[thirdparty/squid.git] / src / HttpReply.cc

/*
 * Copyright (C) 1996-2025 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/* DEBUG: section 58    HTTP Reply (Response) */

#include "squid.h"
#include "acl/AclSizeLimit.h"
#include "acl/FilledChecklist.h"
#include "base/EnumIterator.h"
#include "globals.h"
#include "http/ContentLengthInterpreter.h"
#include "HttpBody.h"
#include "HttpHdrCc.h"
#include "HttpHdrContRange.h"
#include "HttpHdrSc.h"
#include "HttpReply.h"
#include "HttpRequest.h"
#include "MemBuf.h"
#include "sbuf/Stream.h"
#include "SquidConfig.h"
#include "SquidMath.h"
#include "Store.h"
#include "StrList.h"

HttpReply::HttpReply():
    Http::Message(hoReply),
    date(0),
    last_modified(0),
    expires(0),
    surrogate_control(nullptr),
    keep_alive(0),
    protoPrefix("HTTP/"),
    bodySizeMax(-2),
    content_range(nullptr)
{
    init();
}

HttpReply::~HttpReply()
{
    if (do_clean)
        clean();
}

void
HttpReply::init()
{
    hdrCacheInit();
    sline.init();
    pstate = Http::Message::psReadyToParseStartLine;
    do_clean = true;
}

void HttpReply::reset()
{

    // reset should not reset the protocol; could have made protoPrefix a
    // virtual function instead, but it is not clear whether virtual methods
    // are allowed with MEMPROXY_CLASS() and whether some cbdata void*
    // conversions are not going to kill virtual tables
    const String pfx = protoPrefix;
    clean();
    init();
    protoPrefix = pfx;
}

void
HttpReply::clean()
{
    // we used to assert that the pipe is NULL, but now the message only
    // points to a pipe that is owned and initiated by another object.
    body_pipe = nullptr;

    body.clear();
    hdrCacheClean();
    header.clean();
    sline.clean();
    bodySizeMax = -2; // hack: make calculatedBodySizeMax() false
}

void
HttpReply::packHeadersUsingFastPacker(Packable &p) const
{
    sline.packInto(&p);
    header.packInto(&p);
    p.append("\r\n", 2);
}

void
HttpReply::packHeadersUsingSlowPacker(Packable &p) const
{
    MemBuf buf;
    buf.init();
    packHeadersUsingFastPacker(buf);
    p.append(buf.content(), buf.contentSize());
}

void
HttpReply::packInto(MemBuf &buf) const
{
    packHeadersUsingFastPacker(buf);
    body.packInto(&buf);
}

/* create memBuf, create mem-based packer, pack, destroy packer, return MemBuf */
MemBuf *
HttpReply::pack() const
{
    MemBuf *mb = new MemBuf;
    mb->init();
    packInto(*mb);
    return mb;
}

HttpReplyPointer
HttpReply::MakeConnectionEstablished() {

    HttpReplyPointer rep(new HttpReply);
    rep->sline.set(Http::ProtocolVersion(), Http::scOkay, "Connection established");
    return rep;
}

HttpReplyPointer
HttpReply::make304() const
{
    static const Http::HdrType ImsEntries[] = {Http::HdrType::DATE, Http::HdrType::CONTENT_TYPE, Http::HdrType::EXPIRES, Http::HdrType::LAST_MODIFIED, /* eof */ Http::HdrType::OTHER};

    const HttpReplyPointer rv(new HttpReply);
    int t;
    HttpHeaderEntry *e;

    /* rv->content_length; */
    rv->date = date;
    rv->last_modified = last_modified;
    rv->expires = expires;
    rv->content_type = content_type;
    /* rv->content_range */
    /* rv->keep_alive */
    rv->sline.set(Http::ProtocolVersion(), Http::scNotModified, nullptr);

    for (t = 0; ImsEntries[t] != Http::HdrType::OTHER; ++t) {
        if ((e = header.findEntry(ImsEntries[t])))
            rv->header.addEntry(e->clone());
    }

    if (cache_control)
        rv->putCc(*cache_control);

    /* rv->body */
    return rv;
}

MemBuf *
HttpReply::packed304Reply() const
{
    /* Not as efficient as skipping the header duplication,
     * but easier to maintain
     */
    const auto temp = make304();
    MemBuf *rv = temp->pack();
    return rv;
}

void
HttpReply::setHeaders(Http::StatusCode status, const char *reason,
                      const char *ctype, int64_t clen, time_t lmt, time_t expiresTime)
{
    HttpHeader *hdr;
    sline.set(Http::ProtocolVersion(), status, reason);
    hdr = &header;
    hdr->putStr(Http::HdrType::SERVER, visible_appname_string);
    hdr->putStr(Http::HdrType::MIME_VERSION, "1.0");
    hdr->putTime(Http::HdrType::DATE, squid_curtime);

    if (ctype) {
        hdr->putStr(Http::HdrType::CONTENT_TYPE, ctype);
        content_type = ctype;
    } else
        content_type = String();

    if (clen >= 0)
        hdr->putInt64(Http::HdrType::CONTENT_LENGTH, clen);

    if (expiresTime >= 0)
        hdr->putTime(Http::HdrType::EXPIRES, expiresTime);

    if (lmt > 0)        /* this used to be lmt != 0 @?@ */
        hdr->putTime(Http::HdrType::LAST_MODIFIED, lmt);

    date = squid_curtime;

    content_length = clen;

    expires = expiresTime;

    last_modified = lmt;
}

void
HttpReply::redirect(Http::StatusCode status, const char *loc)
{
    HttpHeader *hdr;
    sline.set(Http::ProtocolVersion(), status, nullptr);
    hdr = &header;
    hdr->putStr(Http::HdrType::SERVER, visible_appname_string);
    hdr->putTime(Http::HdrType::DATE, squid_curtime);
    hdr->putInt64(Http::HdrType::CONTENT_LENGTH, 0);
    hdr->putStr(Http::HdrType::LOCATION, loc);
    date = squid_curtime;
    content_length = 0;
}

/* compare the validators of two replies.
 * 1 = they match
 * 0 = they do not match
 */
int
HttpReply::validatorsMatch(HttpReply const * otherRep) const
{
    String one,two;
    assert (otherRep);
    /* Numbers first - easiest to check */
    /* Content-Length */
    /* TODO: remove -1 bypass */

    if (content_length != otherRep->content_length
            && content_length > -1 &&
            otherRep->content_length > -1)
        return 0;

    /* ETag */
    one = header.getStrOrList(Http::HdrType::ETAG);

    two = otherRep->header.getStrOrList(Http::HdrType::ETAG);

    if (one.size()==0 || two.size()==0 || one.caseCmp(two)!=0 ) {
        one.clean();
        two.clean();
        return 0;
    }

    if (last_modified != otherRep->last_modified)
        return 0;

    /* MD5 */
    one = header.getStrOrList(Http::HdrType::CONTENT_MD5);

    two = otherRep->header.getStrOrList(Http::HdrType::CONTENT_MD5);

    if (one.size()==0 || two.size()==0 || one.caseCmp(two)!=0 ) {
        one.clean();
        two.clean();
        return 0;
    }

    return 1;
}

HttpReply::Pointer
HttpReply::recreateOnNotModified(const HttpReply &reply304) const
{
    // If enough 304s do not update, then this expensive checking is cheaper
    // than blindly storing reply prefix identical to the already stored one.
    if (!header.needUpdate(&reply304.header))
        return nullptr;

    const Pointer cloned = clone();
    cloned->header.update(&reply304.header);
    cloned->hdrCacheClean();
    cloned->header.compact();
    cloned->hdrCacheInit();
    return cloned;
}

/* internal routines */

time_t
HttpReply::hdrExpirationTime()
{
    /* The s-maxage and max-age directive takes priority over Expires */

    if (cache_control) {
        int maxAge = -1;
        /*
         * Conservatively handle the case when we have a max-age
         * header, but no Date for reference?
         */
        if (cache_control->hasSMaxAge(&maxAge) || cache_control->hasMaxAge(&maxAge))
            return (date >= 0) ? date + maxAge : squid_curtime;
    }

    if (Config.onoff.vary_ignore_expire &&
            header.has(Http::HdrType::VARY)) {
        const time_t d = header.getTime(Http::HdrType::DATE);
        const time_t e = header.getTime(Http::HdrType::EXPIRES);

        if (d == e)
            return -1;
    }

    if (header.has(Http::HdrType::EXPIRES)) {
        const time_t e = header.getTime(Http::HdrType::EXPIRES);
        /*
         * HTTP/1.0 says that robust implementations should consider
         * bad or malformed Expires header as equivalent to "expires
         * immediately."
         */
        return e < 0 ? squid_curtime : e;
    }

    return -1;
}

/* sync this routine when you update HttpReply struct */
void
HttpReply::hdrCacheInit()
{
    Http::Message::hdrCacheInit();

    http_ver = sline.version;
    content_length = header.getInt64(Http::HdrType::CONTENT_LENGTH);
    date = header.getTime(Http::HdrType::DATE);
    last_modified = header.getTime(Http::HdrType::LAST_MODIFIED);
    surrogate_control = header.getSc();
    content_range = (sline.status() == Http::scPartialContent) ?
                    header.getContRange() : nullptr;
    keep_alive = persistent() ? 1 : 0;
    const char *str = header.getStr(Http::HdrType::CONTENT_TYPE);

    if (str)
        content_type.assign(str, strcspn(str, ";\t "));
    else
        content_type = String();

    /* be sure to set expires after date and cache-control */
    expires = hdrExpirationTime();
}

const HttpHdrContRange *
HttpReply::contentRange() const
{
    assert(!content_range || sline.status() == Http::scPartialContent);
    return content_range;
}

/* sync this routine when you update HttpReply struct */
void
HttpReply::hdrCacheClean()
{
    content_type.clean();

    if (cache_control) {
        delete cache_control;
        cache_control = nullptr;
    }

    if (surrogate_control) {
        delete surrogate_control;
        surrogate_control = nullptr;
    }

    if (content_range) {
        delete content_range;
        content_range = nullptr;
    }
}

/*
 * Returns the body size of a HTTP response
 */
int64_t
HttpReply::bodySize(const HttpRequestMethod& method) const
{
    if (sline.version.major < 1)
        return -1;
    else if (method.id() == Http::METHOD_HEAD)
        return 0;
    else if (sline.status() == Http::scOkay)
        (void) 0;       /* common case, continue */
    else if (sline.status() == Http::scNoContent)
        return 0;
    else if (sline.status() == Http::scNotModified)
        return 0;
    else if (sline.status() < Http::scOkay)
        return 0;

    return content_length;
}

/**
 * Checks the first line of an HTTP Reply is valid.
 * currently only checks "HTTP/" exists.
 *
 * NP: not all error cases are detected yet. Some are left for detection later in parse.
 */
bool
HttpReply::sanityCheckStartLine(const char *buf, const size_t hdr_len, Http::StatusCode *error)
{
    // hack warning: using psize instead of size here due to type mismatches with MemBuf.

    // content is long enough to possibly hold a reply
    // 4 being magic size of a 3-digit number plus space delimiter
    if (hdr_len < (size_t)(protoPrefix.psize() + 4)) {
        if (hdr_len > 0) {
            debugs(58, 3, "Too small reply header (" << hdr_len << " bytes)");
            *error = Http::scInvalidHeader;
        }
        return false;
    }

    int pos;
    // catch missing or mismatched protocol identifier
    // allow special-case for ICY protocol (non-HTTP identifier) in response to faked HTTP request.
    if (strncmp(buf, "ICY", 3) == 0) {
        protoPrefix = "ICY";
        pos = protoPrefix.psize();
    } else {

        if (protoPrefix.cmp(buf, protoPrefix.size()) != 0) {
            debugs(58, 3, "missing protocol prefix (" << protoPrefix << ") in '" << buf << "'");
            *error = Http::scInvalidHeader;
            return false;
        }

        // catch missing or negative status value (negative '-' is not a digit)
        pos = protoPrefix.psize();

        // skip arbitrary number of digits and a dot in the version portion
        while ((size_t)pos <= hdr_len && (*(buf+pos) == '.' || xisdigit(*(buf+pos)) ) ) ++pos;

        // catch missing version info
        if (pos == protoPrefix.psize()) {
            debugs(58, 3, "missing protocol version numbers (ie. " << protoPrefix << "/1.0) in '" << buf << "'");
            *error = Http::scInvalidHeader;
            return false;
        }
    }

    // skip arbitrary number of spaces...
    while ((size_t)pos <= hdr_len && (char)*(buf+pos) == ' ') ++pos;

    if ((size_t)pos < hdr_len && !xisdigit(*(buf+pos))) {
        debugs(58, 3, "missing or invalid status number in '" << buf << "'");
        *error = Http::scInvalidHeader;
        return false;
    }

    return true;
}

bool
HttpReply::parseFirstLine(const char *blk_start, const char *blk_end)
{
    return sline.parse(protoPrefix, blk_start, blk_end);
}

size_t
HttpReply::parseTerminatedPrefix(const char * const terminatedBuf, const size_t bufSize)
{
    auto error = Http::scNone;
    const bool eof = false; // TODO: Remove after removing atEnd from HttpHeader::parse()
    if (parse(terminatedBuf, bufSize, eof, &error)) {
        debugs(58, 7, "success after accumulating " << bufSize << " bytes and parsing " << hdr_sz);
        Assure(pstate == Http::Message::psParsed);
        Assure(hdr_sz > 0);
        Assure(!Less(bufSize, hdr_sz)); // cannot parse more bytes than we have
        return hdr_sz; // success
    }

    Assure(pstate != Http::Message::psParsed);
    hdr_sz = 0;

    if (error) {
        throw TextException(ToSBuf("failed to parse HTTP headers",
                                   Debug::Extra, "parser error code: ", error,
                                   Debug::Extra, "accumulated unparsed bytes: ", bufSize,
                                   Debug::Extra, "reply_header_max_size: ", Config.maxReplyHeaderSize),
                            Here());
    }

    debugs(58, 3, "need more bytes after accumulating " << bufSize << " out of " << Config.maxReplyHeaderSize);

    // the parse() call above enforces Config.maxReplyHeaderSize limit
    // XXX: Make this a strict comparison after fixing Http::Message::parse() enforcement
    Assure(bufSize <= Config.maxReplyHeaderSize);
    return 0; // parsed nothing, need more data
}

size_t
HttpReply::prefixLen() const
{
    return sline.packedLength() + header.len + 2;
}

void
HttpReply::configureContentLengthInterpreter(Http::ContentLengthInterpreter &interpreter)
{
    interpreter.applyStatusCodeRules(sline.status());
}

bool
HttpReply::parseHeader(Http1::Parser &hp)
{
    Http::ContentLengthInterpreter clen;
    return Message::parseHeader(hp, clen);
}

/* handy: resets and returns -1 */
int
HttpReply::httpMsgParseError()
{
    int result(Http::Message::httpMsgParseError());
    /* indicate an error in the status line */
    sline.set(Http::ProtocolVersion(), Http::scInvalidHeader);
    return result;
}

/*
 * Indicate whether or not we would usually expect an entity-body
 * along with this response
 */
bool
HttpReply::expectingBody(const HttpRequestMethod& req_method, int64_t& theSize) const
{
    bool expectBody = true;

    if (req_method == Http::METHOD_HEAD)
        expectBody = false;
    else if (sline.status() == Http::scNoContent)
        expectBody = false;
    else if (sline.status() == Http::scNotModified)
        expectBody = false;
    // TODO: Consider assuming that gray-area 0xx responses have bodies, like 9xx responses.
    else if (sline.status() < Http::scOkay)
        expectBody = false;
    else
        expectBody = true;

    if (expectBody) {
        if (header.chunked())
            theSize = -1;
        else if (content_length >= 0)
            theSize = content_length;
        else
            theSize = -1;
    }

    return expectBody;
}

bool
HttpReply::receivedBodyTooLarge(HttpRequest& request, int64_t receivedSize)
{
    calcMaxBodySize(request);
    debugs(58, 3, receivedSize << " >? " << bodySizeMax);
    return bodySizeMax >= 0 && receivedSize > bodySizeMax;
}

bool
HttpReply::expectedBodyTooLarge(HttpRequest& request)
{
    calcMaxBodySize(request);
    debugs(58, 7, "bodySizeMax=" << bodySizeMax);

    if (bodySizeMax < 0) // no body size limit
        return false;

    int64_t expectedSize = -1;
    if (!expectingBody(request.method, expectedSize))
        return false;

    debugs(58, 6, expectedSize << " >? " << bodySizeMax);

    if (expectedSize < 0) // expecting body of an unknown length
        return false;

    return expectedSize > bodySizeMax;
}

void
HttpReply::calcMaxBodySize(HttpRequest& request) const
{
    // hack: -2 is used as "we have not calculated max body size yet" state
    if (bodySizeMax != -2) // already tried
        return;
    bodySizeMax = -1;

    // short-circuit ACL testing if there are none configured
    if (!Config.ReplyBodySize)
        return;

    ACLFilledChecklist ch(nullptr, &request);
    ch.updateReply(this);
    for (AclSizeLimit *l = Config.ReplyBodySize; l; l = l -> next) {
        /* if there is no ACL list or if the ACLs listed match use this size value */
        if (!l->aclList || ch.fastCheck(l->aclList).allowed()) {
            debugs(58, 4, "bodySizeMax=" << bodySizeMax);
            bodySizeMax = l->size; // may be -1
            break;
        }
    }
}

// XXX: check that this is sufficient for eCAP cloning
HttpReply *
HttpReply::clone() const
{
    HttpReply *rep = new HttpReply();
    rep->sline = sline; // used in hdrCacheInit() call below
    rep->header.append(&header);
    rep->hdrCacheInit();
    rep->hdr_sz = hdr_sz;
    rep->http_ver = http_ver;
    rep->pstate = pstate;
    rep->body_pipe = body_pipe;

    // keep_alive is handled in hdrCacheInit()
    return rep;
}

bool
HttpReply::inheritProperties(const Http::Message *aMsg)
{
    const HttpReply *aRep = dynamic_cast<const HttpReply*>(aMsg);
    if (!aRep)
        return false;
    keep_alive = aRep->keep_alive;
    sources = aRep->sources;
    return true;
}

bool
HttpReply::olderThan(const HttpReply *them) const
{
    if (!them || !them->date || !date)
        return false;
    return date < them->date;
}

void
HttpReply::removeIrrelevantContentLength() {
    if (Http::ProhibitsContentLength(sline.status()))
        if (header.delById(Http::HdrType::CONTENT_LENGTH))
            debugs(58, 3, "Removing unexpected Content-Length header");
}
Commit	Line	Data
	1	/*
	2	* Copyright (C) 1996-2025 The Squid Software Foundation and contributors
	3	*
	4	* Squid software is distributed under GPLv2+ license and includes
	5	* contributions from numerous individuals and organizations.
	6	* Please see the COPYING and CONTRIBUTORS files for details.
	7	*/
	8
	9	/* DEBUG: section 58 HTTP Reply (Response) */
	10
	11	#include "squid.h"
	12	#include "acl/AclSizeLimit.h"
	13	#include "acl/FilledChecklist.h"
	14	#include "base/EnumIterator.h"
	15	#include "globals.h"
	16	#include "http/ContentLengthInterpreter.h"
	17	#include "HttpBody.h"
	18	#include "HttpHdrCc.h"
	19	#include "HttpHdrContRange.h"
	20	#include "HttpHdrSc.h"
	21	#include "HttpReply.h"
	22	#include "HttpRequest.h"
	23	#include "MemBuf.h"
	24	#include "sbuf/Stream.h"
	25	#include "SquidConfig.h"
	26	#include "SquidMath.h"
	27	#include "Store.h"
	28	#include "StrList.h"
	29
	30	HttpReply::HttpReply():
	31	Http::Message(hoReply),
	32	date(0),
	33	last_modified(0),
	34	expires(0),
	35	surrogate_control(nullptr),
	36	keep_alive(0),
	37	protoPrefix("HTTP/"),
	38	bodySizeMax(-2),
	39	content_range(nullptr)
	40	{
	41	init();
	42	}
	43
	44	HttpReply::~HttpReply()
	45	{
	46	if (do_clean)
	47	clean();
	48	}
	49
	50	void
	51	HttpReply::init()
	52	{
	53	hdrCacheInit();
	54	sline.init();
	55	pstate = Http::Message::psReadyToParseStartLine;
	56	do_clean = true;
	57	}
	58
	59	void HttpReply::reset()
	60	{
	61
	62	// reset should not reset the protocol; could have made protoPrefix a
	63	// virtual function instead, but it is not clear whether virtual methods
	64	// are allowed with MEMPROXY_CLASS() and whether some cbdata void*
	65	// conversions are not going to kill virtual tables
	66	const String pfx = protoPrefix;
	67	clean();
	68	init();
	69	protoPrefix = pfx;
	70	}
	71
	72	void
	73	HttpReply::clean()
	74	{
	75	// we used to assert that the pipe is NULL, but now the message only
	76	// points to a pipe that is owned and initiated by another object.
	77	body_pipe = nullptr;
	78
	79	body.clear();
	80	hdrCacheClean();
	81	header.clean();
	82	sline.clean();
	83	bodySizeMax = -2; // hack: make calculatedBodySizeMax() false
	84	}
	85
	86	void
	87	HttpReply::packHeadersUsingFastPacker(Packable &p) const
	88	{
	89	sline.packInto(&p);
	90	header.packInto(&p);
	91	p.append("\r\n", 2);
	92	}
	93
	94	void
	95	HttpReply::packHeadersUsingSlowPacker(Packable &p) const
	96	{
	97	MemBuf buf;
	98	buf.init();
	99	packHeadersUsingFastPacker(buf);
	100	p.append(buf.content(), buf.contentSize());
	101	}
	102
	103	void
	104	HttpReply::packInto(MemBuf &buf) const
	105	{
	106	packHeadersUsingFastPacker(buf);
	107	body.packInto(&buf);
	108	}
	109
	110	/* create memBuf, create mem-based packer, pack, destroy packer, return MemBuf */
	111	MemBuf *
	112	HttpReply::pack() const
	113	{
	114	MemBuf *mb = new MemBuf;
	115	mb->init();
	116	packInto(*mb);
	117	return mb;
	118	}
	119
	120	HttpReplyPointer
	121	HttpReply::MakeConnectionEstablished() {
	122
	123	HttpReplyPointer rep(new HttpReply);
	124	rep->sline.set(Http::ProtocolVersion(), Http::scOkay, "Connection established");
	125	return rep;
	126	}
	127
	128	HttpReplyPointer
	129	HttpReply::make304() const
	130	{
	131	static const Http::HdrType ImsEntries[] = {Http::HdrType::DATE, Http::HdrType::CONTENT_TYPE, Http::HdrType::EXPIRES, Http::HdrType::LAST_MODIFIED, /* eof */ Http::HdrType::OTHER};
	132
	133	const HttpReplyPointer rv(new HttpReply);
	134	int t;
	135	HttpHeaderEntry *e;
	136
	137	/* rv->content_length; */
	138	rv->date = date;
	139	rv->last_modified = last_modified;
	140	rv->expires = expires;
	141	rv->content_type = content_type;
	142	/* rv->content_range */
	143	/* rv->keep_alive */
	144	rv->sline.set(Http::ProtocolVersion(), Http::scNotModified, nullptr);
	145
	146	for (t = 0; ImsEntries[t] != Http::HdrType::OTHER; ++t) {
	147	if ((e = header.findEntry(ImsEntries[t])))
	148	rv->header.addEntry(e->clone());
	149	}
	150
	151	if (cache_control)
	152	rv->putCc(*cache_control);
	153
	154	/* rv->body */
	155	return rv;
	156	}
	157
	158	MemBuf *
	159	HttpReply::packed304Reply() const
	160	{
	161	/* Not as efficient as skipping the header duplication,
	162	* but easier to maintain
	163	*/
	164	const auto temp = make304();
	165	MemBuf *rv = temp->pack();
	166	return rv;
	167	}
	168
	169	void
	170	HttpReply::setHeaders(Http::StatusCode status, const char *reason,
	171	const char *ctype, int64_t clen, time_t lmt, time_t expiresTime)
	172	{
	173	HttpHeader *hdr;
	174	sline.set(Http::ProtocolVersion(), status, reason);
	175	hdr = &header;
	176	hdr->putStr(Http::HdrType::SERVER, visible_appname_string);
	177	hdr->putStr(Http::HdrType::MIME_VERSION, "1.0");
	178	hdr->putTime(Http::HdrType::DATE, squid_curtime);
	179
	180	if (ctype) {
	181	hdr->putStr(Http::HdrType::CONTENT_TYPE, ctype);
	182	content_type = ctype;
	183	} else
	184	content_type = String();
	185
	186	if (clen >= 0)
	187	hdr->putInt64(Http::HdrType::CONTENT_LENGTH, clen);
	188
	189	if (expiresTime >= 0)
	190	hdr->putTime(Http::HdrType::EXPIRES, expiresTime);
	191
	192	if (lmt > 0) /* this used to be lmt != 0 @?@ */
	193	hdr->putTime(Http::HdrType::LAST_MODIFIED, lmt);
	194
	195	date = squid_curtime;
	196
	197	content_length = clen;
	198
	199	expires = expiresTime;
	200
	201	last_modified = lmt;
	202	}
	203
	204	void
	205	HttpReply::redirect(Http::StatusCode status, const char *loc)
	206	{
	207	HttpHeader *hdr;
	208	sline.set(Http::ProtocolVersion(), status, nullptr);
	209	hdr = &header;
	210	hdr->putStr(Http::HdrType::SERVER, visible_appname_string);
	211	hdr->putTime(Http::HdrType::DATE, squid_curtime);
	212	hdr->putInt64(Http::HdrType::CONTENT_LENGTH, 0);
	213	hdr->putStr(Http::HdrType::LOCATION, loc);
	214	date = squid_curtime;
	215	content_length = 0;
	216	}
	217
	218	/* compare the validators of two replies.
	219	* 1 = they match
	220	* 0 = they do not match
	221	*/
	222	int
	223	HttpReply::validatorsMatch(HttpReply const * otherRep) const
	224	{
	225	String one,two;
	226	assert (otherRep);
	227	/* Numbers first - easiest to check */
	228	/* Content-Length */
	229	/* TODO: remove -1 bypass */
	230
	231	if (content_length != otherRep->content_length
	232	&& content_length > -1 &&
	233	otherRep->content_length > -1)
	234	return 0;
	235
	236	/* ETag */
	237	one = header.getStrOrList(Http::HdrType::ETAG);
	238
	239	two = otherRep->header.getStrOrList(Http::HdrType::ETAG);
	240
	241	if (one.size()==0 \|\| two.size()==0 \|\| one.caseCmp(two)!=0 ) {
	242	one.clean();
	243	two.clean();
	244	return 0;
	245	}
	246
	247	if (last_modified != otherRep->last_modified)
	248	return 0;
	249
	250	/* MD5 */
	251	one = header.getStrOrList(Http::HdrType::CONTENT_MD5);
	252
	253	two = otherRep->header.getStrOrList(Http::HdrType::CONTENT_MD5);
	254
	255	if (one.size()==0 \|\| two.size()==0 \|\| one.caseCmp(two)!=0 ) {
	256	one.clean();
	257	two.clean();
	258	return 0;
	259	}
	260
	261	return 1;
	262	}
	263
	264	HttpReply::Pointer
	265	HttpReply::recreateOnNotModified(const HttpReply &reply304) const
	266	{
	267	// If enough 304s do not update, then this expensive checking is cheaper
	268	// than blindly storing reply prefix identical to the already stored one.
	269	if (!header.needUpdate(&reply304.header))
	270	return nullptr;
	271
	272	const Pointer cloned = clone();
	273	cloned->header.update(&reply304.header);
	274	cloned->hdrCacheClean();
	275	cloned->header.compact();
	276	cloned->hdrCacheInit();
	277	return cloned;
	278	}
	279
	280	/* internal routines */
	281
	282	time_t
	283	HttpReply::hdrExpirationTime()
	284	{
	285	/* The s-maxage and max-age directive takes priority over Expires */
	286
	287	if (cache_control) {
	288	int maxAge = -1;
	289	/*
	290	* Conservatively handle the case when we have a max-age
	291	* header, but no Date for reference?
	292	*/
	293	if (cache_control->hasSMaxAge(&maxAge) \|\| cache_control->hasMaxAge(&maxAge))
	294	return (date >= 0) ? date + maxAge : squid_curtime;
	295	}
	296
	297	if (Config.onoff.vary_ignore_expire &&
	298	header.has(Http::HdrType::VARY)) {
	299	const time_t d = header.getTime(Http::HdrType::DATE);
	300	const time_t e = header.getTime(Http::HdrType::EXPIRES);
	301
	302	if (d == e)
	303	return -1;
	304	}
	305
	306	if (header.has(Http::HdrType::EXPIRES)) {
	307	const time_t e = header.getTime(Http::HdrType::EXPIRES);
	308	/*
	309	* HTTP/1.0 says that robust implementations should consider
	310	* bad or malformed Expires header as equivalent to "expires
	311	* immediately."
	312	*/
	313	return e < 0 ? squid_curtime : e;
	314	}
	315
	316	return -1;
	317	}
	318
	319	/* sync this routine when you update HttpReply struct */
	320	void
	321	HttpReply::hdrCacheInit()
	322	{
	323	Http::Message::hdrCacheInit();
	324
	325	http_ver = sline.version;
	326	content_length = header.getInt64(Http::HdrType::CONTENT_LENGTH);
	327	date = header.getTime(Http::HdrType::DATE);
	328	last_modified = header.getTime(Http::HdrType::LAST_MODIFIED);
	329	surrogate_control = header.getSc();
	330	content_range = (sline.status() == Http::scPartialContent) ?
	331	header.getContRange() : nullptr;
	332	keep_alive = persistent() ? 1 : 0;
	333	const char *str = header.getStr(Http::HdrType::CONTENT_TYPE);
	334
	335	if (str)
	336	content_type.assign(str, strcspn(str, ";\t "));
	337	else
	338	content_type = String();
	339
	340	/* be sure to set expires after date and cache-control */
	341	expires = hdrExpirationTime();
	342	}
	343
	344	const HttpHdrContRange *
	345	HttpReply::contentRange() const
	346	{
	347	assert(!content_range \|\| sline.status() == Http::scPartialContent);
	348	return content_range;
	349	}
	350
	351	/* sync this routine when you update HttpReply struct */
	352	void
	353	HttpReply::hdrCacheClean()
	354	{
	355	content_type.clean();
	356
	357	if (cache_control) {
	358	delete cache_control;
	359	cache_control = nullptr;
	360	}
	361
	362	if (surrogate_control) {
	363	delete surrogate_control;
	364	surrogate_control = nullptr;
	365	}
	366
	367	if (content_range) {
	368	delete content_range;
	369	content_range = nullptr;
	370	}
	371	}
	372
	373	/*
	374	* Returns the body size of a HTTP response
	375	*/
	376	int64_t
	377	HttpReply::bodySize(const HttpRequestMethod& method) const
	378	{
	379	if (sline.version.major < 1)
	380	return -1;
	381	else if (method.id() == Http::METHOD_HEAD)
	382	return 0;
	383	else if (sline.status() == Http::scOkay)
	384	(void) 0; /* common case, continue */
	385	else if (sline.status() == Http::scNoContent)
	386	return 0;
	387	else if (sline.status() == Http::scNotModified)
	388	return 0;
	389	else if (sline.status() < Http::scOkay)
	390	return 0;
	391
	392	return content_length;
	393	}
	394
	395	/**
	396	* Checks the first line of an HTTP Reply is valid.
	397	* currently only checks "HTTP/" exists.
	398	*
	399	* NP: not all error cases are detected yet. Some are left for detection later in parse.
	400	*/
	401	bool
	402	HttpReply::sanityCheckStartLine(const char buf, const size_t hdr_len, Http::StatusCode error)
	403	{
	404	// hack warning: using psize instead of size here due to type mismatches with MemBuf.
	405
	406	// content is long enough to possibly hold a reply
	407	// 4 being magic size of a 3-digit number plus space delimiter
	408	if (hdr_len < (size_t)(protoPrefix.psize() + 4)) {
	409	if (hdr_len > 0) {
	410	debugs(58, 3, "Too small reply header (" << hdr_len << " bytes)");
	411	*error = Http::scInvalidHeader;
	412	}
	413	return false;
	414	}
	415
	416	int pos;
	417	// catch missing or mismatched protocol identifier
	418	// allow special-case for ICY protocol (non-HTTP identifier) in response to faked HTTP request.
	419	if (strncmp(buf, "ICY", 3) == 0) {
	420	protoPrefix = "ICY";
	421	pos = protoPrefix.psize();
	422	} else {
	423
	424	if (protoPrefix.cmp(buf, protoPrefix.size()) != 0) {
	425	debugs(58, 3, "missing protocol prefix (" << protoPrefix << ") in '" << buf << "'");
	426	*error = Http::scInvalidHeader;
	427	return false;
	428	}
	429
	430	// catch missing or negative status value (negative '-' is not a digit)
	431	pos = protoPrefix.psize();
	432
	433	// skip arbitrary number of digits and a dot in the version portion
	434	while ((size_t)pos <= hdr_len && ((buf+pos) == '.' \|\| xisdigit((buf+pos)) ) ) ++pos;
	435
	436	// catch missing version info
	437	if (pos == protoPrefix.psize()) {
	438	debugs(58, 3, "missing protocol version numbers (ie. " << protoPrefix << "/1.0) in '" << buf << "'");
	439	*error = Http::scInvalidHeader;
	440	return false;
	441	}
	442	}
	443
	444	// skip arbitrary number of spaces...
	445	while ((size_t)pos <= hdr_len && (char)*(buf+pos) == ' ') ++pos;
	446
	447	if ((size_t)pos < hdr_len && !xisdigit(*(buf+pos))) {
	448	debugs(58, 3, "missing or invalid status number in '" << buf << "'");
	449	*error = Http::scInvalidHeader;
	450	return false;
	451	}
	452
	453	return true;
	454	}
	455
	456	bool
	457	HttpReply::parseFirstLine(const char blk_start, const char blk_end)
	458	{
	459	return sline.parse(protoPrefix, blk_start, blk_end);
	460	}
	461
	462	size_t
	463	HttpReply::parseTerminatedPrefix(const char * const terminatedBuf, const size_t bufSize)
	464	{
	465	auto error = Http::scNone;
	466	const bool eof = false; // TODO: Remove after removing atEnd from HttpHeader::parse()
	467	if (parse(terminatedBuf, bufSize, eof, &error)) {
	468	debugs(58, 7, "success after accumulating " << bufSize << " bytes and parsing " << hdr_sz);
	469	Assure(pstate == Http::Message::psParsed);
	470	Assure(hdr_sz > 0);
	471	Assure(!Less(bufSize, hdr_sz)); // cannot parse more bytes than we have
	472	return hdr_sz; // success
	473	}
	474
	475	Assure(pstate != Http::Message::psParsed);
	476	hdr_sz = 0;
	477
	478	if (error) {
	479	throw TextException(ToSBuf("failed to parse HTTP headers",
	480	Debug::Extra, "parser error code: ", error,
	481	Debug::Extra, "accumulated unparsed bytes: ", bufSize,
	482	Debug::Extra, "reply_header_max_size: ", Config.maxReplyHeaderSize),
	483	Here());
	484	}
	485
	486	debugs(58, 3, "need more bytes after accumulating " << bufSize << " out of " << Config.maxReplyHeaderSize);
	487
	488	// the parse() call above enforces Config.maxReplyHeaderSize limit
	489	// XXX: Make this a strict comparison after fixing Http::Message::parse() enforcement
	490	Assure(bufSize <= Config.maxReplyHeaderSize);
	491	return 0; // parsed nothing, need more data
	492	}
	493
	494	size_t
	495	HttpReply::prefixLen() const
	496	{
	497	return sline.packedLength() + header.len + 2;
	498	}
	499
	500	void
	501	HttpReply::configureContentLengthInterpreter(Http::ContentLengthInterpreter &interpreter)
	502	{
	503	interpreter.applyStatusCodeRules(sline.status());
	504	}
	505
	506	bool
	507	HttpReply::parseHeader(Http1::Parser &hp)
	508	{
	509	Http::ContentLengthInterpreter clen;
	510	return Message::parseHeader(hp, clen);
	511	}
	512
	513	/* handy: resets and returns -1 */
	514	int
	515	HttpReply::httpMsgParseError()
	516	{
	517	int result(Http::Message::httpMsgParseError());
	518	/* indicate an error in the status line */
	519	sline.set(Http::ProtocolVersion(), Http::scInvalidHeader);
	520	return result;
	521	}
	522
	523	/*
	524	* Indicate whether or not we would usually expect an entity-body
	525	* along with this response
	526	*/
	527	bool
	528	HttpReply::expectingBody(const HttpRequestMethod& req_method, int64_t& theSize) const
	529	{
	530	bool expectBody = true;
	531
	532	if (req_method == Http::METHOD_HEAD)
	533	expectBody = false;
	534	else if (sline.status() == Http::scNoContent)
	535	expectBody = false;
	536	else if (sline.status() == Http::scNotModified)
	537	expectBody = false;
	538	// TODO: Consider assuming that gray-area 0xx responses have bodies, like 9xx responses.
	539	else if (sline.status() < Http::scOkay)
	540	expectBody = false;
	541	else
	542	expectBody = true;
	543
	544	if (expectBody) {
	545	if (header.chunked())
	546	theSize = -1;
	547	else if (content_length >= 0)
	548	theSize = content_length;
	549	else
	550	theSize = -1;
	551	}
	552
	553	return expectBody;
	554	}
	555
	556	bool
	557	HttpReply::receivedBodyTooLarge(HttpRequest& request, int64_t receivedSize)
	558	{
	559	calcMaxBodySize(request);
	560	debugs(58, 3, receivedSize << " >? " << bodySizeMax);
	561	return bodySizeMax >= 0 && receivedSize > bodySizeMax;
	562	}
	563
	564	bool
	565	HttpReply::expectedBodyTooLarge(HttpRequest& request)
	566	{
	567	calcMaxBodySize(request);
	568	debugs(58, 7, "bodySizeMax=" << bodySizeMax);
	569
	570	if (bodySizeMax < 0) // no body size limit
	571	return false;
	572
	573	int64_t expectedSize = -1;
	574	if (!expectingBody(request.method, expectedSize))
	575	return false;
	576
	577	debugs(58, 6, expectedSize << " >? " << bodySizeMax);
	578
	579	if (expectedSize < 0) // expecting body of an unknown length
	580	return false;
	581
	582	return expectedSize > bodySizeMax;
	583	}
	584
	585	void
	586	HttpReply::calcMaxBodySize(HttpRequest& request) const
	587	{
	588	// hack: -2 is used as "we have not calculated max body size yet" state
	589	if (bodySizeMax != -2) // already tried
	590	return;
	591	bodySizeMax = -1;
	592
	593	// short-circuit ACL testing if there are none configured
	594	if (!Config.ReplyBodySize)
	595	return;
	596
	597	ACLFilledChecklist ch(nullptr, &request);
	598	ch.updateReply(this);
	599	for (AclSizeLimit *l = Config.ReplyBodySize; l; l = l -> next) {
	600	/* if there is no ACL list or if the ACLs listed match use this size value */
	601	if (!l->aclList \|\| ch.fastCheck(l->aclList).allowed()) {
	602	debugs(58, 4, "bodySizeMax=" << bodySizeMax);
	603	bodySizeMax = l->size; // may be -1
	604	break;
	605	}
	606	}
	607	}
	608
	609	// XXX: check that this is sufficient for eCAP cloning
	610	HttpReply *
	611	HttpReply::clone() const
	612	{
	613	HttpReply *rep = new HttpReply();
	614	rep->sline = sline; // used in hdrCacheInit() call below
	615	rep->header.append(&header);
	616	rep->hdrCacheInit();
	617	rep->hdr_sz = hdr_sz;
	618	rep->http_ver = http_ver;
	619	rep->pstate = pstate;
	620	rep->body_pipe = body_pipe;
	621
	622	// keep_alive is handled in hdrCacheInit()
	623	return rep;
	624	}
	625
	626	bool
	627	HttpReply::inheritProperties(const Http::Message *aMsg)
	628	{
	629	const HttpReply aRep = dynamic_cast<const HttpReply>(aMsg);
	630	if (!aRep)
	631	return false;
	632	keep_alive = aRep->keep_alive;
	633	sources = aRep->sources;
	634	return true;
	635	}
	636
	637	bool
	638	HttpReply::olderThan(const HttpReply *them) const
	639	{
	640	if (!them \|\| !them->date \|\| !date)
	641	return false;
	642	return date < them->date;
	643	}
	644
	645	void
	646	HttpReply::removeIrrelevantContentLength() {
	647	if (Http::ProhibitsContentLength(sline.status()))
	648	if (header.delById(Http::HdrType::CONTENT_LENGTH))
	649	debugs(58, 3, "Removing unexpected Content-Length header");
	650	}
	651