[thirdparty/squid.git] / src / HttpReply.cc

/*
 * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 58    HTTP Reply (Response) */

#include "squid.h"
#include "acl/AclSizeLimit.h"
#include "acl/FilledChecklist.h"
#include "base/EnumIterator.h"
#include "globals.h"
#include "HttpBody.h"
#include "HttpHdrCc.h"
#include "HttpHdrContRange.h"
#include "HttpHdrSc.h"
#include "HttpReply.h"
#include "HttpRequest.h"
#include "MemBuf.h"
#include "SquidConfig.h"
#include "SquidTime.h"
#include "Store.h"
#include "StrList.h"

HttpReply::HttpReply() : Http::Message(hoReply), date (0), last_modified (0),
    expires (0), surrogate_control (NULL), content_range (NULL), keep_alive (0),
    protoPrefix("HTTP/"), bodySizeMax(-2)
{
    init();
}

HttpReply::~HttpReply()
{
    if (do_clean)
        clean();
}

void
HttpReply::init()
{
    hdrCacheInit();
    sline.init();
    pstate = Http::Message::psReadyToParseStartLine;
    do_clean = true;
}

void HttpReply::reset()
{

    // reset should not reset the protocol; could have made protoPrefix a
    // virtual function instead, but it is not clear whether virtual methods
    // are allowed with MEMPROXY_CLASS() and whether some cbdata void*
    // conversions are not going to kill virtual tables
    const String pfx = protoPrefix;
    clean();
    init();
    protoPrefix = pfx;
}

void
HttpReply::clean()
{
    // we used to assert that the pipe is NULL, but now the message only
    // points to a pipe that is owned and initiated by another object.
    body_pipe = NULL;

    body.clear();
    hdrCacheClean();
    header.clean();
    sline.clean();
    bodySizeMax = -2; // hack: make calculatedBodySizeMax() false
}

void
HttpReply::packHeadersInto(Packable * p) const
{
    sline.packInto(p);
    header.packInto(p);
    p->append("\r\n", 2);
}

void
HttpReply::packInto(Packable * p) const
{
    packHeadersInto(p);
    body.packInto(p);
}

/* create memBuf, create mem-based packer, pack, destroy packer, return MemBuf */
MemBuf *
HttpReply::pack() const
{
    MemBuf *mb = new MemBuf;
    mb->init();
    packInto(mb);
    return mb;
}

HttpReply *
HttpReply::make304() const
{
    static const Http::HdrType ImsEntries[] = {Http::HdrType::DATE, Http::HdrType::CONTENT_TYPE, Http::HdrType::EXPIRES, Http::HdrType::LAST_MODIFIED, /* eof */ Http::HdrType::OTHER};

    HttpReply *rv = new HttpReply;
    int t;
    HttpHeaderEntry *e;

    /* rv->content_length; */
    rv->date = date;
    rv->last_modified = last_modified;
    rv->expires = expires;
    rv->content_type = content_type;
    /* rv->content_range */
    /* rv->keep_alive */
    rv->sline.set(Http::ProtocolVersion(), Http::scNotModified, NULL);

    for (t = 0; ImsEntries[t] != Http::HdrType::OTHER; ++t) {
        if ((e = header.findEntry(ImsEntries[t])))
            rv->header.addEntry(e->clone());
    }

    rv->putCc(cache_control);

    /* rv->body */
    return rv;
}

MemBuf *
HttpReply::packed304Reply() const
{
    /* Not as efficient as skipping the header duplication,
     * but easier to maintain
     */
    HttpReply *temp = make304();
    MemBuf *rv = temp->pack();
    delete temp;
    return rv;
}

void
HttpReply::setHeaders(Http::StatusCode status, const char *reason,
                      const char *ctype, int64_t clen, time_t lmt, time_t expiresTime)
{
    HttpHeader *hdr;
    sline.set(Http::ProtocolVersion(), status, reason);
    hdr = &header;
    hdr->putStr(Http::HdrType::SERVER, visible_appname_string);
    hdr->putStr(Http::HdrType::MIME_VERSION, "1.0");
    hdr->putTime(Http::HdrType::DATE, squid_curtime);

    if (ctype) {
        hdr->putStr(Http::HdrType::CONTENT_TYPE, ctype);
        content_type = ctype;
    } else
        content_type = String();

    if (clen >= 0)
        hdr->putInt64(Http::HdrType::CONTENT_LENGTH, clen);

    if (expiresTime >= 0)
        hdr->putTime(Http::HdrType::EXPIRES, expiresTime);

    if (lmt > 0)        /* this used to be lmt != 0 @?@ */
        hdr->putTime(Http::HdrType::LAST_MODIFIED, lmt);

    date = squid_curtime;

    content_length = clen;

    expires = expiresTime;

    last_modified = lmt;
}

void
HttpReply::redirect(Http::StatusCode status, const char *loc)
{
    HttpHeader *hdr;
    sline.set(Http::ProtocolVersion(), status, NULL);
    hdr = &header;
    hdr->putStr(Http::HdrType::SERVER, APP_FULLNAME);
    hdr->putTime(Http::HdrType::DATE, squid_curtime);
    hdr->putInt64(Http::HdrType::CONTENT_LENGTH, 0);
    hdr->putStr(Http::HdrType::LOCATION, loc);
    date = squid_curtime;
    content_length = 0;
}

/* compare the validators of two replies.
 * 1 = they match
 * 0 = they do not match
 */
int
HttpReply::validatorsMatch(HttpReply const * otherRep) const
{
    String one,two;
    assert (otherRep);
    /* Numbers first - easiest to check */
    /* Content-Length */
    /* TODO: remove -1 bypass */

    if (content_length != otherRep->content_length
            && content_length > -1 &&
            otherRep->content_length > -1)
        return 0;

    /* ETag */
    one = header.getStrOrList(Http::HdrType::ETAG);

    two = otherRep->header.getStrOrList(Http::HdrType::ETAG);

    if (one.size()==0 || two.size()==0 || one.caseCmp(two)!=0 ) {
        one.clean();
        two.clean();
        return 0;
    }

    if (last_modified != otherRep->last_modified)
        return 0;

    /* MD5 */
    one = header.getStrOrList(Http::HdrType::CONTENT_MD5);

    two = otherRep->header.getStrOrList(Http::HdrType::CONTENT_MD5);

    if (one.size()==0 || two.size()==0 || one.caseCmp(two)!=0 ) {
        one.clean();
        two.clean();
        return 0;
    }

    return 1;
}

bool
HttpReply::updateOnNotModified(HttpReply const * freshRep)
{
    assert(freshRep);

    /* update raw headers */
    if (!header.update(&freshRep->header))
        return false;

    /* clean cache */
    hdrCacheClean();

    header.compact();
    /* init cache */
    hdrCacheInit();

    return true;
}

/* internal routines */

time_t
HttpReply::hdrExpirationTime()
{
    /* The s-maxage and max-age directive takes priority over Expires */

    if (cache_control) {
        int maxAge = -1;
        /*
         * Conservatively handle the case when we have a max-age
         * header, but no Date for reference?
         */
        if (cache_control->hasSMaxAge(&maxAge) || cache_control->hasMaxAge(&maxAge))
            return (date >= 0) ? date + maxAge : squid_curtime;
    }

    if (Config.onoff.vary_ignore_expire &&
            header.has(Http::HdrType::VARY)) {
        const time_t d = header.getTime(Http::HdrType::DATE);
        const time_t e = header.getTime(Http::HdrType::EXPIRES);

        if (d == e)
            return -1;
    }

    if (header.has(Http::HdrType::EXPIRES)) {
        const time_t e = header.getTime(Http::HdrType::EXPIRES);
        /*
         * HTTP/1.0 says that robust implementations should consider
         * bad or malformed Expires header as equivalent to "expires
         * immediately."
         */
        return e < 0 ? squid_curtime : e;
    }

    return -1;
}

/* sync this routine when you update HttpReply struct */
void
HttpReply::hdrCacheInit()
{
    Http::Message::hdrCacheInit();

    http_ver = sline.version;
    content_length = header.getInt64(Http::HdrType::CONTENT_LENGTH);
    date = header.getTime(Http::HdrType::DATE);
    last_modified = header.getTime(Http::HdrType::LAST_MODIFIED);
    surrogate_control = header.getSc();
    content_range = header.getContRange();
    keep_alive = persistent() ? 1 : 0;
    const char *str = header.getStr(Http::HdrType::CONTENT_TYPE);

    if (str)
        content_type.limitInit(str, strcspn(str, ";\t "));
    else
        content_type = String();

    /* be sure to set expires after date and cache-control */
    expires = hdrExpirationTime();
}

/* sync this routine when you update HttpReply struct */
void
HttpReply::hdrCacheClean()
{
    content_type.clean();

    if (cache_control) {
        delete cache_control;
        cache_control = NULL;
    }

    if (surrogate_control) {
        delete surrogate_control;
        surrogate_control = NULL;
    }

    if (content_range) {
        delete content_range;
        content_range = NULL;
    }
}

/*
 * Returns the body size of a HTTP response
 */
int64_t
HttpReply::bodySize(const HttpRequestMethod& method) const
{
    if (sline.version.major < 1)
        return -1;
    else if (method.id() == Http::METHOD_HEAD)
        return 0;
    else if (sline.status() == Http::scOkay)
        (void) 0;       /* common case, continue */
    else if (sline.status() == Http::scNoContent)
        return 0;
    else if (sline.status() == Http::scNotModified)
        return 0;
    else if (sline.status() < Http::scOkay)
        return 0;

    return content_length;
}

/**
 * Checks the first line of an HTTP Reply is valid.
 * currently only checks "HTTP/" exists.
 *
 * NP: not all error cases are detected yet. Some are left for detection later in parse.
 */
bool
HttpReply::sanityCheckStartLine(const char *buf, const size_t hdr_len, Http::StatusCode *error)
{
    // hack warning: using psize instead of size here due to type mismatches with MemBuf.

    // content is long enough to possibly hold a reply
    // 4 being magic size of a 3-digit number plus space delimiter
    if (hdr_len < (size_t)(protoPrefix.psize() + 4)) {
        if (hdr_len > 0) {
            debugs(58, 3, "Too small reply header (" << hdr_len << " bytes)");
            *error = Http::scInvalidHeader;
        }
        return false;
    }

    int pos;
    // catch missing or mismatched protocol identifier
    // allow special-case for ICY protocol (non-HTTP identifier) in response to faked HTTP request.
    if (strncmp(buf, "ICY", 3) == 0) {
        protoPrefix = "ICY";
        pos = protoPrefix.psize();
    } else {

        if (protoPrefix.cmp(buf, protoPrefix.size()) != 0) {
            debugs(58, 3, "missing protocol prefix (" << protoPrefix << ") in '" << buf << "'");
            *error = Http::scInvalidHeader;
            return false;
        }

        // catch missing or negative status value (negative '-' is not a digit)
        pos = protoPrefix.psize();

        // skip arbitrary number of digits and a dot in the verion portion
        while ((size_t)pos <= hdr_len && (*(buf+pos) == '.' || xisdigit(*(buf+pos)) ) ) ++pos;

        // catch missing version info
        if (pos == protoPrefix.psize()) {
            debugs(58, 3, "missing protocol version numbers (ie. " << protoPrefix << "/1.0) in '" << buf << "'");
            *error = Http::scInvalidHeader;
            return false;
        }
    }

    // skip arbitrary number of spaces...
    while ((size_t)pos <= hdr_len && (char)*(buf+pos) == ' ') ++pos;

    if ((size_t)pos < hdr_len && !xisdigit(*(buf+pos))) {
        debugs(58, 3, "missing or invalid status number in '" << buf << "'");
        *error = Http::scInvalidHeader;
        return false;
    }

    return true;
}

bool
HttpReply::parseFirstLine(const char *blk_start, const char *blk_end)
{
    return sline.parse(protoPrefix, blk_start, blk_end);
}

/* handy: resets and returns -1 */
int
HttpReply::httpMsgParseError()
{
    int result(Http::Message::httpMsgParseError());
    /* indicate an error in the status line */
    sline.set(Http::ProtocolVersion(), Http::scInvalidHeader);
    return result;
}

/*
 * Indicate whether or not we would usually expect an entity-body
 * along with this response
 */
bool
HttpReply::expectingBody(const HttpRequestMethod& req_method, int64_t& theSize) const
{
    bool expectBody = true;

    if (req_method == Http::METHOD_HEAD)
        expectBody = false;
    else if (sline.status() == Http::scNoContent)
        expectBody = false;
    else if (sline.status() == Http::scNotModified)
        expectBody = false;
    else if (sline.status() < Http::scOkay)
        expectBody = false;
    else
        expectBody = true;

    if (expectBody) {
        if (header.chunked())
            theSize = -1;
        else if (content_length >= 0)
            theSize = content_length;
        else
            theSize = -1;
    }

    return expectBody;
}

bool
HttpReply::receivedBodyTooLarge(HttpRequest& request, int64_t receivedSize)
{
    calcMaxBodySize(request);
    debugs(58, 3, HERE << receivedSize << " >? " << bodySizeMax);
    return bodySizeMax >= 0 && receivedSize > bodySizeMax;
}

bool
HttpReply::expectedBodyTooLarge(HttpRequest& request)
{
    calcMaxBodySize(request);
    debugs(58, 7, HERE << "bodySizeMax=" << bodySizeMax);

    if (bodySizeMax < 0) // no body size limit
        return false;

    int64_t expectedSize = -1;
    if (!expectingBody(request.method, expectedSize))
        return false;

    debugs(58, 6, HERE << expectedSize << " >? " << bodySizeMax);

    if (expectedSize < 0) // expecting body of an unknown length
        return false;

    return expectedSize > bodySizeMax;
}

void
HttpReply::calcMaxBodySize(HttpRequest& request) const
{
    // hack: -2 is used as "we have not calculated max body size yet" state
    if (bodySizeMax != -2) // already tried
        return;
    bodySizeMax = -1;

    // short-circuit ACL testing if there are none configured
    if (!Config.ReplyBodySize)
        return;

    ACLFilledChecklist ch(NULL, &request, NULL);
    // XXX: cont-cast becomes irrelevant when checklist is HttpReply::Pointer
    ch.reply = const_cast<HttpReply *>(this);
    HTTPMSGLOCK(ch.reply);
    for (AclSizeLimit *l = Config.ReplyBodySize; l; l = l -> next) {
        /* if there is no ACL list or if the ACLs listed match use this size value */
        if (!l->aclList || ch.fastCheck(l->aclList).allowed()) {
            debugs(58, 4, HERE << "bodySizeMax=" << bodySizeMax);
            bodySizeMax = l->size; // may be -1
            break;
        }
    }
}

// XXX: check that this is sufficient for eCAP cloning
HttpReply *
HttpReply::clone() const
{
    HttpReply *rep = new HttpReply();
    rep->sline = sline; // used in hdrCacheInit() call below
    rep->header.append(&header);
    rep->hdrCacheInit();
    rep->hdr_sz = hdr_sz;
    rep->http_ver = http_ver;
    rep->pstate = pstate;
    rep->body_pipe = body_pipe;

    // keep_alive is handled in hdrCacheInit()
    return rep;
}

bool
HttpReply::inheritProperties(const Http::Message *aMsg)
{
    const HttpReply *aRep = dynamic_cast<const HttpReply*>(aMsg);
    if (!aRep)
        return false;
    keep_alive = aRep->keep_alive;
    sources = aRep->sources;
    return true;
}

void HttpReply::removeStaleWarnings()
{
    String warning;
    if (header.getList(Http::HdrType::WARNING, &warning)) {
        const String newWarning = removeStaleWarningValues(warning);
        if (warning.size() && warning.size() == newWarning.size())
            return; // some warnings are there and none changed
        header.delById(Http::HdrType::WARNING);
        if (newWarning.size()) { // some warnings left
            HttpHeaderEntry *const e =
                new HttpHeaderEntry(Http::HdrType::WARNING, SBuf(), newWarning.termedBuf());
            header.addEntry(e);
        }
    }
}

/**
 * Remove warning-values with warn-date different from Date value from
 * a single header entry. Returns a string with all valid warning-values.
 */
String HttpReply::removeStaleWarningValues(const String &value)
{
    String newValue;
    const char *item = 0;
    int len = 0;
    const char *pos = 0;
    while (strListGetItem(&value, ',', &item, &len, &pos)) {
        bool keep = true;
        // Does warning-value have warn-date (which contains quoted date)?
        // We scan backwards, looking for two quoted strings.
        // warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
        const char *p = item + len - 1;

        while (p >= item && xisspace(*p)) --p; // skip whitespace

        // warning-value MUST end with quote
        if (p >= item && *p == '"') {
            const char *const warnDateEnd = p;
            --p;
            while (p >= item && *p != '"') --p; // find the next quote

            const char *warnDateBeg = p + 1;
            --p;
            while (p >= item && xisspace(*p)) --p; // skip whitespace

            if (p >= item && *p == '"' && warnDateBeg - p > 2) {
                // found warn-text
                String warnDate;
                warnDate.append(warnDateBeg, warnDateEnd - warnDateBeg);
                const time_t time = parse_rfc1123(warnDate.termedBuf());
                keep = (time > 0 && time == date); // keep valid and matching date
            }
        }

        if (keep) {
            if (newValue.size())
                newValue.append(", ");
            newValue.append(item, len);
        }
    }

    return newValue;
}

bool
HttpReply::olderThan(const HttpReply *them) const
{
    if (!them || !them->date || !date)
        return false;
    return date < them->date;
}
Commit	Line	Data
cb69b4c7	1	/*
4ac4a490	2	* Copyright (C) 1996-2017 The Squid Software Foundation and contributors
e25c139f	3	*
bbc27441 AJ	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
cb69b4c7	7	*/
cb69b4c7	8
bbc27441 AJ	9	/* DEBUG: section 58 HTTP Reply (Response) */
bbc27441 AJ	10
582c2af2	11	#include "squid.h"
1328cfb7	12	#include "acl/AclSizeLimit.h"
582c2af2	13	#include "acl/FilledChecklist.h"
81ab22b6	14	#include "base/EnumIterator.h"
582c2af2	15	#include "globals.h"
0521f8be	16	#include "HttpBody.h"
7ebe76de	17	#include "HttpHdrCc.h"
582c2af2	18	#include "HttpHdrContRange.h"
25b6a907	19	#include "HttpHdrSc.h"
582c2af2	20	#include "HttpReply.h"
0667cbfb	21	#include "HttpRequest.h"
0eb49b6d	22	#include "MemBuf.h"
4d5904f7	23	#include "SquidConfig.h"
582c2af2 FC	24	#include "SquidTime.h"
582c2af2 FC	25	#include "Store.h"
28204b3b	26	#include "StrList.h"
cb69b4c7	27
63df1d28	28	HttpReply::HttpReply() : Http::Message(hoReply), date (0), last_modified (0),
f53969cc SM	29	expires (0), surrogate_control (NULL), content_range (NULL), keep_alive (0),
f53969cc SM	30	protoPrefix("HTTP/"), bodySizeMax(-2)
cb69b4c7	31	{
06a5ae20	32	init();
cb69b4c7	33	}
cb69b4c7	34
06a5ae20	35	HttpReply::~HttpReply()
cb69b4c7	36	{
06a5ae20	37	if (do_clean)
06a5ae20	38	clean();
cb69b4c7	39	}
	40
	41	void
06a5ae20	42	HttpReply::init()
cb69b4c7	43	{
06a5ae20	44	hdrCacheInit();
9b769c67	45	sline.init();
fb654382	46	pstate = Http::Message::psReadyToParseStartLine;
06a5ae20	47	do_clean = true;
cb69b4c7	48	}
cb69b4c7	49
06a5ae20	50	void HttpReply::reset()
cb69b4c7	51	{
06a5ae20	52
8596962e	53	// reset should not reset the protocol; could have made protoPrefix a
	54	// virtual function instead, but it is not clear whether virtual methods
	55	// are allowed with MEMPROXY_CLASS() and whether some cbdata void*
	56	// conversions are not going to kill virtual tables
30abd221	57	const String pfx = protoPrefix;
06a5ae20	58	clean();
	59	init();
	60	protoPrefix = pfx;
	61	}
	62
	63	void
	64	HttpReply::clean()
	65	{
26ac0430	66	// we used to assert that the pipe is NULL, but now the message only
5f8252d2	67	// points to a pipe that is owned and initiated by another object.
	68	body_pipe = NULL;
	69
0521f8be	70	body.clear();
06a5ae20	71	hdrCacheClean();
519e0948	72	header.clean();
9b769c67	73	sline.clean();
0667cbfb	74	bodySizeMax = -2; // hack: make calculatedBodySizeMax() false
cb69b4c7	75	}
cb69b4c7	76
cb69b4c7	77	void
17802cf1	78	HttpReply::packHeadersInto(Packable * p) const
cb69b4c7	79	{
9b769c67	80	sline.packInto(p);
a9925b40	81	header.packInto(p);
785b508d	82	p->append("\r\n", 2);
528b2c61	83	}
	84
	85	void
1f28a150	86	HttpReply::packInto(Packable * p) const
528b2c61	87	{
06a5ae20	88	packHeadersInto(p);
0521f8be	89	body.packInto(p);
cb69b4c7	90	}
cb69b4c7	91
06a5ae20	92	/* create memBuf, create mem-based packer, pack, destroy packer, return MemBuf */
032785bf	93	MemBuf *
1f28a150	94	HttpReply::pack() const
cb69b4c7	95	{
032785bf	96	MemBuf *mb = new MemBuf;
2fe7eff9	97	mb->init();
10201568	98	packInto(mb);
cb69b4c7	99	return mb;
	100	}
	101
528b2c61	102	HttpReply *
11992b6f	103	HttpReply::make304() const
cb69b4c7	104	{
789217a2	105	static const Http::HdrType ImsEntries[] = {Http::HdrType::DATE, Http::HdrType::CONTENT_TYPE, Http::HdrType::EXPIRES, Http::HdrType::LAST_MODIFIED, /* eof */ Http::HdrType::OTHER};
62e76326	106
06a5ae20	107	HttpReply *rv = new HttpReply;
728da2ee	108	int t;
de336bbe	109	HttpHeaderEntry *e;
cb69b4c7	110
528b2c61	111	/* rv->content_length; */
06a5ae20	112	rv->date = date;
	113	rv->last_modified = last_modified;
	114	rv->expires = expires;
	115	rv->content_type = content_type;
528b2c61	116	/* rv->content_range */
528b2c61	117	/* rv->keep_alive */
2592bc70	118	rv->sline.set(Http::ProtocolVersion(), Http::scNotModified, NULL);
62e76326	119
81ab22b6	120	for (t = 0; ImsEntries[t] != Http::HdrType::OTHER; ++t) {
a9925b40	121	if ((e = header.findEntry(ImsEntries[t])))
eede25e7	122	rv->header.addEntry(e->clone());
81ab22b6	123	}
62e76326	124
0c90d3b1 DD	125	rv->putCc(cache_control);
0c90d3b1 DD	126
528b2c61	127	/* rv->body */
	128	return rv;
	129	}
	130
032785bf	131	MemBuf *
1f28a150	132	HttpReply::packed304Reply() const
528b2c61	133	{
	134	/* Not as efficient as skipping the header duplication,
	135	* but easier to maintain
	136	*/
871c031f	137	HttpReply *temp = make304();
06a5ae20	138	MemBuf *rv = temp->pack();
06a5ae20	139	delete temp;
528b2c61	140	return rv;
cb69b4c7	141	}
	142
	143	void
955394ce	144	HttpReply::setHeaders(Http::StatusCode status, const char *reason,
350e2aec	145	const char *ctype, int64_t clen, time_t lmt, time_t expiresTime)
cb69b4c7	146	{
cb69b4c7	147	HttpHeader *hdr;
2592bc70	148	sline.set(Http::ProtocolVersion(), status, reason);
06a5ae20	149	hdr = &header;
789217a2 FC	150	hdr->putStr(Http::HdrType::SERVER, visible_appname_string);
	151	hdr->putStr(Http::HdrType::MIME_VERSION, "1.0");
	152	hdr->putTime(Http::HdrType::DATE, squid_curtime);
62e76326	153
d8b249ef	154	if (ctype) {
789217a2	155	hdr->putStr(Http::HdrType::CONTENT_TYPE, ctype);
06a5ae20	156	content_type = ctype;
d8b249ef	157	} else
30abd221	158	content_type = String();
62e76326	159
de336bbe	160	if (clen >= 0)
789217a2	161	hdr->putInt64(Http::HdrType::CONTENT_LENGTH, clen);
62e76326	162
350e2aec	163	if (expiresTime >= 0)
789217a2	164	hdr->putTime(Http::HdrType::EXPIRES, expiresTime);
62e76326	165
f53969cc	166	if (lmt > 0) /* this used to be lmt != 0 @?@ */
789217a2	167	hdr->putTime(Http::HdrType::LAST_MODIFIED, lmt);
62e76326	168
06a5ae20	169	date = squid_curtime;
62e76326	170
06a5ae20	171	content_length = clen;
62e76326	172
350e2aec	173	expires = expiresTime;
62e76326	174
06a5ae20	175	last_modified = lmt;
cb69b4c7	176	}
cb69b4c7	177
6d38ef86	178	void
955394ce	179	HttpReply::redirect(Http::StatusCode status, const char *loc)
6d38ef86	180	{
6d38ef86	181	HttpHeader *hdr;
2592bc70	182	sline.set(Http::ProtocolVersion(), status, NULL);
06a5ae20	183	hdr = &header;
789217a2 FC	184	hdr->putStr(Http::HdrType::SERVER, APP_FULLNAME);
	185	hdr->putTime(Http::HdrType::DATE, squid_curtime);
	186	hdr->putInt64(Http::HdrType::CONTENT_LENGTH, 0);
	187	hdr->putStr(Http::HdrType::LOCATION, loc);
06a5ae20	188	date = squid_curtime;
06a5ae20	189	content_length = 0;
6d38ef86	190	}
6d38ef86	191
528b2c61	192	/* compare the validators of two replies.
	193	* 1 = they match
	194	* 0 = they do not match
	195	*/
	196	int
06a5ae20	197	HttpReply::validatorsMatch(HttpReply const * otherRep) const
62e76326	198	{
30abd221	199	String one,two;
06a5ae20	200	assert (otherRep);
528b2c61	201	/* Numbers first - easiest to check */
	202	/* Content-Length */
	203	/* TODO: remove -1 bypass */
62e76326	204
06a5ae20	205	if (content_length != otherRep->content_length
06a5ae20	206	&& content_length > -1 &&
62e76326	207	otherRep->content_length > -1)
	208	return 0;
	209
528b2c61	210	/* ETag */
789217a2	211	one = header.getStrOrList(Http::HdrType::ETAG);
62e76326	212
789217a2	213	two = otherRep->header.getStrOrList(Http::HdrType::ETAG);
62e76326	214
a1377698	215	if (one.size()==0 \|\| two.size()==0 \|\| one.caseCmp(two)!=0 ) {
30abd221	216	one.clean();
30abd221	217	two.clean();
62e76326	218	return 0;
528b2c61	219	}
62e76326	220
06a5ae20	221	if (last_modified != otherRep->last_modified)
62e76326	222	return 0;
62e76326	223
528b2c61	224	/* MD5 */
789217a2	225	one = header.getStrOrList(Http::HdrType::CONTENT_MD5);
62e76326	226
789217a2	227	two = otherRep->header.getStrOrList(Http::HdrType::CONTENT_MD5);
62e76326	228
a1377698	229	if (one.size()==0 \|\| two.size()==0 \|\| one.caseCmp(two)!=0 ) {
30abd221	230	one.clean();
30abd221	231	two.clean();
62e76326	232	return 0;
528b2c61	233	}
62e76326	234
528b2c61	235	return 1;
	236	}
	237
1a210de4	238	bool
06a5ae20	239	HttpReply::updateOnNotModified(HttpReply const * freshRep)
cb69b4c7	240	{
07947ad8	241	assert(freshRep);
1d7ab0f4	242
1a210de4 EB	243	/* update raw headers */
	244	if (!header.update(&freshRep->header))
	245	return false;
	246
d8b249ef	247	/* clean cache */
06a5ae20	248	hdrCacheClean();
1d7ab0f4	249
394499bd	250	header.compact();
d8b249ef	251	/* init cache */
07947ad8	252	hdrCacheInit();
1a210de4 EB	253
1a210de4 EB	254	return true;
cb69b4c7	255	}
cb69b4c7	256
d8b249ef	257	/* internal routines */
cb69b4c7	258
06a5ae20	259	time_t
06a5ae20	260	HttpReply::hdrExpirationTime()
d20b1cd0	261	{
d20b1cd0	262	/* The s-maxage and max-age directive takes priority over Expires */
62e76326	263
06a5ae20	264	if (cache_control) {
810d879f EB	265	int maxAge = -1;
	266	/*
	267	* Conservatively handle the case when we have a max-age
	268	* header, but no Date for reference?
	269	*/
	270	if (cache_control->hasSMaxAge(&maxAge) \|\| cache_control->hasMaxAge(&maxAge))
	271	return (date >= 0) ? date + maxAge : squid_curtime;
d20b1cd0	272	}
62e76326	273
f66a9ef4	274	if (Config.onoff.vary_ignore_expire &&
789217a2 FC	275	header.has(Http::HdrType::VARY)) {
	276	const time_t d = header.getTime(Http::HdrType::DATE);
	277	const time_t e = header.getTime(Http::HdrType::EXPIRES);
62e76326	278
	279	if (d == e)
	280	return -1;
f66a9ef4	281	}
62e76326	282
789217a2 FC	283	if (header.has(Http::HdrType::EXPIRES)) {
789217a2 FC	284	const time_t e = header.getTime(Http::HdrType::EXPIRES);
62e76326	285	/*
	286	* HTTP/1.0 says that robust implementations should consider
	287	* bad or malformed Expires header as equivalent to "expires
	288	* immediately."
	289	*/
	290	return e < 0 ? squid_curtime : e;
d20b1cd0	291	}
62e76326	292
d20b1cd0	293	return -1;
	294	}
	295
d8b249ef	296	/* sync this routine when you update HttpReply struct */
8596962e	297	void
07947ad8	298	HttpReply::hdrCacheInit()
cb69b4c7	299	{
63df1d28	300	Http::Message::hdrCacheInit();
07947ad8	301
4a1acc56	302	http_ver = sline.version;
789217a2 FC	303	content_length = header.getInt64(Http::HdrType::CONTENT_LENGTH);
	304	date = header.getTime(Http::HdrType::DATE);
	305	last_modified = header.getTime(Http::HdrType::LAST_MODIFIED);
a9925b40	306	surrogate_control = header.getSc();
a9925b40	307	content_range = header.getContRange();
4a1acc56	308	keep_alive = persistent() ? 1 : 0;
789217a2	309	const char *str = header.getStr(Http::HdrType::CONTENT_TYPE);
62e76326	310
d8b249ef	311	if (str)
07947ad8	312	content_type.limitInit(str, strcspn(str, ";\t "));
d8b249ef	313	else
30abd221	314	content_type = String();
62e76326	315
d20b1cd0	316	/* be sure to set expires after date and cache-control */
06a5ae20	317	expires = hdrExpirationTime();
cb69b4c7	318	}
cb69b4c7	319
d8b249ef	320	/* sync this routine when you update HttpReply struct */
06a5ae20	321	void
06a5ae20	322	HttpReply::hdrCacheClean()
2ac76861	323	{
30abd221	324	content_type.clean();
62e76326	325
06a5ae20	326	if (cache_control) {
3d7782c1	327	delete cache_control;
06a5ae20	328	cache_control = NULL;
07947ad8	329	}
62e76326	330
06a5ae20	331	if (surrogate_control) {
45a58345	332	delete surrogate_control;
06a5ae20	333	surrogate_control = NULL;
07947ad8	334	}
43ae1d95	335
06a5ae20	336	if (content_range) {
3c670b50	337	delete content_range;
06a5ae20	338	content_range = NULL;
07947ad8	339	}
63259c34	340	}
cb69b4c7	341
35282fbf	342	/*
	343	* Returns the body size of a HTTP response
	344	*/
47f6e231	345	int64_t
60745f24	346	HttpReply::bodySize(const HttpRequestMethod& method) const
35282fbf	347	{
06a5ae20	348	if (sline.version.major < 1)
1bda350e	349	return -1;
c2a7cefd	350	else if (method.id() == Http::METHOD_HEAD)
62e76326	351	return 0;
9b769c67	352	else if (sline.status() == Http::scOkay)
f53969cc	353	(void) 0; /* common case, continue */
9b769c67	354	else if (sline.status() == Http::scNoContent)
62e76326	355	return 0;
9b769c67	356	else if (sline.status() == Http::scNotModified)
62e76326	357	return 0;
9b769c67	358	else if (sline.status() < Http::scOkay)
62e76326	359	return 0;
62e76326	360
06a5ae20	361	return content_length;
35282fbf	362	}
8596962e	363
96ee497f AJ	364	/**
	365	* Checks the first line of an HTTP Reply is valid.
	366	* currently only checks "HTTP/" exists.
	367	*
	368	* NP: not all error cases are detected yet. Some are left for detection later in parse.
	369	*/
	370	bool
84ae6223	371	HttpReply::sanityCheckStartLine(const char buf, const size_t hdr_len, Http::StatusCode error)
8596962e	372	{
96ee497f AJ	373	// hack warning: using psize instead of size here due to type mismatches with MemBuf.
	374
	375	// content is long enough to possibly hold a reply
	376	// 4 being magic size of a 3-digit number plus space delimiter
84ae6223	377	if (hdr_len < (size_t)(protoPrefix.psize() + 4)) {
0246f6b8	378	if (hdr_len > 0) {
84ae6223	379	debugs(58, 3, "Too small reply header (" << hdr_len << " bytes)");
955394ce	380	*error = Http::scInvalidHeader;
0246f6b8	381	}
96ee497f AJ	382	return false;
	383	}
	384
e77d7ef0	385	int pos;
96ee497f	386	// catch missing or mismatched protocol identifier
e77d7ef0	387	// allow special-case for ICY protocol (non-HTTP identifier) in response to faked HTTP request.
84ae6223	388	if (strncmp(buf, "ICY", 3) == 0) {
e77d7ef0 AJ	389	protoPrefix = "ICY";
e77d7ef0 AJ	390	pos = protoPrefix.psize();
dd20bfd3	391	} else {
8596962e	392
84ae6223 AJ	393	if (protoPrefix.cmp(buf, protoPrefix.size()) != 0) {
84ae6223 AJ	394	debugs(58, 3, "missing protocol prefix (" << protoPrefix << ") in '" << buf << "'");
955394ce	395	*error = Http::scInvalidHeader;
e77d7ef0 AJ	396	return false;
e77d7ef0 AJ	397	}
96ee497f	398
e77d7ef0 AJ	399	// catch missing or negative status value (negative '-' is not a digit)
e77d7ef0 AJ	400	pos = protoPrefix.psize();
dd20bfd3	401
e77d7ef0	402	// skip arbitrary number of digits and a dot in the verion portion
84ae6223	403	while ((size_t)pos <= hdr_len && ((buf+pos) == '.' \|\| xisdigit((buf+pos)) ) ) ++pos;
96ee497f	404
e77d7ef0 AJ	405	// catch missing version info
e77d7ef0 AJ	406	if (pos == protoPrefix.psize()) {
84ae6223	407	debugs(58, 3, "missing protocol version numbers (ie. " << protoPrefix << "/1.0) in '" << buf << "'");
955394ce	408	*error = Http::scInvalidHeader;
e77d7ef0 AJ	409	return false;
e77d7ef0 AJ	410	}
96ee497f AJ	411	}
	412
	413	// skip arbitrary number of spaces...
84ae6223	414	while ((size_t)pos <= hdr_len && (char)*(buf+pos) == ' ') ++pos;
96ee497f	415
84ae6223 AJ	416	if ((size_t)pos < hdr_len && !xisdigit(*(buf+pos))) {
84ae6223 AJ	417	debugs(58, 3, "missing or invalid status number in '" << buf << "'");
955394ce	418	*error = Http::scInvalidHeader;
96ee497f AJ	419	return false;
	420	}
	421
8596962e	422	return true;
	423	}
	424
9b769c67 AJ	425	bool
9b769c67 AJ	426	HttpReply::parseFirstLine(const char blk_start, const char blk_end)
429f7150	427	{
9b769c67	428	return sline.parse(protoPrefix, blk_start, blk_end);
429f7150	429	}
5c09dcb8	430
fb525683	431	/* handy: resets and returns -1 */
	432	int
	433	HttpReply::httpMsgParseError()
	434	{
63df1d28	435	int result(Http::Message::httpMsgParseError());
fb525683	436	/* indicate an error in the status line */
2592bc70	437	sline.set(Http::ProtocolVersion(), Http::scInvalidHeader);
fb525683	438	return result;
	439	}
	440
5c09dcb8	441	/*
	442	* Indicate whether or not we would usually expect an entity-body
	443	* along with this response
	444	*/
	445	bool
60745f24	446	HttpReply::expectingBody(const HttpRequestMethod& req_method, int64_t& theSize) const
5c09dcb8	447	{
	448	bool expectBody = true;
	449
c2a7cefd	450	if (req_method == Http::METHOD_HEAD)
5c09dcb8	451	expectBody = false;
9b769c67	452	else if (sline.status() == Http::scNoContent)
5c09dcb8	453	expectBody = false;
9b769c67	454	else if (sline.status() == Http::scNotModified)
5c09dcb8	455	expectBody = false;
9b769c67	456	else if (sline.status() < Http::scOkay)
5c09dcb8	457	expectBody = false;
	458	else
	459	expectBody = true;
	460
	461	if (expectBody) {
c3d0ba0c	462	if (header.chunked())
5c09dcb8	463	theSize = -1;
	464	else if (content_length >= 0)
	465	theSize = content_length;
	466	else
	467	theSize = -1;
	468	}
	469
	470	return expectBody;
	471	}
0667cbfb	472
	473	bool
	474	HttpReply::receivedBodyTooLarge(HttpRequest& request, int64_t receivedSize)
	475	{
	476	calcMaxBodySize(request);
	477	debugs(58, 3, HERE << receivedSize << " >? " << bodySizeMax);
	478	return bodySizeMax >= 0 && receivedSize > bodySizeMax;
	479	}
	480
	481	bool
	482	HttpReply::expectedBodyTooLarge(HttpRequest& request)
	483	{
	484	calcMaxBodySize(request);
	485	debugs(58, 7, HERE << "bodySizeMax=" << bodySizeMax);
	486
	487	if (bodySizeMax < 0) // no body size limit
	488	return false;
	489
	490	int64_t expectedSize = -1;
	491	if (!expectingBody(request.method, expectedSize))
	492	return false;
26ac0430	493
0667cbfb	494	debugs(58, 6, HERE << expectedSize << " >? " << bodySizeMax);
	495
	496	if (expectedSize < 0) // expecting body of an unknown length
	497	return false;
	498
	499	return expectedSize > bodySizeMax;
	500	}
	501
	502	void
b248c2a3	503	HttpReply::calcMaxBodySize(HttpRequest& request) const
0667cbfb	504	{
	505	// hack: -2 is used as "we have not calculated max body size yet" state
	506	if (bodySizeMax != -2) // already tried
	507	return;
	508	bodySizeMax = -1;
	509
4194f58d AJ	510	// short-circuit ACL testing if there are none configured
	511	if (!Config.ReplyBodySize)
	512	return;
	513
c0941a6a	514	ACLFilledChecklist ch(NULL, &request, NULL);
b248c2a3 AJ	515	// XXX: cont-cast becomes irrelevant when checklist is HttpReply::Pointer
	516	ch.reply = const_cast<HttpReply *>(this);
	517	HTTPMSGLOCK(ch.reply);
1328cfb7	518	for (AclSizeLimit *l = Config.ReplyBodySize; l; l = l -> next) {
b50e327b	519	/* if there is no ACL list or if the ACLs listed match use this size value */
06bf5384	520	if (!l->aclList \|\| ch.fastCheck(l->aclList).allowed()) {
0667cbfb	521	debugs(58, 4, HERE << "bodySizeMax=" << bodySizeMax);
	522	bodySizeMax = l->size; // may be -1
	523	break;
	524	}
	525	}
	526	}
da33c835	527
fa0e6114	528	// XXX: check that this is sufficient for eCAP cloning
da33c835 HN	529	HttpReply *
	530	HttpReply::clone() const
	531	{
	532	HttpReply *rep = new HttpReply();
66363092	533	rep->sline = sline; // used in hdrCacheInit() call below
da33c835 HN	534	rep->header.append(&header);
	535	rep->hdrCacheInit();
	536	rep->hdr_sz = hdr_sz;
f230832f HN	537	rep->http_ver = http_ver;
f230832f HN	538	rep->pstate = pstate;
fa0e6114 AR	539	rep->body_pipe = body_pipe;
fa0e6114 AR	540
66363092	541	// keep_alive is handled in hdrCacheInit()
da33c835 HN	542	return rep;
da33c835 HN	543	}
d67acb4e	544
63df1d28 AJ	545	bool
63df1d28 AJ	546	HttpReply::inheritProperties(const Http::Message *aMsg)
d67acb4e AJ	547	{
d67acb4e AJ	548	const HttpReply aRep = dynamic_cast<const HttpReply>(aMsg);
26ac0430 AJ	549	if (!aRep)
26ac0430 AJ	550	return false;
d67acb4e	551	keep_alive = aRep->keep_alive;
88df846b	552	sources = aRep->sources;
d67acb4e AJ	553	return true;
d67acb4e AJ	554	}
c679653d AR	555
	556	void HttpReply::removeStaleWarnings()
	557	{
	558	String warning;
789217a2	559	if (header.getList(Http::HdrType::WARNING, &warning)) {
c679653d AR	560	const String newWarning = removeStaleWarningValues(warning);
	561	if (warning.size() && warning.size() == newWarning.size())
	562	return; // some warnings are there and none changed
789217a2	563	header.delById(Http::HdrType::WARNING);
c679653d AR	564	if (newWarning.size()) { // some warnings left
c679653d AR	565	HttpHeaderEntry *const e =
d5f18517	566	new HttpHeaderEntry(Http::HdrType::WARNING, SBuf(), newWarning.termedBuf());
c679653d AR	567	header.addEntry(e);
	568	}
	569	}
	570	}
	571
	572	/**
	573	* Remove warning-values with warn-date different from Date value from
	574	* a single header entry. Returns a string with all valid warning-values.
	575	*/
	576	String HttpReply::removeStaleWarningValues(const String &value)
	577	{
	578	String newValue;
	579	const char *item = 0;
	580	int len = 0;
	581	const char *pos = 0;
	582	while (strListGetItem(&value, ',', &item, &len, &pos)) {
	583	bool keep = true;
	584	// Does warning-value have warn-date (which contains quoted date)?
	585	// We scan backwards, looking for two quoted strings.
	586	// warning-value = warn-code SP warn-agent SP warn-text [SP warn-date]
	587	const char *p = item + len - 1;
	588
	589	while (p >= item && xisspace(*p)) --p; // skip whitespace
	590
	591	// warning-value MUST end with quote
	592	if (p >= item && *p == '"') {
	593	const char *const warnDateEnd = p;
	594	--p;
	595	while (p >= item && *p != '"') --p; // find the next quote
	596
	597	const char *warnDateBeg = p + 1;
	598	--p;
	599	while (p >= item && xisspace(*p)) --p; // skip whitespace
	600
	601	if (p >= item && *p == '"' && warnDateBeg - p > 2) {
	602	// found warn-text
	603	String warnDate;
	604	warnDate.append(warnDateBeg, warnDateEnd - warnDateBeg);
	605	const time_t time = parse_rfc1123(warnDate.termedBuf());
	606	keep = (time > 0 && time == date); // keep valid and matching date
	607	}
	608	}
	609
	610	if (keep) {
	611	if (newValue.size())
	612	newValue.append(", ");
	613	newValue.append(item, len);
	614	}
	615	}
	616
	617	return newValue;
	618	}
f53969cc	619
eace013e EB	620	bool
	621	HttpReply::olderThan(const HttpReply *them) const
	622	{
	623	if (!them \|\| !them->date \|\| !date)
	624	return false;
	625	return date < them->date;
	626	}
	627