search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update V8 to version 4.7.53.
[chromium-blink-merge.git] / net / http / http_stream_parser.cc
blob9ddae4853dacb370c5072a34ddcdea90f8a52404
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/http/http_stream_parser.h"
6
7 #include "base/bind.h"
8 #include "base/compiler_specific.h"
9 #include "base/logging.h"
10 #include "base/metrics/histogram_macros.h"
11 #include "base/profiler/scoped_tracker.h"
12 #include "base/strings/string_util.h"
13 #include "base/values.h"
14 #include "net/base/io_buffer.h"
15 #include "net/base/ip_endpoint.h"
16 #include "net/base/upload_data_stream.h"
17 #include "net/http/http_chunked_decoder.h"
18 #include "net/http/http_request_headers.h"
19 #include "net/http/http_request_info.h"
20 #include "net/http/http_response_headers.h"
21 #include "net/http/http_status_line_validator.h"
22 #include "net/http/http_util.h"
23 #include "net/socket/client_socket_handle.h"
24 #include "net/socket/ssl_client_socket.h"
25
26 namespace net {
27
28 namespace {
29
30 enum HttpHeaderParserEvent {
31 HEADER_PARSER_INVOKED = 0,
32 // Obsolete: HEADER_HTTP_09_RESPONSE = 1,
33 HEADER_ALLOWED_TRUNCATED_HEADERS = 2,
34 HEADER_SKIPPED_WS_PREFIX = 3,
35 HEADER_SKIPPED_NON_WS_PREFIX = 4,
36 HEADER_HTTP_09_RESPONSE_OVER_HTTP = 5,
37 HEADER_HTTP_09_RESPONSE_OVER_SSL = 6,
38 HEADER_HTTP_09_ON_REUSED_SOCKET = 7,
39 NUM_HEADER_EVENTS
40 };
41
42 void RecordHeaderParserEvent(HttpHeaderParserEvent header_event) {
43 UMA_HISTOGRAM_ENUMERATION("Net.HttpHeaderParserEvent", header_event,
44 NUM_HEADER_EVENTS);
45 }
46
47 const uint64 kMaxMergedHeaderAndBodySize = 1400;
48 const size_t kRequestBodyBufferSize = 1 << 14; // 16KB
49
50 std::string GetResponseHeaderLines(const HttpResponseHeaders& headers) {
51 std::string raw_headers = headers.raw_headers();
52 const char* null_separated_headers = raw_headers.c_str();
53 const char* header_line = null_separated_headers;
54 std::string cr_separated_headers;
55 while (header_line[0] != 0) {
56 cr_separated_headers += header_line;
57 cr_separated_headers += "\n";
58 header_line += strlen(header_line) + 1;
59 }
60 return cr_separated_headers;
61 }
62
63 // Return true if |headers| contain multiple |field_name| fields with different
64 // values.
65 bool HeadersContainMultipleCopiesOfField(const HttpResponseHeaders& headers,
66 const std::string& field_name) {
67 void* it = NULL;
68 std::string field_value;
69 if (!headers.EnumerateHeader(&it, field_name, &field_value))
70 return false;
71 // There's at least one |field_name| header. Check if there are any more
72 // such headers, and if so, return true if they have different values.
73 std::string field_value2;
74 while (headers.EnumerateHeader(&it, field_name, &field_value2)) {
75 if (field_value != field_value2)
76 return true;
77 }
78 return false;
79 }
80
81 scoped_ptr<base::Value> NetLogSendRequestBodyCallback(
82 uint64 length,
83 bool is_chunked,
84 bool did_merge,
85 NetLogCaptureMode /* capture_mode */) {
86 scoped_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
87 dict->SetInteger("length", static_cast<int>(length));
88 dict->SetBoolean("is_chunked", is_chunked);
89 dict->SetBoolean("did_merge", did_merge);
90 return dict.Pass();
91 }
92
93 // Returns true if |error_code| is an error for which we give the server a
94 // chance to send a body containing error information, if the error was received
95 // while trying to upload a request body.
96 bool ShouldTryReadingOnUploadError(int error_code) {
97 return (error_code == ERR_CONNECTION_RESET);
98 }
99
100 } // namespace
101
102 // Similar to DrainableIOBuffer(), but this version comes with its own
103 // storage. The motivation is to avoid repeated allocations of
104 // DrainableIOBuffer.
105 //
106 // Example:
107 //
108 // scoped_refptr<SeekableIOBuffer> buf = new SeekableIOBuffer(1024);
109 // // capacity() == 1024. size() == BytesRemaining() == BytesConsumed() == 0.
110 // // data() points to the beginning of the buffer.
111 //
112 // // Read() takes an IOBuffer.
113 // int bytes_read = some_reader->Read(buf, buf->capacity());
114 // buf->DidAppend(bytes_read);
115 // // size() == BytesRemaining() == bytes_read. data() is unaffected.
116 //
117 // while (buf->BytesRemaining() > 0) {
118 // // Write() takes an IOBuffer. If it takes const char*, we could
119 /// // simply use the regular IOBuffer like buf->data() + offset.
120 // int bytes_written = Write(buf, buf->BytesRemaining());
121 // buf->DidConsume(bytes_written);
122 // }
123 // // BytesRemaining() == 0. BytesConsumed() == size().
124 // // data() points to the end of the consumed bytes (exclusive).
125 //
126 // // If you want to reuse the buffer, be sure to clear the buffer.
127 // buf->Clear();
128 // // size() == BytesRemaining() == BytesConsumed() == 0.
129 // // data() points to the beginning of the buffer.
130 //
131 class HttpStreamParser::SeekableIOBuffer : public IOBuffer {
132 public:
133 explicit SeekableIOBuffer(int capacity)
134 : IOBuffer(capacity),
135 real_data_(data_),
136 capacity_(capacity),
137 size_(0),
138 used_(0) {
139 }
140
141 // DidConsume() changes the |data_| pointer so that |data_| always points
142 // to the first unconsumed byte.
143 void DidConsume(int bytes) {
144 SetOffset(used_ + bytes);
145 }
146
147 // Returns the number of unconsumed bytes.
148 int BytesRemaining() const {
149 return size_ - used_;
150 }
151
152 // Seeks to an arbitrary point in the buffer. The notion of bytes consumed
153 // and remaining are updated appropriately.
154 void SetOffset(int bytes) {
155 DCHECK_GE(bytes, 0);
156 DCHECK_LE(bytes, size_);
157 used_ = bytes;
158 data_ = real_data_ + used_;
159 }
160
161 // Called after data is added to the buffer. Adds |bytes| added to
162 // |size_|. data() is unaffected.
163 void DidAppend(int bytes) {
164 DCHECK_GE(bytes, 0);
165 DCHECK_GE(size_ + bytes, 0);
166 DCHECK_LE(size_ + bytes, capacity_);
167 size_ += bytes;
168 }
169
170 // Changes the logical size to 0, and the offset to 0.
171 void Clear() {
172 size_ = 0;
173 SetOffset(0);
174 }
175
176 // Returns the logical size of the buffer (i.e the number of bytes of data
177 // in the buffer).
178 int size() const { return size_; }
179
180 // Returns the capacity of the buffer. The capacity is the size used when
181 // the object is created.
182 int capacity() const { return capacity_; };
183
184 private:
185 ~SeekableIOBuffer() override {
186 // data_ will be deleted in IOBuffer::~IOBuffer().
187 data_ = real_data_;
188 }
189
190 char* real_data_;
191 const int capacity_;
192 int size_;
193 int used_;
194 };
195
196 // 2 CRLFs + max of 8 hex chars.
197 const size_t HttpStreamParser::kChunkHeaderFooterSize = 12;
198
199 HttpStreamParser::HttpStreamParser(ClientSocketHandle* connection,
200 const HttpRequestInfo* request,
201 GrowableIOBuffer* read_buffer,
202 const BoundNetLog& net_log)
203 : io_state_(STATE_NONE),
204 request_(request),
205 request_headers_(nullptr),
206 request_headers_length_(0),
207 read_buf_(read_buffer),
208 read_buf_unused_offset_(0),
209 response_header_start_offset_(-1),
210 received_bytes_(0),
211 sent_bytes_(0),
212 response_(nullptr),
213 response_body_length_(-1),
214 response_body_read_(0),
215 user_read_buf_(nullptr),
216 user_read_buf_len_(0),
217 connection_(connection),
218 net_log_(net_log),
219 sent_last_chunk_(false),
220 upload_error_(OK),
221 weak_ptr_factory_(this) {
222 io_callback_ = base::Bind(&HttpStreamParser::OnIOComplete,
223 weak_ptr_factory_.GetWeakPtr());
224 }
225
226 HttpStreamParser::~HttpStreamParser() {
227 }
228
229 int HttpStreamParser::SendRequest(const std::string& request_line,
230 const HttpRequestHeaders& headers,
231 HttpResponseInfo* response,
232 const CompletionCallback& callback) {
233 DCHECK_EQ(STATE_NONE, io_state_);
234 DCHECK(callback_.is_null());
235 DCHECK(!callback.is_null());
236 DCHECK(response);
237
238 net_log_.AddEvent(
239 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_HEADERS,
240 base::Bind(&HttpRequestHeaders::NetLogCallback,
241 base::Unretained(&headers),
242 &request_line));
243
244 DVLOG(1) << __FUNCTION__ << "()"
245 << " request_line = \"" << request_line << "\""
246 << " headers = \"" << headers.ToString() << "\"";
247 response_ = response;
248
249 // Put the peer's IP address and port into the response.
250 IPEndPoint ip_endpoint;
251 int result = connection_->socket()->GetPeerAddress(&ip_endpoint);
252 if (result != OK)
253 return result;
254 response_->socket_address = HostPortPair::FromIPEndPoint(ip_endpoint);
255
256 std::string request = request_line + headers.ToString();
257 request_headers_length_ = request.size();
258
259 if (request_->upload_data_stream != NULL) {
260 request_body_send_buf_ = new SeekableIOBuffer(kRequestBodyBufferSize);
261 if (request_->upload_data_stream->is_chunked()) {
262 // Read buffer is adjusted to guarantee that |request_body_send_buf_| is
263 // large enough to hold the encoded chunk.
264 request_body_read_buf_ =
265 new SeekableIOBuffer(kRequestBodyBufferSize - kChunkHeaderFooterSize);
266 } else {
267 // No need to encode request body, just send the raw data.
268 request_body_read_buf_ = request_body_send_buf_;
269 }
270 }
271
272 io_state_ = STATE_SEND_HEADERS;
273
274 // If we have a small request body, then we'll merge with the headers into a
275 // single write.
276 bool did_merge = false;
277 if (ShouldMergeRequestHeadersAndBody(request, request_->upload_data_stream)) {
278 int merged_size = static_cast<int>(
279 request_headers_length_ + request_->upload_data_stream->size());
280 scoped_refptr<IOBuffer> merged_request_headers_and_body(
281 new IOBuffer(merged_size));
282 // We'll repurpose |request_headers_| to store the merged headers and
283 // body.
284 request_headers_ = new DrainableIOBuffer(
285 merged_request_headers_and_body.get(), merged_size);
286
287 memcpy(request_headers_->data(), request.data(), request_headers_length_);
288 request_headers_->DidConsume(request_headers_length_);
289
290 uint64 todo = request_->upload_data_stream->size();
291 while (todo) {
292 int consumed = request_->upload_data_stream->Read(
293 request_headers_.get(), static_cast<int>(todo), CompletionCallback());
294 DCHECK_GT(consumed, 0); // Read() won't fail if not chunked.
295 request_headers_->DidConsume(consumed);
296 todo -= consumed;
297 }
298 DCHECK(request_->upload_data_stream->IsEOF());
299 // Reset the offset, so the buffer can be read from the beginning.
300 request_headers_->SetOffset(0);
301 did_merge = true;
302
303 net_log_.AddEvent(
304 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY,
305 base::Bind(&NetLogSendRequestBodyCallback,
306 request_->upload_data_stream->size(),
307 false, /* not chunked */
308 true /* merged */));
309 }
310
311 if (!did_merge) {
312 // If we didn't merge the body with the headers, then |request_headers_|
313 // contains just the HTTP headers.
314 scoped_refptr<StringIOBuffer> headers_io_buf(new StringIOBuffer(request));
315 request_headers_ =
316 new DrainableIOBuffer(headers_io_buf.get(), headers_io_buf->size());
317 }
318
319 result = DoLoop(OK);
320 if (result == ERR_IO_PENDING)
321 callback_ = callback;
322
323 return result > 0 ? OK : result;
324 }
325
326 int HttpStreamParser::ReadResponseHeaders(const CompletionCallback& callback) {
327 DCHECK(io_state_ == STATE_NONE || io_state_ == STATE_DONE);
328 DCHECK(callback_.is_null());
329 DCHECK(!callback.is_null());
330 DCHECK_EQ(0, read_buf_unused_offset_);
331
332 // This function can be called with io_state_ == STATE_DONE if the
333 // connection is closed after seeing just a 1xx response code.
334 if (io_state_ == STATE_DONE)
335 return ERR_CONNECTION_CLOSED;
336
337 int result = OK;
338 io_state_ = STATE_READ_HEADERS;
339
340 if (read_buf_->offset() > 0) {
341 // Simulate the state where the data was just read from the socket.
342 result = read_buf_->offset();
343 read_buf_->set_offset(0);
344 }
345 if (result > 0)
346 io_state_ = STATE_READ_HEADERS_COMPLETE;
347
348 result = DoLoop(result);
349 if (result == ERR_IO_PENDING)
350 callback_ = callback;
351
352 return result > 0 ? OK : result;
353 }
354
355 void HttpStreamParser::Close(bool not_reusable) {
356 if (not_reusable && connection_->socket())
357 connection_->socket()->Disconnect();
358 connection_->Reset();
359 }
360
361 int HttpStreamParser::ReadResponseBody(IOBuffer* buf, int buf_len,
362 const CompletionCallback& callback) {
363 DCHECK(io_state_ == STATE_NONE || io_state_ == STATE_DONE);
364 DCHECK(callback_.is_null());
365 DCHECK(!callback.is_null());
366 DCHECK_LE(buf_len, kMaxBufSize);
367
368 if (io_state_ == STATE_DONE)
369 return OK;
370
371 user_read_buf_ = buf;
372 user_read_buf_len_ = buf_len;
373 io_state_ = STATE_READ_BODY;
374
375 int result = DoLoop(OK);
376 if (result == ERR_IO_PENDING)
377 callback_ = callback;
378
379 return result;
380 }
381
382 void HttpStreamParser::OnIOComplete(int result) {
383 result = DoLoop(result);
384
385 // The client callback can do anything, including destroying this class,
386 // so any pending callback must be issued after everything else is done.
387 if (result != ERR_IO_PENDING && !callback_.is_null()) {
388 CompletionCallback c = callback_;
389 callback_.Reset();
390 c.Run(result);
391 }
392 }
393
394 int HttpStreamParser::DoLoop(int result) {
395 do {
396 DCHECK_NE(ERR_IO_PENDING, result);
397 DCHECK_NE(STATE_DONE, io_state_);
398 DCHECK_NE(STATE_NONE, io_state_);
399 State state = io_state_;
400 io_state_ = STATE_NONE;
401 switch (state) {
402 case STATE_SEND_HEADERS:
403 DCHECK_EQ(OK, result);
404 result = DoSendHeaders();
405 break;
406 case STATE_SEND_HEADERS_COMPLETE:
407 result = DoSendHeadersComplete(result);
408 break;
409 case STATE_SEND_BODY:
410 DCHECK_EQ(OK, result);
411 result = DoSendBody();
412 break;
413 case STATE_SEND_BODY_COMPLETE:
414 result = DoSendBodyComplete(result);
415 break;
416 case STATE_SEND_REQUEST_READ_BODY_COMPLETE:
417 result = DoSendRequestReadBodyComplete(result);
418 break;
419 case STATE_READ_HEADERS:
420 net_log_.BeginEvent(NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS);
421 DCHECK_GE(result, 0);
422 result = DoReadHeaders();
423 break;
424 case STATE_READ_HEADERS_COMPLETE:
425 result = DoReadHeadersComplete(result);
426 net_log_.EndEventWithNetErrorCode(
427 NetLog::TYPE_HTTP_STREAM_PARSER_READ_HEADERS, result);
428 break;
429 case STATE_READ_BODY:
430 DCHECK_GE(result, 0);
431 result = DoReadBody();
432 break;
433 case STATE_READ_BODY_COMPLETE:
434 result = DoReadBodyComplete(result);
435 break;
436 default:
437 NOTREACHED();
438 break;
439 }
440 } while (result != ERR_IO_PENDING &&
441 (io_state_ != STATE_DONE && io_state_ != STATE_NONE));
442
443 return result;
444 }
445
446 int HttpStreamParser::DoSendHeaders() {
447 // TODO(mmenke): Remove ScopedTracker below once crbug.com/424359 is fixed.
448 tracked_objects::ScopedTracker tracking_profile(
449 FROM_HERE_WITH_EXPLICIT_FUNCTION(
450 "424359 HttpStreamParser::DoSendHeaders"));
451
452 int bytes_remaining = request_headers_->BytesRemaining();
453 DCHECK_GT(bytes_remaining, 0);
454
455 // Record our best estimate of the 'request time' as the time when we send
456 // out the first bytes of the request headers.
457 if (bytes_remaining == request_headers_->size())
458 response_->request_time = base::Time::Now();
459
460 io_state_ = STATE_SEND_HEADERS_COMPLETE;
461 return connection_->socket()
462 ->Write(request_headers_.get(), bytes_remaining, io_callback_);
463 }
464
465 int HttpStreamParser::DoSendHeadersComplete(int result) {
466 if (result < 0) {
467 // In the unlikely case that the headers and body were merged, all the
468 // the headers were sent, but not all of the body way, and |result| is
469 // an error that this should try reading after, stash the error for now and
470 // act like the request was successfully sent.
471 if (request_headers_->BytesConsumed() >= request_headers_length_ &&
472 ShouldTryReadingOnUploadError(result)) {
473 upload_error_ = result;
474 return OK;
475 }
476 return result;
477 }
478
479 sent_bytes_ += result;
480 request_headers_->DidConsume(result);
481 if (request_headers_->BytesRemaining() > 0) {
482 io_state_ = STATE_SEND_HEADERS;
483 return OK;
484 }
485
486 if (request_->upload_data_stream != NULL &&
487 (request_->upload_data_stream->is_chunked() ||
488 // !IsEOF() indicates that the body wasn't merged.
489 (request_->upload_data_stream->size() > 0 &&
490 !request_->upload_data_stream->IsEOF()))) {
491 net_log_.AddEvent(
492 NetLog::TYPE_HTTP_TRANSACTION_SEND_REQUEST_BODY,
493 base::Bind(&NetLogSendRequestBodyCallback,
494 request_->upload_data_stream->size(),
495 request_->upload_data_stream->is_chunked(),
496 false /* not merged */));
497 io_state_ = STATE_SEND_BODY;
498 return OK;
499 }
500
501 // Finished sending the request.
502 return OK;
503 }
504
505 int HttpStreamParser::DoSendBody() {
506 if (request_body_send_buf_->BytesRemaining() > 0) {
507 io_state_ = STATE_SEND_BODY_COMPLETE;
508 return connection_->socket()
509 ->Write(request_body_send_buf_.get(),
510 request_body_send_buf_->BytesRemaining(),
511 io_callback_);
512 }
513
514 if (request_->upload_data_stream->is_chunked() && sent_last_chunk_) {
515 // Finished sending the request.
516 return OK;
517 }
518
519 request_body_read_buf_->Clear();
520 io_state_ = STATE_SEND_REQUEST_READ_BODY_COMPLETE;
521 return request_->upload_data_stream->Read(request_body_read_buf_.get(),
522 request_body_read_buf_->capacity(),
523 io_callback_);
524 }
525
526 int HttpStreamParser::DoSendBodyComplete(int result) {
527 if (result < 0) {
528 // If |result| is an error that this should try reading after, stash the
529 // error for now and act like the request was successfully sent.
530 if (ShouldTryReadingOnUploadError(result)) {
531 upload_error_ = result;
532 return OK;
533 }
534 return result;
535 }
536
537 sent_bytes_ += result;
538 request_body_send_buf_->DidConsume(result);
539
540 io_state_ = STATE_SEND_BODY;
541 return OK;
542 }
543
544 int HttpStreamParser::DoSendRequestReadBodyComplete(int result) {
545 // |result| is the result of read from the request body from the last call to
546 // DoSendBody().
547 DCHECK_GE(result, 0); // There won't be errors.
548
549 // Chunked data needs to be encoded.
550 if (request_->upload_data_stream->is_chunked()) {
551 if (result == 0) { // Reached the end.
552 DCHECK(request_->upload_data_stream->IsEOF());
553 sent_last_chunk_ = true;
554 }
555 // Encode the buffer as 1 chunk.
556 const base::StringPiece payload(request_body_read_buf_->data(), result);
557 request_body_send_buf_->Clear();
558 result = EncodeChunk(payload,
559 request_body_send_buf_->data(),
560 request_body_send_buf_->capacity());
561 }
562
563 if (result == 0) { // Reached the end.
564 // Reaching EOF means we can finish sending request body unless the data is
565 // chunked. (i.e. No need to send the terminal chunk.)
566 DCHECK(request_->upload_data_stream->IsEOF());
567 DCHECK(!request_->upload_data_stream->is_chunked());
568 // Finished sending the request.
569 } else if (result > 0) {
570 request_body_send_buf_->DidAppend(result);
571 result = 0;
572 io_state_ = STATE_SEND_BODY;
573 }
574 return result;
575 }
576
577 int HttpStreamParser::DoReadHeaders() {
578 io_state_ = STATE_READ_HEADERS_COMPLETE;
579
580 // Grow the read buffer if necessary.
581 if (read_buf_->RemainingCapacity() == 0)
582 read_buf_->SetCapacity(read_buf_->capacity() + kHeaderBufInitialSize);
583
584 // http://crbug.com/16371: We're seeing |user_buf_->data()| return NULL.
585 // See if the user is passing in an IOBuffer with a NULL |data_|.
586 CHECK(read_buf_->data());
587
588 return connection_->socket()
589 ->Read(read_buf_.get(), read_buf_->RemainingCapacity(), io_callback_);
590 }
591
592 int HttpStreamParser::DoReadHeadersComplete(int result) {
593 result = HandleReadHeaderResult(result);
594
595 // TODO(mmenke): The code below is ugly and hacky. A much better and more
596 // flexible long term solution would be to separate out the read and write
597 // loops, though this would involve significant changes, both here and
598 // elsewhere (WebSockets, for instance).
599
600 // If still reading the headers, or there was no error uploading the request
601 // body, just return the result.
602 if (io_state_ == STATE_READ_HEADERS || upload_error_ == OK)
603 return result;
604
605 // If the result is ERR_IO_PENDING, |io_state_| should be STATE_READ_HEADERS.
606 DCHECK_NE(ERR_IO_PENDING, result);
607
608 // On errors, use the original error received when sending the request.
609 // The main cases where these are different is when there's a header-related
610 // error code, or when there's an ERR_CONNECTION_CLOSED, which can result in
611 // special handling of partial responses and HTTP/0.9 responses.
612 if (result < 0) {
613 // Nothing else to do. In the HTTP/0.9 or only partial headers received
614 // cases, can normally go to other states after an error reading headers.
615 io_state_ = STATE_DONE;
616 // Don't let caller see the headers.
617 response_->headers = NULL;
618 return upload_error_;
619 }
620
621 // Skip over 1xx responses as usual, and allow 4xx/5xx error responses to
622 // override the error received while uploading the body.
623 int response_code_class = response_->headers->response_code() / 100;
624 if (response_code_class == 1 || response_code_class == 4 ||
625 response_code_class == 5) {
626 return result;
627 }
628
629 // All other status codes are not allowed after an error during upload, to
630 // make sure the consumer has some indication there was an error.
631
632 // Nothing else to do.
633 io_state_ = STATE_DONE;
634 // Don't let caller see the headers.
635 response_->headers = NULL;
636 return upload_error_;
637 }
638
639 int HttpStreamParser::DoReadBody() {
640 io_state_ = STATE_READ_BODY_COMPLETE;
641
642 // There may be some data left over from reading the response headers.
643 if (read_buf_->offset()) {
644 int available = read_buf_->offset() - read_buf_unused_offset_;
645 if (available) {
646 CHECK_GT(available, 0);
647 int bytes_from_buffer = std::min(available, user_read_buf_len_);
648 memcpy(user_read_buf_->data(),
649 read_buf_->StartOfBuffer() + read_buf_unused_offset_,
650 bytes_from_buffer);
651 read_buf_unused_offset_ += bytes_from_buffer;
652 if (bytes_from_buffer == available) {
653 read_buf_->SetCapacity(0);
654 read_buf_unused_offset_ = 0;
655 }
656 return bytes_from_buffer;
657 } else {
658 read_buf_->SetCapacity(0);
659 read_buf_unused_offset_ = 0;
660 }
661 }
662
663 // Check to see if we're done reading.
664 if (IsResponseBodyComplete())
665 return 0;
666
667 DCHECK_EQ(0, read_buf_->offset());
668 return connection_->socket()
669 ->Read(user_read_buf_.get(), user_read_buf_len_, io_callback_);
670 }
671
672 int HttpStreamParser::DoReadBodyComplete(int result) {
673 // When the connection is closed, there are numerous ways to interpret it.
674 //
675 // - If a Content-Length header is present and the body contains exactly that
676 // number of bytes at connection close, the response is successful.
677 //
678 // - If a Content-Length header is present and the body contains fewer bytes
679 // than promised by the header at connection close, it may indicate that
680 // the connection was closed prematurely, or it may indicate that the
681 // server sent an invalid Content-Length header. Unfortunately, the invalid
682 // Content-Length header case does occur in practice and other browsers are
683 // tolerant of it. We choose to treat it as an error for now, but the
684 // download system treats it as a non-error, and URLRequestHttpJob also
685 // treats it as OK if the Content-Length is the post-decoded body content
686 // length.
687 //
688 // - If chunked encoding is used and the terminating chunk has been processed
689 // when the connection is closed, the response is successful.
690 //
691 // - If chunked encoding is used and the terminating chunk has not been
692 // processed when the connection is closed, it may indicate that the
693 // connection was closed prematurely or it may indicate that the server
694 // sent an invalid chunked encoding. We choose to treat it as
695 // an invalid chunked encoding.
696 //
697 // - If a Content-Length is not present and chunked encoding is not used,
698 // connection close is the only way to signal that the response is
699 // complete. Unfortunately, this also means that there is no way to detect
700 // early close of a connection. No error is returned.
701 if (result == 0 && !IsResponseBodyComplete() && CanFindEndOfResponse()) {
702 if (chunked_decoder_.get())
703 result = ERR_INCOMPLETE_CHUNKED_ENCODING;
704 else
705 result = ERR_CONTENT_LENGTH_MISMATCH;
706 }
707
708 if (result > 0)
709 received_bytes_ += result;
710
711 // Filter incoming data if appropriate. FilterBuf may return an error.
712 if (result > 0 && chunked_decoder_.get()) {
713 result = chunked_decoder_->FilterBuf(user_read_buf_->data(), result);
714 if (result == 0 && !chunked_decoder_->reached_eof()) {
715 // Don't signal completion of the Read call yet or else it'll look like
716 // we received end-of-file. Wait for more data.
717 io_state_ = STATE_READ_BODY;
718 return OK;
719 }
720 }
721
722 if (result > 0)
723 response_body_read_ += result;
724
725 if (result <= 0 || IsResponseBodyComplete()) {
726 io_state_ = STATE_DONE;
727
728 // Save the overflow data, which can be in two places. There may be
729 // some left over in |user_read_buf_|, plus there may be more
730 // in |read_buf_|. But the part left over in |user_read_buf_| must have
731 // come from the |read_buf_|, so there's room to put it back at the
732 // start first.
733 int additional_save_amount = read_buf_->offset() - read_buf_unused_offset_;
734 int save_amount = 0;
735 if (chunked_decoder_.get()) {
736 save_amount = chunked_decoder_->bytes_after_eof();
737 } else if (response_body_length_ >= 0) {
738 int64 extra_data_read = response_body_read_ - response_body_length_;
739 if (extra_data_read > 0) {
740 save_amount = static_cast<int>(extra_data_read);
741 if (result > 0)
742 result -= save_amount;
743 }
744 }
745
746 CHECK_LE(save_amount + additional_save_amount, kMaxBufSize);
747 if (read_buf_->capacity() < save_amount + additional_save_amount) {
748 read_buf_->SetCapacity(save_amount + additional_save_amount);
749 }
750
751 if (save_amount) {
752 received_bytes_ -= save_amount;
753 memcpy(read_buf_->StartOfBuffer(), user_read_buf_->data() + result,
754 save_amount);
755 }
756 read_buf_->set_offset(save_amount);
757 if (additional_save_amount) {
758 memmove(read_buf_->data(),
759 read_buf_->StartOfBuffer() + read_buf_unused_offset_,
760 additional_save_amount);
761 read_buf_->set_offset(save_amount + additional_save_amount);
762 }
763 read_buf_unused_offset_ = 0;
764 } else {
765 // Now waiting for more of the body to be read.
766 user_read_buf_ = NULL;
767 user_read_buf_len_ = 0;
768 }
769
770 return result;
771 }
772
773 int HttpStreamParser::HandleReadHeaderResult(int result) {
774 DCHECK_EQ(0, read_buf_unused_offset_);
775
776 if (result == 0)
777 result = ERR_CONNECTION_CLOSED;
778
779 if (result == ERR_CONNECTION_CLOSED) {
780 // The connection closed without getting any more data.
781 if (read_buf_->offset() == 0) {
782 io_state_ = STATE_DONE;
783 // If the connection has not been reused, it may have been a 0-length
784 // HTTP/0.9 responses, but it was most likely an error, so just return
785 // ERR_EMPTY_RESPONSE instead. If the connection was reused, just pass
786 // on the original connection close error, as rather than being an
787 // empty HTTP/0.9 response it's much more likely the server closed the
788 // socket before it received the request.
789 if (!connection_->is_reused())
790 return ERR_EMPTY_RESPONSE;
791 return result;
792 }
793
794 // Accepting truncated headers over HTTPS is a potential security
795 // vulnerability, so just return an error in that case.
796 //
797 // If response_header_start_offset_ is -1, this may be a < 8 byte HTTP/0.9
798 // response. However, accepting such a response over HTTPS would allow a
799 // MITM to truncate an HTTP/1.x status line to look like a short HTTP/0.9
800 // response if the peer put a record boundary at the first 8 bytes. To
801 // ensure that all response headers received over HTTPS are pristine, treat
802 // such responses as errors.
803 //
804 // TODO(mmenke): Returning ERR_RESPONSE_HEADERS_TRUNCATED when a response
805 // looks like an HTTP/0.9 response is weird. Should either come up with
806 // another error code, or, better, disable HTTP/0.9 over HTTPS (and give
807 // that a new error code).
808 if (request_->url.SchemeIsCryptographic()) {
809 io_state_ = STATE_DONE;
810 return ERR_RESPONSE_HEADERS_TRUNCATED;
811 }
812
813 // Parse things as well as we can and let the caller decide what to do.
814 int end_offset;
815 if (response_header_start_offset_ >= 0) {
816 // The response looks to be a truncated set of HTTP headers.
817 io_state_ = STATE_READ_BODY_COMPLETE;
818 end_offset = read_buf_->offset();
819 RecordHeaderParserEvent(HEADER_ALLOWED_TRUNCATED_HEADERS);
820 } else {
821 // The response is apparently using HTTP/0.9. Treat the entire response
822 // as the body.
823 end_offset = 0;
824 }
825 int rv = ParseResponseHeaders(end_offset);
826 if (rv < 0)
827 return rv;
828 return result;
829 }
830
831 if (result < 0) {
832 io_state_ = STATE_DONE;
833 return result;
834 }
835
836 // Record our best estimate of the 'response time' as the time when we read
837 // the first bytes of the response headers.
838 if (read_buf_->offset() == 0)
839 response_->response_time = base::Time::Now();
840
841 read_buf_->set_offset(read_buf_->offset() + result);
842 DCHECK_LE(read_buf_->offset(), read_buf_->capacity());
843 DCHECK_GE(result, 0);
844
845 int end_of_header_offset = FindAndParseResponseHeaders();
846
847 // Note: -1 is special, it indicates we haven't found the end of headers.
848 // Anything less than -1 is a net::Error, so we bail out.
849 if (end_of_header_offset < -1)
850 return end_of_header_offset;
851
852 if (end_of_header_offset == -1) {
853 io_state_ = STATE_READ_HEADERS;
854 // Prevent growing the headers buffer indefinitely.
855 if (read_buf_->offset() >= kMaxHeaderBufSize) {
856 io_state_ = STATE_DONE;
857 return ERR_RESPONSE_HEADERS_TOO_BIG;
858 }
859 } else {
860 CalculateResponseBodySize();
861 // If the body is zero length, the caller may not call ReadResponseBody,
862 // which is where any extra data is copied to read_buf_, so we move the
863 // data here.
864 if (response_body_length_ == 0) {
865 int extra_bytes = read_buf_->offset() - end_of_header_offset;
866 if (extra_bytes) {
867 CHECK_GT(extra_bytes, 0);
868 memmove(read_buf_->StartOfBuffer(),
869 read_buf_->StartOfBuffer() + end_of_header_offset,
870 extra_bytes);
871 }
872 read_buf_->SetCapacity(extra_bytes);
873 if (response_->headers->response_code() / 100 == 1) {
874 // After processing a 1xx response, the caller will ask for the next
875 // header, so reset state to support that. We don't completely ignore a
876 // 1xx response because it cannot be returned in reply to a CONNECT
877 // request so we return OK here, which lets the caller inspect the
878 // response and reject it in the event that we're setting up a CONNECT
879 // tunnel.
880 response_header_start_offset_ = -1;
881 response_body_length_ = -1;
882 // Now waiting for the second set of headers to be read.
883 } else {
884 io_state_ = STATE_DONE;
885 }
886 return OK;
887 }
888
889 // Note where the headers stop.
890 read_buf_unused_offset_ = end_of_header_offset;
891 // Now waiting for the body to be read.
892 }
893 return result;
894 }
895
896 int HttpStreamParser::FindAndParseResponseHeaders() {
897 int end_offset = -1;
898 DCHECK_EQ(0, read_buf_unused_offset_);
899
900 // Look for the start of the status line, if it hasn't been found yet.
901 if (response_header_start_offset_ < 0) {
902 response_header_start_offset_ = HttpUtil::LocateStartOfStatusLine(
903 read_buf_->StartOfBuffer(), read_buf_->offset());
904 }
905
906 if (response_header_start_offset_ >= 0) {
907 end_offset = HttpUtil::LocateEndOfHeaders(read_buf_->StartOfBuffer(),
908 read_buf_->offset(),
909 response_header_start_offset_);
910 } else if (read_buf_->offset() >= 8) {
911 // Enough data to decide that this is an HTTP/0.9 response.
912 // 8 bytes = (4 bytes of junk) + "http".length()
913 end_offset = 0;
914 }
915
916 if (end_offset == -1)
917 return -1;
918
919 int rv = ParseResponseHeaders(end_offset);
920 if (rv < 0)
921 return rv;
922 return end_offset;
923 }
924
925 int HttpStreamParser::ParseResponseHeaders(int end_offset) {
926 scoped_refptr<HttpResponseHeaders> headers;
927 DCHECK_EQ(0, read_buf_unused_offset_);
928
929 RecordHeaderParserEvent(HEADER_PARSER_INVOKED);
930
931 if (response_header_start_offset_ > 0) {
932 bool has_non_whitespace_in_prefix = false;
933 for (int i = 0; i < response_header_start_offset_; ++i) {
934 if (!strchr(" \t\r\n", read_buf_->StartOfBuffer()[i])) {
935 has_non_whitespace_in_prefix = true;
936 break;
937 }
938 }
939 if (has_non_whitespace_in_prefix) {
940 RecordHeaderParserEvent(HEADER_SKIPPED_NON_WS_PREFIX);
941 } else {
942 RecordHeaderParserEvent(HEADER_SKIPPED_WS_PREFIX);
943 }
944 }
945
946 if (response_header_start_offset_ >= 0) {
947 received_bytes_ += end_offset;
948 std::string raw_headers =
949 HttpUtil::AssembleRawHeaders(read_buf_->StartOfBuffer(), end_offset);
950 ValidateStatusLine(
951 std::string(read_buf_->StartOfBuffer(), raw_headers.find('\0')));
952 headers = new HttpResponseHeaders(raw_headers);
953 } else {
954 // Enough data was read -- there is no status line.
955 headers = new HttpResponseHeaders(std::string("HTTP/0.9 200 OK"));
956
957 if (request_->url.SchemeIsCryptographic()) {
958 RecordHeaderParserEvent(HEADER_HTTP_09_RESPONSE_OVER_SSL);
959 } else {
960 RecordHeaderParserEvent(HEADER_HTTP_09_RESPONSE_OVER_HTTP);
961 }
962 if (connection_->is_reused())
963 RecordHeaderParserEvent(HEADER_HTTP_09_ON_REUSED_SOCKET);
964 }
965
966 // Check for multiple Content-Length headers when the response is not
967 // chunked-encoded. If they exist, and have distinct values, it's a potential
968 // response smuggling attack.
969 if (!headers->IsChunkEncoded()) {
970 if (HeadersContainMultipleCopiesOfField(*headers, "Content-Length"))
971 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_LENGTH;
972 }
973
974 // Check for multiple Content-Disposition or Location headers. If they exist,
975 // it's also a potential response smuggling attack.
976 if (HeadersContainMultipleCopiesOfField(*headers, "Content-Disposition"))
977 return ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION;
978 if (HeadersContainMultipleCopiesOfField(*headers, "Location"))
979 return ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION;
980
981 response_->headers = headers;
982 response_->connection_info = HttpResponseInfo::CONNECTION_INFO_HTTP1;
983 response_->vary_data.Init(*request_, *response_->headers);
984 DVLOG(1) << __FUNCTION__ << "()"
985 << " content_length = \"" << response_->headers->GetContentLength()
986 << "\n\""
987 << " headers = \"" << GetResponseHeaderLines(*response_->headers)
988 << "\"";
989 return OK;
990 }
991
992 void HttpStreamParser::CalculateResponseBodySize() {
993 // Figure how to determine EOF:
994
995 // For certain responses, we know the content length is always 0. From
996 // RFC 7230 Section 3.3 Message Body:
997 //
998 // The presence of a message body in a response depends on both the
999 // request method to which it is responding and the response status code
1000 // (Section 3.1.2). Responses to the HEAD request method (Section 4.3.2
1001 // of [RFC7231]) never include a message body because the associated
1002 // response header fields (e.g., Transfer-Encoding, Content-Length,
1003 // etc.), if present, indicate only what their values would have been if
1004 // the request method had been GET (Section 4.3.1 of [RFC7231]). 2xx
1005 // (Successful) responses to a CONNECT request method (Section 4.3.6 of
1006 // [RFC7231]) switch to tunnel mode instead of having a message body.
1007 // All 1xx (Informational), 204 (No Content), and 304 (Not Modified)
1008 // responses do not include a message body. All other responses do
1009 // include a message body, although the body might be of zero length.
1010 //
1011 // From RFC 7231 Section 6.3.6 205 Reset Content:
1012 //
1013 // Since the 205 status code implies that no additional content will be
1014 // provided, a server MUST NOT generate a payload in a 205 response.
1015 if (response_->headers->response_code() / 100 == 1) {
1016 response_body_length_ = 0;
1017 } else {
1018 switch (response_->headers->response_code()) {
1019 case 204: // No Content
1020 case 205: // Reset Content
1021 case 304: // Not Modified
1022 response_body_length_ = 0;
1023 break;
1024 }
1025 }
1026 if (request_->method == "HEAD")
1027 response_body_length_ = 0;
1028
1029 if (response_body_length_ == -1) {
1030 // "Transfer-Encoding: chunked" trumps "Content-Length: N"
1031 if (response_->headers->IsChunkEncoded()) {
1032 chunked_decoder_.reset(new HttpChunkedDecoder());
1033 } else {
1034 response_body_length_ = response_->headers->GetContentLength();
1035 // If response_body_length_ is still -1, then we have to wait
1036 // for the server to close the connection.
1037 }
1038 }
1039 }
1040
1041 UploadProgress HttpStreamParser::GetUploadProgress() const {
1042 if (!request_->upload_data_stream)
1043 return UploadProgress();
1044
1045 return UploadProgress(request_->upload_data_stream->position(),
1046 request_->upload_data_stream->size());
1047 }
1048
1049 bool HttpStreamParser::IsResponseBodyComplete() const {
1050 if (chunked_decoder_.get())
1051 return chunked_decoder_->reached_eof();
1052 if (response_body_length_ != -1)
1053 return response_body_read_ >= response_body_length_;
1054
1055 return false; // Must read to EOF.
1056 }
1057
1058 bool HttpStreamParser::CanFindEndOfResponse() const {
1059 return chunked_decoder_.get() || response_body_length_ >= 0;
1060 }
1061
1062 bool HttpStreamParser::IsMoreDataBuffered() const {
1063 return read_buf_->offset() > read_buf_unused_offset_;
1064 }
1065
1066 bool HttpStreamParser::IsConnectionReused() const {
1067 ClientSocketHandle::SocketReuseType reuse_type = connection_->reuse_type();
1068 return connection_->is_reused() ||
1069 reuse_type == ClientSocketHandle::UNUSED_IDLE;
1070 }
1071
1072 void HttpStreamParser::SetConnectionReused() {
1073 connection_->set_reuse_type(ClientSocketHandle::REUSED_IDLE);
1074 }
1075
1076 bool HttpStreamParser::CanReuseConnection() const {
1077 if (!CanFindEndOfResponse())
1078 return false;
1079 if (!response_->headers || !response_->headers->IsKeepAlive())
1080 return false;
1081 return connection_->socket() && connection_->socket()->IsConnectedAndIdle();
1082 }
1083
1084 void HttpStreamParser::GetSSLInfo(SSLInfo* ssl_info) {
1085 if (request_->url.SchemeIsCryptographic() && connection_->socket()) {
1086 SSLClientSocket* ssl_socket =
1087 static_cast<SSLClientSocket*>(connection_->socket());
1088 ssl_socket->GetSSLInfo(ssl_info);
1089 }
1090 }
1091
1092 void HttpStreamParser::GetSSLCertRequestInfo(
1093 SSLCertRequestInfo* cert_request_info) {
1094 if (request_->url.SchemeIsCryptographic() && connection_->socket()) {
1095 SSLClientSocket* ssl_socket =
1096 static_cast<SSLClientSocket*>(connection_->socket());
1097 ssl_socket->GetSSLCertRequestInfo(cert_request_info);
1098 }
1099 }
1100
1101 int HttpStreamParser::EncodeChunk(const base::StringPiece& payload,
1102 char* output,
1103 size_t output_size) {
1104 if (output_size < payload.size() + kChunkHeaderFooterSize)
1105 return ERR_INVALID_ARGUMENT;
1106
1107 char* cursor = output;
1108 // Add the header.
1109 const int num_chars = base::snprintf(output, output_size,
1110 "%X\r\n",
1111 static_cast<int>(payload.size()));
1112 cursor += num_chars;
1113 // Add the payload if any.
1114 if (payload.size() > 0) {
1115 memcpy(cursor, payload.data(), payload.size());
1116 cursor += payload.size();
1117 }
1118 // Add the trailing CRLF.
1119 memcpy(cursor, "\r\n", 2);
1120 cursor += 2;
1121
1122 return cursor - output;
1123 }
1124
1125 // static
1126 bool HttpStreamParser::ShouldMergeRequestHeadersAndBody(
1127 const std::string& request_headers,
1128 const UploadDataStream* request_body) {
1129 if (request_body != NULL &&
1130 // IsInMemory() ensures that the request body is not chunked.
1131 request_body->IsInMemory() &&
1132 request_body->size() > 0) {
1133 uint64 merged_size = request_headers.size() + request_body->size();
1134 if (merged_size <= kMaxMergedHeaderAndBodySize)
1135 return true;
1136 }
1137 return false;
1138 }
1139
1140 void HttpStreamParser::ValidateStatusLine(const std::string& status_line) {
1141 HttpStatusLineValidator::StatusLineStatus status =
1142 HttpStatusLineValidator::ValidateStatusLine(status_line);
1143 UMA_HISTOGRAM_ENUMERATION("Net.HttpStatusLineStatus", status,
1144 HttpStatusLineValidator::STATUS_LINE_MAX);
1145 }
1146
1147 } // namespace net