| blob | 8ddb9ffa04b2d198182a68af7770fe11ce48903e |
1 // Copyright 2007, Google Inc.
2 //
3 // Redistribution and use in source and binary forms, with or without
4 // modification, are permitted provided that the following conditions are met:
5 //
6 // 1. Redistributions of source code must retain the above copyright notice,
7 // this list of conditions and the following disclaimer.
8 // 2. Redistributions in binary form must reproduce the above copyright notice,
9 // this list of conditions and the following disclaimer in the documentation
10 // and/or other materials provided with the distribution.
11 // 3. Neither the name of Google Inc. nor the names of its contributors may be
12 // used to endorse or promote products derived from this software without
13 // specific prior written permission.
14 //
15 // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
16 // WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
17 // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
18 // EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
19 // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
20 // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
21 // OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
22 // WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 // OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
24 // ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 //
26 // This file is branched from /google3/webutil/http/httputils.cc
28 #include <iterator>
29 #include <vector>
32 // ----------------------------------------------------------------------
33 // The top portion of this file contains various google3 utils that the
34 // header parsing code we're actually interested in re-using depends on.
35 // ----------------------------------------------------------------------
37 #if WIN32
38 // From google3/base/port.h
40 #define strcasecmp _stricmp
41 #define strncasecmp _strnicmp
42 #endif
44 // From google3/string/memutils.h
45 // ----------------------------------------------------------------------
46 // strliterallen, memcasecmp, memcaseis, memis, memcasestr
47 // ----------------------------------------------------------------------
49 // The ""'s catch people who don't pass in a literal for "str"
59 }
61 }
63 #define memcaseis(str, len, literal) \
64 ( (((len) == strliterallen(literal)) \
65 && memcasecmp(str, literal, strliterallen(literal)) == 0) )
67 #define memis(str, len, literal) \
68 ( (((len) == strliterallen(literal)) \
69 && memcmp(str, literal, strliterallen(literal)) == 0) )
71 // From google3/string/strutil.h
72 // ----------------------------------------------------------------------
73 // var_strprefix()
74 // var_strcaseprefix()
75 // Give me a string and a putative prefix, and I return a pointer
76 // past the prefix if the prefix matches, or NULL else.
77 // Just like 'strprefix' and 'strcaseprefix' except that it works
78 // on character pointers as well as constant strings.
79 // Templates are used to provide both const and non-const versions.
80 // ----------------------------------------------------------------------
86 }
92 }
94 // ----------------------------------------------------------------------
95 // Replacements for logging related macros
96 // ----------------------------------------------------------------------
102 };
105 #define CHECK_LT(x, y) assert(x < y)
106 #define CHECK_GE(x, y) assert(x >= y)
107 #define CHECK(x) assert(x);
110 #define WARNING 1
112 // Based on google3/base/arena.h
113 // ----------------------------------------------------------------------
114 // We implement just enough of the interface to allow this module to compile.
115 // ----------------------------------------------------------------------
121 }
125 }
130 }
134 }
136 }
139 };
141 // The google3 code we've picked up uses the standard namespace
147 // ----------------------------------------------------------------------
148 // The remainder of this file is largely unmodified from the original
149 // sources in google3/webutil/http/httputils.cc, with the caveat that
150 // we've only taken a subset of the original methods. The methods that
151 // we have taken are nearly verbatim.
152 // ----------------------------------------------------------------------
218 // ----------------------------------------------------------------------
219 // HTTPHeaders::HTTPHeaders()
220 // ~HTTPHeaders::HTTPHeaders()
221 // Basic memory management
222 // ----------------------------------------------------------------------
226 // Could just call ClearHeaders(), but this is faster and has the same effect
229 }
234 }
236 // ----------------------------------------------------------------------
237 // HTTPHeaders::ClearHeaders()
238 // SetHeader() allocates both the key and the value using
239 // arena_->Strdup. We reset the arena and call clear() on the
240 // underlying vector. You're left with an empty headers vector.
241 // ----------------------------------------------------------------------
250 }
252 // ----------------------------------------------------------------------
253 // HTTPHeaders::IsEmpty()
254 // HTTPHeaders::begin()
255 // HTTPHeaders::end()
256 // We'd put these in the .h file if we could use STL there.
257 // ----------------------------------------------------------------------
261 }
264 }
267 }
270 }
273 }
275 // ----------------------------------------------------------------------
276 // HTTPHeaders::GetHeader()
277 // Returns the value associated with header.
278 // Returns NULL if one is not found.
279 // This function should not be used to process large numbers of
280 // command headers (it searches a vector) but it's very handy when
281 // there are just a few headers.
282 // Also do not use this method to get the special case header
283 // 'Set-Cookie', because there maybe multiple Set-Cookie headers and this
284 // method will only return the first one. Use GetHeaders() instead.
285 // ----------------------------------------------------------------------
288 const_iterator key;
294 }
295 }
298 }
300 // ----------------------------------------------------------------------
301 // HTTPHeaders::GetHeaders()
302 // Returns all values associated with a header.
303 // Use this method for the 'Set-Cookie' header since there may
304 // be multiple instances.
305 // ----------------------------------------------------------------------
308 const_iterator key;
314 }
315 }
316 }
318 // ----------------------------------------------------------------------
319 // HTTPHeaders::HeaderIs()
320 // HTTPHeaders::HeaderStartsWith()
321 // Convenience methods which tell you if a header is present, and
322 // if so whether it has a certain value, or starts with a certain
323 // value. All comparisons are case-insensitive.
324 // ----------------------------------------------------------------------
329 }
334 }
336 // ----------------------------------------------------------------------
337 // HTTPHeaders::SetHeader()
338 // HTTPHeaders::AddNewHeader()
339 // Sets a header in the vector of headers. If a header with the
340 // given name already exists and the overwrite parameter is set to
341 // OVERWRITE, then we overwrite it. If a header with the given name
342 // already exists and the overwrite parameter is set to APPEND, then
343 // we append the new value on to the old value (separating them with
344 // a ','). When setting the new vector entry, it makes copies
345 // of both key and value.
346 // In the case of AddNewHeader(), we always tack on the given
347 // key and value to the end of our list of headers. You probably only
348 // want to use this low-level interface if you're writing test code
349 // that needs to generate duplicate HTTP headers. Well-behaved
350 // programs should use SetHeader().
351 // Value can be NULL; this means "erase this header." We actually
352 // store with the NULL, so the erase can apply "automatic"
353 // headers the connection class would otherwise emit by itself.
354 // RETURNS a pointer to the new value for the key we just inserted
355 // (which, in the overwrite == APPEND case, may not be the value that
356 // we just set), where it lives in the array.
357 //
358 // If we are over the threshold for header size, we return null. We
359 // don't even bother to allow header erasing in this case.
360 // ----------------------------------------------------------------------
365 // We want to limit the size the headers can grow to, to avoid
366 // denial-of-service where clients keep sending us lots of data.
367 // Ignore any beyond the max.
371 // Header values cannot contain \r\n because everything following the \r\n
372 // will be interpreted as a new header line. This can cause security problems
373 // if an uncareful server accepts user input (e.g., a URL to redirect to) and
374 // writes it into response headers without proper sanitization. So scan for
375 // CR or LF, and if we find either, replace it with "_". Common case is
376 // none is found, so all we've done is scan the string.
383 }
385 }
389 }
391 // Special case Set-Cookie/WWW-Authenticate can be a multi-line header
392 // (like a multi-map)
399 }
400 // If overwrite is NO_OVERWRITE, then the non-Set-Cookie-specific code
401 // below will handle it correctly.
402 }
412 // We temporarily leak the memory for the old key and value.
413 // Note: we could avoid copying key here but I am worried about
414 // case differences between old key and new key.
423 // We temporarily leak the memory for the old key and value.
424 // Note: we could avoid copying key here but I am worried about
425 // case differences between old key and new key.
431 }
432 }
434 }
435 }
436 // Nothing matched, so we can insert
438 }
442 // We want to limit the size the headers can grow to, to avoid
443 // denial-of-service where clients keep sending us lots of data.
444 // Ignore any beyond the max.
453 }
455 // ----------------------------------------------------------------------
456 // HTTPHeaders::AppendValueToHeader()
457 // Append the given value to the given header, separating it from
458 // the current value with the given separator.
459 // RETURNS a pointer to the new value for the key we just inserted,
460 // where it lives in the array.
461 //
462 // As the previous value is not freed, there are degenerate documents
463 // that require O(N^2) memory to process. E.g. A single header,
464 // with the rest of the document being header continuation lines.
465 // ----------------------------------------------------------------------
470 // We want to limit the size the headers can grow to, to avoid
471 // denial-of-service where clients keep sending us lots of data.
472 // Ignore any beyond the max.
479 // The + 1 is for the \0 terminator.
489 }
491 // ----------------------------------------------------------------------
492 // HTTPHeaders::ClearHeader()
493 // Makes it as if the header never was. This is like
494 // SetHeader(hdr, NULL) in that, in both cases, the header won't
495 // ever be emitted to the user. They differ only in how they
496 // react to SetHeader(hdr, value, NO_OVERWRITE). After ClearHeader,
497 // this SetHeader will succeed, but after the NULL-SetHeader,
498 // it will fail. RETURNS true if we found the header, false else.
499 // ----------------------------------------------------------------------
510 }
511 }
513 }
515 // ----------------------------------------------------------------------
516 // HTTPHeaders::AddRequestFirstline()
517 // HTTPHeaders::CheckResponseProtocol()
518 //
519 // AddRequestFirstline() and AddResponseFirstline() know how to parse one
520 // line of input: the firstline (HTTP command or response).
521 // CheckResponseProtocol() is used by AddResponseFirstline() to parse the
522 // protocol (e.g., "HTTP/1.1" part of the first line). It can be
523 // overridden to support other protocols (such as Gnutella) that use
524 // HTTP-like headers.
525 // It's safest if the line you pass in includes a trailing \n
526 // (should only be necessary, though, if you use "H 200" shortcut).
527 // ----------------------------------------------------------------------
529 #define FAIL(msg) do { \
533 } while (0)
539 // One-letter requests can't be valid HTTP. But we do see (and expect) them
540 // in google1-compatibility mode: so while we still fail, we do so silently.
557 }
563 }
566 // TODO(michaeln): Gears, do we care to future proof this, HTTP/x.x?
572 // If the server didn't provide a version number, then we assume
573 // 1.0. This helps with odd servers like the NCSA/1.5.2 server,
574 // which does not send a version number if the request is version
575 // 1.1. Mozilla does the same - it tolerates this and assumes
576 // version 1.0.
578 /* Gears deletions
579 } else if ( memcaseis(proto, protolen, "ICY") ) {
580 // For icecast/shoutcast responsed used by say iTune radio stations.
581 set_http_version(HTTP_ICY);
582 } else if ( memis(proto, protolen, "H") ) {
583 // our internal "H<space> ..." form.
584 set_http_version(HTTP_OTHER); // a minimalist response
585 */
587 // We don't LOG here because it's easy to get here by accident:
588 // maybe they called AddResponse when they meant to call AddRequest.
590 }
592 }
594 // ----------------------------------------------------------------------
595 // HTTPHeaders::SetHeaderFromLine()
596 // Like SetHeader(), but we actually parse the response line from
597 // a webserver ("Header: value") for you.
598 // While the input is a char*, because we munge it as we go,
599 // we do not modify it: it's the same after our call as before.
600 // RETURNS a pointer to the new value for the key we just inserted,
601 // where it lives in the array.
602 //
603 // We handle header continuations. To quote from RFC 2616, section
604 // 2.2:
605 //
606 // HTTP/1.1 header field values can be folded onto multiple lines
607 // if the continuation line begins with a space or horizontal
608 // tab. All linear white space, including folding, has the same
609 // semantics as SP. A recipient MAY replace any linear white space
610 // with a single SP before interpreting the field value or
611 // forwarding the message downstream.
612 // ----------------------------------------------------------------------
615 // First check for continuation lines. Continuation lines
616 // start with some number of space and/or tab characters,
617 // which are equivalent to a single space character.
626 // If the previous header value is non-empty, and this
627 // continuation is non-empty, then we need a separator: we
628 // collapse the header continuation whitespace into a single
629 // space separator (as the RFC says we "MAY" do; see above).
633 }
634 }
636 // This is not a continuation line; hopefully this is a regular "Key: Value".
652 // a host might already have been set (if the incoming header
653 // had an absolute request url as in GET http://host/path HTTP/1.0)
654 // the spec says to ignore the "Host: host.com" header in this case
656 }
660 }
661 }
663 // ----------------------------------------------------------------------
664 // HTTPUtils::ParseHTTPHeaders()
665 // On entrance to this function, body and bodylen point to a document.
666 // At the end, body points past the http headers for this document;
667 // it stays unchanged if there don't seem to be any headers. bodylen
668 // is adjusted accordingly. Body need not be nul-terminated.
669 // If we have an error parsing, body is set to NULL and len to 0.
670 // If headers is not NULL, the headers will be parsed, and if
671 // allow_const_cast is true, the body will be temporarily modified
672 // while parsing the headers. Otherwise header lines are copied to
673 // a local string.
674 //
675 // Returns true only when a blank line ('\r\n' only) has been seen.
676 // Returns false if an error occurs before then.
677 //
678 // Factored out from both HTTPParser::Parse and HTTPUtils::ExtractBody
679 // ----------------------------------------------------------------------
692 // doc bodies can be empty
698 // After this loop runs, line_end will point to the \r of a
699 // line-ending \r\n pair or be NULL if there isn't one.
708 }
709 }
711 // doc ends while still in headers?
717 // this statement was different in HTTPParser::Parse(), so we
718 // use the return value to set body = content within Parse()
721 }
723 }
727 // If we haven't seen any headers and there's a \n before the \r,
728 // the first \r must not have ended a header line.
734 }
738 // If the checks in this block fail, do not try to fix them here.
739 // Something upstream almost certainly went past the end of the
740 // headers and we're confused now.
746 }
750 // First header line AND no colon means that it's (hopefully!) a status
751 // response line.
759 num_headers++;
760 }
761 }
763 // If we are actually recording the first line, there are a few
764 // more validity checks in this AddResponseFirstLine
766 num_headers--;
767 }
772 }
777 // This line should be a header line.
778 // Temporarily terminate the line and use SetHeaderFromLine.
785 // Can't use const_cast so we copy the line to a temporary string
789 }
790 }
791 }
794 }
795 }
797 // ----------------------------------------------------------------------
798 // HTTPUtils::ExtractBody()
799 // On entrance to this function, body and bodylen point to a document.
800 // At the end, body points past the http headers for this document;
801 // it stays unchanged if there don't seem to be any headers. bodylen
802 // is adjusted accordingly. Body need not be nul-terminated.
803 // If we have an error parsing, body is set to NULL and len to 0.
804 // TODO: make sure this function supports header continuation lines.
805 // ----------------------------------------------------------------------
809 }