2
0

hsts.c 15 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. /*
  25. * The Strict-Transport-Security header is defined in RFC 6797:
  26. * https://datatracker.ietf.org/doc/html/rfc6797
  27. */
  28. #include "curl_setup.h"
  29. #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
  30. #include <curl/curl.h>
  31. #include "urldata.h"
  32. #include "llist.h"
  33. #include "hsts.h"
  34. #include "curl_get_line.h"
  35. #include "strcase.h"
  36. #include "sendf.h"
  37. #include "strtoofft.h"
  38. #include "parsedate.h"
  39. #include "fopen.h"
  40. #include "rename.h"
  41. #include "share.h"
  42. /* The last 3 #include files should be in this order */
  43. #include "curl_printf.h"
  44. #include "curl_memory.h"
  45. #include "memdebug.h"
  46. #define MAX_HSTS_LINE 4095
  47. #define MAX_HSTS_HOSTLEN 256
  48. #define MAX_HSTS_HOSTLENSTR "256"
  49. #define MAX_HSTS_DATELEN 64
  50. #define MAX_HSTS_DATELENSTR "64"
  51. #define UNLIMITED "unlimited"
  52. #ifdef DEBUGBUILD
  53. /* to play well with debug builds, we can *set* a fixed time this will
  54. return */
  55. time_t deltatime; /* allow for "adjustments" for unit test purposes */
  56. static time_t hsts_debugtime(void *unused)
  57. {
  58. char *timestr = getenv("CURL_TIME");
  59. (void)unused;
  60. if(timestr) {
  61. curl_off_t val;
  62. (void)curlx_strtoofft(timestr, NULL, 10, &val);
  63. val += (curl_off_t)deltatime;
  64. return (time_t)val;
  65. }
  66. return time(NULL);
  67. }
  68. #undef time
  69. #define time(x) hsts_debugtime(x)
  70. #endif
  71. struct hsts *Curl_hsts_init(void)
  72. {
  73. struct hsts *h = calloc(sizeof(struct hsts), 1);
  74. if(h) {
  75. Curl_llist_init(&h->list, NULL);
  76. }
  77. return h;
  78. }
  79. static void hsts_free(struct stsentry *e)
  80. {
  81. free((char *)e->host);
  82. free(e);
  83. }
  84. void Curl_hsts_cleanup(struct hsts **hp)
  85. {
  86. struct hsts *h = *hp;
  87. if(h) {
  88. struct Curl_llist_element *e;
  89. struct Curl_llist_element *n;
  90. for(e = h->list.head; e; e = n) {
  91. struct stsentry *sts = e->ptr;
  92. n = e->next;
  93. hsts_free(sts);
  94. }
  95. free(h->filename);
  96. free(h);
  97. *hp = NULL;
  98. }
  99. }
  100. static struct stsentry *hsts_entry(void)
  101. {
  102. return calloc(sizeof(struct stsentry), 1);
  103. }
  104. static CURLcode hsts_create(struct hsts *h,
  105. const char *hostname,
  106. bool subdomains,
  107. curl_off_t expires)
  108. {
  109. struct stsentry *sts = hsts_entry();
  110. char *duphost;
  111. size_t hlen;
  112. if(!sts)
  113. return CURLE_OUT_OF_MEMORY;
  114. duphost = strdup(hostname);
  115. if(!duphost) {
  116. free(sts);
  117. return CURLE_OUT_OF_MEMORY;
  118. }
  119. hlen = strlen(duphost);
  120. if(duphost[hlen - 1] == '.')
  121. /* strip off trailing any dot */
  122. duphost[--hlen] = 0;
  123. sts->host = duphost;
  124. sts->expires = expires;
  125. sts->includeSubDomains = subdomains;
  126. Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
  127. return CURLE_OK;
  128. }
  129. CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
  130. const char *header)
  131. {
  132. const char *p = header;
  133. curl_off_t expires = 0;
  134. bool gotma = FALSE;
  135. bool gotinc = FALSE;
  136. bool subdomains = FALSE;
  137. struct stsentry *sts;
  138. time_t now = time(NULL);
  139. if(Curl_host_is_ipnum(hostname))
  140. /* "explicit IP address identification of all forms is excluded."
  141. / RFC 6797 */
  142. return CURLE_OK;
  143. do {
  144. while(*p && ISBLANK(*p))
  145. p++;
  146. if(strncasecompare("max-age=", p, 8)) {
  147. bool quoted = FALSE;
  148. CURLofft offt;
  149. char *endp;
  150. if(gotma)
  151. return CURLE_BAD_FUNCTION_ARGUMENT;
  152. p += 8;
  153. while(*p && ISBLANK(*p))
  154. p++;
  155. if(*p == '\"') {
  156. p++;
  157. quoted = TRUE;
  158. }
  159. offt = curlx_strtoofft(p, &endp, 10, &expires);
  160. if(offt == CURL_OFFT_FLOW)
  161. expires = CURL_OFF_T_MAX;
  162. else if(offt)
  163. /* invalid max-age */
  164. return CURLE_BAD_FUNCTION_ARGUMENT;
  165. p = endp;
  166. if(quoted) {
  167. if(*p != '\"')
  168. return CURLE_BAD_FUNCTION_ARGUMENT;
  169. p++;
  170. }
  171. gotma = TRUE;
  172. }
  173. else if(strncasecompare("includesubdomains", p, 17)) {
  174. if(gotinc)
  175. return CURLE_BAD_FUNCTION_ARGUMENT;
  176. subdomains = TRUE;
  177. p += 17;
  178. gotinc = TRUE;
  179. }
  180. else {
  181. /* unknown directive, do a lame attempt to skip */
  182. while(*p && (*p != ';'))
  183. p++;
  184. }
  185. while(*p && ISBLANK(*p))
  186. p++;
  187. if(*p == ';')
  188. p++;
  189. } while(*p);
  190. if(!gotma)
  191. /* max-age is mandatory */
  192. return CURLE_BAD_FUNCTION_ARGUMENT;
  193. if(!expires) {
  194. /* remove the entry if present verbatim (without subdomain match) */
  195. sts = Curl_hsts(h, hostname, FALSE);
  196. if(sts) {
  197. Curl_llist_remove(&h->list, &sts->node, NULL);
  198. hsts_free(sts);
  199. }
  200. return CURLE_OK;
  201. }
  202. if(CURL_OFF_T_MAX - now < expires)
  203. /* would overflow, use maximum value */
  204. expires = CURL_OFF_T_MAX;
  205. else
  206. expires += now;
  207. /* check if it already exists */
  208. sts = Curl_hsts(h, hostname, FALSE);
  209. if(sts) {
  210. /* just update these fields */
  211. sts->expires = expires;
  212. sts->includeSubDomains = subdomains;
  213. }
  214. else
  215. return hsts_create(h, hostname, subdomains, expires);
  216. return CURLE_OK;
  217. }
  218. /*
  219. * Return TRUE if the given host name is currently an HSTS one.
  220. *
  221. * The 'subdomain' argument tells the function if subdomain matching should be
  222. * attempted.
  223. */
  224. struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
  225. bool subdomain)
  226. {
  227. if(h) {
  228. char buffer[MAX_HSTS_HOSTLEN + 1];
  229. time_t now = time(NULL);
  230. size_t hlen = strlen(hostname);
  231. struct Curl_llist_element *e;
  232. struct Curl_llist_element *n;
  233. if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
  234. return NULL;
  235. memcpy(buffer, hostname, hlen);
  236. if(hostname[hlen-1] == '.')
  237. /* remove the trailing dot */
  238. --hlen;
  239. buffer[hlen] = 0;
  240. hostname = buffer;
  241. for(e = h->list.head; e; e = n) {
  242. struct stsentry *sts = e->ptr;
  243. n = e->next;
  244. if(sts->expires <= now) {
  245. /* remove expired entries */
  246. Curl_llist_remove(&h->list, &sts->node, NULL);
  247. hsts_free(sts);
  248. continue;
  249. }
  250. if(subdomain && sts->includeSubDomains) {
  251. size_t ntail = strlen(sts->host);
  252. if(ntail < hlen) {
  253. size_t offs = hlen - ntail;
  254. if((hostname[offs-1] == '.') &&
  255. strncasecompare(&hostname[offs], sts->host, ntail))
  256. return sts;
  257. }
  258. }
  259. if(strcasecompare(hostname, sts->host))
  260. return sts;
  261. }
  262. }
  263. return NULL; /* no match */
  264. }
  265. /*
  266. * Send this HSTS entry to the write callback.
  267. */
  268. static CURLcode hsts_push(struct Curl_easy *data,
  269. struct curl_index *i,
  270. struct stsentry *sts,
  271. bool *stop)
  272. {
  273. struct curl_hstsentry e;
  274. CURLSTScode sc;
  275. struct tm stamp;
  276. CURLcode result;
  277. e.name = (char *)sts->host;
  278. e.namelen = strlen(sts->host);
  279. e.includeSubDomains = sts->includeSubDomains;
  280. if(sts->expires != TIME_T_MAX) {
  281. result = Curl_gmtime((time_t)sts->expires, &stamp);
  282. if(result)
  283. return result;
  284. msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d",
  285. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  286. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  287. }
  288. else
  289. strcpy(e.expire, UNLIMITED);
  290. sc = data->set.hsts_write(data, &e, i,
  291. data->set.hsts_write_userp);
  292. *stop = (sc != CURLSTS_OK);
  293. return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
  294. }
  295. /*
  296. * Write this single hsts entry to a single output line
  297. */
  298. static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
  299. {
  300. struct tm stamp;
  301. if(sts->expires != TIME_T_MAX) {
  302. CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
  303. if(result)
  304. return result;
  305. fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n",
  306. sts->includeSubDomains ? ".": "", sts->host,
  307. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  308. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  309. }
  310. else
  311. fprintf(fp, "%s%s \"%s\"\n",
  312. sts->includeSubDomains ? ".": "", sts->host, UNLIMITED);
  313. return CURLE_OK;
  314. }
  315. /*
  316. * Curl_https_save() writes the HSTS cache to file and callback.
  317. */
  318. CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
  319. const char *file)
  320. {
  321. struct Curl_llist_element *e;
  322. struct Curl_llist_element *n;
  323. CURLcode result = CURLE_OK;
  324. FILE *out;
  325. char *tempstore = NULL;
  326. if(!h)
  327. /* no cache activated */
  328. return CURLE_OK;
  329. /* if no new name is given, use the one we stored from the load */
  330. if(!file && h->filename)
  331. file = h->filename;
  332. if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0])
  333. /* marked as read-only, no file or zero length file name */
  334. goto skipsave;
  335. result = Curl_fopen(data, file, &out, &tempstore);
  336. if(!result) {
  337. fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
  338. "# This file was generated by libcurl! Edit at your own risk.\n",
  339. out);
  340. for(e = h->list.head; e; e = n) {
  341. struct stsentry *sts = e->ptr;
  342. n = e->next;
  343. result = hsts_out(sts, out);
  344. if(result)
  345. break;
  346. }
  347. fclose(out);
  348. if(!result && tempstore && Curl_rename(tempstore, file))
  349. result = CURLE_WRITE_ERROR;
  350. if(result && tempstore)
  351. unlink(tempstore);
  352. }
  353. free(tempstore);
  354. skipsave:
  355. if(data->set.hsts_write) {
  356. /* if there's a write callback */
  357. struct curl_index i; /* count */
  358. i.total = h->list.size;
  359. i.index = 0;
  360. for(e = h->list.head; e; e = n) {
  361. struct stsentry *sts = e->ptr;
  362. bool stop;
  363. n = e->next;
  364. result = hsts_push(data, &i, sts, &stop);
  365. if(result || stop)
  366. break;
  367. i.index++;
  368. }
  369. }
  370. return result;
  371. }
  372. /* only returns SERIOUS errors */
  373. static CURLcode hsts_add(struct hsts *h, char *line)
  374. {
  375. /* Example lines:
  376. example.com "20191231 10:00:00"
  377. .example.net "20191231 10:00:00"
  378. */
  379. char host[MAX_HSTS_HOSTLEN + 1];
  380. char date[MAX_HSTS_DATELEN + 1];
  381. int rc;
  382. rc = sscanf(line,
  383. "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"",
  384. host, date);
  385. if(2 == rc) {
  386. time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
  387. TIME_T_MAX;
  388. CURLcode result = CURLE_OK;
  389. char *p = host;
  390. bool subdomain = FALSE;
  391. struct stsentry *e;
  392. if(p[0] == '.') {
  393. p++;
  394. subdomain = TRUE;
  395. }
  396. /* only add it if not already present */
  397. e = Curl_hsts(h, p, subdomain);
  398. if(!e)
  399. result = hsts_create(h, p, subdomain, expires);
  400. else {
  401. /* the same host name, use the largest expire time */
  402. if(expires > e->expires)
  403. e->expires = expires;
  404. }
  405. if(result)
  406. return result;
  407. }
  408. return CURLE_OK;
  409. }
  410. /*
  411. * Load HSTS data from callback.
  412. *
  413. */
  414. static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
  415. {
  416. /* if the HSTS read callback is set, use it */
  417. if(data->set.hsts_read) {
  418. CURLSTScode sc;
  419. DEBUGASSERT(h);
  420. do {
  421. char buffer[MAX_HSTS_HOSTLEN + 1];
  422. struct curl_hstsentry e;
  423. e.name = buffer;
  424. e.namelen = sizeof(buffer)-1;
  425. e.includeSubDomains = FALSE; /* default */
  426. e.expire[0] = 0;
  427. e.name[0] = 0; /* just to make it clean */
  428. sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp);
  429. if(sc == CURLSTS_OK) {
  430. time_t expires;
  431. CURLcode result;
  432. if(!e.name[0])
  433. /* bail out if no name was stored */
  434. return CURLE_BAD_FUNCTION_ARGUMENT;
  435. if(e.expire[0])
  436. expires = Curl_getdate_capped(e.expire);
  437. else
  438. expires = TIME_T_MAX; /* the end of time */
  439. result = hsts_create(h, e.name,
  440. /* bitfield to bool conversion: */
  441. e.includeSubDomains ? TRUE : FALSE,
  442. expires);
  443. if(result)
  444. return result;
  445. }
  446. else if(sc == CURLSTS_FAIL)
  447. return CURLE_ABORTED_BY_CALLBACK;
  448. } while(sc == CURLSTS_OK);
  449. }
  450. return CURLE_OK;
  451. }
  452. /*
  453. * Load the HSTS cache from the given file. The text based line-oriented file
  454. * format is documented here: https://curl.se/docs/hsts.html
  455. *
  456. * This function only returns error on major problems that prevent hsts
  457. * handling to work completely. It will ignore individual syntactical errors
  458. * etc.
  459. */
  460. static CURLcode hsts_load(struct hsts *h, const char *file)
  461. {
  462. CURLcode result = CURLE_OK;
  463. char *line = NULL;
  464. FILE *fp;
  465. /* we need a private copy of the file name so that the hsts cache file
  466. name survives an easy handle reset */
  467. free(h->filename);
  468. h->filename = strdup(file);
  469. if(!h->filename)
  470. return CURLE_OUT_OF_MEMORY;
  471. fp = fopen(file, FOPEN_READTEXT);
  472. if(fp) {
  473. line = malloc(MAX_HSTS_LINE);
  474. if(!line)
  475. goto fail;
  476. while(Curl_get_line(line, MAX_HSTS_LINE, fp)) {
  477. char *lineptr = line;
  478. while(*lineptr && ISBLANK(*lineptr))
  479. lineptr++;
  480. if(*lineptr == '#')
  481. /* skip commented lines */
  482. continue;
  483. hsts_add(h, lineptr);
  484. }
  485. free(line); /* free the line buffer */
  486. fclose(fp);
  487. }
  488. return result;
  489. fail:
  490. Curl_safefree(h->filename);
  491. fclose(fp);
  492. return CURLE_OUT_OF_MEMORY;
  493. }
  494. /*
  495. * Curl_hsts_loadfile() loads HSTS from file
  496. */
  497. CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
  498. struct hsts *h, const char *file)
  499. {
  500. DEBUGASSERT(h);
  501. (void)data;
  502. return hsts_load(h, file);
  503. }
  504. /*
  505. * Curl_hsts_loadcb() loads HSTS from callback
  506. */
  507. CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
  508. {
  509. if(h)
  510. return hsts_pull(data, h);
  511. return CURLE_OK;
  512. }
  513. void Curl_hsts_loadfiles(struct Curl_easy *data)
  514. {
  515. struct curl_slist *l = data->set.hstslist;
  516. if(l) {
  517. Curl_share_lock(data, CURL_LOCK_DATA_HSTS, CURL_LOCK_ACCESS_SINGLE);
  518. while(l) {
  519. (void)Curl_hsts_loadfile(data, data->hsts, l->data);
  520. l = l->next;
  521. }
  522. Curl_share_unlock(data, CURL_LOCK_DATA_HSTS);
  523. }
  524. }
  525. #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */