING: unsupported Transfer-Encoding used by client: " << rawTe);
+ teUnsupported_ = true;
+ }
+
+ } else if (clen.sawBad) {
+ // ensure our callers do not accidentally see bad Content-Length values
delById(Http::HdrType::CONTENT_LENGTH);
- // RFC 7230 section 3.3.3 #4: ignore Content-Length conflicts with Transfer-Encoding
- conflictingContentLength_ = false;
- } else if (conflictingContentLength_) {
- // ensure our callers do not see the conflicting Content-Length value
+ conflictingContentLength_ = true; // TODO: Rename to badContentLength_.
+ } else if (clen.needsSanitizing) {
+ // RFC 7230 section 3.3.2: MUST either reject or ... [sanitize];
+ // ensure our callers see a clean Content-Length value or none at all
delById(Http::HdrType::CONTENT_LENGTH);
+ if (clen.sawGood) {
+ putInt64(Http::HdrType::CONTENT_LENGTH, clen.value);
+ debugs(55, 5, "sanitized Content-Length to be " << clen.value);
+ }
}
- PROF_stop(HttpHeaderParse);
return 1; /* even if no fields where found, it is a valid header */
}
break;
}
if (maskThisEntry) {
- p->append(e->name.rawBuf(), e->name.size());
+ p->append(e->name.rawContent(), e->name.length());
p->append(": ** NOT DISPLAYED **\r\n", 23);
} else {
e->packInto(p);
return static_cast<HttpHeaderEntry*>(entries[*pos]);
}
- return NULL;
+ return nullptr;
}
/*
/* check mask first */
if (!CBIT_TEST(mask, id))
- return NULL;
+ return nullptr;
/* looks like we must have it, do linear search */
for (auto e : entries) {
/* check mask first */
if (!CBIT_TEST(mask, id))
- return NULL;
+ return nullptr;
for (auto e = entries.rbegin(); e != entries.rend(); ++e) {
if (*e && (*e)->id == id)
return nullptr; /* not reached */
}
-/*
- * deletes all fields with a given name if any, returns #fields deleted;
- */
int
-HttpHeader::delByName(const char *name)
+HttpHeader::delByName(const SBuf &name)
{
int count = 0;
HttpHeaderPos pos = HttpHeaderInitPos;
- HttpHeaderEntry *e;
httpHeaderMaskInit(&mask, 0); /* temporal inconsistency */
debugs(55, 9, "deleting '" << name << "' fields in hdr " << this);
- while ((e = getEntry(&pos))) {
+ while (const HttpHeaderEntry *e = getEntry(&pos)) {
if (!e->name.caseCmp(name))
delAt(pos, count);
else
{
debugs(55, 8, this << " del-by-id " << id);
assert(any_registered_header(id));
- int count=0;
if (!CBIT_TEST(mask, id))
return 0;
- //replace matching items with nil and count them
- std::replace_if(entries.begin(), entries.end(),
- [&](const HttpHeaderEntry *e) {
- if (e && e->id == id) {
- ++count;
- return true;
- }
- return false;
- },
- nullptr);
+ int count = 0;
+
+ HttpHeaderPos pos = HttpHeaderInitPos;
+ while (HttpHeaderEntry *e = getEntry(&pos)) {
+ if (e->id == id)
+ delAt(pos, count); // deletes e
+ }
CBIT_CLR(mask, id);
assert(count);
HttpHeaderEntry *e;
assert(pos >= HttpHeaderInitPos && pos < static_cast<ssize_t>(entries.size()));
e = static_cast<HttpHeaderEntry*>(entries[pos]);
- entries[pos] = NULL;
+ entries[pos] = nullptr;
/* decrement header length, allow for ": " and crlf */
- len -= e->name.size() + 2 + e->value.size() + 2;
+ len -= e->name.length() + 2 + e->value.size() + 2;
assert(len >= 0);
delete e;
++headers_deleted;
{
assert(e);
assert(any_HdrType_enum_value(e->id));
- assert(e->name.size());
+ assert(e->name.length());
debugs(55, 7, this << " adding entry: " << e->id << " at " << entries.size());
entries.push_back(e);
- /* increment header length, allow for ": " and crlf */
- len += e->name.size() + 2 + e->value.size() + 2;
-}
-
-/* inserts an entry;
- * does not call e->clone() so one should not reuse "*e"
- */
-void
-HttpHeader::insertEntry(HttpHeaderEntry * e)
-{
- assert(e);
- assert(any_valid_header(e->id));
-
- debugs(55, 7, this << " adding entry: " << e->id << " at " << entries.size());
-
- // Http::HdrType::BAD_HDR is filtered out by assert_any_valid_header
- if (CBIT_TEST(mask, e->id)) {
- ++ headerStatsTable[e->id].repCount;
- } else {
- CBIT_SET(mask, e->id);
- }
-
- entries.insert(entries.begin(),e);
-
- /* increment header length, allow for ": " and crlf */
- len += e->name.size() + 2 + e->value.size() + 2;
+ len += e->length();
}
bool
{
String result;
// ignore presence: return undefined string if an empty header is present
- (void)getByNameIfPresent(name, strlen(name), result);
+ (void)hasNamed(name, strlen(name), &result);
return result;
}
{
String result;
// ignore presence: return undefined string if an empty header is present
- (void)getByNameIfPresent(name, result);
+ (void)hasNamed(name, &result);
return result;
}
HttpHeader::getById(Http::HdrType id) const
{
String result;
- (void)getByIdIfPresent(id,result);
+ (void)getByIdIfPresent(id, &result);
return result;
}
bool
-HttpHeader::getByNameIfPresent(const SBuf &s, String &result) const
+HttpHeader::hasNamed(const SBuf &s, String *result) const
{
- return getByNameIfPresent(s.rawContent(), s.length(), result);
+ return hasNamed(s.rawContent(), s.length(), result);
}
bool
-HttpHeader::getByIdIfPresent(Http::HdrType id, String &result) const
+HttpHeader::getByIdIfPresent(Http::HdrType id, String *result) const
{
if (id == Http::HdrType::BAD_HDR)
return false;
if (!has(id))
return false;
- result = getStrOrList(id);
+ if (result)
+ *result = getStrOrList(id);
return true;
}
bool
-HttpHeader::getByNameIfPresent(const char *name, int namelen, String &result) const
+HttpHeader::hasNamed(const char *name, unsigned int namelen, String *result) const
{
Http::HdrType id;
HttpHeaderPos pos = HttpHeaderInitPos;
/* Sorry, an unknown header name. Do linear search */
bool found = false;
while ((e = getEntry(&pos))) {
- if (e->id == Http::HdrType::OTHER && e->name.caseCmp(name) == 0) {
+ if (e->id == Http::HdrType::OTHER && e->name.length() == namelen && e->name.caseCmp(name, namelen) == 0) {
found = true;
- strListAdd(&result, e->value.termedBuf(), ',');
+ if (!result)
+ break;
+ strListAdd(result, e->value.termedBuf(), ',');
}
}
/*
* Returns a the value of the specified list member, if any.
*/
-String
+SBuf
HttpHeader::getByNameListMember(const char *name, const char *member, const char separator) const
{
- String header;
- const char *pos = NULL;
- const char *item;
- int ilen;
- int mlen = strlen(member);
-
assert(name);
-
- header = getByName(name);
-
- String result;
-
- while (strListGetItem(&header, separator, &item, &ilen, &pos)) {
- if (strncmp(item, member, mlen) == 0 && item[mlen] == '=') {
- result.append(item + mlen + 1, ilen - mlen - 1);
- break;
- }
- }
-
- return result;
+ const auto header = getByName(name);
+ return ::getListMember(header, member, separator);
}
/*
* returns a the value of the specified list member, if any.
*/
-String
+SBuf
HttpHeader::getListMember(Http::HdrType id, const char *member, const char separator) const
{
- String header;
- const char *pos = NULL;
- const char *item;
- int ilen;
- int mlen = strlen(member);
-
assert(any_registered_header(id));
-
- header = getStrOrList(id);
- String result;
-
- while (strListGetItem(&header, separator, &item, &ilen, &pos)) {
- if (strncmp(item, member, mlen) == 0 && item[mlen] == '=') {
- result.append(item + mlen + 1, ilen - mlen - 1);
- break;
- }
- }
-
- header.clean();
- return result;
+ const auto header = getStrOrList(id);
+ return ::getListMember(header, member, separator);
}
/* test if a field is present */
return CBIT_TEST(mask, id);
}
+void
+HttpHeader::addVia(const AnyP::ProtocolVersion &ver, const HttpHeader *from)
+{
+ // TODO: do not add Via header for messages where Squid itself
+ // generated the message (i.e., Downloader or ESI) there should be no Via header added at all.
+
+ if (Config.onoff.via) {
+ SBuf buf;
+ // RFC 7230 section 5.7.1.: protocol-name is omitted when
+ // the received protocol is HTTP.
+ if (ver.protocol > AnyP::PROTO_NONE && ver.protocol < AnyP::PROTO_UNKNOWN &&
+ ver.protocol != AnyP::PROTO_HTTP && ver.protocol != AnyP::PROTO_HTTPS)
+ buf.appendf("%s/", AnyP::ProtocolType_str[ver.protocol]);
+ buf.appendf("%d.%d %s", ver.major, ver.minor, ThisCache);
+ const HttpHeader *hdr = from ? from : this;
+ SBuf strVia = StringToSBuf(hdr->getList(Http::HdrType::VIA));
+ if (!strVia.isEmpty())
+ strVia.append(", ", 2);
+ strVia.append(buf);
+ updateOrAddStr(Http::HdrType::VIA, strVia);
+ }
+}
+
void
HttpHeader::putInt(Http::HdrType id, int number)
{
assert(any_registered_header(id));
assert(Http::HeaderLookupTable.lookup(id).type == Http::HdrFieldType::ftInt); /* must be of an appropriate type */
assert(number >= 0);
- addEntry(new HttpHeaderEntry(id, NULL, xitoa(number)));
+ addEntry(new HttpHeaderEntry(id, SBuf(), xitoa(number)));
}
void
assert(any_registered_header(id));
assert(Http::HeaderLookupTable.lookup(id).type == Http::HdrFieldType::ftInt64); /* must be of an appropriate type */
assert(number >= 0);
- addEntry(new HttpHeaderEntry(id, NULL, xint64toa(number)));
+ addEntry(new HttpHeaderEntry(id, SBuf(), xint64toa(number)));
}
void
assert(any_registered_header(id));
assert(Http::HeaderLookupTable.lookup(id).type == Http::HdrFieldType::ftDate_1123); /* must be of an appropriate type */
assert(htime >= 0);
- addEntry(new HttpHeaderEntry(id, NULL, mkrfc1123(htime)));
+ addEntry(new HttpHeaderEntry(id, SBuf(), Time::FormatRfc1123(htime)));
}
void
assert(any_registered_header(id));
assert(Http::HeaderLookupTable.lookup(id).type == Http::HdrFieldType::ftStr); /* must be of an appropriate type */
assert(str);
- addEntry(new HttpHeaderEntry(id, NULL, str));
+ addEntry(new HttpHeaderEntry(id, SBuf(), str));
}
void
}
void
-HttpHeader::putCc(const HttpHdrCc * cc)
+HttpHeader::putCc(const HttpHdrCc &cc)
{
- assert(cc);
/* remove old directives if any */
delById(Http::HdrType::CACHE_CONTROL);
/* pack into mb */
MemBuf mb;
mb.init();
- cc->packInto(&mb);
+ cc.packInto(&mb);
/* put */
- addEntry(new HttpHeaderEntry(Http::HdrType::CACHE_CONTROL, NULL, mb.buf));
+ addEntry(new HttpHeaderEntry(Http::HdrType::CACHE_CONTROL, SBuf(), mb.buf));
/* cleanup */
mb.clean();
}
mb.init();
httpHdrContRangePackInto(cr, &mb);
/* put */
- addEntry(new HttpHeaderEntry(Http::HdrType::CONTENT_RANGE, NULL, mb.buf));
+ addEntry(new HttpHeaderEntry(Http::HdrType::CONTENT_RANGE, SBuf(), mb.buf));
/* cleanup */
mb.clean();
}
mb.init();
range->packInto(&mb);
/* put */
- addEntry(new HttpHeaderEntry(Http::HdrType::RANGE, NULL, mb.buf));
+ addEntry(new HttpHeaderEntry(Http::HdrType::RANGE, SBuf(), mb.buf));
/* cleanup */
mb.clean();
}
mb.init();
sc->packInto(&mb);
/* put */
- addEntry(new HttpHeaderEntry(Http::HdrType::SURROGATE_CONTROL, NULL, mb.buf));
+ addEntry(new HttpHeaderEntry(Http::HdrType::SURROGATE_CONTROL, SBuf(), mb.buf));
/* cleanup */
mb.clean();
}
-void
-HttpHeader::putWarning(const int code, const char *const text)
-{
- char buf[512];
- snprintf(buf, sizeof(buf), "%i %s \"%s\"", code, visible_appname_string, text);
- putStr(Http::HdrType::WARNING, buf);
-}
-
/* add extension header (these fields are not parsed/analyzed/joined, etc.) */
void
HttpHeader::putExt(const char *name, const char *value)
{
assert(name && value);
debugs(55, 8, this << " adds ext entry " << name << " : " << value);
- addEntry(new HttpHeaderEntry(Http::HdrType::OTHER, name, value));
+ addEntry(new HttpHeaderEntry(Http::HdrType::OTHER, SBuf(name), value));
+}
+
+void
+HttpHeader::updateOrAddStr(const Http::HdrType id, const SBuf &newValue)
+{
+ assert(any_registered_header(id));
+ assert(Http::HeaderLookupTable.lookup(id).type == Http::HdrFieldType::ftStr);
+
+ // XXX: HttpHeaderEntry::value suffers from String size limits
+ Assure(newValue.length() < String::SizeMaxXXX());
+
+ if (!CBIT_TEST(mask, id)) {
+ auto newValueCopy = newValue; // until HttpHeaderEntry::value becomes SBuf
+ addEntry(new HttpHeaderEntry(id, SBuf(), newValueCopy.c_str()));
+ return;
+ }
+
+ auto foundSameName = false;
+ for (auto &e: entries) {
+ if (!e || e->id != id)
+ continue;
+
+ if (foundSameName) {
+ // get rid of this repeated same-name entry
+ delete e;
+ e = nullptr;
+ continue;
+ }
+
+ if (newValue.cmp(e->value.termedBuf()) != 0)
+ e->value.assign(newValue.rawContent(), newValue.plength());
+
+ foundSameName = true;
+ // continue to delete any repeated same-name entries
+ }
+ assert(foundSameName);
+ debugs(55, 5, "synced: " << Http::HeaderLookupTable.lookup(id).name << ": " << newValue);
}
int
assert(Http::HeaderLookupTable.lookup(id).type == Http::HdrFieldType::ftDate_1123); /* must be of an appropriate type */
if ((e = findEntry(id))) {
- value = parse_rfc1123(e->value.termedBuf());
+ value = Time::ParseRfc1123(e->value.termedBuf());
httpHeaderNoteParsedEntry(e->id, e->value, value < 0);
}
return e->value.termedBuf();
}
- return NULL;
+ return nullptr;
}
/* unusual */
return e->value.termedBuf();
}
- return NULL;
+ return nullptr;
}
HttpHdrCc *
HttpHeader::getCc() const
{
if (!CBIT_TEST(mask, Http::HdrType::CACHE_CONTROL))
- return NULL;
- PROF_start(HttpHeader_getCc);
+ return nullptr;
String s;
getList(Http::HdrType::CACHE_CONTROL, &s);
if (!cc->parse(s)) {
delete cc;
- cc = NULL;
+ cc = nullptr;
}
++ HttpHeaderStats[owner].ccParsedCount;
httpHeaderNoteParsedEntry(Http::HdrType::CACHE_CONTROL, s, !cc);
- PROF_stop(HttpHeader_getCc);
-
return cc;
}
HttpHdrRange *
HttpHeader::getRange() const
{
- HttpHdrRange *r = NULL;
+ HttpHdrRange *r = nullptr;
HttpHeaderEntry *e;
/* some clients will send "Request-Range" _and_ *matching* "Range"
* who knows, some clients might send Request-Range only;
HttpHeader::getSc() const
{
if (!CBIT_TEST(mask, Http::HdrType::SURROGATE_CONTROL))
- return NULL;
+ return nullptr;
String s;
HttpHdrContRange *
HttpHeader::getContRange() const
{
- HttpHdrContRange *cr = NULL;
+ HttpHdrContRange *cr = nullptr;
HttpHeaderEntry *e;
if ((e = findEntry(Http::HdrType::CONTENT_RANGE))) {
return cr;
}
-const char *
-HttpHeader::getAuth(Http::HdrType id, const char *auth_scheme) const
+SBuf
+HttpHeader::getAuthToken(Http::HdrType id, const char *auth_scheme) const
{
const char *field;
int l;
assert(auth_scheme);
field = getStr(id);
+ static const SBuf nil;
if (!field) /* no authorization field */
- return NULL;
+ return nil;
l = strlen(auth_scheme);
if (!l || strncasecmp(field, auth_scheme, l)) /* wrong scheme */
- return NULL;
+ return nil;
field += l;
if (!xisspace(*field)) /* wrong scheme */
- return NULL;
+ return nil;
/* skip white space */
for (; field && xisspace(*field); ++field);
if (!*field) /* no authorization cookie */
- return NULL;
+ return nil;
- static char decodedAuthToken[8192];
+ const auto fieldLen = strlen(field);
+ SBuf result;
+ char *decodedAuthToken = result.rawAppendStart(BASE64_DECODE_LENGTH(fieldLen));
struct base64_decode_ctx ctx;
base64_decode_init(&ctx);
size_t decodedLen = 0;
- if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), strlen(field), reinterpret_cast<const uint8_t*>(field)) ||
+ if (!base64_decode_update(&ctx, &decodedLen, reinterpret_cast<uint8_t*>(decodedAuthToken), fieldLen, field) ||
!base64_decode_final(&ctx)) {
- return NULL;
+ return nil;
}
- decodedAuthToken[decodedLen] = '\0';
- return decodedAuthToken;
+ result.rawAppendFinish(decodedAuthToken, decodedLen);
+ return result;
}
ETag
HttpHeader::getETag(Http::HdrType id) const
{
- ETag etag = {NULL, -1};
+ ETag etag = {nullptr, -1};
HttpHeaderEntry *e;
assert(Http::HeaderLookupTable.lookup(id).type == Http::HdrFieldType::ftETag); /* must be of an appropriate type */
/* try as an ETag */
if (etagParseInit(&tot.tag, str)) {
- tot.valid = tot.tag.str != NULL;
+ tot.valid = tot.tag.str != nullptr;
tot.time = -1;
} else {
/* or maybe it is time? */
- tot.time = parse_rfc1123(str);
+ tot.time = Time::ParseRfc1123(str);
tot.valid = tot.time >= 0;
- tot.tag.str = NULL;
+ tot.tag.str = nullptr;
}
}
* HttpHeaderEntry
*/
-HttpHeaderEntry::HttpHeaderEntry(Http::HdrType anId, const char *aName, const char *aValue)
+HttpHeaderEntry::HttpHeaderEntry(Http::HdrType anId, const SBuf &aName, const char *aValue)
{
assert(any_HdrType_enum_value(anId));
id = anId;
/* parses and inits header entry, returns true/false */
HttpHeaderEntry *
-HttpHeaderEntry::parse(const char *field_start, const char *field_end)
+HttpHeaderEntry::parse(const char *field_start, const char *field_end, const http_hdr_owner_type msgType)
{
/* note: name_start == field_start */
const char *name_end = (const char *)memchr(field_start, ':', field_end - field_start);
/* do we have a valid field name within this field? */
if (!name_len || name_end > field_end)
- return NULL;
+ return nullptr;
if (name_len > 65534) {
/* String must be LESS THAN 64K and it adds a terminating NULL */
- debugs(55, DBG_IMPORTANT, "WARNING: ignoring header name of " << name_len << " bytes");
- return NULL;
+ // TODO: update this to show proper name_len in Raw markup, but not print all that
+ debugs(55, 2, "ignoring huge header field (" << Raw("field_start", field_start, 100) << "...)");
+ return nullptr;
}
- if (Config.onoff.relaxed_header_parser && xisspace(field_start[name_len - 1])) {
+ /*
+ * RFC 7230 section 3.2.4:
+ * "No whitespace is allowed between the header field-name and colon.
+ * ...
+ * A server MUST reject any received request message that contains
+ * whitespace between a header field-name and colon with a response code
+ * of 400 (Bad Request). A proxy MUST remove any such whitespace from a
+ * response message before forwarding the message downstream."
+ */
+ if (xisspace(field_start[name_len - 1])) {
+
+ if (msgType == hoRequest)
+ return nullptr;
+
+ // for now, also let relaxed parser remove this BWS from any non-HTTP messages
+ const bool stripWhitespace = (msgType == hoReply) ||
+ Config.onoff.relaxed_header_parser;
+ if (!stripWhitespace)
+ return nullptr; // reject if we cannot strip
+
debugs(55, Config.onoff.relaxed_header_parser <= 0 ? 1 : 2,
- "NOTICE: Whitespace after header name in '" << getStringPrefix(field_start, field_end-field_start) << "'");
+ "WARNING: Whitespace after header name in '" << getStringPrefix(field_start, field_end-field_start) << "'");
while (name_len > 0 && xisspace(field_start[name_len - 1]))
--name_len;
- if (!name_len)
- return NULL;
+ if (!name_len) {
+ debugs(55, 2, "found header with only whitespace for name");
+ return nullptr;
+ }
+ }
+
+ /* RFC 7230 section 3.2:
+ *
+ * header-field = field-name ":" OWS field-value OWS
+ * field-name = token
+ * token = 1*TCHAR
+ */
+ for (const char *pos = field_start; pos < (field_start+name_len); ++pos) {
+ if (!CharacterSet::TCHAR[*pos]) {
+ debugs(55, 2, "found header with invalid characters in " <<
+ Raw("field-name", field_start, min(name_len,100)) << "...");
+ return nullptr;
+ }
}
/* now we know we can parse it */
Http::HdrType id = Http::HeaderLookupTable.lookup(field_start,name_len).id;
debugs(55, 9, "got hdr-id=" << id);
- String name;
+ SBuf theName;
String value;
/* set field name */
if (id == Http::HdrType::OTHER)
- name.limitInit(field_start, name_len);
+ theName.append(field_start, name_len);
else
- name = Http::HeaderLookupTable.lookup(id).name;
+ theName = Http::HeaderLookupTable.lookup(id).name;
/* trim field value */
while (value_start < field_end && xisspace(*value_start))
if (field_end - value_start > 65534) {
/* String must be LESS THAN 64K and it adds a terminating NULL */
- debugs(55, DBG_IMPORTANT, "WARNING: ignoring '" << name << "' header of " << (field_end - value_start) << " bytes");
-
- if (id == Http::HdrType::OTHER)
- name.clean();
-
- return NULL;
+ debugs(55, 2, "WARNING: found '" << theName << "' header of " << (field_end - value_start) << " bytes");
+ return nullptr;
}
/* set field value */
- value.limitInit(value_start, field_end - value_start);
+ value.assign(value_start, field_end - value_start);
if (id != Http::HdrType::BAD_HDR)
++ headerStatsTable[id].seenCount;
- debugs(55, 9, "parsed HttpHeaderEntry: '" << name << ": " << value << "'");
+ debugs(55, 9, "parsed HttpHeaderEntry: '" << theName << ": " << value << "'");
- return new HttpHeaderEntry(id, name.termedBuf(), value.termedBuf());
+ return new HttpHeaderEntry(id, theName, value.termedBuf());
}
HttpHeaderEntry *
HttpHeaderEntry::clone() const
{
- return new HttpHeaderEntry(id, name.termedBuf(), value.termedBuf());
+ return new HttpHeaderEntry(id, name, value.termedBuf());
}
void
HttpHeaderEntry::packInto(Packable * p) const
{
assert(p);
- p->append(name.rawBuf(), name.size());
+ p->append(name.rawContent(), name.length());
p->append(": ", 2);
p->append(value.rawBuf(), value.size());
p->append("\r\n", 2);
HttpHeaderEntry::getInt64() const
{
int64_t val = -1;
- int ok = httpHeaderParseOffset(value.termedBuf(), &val);
- httpHeaderNoteParsedEntry(id, value, ok == 0);
- /* XXX: Should we check ok - ie
- * return ok ? -1 : value;
- */
- return val;
+ const bool ok = httpHeaderParseOffset(value.termedBuf(), &val);
+ httpHeaderNoteParsedEntry(id, value, !ok);
+ return val; // remains -1 if !ok (XXX: bad method API)
}
static void
/* tmp variable used to pass stat info to dumpers */
extern const HttpHeaderStat *dump_stat; /* argh! */
-const HttpHeaderStat *dump_stat = NULL;
+const HttpHeaderStat *dump_stat = nullptr;
-void
+static void
httpHeaderFieldStatDumper(StoreEntry * sentry, int, double val, double, int count)
{
const int id = static_cast<int>(val);
assert(hs);
assert(e);
+ if (!hs->owner_mask)
+ return; // these HttpHeaderStat objects were not meant to be dumped here
+
dump_stat = hs;
storeAppendPrintf(e, "\nHeader Stats: %s\n", hs->label);
storeAppendPrintf(e, "\nField type distribution\n");
"id", "#flds", "count", "%total");
hs->hdrUCountDistr.dump(e, httpHeaderFldsPerHdrDumper);
storeAppendPrintf(e, "\n");
- dump_stat = NULL;
+ dump_stat = nullptr;
}
void
httpHeaderStoreReport(StoreEntry * e)
{
- int i;
assert(e);
HttpHeaderStats[0].parsedCount =
HttpHeaderStats[0].busyDestroyedCount =
HttpHeaderStats[hoRequest].busyDestroyedCount + HttpHeaderStats[hoReply].busyDestroyedCount;
- for (i = 1; i < HttpHeaderStatCount; ++i) {
- httpHeaderStatDump(HttpHeaderStats + i, e);
- }
+ for (const auto &stats: HttpHeaderStats)
+ httpHeaderStatDump(&stats, e);
/* field stats for all messages */
storeAppendPrintf(e, "\nHttp Fields Stats (replies and requests)\n");
HttpHeader::hasListMember(Http::HdrType id, const char *member, const char separator) const
{
int result = 0;
- const char *pos = NULL;
+ const char *pos = nullptr;
const char *item;
int ilen;
int mlen = strlen(member);
HttpHeader::hasByNameListMember(const char *name, const char *member, const char separator) const
{
int result = 0;
- const char *pos = NULL;
+ const char *pos = nullptr;
const char *item;
int ilen;
int mlen = strlen(member);
int headers_deleted = 0;
while ((e = getEntry(&pos))) {
- if (strListIsMember(&strConnection, e->name.termedBuf(), ','))
+ if (strListIsMember(&strConnection, e->name, ','))
delAt(pos, headers_deleted);
}
if (headers_deleted)