search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "TODO epan/dissectors/asn1/kerberos/packet-kerberos-template.c new GSS flags"
[wireshark-sm.git] / epan / req_resp_hdrs.c
blobed1a4e4545d9be2ba4c608ef6520c02041e841be
1 /* req_resp_hdrs.c
2 * Routines handling protocols with a request/response line, headers,
3 * a blank line, and an optional body.
4 *
5 * Wireshark - Network traffic analyzer
6 * By Gerald Combs <gerald@wireshark.org>
7 * Copyright 1998 Gerald Combs
8 *
9 * SPDX-License-Identifier: GPL-2.0-or-later
10 */
11
12 #include "config.h"
13
14 #include <glib.h>
15 #include <stdio.h>
16 #include <string.h>
17
18 #include <epan/packet.h>
19 #include <epan/strutil.h>
20 #include <wsutil/strtoi.h>
21
22 #include <epan/req_resp_hdrs.h>
23
24 /*
25 * Optionally do reassembly of the request/response line, headers, and body.
26 */
27 bool
28 req_resp_hdrs_do_reassembly(tvbuff_t *tvb, const int offset, packet_info *pinfo,
29 const bool desegment_headers, const bool desegment_body,
30 bool desegment_until_fin, int *last_chunk_offset,
31 dissector_table_t streaming_subdissector_table, dissector_handle_t *streaming_chunk_handle)
32 {
33 int next_offset = offset;
34 int next_offset_sav;
35 int length_remaining, reported_length_remaining;
36 int linelen;
37 char *header_val;
38 int content_length;
39 bool content_length_found = false;
40 bool content_type_found = false;
41 bool chunked_encoding = false;
42 char *line;
43 char *content_type = NULL;
44 dissector_handle_t streaming_handle = NULL;
45 bool streaming_chunk_mode = false;
46
47 DISSECTOR_ASSERT_HINT((streaming_subdissector_table && streaming_chunk_handle)
48 || (streaming_subdissector_table == NULL && streaming_chunk_handle == NULL),
49 "The streaming_subdissector_table and streaming_chunk_handle arguments must "
50 "be both given or both NULL.");
51
52 /* Check whether the first line is the beginning of a chunk.
53 * If it is the beginning of a chunk, we assume we are working
54 * in streaming chunk mode. The headers of HTTP request or response
55 * and at least one chunk should have been dissected in the previous
56 * packets and now we are processing subsequent chunks.
57 */
58 if (desegment_body && streaming_subdissector_table
59 && starts_with_chunk_size(tvb, offset, pinfo)) {
60 streaming_chunk_mode = true;
61 }
62
63 /*
64 * Do header desegmentation if we've been told to.
65 *
66 * RFC 2616 defines HTTP messages as being either of the
67 * Request or the Response type
68 * (HTTP-message = Request | Response).
69 * Request and Response are defined as:
70 * Request = Request-Line
71 * *(( general-header
72 * | request-header
73 * | entity-header ) CRLF)
74 * CRLF
75 * [ message-body ]
76 * Response = Status-Line
77 * *(( general-header
78 * | response-header
79 * | entity-header ) CRLF)
80 * CRLF
81 * [ message-body ]
82 * that's why we can always assume two consecutive line
83 * endings (we allow CR, LF, or CRLF, as some clients
84 * or servers might not use a full CRLF) to mark the end
85 * of the headers. The worst thing that would happen
86 * otherwise would be the packet not being desegmented
87 * or being interpreted as only headers.
88 *
89 * RFC 2326 says RTSP works the same way; RFC 3261 says SIP
90 * works the same way.
91 */
92
93 /*
94 * If header desegmentation is activated, check that all
95 * headers are in this tvbuff (search for an empty line
96 * marking end of headers) or request one more byte (we
97 * don't know how many bytes we'll need, so we just ask
98 * for one).
99 *
100 * If tvb starts with chunk size, then we just ignore headers parsing.
101 */
102 if (!streaming_chunk_mode
103 && desegment_headers && pinfo->can_desegment) {
104 for (;;) {
105 next_offset_sav = next_offset;
106
107 reported_length_remaining =
108 tvb_reported_length_remaining(tvb, next_offset);
109
110 /*
111 * Request one more byte if there're no
112 * bytes left in the reported data (if there're
113 * bytes left in the reported data, but not in
114 * the available data, requesting more bytes
115 * won't help, as those bytes weren't captured).
116 */
117 if (reported_length_remaining < 1) {
118 pinfo->desegment_offset = offset;
119 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
120 return false;
121 }
122
123 length_remaining = tvb_captured_length_remaining(tvb,
124 next_offset);
125
126 /*
127 * Request one more byte if we cannot find a
128 * header (i.e. a line end).
129 */
130 linelen = tvb_find_line_end(tvb, next_offset,
131 length_remaining, &next_offset, true);
132 if (linelen == -1 &&
133 length_remaining >= reported_length_remaining) {
134 /*
135 * Not enough data; ask for one more
136 * byte.
137 */
138 pinfo->desegment_offset = offset;
139 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
140 return false;
141 }
142
143 if (linelen == 0) {
144 /*
145 * We found the end of the headers.
146 */
147 break;
148 }
149
150 /*
151 * Is this a Content-Length or Transfer-Encoding
152 * header? If not, it either means that we are in
153 * a different header line, or that we are
154 * at the end of the headers, or that there
155 * isn't enough data; the two latter cases
156 * have already been handled above.
157 */
158 if (desegment_body) {
159 /* Optimization to avoid fetching the whole (potentially very long)
160 * line and doing expensive string comparisons if the first
161 * character doesn't match. Shaves about 20% off the load time of
162 * one of my sample files that's HTTP-alike. */
163 unsigned char first_byte = tvb_get_uint8(tvb, next_offset_sav);
164 if (! (first_byte == 'c' || first_byte == 'C' ||
165 first_byte == 't' || first_byte == 'T')) {
166 continue;
167 }
168
169 /*
170 * Check if we've found Content-Length.
171 */
172 line = tvb_get_string_enc(pinfo->pool, tvb, next_offset_sav, linelen, ENC_UTF_8|ENC_NA);
173 if (g_ascii_strncasecmp(line, "Content-Length:", 15) == 0) {
174 /* SSTP sets 2^64 as length, but does not really have such a
175 * large payload. Since the current tvb APIs are limited to
176 * 2^31-1 bytes, ignore large values we cannot handle. */
177 header_val = g_strstrip(line + 15);
178 if (ws_strtoi32(header_val, NULL, &content_length) && content_length >= 0)
179 content_length_found = true;
180 } else if (g_ascii_strncasecmp(line, "Content-Type:", 13) == 0) {
181 content_type_found = true;
182 content_type = line+13;
183 while (*content_type == ' ') {
184 content_type++;
185 }
186 g_strchomp(content_type);
187 if (streaming_subdissector_table) {
188 streaming_handle = dissector_get_string_handle(streaming_subdissector_table, content_type);
189 }
190 } else if (g_ascii_strncasecmp( line, "Transfer-Encoding:", 18) == 0) {
191 /*
192 * Find out if this Transfer-Encoding is
193 * chunked. It should be, since the
194 * other types aren't really used, but
195 * RFC 7230 defines some.
196 * (RFC 3261 says "chunked" MUST NOT be
197 * used for SIP, and RFCs 2326 and 7826
198 * say the same for RTSP, but handle it
199 * anyway.)
200 */
201 char *p;
202 unsigned len;
203
204 header_val = line+18;
205 p = header_val;
206 len = (unsigned) strlen(header_val);
207 /* Skip white space */
208 while (p < header_val + len &&
209 (*p == ' ' || *p == '\t'))
210 p++;
211 if (p <= header_val + len) {
212 if (g_ascii_strncasecmp(p, "chunked", 7)
213 == 0) {
214 /*
215 * Don't bother looking
216 * for extensions;
217 * since we don't
218 * understand them,
219 * they should be
220 * ignored.
221 */
222 chunked_encoding = true;
223 }
224 }
225 }
226 }
227 }
228 }
229
230 if (streaming_chunk_mode) {
231 /* the tvb starts with chunk size without HTTP headers */
232 chunked_encoding = true;
233 } else if (desegment_body && chunked_encoding && streaming_handle && streaming_chunk_handle) {
234 streaming_chunk_mode = true;
235 *streaming_chunk_handle = streaming_handle;
236 }
237
238 /*
239 * The above loop ends when we reached the end of the headers, so
240 * there should be content_length bytes after the 4 terminating bytes
241 * and next_offset points to after the end of the headers.
242 *
243 * XXX: If desegment_headers is false but desegment_body is true,
244 * then for HTTP Responses we will always set to DESEGMENT_UNTIL_FIN,
245 * which is probably not what we want.
246 */
247 if (desegment_body) {
248 if (chunked_encoding) {
249 /*
250 * This data is chunked, so we need to keep pulling
251 * data until we reach the end of the stream, or a
252 * zero sized chunk.
253 *
254 * But if streaming_chunk_mode is true,
255 * we will just pull one more chunk if the end of
256 * this tvb is in middle of a chunk. Because we want
257 * to dissect chunks with subdissector as soon as
258 * possible.
259 *
260 * XXX
261 * This doesn't bother with trailing headers; I don't
262 * think they are really used, and we'd have to use
263 * is_http_request_or_reply() to determine if it was
264 * a trailing header, or the start of a new response.
265 */
266 bool done_chunking = false;
267 if (last_chunk_offset != NULL && *last_chunk_offset) {
268 next_offset = offset + *last_chunk_offset;
269 }
270
271 while (!done_chunking) {
272 unsigned chunk_size = 0;
273 int chunk_offset = 0;
274 char *chunk_string = NULL;
275 char *c = NULL;
276
277 reported_length_remaining =
278 tvb_reported_length_remaining(tvb,
279 next_offset);
280
281 if (reported_length_remaining == 0 && streaming_chunk_mode) {
282 return true;
283 }
284
285 if (reported_length_remaining < 1) {
286 pinfo->desegment_offset = offset;
287 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
288 return false;
289 }
290
291 length_remaining = tvb_captured_length_remaining(tvb,
292 next_offset);
293
294 linelen = tvb_find_line_end(tvb, next_offset,
295 length_remaining, &chunk_offset, true);
296
297 if (linelen == -1 &&
298 length_remaining >=
299 reported_length_remaining) {
300 pinfo->desegment_offset = offset;
301 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
302 return false;
303 }
304
305 /* We have a line with the chunk size in it.*/
306
307 /* Save off the offset so we can skip this work next time.
308 * Use a relative offset, because we might call this
309 * with a different offset with a reassembled tvb.
310 */
311 if (last_chunk_offset != NULL) {
312 *last_chunk_offset = next_offset - offset;
313 }
314
315 chunk_string = tvb_get_string_enc(pinfo->pool, tvb, next_offset,
316 linelen, ENC_ASCII);
317 c = chunk_string;
318
319 /*
320 * We don't care about the extensions (including optional
321 * BWS, see RFC 9112 7.1.1)
322 */
323 if ((c = strpbrk(c, "; \t"))) {
324 *c = '\0';
325 }
326
327 if (!ws_hexstrtou32(chunk_string, NULL, &chunk_size)) {
328 /* We couldn't get the chunk size,
329 * so stop trying.
330 */
331 return true;
332 }
333 if (chunk_size > 1U<<31) {
334 /* Chunk size is unreasonable. */
335 /* XXX What /is/ reasonable? */
336 return true;
337 }
338
339 if (chunk_size == 0) {
340 /*
341 * This is the last chunk. Let's pull in the
342 * trailing CRLF.
343 */
344 linelen = tvb_find_line_end(tvb,
345 chunk_offset, length_remaining, &chunk_offset, true);
346
347 if (linelen == -1 &&
348 length_remaining >=
349 reported_length_remaining) {
350 pinfo->desegment_offset = offset;
351 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
352 return false;
353 }
354
355 pinfo->desegment_offset = chunk_offset;
356 pinfo->desegment_len = 0;
357 done_chunking = true;
358 } else {
359 /*
360 * Skip to the next chunk if we
361 * already have it
362 */
363 if (reported_length_remaining >
364 (int) chunk_size) {
365
366 next_offset = chunk_offset
367 + chunk_size + 2;
368 } else {
369 /*
370 * Fetch this chunk, plus the
371 * trailing CRLF.
372 */
373 if (streaming_chunk_mode) {
374 int size_remaining = chunk_size + linelen + 4 - reported_length_remaining;
375 if (size_remaining == 0) {
376 return true;
377 } else {
378 pinfo->desegment_offset = offset;
379 pinfo->desegment_len = size_remaining;
380 return false;
381 }
382 } else {
383 pinfo->desegment_offset = offset;
384 pinfo->desegment_len = DESEGMENT_ONE_MORE_SEGMENT;
385 return false;
386 }
387 }
388 }
389
390 }
391 } else if (content_length_found) {
392 if (content_length >= 128*1024) { /* MS-RPCH stipulate that the content-length must be between 128K and 2G */
393 char *tmp;
394 if (content_type_found &&
395 strncmp(content_type, "application/rpc", 15) == 0) {
396 /* It looks like a RPC_IN_DATA request or a RPC_OUT_DATA response
397 * in which the content-length is meaningless
398 */
399 return true;
400 }
401 /* Following sizeof will return the length of the string + \0 we need to not count it*/
402 tmp = tvb_get_string_enc(pinfo->pool, tvb, 0, sizeof("RPC_OUT_DATA") - 1, ENC_ASCII);
403 if ((strncmp(tmp, "RPC_IN_DATA", sizeof("RPC_IN_DATA") - 1) == 0) ||
404 (strncmp(tmp, "RPC_OUT_DATA", sizeof("RPC_OUT_DATA") - 1) == 0)) {
405 return true;
406 }
407 }
408 /* next_offset has been set to the end of the headers */
409 if (!tvb_bytes_exist(tvb, next_offset, content_length)) {
410 length_remaining = tvb_captured_length_remaining(tvb,
411 next_offset);
412 reported_length_remaining =
413 tvb_reported_length_remaining(tvb, next_offset);
414 if (length_remaining < reported_length_remaining) {
415 /*
416 * It's a waste of time asking for more
417 * data, because that data wasn't captured.
418 */
419 return true;
420 }
421 if (length_remaining == -1)
422 length_remaining = 0;
423 pinfo->desegment_offset = offset;
424 pinfo->desegment_len =
425 content_length - length_remaining;
426 return false;
427 }
428 } else if (desegment_until_fin && pinfo->can_desegment) {
429 /*
430 * No Content-Length nor Transfer-Encoding headers are
431 * found. For HTTP requests, there is definitely no
432 * body (case 6 of RFC 7230, Section 3.3.3.). For HTTP
433 * responses, the message body length runs until the end
434 * of the connection (case 7).
435 *
436 * Protocols like RTSP treat absence of Content-Length
437 * as 0, so do not request more segments either.
438 */
439 length_remaining = tvb_captured_length_remaining(tvb, next_offset);
440 reported_length_remaining = tvb_reported_length_remaining(tvb, next_offset);
441 if (length_remaining < reported_length_remaining) {
442 /*
443 * It's a waste of time asking for more
444 * data, because that data wasn't captured.
445 */
446 return true;
447 }
448
449 pinfo->desegment_offset = offset;
450 pinfo->desegment_len = DESEGMENT_UNTIL_FIN;
451
452 return false;
453 }
454
455 }
456
457 /*
458 * No further desegmentation needed.
459 */
460 return true;
461 }
462
463 /*
464 * Editor modelines - https://www.wireshark.org/tools/modelines.html
465 *
466 * Local variables:
467 * c-basic-offset: 8
468 * tab-width: 8
469 * indent-tabs-mode: t
470 * End:
471 *
472 * vi: set shiftwidth=8 tabstop=8 noexpandtab:
473 * :indentSize=8:tabSize=8:noTabs=false:
474 */
Metzes wireshark repo