search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
tog: fix log view search infinite loop
[got-portable.git] / gotwebd / fcgi.c
blobfc9087208b069caaf128a3857cdb21b5a13fc4cf
1 /*
2 * Copyright (c) 2020-2022 Tracey Emery <tracey@traceyemery.net>
3 * Copyright (c) 2013 David Gwynne <dlg@openbsd.org>
4 * Copyright (c) 2013 Florian Obser <florian@openbsd.org>
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 #include "got_compat.h"
20
21 #include <arpa/inet.h>
22 #include <sys/queue.h>
23 #include <sys/socket.h>
24 #include <sys/types.h>
25 #include <sys/uio.h>
26
27 #include <errno.h>
28 #include <event.h>
29 #include <imsg.h>
30 #include <stdarg.h>
31 #include <stdlib.h>
32 #include <stdio.h>
33 #include <string.h>
34 #include <time.h>
35 #include <unistd.h>
36
37 #include "got_error.h"
38 #include "got_reference.h"
39
40 #include "proc.h"
41 #include "gotwebd.h"
42 #include "tmpl.h"
43
44 size_t fcgi_parse_record(uint8_t *, size_t, struct request *);
45 void fcgi_parse_begin_request(uint8_t *, uint16_t, struct request *,
46 uint16_t);
47 void fcgi_parse_params(uint8_t *, uint16_t, struct request *, uint16_t);
48 int fcgi_send_response(struct request *, int, const void *, size_t);
49
50 void dump_fcgi_record_header(const char *, struct fcgi_record_header *);
51 void dump_fcgi_begin_request_body(const char *,
52 struct fcgi_begin_request_body *);
53 void dump_fcgi_end_request_body(const char *,
54 struct fcgi_end_request_body *);
55
56 extern int cgi_inflight;
57 extern volatile int client_cnt;
58
59 void
60 fcgi_request(int fd, short events, void *arg)
61 {
62 struct request *c = arg;
63 ssize_t n;
64 size_t parsed = 0;
65
66 n = read(fd, c->buf + c->buf_pos + c->buf_len,
67 FCGI_RECORD_SIZE - c->buf_pos-c->buf_len);
68
69 switch (n) {
70 case -1:
71 switch (errno) {
72 case EINTR:
73 case EAGAIN:
74 return;
75 default:
76 goto fail;
77 }
78 break;
79
80 case 0:
81 log_debug("closed connection");
82 goto fail;
83 default:
84 break;
85 }
86
87 c->buf_len += n;
88
89 /*
90 * Parse the records as they are received. Per the FastCGI
91 * specification, the server need only receive the FastCGI
92 * parameter records in full; it is free to begin execution
93 * at that point, which is what happens here.
94 */
95 do {
96 parsed = fcgi_parse_record(c->buf + c->buf_pos, c->buf_len, c);
97 if (parsed != 0) {
98 c->buf_pos += parsed;
99 c->buf_len -= parsed;
100 }
101
102 /* drop the parsed record */
103 if (parsed != 0 && c->buf_len > 0) {
104 bcopy(c->buf + c->buf_pos, c->buf, c->buf_len);
105 c->buf_pos = 0;
106 }
107 } while (parsed > 0 && c->buf_len > 0);
108
109 return;
110 fail:
111 fcgi_cleanup_request(c);
112 }
113
114 size_t
115 fcgi_parse_record(uint8_t *buf, size_t n, struct request *c)
116 {
117 struct fcgi_record_header *h;
118
119 if (n < sizeof(struct fcgi_record_header))
120 return 0;
121
122 h = (struct fcgi_record_header*) buf;
123
124 dump_fcgi_record("", h);
125
126 if (n < sizeof(struct fcgi_record_header) + ntohs(h->content_len)
127 + h->padding_len)
128 return 0;
129
130 if (h->version != 1)
131 log_warn("wrong version");
132
133 switch (h->type) {
134 case FCGI_BEGIN_REQUEST:
135 fcgi_parse_begin_request(buf +
136 sizeof(struct fcgi_record_header),
137 ntohs(h->content_len), c, ntohs(h->id));
138 break;
139 case FCGI_PARAMS:
140 fcgi_parse_params(buf + sizeof(struct fcgi_record_header),
141 ntohs(h->content_len), c, ntohs(h->id));
142 break;
143 case FCGI_STDIN:
144 case FCGI_ABORT_REQUEST:
145 if (c->sock->client_status != CLIENT_DISCONNECT &&
146 c->outbuf_len != 0) {
147 fcgi_send_response(c, FCGI_STDOUT, c->outbuf,
148 c->outbuf_len);
149 }
150
151 fcgi_create_end_record(c);
152 fcgi_cleanup_request(c);
153 return 0;
154 default:
155 log_warn("unimplemented type %d", h->type);
156 break;
157 }
158
159 return (sizeof(struct fcgi_record_header) + ntohs(h->content_len)
160 + h->padding_len);
161 }
162
163 void
164 fcgi_parse_begin_request(uint8_t *buf, uint16_t n,
165 struct request *c, uint16_t id)
166 {
167 /* XXX -- FCGI_CANT_MPX_CONN */
168 if (c->request_started) {
169 log_warn("unexpected FCGI_BEGIN_REQUEST, ignoring");
170 return;
171 }
172
173 if (n != sizeof(struct fcgi_begin_request_body)) {
174 log_warn("wrong size %d != %lu", n,
175 sizeof(struct fcgi_begin_request_body));
176 return;
177 }
178
179 c->request_started = 1;
180 c->id = id;
181 }
182
183 void
184 fcgi_parse_params(uint8_t *buf, uint16_t n, struct request *c, uint16_t id)
185 {
186 uint32_t name_len, val_len;
187 uint8_t *val;
188
189 if (!c->request_started) {
190 log_warn("FCGI_PARAMS without FCGI_BEGIN_REQUEST, ignoring");
191 return;
192 }
193
194 if (c->id != id) {
195 log_warn("unexpected id, ignoring");
196 return;
197 }
198
199 if (n == 0) {
200 gotweb_process_request(c);
201 return;
202 }
203
204 while (n > 0) {
205 if (buf[0] >> 7 == 0) {
206 name_len = buf[0];
207 n--;
208 buf++;
209 } else {
210 if (n > 3) {
211 name_len = ((buf[0] & 0x7f) << 24) +
212 (buf[1] << 16) + (buf[2] << 8) + buf[3];
213 n -= 4;
214 buf += 4;
215 } else
216 return;
217 }
218
219 if (n == 0)
220 return;
221
222 if (buf[0] >> 7 == 0) {
223 val_len = buf[0];
224 n--;
225 buf++;
226 } else {
227 if (n > 3) {
228 val_len = ((buf[0] & 0x7f) << 24) +
229 (buf[1] << 16) + (buf[2] << 8) +
230 buf[3];
231 n -= 4;
232 buf += 4;
233 } else
234 return;
235 }
236
237 if (n < name_len + val_len)
238 return;
239
240 val = buf + name_len;
241
242 if (c->querystring[0] == '\0' &&
243 val_len < MAX_QUERYSTRING &&
244 name_len == 12 &&
245 strncmp(buf, "QUERY_STRING", 12) == 0) {
246 memcpy(c->querystring, val, val_len);
247 c->querystring[val_len] = '\0';
248 }
249
250 if (c->document_uri[0] == '\0' &&
251 val_len < MAX_DOCUMENT_URI &&
252 name_len == 12 &&
253 strncmp(buf, "DOCUMENT_URI", 12) == 0) {
254 memcpy(c->document_uri, val, val_len);
255 c->document_uri[val_len] = '\0';
256 }
257
258 if (c->server_name[0] == '\0' &&
259 val_len < MAX_SERVER_NAME &&
260 name_len == 11 &&
261 strncmp(buf, "SERVER_NAME", 11) == 0) {
262 memcpy(c->server_name, val, val_len);
263 c->server_name[val_len] = '\0';
264 }
265
266 if (name_len == 5 &&
267 strncmp(buf, "HTTPS", 5) == 0)
268 c->https = 1;
269
270 buf += name_len + val_len;
271 n -= name_len - val_len;
272 }
273 }
274
275 void
276 fcgi_timeout(int fd, short events, void *arg)
277 {
278 fcgi_cleanup_request((struct request*) arg);
279 }
280
281 int
282 fcgi_puts(struct template *tp, const char *str)
283 {
284 if (str == NULL)
285 return 0;
286 return fcgi_gen_binary_response(tp->tp_arg, str, strlen(str));
287 }
288
289 int
290 fcgi_putc(struct template *tp, int ch)
291 {
292 uint8_t c = ch;
293 return fcgi_gen_binary_response(tp->tp_arg, &c, 1);
294 }
295
296 int
297 fcgi_vprintf(struct request *c, const char *fmt, va_list ap)
298 {
299 char *str;
300 int r;
301
302 r = vasprintf(&str, fmt, ap);
303 if (r == -1) {
304 log_warn("%s: asprintf", __func__);
305 return -1;
306 }
307
308 r = fcgi_gen_binary_response(c, str, r);
309 free(str);
310 return r;
311 }
312
313 int
314 fcgi_printf(struct request *c, const char *fmt, ...)
315 {
316 va_list ap;
317 int r;
318
319 va_start(ap, fmt);
320 r = fcgi_vprintf(c, fmt, ap);
321 va_end(ap);
322
323 return r;
324 }
325
326 int
327 fcgi_gen_binary_response(struct request *c, const uint8_t *data, int len)
328 {
329 int r;
330
331 if (c->sock->client_status == CLIENT_DISCONNECT)
332 return -1;
333
334 if (data == NULL || len == 0)
335 return 0;
336
337 /*
338 * special case: send big replies -like blobs- directly
339 * without copying.
340 */
341 if (len > sizeof(c->outbuf)) {
342 if (c->outbuf_len > 0) {
343 fcgi_send_response(c, FCGI_STDOUT,
344 c->outbuf, c->outbuf_len);
345 c->outbuf_len = 0;
346 }
347 return fcgi_send_response(c, FCGI_STDOUT, data, len);
348 }
349
350 if (len < sizeof(c->outbuf) - c->outbuf_len) {
351 memcpy(c->outbuf + c->outbuf_len, data, len);
352 c->outbuf_len += len;
353 return 0;
354 }
355
356 r = fcgi_send_response(c, FCGI_STDOUT, c->outbuf, c->outbuf_len);
357 if (r == -1)
358 return -1;
359
360 memcpy(c->outbuf, data, len);
361 c->outbuf_len = len;
362 return 0;
363 }
364
365 static int
366 send_response(struct request *c, int type, const uint8_t *data,
367 size_t len)
368 {
369 static const uint8_t padding[FCGI_PADDING_SIZE];
370 struct fcgi_record_header header;
371 struct iovec iov[3];
372 struct timespec ts;
373 ssize_t nw;
374 size_t padded_len, tot;
375 int i, err = 0, th = 2000;
376
377 ts.tv_sec = 0;
378 ts.tv_nsec = 50;
379
380 memset(&header, 0, sizeof(header));
381 header.version = 1;
382 header.type = type;
383 header.id = htons(c->id);
384 header.content_len = htons(len);
385
386 /* The FastCGI spec suggests to align the output buffer */
387 tot = sizeof(header) + len;
388 padded_len = FCGI_ALIGN(tot);
389 if (padded_len > tot) {
390 header.padding_len = padded_len - tot;
391 tot += header.padding_len;
392 }
393
394 iov[0].iov_base = &header;
395 iov[0].iov_len = sizeof(header);
396
397 iov[1].iov_base = (void *)data;
398 iov[1].iov_len = len;
399
400 iov[2].iov_base = (void *)padding;
401 iov[2].iov_len = header.padding_len;
402
403 dump_fcgi_record("resp ", &header);
404
405 /*
406 * XXX: add some simple write heuristics here
407 * On slower VMs, spotty connections, etc., we don't want to go right to
408 * disconnect. Let's at least try to write the data a few times before
409 * giving up.
410 */
411 while (tot > 0) {
412 nw = writev(c->fd, iov, nitems(iov));
413 if (nw == 0) {
414 c->sock->client_status = CLIENT_DISCONNECT;
415 break;
416 }
417 if (nw == -1) {
418 err++;
419 if (errno == EAGAIN && err < th) {
420 nanosleep(&ts, NULL);
421 continue;
422 }
423 log_debug("%s: write failure: %s", __func__,
424 strerror(errno));
425 c->sock->client_status = CLIENT_DISCONNECT;
426 return -1;
427 }
428
429 if (nw != tot)
430 log_debug("%s: partial write: %zu vs %zu", __func__,
431 nw, tot);
432
433 tot -= nw;
434 for (i = 0; i < nitems(iov); ++i) {
435 if (nw < iov[i].iov_len) {
436 iov[i].iov_base += nw;
437 iov[i].iov_len -= nw;
438 break;
439 }
440 nw -= iov[i].iov_len;
441 iov[i].iov_len = 0;
442 }
443 }
444
445 return 0;
446 }
447
448 int
449 fcgi_send_response(struct request *c, int type, const void *data,
450 size_t len)
451 {
452 if (c->sock->client_status == CLIENT_DISCONNECT)
453 return -1;
454
455 while (len > FCGI_CONTENT_SIZE) {
456 if (send_response(c, type, data, len) == -1)
457 return -1;
458
459 data += FCGI_CONTENT_SIZE;
460 len -= FCGI_CONTENT_SIZE;
461 }
462
463 if (len == 0)
464 return 0;
465
466 return send_response(c, type, data, len);
467 }
468
469 void
470 fcgi_create_end_record(struct request *c)
471 {
472 struct fcgi_end_request_body end_request;
473
474 memset(&end_request, 0, sizeof(end_request));
475 end_request.app_status = htonl(0); /* script status */
476 end_request.protocol_status = FCGI_REQUEST_COMPLETE;
477
478 fcgi_send_response(c, FCGI_END_REQUEST, &end_request,
479 sizeof(end_request));
480 }
481
482 void
483 fcgi_cleanup_request(struct request *c)
484 {
485 cgi_inflight--;
486 client_cnt--;
487
488 evtimer_del(&c->tmo);
489 if (event_initialized(&c->ev))
490 event_del(&c->ev);
491
492 close(c->fd);
493 template_free(c->tp);
494 if (c->t != NULL)
495 gotweb_free_transport(c->t);
496 free(c);
497 }
498
499 void
500 dump_fcgi_record(const char *p, struct fcgi_record_header *h)
501 {
502 dump_fcgi_record_header(p, h);
503
504 if (h->type == FCGI_BEGIN_REQUEST)
505 dump_fcgi_begin_request_body(p,
506 (struct fcgi_begin_request_body *)(h + 1));
507 else if (h->type == FCGI_END_REQUEST)
508 dump_fcgi_end_request_body(p,
509 (struct fcgi_end_request_body *)(h + 1));
510 }
511
512 void
513 dump_fcgi_record_header(const char* p, struct fcgi_record_header *h)
514 {
515 log_debug("%sversion: %d", p, h->version);
516 log_debug("%stype: %d", p, h->type);
517 log_debug("%srequestId: %d", p, ntohs(h->id));
518 log_debug("%scontentLength: %d", p, ntohs(h->content_len));
519 log_debug("%spaddingLength: %d", p, h->padding_len);
520 log_debug("%sreserved: %d", p, h->reserved);
521 }
522
523 void
524 dump_fcgi_begin_request_body(const char *p, struct fcgi_begin_request_body *b)
525 {
526 log_debug("%srole %d", p, ntohs(b->role));
527 log_debug("%sflags %d", p, b->flags);
528 }
529
530 void
531 dump_fcgi_end_request_body(const char *p, struct fcgi_end_request_body *b)
532 {
533 log_debug("%sappStatus: %d", p, ntohl(b->app_status));
534 log_debug("%sprotocolStatus: %d", p, b->protocol_status);
535 }
portable version of Game of Trees