2
0

hsts.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. /*
  25. * The Strict-Transport-Security header is defined in RFC 6797:
  26. * https://datatracker.ietf.org/doc/html/rfc6797
  27. */
  28. #include "curl_setup.h"
  29. #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
  30. #include <curl/curl.h>
  31. #include "urldata.h"
  32. #include "llist.h"
  33. #include "hsts.h"
  34. #include "curl_get_line.h"
  35. #include "strcase.h"
  36. #include "sendf.h"
  37. #include "strtoofft.h"
  38. #include "parsedate.h"
  39. #include "fopen.h"
  40. #include "rename.h"
  41. #include "share.h"
  42. #include "strdup.h"
  43. #include "strparse.h"
  44. /* The last 3 #include files should be in this order */
  45. #include "curl_printf.h"
  46. #include "curl_memory.h"
  47. #include "memdebug.h"
  48. #define MAX_HSTS_LINE 4095
  49. #define MAX_HSTS_HOSTLEN 2048
  50. #define MAX_HSTS_DATELEN 256
  51. #define UNLIMITED "unlimited"
  52. #if defined(DEBUGBUILD) || defined(UNITTESTS)
  53. /* to play well with debug builds, we can *set* a fixed time this will
  54. return */
  55. time_t deltatime; /* allow for "adjustments" for unit test purposes */
  56. static time_t hsts_debugtime(void *unused)
  57. {
  58. char *timestr = getenv("CURL_TIME");
  59. (void)unused;
  60. if(timestr) {
  61. curl_off_t val;
  62. (void)curlx_strtoofft(timestr, NULL, 10, &val);
  63. val += (curl_off_t)deltatime;
  64. return (time_t)val;
  65. }
  66. return time(NULL);
  67. }
  68. #undef time
  69. #define time(x) hsts_debugtime(x)
  70. #endif
  71. struct hsts *Curl_hsts_init(void)
  72. {
  73. struct hsts *h = calloc(1, sizeof(struct hsts));
  74. if(h) {
  75. Curl_llist_init(&h->list, NULL);
  76. }
  77. return h;
  78. }
  79. static void hsts_free(struct stsentry *e)
  80. {
  81. free((char *)e->host);
  82. free(e);
  83. }
  84. void Curl_hsts_cleanup(struct hsts **hp)
  85. {
  86. struct hsts *h = *hp;
  87. if(h) {
  88. struct Curl_llist_node *e;
  89. struct Curl_llist_node *n;
  90. for(e = Curl_llist_head(&h->list); e; e = n) {
  91. struct stsentry *sts = Curl_node_elem(e);
  92. n = Curl_node_next(e);
  93. hsts_free(sts);
  94. }
  95. free(h->filename);
  96. free(h);
  97. *hp = NULL;
  98. }
  99. }
  100. static CURLcode hsts_create(struct hsts *h,
  101. const char *hostname,
  102. size_t hlen,
  103. bool subdomains,
  104. curl_off_t expires)
  105. {
  106. DEBUGASSERT(h);
  107. DEBUGASSERT(hostname);
  108. if(hlen && (hostname[hlen - 1] == '.'))
  109. /* strip off any trailing dot */
  110. --hlen;
  111. if(hlen) {
  112. char *duphost;
  113. struct stsentry *sts = calloc(1, sizeof(struct stsentry));
  114. if(!sts)
  115. return CURLE_OUT_OF_MEMORY;
  116. duphost = Curl_memdup0(hostname, hlen);
  117. if(!duphost) {
  118. free(sts);
  119. return CURLE_OUT_OF_MEMORY;
  120. }
  121. sts->host = duphost;
  122. sts->expires = expires;
  123. sts->includeSubDomains = subdomains;
  124. Curl_llist_append(&h->list, sts, &sts->node);
  125. }
  126. return CURLE_OK;
  127. }
  128. CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
  129. const char *header)
  130. {
  131. const char *p = header;
  132. curl_off_t expires = 0;
  133. bool gotma = FALSE;
  134. bool gotinc = FALSE;
  135. bool subdomains = FALSE;
  136. struct stsentry *sts;
  137. time_t now = time(NULL);
  138. size_t hlen = strlen(hostname);
  139. if(Curl_host_is_ipnum(hostname))
  140. /* "explicit IP address identification of all forms is excluded."
  141. / RFC 6797 */
  142. return CURLE_OK;
  143. do {
  144. while(*p && ISBLANK(*p))
  145. p++;
  146. if(strncasecompare("max-age", p, 7)) {
  147. bool quoted = FALSE;
  148. CURLofft offt;
  149. char *endp;
  150. if(gotma)
  151. return CURLE_BAD_FUNCTION_ARGUMENT;
  152. p += 7;
  153. while(*p && ISBLANK(*p))
  154. p++;
  155. if(*p++ != '=')
  156. return CURLE_BAD_FUNCTION_ARGUMENT;
  157. while(*p && ISBLANK(*p))
  158. p++;
  159. if(*p == '\"') {
  160. p++;
  161. quoted = TRUE;
  162. }
  163. offt = curlx_strtoofft(p, &endp, 10, &expires);
  164. if(offt == CURL_OFFT_FLOW)
  165. expires = CURL_OFF_T_MAX;
  166. else if(offt)
  167. /* invalid max-age */
  168. return CURLE_BAD_FUNCTION_ARGUMENT;
  169. p = endp;
  170. if(quoted) {
  171. if(*p != '\"')
  172. return CURLE_BAD_FUNCTION_ARGUMENT;
  173. p++;
  174. }
  175. gotma = TRUE;
  176. }
  177. else if(strncasecompare("includesubdomains", p, 17)) {
  178. if(gotinc)
  179. return CURLE_BAD_FUNCTION_ARGUMENT;
  180. subdomains = TRUE;
  181. p += 17;
  182. gotinc = TRUE;
  183. }
  184. else {
  185. /* unknown directive, do a lame attempt to skip */
  186. while(*p && (*p != ';'))
  187. p++;
  188. }
  189. while(*p && ISBLANK(*p))
  190. p++;
  191. if(*p == ';')
  192. p++;
  193. } while(*p);
  194. if(!gotma)
  195. /* max-age is mandatory */
  196. return CURLE_BAD_FUNCTION_ARGUMENT;
  197. if(!expires) {
  198. /* remove the entry if present verbatim (without subdomain match) */
  199. sts = Curl_hsts(h, hostname, hlen, FALSE);
  200. if(sts) {
  201. Curl_node_remove(&sts->node);
  202. hsts_free(sts);
  203. }
  204. return CURLE_OK;
  205. }
  206. if(CURL_OFF_T_MAX - now < expires)
  207. /* would overflow, use maximum value */
  208. expires = CURL_OFF_T_MAX;
  209. else
  210. expires += now;
  211. /* check if it already exists */
  212. sts = Curl_hsts(h, hostname, hlen, FALSE);
  213. if(sts) {
  214. /* just update these fields */
  215. sts->expires = expires;
  216. sts->includeSubDomains = subdomains;
  217. }
  218. else
  219. return hsts_create(h, hostname, hlen, subdomains, expires);
  220. return CURLE_OK;
  221. }
  222. /*
  223. * Return TRUE if the given hostname is currently an HSTS one.
  224. *
  225. * The 'subdomain' argument tells the function if subdomain matching should be
  226. * attempted.
  227. */
  228. struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
  229. size_t hlen, bool subdomain)
  230. {
  231. struct stsentry *bestsub = NULL;
  232. if(h) {
  233. time_t now = time(NULL);
  234. struct Curl_llist_node *e;
  235. struct Curl_llist_node *n;
  236. size_t blen = 0;
  237. if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
  238. return NULL;
  239. if(hostname[hlen-1] == '.')
  240. /* remove the trailing dot */
  241. --hlen;
  242. for(e = Curl_llist_head(&h->list); e; e = n) {
  243. struct stsentry *sts = Curl_node_elem(e);
  244. size_t ntail;
  245. n = Curl_node_next(e);
  246. if(sts->expires <= now) {
  247. /* remove expired entries */
  248. Curl_node_remove(&sts->node);
  249. hsts_free(sts);
  250. continue;
  251. }
  252. ntail = strlen(sts->host);
  253. if((subdomain && sts->includeSubDomains) && (ntail < hlen)) {
  254. size_t offs = hlen - ntail;
  255. if((hostname[offs-1] == '.') &&
  256. strncasecompare(&hostname[offs], sts->host, ntail) &&
  257. (ntail > blen)) {
  258. /* save the tail match with the longest tail */
  259. bestsub = sts;
  260. blen = ntail;
  261. }
  262. }
  263. /* avoid strcasecompare because the host name is not null terminated */
  264. if((hlen == ntail) && strncasecompare(hostname, sts->host, hlen))
  265. return sts;
  266. }
  267. }
  268. return bestsub;
  269. }
  270. /*
  271. * Send this HSTS entry to the write callback.
  272. */
  273. static CURLcode hsts_push(struct Curl_easy *data,
  274. struct curl_index *i,
  275. struct stsentry *sts,
  276. bool *stop)
  277. {
  278. struct curl_hstsentry e;
  279. CURLSTScode sc;
  280. struct tm stamp;
  281. CURLcode result;
  282. e.name = (char *)sts->host;
  283. e.namelen = strlen(sts->host);
  284. e.includeSubDomains = sts->includeSubDomains;
  285. if(sts->expires != TIME_T_MAX) {
  286. result = Curl_gmtime((time_t)sts->expires, &stamp);
  287. if(result)
  288. return result;
  289. msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d",
  290. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  291. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  292. }
  293. else
  294. strcpy(e.expire, UNLIMITED);
  295. sc = data->set.hsts_write(data, &e, i,
  296. data->set.hsts_write_userp);
  297. *stop = (sc != CURLSTS_OK);
  298. return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
  299. }
  300. /*
  301. * Write this single hsts entry to a single output line
  302. */
  303. static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
  304. {
  305. struct tm stamp;
  306. if(sts->expires != TIME_T_MAX) {
  307. CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
  308. if(result)
  309. return result;
  310. fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n",
  311. sts->includeSubDomains ? ".": "", sts->host,
  312. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  313. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  314. }
  315. else
  316. fprintf(fp, "%s%s \"%s\"\n",
  317. sts->includeSubDomains ? ".": "", sts->host, UNLIMITED);
  318. return CURLE_OK;
  319. }
  320. /*
  321. * Curl_https_save() writes the HSTS cache to file and callback.
  322. */
  323. CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
  324. const char *file)
  325. {
  326. struct Curl_llist_node *e;
  327. struct Curl_llist_node *n;
  328. CURLcode result = CURLE_OK;
  329. FILE *out;
  330. char *tempstore = NULL;
  331. if(!h)
  332. /* no cache activated */
  333. return CURLE_OK;
  334. /* if no new name is given, use the one we stored from the load */
  335. if(!file && h->filename)
  336. file = h->filename;
  337. if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0])
  338. /* marked as read-only, no file or zero length filename */
  339. goto skipsave;
  340. result = Curl_fopen(data, file, &out, &tempstore);
  341. if(!result) {
  342. fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
  343. "# This file was generated by libcurl! Edit at your own risk.\n",
  344. out);
  345. for(e = Curl_llist_head(&h->list); e; e = n) {
  346. struct stsentry *sts = Curl_node_elem(e);
  347. n = Curl_node_next(e);
  348. result = hsts_out(sts, out);
  349. if(result)
  350. break;
  351. }
  352. fclose(out);
  353. if(!result && tempstore && Curl_rename(tempstore, file))
  354. result = CURLE_WRITE_ERROR;
  355. if(result && tempstore)
  356. unlink(tempstore);
  357. }
  358. free(tempstore);
  359. skipsave:
  360. if(data->set.hsts_write) {
  361. /* if there is a write callback */
  362. struct curl_index i; /* count */
  363. i.total = Curl_llist_count(&h->list);
  364. i.index = 0;
  365. for(e = Curl_llist_head(&h->list); e; e = n) {
  366. struct stsentry *sts = Curl_node_elem(e);
  367. bool stop;
  368. n = Curl_node_next(e);
  369. result = hsts_push(data, &i, sts, &stop);
  370. if(result || stop)
  371. break;
  372. i.index++;
  373. }
  374. }
  375. return result;
  376. }
  377. /* only returns SERIOUS errors */
  378. static CURLcode hsts_add(struct hsts *h, char *line)
  379. {
  380. /* Example lines:
  381. example.com "20191231 10:00:00"
  382. .example.net "20191231 10:00:00"
  383. */
  384. struct Curl_str host;
  385. struct Curl_str date;
  386. if(Curl_str_word(&line, &host, MAX_HSTS_HOSTLEN) ||
  387. Curl_str_singlespace(&line) ||
  388. Curl_str_quotedword(&line, &date, MAX_HSTS_DATELEN) ||
  389. Curl_str_newline(&line))
  390. ;
  391. else {
  392. CURLcode result = CURLE_OK;
  393. bool subdomain = FALSE;
  394. struct stsentry *e;
  395. char dbuf[MAX_HSTS_DATELEN + 1];
  396. time_t expires;
  397. /* The date parser works on a null terminated string. The maximum length
  398. is upheld by Curl_str_quotedword(). */
  399. memcpy(dbuf, date.str, date.len);
  400. dbuf[date.len] = 0;
  401. expires = strcmp(dbuf, UNLIMITED) ? Curl_getdate_capped(dbuf) :
  402. TIME_T_MAX;
  403. if(host.str[0] == '.') {
  404. host.str++;
  405. host.len--;
  406. subdomain = TRUE;
  407. }
  408. /* only add it if not already present */
  409. e = Curl_hsts(h, host.str, host.len, subdomain);
  410. if(!e)
  411. result = hsts_create(h, host.str, host.len, subdomain, expires);
  412. else if((strlen(e->host) == host.len) &&
  413. strncasecompare(host.str, e->host, host.len)) {
  414. /* the same hostname, use the largest expire time */
  415. if(expires > e->expires)
  416. e->expires = expires;
  417. }
  418. if(result)
  419. return result;
  420. }
  421. return CURLE_OK;
  422. }
  423. /*
  424. * Load HSTS data from callback.
  425. *
  426. */
  427. static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
  428. {
  429. /* if the HSTS read callback is set, use it */
  430. if(data->set.hsts_read) {
  431. CURLSTScode sc;
  432. DEBUGASSERT(h);
  433. do {
  434. char buffer[MAX_HSTS_HOSTLEN + 1];
  435. struct curl_hstsentry e;
  436. e.name = buffer;
  437. e.namelen = sizeof(buffer)-1;
  438. e.includeSubDomains = FALSE; /* default */
  439. e.expire[0] = 0;
  440. e.name[0] = 0; /* just to make it clean */
  441. sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp);
  442. if(sc == CURLSTS_OK) {
  443. time_t expires;
  444. CURLcode result;
  445. DEBUGASSERT(e.name[0]);
  446. if(!e.name[0])
  447. /* bail out if no name was stored */
  448. return CURLE_BAD_FUNCTION_ARGUMENT;
  449. if(e.expire[0])
  450. expires = Curl_getdate_capped(e.expire);
  451. else
  452. expires = TIME_T_MAX; /* the end of time */
  453. result = hsts_create(h, e.name, strlen(e.name),
  454. /* bitfield to bool conversion: */
  455. e.includeSubDomains ? TRUE : FALSE,
  456. expires);
  457. if(result)
  458. return result;
  459. }
  460. else if(sc == CURLSTS_FAIL)
  461. return CURLE_ABORTED_BY_CALLBACK;
  462. } while(sc == CURLSTS_OK);
  463. }
  464. return CURLE_OK;
  465. }
  466. /*
  467. * Load the HSTS cache from the given file. The text based line-oriented file
  468. * format is documented here: https://curl.se/docs/hsts.html
  469. *
  470. * This function only returns error on major problems that prevent hsts
  471. * handling to work completely. It will ignore individual syntactical errors
  472. * etc.
  473. */
  474. static CURLcode hsts_load(struct hsts *h, const char *file)
  475. {
  476. CURLcode result = CURLE_OK;
  477. FILE *fp;
  478. /* we need a private copy of the filename so that the hsts cache file
  479. name survives an easy handle reset */
  480. free(h->filename);
  481. h->filename = strdup(file);
  482. if(!h->filename)
  483. return CURLE_OUT_OF_MEMORY;
  484. fp = fopen(file, FOPEN_READTEXT);
  485. if(fp) {
  486. struct dynbuf buf;
  487. Curl_dyn_init(&buf, MAX_HSTS_LINE);
  488. while(Curl_get_line(&buf, fp)) {
  489. char *lineptr = Curl_dyn_ptr(&buf);
  490. while(*lineptr && ISBLANK(*lineptr))
  491. lineptr++;
  492. /*
  493. * Skip empty or commented lines, since we know the line will have a
  494. * trailing newline from Curl_get_line we can treat length 1 as empty.
  495. */
  496. if((*lineptr == '#') || strlen(lineptr) <= 1)
  497. continue;
  498. hsts_add(h, lineptr);
  499. }
  500. Curl_dyn_free(&buf); /* free the line buffer */
  501. fclose(fp);
  502. }
  503. return result;
  504. }
  505. /*
  506. * Curl_hsts_loadfile() loads HSTS from file
  507. */
  508. CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
  509. struct hsts *h, const char *file)
  510. {
  511. DEBUGASSERT(h);
  512. (void)data;
  513. return hsts_load(h, file);
  514. }
  515. /*
  516. * Curl_hsts_loadcb() loads HSTS from callback
  517. */
  518. CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
  519. {
  520. if(h)
  521. return hsts_pull(data, h);
  522. return CURLE_OK;
  523. }
  524. void Curl_hsts_loadfiles(struct Curl_easy *data)
  525. {
  526. struct curl_slist *l = data->state.hstslist;
  527. if(l) {
  528. Curl_share_lock(data, CURL_LOCK_DATA_HSTS, CURL_LOCK_ACCESS_SINGLE);
  529. while(l) {
  530. (void)Curl_hsts_loadfile(data, data->hsts, l->data);
  531. l = l->next;
  532. }
  533. Curl_share_unlock(data, CURL_LOCK_DATA_HSTS);
  534. }
  535. }
  536. #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */