hsts.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. ***************************************************************************/
  22. /*
  23. * The Strict-Transport-Security header is defined in RFC 6797:
  24. * https://tools.ietf.org/html/rfc6797
  25. */
  26. #include "curl_setup.h"
  27. #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
  28. #include <curl/curl.h>
  29. #include "urldata.h"
  30. #include "llist.h"
  31. #include "hsts.h"
  32. #include "curl_get_line.h"
  33. #include "strcase.h"
  34. #include "sendf.h"
  35. #include "strtoofft.h"
  36. #include "parsedate.h"
  37. #include "rand.h"
  38. #include "rename.h"
  39. #include "strtoofft.h"
  40. /* The last 3 #include files should be in this order */
  41. #include "curl_printf.h"
  42. #include "curl_memory.h"
  43. #include "memdebug.h"
  44. #define MAX_HSTS_LINE 4095
  45. #define MAX_HSTS_HOSTLEN 256
  46. #define MAX_HSTS_HOSTLENSTR "256"
  47. #define MAX_HSTS_DATELEN 64
  48. #define MAX_HSTS_DATELENSTR "64"
  49. #define UNLIMITED "unlimited"
  50. #ifdef DEBUGBUILD
  51. /* to play well with debug builds, we can *set* a fixed time this will
  52. return */
  53. time_t deltatime; /* allow for "adjustments" for unit test purposes */
  54. static time_t debugtime(void *unused)
  55. {
  56. char *timestr = getenv("CURL_TIME");
  57. (void)unused;
  58. if(timestr) {
  59. curl_off_t val;
  60. (void)curlx_strtoofft(timestr, NULL, 10, &val);
  61. val += (curl_off_t)deltatime;
  62. return (time_t)val;
  63. }
  64. return time(NULL);
  65. }
  66. #define time(x) debugtime(x)
  67. #endif
  68. struct hsts *Curl_hsts_init(void)
  69. {
  70. struct hsts *h = calloc(sizeof(struct hsts), 1);
  71. if(h) {
  72. Curl_llist_init(&h->list, NULL);
  73. }
  74. return h;
  75. }
  76. static void hsts_free(struct stsentry *e)
  77. {
  78. free((char *)e->host);
  79. free(e);
  80. }
  81. void Curl_hsts_cleanup(struct hsts **hp)
  82. {
  83. struct hsts *h = *hp;
  84. if(h) {
  85. struct Curl_llist_element *e;
  86. struct Curl_llist_element *n;
  87. for(e = h->list.head; e; e = n) {
  88. struct stsentry *sts = e->ptr;
  89. n = e->next;
  90. hsts_free(sts);
  91. }
  92. free(h->filename);
  93. free(h);
  94. *hp = NULL;
  95. }
  96. }
  97. static struct stsentry *hsts_entry(void)
  98. {
  99. return calloc(sizeof(struct stsentry), 1);
  100. }
  101. static CURLcode hsts_create(struct hsts *h,
  102. const char *hostname,
  103. bool subdomains,
  104. curl_off_t expires)
  105. {
  106. struct stsentry *sts = hsts_entry();
  107. if(!sts)
  108. return CURLE_OUT_OF_MEMORY;
  109. sts->expires = expires;
  110. sts->includeSubDomains = subdomains;
  111. sts->host = strdup(hostname);
  112. if(!sts->host) {
  113. free(sts);
  114. return CURLE_OUT_OF_MEMORY;
  115. }
  116. Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
  117. return CURLE_OK;
  118. }
  119. CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
  120. const char *header)
  121. {
  122. const char *p = header;
  123. curl_off_t expires = 0;
  124. bool gotma = FALSE;
  125. bool gotinc = FALSE;
  126. bool subdomains = FALSE;
  127. struct stsentry *sts;
  128. time_t now = time(NULL);
  129. if(Curl_host_is_ipnum(hostname))
  130. /* "explicit IP address identification of all forms is excluded."
  131. / RFC 6797 */
  132. return CURLE_OK;
  133. do {
  134. while(*p && ISSPACE(*p))
  135. p++;
  136. if(Curl_strncasecompare("max-age=", p, 8)) {
  137. bool quoted = FALSE;
  138. CURLofft offt;
  139. char *endp;
  140. if(gotma)
  141. return CURLE_BAD_FUNCTION_ARGUMENT;
  142. p += 8;
  143. while(*p && ISSPACE(*p))
  144. p++;
  145. if(*p == '\"') {
  146. p++;
  147. quoted = TRUE;
  148. }
  149. offt = curlx_strtoofft(p, &endp, 10, &expires);
  150. if(offt == CURL_OFFT_FLOW)
  151. expires = CURL_OFF_T_MAX;
  152. else if(offt)
  153. /* invalid max-age */
  154. return CURLE_BAD_FUNCTION_ARGUMENT;
  155. p = endp;
  156. if(quoted) {
  157. if(*p != '\"')
  158. return CURLE_BAD_FUNCTION_ARGUMENT;
  159. p++;
  160. }
  161. gotma = TRUE;
  162. }
  163. else if(Curl_strncasecompare("includesubdomains", p, 17)) {
  164. if(gotinc)
  165. return CURLE_BAD_FUNCTION_ARGUMENT;
  166. subdomains = TRUE;
  167. p += 17;
  168. gotinc = TRUE;
  169. }
  170. else {
  171. /* unknown directive, do a lame attempt to skip */
  172. while(*p && (*p != ';'))
  173. p++;
  174. }
  175. while(*p && ISSPACE(*p))
  176. p++;
  177. if(*p == ';')
  178. p++;
  179. } while (*p);
  180. if(!gotma)
  181. /* max-age is mandatory */
  182. return CURLE_BAD_FUNCTION_ARGUMENT;
  183. if(!expires) {
  184. /* remove the entry if present verbatim (without subdomain match) */
  185. sts = Curl_hsts(h, hostname, FALSE);
  186. if(sts) {
  187. Curl_llist_remove(&h->list, &sts->node, NULL);
  188. hsts_free(sts);
  189. }
  190. return CURLE_OK;
  191. }
  192. if(CURL_OFF_T_MAX - now < expires)
  193. /* would overflow, use maximum value */
  194. expires = CURL_OFF_T_MAX;
  195. else
  196. expires += now;
  197. /* check if it already exists */
  198. sts = Curl_hsts(h, hostname, FALSE);
  199. if(sts) {
  200. /* just update these fields */
  201. sts->expires = expires;
  202. sts->includeSubDomains = subdomains;
  203. }
  204. else
  205. return hsts_create(h, hostname, subdomains, expires);
  206. return CURLE_OK;
  207. }
  208. /*
  209. * Return TRUE if the given host name is currently an HSTS one.
  210. *
  211. * The 'subdomain' argument tells the function if subdomain matching should be
  212. * attempted.
  213. */
  214. struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
  215. bool subdomain)
  216. {
  217. if(h) {
  218. time_t now = time(NULL);
  219. size_t hlen = strlen(hostname);
  220. struct Curl_llist_element *e;
  221. struct Curl_llist_element *n;
  222. for(e = h->list.head; e; e = n) {
  223. struct stsentry *sts = e->ptr;
  224. n = e->next;
  225. if(sts->expires <= now) {
  226. /* remove expired entries */
  227. Curl_llist_remove(&h->list, &sts->node, NULL);
  228. hsts_free(sts);
  229. continue;
  230. }
  231. if(subdomain && sts->includeSubDomains) {
  232. size_t ntail = strlen(sts->host);
  233. if(ntail < hlen) {
  234. size_t offs = hlen - ntail;
  235. if((hostname[offs-1] == '.') &&
  236. Curl_strncasecompare(&hostname[offs], sts->host, ntail))
  237. return sts;
  238. }
  239. }
  240. if(Curl_strcasecompare(hostname, sts->host))
  241. return sts;
  242. }
  243. }
  244. return NULL; /* no match */
  245. }
  246. /*
  247. * Send this HSTS entry to the write callback.
  248. */
  249. static CURLcode hsts_push(struct Curl_easy *data,
  250. struct curl_index *i,
  251. struct stsentry *sts,
  252. bool *stop)
  253. {
  254. struct curl_hstsentry e;
  255. CURLSTScode sc;
  256. struct tm stamp;
  257. CURLcode result;
  258. e.name = (char *)sts->host;
  259. e.namelen = strlen(sts->host);
  260. e.includeSubDomains = sts->includeSubDomains;
  261. if(sts->expires != TIME_T_MAX) {
  262. result = Curl_gmtime((time_t)sts->expires, &stamp);
  263. if(result)
  264. return result;
  265. msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d",
  266. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  267. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  268. }
  269. else
  270. strcpy(e.expire, UNLIMITED);
  271. sc = data->set.hsts_write(data, &e, i,
  272. data->set.hsts_write_userp);
  273. *stop = (sc != CURLSTS_OK);
  274. return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
  275. }
  276. /*
  277. * Write this single hsts entry to a single output line
  278. */
  279. static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
  280. {
  281. struct tm stamp;
  282. if(sts->expires != TIME_T_MAX) {
  283. CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
  284. if(result)
  285. return result;
  286. fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n",
  287. sts->includeSubDomains ? ".": "", sts->host,
  288. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  289. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  290. }
  291. else
  292. fprintf(fp, "%s%s \"%s\"\n",
  293. sts->includeSubDomains ? ".": "", sts->host, UNLIMITED);
  294. return CURLE_OK;
  295. }
  296. /*
  297. * Curl_https_save() writes the HSTS cache to file and callback.
  298. */
  299. CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
  300. const char *file)
  301. {
  302. struct Curl_llist_element *e;
  303. struct Curl_llist_element *n;
  304. CURLcode result = CURLE_OK;
  305. FILE *out;
  306. char *tempstore;
  307. unsigned char randsuffix[9];
  308. if(!h)
  309. /* no cache activated */
  310. return CURLE_OK;
  311. /* if no new name is given, use the one we stored from the load */
  312. if(!file && h->filename)
  313. file = h->filename;
  314. if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0])
  315. /* marked as read-only, no file or zero length file name */
  316. goto skipsave;
  317. if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
  318. return CURLE_FAILED_INIT;
  319. tempstore = aprintf("%s.%s.tmp", file, randsuffix);
  320. if(!tempstore)
  321. return CURLE_OUT_OF_MEMORY;
  322. out = fopen(tempstore, FOPEN_WRITETEXT);
  323. if(!out)
  324. result = CURLE_WRITE_ERROR;
  325. else {
  326. fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
  327. "# This file was generated by libcurl! Edit at your own risk.\n",
  328. out);
  329. for(e = h->list.head; e; e = n) {
  330. struct stsentry *sts = e->ptr;
  331. n = e->next;
  332. result = hsts_out(sts, out);
  333. if(result)
  334. break;
  335. }
  336. fclose(out);
  337. if(!result && Curl_rename(tempstore, file))
  338. result = CURLE_WRITE_ERROR;
  339. if(result)
  340. unlink(tempstore);
  341. }
  342. free(tempstore);
  343. skipsave:
  344. if(data->set.hsts_write) {
  345. /* if there's a write callback */
  346. struct curl_index i; /* count */
  347. i.total = h->list.size;
  348. i.index = 0;
  349. for(e = h->list.head; e; e = n) {
  350. struct stsentry *sts = e->ptr;
  351. bool stop;
  352. n = e->next;
  353. result = hsts_push(data, &i, sts, &stop);
  354. if(result || stop)
  355. break;
  356. i.index++;
  357. }
  358. }
  359. return result;
  360. }
  361. /* only returns SERIOUS errors */
  362. static CURLcode hsts_add(struct hsts *h, char *line)
  363. {
  364. /* Example lines:
  365. example.com "20191231 10:00:00"
  366. .example.net "20191231 10:00:00"
  367. */
  368. char host[MAX_HSTS_HOSTLEN + 1];
  369. char date[MAX_HSTS_DATELEN + 1];
  370. int rc;
  371. rc = sscanf(line,
  372. "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"",
  373. host, date);
  374. if(2 == rc) {
  375. time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
  376. TIME_T_MAX;
  377. CURLcode result;
  378. char *p = host;
  379. bool subdomain = FALSE;
  380. if(p[0] == '.') {
  381. p++;
  382. subdomain = TRUE;
  383. }
  384. result = hsts_create(h, p, subdomain, expires);
  385. if(result)
  386. return result;
  387. }
  388. return CURLE_OK;
  389. }
  390. /*
  391. * Load HSTS data from callback.
  392. *
  393. */
  394. static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
  395. {
  396. /* if the HSTS read callback is set, use it */
  397. if(data->set.hsts_read) {
  398. CURLSTScode sc;
  399. DEBUGASSERT(h);
  400. do {
  401. char buffer[257];
  402. struct curl_hstsentry e;
  403. e.name = buffer;
  404. e.namelen = sizeof(buffer)-1;
  405. e.includeSubDomains = FALSE; /* default */
  406. e.expire[0] = 0;
  407. e.name[0] = 0; /* just to make it clean */
  408. sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp);
  409. if(sc == CURLSTS_OK) {
  410. time_t expires;
  411. CURLcode result;
  412. if(!e.name[0])
  413. /* bail out if no name was stored */
  414. return CURLE_BAD_FUNCTION_ARGUMENT;
  415. if(e.expire[0])
  416. expires = Curl_getdate_capped(e.expire);
  417. else
  418. expires = TIME_T_MAX; /* the end of time */
  419. result = hsts_create(h, e.name,
  420. /* bitfield to bool conversion: */
  421. e.includeSubDomains ? TRUE : FALSE,
  422. expires);
  423. if(result)
  424. return result;
  425. }
  426. else if(sc == CURLSTS_FAIL)
  427. return CURLE_ABORTED_BY_CALLBACK;
  428. } while(sc == CURLSTS_OK);
  429. }
  430. return CURLE_OK;
  431. }
  432. /*
  433. * Load the HSTS cache from the given file. The text based line-oriented file
  434. * format is documented here:
  435. * https://github.com/curl/curl/wiki/HSTS
  436. *
  437. * This function only returns error on major problems that prevent hsts
  438. * handling to work completely. It will ignore individual syntactical errors
  439. * etc.
  440. */
  441. static CURLcode hsts_load(struct hsts *h, const char *file)
  442. {
  443. CURLcode result = CURLE_OK;
  444. char *line = NULL;
  445. FILE *fp;
  446. /* we need a private copy of the file name so that the hsts cache file
  447. name survives an easy handle reset */
  448. free(h->filename);
  449. h->filename = strdup(file);
  450. if(!h->filename)
  451. return CURLE_OUT_OF_MEMORY;
  452. fp = fopen(file, FOPEN_READTEXT);
  453. if(fp) {
  454. line = malloc(MAX_HSTS_LINE);
  455. if(!line)
  456. goto fail;
  457. while(Curl_get_line(line, MAX_HSTS_LINE, fp)) {
  458. char *lineptr = line;
  459. while(*lineptr && ISBLANK(*lineptr))
  460. lineptr++;
  461. if(*lineptr == '#')
  462. /* skip commented lines */
  463. continue;
  464. hsts_add(h, lineptr);
  465. }
  466. free(line); /* free the line buffer */
  467. fclose(fp);
  468. }
  469. return result;
  470. fail:
  471. Curl_safefree(h->filename);
  472. fclose(fp);
  473. return CURLE_OUT_OF_MEMORY;
  474. }
  475. /*
  476. * Curl_hsts_loadfile() loads HSTS from file
  477. */
  478. CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
  479. struct hsts *h, const char *file)
  480. {
  481. DEBUGASSERT(h);
  482. (void)data;
  483. return hsts_load(h, file);
  484. }
  485. /*
  486. * Curl_hsts_loadcb() loads HSTS from callback
  487. */
  488. CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
  489. {
  490. if(h)
  491. return hsts_pull(data, h);
  492. return CURLE_OK;
  493. }
  494. #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */