Startsida Utforska Hjälp
Logga in
OWEALs
/
openssl
spegling av git://git.openssl.org/openssl.git
2
0
Fork 0
Filer Ärenden 1 Wiki
Träd: 6594baf645
Grenar Taggar
openssl
/
apps
/
lib
/
http_server.c

http_server.c 17 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550 
  1. /*
    2. 

  2.  * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License 2.0 (the "License").  You may not use
    5. 

  5.  * this file except in compliance with the License.  You can obtain a copy
    6. 

  6.  * in the file LICENSE in the source distribution or at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  */
    9. 

  9. 

  10. /* Very basic HTTP server */
    11. 

  11. 

  12. #if !defined(_POSIX_C_SOURCE) && defined(OPENSSL_SYS_VMS)
    13. 

  13. /*
    14. 

  14.  * On VMS, you need to define this to get the declaration of fileno().  The
    15. 

  15.  * value 2 is to make sure no function defined in POSIX-2 is left undefined.
    16. 

  16.  */
    17. 

  17. # define _POSIX_C_SOURCE 2
    18. 

  18. #endif
    19. 

  19. 

  20. #include <ctype.h>
    21. 

  21. #include "http_server.h"
    22. 

  22. #include "internal/sockets.h"
    23. 

  23. #include <openssl/err.h>
    24. 

  24. #include <openssl/trace.h>
    25. 

  25. #include <openssl/rand.h>
    26. 

  26. #include "s_apps.h"
    27. 

  27. #include "log.h"
    28. 

  28. 

  29. #if defined(__TANDEM)
    30. 

  30. # if defined(OPENSSL_TANDEM_FLOSS)
    31. 

  31. #  include <floss.h(floss_fork)>
    32. 

  32. # endif
    33. 

  33. #endif
    34. 

  34. 

  35. #define HTTP_PREFIX "HTTP/"
    36. 

  36. #define HTTP_VERSION_PATT "1." /* allow 1.x */
    37. 

  37. #define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
    38. 

  38. #define HTTP_1_0 HTTP_PREFIX_VERSION"0" /* "HTTP/1.0" */
    39. 

  39. #define HTTP_VERSION_STR " "HTTP_PREFIX_VERSION
    40. 

  40. 

  41. #define log_HTTP(prog, level, text) \
    42. 

  42.     trace_log_message(OSSL_TRACE_CATEGORY_HTTP, prog, level, "%s", text)
    43. 

  43. #define log_HTTP1(prog, level, fmt, arg) \
    44. 

  44.     trace_log_message(OSSL_TRACE_CATEGORY_HTTP, prog, level, fmt, arg)
    45. 

  45. #define log_HTTP2(prog, level, fmt, arg1, arg2) \
    46. 

  46.     trace_log_message(OSSL_TRACE_CATEGORY_HTTP, prog, level, fmt, arg1, arg2)
    47. 

  47. #define log_HTTP3(prog, level, fmt, a1, a2, a3)                        \
    48. 

  48.     trace_log_message(OSSL_TRACE_CATEGORY_HTTP, prog, level, fmt, a1, a2, a3)
    49. 

  49. 

  50. #ifdef HTTP_DAEMON
    51. 

  51. int n_responders = 0; /* run multiple responder processes, set by ocsp.c */
    52. 

  52. int acfd = (int)INVALID_SOCKET;
    53. 

  53. 

  54. void socket_timeout(int signum)
    55. 

  55. {
    56. 

  56.     if (acfd != (int)INVALID_SOCKET)
    57. 

  57.         (void)shutdown(acfd, SHUT_RD);
    58. 

  58. }
    59. 

  59. 

  60. static void killall(int ret, pid_t *kidpids)
    61. 

  61. {
    62. 

  62.     int i;
    63. 

  63. 

  64.     for (i = 0; i < n_responders; ++i)
    65. 

  65.         if (kidpids[i] != 0)
    66. 

  66.             (void)kill(kidpids[i], SIGTERM);
    67. 

  67.     OPENSSL_free(kidpids);
    68. 

  68.     OSSL_sleep(1000);
    69. 

  69.     exit(ret);
    70. 

  70. }
    71. 

  71. 

  72. static int termsig = 0;
    73. 

  73. 

  74. static void noteterm(int sig)
    75. 

  75. {
    76. 

  76.     termsig = sig;
    77. 

  77. }
    78. 

  78. 

  79. /*
    80. 

  80.  * Loop spawning up to `multi` child processes, only child processes return
    81. 

  81.  * from this function.  The parent process loops until receiving a termination
    82. 

  82.  * signal, kills extant children and exits without returning.
    83. 

  83.  */
    84. 

  84. void spawn_loop(const char *prog)
    85. 

  85. {
    86. 

  86.     pid_t *kidpids = NULL;
    87. 

  87.     int status;
    88. 

  88.     int procs = 0;
    89. 

  89.     int i;
    90. 

  90. 

  91.     openlog(prog, LOG_PID, LOG_DAEMON);
    92. 

  92. 

  93.     if (setpgid(0, 0)) {
    94. 

  94.         log_HTTP1(prog, LOG_CRIT,
    95. 

  95.                   "error detaching from parent process group: %s",
    96. 

  96.                   strerror(errno));
    97. 

  97.         exit(1);
    98. 

  98.     }
    99. 

  99.     kidpids = app_malloc(n_responders * sizeof(*kidpids), "child PID array");
    100. 

  100.     for (i = 0; i < n_responders; ++i)
    101. 

  101.         kidpids[i] = 0;
    102. 

  102. 

  103.     signal(SIGINT, noteterm);
    104. 

  104.     signal(SIGTERM, noteterm);
    105. 

  105. 

  106.     while (termsig == 0) {
    107. 

  107.         pid_t fpid;
    108. 

  108. 

  109.         /*
    110. 

  110.          * Wait for a child to replace when we're at the limit.
    111. 

  111.          * Slow down if a child exited abnormally or waitpid() < 0
    112. 

  112.          */
    113. 

  113.         while (termsig == 0 && procs >= n_responders) {
    114. 

  114.             if ((fpid = waitpid(-1, &status, 0)) > 0) {
    115. 

  115.                 for (i = 0; i < procs; ++i) {
    116. 

  116.                     if (kidpids[i] == fpid) {
    117. 

  117.                         kidpids[i] = 0;
    118. 

  118.                         --procs;
    119. 

  119.                         break;
    120. 

  120.                     }
    121. 

  121.                 }
    122. 

  122.                 if (i >= n_responders) {
    123. 

  123.                     log_HTTP1(prog, LOG_CRIT,
    124. 

  124.                               "internal error: no matching child slot for pid: %ld",
    125. 

  125.                               (long)fpid);
    126. 

  126.                     killall(1, kidpids);
    127. 

  127.                 }
    128. 

  128.                 if (status != 0) {
    129. 

  129.                     if (WIFEXITED(status)) {
    130. 

  130.                         log_HTTP2(prog, LOG_WARNING,
    131. 

  131.                                   "child process: %ld, exit status: %d",
    132. 

  132.                                   (long)fpid, WEXITSTATUS(status));
    133. 

  133.                     } else if (WIFSIGNALED(status)) {
    134. 

  134.                         char *dumped = "";
    135. 

  135. 

  136. # ifdef WCOREDUMP
    137. 

  137.                         if (WCOREDUMP(status))
    138. 

  138.                             dumped = " (core dumped)";
    139. 

  139. # endif
    140. 

  140.                         log_HTTP3(prog, LOG_WARNING,
    141. 

  141.                                   "child process: %ld, term signal %d%s",
    142. 

  142.                                   (long)fpid, WTERMSIG(status), dumped);
    143. 

  143.                     }
    144. 

  144.                     OSSL_sleep(1000);
    145. 

  145.                 }
    146. 

  146.                 break;
    147. 

  147.             } else if (errno != EINTR) {
    148. 

  148.                 log_HTTP1(prog, LOG_CRIT,
    149. 

  149.                           "waitpid() failed: %s", strerror(errno));
    150. 

  150.                 killall(1, kidpids);
    151. 

  151.             }
    152. 

  152.         }
    153. 

  153.         if (termsig)
    154. 

  154.             break;
    155. 

  155. 

  156.         switch (fpid = fork()) {
    157. 

  157.         case -1: /* error */
    158. 

  158.             /* System critically low on memory, pause and try again later */
    159. 

  159.             OSSL_sleep(30000);
    160. 

  160.             break;
    161. 

  161.         case 0: /* child */
    162. 

  162.             OPENSSL_free(kidpids);
    163. 

  163.             signal(SIGINT, SIG_DFL);
    164. 

  164.             signal(SIGTERM, SIG_DFL);
    165. 

  165.             if (termsig)
    166. 

  166.                 _exit(0);
    167. 

  167.             if (RAND_poll() <= 0) {
    168. 

  168.                 log_HTTP(prog, LOG_CRIT, "RAND_poll() failed");
    169. 

  169.                 _exit(1);
    170. 

  170.             }
    171. 

  171.             return;
    172. 

  172.         default:            /* parent */
    173. 

  173.             for (i = 0; i < n_responders; ++i) {
    174. 

  174.                 if (kidpids[i] == 0) {
    175. 

  175.                     kidpids[i] = fpid;
    176. 

  176.                     procs++;
    177. 

  177.                     break;
    178. 

  178.                 }
    179. 

  179.             }
    180. 

  180.             if (i >= n_responders) {
    181. 

  181.                 log_HTTP(prog, LOG_CRIT,
    182. 

  182.                          "internal error: no free child slots");
    183. 

  183.                 killall(1, kidpids);
    184. 

  184.             }
    185. 

  185.             break;
    186. 

  186.         }
    187. 

  187.     }
    188. 

  188. 

  189.     /* The loop above can only break on termsig */
    190. 

  190.     log_HTTP1(prog, LOG_INFO, "terminating on signal: %d", termsig);
    191. 

  191.     killall(0, kidpids);
    192. 

  192. }
    193. 

  193. #endif
    194. 

  194. 

  195. #ifndef OPENSSL_NO_SOCK
    196. 

  196. BIO *http_server_init(const char *prog, const char *port, int verb)
    197. 

  197. {
    198. 

  198.     BIO *acbio = NULL, *bufbio;
    199. 

  199.     int asock;
    200. 

  200.     int port_num;
    201. 

  201.     char name[40];
    202. 

  202. 

  203.     BIO_snprintf(name, sizeof(name), "*:%s", port); /* port may be "0" */
    204. 

  204.     if (verb >= 0 && !log_set_verbosity(prog, verb))
    205. 

  205.         return NULL;
    206. 

  206.     bufbio = BIO_new(BIO_f_buffer());
    207. 

  207.     if (bufbio == NULL)
    208. 

  208.         goto err;
    209. 

  209.     acbio = BIO_new(BIO_s_accept());
    210. 

  210.     if (acbio == NULL
    211. 

  211.         || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
    212. 

  212.         || BIO_set_accept_name(acbio, name) < 0) {
    213. 

  213.         log_HTTP(prog, LOG_ERR, "error setting up accept BIO");
    214. 

  214.         goto err;
    215. 

  215.     }
    216. 

  216. 

  217.     BIO_set_accept_bios(acbio, bufbio);
    218. 

  218.     bufbio = NULL;
    219. 

  219.     if (BIO_do_accept(acbio) <= 0) {
    220. 

  220.         log_HTTP1(prog, LOG_ERR, "error setting accept on port %s", port);
    221. 

  221.         goto err;
    222. 

  222.     }
    223. 

  223. 

  224.     /* Report back what address and port are used */
    225. 

  225.     BIO_get_fd(acbio, &asock);
    226. 

  226.     port_num = report_server_accept(bio_out, asock, 1, 1);
    227. 

  227.     if (port_num == 0) {
    228. 

  228.         log_HTTP(prog, LOG_ERR, "error printing ACCEPT string");
    229. 

  229.         goto err;
    230. 

  230.     }
    231. 

  231. 

  232.     return acbio;
    233. 

  233. 

  234.  err:
    235. 

  235.     ERR_print_errors(bio_err);
    236. 

  236.     BIO_free_all(acbio);
    237. 

  237.     BIO_free(bufbio);
    238. 

  238.     return NULL;
    239. 

  239. }
    240. 

  240. 

  241. /*
    242. 

  242.  * Decode %xx URL-decoding in-place. Ignores malformed sequences.
    243. 

  243.  */
    244. 

  244. static int urldecode(char *p)
    245. 

  245. {
    246. 

  246.     unsigned char *out = (unsigned char *)p;
    247. 

  247.     unsigned char *save = out;
    248. 

  248. 

  249.     for (; *p; p++) {
    250. 

  250.         if (*p != '%') {
    251. 

  251.             *out++ = *p;
    252. 

  252.         } else if (isxdigit(_UC(p[1])) && isxdigit(_UC(p[2]))) {
    253. 

  253.             /* Don't check, can't fail because of ixdigit() call. */
    254. 

  254.             *out++ = (OPENSSL_hexchar2int(p[1]) << 4)
    255. 

  255.                 | OPENSSL_hexchar2int(p[2]);
    256. 

  256.             p += 2;
    257. 

  257.         } else {
    258. 

  258.             return -1;
    259. 

  259.         }
    260. 

  260.     }
    261. 

  261.     *out = '\0';
    262. 

  262.     return (int)(out - save);
    263. 

  263. }
    264. 

  264. 

  265. /* if *pcbio != NULL, continue given connected session, else accept new */
    266. 

  266. /* if found_keep_alive != NULL, return this way connection persistence state */
    267. 

  267. int http_server_get_asn1_req(const ASN1_ITEM *it, ASN1_VALUE **preq,
    268. 

  268.                              char **ppath, BIO **pcbio, BIO *acbio,
    269. 

  269.                              int *found_keep_alive,
    270. 

  270.                              const char *prog, int accept_get, int timeout)
    271. 

  271. {
    272. 

  272.     BIO *cbio = *pcbio, *getbio = NULL, *b64 = NULL;
    273. 

  273.     int len;
    274. 

  274.     char reqbuf[2048], inbuf[2048];
    275. 

  275.     char *meth, *url, *end;
    276. 

  276.     ASN1_VALUE *req;
    277. 

  277.     int ret = 0;
    278. 

  278. 

  279.     *preq = NULL;
    280. 

  280.     if (ppath != NULL)
    281. 

  281.         *ppath = NULL;
    282. 

  282. 

  283.     if (cbio == NULL) {
    284. 

  284.         char *port;
    285. 

  285. 

  286.         get_sock_info_address(BIO_get_fd(acbio, NULL), NULL, &port);
    287. 

  287.         if (port == NULL) {
    288. 

  288.             log_HTTP(prog, LOG_ERR, "cannot get port listening on");
    289. 

  289.             goto fatal;
    290. 

  290.         }
    291. 

  291.         log_HTTP1(prog, LOG_DEBUG,
    292. 

  292.                   "awaiting new connection on port %s ...", port);
    293. 

  293.         OPENSSL_free(port);
    294. 

  294. 

  295.         if (BIO_do_accept(acbio) <= 0)
    296. 

  296.             /* Connection loss before accept() is routine, ignore silently */
    297. 

  297.             return ret;
    298. 

  298. 

  299.         *pcbio = cbio = BIO_pop(acbio);
    300. 

  300.     } else {
    301. 

  301.         log_HTTP(prog, LOG_DEBUG, "awaiting next request ...");
    302. 

  302.     }
    303. 

  303.     if (cbio == NULL) {
    304. 

  304.         /* Cannot call http_server_send_status(..., cbio, ...) */
    305. 

  305.         ret = -1;
    306. 

  306.         goto out;
    307. 

  307.     }
    308. 

  308. 

  309. # ifdef HTTP_DAEMON
    310. 

  310.     if (timeout > 0) {
    311. 

  311.         (void)BIO_get_fd(cbio, &acfd);
    312. 

  312.         alarm(timeout);
    313. 

  313.     }
    314. 

  314. # endif
    315. 

  315. 

  316.     /* Read the request line. */
    317. 

  317.     len = BIO_gets(cbio, reqbuf, sizeof(reqbuf));
    318. 

  318.     if (len == 0)
    319. 

  319.         return ret;
    320. 

  320.     ret = 1;
    321. 

  321.     if (len < 0) {
    322. 

  322.         log_HTTP(prog, LOG_WARNING, "request line read error");
    323. 

  323.         (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    324. 

  324.         goto out;
    325. 

  325.     }
    326. 

  326. 

  327.     if (((end = strchr(reqbuf, '\r')) != NULL && end[1] == '\n')
    328. 

  328.             || (end = strchr(reqbuf, '\n')) != NULL)
    329. 

  329.         *end = '\0';
    330. 

  330.     if (log_get_verbosity() < LOG_TRACE)
    331. 

  331.         trace_log_message(-1, prog, LOG_INFO,
    332. 

  332.                           "received request, 1st line: %s", reqbuf);
    333. 

  333.     log_HTTP(prog, LOG_TRACE, "received request header:");
    334. 

  334.     log_HTTP1(prog, LOG_TRACE, "%s", reqbuf);
    335. 

  335.     if (end == NULL) {
    336. 

  336.         log_HTTP(prog, LOG_WARNING,
    337. 

  337.                  "cannot parse HTTP header: missing end of line");
    338. 

  338.         (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    339. 

  339.         goto out;
    340. 

  340.     }
    341. 

  341. 

  342.     url = meth = reqbuf;
    343. 

  343.     if ((accept_get && CHECK_AND_SKIP_PREFIX(url, "GET "))
    344. 

  344.             || CHECK_AND_SKIP_PREFIX(url, "POST ")) {
    345. 

  345. 

  346.         /* Expecting (GET|POST) {sp} /URL {sp} HTTP/1.x */
    347. 

  347.         url[-1] = '\0';
    348. 

  348.         while (*url == ' ')
    349. 

  349.             url++;
    350. 

  350.         if (*url != '/') {
    351. 

  351.             log_HTTP2(prog, LOG_WARNING,
    352. 

  352.                       "invalid %s -- URL does not begin with '/': %s",
    353. 

  353.                       meth, url);
    354. 

  354.             (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    355. 

  355.             goto out;
    356. 

  356.         }
    357. 

  357.         url++;
    358. 

  358. 

  359.         /* Splice off the HTTP version identifier. */
    360. 

  360.         for (end = url; *end != '\0'; end++)
    361. 

  361.             if (*end == ' ')
    362. 

  362.                 break;
    363. 

  363.         if (!HAS_PREFIX(end, HTTP_VERSION_STR)) {
    364. 

  364.             log_HTTP2(prog, LOG_WARNING,
    365. 

  365.                       "invalid %s -- bad HTTP/version string: %s",
    366. 

  366.                       meth, end + 1);
    367. 

  367.             (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    368. 

  368.             goto out;
    369. 

  369.         }
    370. 

  370.         *end = '\0';
    371. 

  371.         /* above HTTP 1.0, connection persistence is the default */
    372. 

  372.         if (found_keep_alive != NULL)
    373. 

  373.             *found_keep_alive = end[sizeof(HTTP_VERSION_STR) - 1] > '0';
    374. 

  374. 

  375.         /*-
    376. 

  376.          * Skip "GET / HTTP..." requests often used by load-balancers.
    377. 

  377.          * 'url' was incremented above to point to the first byte *after*
    378. 

  378.          * the leading slash, so in case 'GET / ' it is now an empty string.
    379. 

  379.          */
    380. 

  380.         if (strlen(meth) == 3 && url[0] == '\0') {
    381. 

  381.             (void)http_server_send_status(prog, cbio, 200, "OK");
    382. 

  382.             goto out;
    383. 

  383.         }
    384. 

  384. 

  385.         len = urldecode(url);
    386. 

  386.         if (len < 0) {
    387. 

  387.             log_HTTP2(prog, LOG_WARNING,
    388. 

  388.                       "invalid %s request -- bad URL encoding: %s", meth, url);
    389. 

  389.             (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    390. 

  390.             goto out;
    391. 

  391.         }
    392. 

  392.         if (strlen(meth) == 3) { /* GET */
    393. 

  393.             if ((getbio = BIO_new_mem_buf(url, len)) == NULL
    394. 

  394.                 || (b64 = BIO_new(BIO_f_base64())) == NULL) {
    395. 

  395.                 log_HTTP1(prog, LOG_ERR,
    396. 

  396.                           "could not allocate base64 bio with size = %d", len);
    397. 

  397.                 goto fatal;
    398. 

  398.             }
    399. 

  399.             BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
    400. 

  400.             getbio = BIO_push(b64, getbio);
    401. 

  401.         }
    402. 

  402.     } else {
    403. 

  403.         log_HTTP2(prog, LOG_WARNING,
    404. 

  404.                   "HTTP request does not begin with %sPOST: %s",
    405. 

  405.                   accept_get ? "GET or " : "", reqbuf);
    406. 

  406.         (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    407. 

  407.         goto out;
    408. 

  408.     }
    409. 

  409. 

  410.     /* chop any further/duplicate leading or trailing '/' */
    411. 

  411.     while (*url == '/')
    412. 

  412.         url++;
    413. 

  413.     while (end >= url + 2 && end[-2] == '/' && end[-1] == '/')
    414. 

  414.         end--;
    415. 

  415.     *end = '\0';
    416. 

  416. 

  417.     /* Read and skip past the headers. */
    418. 

  418.     for (;;) {
    419. 

  419.         char *key, *value;
    420. 

  420. 

  421.         len = BIO_gets(cbio, inbuf, sizeof(inbuf));
    422. 

  422.         if (len <= 0) {
    423. 

  423.             log_HTTP(prog, LOG_WARNING, "error reading HTTP header");
    424. 

  424.             (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    425. 

  425.             goto out;
    426. 

  426.         }
    427. 

  427. 

  428.         if (((end = strchr(inbuf, '\r')) != NULL && end[1] == '\n')
    429. 

  429.             || (end = strchr(inbuf, '\n')) != NULL)
    430. 

  430.             *end = '\0';
    431. 

  431.         log_HTTP1(prog, LOG_TRACE, "%s", *inbuf == '\0' ?
    432. 

  432.                   " " /* workaround for "" getting ignored */ : inbuf);
    433. 

  433.         if (end == NULL) {
    434. 

  434.             log_HTTP(prog, LOG_WARNING,
    435. 

  435.                      "error parsing HTTP header: missing end of line");
    436. 

  436.             (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    437. 

  437.             goto out;
    438. 

  438.         }
    439. 

  439. 

  440.         if (inbuf[0] == '\0')
    441. 

  441.             break;
    442. 

  442. 

  443.         key = inbuf;
    444. 

  444.         value = strchr(key, ':');
    445. 

  445.         if (value == NULL) {
    446. 

  446.             log_HTTP(prog, LOG_WARNING,
    447. 

  447.                      "error parsing HTTP header: missing ':'");
    448. 

  448.             (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    449. 

  449.             goto out;
    450. 

  450.         }
    451. 

  451.         *(value++) = '\0';
    452. 

  452.         while (*value == ' ')
    453. 

  453.             value++;
    454. 

  454.         /* https://tools.ietf.org/html/rfc7230#section-6.3 Persistence */
    455. 

  455.         if (found_keep_alive != NULL
    456. 

  456.             && OPENSSL_strcasecmp(key, "Connection") == 0) {
    457. 

  457.             if (OPENSSL_strcasecmp(value, "keep-alive") == 0)
    458. 

  458.                 *found_keep_alive = 1;
    459. 

  459.             else if (OPENSSL_strcasecmp(value, "close") == 0)
    460. 

  460.                 *found_keep_alive = 0;
    461. 

  461.         }
    462. 

  462.     }
    463. 

  463. 

  464. # ifdef HTTP_DAEMON
    465. 

  465.     /* Clear alarm before we close the client socket */
    466. 

  466.     alarm(0);
    467. 

  467.     timeout = 0;
    468. 

  468. # endif
    469. 

  469. 

  470.     /* Try to read and parse request */
    471. 

  471.     req = ASN1_item_d2i_bio(it, getbio != NULL ? getbio : cbio, NULL);
    472. 

  472.     if (req == NULL) {
    473. 

  473.         log_HTTP(prog, LOG_WARNING,
    474. 

  474.                  "error parsing DER-encoded request content");
    475. 

  475.         (void)http_server_send_status(prog, cbio, 400, "Bad Request");
    476. 

  476.     } else if (ppath != NULL && (*ppath = OPENSSL_strdup(url)) == NULL) {
    477. 

  477.         log_HTTP1(prog, LOG_ERR,
    478. 

  478.                   "out of memory allocating %zu bytes", strlen(url) + 1);
    479. 

  479.         ASN1_item_free(req, it);
    480. 

  480.         goto fatal;
    481. 

  481.     }
    482. 

  482. 

  483.     *preq = req;
    484. 

  484. 

  485.  out:
    486. 

  486.     BIO_free_all(getbio);
    487. 

  487. # ifdef HTTP_DAEMON
    488. 

  488.     if (timeout > 0)
    489. 

  489.         alarm(0);
    490. 

  490.     acfd = (int)INVALID_SOCKET;
    491. 

  491. # endif
    492. 

  492.     return ret;
    493. 

  493. 

  494.  fatal:
    495. 

  495.     (void)http_server_send_status(prog, cbio, 500, "Internal Server Error");
    496. 

  496.     if (ppath != NULL) {
    497. 

  497.         OPENSSL_free(*ppath);
    498. 

  498.         *ppath = NULL;
    499. 

  499.     }
    500. 

  500.     BIO_free_all(cbio);
    501. 

  501.     *pcbio = NULL;
    502. 

  502.     ret = -1;
    503. 

  503.     goto out;
    504. 

  504. }
    505. 

  505. 

  506. /* assumes that cbio does not do an encoding that changes the output length */
    507. 

  507. int http_server_send_asn1_resp(const char *prog, BIO *cbio, int keep_alive,
    508. 

  508.                                const char *content_type,
    509. 

  509.                                const ASN1_ITEM *it, const ASN1_VALUE *resp)
    510. 

  510. {
    511. 

  511.     char buf[200], *p;
    512. 

  512.     int ret = BIO_snprintf(buf, sizeof(buf), HTTP_1_0" 200 OK\r\n%s"
    513. 

  513.                            "Content-type: %s\r\n"
    514. 

  514.                            "Content-Length: %d\r\n",
    515. 

  515.                            keep_alive ? "Connection: keep-alive\r\n" : "",
    516. 

  516.                            content_type,
    517. 

  517.                            ASN1_item_i2d(resp, NULL, it));
    518. 

  518. 

  519.     if (ret < 0 || (size_t)ret >= sizeof(buf))
    520. 

  520.         return 0;
    521. 

  521.     if (log_get_verbosity() < LOG_TRACE && (p = strchr(buf, '\r')) != NULL)
    522. 

  522.         trace_log_message(-1, prog, LOG_INFO,
    523. 

  523.                           "sending response, 1st line: %.*s", (int)(p - buf),
    524. 

  524.                           buf);
    525. 

  525.     log_HTTP1(prog, LOG_TRACE, "sending response header:\n%s", buf);
    526. 

  526. 

  527.     ret = BIO_printf(cbio, "%s\r\n", buf) > 0
    528. 

  528.         && ASN1_item_i2d_bio(it, cbio, resp) > 0;
    529. 

  529. 

  530.     (void)BIO_flush(cbio);
    531. 

  531.     return ret;
    532. 

  532. }
    533. 

  533. 

  534. int http_server_send_status(const char *prog, BIO *cbio,
    535. 

  535.                             int status, const char *reason)
    536. 

  536. {
    537. 

  537.     char buf[200];
    538. 

  538.     int ret = BIO_snprintf(buf, sizeof(buf), HTTP_1_0" %d %s\r\n\r\n",
    539. 

  539.                            /* This implicitly cancels keep-alive */
    540. 

  540.                            status, reason);
    541. 

  541. 

  542.     if (ret < 0 || (size_t)ret >= sizeof(buf))
    543. 

  543.         return 0;
    544. 

  544.     log_HTTP1(prog, LOG_TRACE, "sending response header:\n%s", buf);
    545. 

  545. 

  546.     ret = BIO_printf(cbio, "%s\r\n", buf) > 0;
    547. 

  547.     (void)BIO_flush(cbio);
    548. 

  548.     return ret;
    549. 

  549. }
    550. 

  550. #endif
    551.