hsts.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. /*
  25. * The Strict-Transport-Security header is defined in RFC 6797:
  26. * https://datatracker.ietf.org/doc/html/rfc6797
  27. */
  28. #include "curl_setup.h"
  29. #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
  30. #include <curl/curl.h>
  31. #include "urldata.h"
  32. #include "llist.h"
  33. #include "hsts.h"
  34. #include "curl_get_line.h"
  35. #include "strcase.h"
  36. #include "sendf.h"
  37. #include "strtoofft.h"
  38. #include "parsedate.h"
  39. #include "fopen.h"
  40. #include "rename.h"
  41. #include "share.h"
  42. #include "strdup.h"
  43. /* The last 3 #include files should be in this order */
  44. #include "curl_printf.h"
  45. #include "curl_memory.h"
  46. #include "memdebug.h"
  47. #define MAX_HSTS_LINE 4095
  48. #define MAX_HSTS_HOSTLEN 256
  49. #define MAX_HSTS_HOSTLENSTR "256"
  50. #define MAX_HSTS_DATELEN 64
  51. #define MAX_HSTS_DATELENSTR "64"
  52. #define UNLIMITED "unlimited"
  53. #ifdef DEBUGBUILD
  54. /* to play well with debug builds, we can *set* a fixed time this will
  55. return */
  56. time_t deltatime; /* allow for "adjustments" for unit test purposes */
  57. static time_t hsts_debugtime(void *unused)
  58. {
  59. char *timestr = getenv("CURL_TIME");
  60. (void)unused;
  61. if(timestr) {
  62. curl_off_t val;
  63. (void)curlx_strtoofft(timestr, NULL, 10, &val);
  64. val += (curl_off_t)deltatime;
  65. return (time_t)val;
  66. }
  67. return time(NULL);
  68. }
  69. #undef time
  70. #define time(x) hsts_debugtime(x)
  71. #endif
  72. struct hsts *Curl_hsts_init(void)
  73. {
  74. struct hsts *h = calloc(1, sizeof(struct hsts));
  75. if(h) {
  76. Curl_llist_init(&h->list, NULL);
  77. }
  78. return h;
  79. }
  80. static void hsts_free(struct stsentry *e)
  81. {
  82. free((char *)e->host);
  83. free(e);
  84. }
  85. void Curl_hsts_cleanup(struct hsts **hp)
  86. {
  87. struct hsts *h = *hp;
  88. if(h) {
  89. struct Curl_llist_element *e;
  90. struct Curl_llist_element *n;
  91. for(e = h->list.head; e; e = n) {
  92. struct stsentry *sts = e->ptr;
  93. n = e->next;
  94. hsts_free(sts);
  95. }
  96. free(h->filename);
  97. free(h);
  98. *hp = NULL;
  99. }
  100. }
  101. static CURLcode hsts_create(struct hsts *h,
  102. const char *hostname,
  103. bool subdomains,
  104. curl_off_t expires)
  105. {
  106. size_t hlen;
  107. DEBUGASSERT(h);
  108. DEBUGASSERT(hostname);
  109. hlen = strlen(hostname);
  110. if(hlen && (hostname[hlen - 1] == '.'))
  111. /* strip off any trailing dot */
  112. --hlen;
  113. if(hlen) {
  114. char *duphost;
  115. struct stsentry *sts = calloc(1, sizeof(struct stsentry));
  116. if(!sts)
  117. return CURLE_OUT_OF_MEMORY;
  118. duphost = Curl_memdup0(hostname, hlen);
  119. if(!duphost) {
  120. free(sts);
  121. return CURLE_OUT_OF_MEMORY;
  122. }
  123. sts->host = duphost;
  124. sts->expires = expires;
  125. sts->includeSubDomains = subdomains;
  126. Curl_llist_append(&h->list, sts, &sts->node);
  127. }
  128. return CURLE_OK;
  129. }
  130. CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
  131. const char *header)
  132. {
  133. const char *p = header;
  134. curl_off_t expires = 0;
  135. bool gotma = FALSE;
  136. bool gotinc = FALSE;
  137. bool subdomains = FALSE;
  138. struct stsentry *sts;
  139. time_t now = time(NULL);
  140. if(Curl_host_is_ipnum(hostname))
  141. /* "explicit IP address identification of all forms is excluded."
  142. / RFC 6797 */
  143. return CURLE_OK;
  144. do {
  145. while(*p && ISBLANK(*p))
  146. p++;
  147. if(strncasecompare("max-age=", p, 8)) {
  148. bool quoted = FALSE;
  149. CURLofft offt;
  150. char *endp;
  151. if(gotma)
  152. return CURLE_BAD_FUNCTION_ARGUMENT;
  153. p += 8;
  154. while(*p && ISBLANK(*p))
  155. p++;
  156. if(*p == '\"') {
  157. p++;
  158. quoted = TRUE;
  159. }
  160. offt = curlx_strtoofft(p, &endp, 10, &expires);
  161. if(offt == CURL_OFFT_FLOW)
  162. expires = CURL_OFF_T_MAX;
  163. else if(offt)
  164. /* invalid max-age */
  165. return CURLE_BAD_FUNCTION_ARGUMENT;
  166. p = endp;
  167. if(quoted) {
  168. if(*p != '\"')
  169. return CURLE_BAD_FUNCTION_ARGUMENT;
  170. p++;
  171. }
  172. gotma = TRUE;
  173. }
  174. else if(strncasecompare("includesubdomains", p, 17)) {
  175. if(gotinc)
  176. return CURLE_BAD_FUNCTION_ARGUMENT;
  177. subdomains = TRUE;
  178. p += 17;
  179. gotinc = TRUE;
  180. }
  181. else {
  182. /* unknown directive, do a lame attempt to skip */
  183. while(*p && (*p != ';'))
  184. p++;
  185. }
  186. while(*p && ISBLANK(*p))
  187. p++;
  188. if(*p == ';')
  189. p++;
  190. } while(*p);
  191. if(!gotma)
  192. /* max-age is mandatory */
  193. return CURLE_BAD_FUNCTION_ARGUMENT;
  194. if(!expires) {
  195. /* remove the entry if present verbatim (without subdomain match) */
  196. sts = Curl_hsts(h, hostname, FALSE);
  197. if(sts) {
  198. Curl_llist_remove(&h->list, &sts->node, NULL);
  199. hsts_free(sts);
  200. }
  201. return CURLE_OK;
  202. }
  203. if(CURL_OFF_T_MAX - now < expires)
  204. /* would overflow, use maximum value */
  205. expires = CURL_OFF_T_MAX;
  206. else
  207. expires += now;
  208. /* check if it already exists */
  209. sts = Curl_hsts(h, hostname, FALSE);
  210. if(sts) {
  211. /* just update these fields */
  212. sts->expires = expires;
  213. sts->includeSubDomains = subdomains;
  214. }
  215. else
  216. return hsts_create(h, hostname, subdomains, expires);
  217. return CURLE_OK;
  218. }
  219. /*
  220. * Return TRUE if the given host name is currently an HSTS one.
  221. *
  222. * The 'subdomain' argument tells the function if subdomain matching should be
  223. * attempted.
  224. */
  225. struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
  226. bool subdomain)
  227. {
  228. if(h) {
  229. char buffer[MAX_HSTS_HOSTLEN + 1];
  230. time_t now = time(NULL);
  231. size_t hlen = strlen(hostname);
  232. struct Curl_llist_element *e;
  233. struct Curl_llist_element *n;
  234. if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
  235. return NULL;
  236. memcpy(buffer, hostname, hlen);
  237. if(hostname[hlen-1] == '.')
  238. /* remove the trailing dot */
  239. --hlen;
  240. buffer[hlen] = 0;
  241. hostname = buffer;
  242. for(e = h->list.head; e; e = n) {
  243. struct stsentry *sts = e->ptr;
  244. n = e->next;
  245. if(sts->expires <= now) {
  246. /* remove expired entries */
  247. Curl_llist_remove(&h->list, &sts->node, NULL);
  248. hsts_free(sts);
  249. continue;
  250. }
  251. if(subdomain && sts->includeSubDomains) {
  252. size_t ntail = strlen(sts->host);
  253. if(ntail < hlen) {
  254. size_t offs = hlen - ntail;
  255. if((hostname[offs-1] == '.') &&
  256. strncasecompare(&hostname[offs], sts->host, ntail))
  257. return sts;
  258. }
  259. }
  260. if(strcasecompare(hostname, sts->host))
  261. return sts;
  262. }
  263. }
  264. return NULL; /* no match */
  265. }
  266. /*
  267. * Send this HSTS entry to the write callback.
  268. */
  269. static CURLcode hsts_push(struct Curl_easy *data,
  270. struct curl_index *i,
  271. struct stsentry *sts,
  272. bool *stop)
  273. {
  274. struct curl_hstsentry e;
  275. CURLSTScode sc;
  276. struct tm stamp;
  277. CURLcode result;
  278. e.name = (char *)sts->host;
  279. e.namelen = strlen(sts->host);
  280. e.includeSubDomains = sts->includeSubDomains;
  281. if(sts->expires != TIME_T_MAX) {
  282. result = Curl_gmtime((time_t)sts->expires, &stamp);
  283. if(result)
  284. return result;
  285. msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d",
  286. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  287. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  288. }
  289. else
  290. strcpy(e.expire, UNLIMITED);
  291. sc = data->set.hsts_write(data, &e, i,
  292. data->set.hsts_write_userp);
  293. *stop = (sc != CURLSTS_OK);
  294. return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
  295. }
  296. /*
  297. * Write this single hsts entry to a single output line
  298. */
  299. static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
  300. {
  301. struct tm stamp;
  302. if(sts->expires != TIME_T_MAX) {
  303. CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
  304. if(result)
  305. return result;
  306. fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n",
  307. sts->includeSubDomains ? ".": "", sts->host,
  308. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  309. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  310. }
  311. else
  312. fprintf(fp, "%s%s \"%s\"\n",
  313. sts->includeSubDomains ? ".": "", sts->host, UNLIMITED);
  314. return CURLE_OK;
  315. }
  316. /*
  317. * Curl_https_save() writes the HSTS cache to file and callback.
  318. */
  319. CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
  320. const char *file)
  321. {
  322. struct Curl_llist_element *e;
  323. struct Curl_llist_element *n;
  324. CURLcode result = CURLE_OK;
  325. FILE *out;
  326. char *tempstore = NULL;
  327. if(!h)
  328. /* no cache activated */
  329. return CURLE_OK;
  330. /* if no new name is given, use the one we stored from the load */
  331. if(!file && h->filename)
  332. file = h->filename;
  333. if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0])
  334. /* marked as read-only, no file or zero length file name */
  335. goto skipsave;
  336. result = Curl_fopen(data, file, &out, &tempstore);
  337. if(!result) {
  338. fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
  339. "# This file was generated by libcurl! Edit at your own risk.\n",
  340. out);
  341. for(e = h->list.head; e; e = n) {
  342. struct stsentry *sts = e->ptr;
  343. n = e->next;
  344. result = hsts_out(sts, out);
  345. if(result)
  346. break;
  347. }
  348. fclose(out);
  349. if(!result && tempstore && Curl_rename(tempstore, file))
  350. result = CURLE_WRITE_ERROR;
  351. if(result && tempstore)
  352. unlink(tempstore);
  353. }
  354. free(tempstore);
  355. skipsave:
  356. if(data->set.hsts_write) {
  357. /* if there's a write callback */
  358. struct curl_index i; /* count */
  359. i.total = h->list.size;
  360. i.index = 0;
  361. for(e = h->list.head; e; e = n) {
  362. struct stsentry *sts = e->ptr;
  363. bool stop;
  364. n = e->next;
  365. result = hsts_push(data, &i, sts, &stop);
  366. if(result || stop)
  367. break;
  368. i.index++;
  369. }
  370. }
  371. return result;
  372. }
  373. /* only returns SERIOUS errors */
  374. static CURLcode hsts_add(struct hsts *h, char *line)
  375. {
  376. /* Example lines:
  377. example.com "20191231 10:00:00"
  378. .example.net "20191231 10:00:00"
  379. */
  380. char host[MAX_HSTS_HOSTLEN + 1];
  381. char date[MAX_HSTS_DATELEN + 1];
  382. int rc;
  383. rc = sscanf(line,
  384. "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"",
  385. host, date);
  386. if(2 == rc) {
  387. time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
  388. TIME_T_MAX;
  389. CURLcode result = CURLE_OK;
  390. char *p = host;
  391. bool subdomain = FALSE;
  392. struct stsentry *e;
  393. if(p[0] == '.') {
  394. p++;
  395. subdomain = TRUE;
  396. }
  397. /* only add it if not already present */
  398. e = Curl_hsts(h, p, subdomain);
  399. if(!e)
  400. result = hsts_create(h, p, subdomain, expires);
  401. else {
  402. /* the same host name, use the largest expire time */
  403. if(expires > e->expires)
  404. e->expires = expires;
  405. }
  406. if(result)
  407. return result;
  408. }
  409. return CURLE_OK;
  410. }
  411. /*
  412. * Load HSTS data from callback.
  413. *
  414. */
  415. static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
  416. {
  417. /* if the HSTS read callback is set, use it */
  418. if(data->set.hsts_read) {
  419. CURLSTScode sc;
  420. DEBUGASSERT(h);
  421. do {
  422. char buffer[MAX_HSTS_HOSTLEN + 1];
  423. struct curl_hstsentry e;
  424. e.name = buffer;
  425. e.namelen = sizeof(buffer)-1;
  426. e.includeSubDomains = FALSE; /* default */
  427. e.expire[0] = 0;
  428. e.name[0] = 0; /* just to make it clean */
  429. sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp);
  430. if(sc == CURLSTS_OK) {
  431. time_t expires;
  432. CURLcode result;
  433. DEBUGASSERT(e.name[0]);
  434. if(!e.name[0])
  435. /* bail out if no name was stored */
  436. return CURLE_BAD_FUNCTION_ARGUMENT;
  437. if(e.expire[0])
  438. expires = Curl_getdate_capped(e.expire);
  439. else
  440. expires = TIME_T_MAX; /* the end of time */
  441. result = hsts_create(h, e.name,
  442. /* bitfield to bool conversion: */
  443. e.includeSubDomains ? TRUE : FALSE,
  444. expires);
  445. if(result)
  446. return result;
  447. }
  448. else if(sc == CURLSTS_FAIL)
  449. return CURLE_ABORTED_BY_CALLBACK;
  450. } while(sc == CURLSTS_OK);
  451. }
  452. return CURLE_OK;
  453. }
  454. /*
  455. * Load the HSTS cache from the given file. The text based line-oriented file
  456. * format is documented here: https://curl.se/docs/hsts.html
  457. *
  458. * This function only returns error on major problems that prevent hsts
  459. * handling to work completely. It will ignore individual syntactical errors
  460. * etc.
  461. */
  462. static CURLcode hsts_load(struct hsts *h, const char *file)
  463. {
  464. CURLcode result = CURLE_OK;
  465. FILE *fp;
  466. /* we need a private copy of the file name so that the hsts cache file
  467. name survives an easy handle reset */
  468. free(h->filename);
  469. h->filename = strdup(file);
  470. if(!h->filename)
  471. return CURLE_OUT_OF_MEMORY;
  472. fp = fopen(file, FOPEN_READTEXT);
  473. if(fp) {
  474. struct dynbuf buf;
  475. Curl_dyn_init(&buf, MAX_HSTS_LINE);
  476. while(Curl_get_line(&buf, fp)) {
  477. char *lineptr = Curl_dyn_ptr(&buf);
  478. while(*lineptr && ISBLANK(*lineptr))
  479. lineptr++;
  480. /*
  481. * Skip empty or commented lines, since we know the line will have a
  482. * trailing newline from Curl_get_line we can treat length 1 as empty.
  483. */
  484. if((*lineptr == '#') || strlen(lineptr) <= 1)
  485. continue;
  486. hsts_add(h, lineptr);
  487. }
  488. Curl_dyn_free(&buf); /* free the line buffer */
  489. fclose(fp);
  490. }
  491. return result;
  492. }
  493. /*
  494. * Curl_hsts_loadfile() loads HSTS from file
  495. */
  496. CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
  497. struct hsts *h, const char *file)
  498. {
  499. DEBUGASSERT(h);
  500. (void)data;
  501. return hsts_load(h, file);
  502. }
  503. /*
  504. * Curl_hsts_loadcb() loads HSTS from callback
  505. */
  506. CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
  507. {
  508. if(h)
  509. return hsts_pull(data, h);
  510. return CURLE_OK;
  511. }
  512. void Curl_hsts_loadfiles(struct Curl_easy *data)
  513. {
  514. struct curl_slist *l = data->state.hstslist;
  515. if(l) {
  516. Curl_share_lock(data, CURL_LOCK_DATA_HSTS, CURL_LOCK_ACCESS_SINGLE);
  517. while(l) {
  518. (void)Curl_hsts_loadfile(data, data->hsts, l->data);
  519. l = l->next;
  520. }
  521. Curl_share_unlock(data, CURL_LOCK_DATA_HSTS);
  522. }
  523. }
  524. #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */