X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=cups%2Fhttp.c;h=61b88c9db73a38d0bab9896fb996b7c092a0c973;hb=98d88c8d4796d2adc7b0afeb99ae8f34eae42e63;hp=5beb9a94f73e7cab08ad287287bb8aa78d005f49;hpb=d22632216241cc6e49665449b1a0d906668ea252;p=thirdparty%2Fcups.git diff --git a/cups/http.c b/cups/http.c index 5beb9a94f..61b88c9db 100644 --- a/cups/http.c +++ b/cups/http.c @@ -1,9 +1,7 @@ /* - * "$Id$" - * * HTTP routines for CUPS. * - * Copyright 2007-2013 by Apple Inc. + * Copyright 2007-2017 by Apple Inc. * Copyright 1997-2007 by Easy Software Products, all rights reserved. * * This file contains Kerberos support code, copyright 2006 by @@ -13,7 +11,7 @@ * property of Apple Inc. and are protected by Federal copyright * law. Distribution and use rights are outlined in the file "LICENSE.txt" * which should have been included with this file. If this file is - * file is missing or damaged, see the license at "http://www.cups.org/". + * missing or damaged, see the license at "http://www.cups.org/". * * This file is subject to the Apple OS-Developed Software exception. */ @@ -68,22 +66,7 @@ static void http_set_timeout(int fd, double timeout); static void http_set_wait(http_t *http); #ifdef HAVE_SSL -static size_t http_tls_pending(http_t *http); -static int http_tls_read(http_t *http, char *buf, int len); -static int http_tls_set_credentials(http_t *http); -static int http_tls_start(http_t *http); -static void http_tls_stop(http_t *http); static int http_tls_upgrade(http_t *http); -static int http_tls_write(http_t *http, const char *buf, int len); -# ifdef HAVE_LIBSSL -# include "tls-openssl.c" -# elif defined(HAVE_GNUTLS) -# include "tls-gnutls.c" -# elif defined(HAVE_CDSASSL) -# include "tls-darwin.c" -# else -# include "tls-sspi.c" -# endif /* HAVE_LIBSSL */ #endif /* HAVE_SSL */ @@ -130,7 +113,7 @@ static const char * const http_fields[] = * 'httpAcceptConnection()' - Accept a new HTTP client connection from the * specified listening socket. * - * @since CUPS 1.7/OS X 10.9@ + * @since CUPS 1.7/macOS 10.9@ */ http_t * /* O - HTTP connection or @code NULL@ */ @@ -220,7 +203,7 @@ httpAcceptConnection(int fd, /* I - Listen socket file descriptor */ * * Use @code cupsArrayNew(NULL, NULL)@ to create a credentials array. * - * @since CUPS 1.5/OS X 10.7@ + * @since CUPS 1.5/macOS 10.7@ */ int /* O - 0 on success, -1 on error */ @@ -280,7 +263,7 @@ httpCheck(http_t *http) /* I - HTTP connection */ /* * 'httpClearCookie()' - Clear the cookie value(s). * - * @since CUPS 1.1.19/OS X 10.3@ + * @since CUPS 1.1.19/macOS 10.3@ */ void @@ -304,7 +287,7 @@ httpClearCookie(http_t *http) /* I - HTTP connection */ void httpClearFields(http_t *http) /* I - HTTP connection */ { - DEBUG_printf(("httpClearFields(http=%p)", http)); + DEBUG_printf(("httpClearFields(http=%p)", (void *)http)); if (http) { @@ -359,7 +342,7 @@ httpClose(http_t *http) /* I - HTTP connection */ #endif /* HAVE_GSSAPI */ - DEBUG_printf(("httpClose(http=%p)", http)); + DEBUG_printf(("httpClose(http=%p)", (void *)http)); /* * Range check input... @@ -405,12 +388,36 @@ httpClose(http_t *http) /* I - HTTP connection */ } +/* + * 'httpCompareCredentials()' - Compare two sets of X.509 credentials. + * + * @since CUPS 2.0/OS 10.10@ + */ + +int /* O - 1 if they match, 0 if they do not */ +httpCompareCredentials( + cups_array_t *cred1, /* I - First set of X.509 credentials */ + cups_array_t *cred2) /* I - Second set of X.509 credentials */ +{ + http_credential_t *temp1, *temp2; /* Temporary credentials */ + + + for (temp1 = (http_credential_t *)cupsArrayFirst(cred1), temp2 = (http_credential_t *)cupsArrayFirst(cred2); temp1 && temp2; temp1 = (http_credential_t *)cupsArrayNext(cred1), temp2 = (http_credential_t *)cupsArrayNext(cred2)) + if (temp1->datalen != temp2->datalen) + return (0); + else if (memcmp(temp1->data, temp2->data, temp1->datalen)) + return (0); + + return (temp1 == temp2); +} + + /* * 'httpConnect()' - Connect to a HTTP server. * * This function is deprecated - use @link httpConnect2@ instead. * - * @deprecated@ + * @deprecated@ @exclude all@ */ http_t * /* O - New HTTP connection */ @@ -425,14 +432,14 @@ httpConnect(const char *host, /* I - Host to connect to */ /* * 'httpConnect2()' - Connect to a HTTP server. * - * @since CUPS 1.7/OS X 10.9@ + * @since CUPS 1.7/macOS 10.9@ */ http_t * /* O - New HTTP connection */ httpConnect2( const char *host, /* I - Host to connect to */ int port, /* I - Port number */ - http_addrlist_t *addrlist, /* I - List of addresses or NULL to lookup */ + http_addrlist_t *addrlist, /* I - List of addresses or @code NULL@ to lookup */ int family, /* I - Address family to use or @code AF_UNSPEC@ for any */ http_encryption_t encryption, /* I - Type of encryption to use */ int blocking, /* I - 1 for blocking connection, 0 for non-blocking */ @@ -442,9 +449,7 @@ httpConnect2( http_t *http; /* New HTTP connection */ - DEBUG_printf(("httpConnect2(host=\"%s\", port=%d, addrlist=%p, family=%d, " - "encryption=%d, blocking=%d, msec=%d, cancel=%p)", host, port, - addrlist, family, encryption, blocking, msec, cancel)); + DEBUG_printf(("httpConnect2(host=\"%s\", port=%d, addrlist=%p, family=%d, encryption=%d, blocking=%d, msec=%d, cancel=%p)", host, port, (void *)addrlist, family, encryption, blocking, msec, (void *)cancel)); /* * Create the HTTP structure... @@ -477,7 +482,7 @@ httpConnect2( * This function is now deprecated. Please use the @link httpConnect2@ function * instead. * - * @deprecated@ + * @deprecated@ @exclude all@ */ http_t * /* O - New HTTP connection */ @@ -515,7 +520,7 @@ _httpDisconnect(http_t *http) /* I - HTTP connection */ { #ifdef HAVE_SSL if (http->tls) - http_tls_stop(http); + _httpTLSStop(http); #endif /* HAVE_SSL */ httpAddrClose(NULL, http->fd); @@ -532,7 +537,7 @@ int /* O - -1 on error, 0 on success */ httpEncryption(http_t *http, /* I - HTTP connection */ http_encryption_t e) /* I - New encryption preference */ { - DEBUG_printf(("httpEncryption(http=%p, e=%d)", http, e)); + DEBUG_printf(("httpEncryption(http=%p, e=%d)", (void *)http, e)); #ifdef HAVE_SSL if (!http) @@ -557,7 +562,7 @@ httpEncryption(http_t *http, /* I - HTTP connection */ http->encryption = e; if (e != HTTP_ENCRYPTION_IF_REQUESTED && !http->tls) - return (http_tls_start(http)); + return (_httpTLSStart(http)); else return (0); } @@ -604,7 +609,7 @@ httpFieldValue(const char *name) /* I - String name */ /* - * 'httpFlush()' - Flush data from a HTTP connection. + * 'httpFlush()' - Flush data read from a HTTP connection. */ void @@ -615,8 +620,7 @@ httpFlush(http_t *http) /* I - HTTP connection */ http_state_t oldstate; /* Old state */ - DEBUG_printf(("httpFlush(http=%p), state=%s", http, - httpStateString(http->state))); + DEBUG_printf(("httpFlush(http=%p), state=%s", (void *)http, httpStateString(http->state))); /* * Nothing to do if we are in the "waiting" state... @@ -664,7 +668,7 @@ httpFlush(http_t *http) /* I - HTTP connection */ #ifdef HAVE_SSL if (http->tls) - http_tls_stop(http); + _httpTLSStop(http); #endif /* HAVE_SSL */ httpAddrClose(NULL, http->fd); @@ -675,19 +679,18 @@ httpFlush(http_t *http) /* I - HTTP connection */ /* - * 'httpFlushWrite()' - Flush data in write buffer. + * 'httpFlushWrite()' - Flush data written to a HTTP connection. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ int /* O - Bytes written or -1 on error */ httpFlushWrite(http_t *http) /* I - HTTP connection */ { - int bytes; /* Bytes written */ + ssize_t bytes; /* Bytes written */ - DEBUG_printf(("httpFlushWrite(http=%p) data_encoding=%d", http, - http ? http->data_encoding : -1)); + DEBUG_printf(("httpFlushWrite(http=%p) data_encoding=%d", (void *)http, http ? http->data_encoding : 100)); if (!http || !http->wused) { @@ -697,15 +700,15 @@ httpFlushWrite(http_t *http) /* I - HTTP connection */ } if (http->data_encoding == HTTP_ENCODING_CHUNKED) - bytes = http_write_chunk(http, http->wbuffer, http->wused); + bytes = http_write_chunk(http, http->wbuffer, (size_t)http->wused); else - bytes = http_write(http, http->wbuffer, http->wused); + bytes = http_write(http, http->wbuffer, (size_t)http->wused); http->wused = 0; - DEBUG_printf(("1httpFlushWrite: Returning %d, errno=%d.", bytes, errno)); + DEBUG_printf(("1httpFlushWrite: Returning %d, errno=%d.", (int)bytes, errno)); - return (bytes); + return ((int)bytes); } @@ -748,9 +751,9 @@ httpGet(http_t *http, /* I - HTTP connection */ /* * 'httpGetActivity()' - Get the most recent activity for a connection. * - * The return value is the UNIX time of the last read or write. + * The return value is the time in seconds of the last read or write. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ time_t /* O - Time of last read or write */ @@ -763,12 +766,12 @@ httpGetActivity(http_t *http) /* I - HTTP connection */ /* * 'httpGetAuthString()' - Get the current authorization string. * - * The authorization string is set by cupsDoAuthentication() and - * httpSetAuthString(). Use httpGetAuthString() to retrieve the - * string to use with httpSetField() for the HTTP_FIELD_AUTHORIZATION - * value. + * The authorization string is set by @link cupsDoAuthentication@ and + * @link httpSetAuthString@. Use @link httpGetAuthString@ to retrieve the + * string to use with @link httpSetField@ for the + * @code HTTP_FIELD_AUTHORIZATION@ value. * - * @since CUPS 1.3/OS X 10.5@ + * @since CUPS 1.3/macOS 10.5@ */ char * /* O - Authorization string */ @@ -784,7 +787,7 @@ httpGetAuthString(http_t *http) /* I - HTTP connection */ /* * 'httpGetBlocking()' - Get the blocking/non-block state of a connection. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ int /* O - 1 if blocking, 0 if non-blocking */ @@ -803,7 +806,7 @@ httpGetBlocking(http_t *http) /* I - HTTP connection */ * client. The value returned can be use in subsequent requests (for clients) * or in the response (for servers) in order to compress the content stream. * - * @since CUPS 1.7/OS X 10.9@ + * @since CUPS 1.7/macOS 10.9@ */ const char * /* O - Content-Coding value or @@ -885,11 +888,11 @@ httpGetContentEncoding(http_t *http) /* I - HTTP connection */ /* * 'httpGetCookie()' - Get any cookie data from the response. * - * @since CUPS 1.1.19/OS X 10.3@ + * @since CUPS 1.1.19/macOS 10.3@ */ -const char * /* O - Cookie data or NULL */ -httpGetCookie(http_t *http) /* I - HTTP connecion */ +const char * /* O - Cookie data or @code NULL@ */ +httpGetCookie(http_t *http) /* I - HTTP connection */ { return (http ? http->cookie : NULL); } @@ -902,7 +905,7 @@ httpGetCookie(http_t *http) /* I - HTTP connecion */ * @link httpIsEncrypted@ function to determine whether a TLS session has * been established. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ http_encryption_t /* O - Current encryption mode */ @@ -918,7 +921,7 @@ httpGetEncryption(http_t *http) /* I - HTTP connection */ * Returns @code HTTP_STATUS_NONE@ if there is no Expect header, otherwise * returns the expected HTTP status code, typically @code HTTP_STATUS_CONTINUE@. * - * @since CUPS 1.7/OS X 10.9@ + * @since CUPS 1.7/macOS 10.9@ */ http_status_t /* O - Expect: status, if any */ @@ -934,7 +937,7 @@ httpGetExpect(http_t *http) /* I - HTTP connection */ /* * 'httpGetFd()' - Get the file descriptor associated with a connection. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ int /* O - File descriptor or -1 if none */ @@ -986,7 +989,7 @@ httpGetField(http_t *http, /* I - HTTP connection */ /* * 'httpGetKeepAlive()' - Get the current Keep-Alive state of the connection. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ http_keepalive_t /* O - Keep-Alive state */ @@ -1003,7 +1006,7 @@ httpGetKeepAlive(http_t *http) /* I - HTTP connection */ * This function is deprecated and will not return lengths larger than * 2^31 - 1; use httpGetLength2() instead. * - * @deprecated@ + * @deprecated@ @exclude all@ */ int /* O - Content length */ @@ -1031,7 +1034,7 @@ httpGetLength(http_t *http) /* I - HTTP connection */ * This function returns the complete content length, even for * content larger than 2^31 - 1. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ off_t /* O - Content length */ @@ -1040,8 +1043,7 @@ httpGetLength2(http_t *http) /* I - HTTP connection */ off_t remaining; /* Remaining length */ - DEBUG_printf(("2httpGetLength2(http=%p), state=%s", http, - httpStateString(http->state))); + DEBUG_printf(("2httpGetLength2(http=%p), state=%s", (void *)http, httpStateString(http->state))); if (!http) return (-1); @@ -1095,20 +1097,20 @@ httpGetLength2(http_t *http) /* I - HTTP connection */ /* * 'httpGetPending()' - Get the number of bytes that are buffered for writing. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ size_t /* O - Number of bytes buffered */ httpGetPending(http_t *http) /* I - HTTP connection */ { - return (http ? http->wused : 0); + return (http ? (size_t)http->wused : 0); } /* * 'httpGetReady()' - Get the number of bytes that can be read without blocking. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ size_t /* O - Number of bytes available */ @@ -1117,23 +1119,10 @@ httpGetReady(http_t *http) /* I - HTTP connection */ if (!http) return (0); else if (http->used > 0) - return (http->used); + return ((size_t)http->used); #ifdef HAVE_SSL else if (http->tls) - { - size_t ready; /* Ready bytes */ - -# ifdef HAVE_LIBSSL - if ((ready = SSL_pending((SSL *)(http->tls))) > 0) - return (ready); -# elif defined(HAVE_GNUTLS) - if ((ready = gnutls_record_check_pending(http->tls)) > 0) - return (ready); -# elif defined(HAVE_CDSASSL) - if (!SSLGetBufferedReadSize(http->tls, &ready) && ready > 0) - return (ready); -# endif /* HAVE_LIBSSL */ - } + return (_httpTLSPending(http)); #endif /* HAVE_SSL */ return (0); @@ -1147,13 +1136,13 @@ httpGetReady(http_t *http) /* I - HTTP connection */ * The @link httpIsChunked@ function can be used to determine whether the * message body is chunked or fixed-length. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ size_t /* O - Remaining bytes */ httpGetRemaining(http_t *http) /* I - HTTP connection */ { - return (http ? http->data_remaining : 0); + return (http ? (size_t)http->data_remaining : 0); } @@ -1161,20 +1150,20 @@ httpGetRemaining(http_t *http) /* I - HTTP connection */ * 'httpGets()' - Get a line of text from a HTTP connection. */ -char * /* O - Line or NULL */ +char * /* O - Line or @code NULL@ */ httpGets(char *line, /* I - Line to read into */ int length, /* I - Max length of buffer */ http_t *http) /* I - HTTP connection */ { - char *lineptr, /* Pointer into line */ - *lineend, /* End of line */ - *bufptr, /* Pointer into input buffer */ - *bufend; /* Pointer to end of buffer */ - int bytes, /* Number of bytes read */ - eol; /* End-of-line? */ + char *lineptr, /* Pointer into line */ + *lineend, /* End of line */ + *bufptr, /* Pointer into input buffer */ + *bufend; /* Pointer to end of buffer */ + ssize_t bytes; /* Number of bytes read */ + int eol; /* End-of-line? */ - DEBUG_printf(("2httpGets(line=%p, length=%d, http=%p)", line, length, http)); + DEBUG_printf(("2httpGets(line=%p, length=%d, http=%p)", (void *)line, length, (void *)http)); if (!http || !line || length <= 1) return (NULL); @@ -1220,10 +1209,9 @@ httpGets(char *line, /* I - Line to read into */ return (NULL); } - bytes = http_read(http, http->buffer + http->used, - HTTP_MAX_BUFFER - http->used); + bytes = http_read(http, http->buffer + http->used, (size_t)(HTTP_MAX_BUFFER - http->used)); - DEBUG_printf(("4httpGets: read %d bytes.", bytes)); + DEBUG_printf(("4httpGets: read " CUPS_LLFMT " bytes.", CUPS_LLCAST bytes)); if (bytes < 0) { @@ -1283,7 +1271,7 @@ httpGets(char *line, /* I - Line to read into */ * Yup, update the amount used... */ - http->used += bytes; + http->used += (int)bytes; } /* @@ -1307,7 +1295,7 @@ httpGets(char *line, /* I - Line to read into */ http->used -= (int)(bufptr - http->buffer); if (http->used > 0) - memmove(http->buffer, bufptr, http->used); + memmove(http->buffer, bufptr, (size_t)http->used); if (eol) { @@ -1345,7 +1333,7 @@ httpGetState(http_t *http) /* I - HTTP connection */ /* * 'httpGetStatus()' - Get the status of the last HTTP request. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ http_status_t /* O - HTTP status */ @@ -1358,10 +1346,10 @@ httpGetStatus(http_t *http) /* I - HTTP connection */ /* * 'httpGetSubField()' - Get a sub-field value. * - * @deprecated@ + * @deprecated@ @exclude all@ */ -char * /* O - Value or NULL */ +char * /* O - Value or @code NULL@ */ httpGetSubField(http_t *http, /* I - HTTP connection */ http_field_t field, /* I - Field index */ const char *name, /* I - Name of sub-field */ @@ -1374,10 +1362,10 @@ httpGetSubField(http_t *http, /* I - HTTP connection */ /* * 'httpGetSubField2()' - Get a sub-field value. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ -char * /* O - Value or NULL */ +char * /* O - Value or @code NULL@ */ httpGetSubField2(http_t *http, /* I - HTTP connection */ http_field_t field, /* I - Field index */ const char *name, /* I - Name of sub-field */ @@ -1389,8 +1377,7 @@ httpGetSubField2(http_t *http, /* I - HTTP connection */ *ptr, /* Pointer into string buffer */ *end; /* End of value buffer */ - DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, " - "valuelen=%d)", http, field, name, value, valuelen)); + DEBUG_printf(("2httpGetSubField2(http=%p, field=%d, name=\"%s\", value=%p, valuelen=%d)", (void *)http, field, name, (void *)value, valuelen)); if (!http || !name || !value || valuelen < 2 || field <= HTTP_FIELD_UNKNOWN || field >= HTTP_FIELD_MAX) @@ -1522,7 +1509,7 @@ int /* O - Status of call (0 = success) */ httpHead(http_t *http, /* I - HTTP connection */ const char *uri) /* I - URI for head */ { - DEBUG_printf(("httpHead(http=%p, uri=\"%s\")", http, uri)); + DEBUG_printf(("httpHead(http=%p, uri=\"%s\")", (void *)http, uri)); return (http_send(http, HTTP_STATE_HEAD, uri)); } @@ -1539,10 +1526,6 @@ httpInitialize(void) #ifdef WIN32 WSADATA winsockdata; /* WinSock data */ #endif /* WIN32 */ -#ifdef HAVE_LIBSSL - int i; /* Looping var */ - unsigned char data[1024]; /* Seed data */ -#endif /* HAVE_LIBSSL */ _cupsGlobalLock(); @@ -1577,7 +1560,7 @@ httpInitialize(void) #endif /* WIN32 */ # ifdef HAVE_SSL - http_tls_initialize(); + _httpTLSInitialize(); # endif /* HAVE_SSL */ initialized = 1; @@ -1591,7 +1574,7 @@ httpInitialize(void) * This function returns non-zero if the message body is composed of * variable-length chunks. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ int /* O - 1 if chunked, 0 if not */ @@ -1606,7 +1589,7 @@ httpIsChunked(http_t *http) /* I - HTTP connection */ * * This function returns non-zero if the connection is currently encrypted. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ int /* O - 1 if encrypted, 0 if not */ @@ -1633,11 +1616,11 @@ httpOptions(http_t *http, /* I - HTTP connection */ * * This function copies available data from the given HTTP connection, reading * a buffer as needed. The data is still available for reading using - * @link httpRead@ or @link httpRead2@. + * @link httpRead2@. * * For non-blocking connections the usual timeouts apply. * - * @since CUPS 1.7/OS X 10.9@ + * @since CUPS 1.7/macOS 10.9@ */ ssize_t /* O - Number of bytes copied */ @@ -1649,8 +1632,7 @@ httpPeek(http_t *http, /* I - HTTP connection */ char len[32]; /* Length string */ - DEBUG_printf(("httpPeek(http=%p, buffer=%p, length=" CUPS_LLFMT ")", - http, buffer, CUPS_LLCAST length)); + DEBUG_printf(("httpPeek(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length)); if (http == NULL || buffer == NULL) return (-1); @@ -1702,7 +1684,7 @@ httpPeek(http_t *http, /* I - HTTP connection */ */ #ifdef HAVE_LIBZ - if (http->coding) + if (http->coding >= _HTTP_CODING_GUNZIP) http_content_coding_finish(http); #endif /* HAVE_LIBZ */ @@ -1730,7 +1712,8 @@ httpPeek(http_t *http, /* I - HTTP connection */ #ifdef HAVE_LIBZ if (http->used == 0 && - (http->coding == _HTTP_CODING_IDENTITY || http->stream.avail_in == 0)) + (http->coding == _HTTP_CODING_IDENTITY || + (http->coding >= _HTTP_CODING_GUNZIP && http->stream.avail_in == 0))) #else if (http->used == 0) #endif /* HAVE_LIBZ */ @@ -1752,13 +1735,13 @@ httpPeek(http_t *http, /* I - HTTP connection */ } } - if (http->data_remaining > sizeof(http->buffer)) + if ((size_t)http->data_remaining > sizeof(http->buffer)) buflen = sizeof(http->buffer); else - buflen = http->data_remaining; + buflen = (ssize_t)http->data_remaining; DEBUG_printf(("2httpPeek: Reading %d bytes into buffer.", (int)buflen)); - bytes = http_read(http, http->buffer, buflen); + bytes = http_read(http, http->buffer, (size_t)buflen); DEBUG_printf(("2httpPeek: Read " CUPS_LLFMT " bytes into buffer.", CUPS_LLCAST bytes)); @@ -1768,12 +1751,12 @@ httpPeek(http_t *http, /* I - HTTP connection */ http_debug_hex("httpPeek", http->buffer, (int)bytes); #endif /* DEBUG */ - http->used = bytes; + http->used = (int)bytes; } } #ifdef HAVE_LIBZ - if (http->coding) + if (http->coding >= _HTTP_CODING_GUNZIP) { # ifdef HAVE_INFLATECOPY int zerr; /* Decompressor error */ @@ -1785,27 +1768,27 @@ httpPeek(http_t *http, /* I - HTTP connection */ /* Number of bytes to copy */ if (http->stream.avail_in > 0 && - http->stream.next_in > http->dbuffer) - memmove(http->dbuffer, http->stream.next_in, http->stream.avail_in); + http->stream.next_in > http->sbuffer) + memmove(http->sbuffer, http->stream.next_in, http->stream.avail_in); - http->stream.next_in = http->dbuffer; + http->stream.next_in = http->sbuffer; - if (buflen > http->data_remaining) - buflen = http->data_remaining; + if (buflen > (size_t)http->data_remaining) + buflen = (size_t)http->data_remaining; - if (buflen > http->used) - buflen = http->used; + if (buflen > (size_t)http->used) + buflen = (size_t)http->used; DEBUG_printf(("1httpPeek: Copying %d more bytes of data into " "decompression buffer.", (int)buflen)); - memcpy(http->dbuffer + http->stream.avail_in, http->buffer, buflen); + memcpy(http->sbuffer + http->stream.avail_in, http->buffer, buflen); http->stream.avail_in += buflen; - http->used -= buflen; - http->data_remaining -= buflen; + http->used -= (int)buflen; + http->data_remaining -= (off_t)buflen; if (http->used > 0) - memmove(http->buffer, http->buffer + buflen, http->used); + memmove(http->buffer, http->buffer + buflen, (size_t)http->used); } DEBUG_printf(("2httpPeek: length=%d, avail_in=%d", (int)length, @@ -1819,7 +1802,7 @@ httpPeek(http_t *http, /* I - HTTP connection */ } stream.next_out = (Bytef *)buffer; - stream.avail_out = length; + stream.avail_out = (uInt)length; zerr = inflate(&stream, Z_SYNC_FLUSH); inflateEnd(&stream); @@ -1828,15 +1811,14 @@ httpPeek(http_t *http, /* I - HTTP connection */ { DEBUG_printf(("2httpPeek: zerr=%d", zerr)); #ifdef DEBUG - http_debug_hex("2httpPeek", (char *)http->dbuffer, - http->stream.avail_in); + http_debug_hex("2httpPeek", (char *)http->sbuffer, (int)http->stream.avail_in); #endif /* DEBUG */ http->error = EIO; return (-1); } - bytes = length - http->stream.avail_out; + bytes = (ssize_t)(length - http->stream.avail_out); # else DEBUG_puts("2httpPeek: No inflateCopy on this platform, httpPeek does not " @@ -1908,21 +1890,21 @@ httpPrintf(http_t *http, /* I - HTTP connection */ const char *format, /* I - printf-style format string */ ...) /* I - Additional args as needed */ { - int bytes; /* Number of bytes to write */ + ssize_t bytes; /* Number of bytes to write */ char buf[16384]; /* Buffer for formatted string */ va_list ap; /* Variable argument pointer */ - DEBUG_printf(("2httpPrintf(http=%p, format=\"%s\", ...)", http, format)); + DEBUG_printf(("2httpPrintf(http=%p, format=\"%s\", ...)", (void *)http, format)); va_start(ap, format); bytes = vsnprintf(buf, sizeof(buf), format, ap); va_end(ap); - DEBUG_printf(("3httpPrintf: (%d bytes) %s", bytes, buf)); + DEBUG_printf(("3httpPrintf: (" CUPS_LLFMT " bytes) %s", CUPS_LLCAST bytes, buf)); if (http->data_encoding == HTTP_ENCODING_FIELDS) - return (httpWrite2(http, buf, bytes)); + return ((int)httpWrite2(http, buf, (size_t)bytes)); else { if (http->wused) @@ -1933,7 +1915,7 @@ httpPrintf(http_t *http, /* I - HTTP connection */ return (-1); } - return (http_write(http, buf, bytes)); + return ((int)http_write(http, buf, (size_t)bytes)); } } @@ -1946,7 +1928,7 @@ int /* O - Status of call (0 = success) */ httpPut(http_t *http, /* I - HTTP connection */ const char *uri) /* I - URI to put */ { - DEBUG_printf(("httpPut(http=%p, uri=\"%s\")", http, uri)); + DEBUG_printf(("httpPut(http=%p, uri=\"%s\")", (void *)http, uri)); return (http_send(http, HTTP_STATE_PUT, uri)); } @@ -1957,7 +1939,7 @@ httpPut(http_t *http, /* I - HTTP connection */ * This function is deprecated. Use the httpRead2() function which can * read more than 2GB of data. * - * @deprecated@ + * @deprecated@ @exclude all@ */ int /* O - Number of bytes read */ @@ -1965,14 +1947,14 @@ httpRead(http_t *http, /* I - HTTP connection */ char *buffer, /* I - Buffer for data */ int length) /* I - Maximum number of bytes */ { - return ((int)httpRead2(http, buffer, length)); + return ((int)httpRead2(http, buffer, (size_t)length)); } /* * 'httpRead2()' - Read data from a HTTP connection. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ ssize_t /* O - Number of bytes read */ @@ -1984,16 +1966,9 @@ httpRead2(http_t *http, /* I - HTTP connection */ #ifdef HAVE_LIBZ - DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT - ") coding=%d data_encoding=%d data_remaining=" CUPS_LLFMT, - http, buffer, CUPS_LLCAST length, - http->coding, - http->data_encoding, CUPS_LLCAST http->data_remaining)); + DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ") coding=%d data_encoding=%d data_remaining=" CUPS_LLFMT, (void *)http, (void *)buffer, CUPS_LLCAST length, http->coding, http->data_encoding, CUPS_LLCAST http->data_remaining)); #else - DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT - ") data_encoding=%d data_remaining=" CUPS_LLFMT, - http, buffer, CUPS_LLCAST length, - http->data_encoding, CUPS_LLCAST http->data_remaining)); + DEBUG_printf(("httpRead2(http=%p, buffer=%p, length=" CUPS_LLFMT ") data_encoding=%d data_remaining=" CUPS_LLFMT, (void *)http, (void *)buffer, CUPS_LLCAST length, http->data_encoding, CUPS_LLCAST http->data_remaining)); #endif /* HAVE_LIBZ */ if (http == NULL || buffer == NULL) @@ -2006,7 +1981,7 @@ httpRead2(http_t *http, /* I - HTTP connection */ return (0); #ifdef HAVE_LIBZ - if (http->coding) + if (http->coding >= _HTTP_CODING_GUNZIP) { do { @@ -2018,21 +1993,20 @@ httpRead2(http_t *http, /* I - HTTP connection */ (int)http->stream.avail_in, (int)length)); http->stream.next_out = (Bytef *)buffer; - http->stream.avail_out = length; + http->stream.avail_out = (uInt)length; if ((zerr = inflate(&(http->stream), Z_SYNC_FLUSH)) < Z_OK) { DEBUG_printf(("2httpRead2: zerr=%d", zerr)); #ifdef DEBUG - http_debug_hex("2httpRead2", (char *)http->dbuffer, - http->stream.avail_in); + http_debug_hex("2httpRead2", (char *)http->sbuffer, (int)http->stream.avail_in); #endif /* DEBUG */ http->error = EIO; return (-1); } - bytes = length - http->stream.avail_out; + bytes = (ssize_t)(length - http->stream.avail_out); DEBUG_printf(("2httpRead2: avail_in=%d, avail_out=%d, bytes=%d", http->stream.avail_in, http->stream.avail_out, @@ -2043,16 +2017,16 @@ httpRead2(http_t *http, /* I - HTTP connection */ if (bytes == 0) { - ssize_t buflen = HTTP_MAX_BUFFER - http->stream.avail_in; + ssize_t buflen = HTTP_MAX_BUFFER - (ssize_t)http->stream.avail_in; /* Additional bytes for buffer */ if (buflen > 0) { if (http->stream.avail_in > 0 && - http->stream.next_in > http->dbuffer) - memmove(http->dbuffer, http->stream.next_in, http->stream.avail_in); + http->stream.next_in > http->sbuffer) + memmove(http->sbuffer, http->stream.next_in, http->stream.avail_in); - http->stream.next_in = http->dbuffer; + http->stream.next_in = http->sbuffer; DEBUG_printf(("1httpRead2: Reading up to %d more bytes of data into " "decompression buffer.", (int)buflen)); @@ -2060,16 +2034,12 @@ httpRead2(http_t *http, /* I - HTTP connection */ if (http->data_remaining > 0) { if (buflen > http->data_remaining) - buflen = http->data_remaining; + buflen = (ssize_t)http->data_remaining; - bytes = http_read_buffered(http, - (char *)http->dbuffer + - http->stream.avail_in, buflen); + bytes = http_read_buffered(http, (char *)http->sbuffer + http->stream.avail_in, (size_t)buflen); } else if (http->data_encoding == HTTP_ENCODING_CHUNKED) - bytes = http_read_chunk(http, - (char *)http->dbuffer + - http->stream.avail_in, buflen); + bytes = http_read_chunk(http, (char *)http->sbuffer + http->stream.avail_in, (size_t)buflen); else bytes = 0; @@ -2082,7 +2052,7 @@ httpRead2(http_t *http, /* I - HTTP connection */ "decompression buffer.", CUPS_LLCAST bytes)); http->data_remaining -= bytes; - http->stream.avail_in += bytes; + http->stream.avail_in += (uInt)bytes; if (http->data_remaining <= 0 && http->data_encoding == HTTP_ENCODING_CHUNKED) @@ -2160,14 +2130,15 @@ httpRead2(http_t *http, /* I - HTTP connection */ if ( #ifdef HAVE_LIBZ - (http->coding == _HTTP_CODING_IDENTITY || http->stream.avail_in == 0) && + (http->coding == _HTTP_CODING_IDENTITY || + (http->coding >= _HTTP_CODING_GUNZIP && http->stream.avail_in == 0)) && #endif /* HAVE_LIBZ */ ((http->data_remaining <= 0 && http->data_encoding == HTTP_ENCODING_LENGTH) || (http->data_encoding == HTTP_ENCODING_CHUNKED && bytes == 0))) { #ifdef HAVE_LIBZ - if (http->coding) + if (http->coding >= _HTTP_CODING_GUNZIP) http_content_coding_finish(http); #endif /* HAVE_LIBZ */ @@ -2190,7 +2161,7 @@ httpRead2(http_t *http, /* I - HTTP connection */ /* * 'httpReadRequest()' - Read a HTTP request from a connection. * - * @since CUPS 1.7/OS X 10.9@ + * @since CUPS 1.7/macOS 10.9@ */ http_state_t /* O - New state of connection */ @@ -2208,8 +2179,7 @@ httpReadRequest(http_t *http, /* I - HTTP connection */ * Range check input... */ - DEBUG_printf(("httpReadRequest(http=%p, uri=%p, urilen=" CUPS_LLFMT ")", - http, uri, CUPS_LLCAST urilen)); + DEBUG_printf(("httpReadRequest(http=%p, uri=%p, urilen=" CUPS_LLFMT ")", (void *)http, (void *)uri, CUPS_LLCAST urilen)); if (uri) *uri = '\0'; @@ -2356,13 +2326,13 @@ httpReadRequest(http_t *http, /* I - HTTP connection */ * This function is deprecated. Please use the @link httpReconnect2@ function * instead. * - * @deprecated@ + * @deprecated@ @exclude all@ */ int /* O - 0 on success, non-zero on failure */ httpReconnect(http_t *http) /* I - HTTP connection */ { - DEBUG_printf(("httpReconnect(http=%p)", http)); + DEBUG_printf(("httpReconnect(http=%p)", (void *)http)); return (httpReconnect2(http, 30000, NULL)); } @@ -2385,8 +2355,7 @@ httpReconnect2(http_t *http, /* I - HTTP connection */ #endif /* DEBUG */ - DEBUG_printf(("httpReconnect2(http=%p, msec=%d, cancel=%p)", http, msec, - cancel)); + DEBUG_printf(("httpReconnect2(http=%p, msec=%d, cancel=%p)", (void *)http, msec, (void *)cancel)); if (!http) { @@ -2398,7 +2367,7 @@ httpReconnect2(http_t *http, /* I - HTTP connection */ if (http->tls) { DEBUG_puts("2httpReconnect2: Shutting down SSL/TLS..."); - http_tls_stop(http); + _httpTLSStop(http); } #endif /* HAVE_SSL */ @@ -2441,8 +2410,7 @@ httpReconnect2(http_t *http, /* I - HTTP connection */ httpAddrPort(&(current->addr)))); #endif /* DEBUG */ - if ((addr = httpAddrConnect2(http->addrlist, &(http->fd), msec, - cancel)) == NULL) + if ((addr = httpAddrConnect2(http->addrlist, &(http->fd), msec, cancel)) == NULL) { /* * Unable to connect... @@ -2476,7 +2444,7 @@ httpReconnect2(http_t *http, /* I - HTTP connection */ * Always do encryption via SSL. */ - if (http_tls_start(http) != 0) + if (_httpTLSStart(http) != 0) { httpAddrClose(NULL, http->fd); @@ -2499,11 +2467,12 @@ httpReconnect2(http_t *http, /* I - HTTP connection */ * 'httpSetAuthString()' - Set the current authorization string. * * This function just stores a copy of the current authorization string in - * the HTTP connection object. You must still call httpSetField() to set - * HTTP_FIELD_AUTHORIZATION prior to issuing a HTTP request using httpGet(), - * httpHead(), httpOptions(), httpPost, or httpPut(). + * the HTTP connection object. You must still call @link httpSetField@ to set + * @code HTTP_FIELD_AUTHORIZATION@ prior to issuing a HTTP request using + * @link httpGet@, @link httpHead@, @link httpOptions@, @link httpPost@, or + * @link httpPut@. * - * @since CUPS 1.3/OS X 10.5@ + * @since CUPS 1.3/macOS 10.5@ */ void @@ -2529,10 +2498,10 @@ httpSetAuthString(http_t *http, /* I - HTTP connection */ * Set the current authorization string... */ - int len = (int)strlen(scheme) + (data ? (int)strlen(data) + 1 : 0) + 1; + size_t len = strlen(scheme) + (data ? strlen(data) + 1 : 0) + 1; char *temp; - if (len > (int)sizeof(http->_authstring)) + if (len > sizeof(http->_authstring)) { if ((temp = malloc(len)) == NULL) len = sizeof(http->_authstring); @@ -2560,7 +2529,7 @@ httpSetAuthString(http_t *http, /* I - HTTP connection */ * 'httpSetCredentials()' - Set the credentials associated with an encrypted * connection. * - * @since CUPS 1.5/OS X 10.7@ + * @since CUPS 1.5/macOS 10.7@ */ int /* O - Status of call (0 = success) */ @@ -2570,9 +2539,11 @@ httpSetCredentials(http_t *http, /* I - HTTP connection */ if (!http || cupsArrayCount(credentials) < 1) return (-1); +#ifdef HAVE_SSL _httpFreeCredentials(http->tls_credentials); http->tls_credentials = _httpCreateCredentials(credentials); +#endif /* HAVE_SSL */ return (http->tls_credentials ? 0 : -1); } @@ -2581,7 +2552,7 @@ httpSetCredentials(http_t *http, /* I - HTTP connection */ /* * 'httpSetCookie()' - Set the cookie value(s). * - * @since CUPS 1.1.19/OS X 10.3@ + * @since CUPS 1.1.19/macOS 10.3@ */ void @@ -2607,7 +2578,7 @@ httpSetCookie(http_t *http, /* I - Connection */ * Currently only @code HTTP_FIELD_ACCEPT_ENCODING@, @code HTTP_FIELD_SERVER@, * and @code HTTP_FIELD_USER_AGENT@ can be set. * - * @since CUPS 1.7/OS X 10.9@ + * @since CUPS 1.7/macOS 10.9@ */ void @@ -2615,8 +2586,7 @@ httpSetDefaultField(http_t *http, /* I - HTTP connection */ http_field_t field, /* I - Field index */ const char *value)/* I - Value */ { - DEBUG_printf(("httpSetDefaultField(http=%p, field=%d(%s), value=\"%s\")", - http, field, http_fields[field], value)); + DEBUG_printf(("httpSetDefaultField(http=%p, field=%d(%s), value=\"%s\")", (void *)http, field, http_fields[field], value)); if (!http) return; @@ -2657,7 +2627,7 @@ httpSetDefaultField(http_t *http, /* I - HTTP connection */ * Currently only @code HTTP_STATUS_CONTINUE@ is supported for the "expect" * argument. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ void @@ -2665,7 +2635,7 @@ httpSetExpect(http_t *http, /* I - HTTP connection */ http_status_t expect) /* I - HTTP status to expect (@code HTTP_STATUS_CONTINUE@) */ { - DEBUG_printf(("httpSetExpect(http=%p, expect=%d)", http, expect)); + DEBUG_printf(("httpSetExpect(http=%p, expect=%d)", (void *)http, expect)); if (http) http->expect = expect; @@ -2681,8 +2651,7 @@ httpSetField(http_t *http, /* I - HTTP connection */ http_field_t field, /* I - Field index */ const char *value) /* I - Value */ { - DEBUG_printf(("httpSetField(http=%p, field=%d(%s), value=\"%s\")", http, - field, http_fields[field], value)); + DEBUG_printf(("httpSetField(http=%p, field=%d(%s), value=\"%s\")", (void *)http, field, http_fields[field], value)); if (http == NULL || field < HTTP_FIELD_ACCEPT_LANGUAGE || @@ -2713,6 +2682,19 @@ httpSetField(http_t *http, /* I - HTTP connection */ http->server = _cupsStrAlloc(value); break; + case HTTP_FIELD_WWW_AUTHENTICATE : + /* CUPS STR #4503 - don't override WWW-Authenticate for unknown auth schemes */ + if (http->fields[HTTP_FIELD_WWW_AUTHENTICATE][0] && + _cups_strncasecmp(value, "Basic ", 6) && + _cups_strncasecmp(value, "Digest ", 7) && + _cups_strncasecmp(value, "Negotiate ", 10)) + { + DEBUG_printf(("1httpSetField: Ignoring unknown auth scheme in \"%s\".", value)); + return; + } + + /* Fall through to copy */ + default : strlcpy(http->fields[field], value, HTTP_MAX_VALUE); break; @@ -2782,7 +2764,7 @@ httpSetField(http_t *http, /* I - HTTP connection */ /* * 'httpSetKeepAlive()' - Set the current Keep-Alive state of a connection. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ void @@ -2798,15 +2780,14 @@ httpSetKeepAlive( /* * 'httpSetLength()' - Set the content-length and content-encoding. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ void httpSetLength(http_t *http, /* I - HTTP connection */ size_t length) /* I - Length (0 for chunked) */ { - DEBUG_printf(("httpSetLength(http=%p, length=" CUPS_LLFMT ")", http, - CUPS_LLCAST length)); + DEBUG_printf(("httpSetLength(http=%p, length=" CUPS_LLFMT ")", (void *)http, CUPS_LLCAST length)); if (!http) return; @@ -2832,7 +2813,7 @@ httpSetLength(http_t *http, /* I - HTTP connection */ * The optional timeout callback receives both the HTTP connection and a user * data pointer and must return 1 to continue or 0 to error (time) out. * - * @since CUPS 1.5/OS X 10.7@ + * @since CUPS 1.5/macOS 10.7@ */ void @@ -2840,7 +2821,7 @@ httpSetTimeout( http_t *http, /* I - HTTP connection */ double timeout, /* I - Number of seconds for timeout, must be greater than 0 */ - http_timeout_cb_t cb, /* I - Callback function or NULL */ + http_timeout_cb_t cb, /* I - Callback function or @code NULL@ */ void *user_data) /* I - User data pointer */ { if (!http || timeout <= 0.0) @@ -2860,7 +2841,7 @@ httpSetTimeout( /* * 'httpShutdown()' - Shutdown one side of an HTTP connection. * - * @since CUPS 2.0@ + * @since CUPS 2.0/OS 10.10@ */ void @@ -2869,15 +2850,23 @@ httpShutdown(http_t *http) /* I - HTTP connection */ if (!http || http->fd < 0) return; +#ifdef HAVE_SSL if (http->tls) - http_tls_stop(http); + _httpTLSStop(http); +#endif /* HAVE_SSL */ +#ifdef WIN32 + shutdown(http->fd, SD_RECEIVE); /* Microsoft-ism... */ +#else shutdown(http->fd, SHUT_RD); +#endif /* WIN32 */ } /* * 'httpTrace()' - Send an TRACE request to the server. + * + * @exclude all@ */ int /* O - Status of call (0 = success) */ @@ -2905,8 +2894,7 @@ _httpUpdate(http_t *http, /* I - HTTP connection */ int major, minor; /* HTTP version numbers */ - DEBUG_printf(("_httpUpdate(http=%p, status=%p), state=%s", http, status, - httpStateString(http->state))); + DEBUG_printf(("_httpUpdate(http=%p, status=%p), state=%s", (void *)http, (void *)status, httpStateString(http->state))); /* * Grab a single line from the connection... @@ -2943,7 +2931,7 @@ _httpUpdate(http_t *http, /* I - HTTP connection */ #ifdef HAVE_SSL if (http->status == HTTP_STATUS_SWITCHING_PROTOCOLS && !http->tls) { - if (http_tls_start(http) != 0) + if (_httpTLSStart(http) != 0) { httpAddrClose(NULL, http->fd); @@ -2995,7 +2983,7 @@ _httpUpdate(http_t *http, /* I - HTTP connection */ *status = http->status; return (0); } - else if (!strncmp(line, "HTTP/", 5)) + else if (!strncmp(line, "HTTP/", 5) && http->mode == _HTTP_MODE_CLIENT) { /* * Got the beginning of a response... @@ -3075,8 +3063,7 @@ httpUpdate(http_t *http) /* I - HTTP connection */ http_status_t status; /* Request status */ - DEBUG_printf(("httpUpdate(http=%p), state=%s", http, - httpStateString(http->state))); + DEBUG_printf(("httpUpdate(http=%p), state=%s", (void *)http, httpStateString(http->state))); /* * Flush pending data, if any... @@ -3147,7 +3134,7 @@ _httpWait(http_t *http, /* I - HTTP connection */ int nfds; /* Result from select()/poll() */ - DEBUG_printf(("4_httpWait(http=%p, msec=%d, usessl=%d)", http, msec, usessl)); + DEBUG_printf(("4_httpWait(http=%p, msec=%d, usessl=%d)", (void *)http, msec, usessl)); if (http->fd < 0) { @@ -3160,7 +3147,7 @@ _httpWait(http_t *http, /* I - HTTP connection */ */ #ifdef HAVE_SSL - if (http_tls_pending(http)) + if (http->tls && _httpTLSPending(http)) { DEBUG_puts("5_httpWait: Return 1 since there is pending TLS data."); return (1); @@ -3219,7 +3206,7 @@ _httpWait(http_t *http, /* I - HTTP connection */ /* * 'httpWait()' - Wait for data available on a connection. * - * @since CUPS 1.1.19/OS X 10.3@ + * @since CUPS 1.1.19/macOS 10.3@ */ int /* O - 1 if data is available, 0 otherwise */ @@ -3230,7 +3217,7 @@ httpWait(http_t *http, /* I - HTTP connection */ * First see if there is data in the buffer... */ - DEBUG_printf(("2httpWait(http=%p, msec=%d)", http, msec)); + DEBUG_printf(("2httpWait(http=%p, msec=%d)", (void *)http, msec)); if (http == NULL) return (0); @@ -3275,7 +3262,7 @@ httpWait(http_t *http, /* I - HTTP connection */ * This function is deprecated. Use the httpWrite2() function which can * write more than 2GB of data. * - * @deprecated@ + * @deprecated@ @exclude all@ */ int /* O - Number of bytes written */ @@ -3283,14 +3270,14 @@ httpWrite(http_t *http, /* I - HTTP connection */ const char *buffer, /* I - Buffer for data */ int length) /* I - Number of bytes to write */ { - return ((int)httpWrite2(http, buffer, length)); + return ((int)httpWrite2(http, buffer, (size_t)length)); } /* * 'httpWrite2()' - Write data to a HTTP connection. * - * @since CUPS 1.2/OS X 10.5@ + * @since CUPS 1.2/macOS 10.5@ */ ssize_t /* O - Number of bytes written */ @@ -3301,8 +3288,7 @@ httpWrite2(http_t *http, /* I - HTTP connection */ ssize_t bytes; /* Bytes written */ - DEBUG_printf(("httpWrite2(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http, - buffer, CUPS_LLCAST length)); + DEBUG_printf(("httpWrite2(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length)); /* * Range check input... @@ -3325,7 +3311,7 @@ httpWrite2(http_t *http, /* I - HTTP connection */ */ #ifdef HAVE_LIBZ - if (http->coding) + if (http->coding == _HTTP_CODING_GZIP || http->coding == _HTTP_CODING_DEFLATE) { DEBUG_printf(("1httpWrite2: http->coding=%d", http->coding)); @@ -3336,37 +3322,48 @@ httpWrite2(http_t *http, /* I - HTTP connection */ } else { + size_t slen; /* Bytes to write */ + ssize_t sret; /* Bytes written */ + http->stream.next_in = (Bytef *)buffer; - http->stream.avail_in = length; - http->stream.next_out = (Bytef *)http->wbuffer + http->wused; - http->stream.avail_out = sizeof(http->wbuffer) - http->wused; + http->stream.avail_in = (uInt)length; while (deflate(&(http->stream), Z_NO_FLUSH) == Z_OK) { - http->wused = sizeof(http->wbuffer) - http->stream.avail_out; + DEBUG_printf(("1httpWrite2: avail_out=%d", http->stream.avail_out)); - if (http->stream.avail_out == 0) - { - if (httpFlushWrite(http) < 0) - { - DEBUG_puts("1httpWrite2: Unable to flush, returning -1."); - return (-1); - } + if (http->stream.avail_out > 0) + continue; - http->stream.next_out = (Bytef *)http->wbuffer; - http->stream.avail_out = sizeof(http->wbuffer); + slen = _HTTP_MAX_SBUFFER - http->stream.avail_out; + + DEBUG_printf(("1httpWrite2: Writing intermediate chunk, len=%d", (int)slen)); + + if (slen > 0 && http->data_encoding == HTTP_ENCODING_CHUNKED) + sret = http_write_chunk(http, (char *)http->sbuffer, slen); + else if (slen > 0) + sret = http_write(http, (char *)http->sbuffer, slen); + else + sret = 0; + + if (sret < 0) + { + DEBUG_puts("1httpWrite2: Unable to write, returning -1."); + return (-1); } + + http->stream.next_out = (Bytef *)http->sbuffer; + http->stream.avail_out = (uInt)_HTTP_MAX_SBUFFER; } - http->wused = sizeof(http->wbuffer) - http->stream.avail_out; - bytes = length; + bytes = (ssize_t)length; } } else #endif /* HAVE_LIBZ */ if (length > 0) { - if (http->wused && (length + http->wused) > sizeof(http->wbuffer)) + if (http->wused && (length + (size_t)http->wused) > sizeof(http->wbuffer)) { DEBUG_printf(("2httpWrite2: Flushing buffer (wused=%d, length=" CUPS_LLFMT ")", http->wused, CUPS_LLCAST length)); @@ -3374,8 +3371,7 @@ httpWrite2(http_t *http, /* I - HTTP connection */ httpFlushWrite(http); } - if ((length + http->wused) <= sizeof(http->wbuffer) && - length < sizeof(http->wbuffer)) + if ((length + (size_t)http->wused) <= sizeof(http->wbuffer) && length < sizeof(http->wbuffer)) { /* * Write to buffer... @@ -3398,9 +3394,9 @@ httpWrite2(http_t *http, /* I - HTTP connection */ CUPS_LLCAST length)); if (http->data_encoding == HTTP_ENCODING_CHUNKED) - bytes = (ssize_t)http_write_chunk(http, buffer, (int)length); + bytes = (ssize_t)http_write_chunk(http, buffer, length); else - bytes = (ssize_t)http_write(http, buffer, (int)length); + bytes = (ssize_t)http_write(http, buffer, length); DEBUG_printf(("2httpWrite2: Wrote " CUPS_LLFMT " bytes...", CUPS_LLCAST bytes)); @@ -3425,7 +3421,7 @@ httpWrite2(http_t *http, /* I - HTTP connection */ */ #ifdef HAVE_LIBZ - if (http->coding) + if (http->coding == _HTTP_CODING_GZIP || http->coding == _HTTP_CODING_DEFLATE) http_content_coding_finish(http); #endif /* HAVE_LIBZ */ @@ -3472,7 +3468,7 @@ httpWrite2(http_t *http, /* I - HTTP connection */ /* * 'httpWriteResponse()' - Write a HTTP response to a client connection. * - * @since CUPS 1.7/OS X 10.9@ + * @since CUPS 1.7/macOS 10.9@ */ int /* O - 0 on success, -1 on error */ @@ -3487,7 +3483,7 @@ httpWriteResponse(http_t *http, /* I - HTTP connection */ * Range check input... */ - DEBUG_printf(("httpWriteResponse(http=%p, status=%d)", http, status)); + DEBUG_printf(("httpWriteResponse(http=%p, status=%d)", (void *)http, status)); if (!http || status < HTTP_STATUS_CONTINUE) { @@ -3592,13 +3588,31 @@ httpWriteResponse(http_t *http, /* I - HTTP connection */ if (http->cookie) { - if (httpPrintf(http, "Set-Cookie: %s path=/ httponly%s\r\n", - http->cookie, http->tls ? " secure" : "") < 1) + if (strchr(http->cookie, ';')) + { + if (httpPrintf(http, "Set-Cookie: %s\r\n", http->cookie) < 1) + { + http->status = HTTP_STATUS_ERROR; + return (-1); + } + } + else if (httpPrintf(http, "Set-Cookie: %s; path=/; httponly;%s\r\n", http->cookie, http->tls ? " secure;" : "") < 1) { http->status = HTTP_STATUS_ERROR; return (-1); } } + + /* + * "Click-jacking" defense (STR #4492)... + */ + + if (httpPrintf(http, "X-Frame-Options: DENY\r\n" + "Content-Security-Policy: frame-ancestors 'none'\r\n") < 1) + { + http->status = HTTP_STATUS_ERROR; + return (-1); + } } if (httpWrite2(http, "\r\n", 2) < 2) @@ -3656,6 +3670,9 @@ httpWriteResponse(http_t *http, /* I - HTTP connection */ return (0); } + if (http->state == HTTP_STATE_POST_RECV || http->state == HTTP_STATE_GET) + http->state ++; + #ifdef HAVE_LIBZ /* * Then start any content encoding... @@ -3681,9 +3698,13 @@ static void http_content_coding_finish( http_t *http) /* I - HTTP connection */ { - int zerr; /* Compression status */ - Byte dummy[1]; /* Dummy read buffer */ + int zerr; /* Compression status */ + Byte dummy[1]; /* Dummy read buffer */ + size_t bytes; /* Number of bytes to write */ + + DEBUG_printf(("http_content_coding_finish(http=%p)", (void *)http)); + DEBUG_printf(("1http_content_coding_finishing: http->coding=%d", http->coding)); switch (http->coding) { @@ -3694,19 +3715,29 @@ http_content_coding_finish( do { - http->stream.next_out = (Bytef *)http->wbuffer + http->wused; - http->stream.avail_out = sizeof(http->wbuffer) - http->wused; + zerr = deflate(&(http->stream), Z_FINISH); + bytes = _HTTP_MAX_SBUFFER - http->stream.avail_out; - zerr = deflate(&(http->stream), Z_FINISH); + if (bytes > 0) + { + DEBUG_printf(("1http_content_coding_finish: Writing trailing chunk, len=%d", (int)bytes)); - http->wused = sizeof(http->wbuffer) - http->stream.avail_out; - if (http->wused == sizeof(http->wbuffer)) - httpFlushWrite(http); - } + if (http->data_encoding == HTTP_ENCODING_CHUNKED) + http_write_chunk(http, (char *)http->sbuffer, bytes); + else + http_write(http, (char *)http->sbuffer, bytes); + } + + http->stream.next_out = (Bytef *)http->sbuffer; + http->stream.avail_out = (uInt)_HTTP_MAX_SBUFFER; + } while (zerr == Z_OK); deflateEnd(&(http->stream)); + free(http->sbuffer); + http->sbuffer = NULL; + if (http->wused) httpFlushWrite(http); break; @@ -3714,8 +3745,8 @@ http_content_coding_finish( case _HTTP_CODING_INFLATE : case _HTTP_CODING_GUNZIP : inflateEnd(&(http->stream)); - free(http->dbuffer); - http->dbuffer = NULL; + free(http->sbuffer); + http->sbuffer = NULL; break; default : @@ -3739,8 +3770,7 @@ http_content_coding_start( _http_coding_t coding; /* Content coding value */ - DEBUG_printf(("http_content_coding_start(http=%p, value=\"%s\")", http, - value)); + DEBUG_printf(("http_content_coding_start(http=%p, value=\"%s\")", (void *)http, value)); if (http->coding != _HTTP_CODING_IDENTITY) { @@ -3795,6 +3825,13 @@ http_content_coding_start( if (http->wused) httpFlushWrite(http); + if ((http->sbuffer = malloc(_HTTP_MAX_SBUFFER)) == NULL) + { + http->status = HTTP_STATUS_ERROR; + http->error = errno; + return; + } + /* * Window size for compression is 11 bits - optimal based on PWG Raster * sample files on pwg.org. -11 is raw deflate, 27 is gzip, per ZLIB @@ -3810,11 +3847,14 @@ http_content_coding_start( http->error = zerr == Z_MEM_ERROR ? ENOMEM : EINVAL; return; } + + http->stream.next_out = (Bytef *)http->sbuffer; + http->stream.avail_out = (uInt)_HTTP_MAX_SBUFFER; break; case _HTTP_CODING_INFLATE : case _HTTP_CODING_GUNZIP : - if ((http->dbuffer = malloc(HTTP_MAX_BUFFER)) == NULL) + if ((http->sbuffer = malloc(_HTTP_MAX_SBUFFER)) == NULL) { http->status = HTTP_STATUS_ERROR; http->error = errno; @@ -3830,15 +3870,15 @@ http_content_coding_start( coding == _HTTP_CODING_INFLATE ? -15 : 31)) < Z_OK) { - free(http->dbuffer); - http->dbuffer = NULL; + free(http->sbuffer); + http->sbuffer = NULL; http->status = HTTP_STATUS_ERROR; http->error = zerr == Z_MEM_ERROR ? ENOMEM : EINVAL; return; } http->stream.avail_in = 0; - http->stream.next_in = http->dbuffer; + http->stream.next_in = http->sbuffer; break; default : @@ -3861,7 +3901,7 @@ static http_t * /* O - HTTP connection */ http_create( const char *host, /* I - Hostname */ int port, /* I - Port number */ - http_addrlist_t *addrlist, /* I - Address list or NULL */ + http_addrlist_t *addrlist, /* I - Address list or @code NULL@ */ int family, /* I - Address family or AF_UNSPEC */ http_encryption_t encryption, /* I - Encryption to use */ int blocking, /* I - 1 for blocking mode */ @@ -3872,9 +3912,7 @@ http_create( http_addrlist_t *myaddrlist = NULL; /* My address list */ - DEBUG_printf(("4http_create(host=\"%s\", port=%d, addrlist=%p, family=%d, " - "encryption=%d, blocking=%d, mode=%d)", host, port, addrlist, - family, encryption, blocking, mode)); + DEBUG_printf(("4http_create(host=\"%s\", port=%d, addrlist=%p, family=%d, encryption=%d, blocking=%d, mode=%d)", host, port, (void *)addrlist, family, encryption, blocking, mode)); if (!host && mode == _HTTP_MODE_CLIENT) return (NULL); @@ -3972,7 +4010,7 @@ http_debug_hex(const char *prefix, /* I - Prefix for line */ for (i = 0; i < bytes; i += 16) { for (j = 0, ptr = start; j < 16 && (i + j) < bytes; j ++, ptr += 2) - sprintf(ptr, "%02X", buffer[i + j] & 255); + snprintf(ptr, 3, "%02X", buffer[i + j] & 255); while (j < 16) { @@ -3991,7 +4029,7 @@ http_debug_hex(const char *prefix, /* I - Prefix for line */ if (ch < ' ' || ch >= 127) ch = '.'; - *ptr++ = ch; + *ptr++ = (char)ch; } *ptr = '\0'; @@ -4016,8 +4054,7 @@ http_read(http_t *http, /* I - HTTP connection */ ssize_t bytes; /* Bytes read */ - DEBUG_printf(("http_read(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http, - buffer, CUPS_LLCAST length)); + DEBUG_printf(("http_read(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length)); if (!http->blocking) { @@ -4037,7 +4074,7 @@ http_read(http_t *http, /* I - HTTP connection */ { #ifdef HAVE_SSL if (http->tls) - bytes = http_tls_read(http, buffer, length); + bytes = _httpTLSRead(http, buffer, (int)length); else #endif /* HAVE_SSL */ bytes = recv(http->fd, buffer, length, 0); @@ -4130,25 +4167,23 @@ http_read_buffered(http_t *http, /* I - HTTP connection */ ssize_t bytes; /* Bytes read */ - DEBUG_printf(("http_read_buffered(http=%p, buffer=%p, length=" CUPS_LLFMT - ") used=%d", - http, buffer, CUPS_LLCAST length, http->used)); + DEBUG_printf(("http_read_buffered(http=%p, buffer=%p, length=" CUPS_LLFMT ") used=%d", (void *)http, (void *)buffer, CUPS_LLCAST length, http->used)); if (http->used > 0) { if (length > (size_t)http->used) - bytes = (size_t)http->used; + bytes = (ssize_t)http->used; else - bytes = length; + bytes = (ssize_t)length; DEBUG_printf(("2http_read: Grabbing %d bytes from input buffer.", (int)bytes)); - memcpy(buffer, http->buffer, bytes); + memcpy(buffer, http->buffer, (size_t)bytes); http->used -= (int)bytes; if (http->used > 0) - memmove(http->buffer, http->buffer + bytes, http->used); + memmove(http->buffer, http->buffer + bytes, (size_t)http->used); } else bytes = http_read(http, buffer, length); @@ -4169,8 +4204,7 @@ http_read_chunk(http_t *http, /* I - HTTP connection */ char *buffer, /* I - Buffer */ size_t length) /* I - Maximum bytes to read */ { - DEBUG_printf(("http_read_chunk(http=%p, buffer=%p, length=" CUPS_LLFMT ")", - http, buffer, CUPS_LLCAST length)); + DEBUG_printf(("http_read_chunk(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length)); if (http->data_remaining <= 0) { @@ -4258,8 +4292,7 @@ http_send(http_t *http, /* I - HTTP connection */ }; - DEBUG_printf(("4http_send(http=%p, request=HTTP_%s, uri=\"%s\")", - http, codes[request], uri)); + DEBUG_printf(("4http_send(http=%p, request=HTTP_%s, uri=\"%s\")", (void *)http, codes[request], uri)); if (http == NULL || uri == NULL) return (-1); @@ -4423,8 +4456,7 @@ http_set_length(http_t *http) /* I - Connection */ off_t remaining; /* Remainder */ - DEBUG_printf(("http_set_length(http=%p) mode=%d state=%s", http, http->mode, - httpStateString(http->state))); + DEBUG_printf(("http_set_length(http=%p) mode=%d state=%s", (void *)http, http->mode, httpStateString(http->state))); if ((remaining = httpGetLength2(http)) >= 0) { @@ -4457,7 +4489,7 @@ http_set_length(http_t *http) /* I - Connection */ http->data_remaining = remaining; if (remaining <= INT_MAX) - http->_data_remaining = remaining; + http->_data_remaining = (int)remaining; else http->_data_remaining = INT_MAX; } @@ -4523,7 +4555,7 @@ http_tls_upgrade(http_t *http) /* I - HTTP connection */ http_t myhttp; /* Local copy of HTTP data */ - DEBUG_printf(("7http_tls_upgrade(%p)", http)); + DEBUG_printf(("7http_tls_upgrade(%p)", (void *)http)); /* * Flush the connection to make sure any previous "Upgrade" message @@ -4585,6 +4617,7 @@ http_tls_upgrade(http_t *http) /* I - HTTP connection */ DEBUG_puts("8http_tls_upgrade: Server does not support HTTP upgrade!"); + _cupsSetError(IPP_STATUS_ERROR_CUPS_PKI, _("Encryption is not supported."), 1); httpAddrClose(NULL, http->fd); http->fd = -1; @@ -4610,8 +4643,7 @@ http_write(http_t *http, /* I - HTTP connection */ bytes; /* Bytes sent */ - DEBUG_printf(("2http_write(http=%p, buffer=%p, length=" CUPS_LLFMT ")", http, - buffer, CUPS_LLCAST length)); + DEBUG_printf(("2http_write(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length)); http->error = 0; tbytes = 0; @@ -4678,7 +4710,7 @@ http_write(http_t *http, /* I - HTTP connection */ #ifdef HAVE_SSL if (http->tls) - bytes = http_tls_write(http, buffer, length); + bytes = _httpTLSWrite(http, buffer, (int)length); else #endif /* HAVE_SSL */ bytes = send(http->fd, buffer, length, 0); @@ -4732,11 +4764,11 @@ http_write(http_t *http, /* I - HTTP connection */ buffer += bytes; tbytes += bytes; - length -= bytes; + length -= (size_t)bytes; } #ifdef DEBUG - http_debug_hex("http_write", buffer - tbytes, tbytes); + http_debug_hex("http_write", buffer - tbytes, (int)tbytes); #endif /* DEBUG */ DEBUG_printf(("3http_write: Returning " CUPS_LLFMT ".", CUPS_LLCAST tbytes)); @@ -4758,8 +4790,7 @@ http_write_chunk(http_t *http, /* I - HTTP connection */ ssize_t bytes; /* Bytes written */ - DEBUG_printf(("7http_write_chunk(http=%p, buffer=%p, length=" CUPS_LLFMT ")", - http, buffer, CUPS_LLCAST length)); + DEBUG_printf(("7http_write_chunk(http=%p, buffer=%p, length=" CUPS_LLFMT ")", (void *)http, (void *)buffer, CUPS_LLCAST length)); /* * Write the chunk header, data, and trailer. @@ -4786,8 +4817,3 @@ http_write_chunk(http_t *http, /* I - HTTP connection */ return (bytes); } - - -/* - * End of "$Id$". - */