2
0

hsts.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. /*
  25. * The Strict-Transport-Security header is defined in RFC 6797:
  26. * https://datatracker.ietf.org/doc/html/rfc6797
  27. */
  28. #include "curl_setup.h"
  29. #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
  30. #include <curl/curl.h>
  31. #include "urldata.h"
  32. #include "llist.h"
  33. #include "hsts.h"
  34. #include "curl_get_line.h"
  35. #include "strcase.h"
  36. #include "sendf.h"
  37. #include "strtoofft.h"
  38. #include "parsedate.h"
  39. #include "fopen.h"
  40. #include "rename.h"
  41. #include "strtoofft.h"
  42. /* The last 3 #include files should be in this order */
  43. #include "curl_printf.h"
  44. #include "curl_memory.h"
  45. #include "memdebug.h"
  46. #define MAX_HSTS_LINE 4095
  47. #define MAX_HSTS_HOSTLEN 256
  48. #define MAX_HSTS_HOSTLENSTR "256"
  49. #define MAX_HSTS_DATELEN 64
  50. #define MAX_HSTS_DATELENSTR "64"
  51. #define UNLIMITED "unlimited"
  52. #ifdef DEBUGBUILD
  53. /* to play well with debug builds, we can *set* a fixed time this will
  54. return */
  55. time_t deltatime; /* allow for "adjustments" for unit test purposes */
  56. static time_t debugtime(void *unused)
  57. {
  58. char *timestr = getenv("CURL_TIME");
  59. (void)unused;
  60. if(timestr) {
  61. curl_off_t val;
  62. (void)curlx_strtoofft(timestr, NULL, 10, &val);
  63. val += (curl_off_t)deltatime;
  64. return (time_t)val;
  65. }
  66. return time(NULL);
  67. }
  68. #define time(x) debugtime(x)
  69. #endif
  70. struct hsts *Curl_hsts_init(void)
  71. {
  72. struct hsts *h = calloc(sizeof(struct hsts), 1);
  73. if(h) {
  74. Curl_llist_init(&h->list, NULL);
  75. }
  76. return h;
  77. }
  78. static void hsts_free(struct stsentry *e)
  79. {
  80. free((char *)e->host);
  81. free(e);
  82. }
  83. void Curl_hsts_cleanup(struct hsts **hp)
  84. {
  85. struct hsts *h = *hp;
  86. if(h) {
  87. struct Curl_llist_element *e;
  88. struct Curl_llist_element *n;
  89. for(e = h->list.head; e; e = n) {
  90. struct stsentry *sts = e->ptr;
  91. n = e->next;
  92. hsts_free(sts);
  93. }
  94. free(h->filename);
  95. free(h);
  96. *hp = NULL;
  97. }
  98. }
  99. static struct stsentry *hsts_entry(void)
  100. {
  101. return calloc(sizeof(struct stsentry), 1);
  102. }
  103. static CURLcode hsts_create(struct hsts *h,
  104. const char *hostname,
  105. bool subdomains,
  106. curl_off_t expires)
  107. {
  108. struct stsentry *sts = hsts_entry();
  109. char *duphost;
  110. size_t hlen;
  111. if(!sts)
  112. return CURLE_OUT_OF_MEMORY;
  113. duphost = strdup(hostname);
  114. if(!duphost) {
  115. free(sts);
  116. return CURLE_OUT_OF_MEMORY;
  117. }
  118. hlen = strlen(duphost);
  119. if(duphost[hlen - 1] == '.')
  120. /* strip off trailing any dot */
  121. duphost[--hlen] = 0;
  122. sts->host = duphost;
  123. sts->expires = expires;
  124. sts->includeSubDomains = subdomains;
  125. Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
  126. return CURLE_OK;
  127. }
  128. CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
  129. const char *header)
  130. {
  131. const char *p = header;
  132. curl_off_t expires = 0;
  133. bool gotma = FALSE;
  134. bool gotinc = FALSE;
  135. bool subdomains = FALSE;
  136. struct stsentry *sts;
  137. time_t now = time(NULL);
  138. if(Curl_host_is_ipnum(hostname))
  139. /* "explicit IP address identification of all forms is excluded."
  140. / RFC 6797 */
  141. return CURLE_OK;
  142. do {
  143. while(*p && ISBLANK(*p))
  144. p++;
  145. if(Curl_strncasecompare("max-age=", p, 8)) {
  146. bool quoted = FALSE;
  147. CURLofft offt;
  148. char *endp;
  149. if(gotma)
  150. return CURLE_BAD_FUNCTION_ARGUMENT;
  151. p += 8;
  152. while(*p && ISBLANK(*p))
  153. p++;
  154. if(*p == '\"') {
  155. p++;
  156. quoted = TRUE;
  157. }
  158. offt = curlx_strtoofft(p, &endp, 10, &expires);
  159. if(offt == CURL_OFFT_FLOW)
  160. expires = CURL_OFF_T_MAX;
  161. else if(offt)
  162. /* invalid max-age */
  163. return CURLE_BAD_FUNCTION_ARGUMENT;
  164. p = endp;
  165. if(quoted) {
  166. if(*p != '\"')
  167. return CURLE_BAD_FUNCTION_ARGUMENT;
  168. p++;
  169. }
  170. gotma = TRUE;
  171. }
  172. else if(Curl_strncasecompare("includesubdomains", p, 17)) {
  173. if(gotinc)
  174. return CURLE_BAD_FUNCTION_ARGUMENT;
  175. subdomains = TRUE;
  176. p += 17;
  177. gotinc = TRUE;
  178. }
  179. else {
  180. /* unknown directive, do a lame attempt to skip */
  181. while(*p && (*p != ';'))
  182. p++;
  183. }
  184. while(*p && ISBLANK(*p))
  185. p++;
  186. if(*p == ';')
  187. p++;
  188. } while (*p);
  189. if(!gotma)
  190. /* max-age is mandatory */
  191. return CURLE_BAD_FUNCTION_ARGUMENT;
  192. if(!expires) {
  193. /* remove the entry if present verbatim (without subdomain match) */
  194. sts = Curl_hsts(h, hostname, FALSE);
  195. if(sts) {
  196. Curl_llist_remove(&h->list, &sts->node, NULL);
  197. hsts_free(sts);
  198. }
  199. return CURLE_OK;
  200. }
  201. if(CURL_OFF_T_MAX - now < expires)
  202. /* would overflow, use maximum value */
  203. expires = CURL_OFF_T_MAX;
  204. else
  205. expires += now;
  206. /* check if it already exists */
  207. sts = Curl_hsts(h, hostname, FALSE);
  208. if(sts) {
  209. /* just update these fields */
  210. sts->expires = expires;
  211. sts->includeSubDomains = subdomains;
  212. }
  213. else
  214. return hsts_create(h, hostname, subdomains, expires);
  215. return CURLE_OK;
  216. }
  217. /*
  218. * Return TRUE if the given host name is currently an HSTS one.
  219. *
  220. * The 'subdomain' argument tells the function if subdomain matching should be
  221. * attempted.
  222. */
  223. struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
  224. bool subdomain)
  225. {
  226. if(h) {
  227. char buffer[MAX_HSTS_HOSTLEN + 1];
  228. time_t now = time(NULL);
  229. size_t hlen = strlen(hostname);
  230. struct Curl_llist_element *e;
  231. struct Curl_llist_element *n;
  232. if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
  233. return NULL;
  234. memcpy(buffer, hostname, hlen);
  235. if(hostname[hlen-1] == '.')
  236. /* remove the trailing dot */
  237. --hlen;
  238. buffer[hlen] = 0;
  239. hostname = buffer;
  240. for(e = h->list.head; e; e = n) {
  241. struct stsentry *sts = e->ptr;
  242. n = e->next;
  243. if(sts->expires <= now) {
  244. /* remove expired entries */
  245. Curl_llist_remove(&h->list, &sts->node, NULL);
  246. hsts_free(sts);
  247. continue;
  248. }
  249. if(subdomain && sts->includeSubDomains) {
  250. size_t ntail = strlen(sts->host);
  251. if(ntail < hlen) {
  252. size_t offs = hlen - ntail;
  253. if((hostname[offs-1] == '.') &&
  254. Curl_strncasecompare(&hostname[offs], sts->host, ntail))
  255. return sts;
  256. }
  257. }
  258. if(Curl_strcasecompare(hostname, sts->host))
  259. return sts;
  260. }
  261. }
  262. return NULL; /* no match */
  263. }
  264. /*
  265. * Send this HSTS entry to the write callback.
  266. */
  267. static CURLcode hsts_push(struct Curl_easy *data,
  268. struct curl_index *i,
  269. struct stsentry *sts,
  270. bool *stop)
  271. {
  272. struct curl_hstsentry e;
  273. CURLSTScode sc;
  274. struct tm stamp;
  275. CURLcode result;
  276. e.name = (char *)sts->host;
  277. e.namelen = strlen(sts->host);
  278. e.includeSubDomains = sts->includeSubDomains;
  279. if(sts->expires != TIME_T_MAX) {
  280. result = Curl_gmtime((time_t)sts->expires, &stamp);
  281. if(result)
  282. return result;
  283. msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d",
  284. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  285. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  286. }
  287. else
  288. strcpy(e.expire, UNLIMITED);
  289. sc = data->set.hsts_write(data, &e, i,
  290. data->set.hsts_write_userp);
  291. *stop = (sc != CURLSTS_OK);
  292. return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
  293. }
  294. /*
  295. * Write this single hsts entry to a single output line
  296. */
  297. static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
  298. {
  299. struct tm stamp;
  300. if(sts->expires != TIME_T_MAX) {
  301. CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
  302. if(result)
  303. return result;
  304. fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n",
  305. sts->includeSubDomains ? ".": "", sts->host,
  306. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  307. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  308. }
  309. else
  310. fprintf(fp, "%s%s \"%s\"\n",
  311. sts->includeSubDomains ? ".": "", sts->host, UNLIMITED);
  312. return CURLE_OK;
  313. }
  314. /*
  315. * Curl_https_save() writes the HSTS cache to file and callback.
  316. */
  317. CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
  318. const char *file)
  319. {
  320. struct Curl_llist_element *e;
  321. struct Curl_llist_element *n;
  322. CURLcode result = CURLE_OK;
  323. FILE *out;
  324. char *tempstore = NULL;
  325. if(!h)
  326. /* no cache activated */
  327. return CURLE_OK;
  328. /* if no new name is given, use the one we stored from the load */
  329. if(!file && h->filename)
  330. file = h->filename;
  331. if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0])
  332. /* marked as read-only, no file or zero length file name */
  333. goto skipsave;
  334. result = Curl_fopen(data, file, &out, &tempstore);
  335. if(!result) {
  336. fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
  337. "# This file was generated by libcurl! Edit at your own risk.\n",
  338. out);
  339. for(e = h->list.head; e; e = n) {
  340. struct stsentry *sts = e->ptr;
  341. n = e->next;
  342. result = hsts_out(sts, out);
  343. if(result)
  344. break;
  345. }
  346. fclose(out);
  347. if(!result && tempstore && Curl_rename(tempstore, file))
  348. result = CURLE_WRITE_ERROR;
  349. if(result && tempstore)
  350. unlink(tempstore);
  351. }
  352. free(tempstore);
  353. skipsave:
  354. if(data->set.hsts_write) {
  355. /* if there's a write callback */
  356. struct curl_index i; /* count */
  357. i.total = h->list.size;
  358. i.index = 0;
  359. for(e = h->list.head; e; e = n) {
  360. struct stsentry *sts = e->ptr;
  361. bool stop;
  362. n = e->next;
  363. result = hsts_push(data, &i, sts, &stop);
  364. if(result || stop)
  365. break;
  366. i.index++;
  367. }
  368. }
  369. return result;
  370. }
  371. /* only returns SERIOUS errors */
  372. static CURLcode hsts_add(struct hsts *h, char *line)
  373. {
  374. /* Example lines:
  375. example.com "20191231 10:00:00"
  376. .example.net "20191231 10:00:00"
  377. */
  378. char host[MAX_HSTS_HOSTLEN + 1];
  379. char date[MAX_HSTS_DATELEN + 1];
  380. int rc;
  381. rc = sscanf(line,
  382. "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"",
  383. host, date);
  384. if(2 == rc) {
  385. time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
  386. TIME_T_MAX;
  387. CURLcode result;
  388. char *p = host;
  389. bool subdomain = FALSE;
  390. if(p[0] == '.') {
  391. p++;
  392. subdomain = TRUE;
  393. }
  394. result = hsts_create(h, p, subdomain, expires);
  395. if(result)
  396. return result;
  397. }
  398. return CURLE_OK;
  399. }
  400. /*
  401. * Load HSTS data from callback.
  402. *
  403. */
  404. static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
  405. {
  406. /* if the HSTS read callback is set, use it */
  407. if(data->set.hsts_read) {
  408. CURLSTScode sc;
  409. DEBUGASSERT(h);
  410. do {
  411. char buffer[MAX_HSTS_HOSTLEN + 1];
  412. struct curl_hstsentry e;
  413. e.name = buffer;
  414. e.namelen = sizeof(buffer)-1;
  415. e.includeSubDomains = FALSE; /* default */
  416. e.expire[0] = 0;
  417. e.name[0] = 0; /* just to make it clean */
  418. sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp);
  419. if(sc == CURLSTS_OK) {
  420. time_t expires;
  421. CURLcode result;
  422. if(!e.name[0])
  423. /* bail out if no name was stored */
  424. return CURLE_BAD_FUNCTION_ARGUMENT;
  425. if(e.expire[0])
  426. expires = Curl_getdate_capped(e.expire);
  427. else
  428. expires = TIME_T_MAX; /* the end of time */
  429. result = hsts_create(h, e.name,
  430. /* bitfield to bool conversion: */
  431. e.includeSubDomains ? TRUE : FALSE,
  432. expires);
  433. if(result)
  434. return result;
  435. }
  436. else if(sc == CURLSTS_FAIL)
  437. return CURLE_ABORTED_BY_CALLBACK;
  438. } while(sc == CURLSTS_OK);
  439. }
  440. return CURLE_OK;
  441. }
  442. /*
  443. * Load the HSTS cache from the given file. The text based line-oriented file
  444. * format is documented here: https://curl.se/docs/hsts.html
  445. *
  446. * This function only returns error on major problems that prevent hsts
  447. * handling to work completely. It will ignore individual syntactical errors
  448. * etc.
  449. */
  450. static CURLcode hsts_load(struct hsts *h, const char *file)
  451. {
  452. CURLcode result = CURLE_OK;
  453. char *line = NULL;
  454. FILE *fp;
  455. /* we need a private copy of the file name so that the hsts cache file
  456. name survives an easy handle reset */
  457. free(h->filename);
  458. h->filename = strdup(file);
  459. if(!h->filename)
  460. return CURLE_OUT_OF_MEMORY;
  461. fp = fopen(file, FOPEN_READTEXT);
  462. if(fp) {
  463. line = malloc(MAX_HSTS_LINE);
  464. if(!line)
  465. goto fail;
  466. while(Curl_get_line(line, MAX_HSTS_LINE, fp)) {
  467. char *lineptr = line;
  468. while(*lineptr && ISBLANK(*lineptr))
  469. lineptr++;
  470. if(*lineptr == '#')
  471. /* skip commented lines */
  472. continue;
  473. hsts_add(h, lineptr);
  474. }
  475. free(line); /* free the line buffer */
  476. fclose(fp);
  477. }
  478. return result;
  479. fail:
  480. Curl_safefree(h->filename);
  481. fclose(fp);
  482. return CURLE_OUT_OF_MEMORY;
  483. }
  484. /*
  485. * Curl_hsts_loadfile() loads HSTS from file
  486. */
  487. CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
  488. struct hsts *h, const char *file)
  489. {
  490. DEBUGASSERT(h);
  491. (void)data;
  492. return hsts_load(h, file);
  493. }
  494. /*
  495. * Curl_hsts_loadcb() loads HSTS from callback
  496. */
  497. CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
  498. {
  499. if(h)
  500. return hsts_pull(data, h);
  501. return CURLE_OK;
  502. }
  503. #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */