--- embedaddon/lighttpd/src/http-header-glue.c 2013/10/14 10:32:48 1.1.1.1 +++ embedaddon/lighttpd/src/http-header-glue.c 2016/11/02 10:35:00 1.1.1.2 @@ -1,9 +1,13 @@ +#include "first.h" + #include "base.h" #include "array.h" #include "buffer.h" #include "log.h" #include "etag.h" +#include "http_chunk.h" #include "response.h" +#include "stat_cache.h" #include #include @@ -123,9 +127,9 @@ int http_response_redirect_to_directory(server *srv, c o = buffer_init(); - buffer_copy_string_buffer(o, con->uri.scheme); + buffer_copy_buffer(o, con->uri.scheme); buffer_append_string_len(o, CONST_STR_LEN("://")); - if (con->uri.authority->used) { + if (!buffer_is_empty(con->uri.authority)) { buffer_append_string_buffer(o, con->uri.authority); } else { /* get the name of the currently connected socket */ @@ -138,7 +142,8 @@ int http_response_redirect_to_directory(server *srv, c our_addr_len = sizeof(our_addr); - if (-1 == getsockname(con->fd, &(our_addr.plain), &our_addr_len)) { + if (-1 == getsockname(con->fd, (struct sockaddr *)&our_addr, &our_addr_len) + || our_addr_len > (socklen_t)sizeof(our_addr)) { con->http_status = 500; log_error_write(srv, __FILE__, __LINE__, "ss", @@ -163,9 +168,11 @@ int http_response_redirect_to_directory(server *srv, c "SSS", "NOTICE: getnameinfo failed: ", strerror(errno), ", using ip-address instead"); + buffer_append_string_len(o, CONST_STR_LEN("[")); buffer_append_string(o, inet_ntop(AF_INET6, (char *)&our_addr.ipv6.sin6_addr, dst, sizeof(dst))); + buffer_append_string_len(o, CONST_STR_LEN("]")); } else { buffer_append_string(o, hbuf); } @@ -197,13 +204,13 @@ int http_response_redirect_to_directory(server *srv, c } if (default_port != srv->srvconf.port) { buffer_append_string_len(o, CONST_STR_LEN(":")); - buffer_append_long(o, srv->srvconf.port); + buffer_append_int(o, srv->srvconf.port); } } } - buffer_append_string_buffer(o, con->uri.path); + buffer_append_string_encoded(o, CONST_BUF_LEN(con->uri.path), ENCODING_REL_URI); buffer_append_string_len(o, CONST_STR_LEN("/")); - if (!buffer_is_empty(con->uri.query)) { + if (!buffer_string_is_empty(con->uri.query)) { buffer_append_string_len(o, CONST_STR_LEN("?")); buffer_append_string_buffer(o, con->uri.query); } @@ -235,19 +242,20 @@ buffer * strftime_cache_get(server *srv, time_t last_m } srv->mtime_cache[i].mtime = last_mod; - buffer_prepare_copy(srv->mtime_cache[i].str, 1024); + buffer_string_prepare_copy(srv->mtime_cache[i].str, 1023); tm = gmtime(&(srv->mtime_cache[i].mtime)); - srv->mtime_cache[i].str->used = strftime(srv->mtime_cache[i].str->ptr, - srv->mtime_cache[i].str->size - 1, - "%a, %d %b %Y %H:%M:%S GMT", tm); - srv->mtime_cache[i].str->used++; + buffer_append_strftime(srv->mtime_cache[i].str, "%a, %d %b %Y %H:%M:%S GMT", tm); return srv->mtime_cache[i].str; } int http_response_handle_cachable(server *srv, connection *con, buffer *mtime) { + int head_or_get = + ( HTTP_METHOD_GET == con->request.http_method + || HTTP_METHOD_HEAD == con->request.http_method); UNUSED(srv); + /* * 14.26 If-None-Match * [...] @@ -258,12 +266,12 @@ int http_response_handle_cachable(server *srv, connect * return a 304 (Not Modified) response. */ - /* last-modified handling */ if (con->request.http_if_none_match) { - if (etag_is_equal(con->physical.etag, con->request.http_if_none_match)) { - if (con->request.http_method == HTTP_METHOD_GET || - con->request.http_method == HTTP_METHOD_HEAD) { - + /* use strong etag checking for now: weak comparison must not be used + * for ranged requests + */ + if (etag_is_equal(con->physical.etag, con->request.http_if_none_match, 0)) { + if (head_or_get) { con->http_status = 304; return HANDLER_FINISHED; } else { @@ -272,9 +280,8 @@ int http_response_handle_cachable(server *srv, connect return HANDLER_FINISHED; } } - } else if (con->request.http_if_modified_since && - (con->request.http_method == HTTP_METHOD_GET || - con->request.http_method == HTTP_METHOD_HEAD)) { + } else if (con->request.http_if_modified_since && head_or_get) { + /* last-modified handling */ size_t used_len; char *semicolon; @@ -319,4 +326,437 @@ int http_response_handle_cachable(server *srv, connect } return HANDLER_GO_ON; +} + + +static int http_response_parse_range(server *srv, connection *con, buffer *path, stat_cache_entry *sce) { + int multipart = 0; + int error; + off_t start, end; + const char *s, *minus; + char *boundary = "fkj49sn38dcn3"; + data_string *ds; + buffer *content_type = NULL; + + start = 0; + end = sce->st.st_size - 1; + + con->response.content_length = 0; + + if (NULL != (ds = (data_string *)array_get_element(con->response.headers, "Content-Type"))) { + content_type = ds->value; + } + + for (s = con->request.http_range, error = 0; + !error && *s && NULL != (minus = strchr(s, '-')); ) { + char *err; + off_t la, le; + + if (s == minus) { + /* - */ + + le = strtoll(s, &err, 10); + + if (le == 0) { + /* RFC 2616 - 14.35.1 */ + + con->http_status = 416; + error = 1; + } else if (*err == '\0') { + /* end */ + s = err; + + end = sce->st.st_size - 1; + start = sce->st.st_size + le; + } else if (*err == ',') { + multipart = 1; + s = err + 1; + + end = sce->st.st_size - 1; + start = sce->st.st_size + le; + } else { + error = 1; + } + + } else if (*(minus+1) == '\0' || *(minus+1) == ',') { + /* - */ + + la = strtoll(s, &err, 10); + + if (err == minus) { + /* ok */ + + if (*(err + 1) == '\0') { + s = err + 1; + + end = sce->st.st_size - 1; + start = la; + + } else if (*(err + 1) == ',') { + multipart = 1; + s = err + 2; + + end = sce->st.st_size - 1; + start = la; + } else { + error = 1; + } + } else { + /* error */ + error = 1; + } + } else { + /* - */ + + la = strtoll(s, &err, 10); + + if (err == minus) { + le = strtoll(minus+1, &err, 10); + + /* RFC 2616 - 14.35.1 */ + if (la > le) { + error = 1; + } + + if (*err == '\0') { + /* ok, end*/ + s = err; + + end = le; + start = la; + } else if (*err == ',') { + multipart = 1; + s = err + 1; + + end = le; + start = la; + } else { + /* error */ + + error = 1; + } + } else { + /* error */ + + error = 1; + } + } + + if (!error) { + if (start < 0) start = 0; + + /* RFC 2616 - 14.35.1 */ + if (end > sce->st.st_size - 1) end = sce->st.st_size - 1; + + if (start > sce->st.st_size - 1) { + error = 1; + + con->http_status = 416; + } + } + + if (!error) { + if (multipart) { + /* write boundary-header */ + buffer *b = buffer_init(); + + buffer_copy_string_len(b, CONST_STR_LEN("\r\n--")); + buffer_append_string(b, boundary); + + /* write Content-Range */ + buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Range: bytes ")); + buffer_append_int(b, start); + buffer_append_string_len(b, CONST_STR_LEN("-")); + buffer_append_int(b, end); + buffer_append_string_len(b, CONST_STR_LEN("/")); + buffer_append_int(b, sce->st.st_size); + + buffer_append_string_len(b, CONST_STR_LEN("\r\nContent-Type: ")); + buffer_append_string_buffer(b, content_type); + + /* write END-OF-HEADER */ + buffer_append_string_len(b, CONST_STR_LEN("\r\n\r\n")); + + con->response.content_length += buffer_string_length(b); + chunkqueue_append_buffer(con->write_queue, b); + buffer_free(b); + } + + chunkqueue_append_file(con->write_queue, path, start, end - start + 1); + con->response.content_length += end - start + 1; + } + } + + /* something went wrong */ + if (error) return -1; + + if (multipart) { + /* add boundary end */ + buffer *b = buffer_init(); + + buffer_copy_string_len(b, "\r\n--", 4); + buffer_append_string(b, boundary); + buffer_append_string_len(b, "--\r\n", 4); + + con->response.content_length += buffer_string_length(b); + chunkqueue_append_buffer(con->write_queue, b); + buffer_free(b); + + /* set header-fields */ + + buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("multipart/byteranges; boundary=")); + buffer_append_string(srv->tmp_buf, boundary); + + /* overwrite content-type */ + response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(srv->tmp_buf)); + } else { + /* add Content-Range-header */ + + buffer_copy_string_len(srv->tmp_buf, CONST_STR_LEN("bytes ")); + buffer_append_int(srv->tmp_buf, start); + buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("-")); + buffer_append_int(srv->tmp_buf, end); + buffer_append_string_len(srv->tmp_buf, CONST_STR_LEN("/")); + buffer_append_int(srv->tmp_buf, sce->st.st_size); + + response_header_insert(srv, con, CONST_STR_LEN("Content-Range"), CONST_BUF_LEN(srv->tmp_buf)); + } + + /* ok, the file is set-up */ + return 0; +} + + +void http_response_send_file (server *srv, connection *con, buffer *path) { + stat_cache_entry *sce = NULL; + buffer *mtime = NULL; + data_string *ds; + int allow_caching = (0 == con->http_status || 200 == con->http_status); + + if (HANDLER_ERROR == stat_cache_get_entry(srv, con, path, &sce)) { + con->http_status = (errno == ENOENT) ? 404 : 403; + + log_error_write(srv, __FILE__, __LINE__, "sbsb", + "not a regular file:", con->uri.path, + "->", path); + + return; + } + + /* we only handline regular files */ +#ifdef HAVE_LSTAT + if ((sce->is_symlink == 1) && !con->conf.follow_symlink) { + con->http_status = 403; + + if (con->conf.log_request_handling) { + log_error_write(srv, __FILE__, __LINE__, "s", "-- access denied due symlink restriction"); + log_error_write(srv, __FILE__, __LINE__, "sb", "Path :", path); + } + + return; + } +#endif + if (!S_ISREG(sce->st.st_mode)) { + con->http_status = 403; + + if (con->conf.log_file_not_found) { + log_error_write(srv, __FILE__, __LINE__, "sbsb", + "not a regular file:", con->uri.path, + "->", sce->name); + } + + return; + } + + /* mod_compress might set several data directly, don't overwrite them */ + + /* set response content-type, if not set already */ + + if (NULL == array_get_element(con->response.headers, "Content-Type")) { + if (buffer_string_is_empty(sce->content_type)) { + /* we are setting application/octet-stream, but also announce that + * this header field might change in the seconds few requests + * + * This should fix the aggressive caching of FF and the script download + * seen by the first installations + */ + response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_STR_LEN("application/octet-stream")); + + allow_caching = 0; + } else { + response_header_overwrite(srv, con, CONST_STR_LEN("Content-Type"), CONST_BUF_LEN(sce->content_type)); + } + } + + if (con->conf.range_requests) { + response_header_overwrite(srv, con, CONST_STR_LEN("Accept-Ranges"), CONST_STR_LEN("bytes")); + } + + if (allow_caching) { + if (con->etag_flags != 0 && !buffer_string_is_empty(sce->etag)) { + if (NULL == array_get_element(con->response.headers, "ETag")) { + /* generate e-tag */ + etag_mutate(con->physical.etag, sce->etag); + + response_header_overwrite(srv, con, CONST_STR_LEN("ETag"), CONST_BUF_LEN(con->physical.etag)); + } + } + + /* prepare header */ + if (NULL == (ds = (data_string *)array_get_element(con->response.headers, "Last-Modified"))) { + mtime = strftime_cache_get(srv, sce->st.st_mtime); + response_header_overwrite(srv, con, CONST_STR_LEN("Last-Modified"), CONST_BUF_LEN(mtime)); + } else { + mtime = ds->value; + } + + if (HANDLER_FINISHED == http_response_handle_cachable(srv, con, mtime)) { + return; + } + } + + if (con->request.http_range && con->conf.range_requests + && (200 == con->http_status || 0 == con->http_status) + && NULL == array_get_element(con->response.headers, "Content-Encoding")) { + int do_range_request = 1; + /* check if we have a conditional GET */ + + if (NULL != (ds = (data_string *)array_get_element(con->request.headers, "If-Range"))) { + /* if the value is the same as our ETag, we do a Range-request, + * otherwise a full 200 */ + + if (ds->value->ptr[0] == '"') { + /** + * client wants a ETag + */ + if (!con->physical.etag) { + do_range_request = 0; + } else if (!buffer_is_equal(ds->value, con->physical.etag)) { + do_range_request = 0; + } + } else if (!mtime) { + /** + * we don't have a Last-Modified and can match the If-Range: + * + * sending all + */ + do_range_request = 0; + } else if (!buffer_is_equal(ds->value, mtime)) { + do_range_request = 0; + } + } + + if (do_range_request) { + /* content prepared, I'm done */ + con->file_finished = 1; + + if (0 == http_response_parse_range(srv, con, path, sce)) { + con->http_status = 206; + } + return; + } + } + + /* if we are still here, prepare body */ + + /* we add it here for all requests + * the HEAD request will drop it afterwards again + */ + if (0 == sce->st.st_size || 0 == http_chunk_append_file(srv, con, path)) { + con->http_status = 200; + con->file_finished = 1; + } else { + con->http_status = 403; + } +} + +void http_response_xsendfile (server *srv, connection *con, buffer *path, const array *xdocroot) { + const int status = con->http_status; + int valid = 1; + + con->file_started = 1; + + /* reset Content-Length, if set by backend + * Content-Length might later be set to size of X-Sendfile static file, + * determined by open(), fstat() to reduces race conditions if the file + * is modified between stat() (stat_cache_get_entry()) and open(). */ + if (con->parsed_response & HTTP_CONTENT_LENGTH) { + data_string *ds = (data_string *) array_get_element(con->response.headers, "Content-Length"); + if (ds) buffer_reset(ds->value); + con->parsed_response &= ~HTTP_CONTENT_LENGTH; + con->response.content_length = -1; + } + + buffer_urldecode_path(path); + buffer_path_simplify(path, path); + if (con->conf.force_lowercase_filenames) { + buffer_to_lower(path); + } + + /* check that path is under xdocroot(s) + * - xdocroot should have trailing slash appended at config time + * - con->conf.force_lowercase_filenames is not a server-wide setting, + * and so can not be definitively applied to xdocroot at config time*/ + if (xdocroot->used) { + size_t i, xlen = buffer_string_length(path); + for (i = 0; i < xdocroot->used; ++i) { + data_string *ds = (data_string *)xdocroot->data[i]; + size_t dlen = buffer_string_length(ds->value); + if (dlen <= xlen + && (!con->conf.force_lowercase_filenames + ? 0 == memcmp(path->ptr, ds->value->ptr, dlen) + : 0 == strncasecmp(path->ptr, ds->value->ptr, dlen))) { + break; + } + } + if (i == xdocroot->used) { + log_error_write(srv, __FILE__, __LINE__, "SBs", + "X-Sendfile (", path, + ") not under configured x-sendfile-docroot(s)"); + con->http_status = 403; + valid = 0; + } + } + + if (valid) http_response_send_file(srv, con, path); + + if (con->http_status >= 400 && status < 300) { + con->mode = DIRECT; + } else if (0 != status && 200 != status) { + con->http_status = status; + } +} + +void http_response_backend_error (server *srv, connection *con) { + UNUSED(srv); + if (con->file_started) { + /*(response might have been already started, kill the connection)*/ + /*(mode == DIRECT to avoid later call to http_response_backend_done())*/ + con->mode = DIRECT; /*(avoid sending final chunked block)*/ + con->keep_alive = 0; /*(no keep-alive; final chunked block not sent)*/ + con->file_finished = 1; + } /*(else error status set later by http_response_backend_done())*/ +} + +void http_response_backend_done (server *srv, connection *con) { + /* (not CON_STATE_ERROR and not CON_STATE_RESPONSE_END, + * i.e. not called from handle_connection_close or connection_reset + * hooks, except maybe from errdoc handler, which later resets state)*/ + switch (con->state) { + case CON_STATE_HANDLE_REQUEST: + case CON_STATE_READ_POST: + if (!con->file_started) { + /* Send an error if we haven't sent any data yet */ + con->http_status = 500; + con->mode = DIRECT; + break; + } /* else fall through */ + case CON_STATE_WRITE: + if (!con->file_finished) { + http_chunk_close(srv, con); + con->file_finished = 1; + } + default: + break; + } }