Update broken references to image assets
[chromium-blink-merge.git] / net / http / http_stream_parser.cc
blob2cf3f6683fdf8feb219858bf0836400a1b898f92
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/http/http_stream_parser.h"
7 #include "base/bind.h"
8 #include "base/compiler_specific.h"
9 #include "base/logging.h"
10 #include "base/metrics/histogram_macros.h"
11 #include "base/profiler/scoped_tracker.h"
12 #include "base/strings/string_util.h"
13 #include "base/values.h"
14 #include "net/base/io_buffer.h"
15 #include "net/base/ip_endpoint.h"
16 #include "net/base/upload_data_stream.h"
17 #include "net/http/http_chunked_decoder.h"
18 #include "net/http/http_request_headers.h"
19 #include "net/http/http_request_info.h"
20 #include "net/http/http_response_headers.h"
21 #include "net/http/http_util.h"
22 #include "net/socket/client_socket_handle.h"
23 #include "net/socket/ssl_client_socket.h"
25 namespace net {
27 namespace {
29 enum HttpHeaderParserEvent {
30 HEADER_PARSER_INVOKED = 0,
31 // Obsolete: HEADER_HTTP_09_RESPONSE = 1,
32 HEADER_ALLOWED_TRUNCATED_HEADERS = 2,
33 HEADER_SKIPPED_WS_PREFIX = 3,
34 HEADER_SKIPPED_NON_WS_PREFIX = 4,
35 HEADER_HTTP_09_RESPONSE_OVER_HTTP = 5,
36 HEADER_HTTP_09_RESPONSE_OVER_SSL = 6,
37 HEADER_HTTP_09_ON_REUSED_SOCKET = 7,
38 NUM_HEADER_EVENTS
41 void RecordHeaderParserEvent(HttpHeaderParserEvent header_event) {
42 UMA_HISTOGRAM_ENUMERATION("Net.HttpHeaderParserEvent", header_event,
43 NUM_HEADER_EVENTS);
46 const uint64 kMaxMergedHeaderAndBodySize = 1400;
47 const size_t kRequestBodyBufferSize = 1 << 14; // 16KB
49 std::string GetResponseHeaderLines(const HttpResponseHeaders& headers) {
50 std::string raw_headers = headers.raw_headers();
51 const char* null_separated_headers = raw_headers.c_str();
52 const char* header_line = null_separated_headers;
53 std::string cr_separated_headers;
54 while (header_line[0] != 0) {
55 cr_separated_headers += header_line;
56 cr_separated_headers += "\n";
57 header_line += strlen(header_line) + 1;
59 return cr_separated_headers;
62 // Return true if |headers| contain multiple |field_name| fields with different
63 // values.
64 bool HeadersContainMultipleCopiesOfField(const HttpResponseHeaders& headers,
65 const std::string& field_name) {
66 void* it = NULL;
67 std::string field_value;
68 if (!headers.EnumerateHeader(&it, field_name, &field_value))
69 return false;
70 // There's at least one |field_name| header. Check if there are any more
71 // such headers, and if so, return true if they have different values.
72 std::string field_value2;
73 while (headers.EnumerateHeader(&it, field_name, &field_value2)) {
74 if (field_value != field_value2)
75 return true;
77 return false;
80 scoped_ptr<base::Value> NetLogSendRequestBodyCallback(
81 uint64 length,
82 bool is_chunked,
83 bool did_merge,
84 NetLogCaptureMode /* capture_mode */) {
85 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
86 dict->SetInteger("length", static_cast<int>(length));
87 dict->SetBoolean("is_chunked", is_chunked);
88 dict->SetBoolean("did_merge", did_merge);
89 return dict.Pass();
92 // Returns true if |error_code| is an error for which we give the server a
93 // chance to send a body containing error information, if the error was received
94 // while trying to upload a request body.
95 bool ShouldTryReadingOnUploadError(int error_code) {
96 return (error_code == ERR_CONNECTION_RESET);
99 } // namespace
101 // Similar to DrainableIOBuffer(), but this version comes with its own
102 // storage. The motivation is to avoid repeated allocations of
103 // DrainableIOBuffer.
105 // Example:
107 // scoped_refptr<SeekableIOBuffer> buf = new SeekableIOBuffer(1024);
108 // // capacity() == 1024. size() == BytesRemaining() == BytesConsumed() == 0.
109 // // data() points to the beginning of the buffer.
111 // // Read() takes an IOBuffer.
112 // int bytes_read = some_reader->Read(buf, buf->capacity());
113 // buf->DidAppend(bytes_read);
114 // // size() == BytesRemaining() == bytes_read. data() is unaffected.
116 // while (buf->BytesRemaining() > 0) {
117 // // Write() takes an IOBuffer. If it takes const char*, we could
118 /// // simply use the regular IOBuffer like buf->data() + offset.
119 // int bytes_written = Write(buf, buf->BytesRemaining());
120 // buf->DidConsume(bytes_written);
121 // }
122 // // BytesRemaining() == 0. BytesConsumed() == size().
123 // // data() points to the end of the consumed bytes (exclusive).
125 // // If you want to reuse the buffer, be sure to clear the buffer.
126 // buf->Clear();
127 // // size() == BytesRemaining() == BytesConsumed() == 0.
128 // // data() points to the beginning of the buffer.
130 class HttpStreamParser::SeekableIOBuffer : public IOBuffer {
131 public:
132 explicit SeekableIOBuffer(int capacity)
133 : IOBuffer(capacity),
134 real_data_(data_),
135 capacity_(capacity),
136 size_(0),
137 used_(0) {
140 // DidConsume() changes the |data_| pointer so that |data_| always points
141 // to the first unconsumed byte.
142 void DidConsume(int bytes) {
143 SetOffset(used_ + bytes);
146 // Returns the number of unconsumed bytes.
147 int BytesRemaining() const {
148 return size_ - used_;
151 // Seeks to an arbitrary point in the buffer. The notion of bytes consumed
152 // and remaining are updated appropriately.
153 void SetOffset(int bytes) {
154 DCHECK_GE(bytes, 0);
155 DCHECK_LE(bytes, size_);
156 used_ = bytes;
157 data_ = real_data_ + used_;
160 // Called after data is added to the buffer. Adds |bytes| added to
161 // |size_|. data() is unaffected.
162 void DidAppend(int bytes) {
163 DCHECK_GE(bytes, 0);
164 DCHECK_GE(size_ + bytes, 0);
165 DCHECK_LE(size_ + bytes, capacity_);
166 size_ += bytes;
169 // Changes the logical size to 0, and the offset to 0.
170 void Clear() {
171 size_ = 0;
172 SetOffset(0);
175 // Returns the logical size of the buffer (i.e the number of bytes of data
176 // in the buffer).
177 int size() const { return size_; }
179 // Returns the capacity of the buffer. The capacity is the size used when
180 // the object is created.
181 int capacity() const { return capacity_; };
183 private:
184 ~SeekableIOBuffer() override {
185 // data_ will be deleted in IOBuffer::~IOBuffer().
186 data_ = real_data_;
189 char* real_data_;
190 const int capacity_;
191 int size_;
192 int used_;
195 // 2 CRLFs + max of 8 hex chars.
196 const size_t HttpStreamParser::kChunkHeaderFooterSize = 12;
198 HttpStreamParser::HttpStreamParser(ClientSocketHandle* connection,
199 const HttpRequestInfo* request,
200 GrowableIOBuffer* read_buffer,
201 const BoundNetLog& net_log)
202 : io_state_(STATE_NONE),
203 request_(request),
204 request_headers_(NULL),
205 request_headers_length_(0),
206 read_buf_(read_buffer),
207 read_buf_unused_offset_(0),
208 response_header_start_offset_(-1),
209 received_bytes_(0),
210 response_body_length_(-1),
211 response_body_read_(0),
212 user_read_buf_(NULL),
213 user_read_buf_len_(0),
214 connection_(connection),
215 net_log_(net_log),
216 sent_last_chunk_(false),
217 upload_error_(OK),
218 weak_ptr_factory_(this) {
219 io_callback_ = base::Bind(&HttpStreamParser::OnIOComplete,
220 weak_ptr_factory_.GetWeakPtr());
223 HttpStreamParser::~HttpStreamParser() {
226 int HttpStreamParser::SendRequest(const std::string& request_line,
227 const HttpRequestHeaders& headers,
228 HttpResponseInfo* response,
229 const CompletionCallback& callback) {
230 DCHECK_EQ(STATE_NONE, io_state_);
231 DCHECK(callback_.is_null());
232 DCHECK(!callback.is_null());
233 DCHECK(response);
235 net_log_.AddEvent(
236 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_HEADERS,
237 base::Bind(&HttpRequestHeaders::NetLogCallback,
238 base::Unretained(&headers),
239 &request_line));
241 DVLOG(1) << __FUNCTION__ << "()"
242 << " request_line = \"" << request_line << "\""
243 << " headers = \"" << headers.ToString() << "\"";
244 response_ = response;
246 // Put the peer's IP address and port into the response.
247 IPEndPoint ip_endpoint;
248 int result = connection_->socket()->GetPeerAddress(&ip_endpoint);
249 if (result != OK)
250 return result;
251 response_->socket_address = HostPortPair::FromIPEndPoint(ip_endpoint);
253 std::string request = request_line + headers.ToString();
254 request_headers_length_ = request.size();
256 if (request_->upload_data_stream != NULL) {
257 request_body_send_buf_ = new SeekableIOBuffer(kRequestBodyBufferSize);
258 if (request_->upload_data_stream->is_chunked()) {
259 // Read buffer is adjusted to guarantee that |request_body_send_buf_| is
260 // large enough to hold the encoded chunk.
261 request_body_read_buf_ =
262 new SeekableIOBuffer(kRequestBodyBufferSize - kChunkHeaderFooterSize);
263 } else {
264 // No need to encode request body, just send the raw data.
265 request_body_read_buf_ = request_body_send_buf_;
269 io_state_ = STATE_SEND_HEADERS;
271 // If we have a small request body, then we'll merge with the headers into a
272 // single write.
273 bool did_merge = false;
274 if (ShouldMergeRequestHeadersAndBody(request, request_->upload_data_stream)) {
275 int merged_size = static_cast<int>(
276 request_headers_length_ + request_->upload_data_stream->size());
277 scoped_refptr<IOBuffer> merged_request_headers_and_body(
278 new IOBuffer(merged_size));
279 // We'll repurpose |request_headers_| to store the merged headers and
280 // body.
281 request_headers_ = new DrainableIOBuffer(
282 merged_request_headers_and_body.get(), merged_size);
284 memcpy(request_headers_->data(), request.data(), request_headers_length_);
285 request_headers_->DidConsume(request_headers_length_);
287 uint64 todo = request_->upload_data_stream->size();
288 while (todo) {
289 int consumed = request_->upload_data_stream->Read(
290 request_headers_.get(), static_cast<int>(todo), CompletionCallback());
291 DCHECK_GT(consumed, 0); // Read() won't fail if not chunked.
292 request_headers_->DidConsume(consumed);
293 todo -= consumed;
295 DCHECK(request_->upload_data_stream->IsEOF());
296 // Reset the offset, so the buffer can be read from the beginning.
297 request_headers_->SetOffset(0);
298 did_merge = true;
300 net_log_.AddEvent(
301 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY,
302 base::Bind(&NetLogSendRequestBodyCallback,
303 request_->upload_data_stream->size(),
304 false, /* not chunked */
305 true /* merged */));
308 if (!did_merge) {
309 // If we didn't merge the body with the headers, then |request_headers_|
310 // contains just the HTTP headers.
311 scoped_refptr<StringIOBuffer> headers_io_buf(new StringIOBuffer(request));
312 request_headers_ =
313 new DrainableIOBuffer(headers_io_buf.get(), headers_io_buf->size());
316 result = DoLoop(OK);
317 if (result == ERR_IO_PENDING)
318 callback_ = callback;
320 return result > 0 ? OK : result;
323 int HttpStreamParser::ReadResponseHeaders(const CompletionCallback& callback) {
324 DCHECK(io_state_ == STATE_NONE || io_state_ == STATE_DONE);
325 DCHECK(callback_.is_null());
326 DCHECK(!callback.is_null());
327 DCHECK_EQ(0, read_buf_unused_offset_);
329 // This function can be called with io_state_ == STATE_DONE if the
330 // connection is closed after seeing just a 1xx response code.
331 if (io_state_ == STATE_DONE)
332 return ERR_CONNECTION_CLOSED;
334 int result = OK;
335 io_state_ = STATE_READ_HEADERS;
337 if (read_buf_->offset() > 0) {
338 // Simulate the state where the data was just read from the socket.
339 result = read_buf_->offset();
340 read_buf_->set_offset(0);
342 if (result > 0)
343 io_state_ = STATE_READ_HEADERS_COMPLETE;
345 result = DoLoop(result);
346 if (result == ERR_IO_PENDING)
347 callback_ = callback;
349 return result > 0 ? OK : result;
352 void HttpStreamParser::Close(bool not_reusable) {
353 if (not_reusable && connection_->socket())
354 connection_->socket()->Disconnect();
355 connection_->Reset();
358 int HttpStreamParser::ReadResponseBody(IOBuffer* buf, int buf_len,
359 const CompletionCallback& callback) {
360 DCHECK(io_state_ == STATE_NONE || io_state_ == STATE_DONE);
361 DCHECK(callback_.is_null());
362 DCHECK(!callback.is_null());
363 DCHECK_LE(buf_len, kMaxBufSize);
365 if (io_state_ == STATE_DONE)
366 return OK;
368 user_read_buf_ = buf;
369 user_read_buf_len_ = buf_len;
370 io_state_ = STATE_READ_BODY;
372 int result = DoLoop(OK);
373 if (result == ERR_IO_PENDING)
374 callback_ = callback;
376 return result;
379 void HttpStreamParser::OnIOComplete(int result) {
380 result = DoLoop(result);
382 // The client callback can do anything, including destroying this class,
383 // so any pending callback must be issued after everything else is done.
384 if (result != ERR_IO_PENDING && !callback_.is_null()) {
385 CompletionCallback c = callback_;
386 callback_.Reset();
387 c.Run(result);
391 int HttpStreamParser::DoLoop(int result) {
392 do {
393 DCHECK_NE(ERR_IO_PENDING, result);
394 DCHECK_NE(STATE_DONE, io_state_);
395 DCHECK_NE(STATE_NONE, io_state_);
396 State state = io_state_;
397 io_state_ = STATE_NONE;
398 switch (state) {
399 case STATE_SEND_HEADERS:
400 DCHECK_EQ(OK, result);
401 result = DoSendHeaders();
402 break;
403 case STATE_SEND_HEADERS_COMPLETE:
404 result = DoSendHeadersComplete(result);
405 break;
406 case STATE_SEND_BODY:
407 DCHECK_EQ(OK, result);
408 result = DoSendBody();
409 break;
410 case STATE_SEND_BODY_COMPLETE:
411 result = DoSendBodyComplete(result);
412 break;
413 case STATE_SEND_REQUEST_READ_BODY_COMPLETE:
414 result = DoSendRequestReadBodyComplete(result);
415 break;
416 case STATE_READ_HEADERS:
417 net_log_.BeginEvent(NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS);
418 DCHECK_GE(result, 0);
419 result = DoReadHeaders();
420 break;
421 case STATE_READ_HEADERS_COMPLETE:
422 result = DoReadHeadersComplete(result);
423 net_log_.EndEventWithNetErrorCode(
424 NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS, result);
425 break;
426 case STATE_READ_BODY:
427 DCHECK_GE(result, 0);
428 result = DoReadBody();
429 break;
430 case STATE_READ_BODY_COMPLETE:
431 result = DoReadBodyComplete(result);
432 break;
433 default:
434 NOTREACHED();
435 break;
437 } while (result != ERR_IO_PENDING &&
438 (io_state_ != STATE_DONE && io_state_ != STATE_NONE));
440 return result;
443 int HttpStreamParser::DoSendHeaders() {
444 // TODO(mmenke): Remove ScopedTracker below once crbug.com/424359 is fixed.
445 tracked_objects::ScopedTracker tracking_profile(
446 FROM_HERE_WITH_EXPLICIT_FUNCTION(
447 "424359 HttpStreamParser::DoSendHeaders"));
449 int bytes_remaining = request_headers_->BytesRemaining();
450 DCHECK_GT(bytes_remaining, 0);
452 // Record our best estimate of the 'request time' as the time when we send
453 // out the first bytes of the request headers.
454 if (bytes_remaining == request_headers_->size())
455 response_->request_time = base::Time::Now();
457 io_state_ = STATE_SEND_HEADERS_COMPLETE;
458 return connection_->socket()
459 ->Write(request_headers_.get(), bytes_remaining, io_callback_);
462 int HttpStreamParser::DoSendHeadersComplete(int result) {
463 if (result < 0) {
464 // In the unlikely case that the headers and body were merged, all the
465 // the headers were sent, but not all of the body way, and |result| is
466 // an error that this should try reading after, stash the error for now and
467 // act like the request was successfully sent.
468 if (request_headers_->BytesConsumed() >= request_headers_length_ &&
469 ShouldTryReadingOnUploadError(result)) {
470 upload_error_ = result;
471 return OK;
473 return result;
476 request_headers_->DidConsume(result);
477 if (request_headers_->BytesRemaining() > 0) {
478 io_state_ = STATE_SEND_HEADERS;
479 return OK;
482 if (request_->upload_data_stream != NULL &&
483 (request_->upload_data_stream->is_chunked() ||
484 // !IsEOF() indicates that the body wasn't merged.
485 (request_->upload_data_stream->size() > 0 &&
486 !request_->upload_data_stream->IsEOF()))) {
487 net_log_.AddEvent(
488 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY,
489 base::Bind(&NetLogSendRequestBodyCallback,
490 request_->upload_data_stream->size(),
491 request_->upload_data_stream->is_chunked(),
492 false /* not merged */));
493 io_state_ = STATE_SEND_BODY;
494 return OK;
497 // Finished sending the request.
498 return OK;
501 int HttpStreamParser::DoSendBody() {
502 if (request_body_send_buf_->BytesRemaining() > 0) {
503 io_state_ = STATE_SEND_BODY_COMPLETE;
504 return connection_->socket()
505 ->Write(request_body_send_buf_.get(),
506 request_body_send_buf_->BytesRemaining(),
507 io_callback_);
510 if (request_->upload_data_stream->is_chunked() && sent_last_chunk_) {
511 // Finished sending the request.
512 return OK;
515 request_body_read_buf_->Clear();
516 io_state_ = STATE_SEND_REQUEST_READ_BODY_COMPLETE;
517 return request_->upload_data_stream->Read(request_body_read_buf_.get(),
518 request_body_read_buf_->capacity(),
519 io_callback_);
522 int HttpStreamParser::DoSendBodyComplete(int result) {
523 if (result < 0) {
524 // If |result| is an error that this should try reading after, stash the
525 // error for now and act like the request was successfully sent.
526 if (ShouldTryReadingOnUploadError(result)) {
527 upload_error_ = result;
528 return OK;
530 return result;
533 request_body_send_buf_->DidConsume(result);
535 io_state_ = STATE_SEND_BODY;
536 return OK;
539 int HttpStreamParser::DoSendRequestReadBodyComplete(int result) {
540 // |result| is the result of read from the request body from the last call to
541 // DoSendBody().
542 DCHECK_GE(result, 0); // There won't be errors.
544 // Chunked data needs to be encoded.
545 if (request_->upload_data_stream->is_chunked()) {
546 if (result == 0) { // Reached the end.
547 DCHECK(request_->upload_data_stream->IsEOF());
548 sent_last_chunk_ = true;
550 // Encode the buffer as 1 chunk.
551 const base::StringPiece payload(request_body_read_buf_->data(), result);
552 request_body_send_buf_->Clear();
553 result = EncodeChunk(payload,
554 request_body_send_buf_->data(),
555 request_body_send_buf_->capacity());
558 if (result == 0) { // Reached the end.
559 // Reaching EOF means we can finish sending request body unless the data is
560 // chunked. (i.e. No need to send the terminal chunk.)
561 DCHECK(request_->upload_data_stream->IsEOF());
562 DCHECK(!request_->upload_data_stream->is_chunked());
563 // Finished sending the request.
564 } else if (result > 0) {
565 request_body_send_buf_->DidAppend(result);
566 result = 0;
567 io_state_ = STATE_SEND_BODY;
569 return result;
572 int HttpStreamParser::DoReadHeaders() {
573 io_state_ = STATE_READ_HEADERS_COMPLETE;
575 // Grow the read buffer if necessary.
576 if (read_buf_->RemainingCapacity() == 0)
577 read_buf_->SetCapacity(read_buf_->capacity() + kHeaderBufInitialSize);
579 // http://crbug.com/16371: We're seeing |user_buf_->data()| return NULL.
580 // See if the user is passing in an IOBuffer with a NULL |data_|.
581 CHECK(read_buf_->data());
583 return connection_->socket()
584 ->Read(read_buf_.get(), read_buf_->RemainingCapacity(), io_callback_);
587 int HttpStreamParser::DoReadHeadersComplete(int result) {
588 result = HandleReadHeaderResult(result);
590 // TODO(mmenke): The code below is ugly and hacky. A much better and more
591 // flexible long term solution would be to separate out the read and write
592 // loops, though this would involve significant changes, both here and
593 // elsewhere (WebSockets, for instance).
595 // If still reading the headers, or there was no error uploading the request
596 // body, just return the result.
597 if (io_state_ == STATE_READ_HEADERS || upload_error_ == OK)
598 return result;
600 // If the result is ERR_IO_PENDING, |io_state_| should be STATE_READ_HEADERS.
601 DCHECK_NE(ERR_IO_PENDING, result);
603 // On errors, use the original error received when sending the request.
604 // The main cases where these are different is when there's a header-related
605 // error code, or when there's an ERR_CONNECTION_CLOSED, which can result in
606 // special handling of partial responses and HTTP/0.9 responses.
607 if (result < 0) {
608 // Nothing else to do. In the HTTP/0.9 or only partial headers received
609 // cases, can normally go to other states after an error reading headers.
610 io_state_ = STATE_DONE;
611 // Don't let caller see the headers.
612 response_->headers = NULL;
613 return upload_error_;
616 // Skip over 1xx responses as usual, and allow 4xx/5xx error responses to
617 // override the error received while uploading the body.
618 int response_code_class = response_->headers->response_code() / 100;
619 if (response_code_class == 1 || response_code_class == 4 ||
620 response_code_class == 5) {
621 return result;
624 // All other status codes are not allowed after an error during upload, to
625 // make sure the consumer has some indication there was an error.
627 // Nothing else to do.
628 io_state_ = STATE_DONE;
629 // Don't let caller see the headers.
630 response_->headers = NULL;
631 return upload_error_;
634 int HttpStreamParser::DoReadBody() {
635 io_state_ = STATE_READ_BODY_COMPLETE;
637 // There may be some data left over from reading the response headers.
638 if (read_buf_->offset()) {
639 int available = read_buf_->offset() - read_buf_unused_offset_;
640 if (available) {
641 CHECK_GT(available, 0);
642 int bytes_from_buffer = std::min(available, user_read_buf_len_);
643 memcpy(user_read_buf_->data(),
644 read_buf_->StartOfBuffer() + read_buf_unused_offset_,
645 bytes_from_buffer);
646 read_buf_unused_offset_ += bytes_from_buffer;
647 if (bytes_from_buffer == available) {
648 read_buf_->SetCapacity(0);
649 read_buf_unused_offset_ = 0;
651 return bytes_from_buffer;
652 } else {
653 read_buf_->SetCapacity(0);
654 read_buf_unused_offset_ = 0;
658 // Check to see if we're done reading.
659 if (IsResponseBodyComplete())
660 return 0;
662 DCHECK_EQ(0, read_buf_->offset());
663 return connection_->socket()
664 ->Read(user_read_buf_.get(), user_read_buf_len_, io_callback_);
667 int HttpStreamParser::DoReadBodyComplete(int result) {
668 // When the connection is closed, there are numerous ways to interpret it.
670 // - If a Content-Length header is present and the body contains exactly that
671 // number of bytes at connection close, the response is successful.
673 // - If a Content-Length header is present and the body contains fewer bytes
674 // than promised by the header at connection close, it may indicate that
675 // the connection was closed prematurely, or it may indicate that the
676 // server sent an invalid Content-Length header. Unfortunately, the invalid
677 // Content-Length header case does occur in practice and other browsers are
678 // tolerant of it. We choose to treat it as an error for now, but the
679 // download system treats it as a non-error, and URLRequestHttpJob also
680 // treats it as OK if the Content-Length is the post-decoded body content
681 // length.
683 // - If chunked encoding is used and the terminating chunk has been processed
684 // when the connection is closed, the response is successful.
686 // - If chunked encoding is used and the terminating chunk has not been
687 // processed when the connection is closed, it may indicate that the
688 // connection was closed prematurely or it may indicate that the server
689 // sent an invalid chunked encoding. We choose to treat it as
690 // an invalid chunked encoding.
692 // - If a Content-Length is not present and chunked encoding is not used,
693 // connection close is the only way to signal that the response is
694 // complete. Unfortunately, this also means that there is no way to detect
695 // early close of a connection. No error is returned.
696 if (result == 0 && !IsResponseBodyComplete() && CanFindEndOfResponse()) {
697 if (chunked_decoder_.get())
698 result = ERR_INCOMPLETE_CHUNKED_ENCODING;
699 else
700 result = ERR_CONTENT_LENGTH_MISMATCH;
703 if (result > 0)
704 received_bytes_ += result;
706 // Filter incoming data if appropriate. FilterBuf may return an error.
707 if (result > 0 && chunked_decoder_.get()) {
708 result = chunked_decoder_->FilterBuf(user_read_buf_->data(), result);
709 if (result == 0 && !chunked_decoder_->reached_eof()) {
710 // Don't signal completion of the Read call yet or else it'll look like
711 // we received end-of-file. Wait for more data.
712 io_state_ = STATE_READ_BODY;
713 return OK;
717 if (result > 0)
718 response_body_read_ += result;
720 if (result <= 0 || IsResponseBodyComplete()) {
721 io_state_ = STATE_DONE;
723 // Save the overflow data, which can be in two places. There may be
724 // some left over in |user_read_buf_|, plus there may be more
725 // in |read_buf_|. But the part left over in |user_read_buf_| must have
726 // come from the |read_buf_|, so there's room to put it back at the
727 // start first.
728 int additional_save_amount = read_buf_->offset() - read_buf_unused_offset_;
729 int save_amount = 0;
730 if (chunked_decoder_.get()) {
731 save_amount = chunked_decoder_->bytes_after_eof();
732 } else if (response_body_length_ >= 0) {
733 int64 extra_data_read = response_body_read_ - response_body_length_;
734 if (extra_data_read > 0) {
735 save_amount = static_cast<int>(extra_data_read);
736 if (result > 0)
737 result -= save_amount;
741 CHECK_LE(save_amount + additional_save_amount, kMaxBufSize);
742 if (read_buf_->capacity() < save_amount + additional_save_amount) {
743 read_buf_->SetCapacity(save_amount + additional_save_amount);
746 if (save_amount) {
747 received_bytes_ -= save_amount;
748 memcpy(read_buf_->StartOfBuffer(), user_read_buf_->data() + result,
749 save_amount);
751 read_buf_->set_offset(save_amount);
752 if (additional_save_amount) {
753 memmove(read_buf_->data(),
754 read_buf_->StartOfBuffer() + read_buf_unused_offset_,
755 additional_save_amount);
756 read_buf_->set_offset(save_amount + additional_save_amount);
758 read_buf_unused_offset_ = 0;
759 } else {
760 // Now waiting for more of the body to be read.
761 user_read_buf_ = NULL;
762 user_read_buf_len_ = 0;
765 return result;
768 int HttpStreamParser::HandleReadHeaderResult(int result) {
769 DCHECK_EQ(0, read_buf_unused_offset_);
771 if (result == 0)
772 result = ERR_CONNECTION_CLOSED;
774 if (result == ERR_CONNECTION_CLOSED) {
775 // The connection closed without getting any more data.
776 if (read_buf_->offset() == 0) {
777 io_state_ = STATE_DONE;
778 // If the connection has not been reused, it may have been a 0-length
779 // HTTP/0.9 responses, but it was most likely an error, so just return
780 // ERR_EMPTY_RESPONSE instead. If the connection was reused, just pass
781 // on the original connection close error, as rather than being an
782 // empty HTTP/0.9 response it's much more likely the server closed the
783 // socket before it received the request.
784 if (!connection_->is_reused())
785 return ERR_EMPTY_RESPONSE;
786 return result;
789 // Accepting truncated headers over HTTPS is a potential security
790 // vulnerability, so just return an error in that case.
792 // If response_header_start_offset_ is -1, this may be a < 8 byte HTTP/0.9
793 // response. However, accepting such a response over HTTPS would allow a
794 // MITM to truncate an HTTP/1.x status line to look like a short HTTP/0.9
795 // response if the peer put a record boundary at the first 8 bytes. To
796 // ensure that all response headers received over HTTPS are pristine, treat
797 // such responses as errors.
799 // TODO(mmenke): Returning ERR_RESPONSE_HEADERS_TRUNCATED when a response
800 // looks like an HTTP/0.9 response is weird. Should either come up with
801 // another error code, or, better, disable HTTP/0.9 over HTTPS (and give
802 // that a new error code).
803 if (request_->url.SchemeIsCryptographic()) {
804 io_state_ = STATE_DONE;
805 return ERR_RESPONSE_HEADERS_TRUNCATED;
808 // Parse things as well as we can and let the caller decide what to do.
809 int end_offset;
810 if (response_header_start_offset_ >= 0) {
811 // The response looks to be a truncated set of HTTP headers.
812 io_state_ = STATE_READ_BODY_COMPLETE;
813 end_offset = read_buf_->offset();
814 RecordHeaderParserEvent(HEADER_ALLOWED_TRUNCATED_HEADERS);
815 } else {
816 // The response is apparently using HTTP/0.9. Treat the entire response
817 // as the body.
818 end_offset = 0;
820 int rv = ParseResponseHeaders(end_offset);
821 if (rv < 0)
822 return rv;
823 return result;
826 if (result < 0) {
827 io_state_ = STATE_DONE;
828 return result;
831 // Record our best estimate of the 'response time' as the time when we read
832 // the first bytes of the response headers.
833 if (read_buf_->offset() == 0)
834 response_->response_time = base::Time::Now();
836 read_buf_->set_offset(read_buf_->offset() + result);
837 DCHECK_LE(read_buf_->offset(), read_buf_->capacity());
838 DCHECK_GE(result, 0);
840 int end_of_header_offset = FindAndParseResponseHeaders();
842 // Note: -1 is special, it indicates we haven't found the end of headers.
843 // Anything less than -1 is a net::Error, so we bail out.
844 if (end_of_header_offset < -1)
845 return end_of_header_offset;
847 if (end_of_header_offset == -1) {
848 io_state_ = STATE_READ_HEADERS;
849 // Prevent growing the headers buffer indefinitely.
850 if (read_buf_->offset() >= kMaxHeaderBufSize) {
851 io_state_ = STATE_DONE;
852 return ERR_RESPONSE_HEADERS_TOO_BIG;
854 } else {
855 CalculateResponseBodySize();
856 // If the body is zero length, the caller may not call ReadResponseBody,
857 // which is where any extra data is copied to read_buf_, so we move the
858 // data here.
859 if (response_body_length_ == 0) {
860 int extra_bytes = read_buf_->offset() - end_of_header_offset;
861 if (extra_bytes) {
862 CHECK_GT(extra_bytes, 0);
863 memmove(read_buf_->StartOfBuffer(),
864 read_buf_->StartOfBuffer() + end_of_header_offset,
865 extra_bytes);
867 read_buf_->SetCapacity(extra_bytes);
868 if (response_->headers->response_code() / 100 == 1) {
869 // After processing a 1xx response, the caller will ask for the next
870 // header, so reset state to support that. We don't completely ignore a
871 // 1xx response because it cannot be returned in reply to a CONNECT
872 // request so we return OK here, which lets the caller inspect the
873 // response and reject it in the event that we're setting up a CONNECT
874 // tunnel.
875 response_header_start_offset_ = -1;
876 response_body_length_ = -1;
877 // Now waiting for the second set of headers to be read.
878 } else {
879 io_state_ = STATE_DONE;
881 return OK;
884 // Note where the headers stop.
885 read_buf_unused_offset_ = end_of_header_offset;
886 // Now waiting for the body to be read.
888 return result;
891 int HttpStreamParser::FindAndParseResponseHeaders() {
892 int end_offset = -1;
893 DCHECK_EQ(0, read_buf_unused_offset_);
895 // Look for the start of the status line, if it hasn't been found yet.
896 if (response_header_start_offset_ < 0) {
897 response_header_start_offset_ = HttpUtil::LocateStartOfStatusLine(
898 read_buf_->StartOfBuffer(), read_buf_->offset());
901 if (response_header_start_offset_ >= 0) {
902 end_offset = HttpUtil::LocateEndOfHeaders(read_buf_->StartOfBuffer(),
903 read_buf_->offset(),
904 response_header_start_offset_);
905 } else if (read_buf_->offset() >= 8) {
906 // Enough data to decide that this is an HTTP/0.9 response.
907 // 8 bytes = (4 bytes of junk) + "http".length()
908 end_offset = 0;
911 if (end_offset == -1)
912 return -1;
914 int rv = ParseResponseHeaders(end_offset);
915 if (rv < 0)
916 return rv;
917 return end_offset;
920 int HttpStreamParser::ParseResponseHeaders(int end_offset) {
921 scoped_refptr<HttpResponseHeaders> headers;
922 DCHECK_EQ(0, read_buf_unused_offset_);
924 RecordHeaderParserEvent(HEADER_PARSER_INVOKED);
926 if (response_header_start_offset_ > 0) {
927 bool has_non_whitespace_in_prefix = false;
928 for (int i = 0; i < response_header_start_offset_; ++i) {
929 if (!strchr(" \t\r\n", read_buf_->StartOfBuffer()[i])) {
930 has_non_whitespace_in_prefix = true;
931 break;
934 if (has_non_whitespace_in_prefix) {
935 RecordHeaderParserEvent(HEADER_SKIPPED_NON_WS_PREFIX);
936 } else {
937 RecordHeaderParserEvent(HEADER_SKIPPED_WS_PREFIX);
941 if (response_header_start_offset_ >= 0) {
942 received_bytes_ += end_offset;
943 headers = new HttpResponseHeaders(HttpUtil::AssembleRawHeaders(
944 read_buf_->StartOfBuffer(), end_offset));
945 } else {
946 // Enough data was read -- there is no status line.
947 headers = new HttpResponseHeaders(std::string("HTTP/0.9 200 OK"));
949 if (request_->url.SchemeIsCryptographic()) {
950 RecordHeaderParserEvent(HEADER_HTTP_09_RESPONSE_OVER_SSL);
951 } else {
952 RecordHeaderParserEvent(HEADER_HTTP_09_RESPONSE_OVER_HTTP);
954 if (connection_->is_reused())
955 RecordHeaderParserEvent(HEADER_HTTP_09_ON_REUSED_SOCKET);
958 // Check for multiple Content-Length headers with no Transfer-Encoding header.
959 // If they exist, and have distinct values, it's a potential response
960 // smuggling attack.
961 if (!headers->HasHeader("Transfer-Encoding")) {
962 if (HeadersContainMultipleCopiesOfField(*headers.get(), "Content-Length"))
963 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH;
966 // Check for multiple Content-Disposition or Location headers. If they exist,
967 // it's also a potential response smuggling attack.
968 if (HeadersContainMultipleCopiesOfField(*headers.get(),
969 "Content-Disposition"))
970 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION;
971 if (HeadersContainMultipleCopiesOfField(*headers.get(), "Location"))
972 return ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION;
974 response_->headers = headers;
975 response_->connection_info = HttpResponseInfo::CONNECTION_INFO_HTTP1;
976 response_->vary_data.Init(*request_, *response_->headers.get());
977 DVLOG(1) << __FUNCTION__ << "()"
978 << " content_length = \"" << response_->headers->GetContentLength()
979 << "\n\""
980 << " headers = \""
981 << GetResponseHeaderLines(*response_->headers.get()) << "\"";
982 return OK;
985 void HttpStreamParser::CalculateResponseBodySize() {
986 // Figure how to determine EOF:
988 // For certain responses, we know the content length is always 0. From
989 // RFC 7230 Section 3.3 Message Body:
991 // The presence of a message body in a response depends on both the
992 // request method to which it is responding and the response status code
993 // (Section 3.1.2). Responses to the HEAD request method (Section 4.3.2
994 // of [RFC7231]) never include a message body because the associated
995 // response header fields (e.g., Transfer-Encoding, Content-Length,
996 // etc.), if present, indicate only what their values would have been if
997 // the request method had been GET (Section 4.3.1 of [RFC7231]). 2xx
998 // (Successful) responses to a CONNECT request method (Section 4.3.6 of
999 // [RFC7231]) switch to tunnel mode instead of having a message body.
1000 // All 1xx (Informational), 204 (No Content), and 304 (Not Modified)
1001 // responses do not include a message body. All other responses do
1002 // include a message body, although the body might be of zero length.
1004 // From RFC 7231 Section 6.3.6 205 Reset Content:
1006 // Since the 205 status code implies that no additional content will be
1007 // provided, a server MUST NOT generate a payload in a 205 response.
1008 if (response_->headers->response_code() / 100 == 1) {
1009 response_body_length_ = 0;
1010 } else {
1011 switch (response_->headers->response_code()) {
1012 case 204: // No Content
1013 case 205: // Reset Content
1014 case 304: // Not Modified
1015 response_body_length_ = 0;
1016 break;
1019 if (request_->method == "HEAD")
1020 response_body_length_ = 0;
1022 if (response_body_length_ == -1) {
1023 // "Transfer-Encoding: chunked" trumps "Content-Length: N"
1024 if (response_->headers->IsChunkEncoded()) {
1025 chunked_decoder_.reset(new HttpChunkedDecoder());
1026 } else {
1027 response_body_length_ = response_->headers->GetContentLength();
1028 // If response_body_length_ is still -1, then we have to wait
1029 // for the server to close the connection.
1034 UploadProgress HttpStreamParser::GetUploadProgress() const {
1035 if (!request_->upload_data_stream)
1036 return UploadProgress();
1038 return UploadProgress(request_->upload_data_stream->position(),
1039 request_->upload_data_stream->size());
1042 bool HttpStreamParser::IsResponseBodyComplete() const {
1043 if (chunked_decoder_.get())
1044 return chunked_decoder_->reached_eof();
1045 if (response_body_length_ != -1)
1046 return response_body_read_ >= response_body_length_;
1048 return false; // Must read to EOF.
1051 bool HttpStreamParser::CanFindEndOfResponse() const {
1052 return chunked_decoder_.get() || response_body_length_ >= 0;
1055 bool HttpStreamParser::IsMoreDataBuffered() const {
1056 return read_buf_->offset() > read_buf_unused_offset_;
1059 bool HttpStreamParser::IsConnectionReused() const {
1060 ClientSocketHandle::SocketReuseType reuse_type = connection_->reuse_type();
1061 return connection_->is_reused() ||
1062 reuse_type == ClientSocketHandle::UNUSED_IDLE;
1065 void HttpStreamParser::SetConnectionReused() {
1066 connection_->set_reuse_type(ClientSocketHandle::REUSED_IDLE);
1069 bool HttpStreamParser::IsConnectionReusable() const {
1070 return connection_->socket() && connection_->socket()->IsConnectedAndIdle();
1073 void HttpStreamParser::GetSSLInfo(SSLInfo* ssl_info) {
1074 if (request_->url.SchemeIsCryptographic() && connection_->socket()) {
1075 SSLClientSocket* ssl_socket =
1076 static_cast<SSLClientSocket*>(connection_->socket());
1077 ssl_socket->GetSSLInfo(ssl_info);
1081 void HttpStreamParser::GetSSLCertRequestInfo(
1082 SSLCertRequestInfo* cert_request_info) {
1083 if (request_->url.SchemeIsCryptographic() && connection_->socket()) {
1084 SSLClientSocket* ssl_socket =
1085 static_cast<SSLClientSocket*>(connection_->socket());
1086 ssl_socket->GetSSLCertRequestInfo(cert_request_info);
1090 int HttpStreamParser::EncodeChunk(const base::StringPiece& payload,
1091 char* output,
1092 size_t output_size) {
1093 if (output_size < payload.size() + kChunkHeaderFooterSize)
1094 return ERR_INVALID_ARGUMENT;
1096 char* cursor = output;
1097 // Add the header.
1098 const int num_chars = base::snprintf(output, output_size,
1099 "%X\r\n",
1100 static_cast<int>(payload.size()));
1101 cursor += num_chars;
1102 // Add the payload if any.
1103 if (payload.size() > 0) {
1104 memcpy(cursor, payload.data(), payload.size());
1105 cursor += payload.size();
1107 // Add the trailing CRLF.
1108 memcpy(cursor, "\r\n", 2);
1109 cursor += 2;
1111 return cursor - output;
1114 // static
1115 bool HttpStreamParser::ShouldMergeRequestHeadersAndBody(
1116 const std::string& request_headers,
1117 const UploadDataStream* request_body) {
1118 if (request_body != NULL &&
1119 // IsInMemory() ensures that the request body is not chunked.
1120 request_body->IsInMemory() &&
1121 request_body->size() > 0) {
1122 uint64 merged_size = request_headers.size() + request_body->size();
1123 if (merged_size <= kMaxMergedHeaderAndBodySize)
1124 return true;
1126 return false;
1129 } // namespace net