hsts.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554
  1. /***************************************************************************
  2. * _ _ ____ _
  3. * Project ___| | | | _ \| |
  4. * / __| | | | |_) | |
  5. * | (__| |_| | _ <| |___
  6. * \___|\___/|_| \_\_____|
  7. *
  8. * Copyright (C) 2020 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
  9. *
  10. * This software is licensed as described in the file COPYING, which
  11. * you should have received as part of this distribution. The terms
  12. * are also available at https://curl.se/docs/copyright.html.
  13. *
  14. * You may opt to use, copy, modify, merge, publish, distribute and/or sell
  15. * copies of the Software, and permit persons to whom the Software is
  16. * furnished to do so, under the terms of the COPYING file.
  17. *
  18. * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
  19. * KIND, either express or implied.
  20. *
  21. * SPDX-License-Identifier: curl
  22. *
  23. ***************************************************************************/
  24. /*
  25. * The Strict-Transport-Security header is defined in RFC 6797:
  26. * https://datatracker.ietf.org/doc/html/rfc6797
  27. */
  28. #include "curl_setup.h"
  29. #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
  30. #include <curl/curl.h>
  31. #include "urldata.h"
  32. #include "llist.h"
  33. #include "hsts.h"
  34. #include "curl_get_line.h"
  35. #include "strcase.h"
  36. #include "sendf.h"
  37. #include "strtoofft.h"
  38. #include "parsedate.h"
  39. #include "fopen.h"
  40. #include "rename.h"
  41. /* The last 3 #include files should be in this order */
  42. #include "curl_printf.h"
  43. #include "curl_memory.h"
  44. #include "memdebug.h"
  45. #define MAX_HSTS_LINE 4095
  46. #define MAX_HSTS_HOSTLEN 256
  47. #define MAX_HSTS_HOSTLENSTR "256"
  48. #define MAX_HSTS_DATELEN 64
  49. #define MAX_HSTS_DATELENSTR "64"
  50. #define UNLIMITED "unlimited"
  51. #ifdef DEBUGBUILD
  52. /* to play well with debug builds, we can *set* a fixed time this will
  53. return */
  54. time_t deltatime; /* allow for "adjustments" for unit test purposes */
  55. static time_t debugtime(void *unused)
  56. {
  57. char *timestr = getenv("CURL_TIME");
  58. (void)unused;
  59. if(timestr) {
  60. curl_off_t val;
  61. (void)curlx_strtoofft(timestr, NULL, 10, &val);
  62. val += (curl_off_t)deltatime;
  63. return (time_t)val;
  64. }
  65. return time(NULL);
  66. }
  67. #define time(x) debugtime(x)
  68. #endif
  69. struct hsts *Curl_hsts_init(void)
  70. {
  71. struct hsts *h = calloc(sizeof(struct hsts), 1);
  72. if(h) {
  73. Curl_llist_init(&h->list, NULL);
  74. }
  75. return h;
  76. }
  77. static void hsts_free(struct stsentry *e)
  78. {
  79. free((char *)e->host);
  80. free(e);
  81. }
  82. void Curl_hsts_cleanup(struct hsts **hp)
  83. {
  84. struct hsts *h = *hp;
  85. if(h) {
  86. struct Curl_llist_element *e;
  87. struct Curl_llist_element *n;
  88. for(e = h->list.head; e; e = n) {
  89. struct stsentry *sts = e->ptr;
  90. n = e->next;
  91. hsts_free(sts);
  92. }
  93. free(h->filename);
  94. free(h);
  95. *hp = NULL;
  96. }
  97. }
  98. static struct stsentry *hsts_entry(void)
  99. {
  100. return calloc(sizeof(struct stsentry), 1);
  101. }
  102. static CURLcode hsts_create(struct hsts *h,
  103. const char *hostname,
  104. bool subdomains,
  105. curl_off_t expires)
  106. {
  107. struct stsentry *sts = hsts_entry();
  108. char *duphost;
  109. size_t hlen;
  110. if(!sts)
  111. return CURLE_OUT_OF_MEMORY;
  112. duphost = strdup(hostname);
  113. if(!duphost) {
  114. free(sts);
  115. return CURLE_OUT_OF_MEMORY;
  116. }
  117. hlen = strlen(duphost);
  118. if(duphost[hlen - 1] == '.')
  119. /* strip off trailing any dot */
  120. duphost[--hlen] = 0;
  121. sts->host = duphost;
  122. sts->expires = expires;
  123. sts->includeSubDomains = subdomains;
  124. Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
  125. return CURLE_OK;
  126. }
  127. CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
  128. const char *header)
  129. {
  130. const char *p = header;
  131. curl_off_t expires = 0;
  132. bool gotma = FALSE;
  133. bool gotinc = FALSE;
  134. bool subdomains = FALSE;
  135. struct stsentry *sts;
  136. time_t now = time(NULL);
  137. if(Curl_host_is_ipnum(hostname))
  138. /* "explicit IP address identification of all forms is excluded."
  139. / RFC 6797 */
  140. return CURLE_OK;
  141. do {
  142. while(*p && ISBLANK(*p))
  143. p++;
  144. if(strncasecompare("max-age=", p, 8)) {
  145. bool quoted = FALSE;
  146. CURLofft offt;
  147. char *endp;
  148. if(gotma)
  149. return CURLE_BAD_FUNCTION_ARGUMENT;
  150. p += 8;
  151. while(*p && ISBLANK(*p))
  152. p++;
  153. if(*p == '\"') {
  154. p++;
  155. quoted = TRUE;
  156. }
  157. offt = curlx_strtoofft(p, &endp, 10, &expires);
  158. if(offt == CURL_OFFT_FLOW)
  159. expires = CURL_OFF_T_MAX;
  160. else if(offt)
  161. /* invalid max-age */
  162. return CURLE_BAD_FUNCTION_ARGUMENT;
  163. p = endp;
  164. if(quoted) {
  165. if(*p != '\"')
  166. return CURLE_BAD_FUNCTION_ARGUMENT;
  167. p++;
  168. }
  169. gotma = TRUE;
  170. }
  171. else if(strncasecompare("includesubdomains", p, 17)) {
  172. if(gotinc)
  173. return CURLE_BAD_FUNCTION_ARGUMENT;
  174. subdomains = TRUE;
  175. p += 17;
  176. gotinc = TRUE;
  177. }
  178. else {
  179. /* unknown directive, do a lame attempt to skip */
  180. while(*p && (*p != ';'))
  181. p++;
  182. }
  183. while(*p && ISBLANK(*p))
  184. p++;
  185. if(*p == ';')
  186. p++;
  187. } while (*p);
  188. if(!gotma)
  189. /* max-age is mandatory */
  190. return CURLE_BAD_FUNCTION_ARGUMENT;
  191. if(!expires) {
  192. /* remove the entry if present verbatim (without subdomain match) */
  193. sts = Curl_hsts(h, hostname, FALSE);
  194. if(sts) {
  195. Curl_llist_remove(&h->list, &sts->node, NULL);
  196. hsts_free(sts);
  197. }
  198. return CURLE_OK;
  199. }
  200. if(CURL_OFF_T_MAX - now < expires)
  201. /* would overflow, use maximum value */
  202. expires = CURL_OFF_T_MAX;
  203. else
  204. expires += now;
  205. /* check if it already exists */
  206. sts = Curl_hsts(h, hostname, FALSE);
  207. if(sts) {
  208. /* just update these fields */
  209. sts->expires = expires;
  210. sts->includeSubDomains = subdomains;
  211. }
  212. else
  213. return hsts_create(h, hostname, subdomains, expires);
  214. return CURLE_OK;
  215. }
  216. /*
  217. * Return TRUE if the given host name is currently an HSTS one.
  218. *
  219. * The 'subdomain' argument tells the function if subdomain matching should be
  220. * attempted.
  221. */
  222. struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
  223. bool subdomain)
  224. {
  225. if(h) {
  226. char buffer[MAX_HSTS_HOSTLEN + 1];
  227. time_t now = time(NULL);
  228. size_t hlen = strlen(hostname);
  229. struct Curl_llist_element *e;
  230. struct Curl_llist_element *n;
  231. if((hlen > MAX_HSTS_HOSTLEN) || !hlen)
  232. return NULL;
  233. memcpy(buffer, hostname, hlen);
  234. if(hostname[hlen-1] == '.')
  235. /* remove the trailing dot */
  236. --hlen;
  237. buffer[hlen] = 0;
  238. hostname = buffer;
  239. for(e = h->list.head; e; e = n) {
  240. struct stsentry *sts = e->ptr;
  241. n = e->next;
  242. if(sts->expires <= now) {
  243. /* remove expired entries */
  244. Curl_llist_remove(&h->list, &sts->node, NULL);
  245. hsts_free(sts);
  246. continue;
  247. }
  248. if(subdomain && sts->includeSubDomains) {
  249. size_t ntail = strlen(sts->host);
  250. if(ntail < hlen) {
  251. size_t offs = hlen - ntail;
  252. if((hostname[offs-1] == '.') &&
  253. strncasecompare(&hostname[offs], sts->host, ntail))
  254. return sts;
  255. }
  256. }
  257. if(strcasecompare(hostname, sts->host))
  258. return sts;
  259. }
  260. }
  261. return NULL; /* no match */
  262. }
  263. /*
  264. * Send this HSTS entry to the write callback.
  265. */
  266. static CURLcode hsts_push(struct Curl_easy *data,
  267. struct curl_index *i,
  268. struct stsentry *sts,
  269. bool *stop)
  270. {
  271. struct curl_hstsentry e;
  272. CURLSTScode sc;
  273. struct tm stamp;
  274. CURLcode result;
  275. e.name = (char *)sts->host;
  276. e.namelen = strlen(sts->host);
  277. e.includeSubDomains = sts->includeSubDomains;
  278. if(sts->expires != TIME_T_MAX) {
  279. result = Curl_gmtime((time_t)sts->expires, &stamp);
  280. if(result)
  281. return result;
  282. msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d",
  283. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  284. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  285. }
  286. else
  287. strcpy(e.expire, UNLIMITED);
  288. sc = data->set.hsts_write(data, &e, i,
  289. data->set.hsts_write_userp);
  290. *stop = (sc != CURLSTS_OK);
  291. return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
  292. }
  293. /*
  294. * Write this single hsts entry to a single output line
  295. */
  296. static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
  297. {
  298. struct tm stamp;
  299. if(sts->expires != TIME_T_MAX) {
  300. CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
  301. if(result)
  302. return result;
  303. fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n",
  304. sts->includeSubDomains ? ".": "", sts->host,
  305. stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
  306. stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
  307. }
  308. else
  309. fprintf(fp, "%s%s \"%s\"\n",
  310. sts->includeSubDomains ? ".": "", sts->host, UNLIMITED);
  311. return CURLE_OK;
  312. }
  313. /*
  314. * Curl_https_save() writes the HSTS cache to file and callback.
  315. */
  316. CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
  317. const char *file)
  318. {
  319. struct Curl_llist_element *e;
  320. struct Curl_llist_element *n;
  321. CURLcode result = CURLE_OK;
  322. FILE *out;
  323. char *tempstore = NULL;
  324. if(!h)
  325. /* no cache activated */
  326. return CURLE_OK;
  327. /* if no new name is given, use the one we stored from the load */
  328. if(!file && h->filename)
  329. file = h->filename;
  330. if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0])
  331. /* marked as read-only, no file or zero length file name */
  332. goto skipsave;
  333. result = Curl_fopen(data, file, &out, &tempstore);
  334. if(!result) {
  335. fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
  336. "# This file was generated by libcurl! Edit at your own risk.\n",
  337. out);
  338. for(e = h->list.head; e; e = n) {
  339. struct stsentry *sts = e->ptr;
  340. n = e->next;
  341. result = hsts_out(sts, out);
  342. if(result)
  343. break;
  344. }
  345. fclose(out);
  346. if(!result && tempstore && Curl_rename(tempstore, file))
  347. result = CURLE_WRITE_ERROR;
  348. if(result && tempstore)
  349. unlink(tempstore);
  350. }
  351. free(tempstore);
  352. skipsave:
  353. if(data->set.hsts_write) {
  354. /* if there's a write callback */
  355. struct curl_index i; /* count */
  356. i.total = h->list.size;
  357. i.index = 0;
  358. for(e = h->list.head; e; e = n) {
  359. struct stsentry *sts = e->ptr;
  360. bool stop;
  361. n = e->next;
  362. result = hsts_push(data, &i, sts, &stop);
  363. if(result || stop)
  364. break;
  365. i.index++;
  366. }
  367. }
  368. return result;
  369. }
  370. /* only returns SERIOUS errors */
  371. static CURLcode hsts_add(struct hsts *h, char *line)
  372. {
  373. /* Example lines:
  374. example.com "20191231 10:00:00"
  375. .example.net "20191231 10:00:00"
  376. */
  377. char host[MAX_HSTS_HOSTLEN + 1];
  378. char date[MAX_HSTS_DATELEN + 1];
  379. int rc;
  380. rc = sscanf(line,
  381. "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"",
  382. host, date);
  383. if(2 == rc) {
  384. time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
  385. TIME_T_MAX;
  386. CURLcode result;
  387. char *p = host;
  388. bool subdomain = FALSE;
  389. if(p[0] == '.') {
  390. p++;
  391. subdomain = TRUE;
  392. }
  393. result = hsts_create(h, p, subdomain, expires);
  394. if(result)
  395. return result;
  396. }
  397. return CURLE_OK;
  398. }
  399. /*
  400. * Load HSTS data from callback.
  401. *
  402. */
  403. static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
  404. {
  405. /* if the HSTS read callback is set, use it */
  406. if(data->set.hsts_read) {
  407. CURLSTScode sc;
  408. DEBUGASSERT(h);
  409. do {
  410. char buffer[MAX_HSTS_HOSTLEN + 1];
  411. struct curl_hstsentry e;
  412. e.name = buffer;
  413. e.namelen = sizeof(buffer)-1;
  414. e.includeSubDomains = FALSE; /* default */
  415. e.expire[0] = 0;
  416. e.name[0] = 0; /* just to make it clean */
  417. sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp);
  418. if(sc == CURLSTS_OK) {
  419. time_t expires;
  420. CURLcode result;
  421. if(!e.name[0])
  422. /* bail out if no name was stored */
  423. return CURLE_BAD_FUNCTION_ARGUMENT;
  424. if(e.expire[0])
  425. expires = Curl_getdate_capped(e.expire);
  426. else
  427. expires = TIME_T_MAX; /* the end of time */
  428. result = hsts_create(h, e.name,
  429. /* bitfield to bool conversion: */
  430. e.includeSubDomains ? TRUE : FALSE,
  431. expires);
  432. if(result)
  433. return result;
  434. }
  435. else if(sc == CURLSTS_FAIL)
  436. return CURLE_ABORTED_BY_CALLBACK;
  437. } while(sc == CURLSTS_OK);
  438. }
  439. return CURLE_OK;
  440. }
  441. /*
  442. * Load the HSTS cache from the given file. The text based line-oriented file
  443. * format is documented here: https://curl.se/docs/hsts.html
  444. *
  445. * This function only returns error on major problems that prevent hsts
  446. * handling to work completely. It will ignore individual syntactical errors
  447. * etc.
  448. */
  449. static CURLcode hsts_load(struct hsts *h, const char *file)
  450. {
  451. CURLcode result = CURLE_OK;
  452. char *line = NULL;
  453. FILE *fp;
  454. /* we need a private copy of the file name so that the hsts cache file
  455. name survives an easy handle reset */
  456. free(h->filename);
  457. h->filename = strdup(file);
  458. if(!h->filename)
  459. return CURLE_OUT_OF_MEMORY;
  460. fp = fopen(file, FOPEN_READTEXT);
  461. if(fp) {
  462. line = malloc(MAX_HSTS_LINE);
  463. if(!line)
  464. goto fail;
  465. while(Curl_get_line(line, MAX_HSTS_LINE, fp)) {
  466. char *lineptr = line;
  467. while(*lineptr && ISBLANK(*lineptr))
  468. lineptr++;
  469. if(*lineptr == '#')
  470. /* skip commented lines */
  471. continue;
  472. hsts_add(h, lineptr);
  473. }
  474. free(line); /* free the line buffer */
  475. fclose(fp);
  476. }
  477. return result;
  478. fail:
  479. Curl_safefree(h->filename);
  480. fclose(fp);
  481. return CURLE_OUT_OF_MEMORY;
  482. }
  483. /*
  484. * Curl_hsts_loadfile() loads HSTS from file
  485. */
  486. CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
  487. struct hsts *h, const char *file)
  488. {
  489. DEBUGASSERT(h);
  490. (void)data;
  491. return hsts_load(h, file);
  492. }
  493. /*
  494. * Curl_hsts_loadcb() loads HSTS from callback
  495. */
  496. CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
  497. {
  498. if(h)
  499. return hsts_pull(data, h);
  500. return CURLE_OK;
  501. }
  502. #endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */