diff options
| author | Maxim Yurchuk <maxim-yurchuk@ydb.tech> | 2024-10-18 20:31:38 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-18 20:31:38 +0300 |
| commit | 2a74bac2d2d3bccb4e10120f1ead805640ec9dd0 (patch) | |
| tree | 047e4818ced5aaf73f58517629e5260b5291f9f0 /contrib/libs/curl/lib/http.c | |
| parent | 2d9656823e9521d8c29ea4c9a1d0eab78391abfc (diff) | |
| parent | 3d834a1923bbf9403cd4a448e7f32b670aa4124f (diff) | |
| download | ydb-2a74bac2d2d3bccb4e10120f1ead805640ec9dd0.tar.gz | |
Merge pull request #10502 from ydb-platform/mergelibs-241016-1210
Library import 241016-1210
Diffstat (limited to 'contrib/libs/curl/lib/http.c')
| -rw-r--r-- | contrib/libs/curl/lib/http.c | 3575 |
1 files changed, 1989 insertions, 1586 deletions
diff --git a/contrib/libs/curl/lib/http.c b/contrib/libs/curl/lib/http.c index 6f91f1fc41..e88af07a7d 100644 --- a/contrib/libs/curl/lib/http.c +++ b/contrib/libs/curl/lib/http.c @@ -65,6 +65,7 @@ #include "vquic/vquic.h" #include "http_digest.h" #include "http_ntlm.h" +#include "curl_ntlm_wb.h" #include "http_negotiate.h" #include "http_aws_sigv4.h" #include "url.h" @@ -72,7 +73,6 @@ #include "hostip.h" #include "dynhds.h" #include "http.h" -#include "headers.h" #include "select.h" #include "parsedate.h" /* for the week day and month names */ #include "strtoofft.h" @@ -100,17 +100,24 @@ * Forward declarations. */ -static bool http_should_fail(struct Curl_easy *data, int httpcode); -static bool http_exp100_is_waiting(struct Curl_easy *data); -static CURLcode http_exp100_add_reader(struct Curl_easy *data); -static void http_exp100_send_anyway(struct Curl_easy *data); +static int http_getsock_do(struct Curl_easy *data, + struct connectdata *conn, + curl_socket_t *socks); +static bool http_should_fail(struct Curl_easy *data); + +static CURLcode http_setup_conn(struct Curl_easy *data, + struct connectdata *conn); +#ifdef USE_WEBSOCKETS +static CURLcode ws_setup_conn(struct Curl_easy *data, + struct connectdata *conn); +#endif /* * HTTP handler interface. */ const struct Curl_handler Curl_handler_http = { - "http", /* scheme */ - Curl_http_setup_conn, /* setup_connection */ + "HTTP", /* scheme */ + http_setup_conn, /* setup_connection */ Curl_http, /* do_it */ Curl_http_done, /* done */ ZERO_NULL, /* do_more */ @@ -118,12 +125,11 @@ const struct Curl_handler Curl_handler_http = { ZERO_NULL, /* connecting */ ZERO_NULL, /* doing */ ZERO_NULL, /* proto_getsock */ - Curl_http_getsock_do, /* doing_getsock */ + http_getsock_do, /* doing_getsock */ ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - Curl_http_write_resp, /* write_resp */ - Curl_http_write_resp_hd, /* write_resp_hd */ + ZERO_NULL, /* readwrite */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_HTTP, /* defport */ @@ -133,13 +139,39 @@ const struct Curl_handler Curl_handler_http = { PROTOPT_USERPWDCTRL }; +#ifdef USE_WEBSOCKETS +const struct Curl_handler Curl_handler_ws = { + "WS", /* scheme */ + ws_setup_conn, /* setup_connection */ + Curl_http, /* do_it */ + Curl_http_done, /* done */ + ZERO_NULL, /* do_more */ + Curl_http_connect, /* connect_it */ + ZERO_NULL, /* connecting */ + ZERO_NULL, /* doing */ + ZERO_NULL, /* proto_getsock */ + http_getsock_do, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + ZERO_NULL, /* perform_getsock */ + Curl_ws_disconnect, /* disconnect */ + ZERO_NULL, /* readwrite */ + ZERO_NULL, /* connection_check */ + ZERO_NULL, /* attach connection */ + PORT_HTTP, /* defport */ + CURLPROTO_WS, /* protocol */ + CURLPROTO_HTTP, /* family */ + PROTOPT_CREDSPERREQUEST | /* flags */ + PROTOPT_USERPWDCTRL +}; +#endif + #ifdef USE_SSL /* * HTTPS handler interface. */ const struct Curl_handler Curl_handler_https = { - "https", /* scheme */ - Curl_http_setup_conn, /* setup_connection */ + "HTTPS", /* scheme */ + http_setup_conn, /* setup_connection */ Curl_http, /* do_it */ Curl_http_done, /* done */ ZERO_NULL, /* do_more */ @@ -147,12 +179,11 @@ const struct Curl_handler Curl_handler_https = { NULL, /* connecting */ ZERO_NULL, /* doing */ NULL, /* proto_getsock */ - Curl_http_getsock_do, /* doing_getsock */ + http_getsock_do, /* doing_getsock */ ZERO_NULL, /* domore_getsock */ ZERO_NULL, /* perform_getsock */ ZERO_NULL, /* disconnect */ - Curl_http_write_resp, /* write_resp */ - Curl_http_write_resp_hd, /* write_resp_hd */ + ZERO_NULL, /* readwrite */ ZERO_NULL, /* connection_check */ ZERO_NULL, /* attach connection */ PORT_HTTPS, /* defport */ @@ -162,13 +193,47 @@ const struct Curl_handler Curl_handler_https = { PROTOPT_USERPWDCTRL }; +#ifdef USE_WEBSOCKETS +const struct Curl_handler Curl_handler_wss = { + "WSS", /* scheme */ + ws_setup_conn, /* setup_connection */ + Curl_http, /* do_it */ + Curl_http_done, /* done */ + ZERO_NULL, /* do_more */ + Curl_http_connect, /* connect_it */ + NULL, /* connecting */ + ZERO_NULL, /* doing */ + NULL, /* proto_getsock */ + http_getsock_do, /* doing_getsock */ + ZERO_NULL, /* domore_getsock */ + ZERO_NULL, /* perform_getsock */ + Curl_ws_disconnect, /* disconnect */ + ZERO_NULL, /* readwrite */ + ZERO_NULL, /* connection_check */ + ZERO_NULL, /* attach connection */ + PORT_HTTPS, /* defport */ + CURLPROTO_WSS, /* protocol */ + CURLPROTO_HTTP, /* family */ + PROTOPT_SSL | PROTOPT_CREDSPERREQUEST | /* flags */ + PROTOPT_USERPWDCTRL +}; +#endif + #endif -CURLcode Curl_http_setup_conn(struct Curl_easy *data, - struct connectdata *conn) +static CURLcode http_setup_conn(struct Curl_easy *data, + struct connectdata *conn) { /* allocate the HTTP-specific struct for the Curl_easy, only to survive during this request */ + struct HTTP *http; + DEBUGASSERT(data->req.p.http == NULL); + + http = calloc(1, sizeof(struct HTTP)); + if(!http) + return CURLE_OUT_OF_MEMORY; + + data->req.p.http = http; connkeep(conn, "HTTP default"); if(data->state.httpwant == CURL_HTTP_VERSION_3ONLY) { @@ -180,6 +245,16 @@ CURLcode Curl_http_setup_conn(struct Curl_easy *data, return CURLE_OK; } +#ifdef USE_WEBSOCKETS +static CURLcode ws_setup_conn(struct Curl_easy *data, + struct connectdata *conn) +{ + /* websockets is 1.1 only (for now) */ + data->state.httpwant = CURL_HTTP_VERSION_1_1; + return http_setup_conn(data, conn); +} +#endif + #ifndef CURL_DISABLE_PROXY /* * checkProxyHeaders() checks the linked list of custom proxy headers @@ -222,6 +297,7 @@ char *Curl_copy_header_value(const char *header) { const char *start; const char *end; + char *value; size_t len; /* Find the end of the header name */ @@ -237,6 +313,8 @@ char *Curl_copy_header_value(const char *header) while(*start && ISSPACE(*start)) start++; + /* data is in the host encoding so + use '\r' and '\n' instead of 0x0d and 0x0a */ end = strchr(start, '\r'); if(!end) end = strchr(start, '\n'); @@ -252,7 +330,14 @@ char *Curl_copy_header_value(const char *header) /* get length of the type */ len = end - start + 1; - return Curl_memdup0(start, len); + value = malloc(len + 1); + if(!value) + return NULL; + + memcpy(value, start, len); + value[len] = 0; /* null-terminate */ + + return value; } #ifndef CURL_DISABLE_HTTP_AUTH @@ -377,6 +462,8 @@ static bool pickoneauth(struct auth *pick, unsigned long mask) #endif else if(avail & CURLAUTH_NTLM) pick->picked = CURLAUTH_NTLM; + else if(avail & CURLAUTH_NTLM_WB) + pick->picked = CURLAUTH_NTLM_WB; #ifndef CURL_DISABLE_BASIC_AUTH else if(avail & CURLAUTH_BASIC) pick->picked = CURLAUTH_BASIC; @@ -397,85 +484,150 @@ static bool pickoneauth(struct auth *pick, unsigned long mask) /* * http_perhapsrewind() * - * The current request needs to be done again - maybe due to a follow - * or authentication negotiation. Check if: - * 1) a rewind of the data sent to the server is necessary - * 2) the current transfer should continue or be stopped early + * If we are doing POST or PUT { + * If we have more data to send { + * If we are doing NTLM { + * Keep sending since we must not disconnect + * } + * else { + * If there is more than just a little data left to send, close + * the current connection by force. + * } + * } + * If we have sent any data { + * If we don't have track of all the data { + * call app to tell it to rewind + * } + * else { + * rewind internally so that the operation can restart fine + * } + * } + * } */ static CURLcode http_perhapsrewind(struct Curl_easy *data, struct connectdata *conn) { - curl_off_t bytessent = data->req.writebytecount; - curl_off_t expectsend = Curl_creader_total_length(data); - curl_off_t upload_remain = (expectsend >= 0)? (expectsend - bytessent) : -1; - bool little_upload_remains = (upload_remain >= 0 && upload_remain < 2000); - bool needs_rewind = Curl_creader_needs_rewind(data); - /* By default, we would like to abort the transfer when little or unknown - * amount remains. This may be overridden by authentications further - * below! */ - bool abort_upload = (!data->req.upload_done && !little_upload_remains); - const char *ongoing_auth = NULL; - - /* We need a rewind before uploading client read data again. The - * checks below just influence of the upload is to be continued - * or aborted early. - * This depends on how much remains to be sent and in what state - * the authentication is. Some auth schemes such as NTLM do not work - * for a new connection. */ - if(needs_rewind) { - infof(data, "Need to rewind upload for next request"); - Curl_creader_set_rewind(data, TRUE); - } - - if(conn->bits.close) - /* If we already decided to close this connection, we cannot veto. */ + struct HTTP *http = data->req.p.http; + curl_off_t bytessent; + curl_off_t expectsend = -1; /* default is unknown */ + + if(!http) + /* If this is still NULL, we have not reach very far and we can safely + skip this rewinding stuff */ return CURLE_OK; - if(abort_upload) { - /* We'd like to abort the upload - but should we? */ + switch(data->state.httpreq) { + case HTTPREQ_GET: + case HTTPREQ_HEAD: + return CURLE_OK; + default: + break; + } + + bytessent = data->req.writebytecount; + + if(conn->bits.authneg) { + /* This is a state where we are known to be negotiating and we don't send + any data then. */ + expectsend = 0; + } + else if(!conn->bits.protoconnstart) { + /* HTTP CONNECT in progress: there is no body */ + expectsend = 0; + } + else { + /* figure out how much data we are expected to send */ + switch(data->state.httpreq) { + case HTTPREQ_POST: + case HTTPREQ_PUT: + if(data->state.infilesize != -1) + expectsend = data->state.infilesize; + break; + case HTTPREQ_POST_FORM: + case HTTPREQ_POST_MIME: + expectsend = http->postsize; + break; + default: + break; + } + } + + data->state.rewindbeforesend = FALSE; /* default */ + + if((expectsend == -1) || (expectsend > bytessent)) { #if defined(USE_NTLM) + /* There is still data left to send */ if((data->state.authproxy.picked == CURLAUTH_NTLM) || - (data->state.authhost.picked == CURLAUTH_NTLM)) { - ongoing_auth = "NTML"; - if((conn->http_ntlm_state != NTLMSTATE_NONE) || + (data->state.authhost.picked == CURLAUTH_NTLM) || + (data->state.authproxy.picked == CURLAUTH_NTLM_WB) || + (data->state.authhost.picked == CURLAUTH_NTLM_WB)) { + if(((expectsend - bytessent) < 2000) || + (conn->http_ntlm_state != NTLMSTATE_NONE) || (conn->proxy_ntlm_state != NTLMSTATE_NONE)) { - /* The NTLM-negotiation has started, keep on sending. - * Need to do further work on same connection */ - abort_upload = FALSE; + /* The NTLM-negotiation has started *OR* there is just a little (<2K) + data left to send, keep on sending. */ + + /* rewind data when completely done sending! */ + if(!conn->bits.authneg && (conn->writesockfd != CURL_SOCKET_BAD)) { + data->state.rewindbeforesend = TRUE; + infof(data, "Rewind stream before next send"); + } + + return CURLE_OK; } + + if(conn->bits.close) + /* this is already marked to get closed */ + return CURLE_OK; + + infof(data, "NTLM send, close instead of sending %" + CURL_FORMAT_CURL_OFF_T " bytes", + (curl_off_t)(expectsend - bytessent)); } #endif #if defined(USE_SPNEGO) /* There is still data left to send */ if((data->state.authproxy.picked == CURLAUTH_NEGOTIATE) || (data->state.authhost.picked == CURLAUTH_NEGOTIATE)) { - ongoing_auth = "NEGOTIATE"; - if((conn->http_negotiate_state != GSS_AUTHNONE) || + if(((expectsend - bytessent) < 2000) || + (conn->http_negotiate_state != GSS_AUTHNONE) || (conn->proxy_negotiate_state != GSS_AUTHNONE)) { - /* The NEGOTIATE-negotiation has started, keep on sending. - * Need to do further work on same connection */ - abort_upload = FALSE; + /* The NEGOTIATE-negotiation has started *OR* + there is just a little (<2K) data left to send, keep on sending. */ + + /* rewind data when completely done sending! */ + if(!conn->bits.authneg && (conn->writesockfd != CURL_SOCKET_BAD)) { + data->state.rewindbeforesend = TRUE; + infof(data, "Rewind stream before next send"); + } + + return CURLE_OK; } + + if(conn->bits.close) + /* this is already marked to get closed */ + return CURLE_OK; + + infof(data, "NEGOTIATE send, close instead of sending %" + CURL_FORMAT_CURL_OFF_T " bytes", + (curl_off_t)(expectsend - bytessent)); } #endif - } - if(abort_upload) { - if(upload_remain >= 0) - infof(data, "%s%sclose instead of sending %" FMT_OFF_T " more bytes", - ongoing_auth? ongoing_auth : "", - ongoing_auth? " send, " : "", - upload_remain); - else - infof(data, "%s%sclose instead of sending unknown amount " - "of more bytes", - ongoing_auth? ongoing_auth : "", - ongoing_auth? " send, " : ""); - /* We decided to abort the ongoing transfer */ + /* This is not NEGOTIATE/NTLM or many bytes left to send: close */ streamclose(conn, "Mid-auth HTTP and much data left to send"); - /* FIXME: questionable manipulation here, can we do this differently? */ - data->req.size = 0; /* do not download any more than 0 bytes */ + data->req.size = 0; /* don't download any more than 0 bytes */ + + /* There still is data left to send, but this connection is marked for + closure so we can safely do the rewind right now */ + } + + if(bytessent) { + /* mark for rewind since if we already sent something */ + data->state.rewindbeforesend = TRUE; + infof(data, "Please rewind output before next send"); } + return CURLE_OK; } @@ -506,7 +658,7 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) if((data->state.aptr.user || data->set.str[STRING_BEARER]) && ((data->req.httpcode == 401) || - (data->req.authneg && data->req.httpcode < 300))) { + (conn->bits.authneg && data->req.httpcode < 300))) { pickhost = pickoneauth(&data->state.authhost, authmask); if(!pickhost) data->state.authproblem = TRUE; @@ -520,7 +672,7 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) #ifndef CURL_DISABLE_PROXY if(conn->bits.proxy_user_passwd && ((data->req.httpcode == 407) || - (data->req.authneg && data->req.httpcode < 300))) { + (conn->bits.authneg && data->req.httpcode < 300))) { pickproxy = pickoneauth(&data->state.authproxy, authmask & ~CURLAUTH_BEARER); if(!pickproxy) @@ -529,10 +681,13 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) #endif if(pickhost || pickproxy) { - result = http_perhapsrewind(data, conn); - if(result) - return result; - + if((data->state.httpreq != HTTPREQ_GET) && + (data->state.httpreq != HTTPREQ_HEAD) && + !data->state.rewindbeforesend) { + result = http_perhapsrewind(data, conn); + if(result) + return result; + } /* In case this is GSS auth, the newurl field is already allocated so we must make sure to free it before allocating a new one. As figured out in bug #2284386 */ @@ -543,11 +698,11 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) } else if((data->req.httpcode < 300) && (!data->state.authhost.done) && - data->req.authneg) { + conn->bits.authneg) { /* no (known) authentication available, authentication is not "done" yet and no authentication seems to be required and - we did not try HEAD or GET */ + we didn't try HEAD or GET */ if((data->state.httpreq != HTTPREQ_GET) && (data->state.httpreq != HTTPREQ_HEAD)) { data->req.newurl = strdup(data->state.url); /* clone URL */ @@ -556,7 +711,7 @@ CURLcode Curl_http_auth_act(struct Curl_easy *data) data->state.authhost.done = TRUE; } } - if(http_should_fail(data, data->req.httpcode)) { + if(http_should_fail(data)) { failf(data, "The requested URL returned error: %d", data->req.httpcode); result = CURLE_HTTP_RETURNED_ERROR; @@ -613,6 +768,15 @@ output_auth_headers(struct Curl_easy *data, } else #endif +#if defined(USE_NTLM) && defined(NTLM_WB_ENABLED) + if(authstatus->picked == CURLAUTH_NTLM_WB) { + auth = "NTLM_WB"; + result = Curl_output_ntlm_wb(data, conn, proxy); + if(result) + return result; + } + else +#endif #ifndef CURL_DISABLE_DIGEST_AUTH if(authstatus->picked == CURLAUTH_DIGEST) { auth = "Digest"; @@ -737,13 +901,13 @@ Curl_http_output_auth(struct Curl_easy *data, if(authhost->want && !authhost->picked) /* The app has selected one or more methods, but none has been picked so far by a server round-trip. Then we set the picked one to the - want one, and if this is one single bit it will be used instantly. */ + want one, and if this is one single bit it'll be used instantly. */ authhost->picked = authhost->want; if(authproxy->want && !authproxy->picked) /* The app has selected one or more methods, but none has been picked so far by a proxy round-trip. Then we set the picked one to the want one, - and if this is one single bit it will be used instantly. */ + and if this is one single bit it'll be used instantly. */ authproxy->picked = authproxy->want; #ifndef CURL_DISABLE_PROXY @@ -758,7 +922,7 @@ Curl_http_output_auth(struct Curl_easy *data, #else (void)proxytunnel; #endif /* CURL_DISABLE_PROXY */ - /* we have no proxy so let's pretend we are done authenticating + /* we have no proxy so let's pretend we're done authenticating with it */ authproxy->done = TRUE; @@ -779,10 +943,10 @@ Curl_http_output_auth(struct Curl_easy *data, (httpreq != HTTPREQ_HEAD)) { /* Auth is required and we are not authenticated yet. Make a PUT or POST with content-length zero as a "probe". */ - data->req.authneg = TRUE; + conn->bits.authneg = TRUE; } else - data->req.authneg = FALSE; + conn->bits.authneg = FALSE; return result; } @@ -902,15 +1066,31 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, /* NTLM support requires the SSL crypto libs */ if(checkprefix("NTLM", auth) && is_valid_auth_separator(auth[4])) { if((authp->avail & CURLAUTH_NTLM) || + (authp->avail & CURLAUTH_NTLM_WB) || Curl_auth_is_ntlm_supported()) { *availp |= CURLAUTH_NTLM; authp->avail |= CURLAUTH_NTLM; - if(authp->picked == CURLAUTH_NTLM) { + if(authp->picked == CURLAUTH_NTLM || + authp->picked == CURLAUTH_NTLM_WB) { /* NTLM authentication is picked and activated */ CURLcode result = Curl_input_ntlm(data, proxy, auth); if(!result) { data->state.authproblem = FALSE; +#ifdef NTLM_WB_ENABLED + if(authp->picked == CURLAUTH_NTLM_WB) { + *availp &= ~CURLAUTH_NTLM; + authp->avail &= ~CURLAUTH_NTLM; + *availp |= CURLAUTH_NTLM_WB; + authp->avail |= CURLAUTH_NTLM_WB; + + result = Curl_input_ntlm_wb(data, conn, proxy, auth); + if(result) { + infof(data, "Authentication problem. Ignoring this."); + data->state.authproblem = TRUE; + } + } +#endif } else { infof(data, "Authentication problem. Ignoring this."); @@ -932,7 +1112,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, authp->avail |= CURLAUTH_DIGEST; /* We call this function on input Digest headers even if Digest - * authentication is not activated yet, as we need to store the + * authentication isn't activated yet, as we need to store the * incoming data from this header in case we are going to use * Digest */ result = Curl_input_digest(data, proxy, auth); @@ -951,7 +1131,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, authp->avail |= CURLAUTH_BASIC; if(authp->picked == CURLAUTH_BASIC) { /* We asked for Basic authentication but got a 40X back - anyway, which basically means our name+password is not + anyway, which basically means our name+password isn't valid. */ authp->avail = CURLAUTH_NONE; infof(data, "Authentication problem. Ignoring this."); @@ -967,7 +1147,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, authp->avail |= CURLAUTH_BEARER; if(authp->picked == CURLAUTH_BEARER) { /* We asked for Bearer authentication but got a 40X back - anyway, which basically means our token is not valid. */ + anyway, which basically means our token isn't valid. */ authp->avail = CURLAUTH_NONE; infof(data, "Authentication problem. Ignoring this."); data->state.authproblem = TRUE; @@ -987,7 +1167,7 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, /* there may be multiple methods on one line, so keep reading */ while(*auth && *auth != ',') /* read up to the next comma */ auth++; - if(*auth == ',') /* if we are on a comma, skip it */ + if(*auth == ',') /* if we're on a comma, skip it */ auth++; while(*auth && ISSPACE(*auth)) auth++; @@ -997,21 +1177,24 @@ CURLcode Curl_http_input_auth(struct Curl_easy *data, bool proxy, } /** - * http_should_fail() determines whether an HTTP response code has gotten us + * http_should_fail() determines whether an HTTP response has gotten us * into an error state or not. * * @retval FALSE communications should continue * * @retval TRUE communications should not continue */ -static bool http_should_fail(struct Curl_easy *data, int httpcode) +static bool http_should_fail(struct Curl_easy *data) { + int httpcode; DEBUGASSERT(data); DEBUGASSERT(data->conn); + httpcode = data->req.httpcode; + /* - ** If we have not been asked to fail on error, - ** do not fail. + ** If we haven't been asked to fail on error, + ** don't fail. */ if(!data->set.http_fail_on_error) return FALSE; @@ -1031,7 +1214,7 @@ static bool http_should_fail(struct Curl_easy *data, int httpcode) return FALSE; /* - ** Any code >= 400 that is not 401 or 407 is always + ** Any code >= 400 that's not 401 or 407 is always ** a terminal error */ if((httpcode != 401) && (httpcode != 407)) @@ -1043,19 +1226,22 @@ static bool http_should_fail(struct Curl_easy *data, int httpcode) DEBUGASSERT((httpcode == 401) || (httpcode == 407)); /* - ** Examine the current authentication state to see if this is an error. The - ** idea is for this function to get called after processing all the headers - ** in a response message. So, if we have been to asked to authenticate a - ** particular stage, and we have done it, we are OK. If we are already - ** completely authenticated, it is not OK to get another 401 or 407. + ** Examine the current authentication state to see if this + ** is an error. The idea is for this function to get + ** called after processing all the headers in a response + ** message. So, if we've been to asked to authenticate a + ** particular stage, and we've done it, we're OK. But, if + ** we're already completely authenticated, it's not OK to + ** get another 401 or 407. ** - ** It is possible for authentication to go stale such that the client needs - ** to reauthenticate. Once that info is available, use it here. + ** It is possible for authentication to go stale such that + ** the client needs to reauthenticate. Once that info is + ** available, use it here. */ /* - ** Either we are not authenticating, or we are supposed to be authenticating - ** something else. This is an error. + ** Either we're not authenticating, or we're supposed to + ** be authenticating something else. This is an error. */ if((httpcode == 401) && !data->state.aptr.user) return TRUE; @@ -1068,6 +1254,274 @@ static bool http_should_fail(struct Curl_easy *data, int httpcode) } /* + * readmoredata() is a "fread() emulation" to provide POST and/or request + * data. It is used when a huge POST is to be made and the entire chunk wasn't + * sent in the first send(). This function will then be called from the + * transfer.c loop when more data is to be sent to the peer. + * + * Returns the amount of bytes it filled the buffer with. + */ +static size_t readmoredata(char *buffer, + size_t size, + size_t nitems, + void *userp) +{ + struct HTTP *http = (struct HTTP *)userp; + struct Curl_easy *data = http->backup.data; + size_t fullsize = size * nitems; + + if(!http->postsize) + /* nothing to return */ + return 0; + + /* make sure that an HTTP request is never sent away chunked! */ + data->req.forbidchunk = (http->sending == HTTPSEND_REQUEST)?TRUE:FALSE; + + if(data->set.max_send_speed && + (data->set.max_send_speed < (curl_off_t)fullsize) && + (data->set.max_send_speed < http->postsize)) + /* speed limit */ + fullsize = (size_t)data->set.max_send_speed; + + else if(http->postsize <= (curl_off_t)fullsize) { + memcpy(buffer, http->postdata, (size_t)http->postsize); + fullsize = (size_t)http->postsize; + + if(http->backup.postsize) { + /* move backup data into focus and continue on that */ + http->postdata = http->backup.postdata; + http->postsize = http->backup.postsize; + data->state.fread_func = http->backup.fread_func; + data->state.in = http->backup.fread_in; + + http->sending++; /* move one step up */ + + http->backup.postsize = 0; + } + else + http->postsize = 0; + + return fullsize; + } + + memcpy(buffer, http->postdata, fullsize); + http->postdata += fullsize; + http->postsize -= fullsize; + + return fullsize; +} + +/* + * Curl_buffer_send() sends a header buffer and frees all associated + * memory. Body data may be appended to the header data if desired. + * + * Returns CURLcode + */ +CURLcode Curl_buffer_send(struct dynbuf *in, + struct Curl_easy *data, + struct HTTP *http, + /* add the number of sent bytes to this + counter */ + curl_off_t *bytes_written, + /* how much of the buffer contains body data */ + curl_off_t included_body_bytes, + int sockindex) +{ + ssize_t amount; + CURLcode result; + char *ptr; + size_t size; + struct connectdata *conn = data->conn; + size_t sendsize; + size_t headersize; + + DEBUGASSERT(sockindex <= SECONDARYSOCKET && sockindex >= 0); + + /* The looping below is required since we use non-blocking sockets, but due + to the circumstances we will just loop and try again and again etc */ + + ptr = Curl_dyn_ptr(in); + size = Curl_dyn_len(in); + + headersize = size - (size_t)included_body_bytes; /* the initial part that + isn't body is header */ + + DEBUGASSERT(size > (size_t)included_body_bytes); + + if((conn->handler->flags & PROTOPT_SSL +#ifndef CURL_DISABLE_PROXY + || IS_HTTPS_PROXY(conn->http_proxy.proxytype) +#endif + ) + && conn->httpversion < 20) { + /* Make sure this doesn't send more body bytes than what the max send + speed says. The request bytes do not count to the max speed. + */ + if(data->set.max_send_speed && + (included_body_bytes > data->set.max_send_speed)) { + curl_off_t overflow = included_body_bytes - data->set.max_send_speed; + DEBUGASSERT((size_t)overflow < size); + sendsize = size - (size_t)overflow; + } + else + sendsize = size; + + /* OpenSSL is very picky and we must send the SAME buffer pointer to the + library when we attempt to re-send this buffer. Sending the same data + is not enough, we must use the exact same address. For this reason, we + must copy the data to the uploadbuffer first, since that is the buffer + we will be using if this send is retried later. + */ + result = Curl_get_upload_buffer(data); + if(result) { + /* malloc failed, free memory and return to the caller */ + Curl_dyn_free(in); + return result; + } + /* We never send more than upload_buffer_size bytes in one single chunk + when we speak HTTPS, as if only a fraction of it is sent now, this data + needs to fit into the normal read-callback buffer later on and that + buffer is using this size. + */ + if(sendsize > (size_t)data->set.upload_buffer_size) + sendsize = (size_t)data->set.upload_buffer_size; + + memcpy(data->state.ulbuf, ptr, sendsize); + ptr = data->state.ulbuf; + } + else { +#ifdef CURLDEBUG + /* Allow debug builds to override this logic to force short initial + sends + */ + char *p = getenv("CURL_SMALLREQSEND"); + if(p) { + size_t altsize = (size_t)strtoul(p, NULL, 10); + if(altsize) + sendsize = CURLMIN(size, altsize); + else + sendsize = size; + } + else +#endif + { + /* Make sure this doesn't send more body bytes than what the max send + speed says. The request bytes do not count to the max speed. + */ + if(data->set.max_send_speed && + (included_body_bytes > data->set.max_send_speed)) { + curl_off_t overflow = included_body_bytes - data->set.max_send_speed; + DEBUGASSERT((size_t)overflow < size); + sendsize = size - (size_t)overflow; + } + else + sendsize = size; + } + + /* We currently cannot send more that this for http here: + * - if sending blocks, it return 0 as amount + * - we then whisk aside the `in` into the `http` struct + * and install our own `data->state.fread_func` that + * on subsequent calls reads `in` empty. + * - when the whisked away `in` is empty, the `fread_func` + * is restored to its original state. + * The problem is that `fread_func` can only return + * `upload_buffer_size` lengths. If the send we do here + * is larger and blocks, we do re-sending with smaller + * amounts of data and connection filters do not like + * that. + */ + if(http && (sendsize > (size_t)data->set.upload_buffer_size)) + sendsize = (size_t)data->set.upload_buffer_size; + } + + result = Curl_nwrite(data, sockindex, ptr, sendsize, &amount); + + if(!result) { + /* + * Note that we may not send the entire chunk at once, and we have a set + * number of data bytes at the end of the big buffer (out of which we may + * only send away a part). + */ + /* how much of the header that was sent */ + size_t headlen = (size_t)amount>headersize ? headersize : (size_t)amount; + size_t bodylen = amount - headlen; + + /* this data _may_ contain binary stuff */ + Curl_debug(data, CURLINFO_HEADER_OUT, ptr, headlen); + if(bodylen) + /* there was body data sent beyond the initial header part, pass that on + to the debug callback too */ + Curl_debug(data, CURLINFO_DATA_OUT, ptr + headlen, bodylen); + + /* 'amount' can never be a very large value here so typecasting it so a + signed 31 bit value should not cause problems even if ssize_t is + 64bit */ + *bytes_written += (long)amount; + + if(http) { + /* if we sent a piece of the body here, up the byte counter for it + accordingly */ + data->req.writebytecount += bodylen; + Curl_pgrsSetUploadCounter(data, data->req.writebytecount); + + if((size_t)amount != size) { + /* The whole request could not be sent in one system call. We must + queue it up and send it later when we get the chance. We must not + loop here and wait until it might work again. */ + + size -= amount; + + ptr = Curl_dyn_ptr(in) + amount; + + /* backup the currently set pointers */ + http->backup.fread_func = data->state.fread_func; + http->backup.fread_in = data->state.in; + http->backup.postdata = http->postdata; + http->backup.postsize = http->postsize; + http->backup.data = data; + + /* set the new pointers for the request-sending */ + data->state.fread_func = (curl_read_callback)readmoredata; + data->state.in = (void *)http; + http->postdata = ptr; + http->postsize = (curl_off_t)size; + + /* this much data is remaining header: */ + data->req.pendingheader = headersize - headlen; + + http->send_buffer = *in; /* copy the whole struct */ + http->sending = HTTPSEND_REQUEST; + return CURLE_OK; + } + http->sending = HTTPSEND_BODY; + /* the full buffer was sent, clean up and return */ + } + else { + if((size_t)amount != size) + /* We have no continue-send mechanism now, fail. This can only happen + when this function is used from the CONNECT sending function. We + currently (stupidly) assume that the whole request is always sent + away in the first single chunk. + + This needs FIXing. + */ + return CURLE_SEND_ERROR; + } + } + Curl_dyn_free(in); + + /* no remaining header data */ + data->req.pendingheader = 0; + return result; +} + +/* end of the add_buffer functions */ +/* ------------------------------------------------------------------------- */ + + + +/* * Curl_compareheader() * * Returns TRUE if 'headerline' contains the 'header' with given 'content'. @@ -1094,7 +1548,7 @@ Curl_compareheader(const char *headerline, /* line to check */ DEBUGASSERT(content); if(!strncasecompare(headerline, header, hlen)) - return FALSE; /* does not start with header */ + return FALSE; /* doesn't start with header */ /* pass the header */ start = &headerline[hlen]; @@ -1106,11 +1560,11 @@ Curl_compareheader(const char *headerline, /* line to check */ /* find the end of the header line */ end = strchr(start, '\r'); /* lines end with CRLF */ if(!end) { - /* in case there is a non-standard compliant line here */ + /* in case there's a non-standard compliant line here */ end = strchr(start, '\n'); if(!end) - /* hm, there is no line ending here, use the zero byte! */ + /* hm, there's no line ending here, use the zero byte! */ end = strchr(start, '\0'); } @@ -1141,11 +1595,11 @@ CURLcode Curl_http_connect(struct Curl_easy *data, bool *done) } /* this returns the socket to wait for in the DO and DOING state for the multi - interface and then we are always _sending_ a request and thus we wait for + interface and then we're always _sending_ a request and thus we wait for the single socket to become writable only */ -int Curl_http_getsock_do(struct Curl_easy *data, - struct connectdata *conn, - curl_socket_t *socks) +static int http_getsock_do(struct Curl_easy *data, + struct connectdata *conn, + curl_socket_t *socks) { /* write mode */ (void)conn; @@ -1162,14 +1616,24 @@ CURLcode Curl_http_done(struct Curl_easy *data, CURLcode status, bool premature) { struct connectdata *conn = data->conn; + struct HTTP *http = data->req.p.http; - /* Clear multipass flag. If authentication is not done yet, then it will get + /* Clear multipass flag. If authentication isn't done yet, then it will get * a chance to be set back to true when we output the next auth header */ data->state.authhost.multipass = FALSE; data->state.authproxy.multipass = FALSE; + /* set the proper values (possibly modified on POST) */ + conn->seek_func = data->set.seek_func; /* restore */ + conn->seek_client = data->set.seek_client; /* restore */ + + if(!http) + return CURLE_OK; + + Curl_dyn_free(&http->send_buffer); Curl_dyn_reset(&data->state.headerb); Curl_hyper_done(data); + Curl_ws_done(data); if(status) return status; @@ -1181,8 +1645,8 @@ CURLcode Curl_http_done(struct Curl_easy *data, (data->req.bytecount + data->req.headerbytecount - data->req.deductheadercount) <= 0) { - /* If this connection is not simply closed to be retried, AND nothing was - read from the HTTP server (that counts), this cannot be right so we + /* If this connection isn't simply closed to be retried, AND nothing was + read from the HTTP server (that counts), this can't be right so we return an error here */ failf(data, "Empty reply from server"); /* Mark it as closed to avoid the "left intact" message */ @@ -1229,12 +1693,83 @@ static const char *get_http_string(const struct Curl_easy *data, } #endif +/* check and possibly add an Expect: header */ +static CURLcode expect100(struct Curl_easy *data, + struct connectdata *conn, + struct dynbuf *req) +{ + CURLcode result = CURLE_OK; + if(!data->state.disableexpect && Curl_use_http_1_1plus(data, conn) && + (conn->httpversion < 20)) { + /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an + Expect: 100-continue to the headers which actually speeds up post + operations (as there is one packet coming back from the web server) */ + const char *ptr = Curl_checkheaders(data, STRCONST("Expect")); + if(ptr) { + data->state.expect100header = + Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); + } + else { + result = Curl_dyn_addn(req, STRCONST("Expect: 100-continue\r\n")); + if(!result) + data->state.expect100header = TRUE; + } + } + + return result; +} + enum proxy_use { HEADER_SERVER, /* direct to server */ HEADER_PROXY, /* regular request to proxy */ HEADER_CONNECT /* sending CONNECT to a proxy */ }; +/* used to compile the provided trailers into one buffer + will return an error code if one of the headers is + not formatted correctly */ +CURLcode Curl_http_compile_trailers(struct curl_slist *trailers, + struct dynbuf *b, + struct Curl_easy *handle) +{ + char *ptr = NULL; + CURLcode result = CURLE_OK; + const char *endofline_native = NULL; + const char *endofline_network = NULL; + + if( +#ifdef CURL_DO_LINEEND_CONV + (handle->state.prefer_ascii) || +#endif + (handle->set.crlf)) { + /* \n will become \r\n later on */ + endofline_native = "\n"; + endofline_network = "\x0a"; + } + else { + endofline_native = "\r\n"; + endofline_network = "\x0d\x0a"; + } + + while(trailers) { + /* only add correctly formatted trailers */ + ptr = strchr(trailers->data, ':'); + if(ptr && *(ptr + 1) == ' ') { + result = Curl_dyn_add(b, trailers->data); + if(result) + return result; + result = Curl_dyn_add(b, endofline_native); + if(result) + return result; + } + else + infof(handle, "Malformatted trailing header, skipping trailer"); + trailers = trailers->next; + } + result = Curl_dyn_add(b, endofline_network); + return result; +} + static bool hd_name_eq(const char *n1, size_t n1len, const char *n2, size_t n2len) { @@ -1341,7 +1876,7 @@ CURLcode Curl_dynhds_add_custom(struct Curl_easy *data, DEBUGASSERT(name && value); if(data->state.aptr.host && - /* a Host: header was sent already, do not pass on any custom Host: + /* a Host: header was sent already, don't pass on any custom Host: header as that will produce *two* in the same request! */ hd_name_eq(name, namelen, STRCONST("Host:"))) ; @@ -1353,19 +1888,19 @@ CURLcode Curl_dynhds_add_custom(struct Curl_easy *data, /* this header is sent later */ hd_name_eq(name, namelen, STRCONST("Content-Type:"))) ; - else if(data->req.authneg && - /* while doing auth neg, do not allow the custom length since + else if(conn->bits.authneg && + /* while doing auth neg, don't allow the custom length since we will force length zero then */ hd_name_eq(name, namelen, STRCONST("Content-Length:"))) ; else if(data->state.aptr.te && - /* when asking for Transfer-Encoding, do not pass on a custom + /* when asking for Transfer-Encoding, don't pass on a custom Connection: */ hd_name_eq(name, namelen, STRCONST("Connection:"))) ; else if((conn->httpversion >= 20) && hd_name_eq(name, namelen, STRCONST("Transfer-Encoding:"))) - /* HTTP/2 does not support chunked requests */ + /* HTTP/2 doesn't support chunked requests */ ; else if((hd_name_eq(name, namelen, STRCONST("Authorization:")) || hd_name_eq(name, namelen, STRCONST("Cookie:"))) && @@ -1487,9 +2022,8 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, char *compare = semicolonp ? semicolonp : headers->data; if(data->state.aptr.host && - /* a Host: header was sent already, do not pass on any custom - Host: header as that will produce *two* in the same - request! */ + /* a Host: header was sent already, don't pass on any custom Host: + header as that will produce *two* in the same request! */ checkprefix("Host:", compare)) ; else if(data->state.httpreq == HTTPREQ_POST_FORM && @@ -1500,19 +2034,19 @@ CURLcode Curl_add_custom_headers(struct Curl_easy *data, /* this header is sent later */ checkprefix("Content-Type:", compare)) ; - else if(data->req.authneg && - /* while doing auth neg, do not allow the custom length since + else if(conn->bits.authneg && + /* while doing auth neg, don't allow the custom length since we will force length zero then */ checkprefix("Content-Length:", compare)) ; else if(data->state.aptr.te && - /* when asking for Transfer-Encoding, do not pass on a custom + /* when asking for Transfer-Encoding, don't pass on a custom Connection: */ checkprefix("Connection:", compare)) ; else if((conn->httpversion >= 20) && checkprefix("Transfer-Encoding:", compare)) - /* HTTP/2 does not support chunked requests */ + /* HTTP/2 doesn't support chunked requests */ ; else if((checkprefix("Authorization:", compare) || checkprefix("Cookie:", compare)) && @@ -1569,7 +2103,6 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, switch(data->set.timecondition) { default: - DEBUGF(infof(data, "invalid time condition")); return CURLE_BAD_FUNCTION_ARGUMENT; case CURL_TIMECOND_IFMODSINCE: @@ -1704,10 +2237,10 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) if(ptr && (!data->state.this_is_a_follow || strcasecompare(data->state.first_host, conn->host.name))) { #if !defined(CURL_DISABLE_COOKIES) - /* If we have a given custom Host: header, we extract the hostname in + /* If we have a given custom Host: header, we extract the host name in order to possibly use it for cookie reasons later on. We only allow the custom Host: header if this is NOT a redirect, as setting Host: in the - redirected request is being out on thin ice. Except if the hostname + redirected request is being out on thin ice. Except if the host name is the same as the first one! */ char *cookiehost = Curl_copy_header_value(ptr); if(!cookiehost) @@ -1738,22 +2271,22 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) } #endif - if(!strcasecompare("Host:", ptr)) { + if(strcmp("Host:", ptr)) { aptr->host = aprintf("Host:%s\r\n", &ptr[5]); if(!aptr->host) return CURLE_OUT_OF_MEMORY; } } else { - /* When building Host: headers, we must put the hostname within - [brackets] if the hostname is a plain IPv6-address. RFC2732-style. */ + /* When building Host: headers, we must put the host name within + [brackets] if the host name is a plain IPv6-address. RFC2732-style. */ const char *host = conn->host.name; if(((conn->given->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS)) && (conn->remote_port == PORT_HTTPS)) || ((conn->given->protocol&(CURLPROTO_HTTP|CURLPROTO_WS)) && (conn->remote_port == PORT_HTTP)) ) - /* if(HTTPS on port 443) OR (HTTP on port 80) then do not include + /* if(HTTPS on port 443) OR (HTTP on port 80) then don't include the port number in the host string */ aptr->host = aprintf("Host: %s%s%s\r\n", conn->bits.ipv6_ip?"[":"", host, conn->bits.ipv6_ip?"]":""); @@ -1763,7 +2296,7 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) conn->remote_port); if(!aptr->host) - /* without Host: we cannot make a nice request */ + /* without Host: we can't make a nice request */ return CURLE_OUT_OF_MEMORY; } return CURLE_OK; @@ -1791,7 +2324,7 @@ CURLcode Curl_http_target(struct Curl_easy *data, /* The path sent to the proxy is in fact the entire URL. But if the remote host is a IDN-name, we must make sure that the request we produce only - uses the encoded hostname! */ + uses the encoded host name! */ /* and no fragment part */ CURLUcode uc; @@ -1814,7 +2347,7 @@ CURLcode Curl_http_target(struct Curl_easy *data, } if(strcasecompare("http", data->state.up.scheme)) { - /* when getting HTTP, we do not want the userinfo the URL */ + /* when getting HTTP, we don't want the userinfo the URL */ uc = curl_url_set(h, CURLUPART_USER, NULL, 0); if(uc) { curl_url_cleanup(h); @@ -1826,7 +2359,9 @@ CURLcode Curl_http_target(struct Curl_easy *data, return CURLE_OUT_OF_MEMORY; } } - /* Extract the URL to use in the request. */ + /* Extract the URL to use in the request. Store in STRING_TEMP_URL for + clean-up reasons if the function returns before the free() further + down. */ uc = curl_url_get(h, CURLUPART_URL, &url, CURLU_NO_DEFAULT_PORT); if(uc) { curl_url_cleanup(h); @@ -1835,7 +2370,7 @@ CURLcode Curl_http_target(struct Curl_easy *data, curl_url_cleanup(h); - /* target or URL */ + /* target or url */ result = Curl_dyn_add(r, data->set.str[STRING_TARGET]? data->set.str[STRING_TARGET]:url); free(url); @@ -1881,17 +2416,18 @@ CURLcode Curl_http_target(struct Curl_easy *data, return result; } -#if !defined(CURL_DISABLE_MIME) || !defined(CURL_DISABLE_FORM_API) -static CURLcode set_post_reader(struct Curl_easy *data, Curl_HttpReq httpreq) +CURLcode Curl_http_body(struct Curl_easy *data, struct connectdata *conn, + Curl_HttpReq httpreq, const char **tep) { - CURLcode result; + CURLcode result = CURLE_OK; + const char *ptr; + struct HTTP *http = data->req.p.http; + http->postsize = 0; switch(httpreq) { -#ifndef CURL_DISABLE_MIME case HTTPREQ_POST_MIME: data->state.mimepost = &data->set.mimepost; break; -#endif #ifndef CURL_DISABLE_FORM_API case HTTPREQ_POST_FORM: /* Convert the form structure into a mime structure, then keep @@ -1913,188 +2449,55 @@ static CURLcode set_post_reader(struct Curl_easy *data, Curl_HttpReq httpreq) #endif default: data->state.mimepost = NULL; - break; } - switch(httpreq) { - case HTTPREQ_POST_FORM: - case HTTPREQ_POST_MIME: - /* This is form posting using mime data. */ #ifndef CURL_DISABLE_MIME - if(data->state.mimepost) { - const char *cthdr = Curl_checkheaders(data, STRCONST("Content-Type")); - - /* Read and seek body only. */ - data->state.mimepost->flags |= MIME_BODY_ONLY; - - /* Prepare the mime structure headers & set content type. */ + if(data->state.mimepost) { + const char *cthdr = Curl_checkheaders(data, STRCONST("Content-Type")); - if(cthdr) - for(cthdr += 13; *cthdr == ' '; cthdr++) - ; - else if(data->state.mimepost->kind == MIMEKIND_MULTIPART) - cthdr = "multipart/form-data"; + /* Read and seek body only. */ + data->state.mimepost->flags |= MIME_BODY_ONLY; - curl_mime_headers(data->state.mimepost, data->set.headers, 0); - result = Curl_mime_prepare_headers(data, data->state.mimepost, cthdr, - NULL, MIMESTRATEGY_FORM); - if(result) - return result; - curl_mime_headers(data->state.mimepost, NULL, 0); - result = Curl_creader_set_mime(data, data->state.mimepost); - if(result) - return result; - } - else -#endif - { - result = Curl_creader_set_null(data); - } - data->state.infilesize = Curl_creader_total_length(data); - return result; - - default: - return Curl_creader_set_null(data); - } - /* never reached */ -} -#endif - -static CURLcode set_reader(struct Curl_easy *data, Curl_HttpReq httpreq) -{ - CURLcode result = CURLE_OK; - curl_off_t postsize = data->state.infilesize; + /* Prepare the mime structure headers & set content type. */ - DEBUGASSERT(data->conn); + if(cthdr) + for(cthdr += 13; *cthdr == ' '; cthdr++) + ; + else if(data->state.mimepost->kind == MIMEKIND_MULTIPART) + cthdr = "multipart/form-data"; - if(data->req.authneg) { - return Curl_creader_set_null(data); + curl_mime_headers(data->state.mimepost, data->set.headers, 0); + result = Curl_mime_prepare_headers(data, data->state.mimepost, cthdr, + NULL, MIMESTRATEGY_FORM); + curl_mime_headers(data->state.mimepost, NULL, 0); + if(!result) + result = Curl_mime_rewind(data->state.mimepost); + if(result) + return result; + http->postsize = Curl_mime_size(data->state.mimepost); } - - switch(httpreq) { - case HTTPREQ_PUT: /* Let's PUT the data to the server! */ - if(!postsize) - result = Curl_creader_set_null(data); - else - result = Curl_creader_set_fread(data, postsize); - return result; - -#if !defined(CURL_DISABLE_MIME) || !defined(CURL_DISABLE_FORM_API) - case HTTPREQ_POST_FORM: - case HTTPREQ_POST_MIME: - return set_post_reader(data, httpreq); #endif - case HTTPREQ_POST: - /* this is the simple POST, using x-www-form-urlencoded style */ - /* the size of the post body */ - if(!postsize) { - result = Curl_creader_set_null(data); - } - else if(data->set.postfields) { - if(postsize > 0) - result = Curl_creader_set_buf(data, data->set.postfields, - (size_t)postsize); - else - result = Curl_creader_set_null(data); - } - else { - /* we read the bytes from the callback. In case "chunked" encoding - * is forced by the application, we disregard `postsize`. This is - * a backward compatibility decision to earlier versions where - * chunking disregarded this. See issue #13229. */ - bool chunked = FALSE; - char *ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding")); - if(ptr) { - /* Some kind of TE is requested, check if 'chunked' is chosen */ - chunked = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"), - STRCONST("chunked")); - } - result = Curl_creader_set_fread(data, chunked? -1 : postsize); - } - return result; - - default: - /* HTTP GET/HEAD download, has no body, needs no Content-Length */ - data->state.infilesize = 0; - return Curl_creader_set_null(data); - } - /* not reached */ -} - -static CURLcode http_resume(struct Curl_easy *data, Curl_HttpReq httpreq) -{ - if((HTTPREQ_POST == httpreq || HTTPREQ_PUT == httpreq) && - data->state.resume_from) { - /********************************************************************** - * Resuming upload in HTTP means that we PUT or POST and that we have - * got a resume_from value set. The resume value has already created - * a Range: header that will be passed along. We need to "fast forward" - * the file the given number of bytes and decrease the assume upload - * file size before we continue this venture in the dark lands of HTTP. - * Resuming mime/form posting at an offset > 0 has no sense and is ignored. - *********************************************************************/ - - if(data->state.resume_from < 0) { - /* - * This is meant to get the size of the present remote-file by itself. - * We do not support this now. Bail out! - */ - data->state.resume_from = 0; - } - - if(data->state.resume_from && !data->req.authneg) { - /* only act on the first request */ - CURLcode result; - result = Curl_creader_resume_from(data, data->state.resume_from); - if(result) { - failf(data, "Unable to resume from offset %" FMT_OFF_T, - data->state.resume_from); - return result; - } - } - } - return CURLE_OK; -} - -CURLcode Curl_http_req_set_reader(struct Curl_easy *data, - Curl_HttpReq httpreq, - const char **tep) -{ - CURLcode result = CURLE_OK; - const char *ptr; - - result = set_reader(data, httpreq); - if(result) - return result; - - result = http_resume(data, httpreq); - if(result) - return result; - ptr = Curl_checkheaders(data, STRCONST("Transfer-Encoding")); if(ptr) { /* Some kind of TE is requested, check if 'chunked' is chosen */ data->req.upload_chunky = Curl_compareheader(ptr, STRCONST("Transfer-Encoding:"), STRCONST("chunked")); - if(data->req.upload_chunky && - Curl_use_http_1_1plus(data, data->conn) && - (data->conn->httpversion >= 20)) { - infof(data, "suppressing chunked transfer encoding on connection " - "using HTTP version 2 or higher"); - data->req.upload_chunky = FALSE; - } } else { - curl_off_t req_clen = Curl_creader_total_length(data); - - if(req_clen < 0) { - /* indeterminate request content length */ - if(Curl_use_http_1_1plus(data, data->conn)) { - /* On HTTP/1.1, enable chunked, on HTTP/2 and later we do not - * need it */ - data->req.upload_chunky = (data->conn->httpversion < 20); + if((conn->handler->protocol & PROTO_FAMILY_HTTP) && + (((httpreq == HTTPREQ_POST_MIME || httpreq == HTTPREQ_POST_FORM) && + http->postsize < 0) || + ((data->state.upload || httpreq == HTTPREQ_POST) && + data->state.infilesize == -1))) { + if(conn->bits.authneg) + /* don't enable chunked during auth neg */ + ; + else if(Curl_use_http_1_1plus(data, conn)) { + if(conn->httpversion < 20) + /* HTTP, upload, unknown file size and not HTTP 1.0 */ + data->req.upload_chunky = TRUE; } else { failf(data, "Chunky upload is not supported by HTTP 1.0"); @@ -2112,127 +2515,330 @@ CURLcode Curl_http_req_set_reader(struct Curl_easy *data, return result; } -static CURLcode addexpect(struct Curl_easy *data, struct dynbuf *r, - bool *announced_exp100) +static CURLcode addexpect(struct Curl_easy *data, struct connectdata *conn, + struct dynbuf *r) { - CURLcode result; - char *ptr; - - *announced_exp100 = FALSE; + data->state.expect100header = FALSE; /* Avoid Expect: 100-continue if Upgrade: is used */ - if(data->req.upgr101 != UPGR101_INIT) - return CURLE_OK; - - /* For really small puts we do not use Expect: headers at all, and for - the somewhat bigger ones we allow the app to disable it. Just make - sure that the expect100header is always set to the preferred value - here. */ - ptr = Curl_checkheaders(data, STRCONST("Expect")); - if(ptr) { - *announced_exp100 = - Curl_compareheader(ptr, STRCONST("Expect:"), STRCONST("100-continue")); - } - else if(!data->state.disableexpect && - Curl_use_http_1_1plus(data, data->conn) && - (data->conn->httpversion < 20)) { - /* if not doing HTTP 1.0 or version 2, or disabled explicitly, we add an - Expect: 100-continue to the headers which actually speeds up post - operations (as there is one packet coming back from the web server) */ - curl_off_t client_len = Curl_creader_client_length(data); - if(client_len > EXPECT_100_THRESHOLD || client_len < 0) { - result = Curl_dyn_addn(r, STRCONST("Expect: 100-continue\r\n")); - if(result) - return result; - *announced_exp100 = TRUE; + if(data->req.upgr101 == UPGR101_INIT) { + struct HTTP *http = data->req.p.http; + /* For really small puts we don't use Expect: headers at all, and for + the somewhat bigger ones we allow the app to disable it. Just make + sure that the expect100header is always set to the preferred value + here. */ + char *ptr = Curl_checkheaders(data, STRCONST("Expect")); + if(ptr) { + data->state.expect100header = + Curl_compareheader(ptr, STRCONST("Expect:"), + STRCONST("100-continue")); } + else if(http->postsize > EXPECT_100_THRESHOLD || http->postsize < 0) + return expect100(data, conn, r); } return CURLE_OK; } -CURLcode Curl_http_req_complete(struct Curl_easy *data, - struct dynbuf *r, Curl_HttpReq httpreq) +CURLcode Curl_http_bodysend(struct Curl_easy *data, struct connectdata *conn, + struct dynbuf *r, Curl_HttpReq httpreq) { +#ifndef USE_HYPER + /* Hyper always handles the body separately */ + curl_off_t included_body = 0; +#else + /* from this point down, this function should not be used */ +#define Curl_buffer_send(a,b,c,d,e,f) CURLE_OK +#endif CURLcode result = CURLE_OK; - curl_off_t req_clen; - bool announced_exp100 = FALSE; + struct HTTP *http = data->req.p.http; - DEBUGASSERT(data->conn); -#ifndef USE_HYPER - if(data->req.upload_chunky) { - result = Curl_httpchunk_add_reader(data); + switch(httpreq) { + case HTTPREQ_PUT: /* Let's PUT the data to the server! */ + + if(conn->bits.authneg) + http->postsize = 0; + else + http->postsize = data->state.infilesize; + + if((http->postsize != -1) && !data->req.upload_chunky && + (conn->bits.authneg || + !Curl_checkheaders(data, STRCONST("Content-Length")))) { + /* only add Content-Length if not uploading chunked */ + result = Curl_dyn_addf(r, "Content-Length: %" CURL_FORMAT_CURL_OFF_T + "\r\n", http->postsize); + if(result) + return result; + } + + result = addexpect(data, conn, r); if(result) return result; - } -#endif - /* Get the request body length that has been set up */ - req_clen = Curl_creader_total_length(data); - switch(httpreq) { - case HTTPREQ_PUT: - case HTTPREQ_POST: -#if !defined(CURL_DISABLE_MIME) || !defined(CURL_DISABLE_FORM_API) + /* end of headers */ + result = Curl_dyn_addn(r, STRCONST("\r\n")); + if(result) + return result; + + /* set the upload size to the progress meter */ + Curl_pgrsSetUploadSize(data, http->postsize); + + /* this sends the buffer and frees all the buffer resources */ + result = Curl_buffer_send(r, data, data->req.p.http, + &data->info.request_size, 0, + FIRSTSOCKET); + if(result) + failf(data, "Failed sending PUT request"); + else + /* prepare for transfer */ + Curl_setup_transfer(data, FIRSTSOCKET, -1, TRUE, + http->postsize?FIRSTSOCKET:-1); + if(result) + return result; + break; + case HTTPREQ_POST_FORM: case HTTPREQ_POST_MIME: -#endif + /* This is form posting using mime data. */ + if(conn->bits.authneg) { + /* nothing to post! */ + result = Curl_dyn_addn(r, STRCONST("Content-Length: 0\r\n\r\n")); + if(result) + return result; + + result = Curl_buffer_send(r, data, data->req.p.http, + &data->info.request_size, 0, + FIRSTSOCKET); + if(result) + failf(data, "Failed sending POST request"); + else + /* setup variables for the upcoming transfer */ + Curl_setup_transfer(data, FIRSTSOCKET, -1, TRUE, -1); + break; + } + + data->state.infilesize = http->postsize; + /* We only set Content-Length and allow a custom Content-Length if - we do not upload data chunked, as RFC2616 forbids us to set both - kinds of headers (Transfer-Encoding: chunked and Content-Length). - We do not override a custom "Content-Length" header, but during - authentication negotiation that header is suppressed. - */ - if(req_clen >= 0 && !data->req.upload_chunky && - (data->req.authneg || - !Curl_checkheaders(data, STRCONST("Content-Length")))) { + we don't upload data chunked, as RFC2616 forbids us to set both + kinds of headers (Transfer-Encoding: chunked and Content-Length) */ + if(http->postsize != -1 && !data->req.upload_chunky && + (!Curl_checkheaders(data, STRCONST("Content-Length")))) { /* we allow replacing this header if not during auth negotiation, - although it is not very wise to actually set your own */ - result = Curl_dyn_addf(r, "Content-Length: %" FMT_OFF_T "\r\n", - req_clen); + although it isn't very wise to actually set your own */ + result = Curl_dyn_addf(r, + "Content-Length: %" CURL_FORMAT_CURL_OFF_T + "\r\n", http->postsize); + if(result) + return result; } - if(result) - goto out; #ifndef CURL_DISABLE_MIME /* Output mime-generated headers. */ - if(data->state.mimepost && - ((httpreq == HTTPREQ_POST_FORM) || (httpreq == HTTPREQ_POST_MIME))) { + { struct curl_slist *hdr; for(hdr = data->state.mimepost->curlheaders; hdr; hdr = hdr->next) { result = Curl_dyn_addf(r, "%s\r\n", hdr->data); if(result) - goto out; + return result; } } #endif - if(httpreq == HTTPREQ_POST) { - if(!Curl_checkheaders(data, STRCONST("Content-Type"))) { - result = Curl_dyn_addn(r, STRCONST("Content-Type: application/" - "x-www-form-urlencoded\r\n")); + + result = addexpect(data, conn, r); + if(result) + return result; + + /* make the request end in a true CRLF */ + result = Curl_dyn_addn(r, STRCONST("\r\n")); + if(result) + return result; + + /* set the upload size to the progress meter */ + Curl_pgrsSetUploadSize(data, http->postsize); + + /* Read from mime structure. */ + data->state.fread_func = (curl_read_callback) Curl_mime_read; + data->state.in = (void *) data->state.mimepost; + http->sending = HTTPSEND_BODY; + + /* this sends the buffer and frees all the buffer resources */ + result = Curl_buffer_send(r, data, data->req.p.http, + &data->info.request_size, 0, + FIRSTSOCKET); + if(result) + failf(data, "Failed sending POST request"); + else + /* prepare for transfer */ + Curl_setup_transfer(data, FIRSTSOCKET, -1, TRUE, + http->postsize?FIRSTSOCKET:-1); + if(result) + return result; + + break; + + case HTTPREQ_POST: + /* this is the simple POST, using x-www-form-urlencoded style */ + + if(conn->bits.authneg) + http->postsize = 0; + else + /* the size of the post body */ + http->postsize = data->state.infilesize; + + /* We only set Content-Length and allow a custom Content-Length if + we don't upload data chunked, as RFC2616 forbids us to set both + kinds of headers (Transfer-Encoding: chunked and Content-Length) */ + if((http->postsize != -1) && !data->req.upload_chunky && + (conn->bits.authneg || + !Curl_checkheaders(data, STRCONST("Content-Length")))) { + /* we allow replacing this header if not during auth negotiation, + although it isn't very wise to actually set your own */ + result = Curl_dyn_addf(r, "Content-Length: %" CURL_FORMAT_CURL_OFF_T + "\r\n", http->postsize); + if(result) + return result; + } + + if(!Curl_checkheaders(data, STRCONST("Content-Type"))) { + result = Curl_dyn_addn(r, STRCONST("Content-Type: application/" + "x-www-form-urlencoded\r\n")); + if(result) + return result; + } + + result = addexpect(data, conn, r); + if(result) + return result; + +#ifndef USE_HYPER + /* With Hyper the body is always passed on separately */ + if(data->set.postfields) { + if(!data->state.expect100header && + (http->postsize < MAX_INITIAL_POST_SIZE)) { + /* if we don't use expect: 100 AND + postsize is less than MAX_INITIAL_POST_SIZE + + then append the post data to the HTTP request header. This limit + is no magic limit but only set to prevent really huge POSTs to + get the data duplicated with malloc() and family. */ + + /* end of headers! */ + result = Curl_dyn_addn(r, STRCONST("\r\n")); if(result) - goto out; + return result; + + if(!data->req.upload_chunky) { + /* We're not sending it 'chunked', append it to the request + already now to reduce the number of send() calls */ + result = Curl_dyn_addn(r, data->set.postfields, + (size_t)http->postsize); + included_body = http->postsize; + } + else { + if(http->postsize) { + char chunk[16]; + /* Append the POST data chunky-style */ + msnprintf(chunk, sizeof(chunk), "%x\r\n", (int)http->postsize); + result = Curl_dyn_add(r, chunk); + if(!result) { + included_body = http->postsize + strlen(chunk); + result = Curl_dyn_addn(r, data->set.postfields, + (size_t)http->postsize); + if(!result) + result = Curl_dyn_addn(r, STRCONST("\r\n")); + included_body += 2; + } + } + if(!result) { + result = Curl_dyn_addn(r, STRCONST("\x30\x0d\x0a\x0d\x0a")); + /* 0 CR LF CR LF */ + included_body += 5; + } + } + if(result) + return result; + /* Make sure the progress information is accurate */ + Curl_pgrsSetUploadSize(data, http->postsize); + } + else { + /* A huge POST coming up, do data separate from the request */ + http->postdata = data->set.postfields; + http->sending = HTTPSEND_BODY; + http->backup.data = data; + data->state.fread_func = (curl_read_callback)readmoredata; + data->state.in = (void *)http; + + /* set the upload size to the progress meter */ + Curl_pgrsSetUploadSize(data, http->postsize); + + /* end of headers! */ + result = Curl_dyn_addn(r, STRCONST("\r\n")); + if(result) + return result; } } - result = addexpect(data, r, &announced_exp100); + else +#endif + { + /* end of headers! */ + result = Curl_dyn_addn(r, STRCONST("\r\n")); + if(result) + return result; + + if(data->req.upload_chunky && conn->bits.authneg) { + /* Chunky upload is selected and we're negotiating auth still, send + end-of-data only */ + result = Curl_dyn_addn(r, (char *)STRCONST("\x30\x0d\x0a\x0d\x0a")); + /* 0 CR LF CR LF */ + if(result) + return result; + } + + else if(data->state.infilesize) { + /* set the upload size to the progress meter */ + Curl_pgrsSetUploadSize(data, http->postsize?http->postsize:-1); + + /* set the pointer to mark that we will send the post body using the + read callback, but only if we're not in authenticate negotiation */ + if(!conn->bits.authneg) + http->postdata = (char *)&http->postdata; + } + } + /* issue the request */ + result = Curl_buffer_send(r, data, data->req.p.http, + &data->info.request_size, included_body, + FIRSTSOCKET); + if(result) - goto out; + failf(data, "Failed sending HTTP POST request"); + else + Curl_setup_transfer(data, FIRSTSOCKET, -1, TRUE, + http->postdata?FIRSTSOCKET:-1); break; + default: - break; - } + result = Curl_dyn_addn(r, STRCONST("\r\n")); + if(result) + return result; - /* end of headers */ - result = Curl_dyn_addn(r, STRCONST("\r\n")); - if(!result) { - Curl_pgrsSetUploadSize(data, req_clen); - if(announced_exp100) - result = http_exp100_add_reader(data); + /* issue the request */ + result = Curl_buffer_send(r, data, data->req.p.http, + &data->info.request_size, 0, + FIRSTSOCKET); + if(result) + failf(data, "Failed sending HTTP request"); +#ifdef USE_WEBSOCKETS + else if((conn->handler->protocol & (CURLPROTO_WS|CURLPROTO_WSS)) && + !(data->set.connect_only)) + /* Set up the transfer for two-way since without CONNECT_ONLY set, this + request probably wants to send data too post upgrade */ + Curl_setup_transfer(data, FIRSTSOCKET, -1, TRUE, FIRSTSOCKET); +#endif + else + /* HTTP GET/HEAD download: */ + Curl_setup_transfer(data, FIRSTSOCKET, -1, TRUE, -1); } -out: - if(!result) { - /* setup variables for the upcoming transfer */ - Curl_xfer_setup1(data, CURL_XFER_SENDRECV, -1, TRUE); - } return result; } @@ -2319,7 +2925,7 @@ CURLcode Curl_http_range(struct Curl_easy *data, { if(data->state.use_range) { /* - * A range is selected. We use different headers whether we are downloading + * A range is selected. We use different headers whether we're downloading * or uploading and we always let customized headers override our internal * ones if any such are specified. */ @@ -2332,37 +2938,36 @@ CURLcode Curl_http_range(struct Curl_easy *data, } else if((httpreq == HTTPREQ_POST || httpreq == HTTPREQ_PUT) && !Curl_checkheaders(data, STRCONST("Content-Range"))) { - curl_off_t req_clen = Curl_creader_total_length(data); + /* if a line like this was already allocated, free the previous one */ free(data->state.aptr.rangeline); if(data->set.set_resume_from < 0) { - /* Upload resume was asked for, but we do not know the size of the + /* Upload resume was asked for, but we don't know the size of the remote part so we tell the server (and act accordingly) that we upload the whole file (again) */ data->state.aptr.rangeline = - aprintf("Content-Range: bytes 0-%" FMT_OFF_T "/%" FMT_OFF_T "\r\n", - req_clen - 1, req_clen); + aprintf("Content-Range: bytes 0-%" CURL_FORMAT_CURL_OFF_T + "/%" CURL_FORMAT_CURL_OFF_T "\r\n", + data->state.infilesize - 1, data->state.infilesize); } else if(data->state.resume_from) { /* This is because "resume" was selected */ - /* TODO: not sure if we want to send this header during authentication - * negotiation, but test1084 checks for it. In which case we have a - * "null" client reader installed that gives an unexpected length. */ - curl_off_t total_len = data->req.authneg? - data->state.infilesize : - (data->state.resume_from + req_clen); + curl_off_t total_expected_size = + data->state.resume_from + data->state.infilesize; data->state.aptr.rangeline = - aprintf("Content-Range: bytes %s%" FMT_OFF_T "/%" FMT_OFF_T "\r\n", - data->state.range, total_len-1, total_len); + aprintf("Content-Range: bytes %s%" CURL_FORMAT_CURL_OFF_T + "/%" CURL_FORMAT_CURL_OFF_T "\r\n", + data->state.range, total_expected_size-1, + total_expected_size); } else { /* Range was selected and then we just pass the incoming range and append total size */ data->state.aptr.rangeline = - aprintf("Content-Range: bytes %s/%" FMT_OFF_T "\r\n", - data->state.range, req_clen); + aprintf("Content-Range: bytes %s/%" CURL_FORMAT_CURL_OFF_T "\r\n", + data->state.range, data->state.infilesize); } if(!data->state.aptr.rangeline) return CURLE_OUT_OF_MEMORY; @@ -2371,20 +2976,101 @@ CURLcode Curl_http_range(struct Curl_easy *data, return CURLE_OK; } -CURLcode Curl_http_firstwrite(struct Curl_easy *data) +CURLcode Curl_http_resume(struct Curl_easy *data, + struct connectdata *conn, + Curl_HttpReq httpreq) +{ + if((HTTPREQ_POST == httpreq || HTTPREQ_PUT == httpreq) && + data->state.resume_from) { + /********************************************************************** + * Resuming upload in HTTP means that we PUT or POST and that we have + * got a resume_from value set. The resume value has already created + * a Range: header that will be passed along. We need to "fast forward" + * the file the given number of bytes and decrease the assume upload + * file size before we continue this venture in the dark lands of HTTP. + * Resuming mime/form posting at an offset > 0 has no sense and is ignored. + *********************************************************************/ + + if(data->state.resume_from < 0) { + /* + * This is meant to get the size of the present remote-file by itself. + * We don't support this now. Bail out! + */ + data->state.resume_from = 0; + } + + if(data->state.resume_from && !data->state.followlocation) { + /* only act on the first request */ + + /* Now, let's read off the proper amount of bytes from the + input. */ + int seekerr = CURL_SEEKFUNC_CANTSEEK; + if(conn->seek_func) { + Curl_set_in_callback(data, true); + seekerr = conn->seek_func(conn->seek_client, data->state.resume_from, + SEEK_SET); + Curl_set_in_callback(data, false); + } + + if(seekerr != CURL_SEEKFUNC_OK) { + curl_off_t passed = 0; + + if(seekerr != CURL_SEEKFUNC_CANTSEEK) { + failf(data, "Could not seek stream"); + return CURLE_READ_ERROR; + } + /* when seekerr == CURL_SEEKFUNC_CANTSEEK (can't seek to offset) */ + do { + size_t readthisamountnow = + (data->state.resume_from - passed > data->set.buffer_size) ? + (size_t)data->set.buffer_size : + curlx_sotouz(data->state.resume_from - passed); + + size_t actuallyread = + data->state.fread_func(data->state.buffer, 1, readthisamountnow, + data->state.in); + + passed += actuallyread; + if((actuallyread == 0) || (actuallyread > readthisamountnow)) { + /* this checks for greater-than only to make sure that the + CURL_READFUNC_ABORT return code still aborts */ + failf(data, "Could only read %" CURL_FORMAT_CURL_OFF_T + " bytes from the input", passed); + return CURLE_READ_ERROR; + } + } while(passed < data->state.resume_from); + } + + /* now, decrease the size of the read */ + if(data->state.infilesize>0) { + data->state.infilesize -= data->state.resume_from; + + if(data->state.infilesize <= 0) { + failf(data, "File already completely uploaded"); + return CURLE_PARTIAL_FILE; + } + } + /* we've passed, proceed as normal */ + } + } + return CURLE_OK; +} + +CURLcode Curl_http_firstwrite(struct Curl_easy *data, + struct connectdata *conn, + bool *done) { - struct connectdata *conn = data->conn; struct SingleRequest *k = &data->req; if(data->req.newurl) { if(conn->bits.close) { /* Abort after the headers if "follow Location" is set - and we are set to close anyway. */ + and we're set to close anyway. */ k->keepon &= ~KEEP_RECV; - k->done = TRUE; + *done = TRUE; return CURLE_OK; } - /* We have a new URL to load, but since we want to be able to reuse this + /* We have a new url to load, but since we want to be able to reuse this connection properly, we read the full response in "ignore more" */ k->ignorebody = TRUE; infof(data, "Ignoring the response-body"); @@ -2395,19 +3081,19 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data) if(k->size == data->state.resume_from) { /* The resume point is at the end of file, consider this fine even if it - does not allow resume from here. */ + doesn't allow resume from here. */ infof(data, "The entire document is already downloaded"); streamclose(conn, "already downloaded"); /* Abort download */ k->keepon &= ~KEEP_RECV; - k->done = TRUE; + *done = TRUE; return CURLE_OK; } - /* we wanted to resume a download, although the server does not seem to - * support this and we did this with a GET (if it was not a GET we did a + /* we wanted to resume a download, although the server doesn't seem to + * support this and we did this with a GET (if it wasn't a GET we did a * POST or PUT resume) */ - failf(data, "HTTP server does not seem to support " + failf(data, "HTTP server doesn't seem to support " "byte ranges. Cannot resume."); return CURLE_RANGE_ERROR; } @@ -2418,8 +3104,8 @@ CURLcode Curl_http_firstwrite(struct Curl_easy *data) action for an HTTP/1.1 client */ if(!Curl_meets_timecondition(data, k->timeofdoc)) { - k->done = TRUE; - /* We are simulating an HTTP 304 from server so we return + *done = TRUE; + /* We're simulating an HTTP 304 from server so we return what should have been returned from the server */ data->info.httpcode = 304; infof(data, "Simulate an HTTP 304 response"); @@ -2441,7 +3127,7 @@ CURLcode Curl_transferencode(struct Curl_easy *data) /* When we are to insert a TE: header in the request, we must also insert TE in a Connection: header, so we need to merge the custom provided Connection: header and prevent the original to get sent. Note that if - the user has inserted his/her own TE: header we do not do this magic + the user has inserted his/her own TE: header we don't do this magic but then assume that the user will handle it all! */ char *cptr = Curl_checkheaders(data, STRCONST("Connection")); #define TE_HEADER "TE: gzip\r\n" @@ -2476,6 +3162,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) { struct connectdata *conn = data->conn; CURLcode result = CURLE_OK; + struct HTTP *http; Curl_HttpReq httpreq; const char *te = ""; /* transfer-encoding */ const char *request; @@ -2500,7 +3187,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) ) { result = Curl_http2_switch(data, conn, FIRSTSOCKET); if(result) - goto fail; + return result; } else #endif @@ -2515,25 +3202,21 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) DEBUGF(infof(data, "HTTP/2 over clean TCP")); result = Curl_http2_switch(data, conn, FIRSTSOCKET); if(result) - goto fail; + return result; } break; } - /* Add collecting of headers written to client. For a new connection, - * we might have done that already, but reuse - * or multiplex needs it here as well. */ - result = Curl_headers_init(data); - if(result) - goto fail; + http = data->req.p.http; + DEBUGASSERT(http); result = Curl_http_host(data, conn); if(result) - goto fail; + return result; result = Curl_http_useragent(data); if(result) - goto fail; + return result; Curl_http_method(data, conn, &request, &httpreq); @@ -2549,7 +3232,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) (pq ? pq : data->state.up.path), FALSE); free(pq); if(result) - goto fail; + return result; } Curl_safefree(data->state.aptr.ref); @@ -2574,19 +3257,23 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) /* we only consider transfer-encoding magic if libz support is built-in */ result = Curl_transferencode(data); if(result) - goto fail; + return result; #endif - result = Curl_http_req_set_reader(data, httpreq, &te); + result = Curl_http_body(data, conn, httpreq, &te); if(result) - goto fail; + return result; p_accept = Curl_checkheaders(data, STRCONST("Accept"))?NULL:"Accept: */*\r\n"; + result = Curl_http_resume(data, conn, httpreq); + if(result) + return result; + result = Curl_http_range(data, httpreq); if(result) - goto fail; + return result; httpstring = get_http_string(data, conn); @@ -2604,7 +3291,7 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) result = Curl_http_target(data, conn, &req); if(result) { Curl_dyn_free(&req); - goto fail; + return result; } #ifndef CURL_DISABLE_ALTSVC @@ -2635,12 +3322,8 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) httpstring, (data->state.aptr.host?data->state.aptr.host:""), -#ifndef CURL_DISABLE_PROXY data->state.aptr.proxyuserpwd? data->state.aptr.proxyuserpwd:"", -#else - "", -#endif data->state.aptr.userpwd?data->state.aptr.userpwd:"", (data->state.use_range && data->state.aptr.rangeline)? data->state.aptr.rangeline:"", @@ -2674,20 +3357,18 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) /* clear userpwd and proxyuserpwd to avoid reusing old credentials * from reused connections */ Curl_safefree(data->state.aptr.userpwd); -#ifndef CURL_DISABLE_PROXY Curl_safefree(data->state.aptr.proxyuserpwd); -#endif free(altused); if(result) { Curl_dyn_free(&req); - goto fail; + return result; } if(!(conn->handler->flags&PROTOPT_SSL) && conn->httpversion < 20 && (data->state.httpwant == CURL_HTTP_VERSION_2)) { - /* append HTTP2 upgrade magic stuff to the HTTP request if it is not done + /* append HTTP2 upgrade magic stuff to the HTTP request if it isn't done over SSL */ result = Curl_http2_request_upgrade(&req, data); if(result) { @@ -2707,23 +3388,52 @@ CURLcode Curl_http(struct Curl_easy *data, bool *done) result = Curl_add_custom_headers(data, FALSE, &req); if(!result) { - /* req_send takes ownership of the 'req' memory on success */ - result = Curl_http_req_complete(data, &req, httpreq); - if(!result) - result = Curl_req_send(data, &req); + http->postdata = NULL; /* nothing to post at this point */ + if((httpreq == HTTPREQ_GET) || + (httpreq == HTTPREQ_HEAD)) + Curl_pgrsSetUploadSize(data, 0); /* nothing */ + + /* bodysend takes ownership of the 'req' memory on success */ + result = Curl_http_bodysend(data, conn, &req, httpreq); + } + if(result) { + Curl_dyn_free(&req); + return result; + } + + if((http->postsize > -1) && + (http->postsize <= data->req.writebytecount) && + (http->sending != HTTPSEND_REQUEST)) + data->req.upload_done = TRUE; + + if(data->req.writebytecount) { + /* if a request-body has been sent off, we make sure this progress is noted + properly */ + Curl_pgrsSetUploadCounter(data, data->req.writebytecount); + if(Curl_pgrsUpdate(data)) + result = CURLE_ABORTED_BY_CALLBACK; + + if(!http->postsize) { + /* already sent the entire request body, mark the "upload" as + complete */ + infof(data, "upload completely sent off: %" CURL_FORMAT_CURL_OFF_T + " out of %" CURL_FORMAT_CURL_OFF_T " bytes", + data->req.writebytecount, http->postsize); + data->req.upload_done = TRUE; + data->req.keepon &= ~KEEP_SEND; /* we're done writing */ + data->req.exp100 = EXP100_SEND_DATA; /* already sent */ + Curl_expire_done(data, EXPIRE_100_TIMEOUT); + } } - Curl_dyn_free(&req); - if(result) - goto fail; + + if(data->req.upload_done) + Curl_conn_ev_data_done_send(data); if((conn->httpversion >= 20) && data->req.upload_chunky) /* upload_chunky was set above to set up the request in a chunky fashion, but is disabled here again to avoid that the chunked encoded version is actually used when sending the request body over h2 */ data->req.upload_chunky = FALSE; -fail: - if(CURLE_TOO_LARGE == result) - failf(data, "HTTP request too large"); return result; } @@ -2799,378 +3509,325 @@ checkprotoprefix(struct Curl_easy *data, struct connectdata *conn, return checkhttpprefix(data, s, len); } -/* HTTP header has field name `n` (a string constant) */ -#define HD_IS(hd, hdlen, n) \ - (((hdlen) >= (sizeof(n)-1)) && curl_strnequal((n), (hd), (sizeof(n)-1))) - -#define HD_VAL(hd, hdlen, n) \ - ((((hdlen) >= (sizeof(n)-1)) && \ - curl_strnequal((n), (hd), (sizeof(n)-1)))? (hd + (sizeof(n)-1)) : NULL) - -/* HTTP header has field name `n` (a string constant) and contains `v` - * (a string constant) in its value(s) */ -#define HD_IS_AND_SAYS(hd, hdlen, n, v) \ - (HD_IS(hd, hdlen, n) && \ - ((hdlen) > ((sizeof(n)-1) + (sizeof(v)-1))) && \ - Curl_compareheader(hd, STRCONST(n), STRCONST(v))) - /* * Curl_http_header() parses a single response header. */ -CURLcode Curl_http_header(struct Curl_easy *data, - const char *hd, size_t hdlen) +CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, + char *headp) { - struct connectdata *conn = data->conn; CURLcode result; struct SingleRequest *k = &data->req; - const char *v; - - switch(hd[0]) { - case 'a': - case 'A': -#ifndef CURL_DISABLE_ALTSVC - v = (data->asi && - ((data->conn->handler->flags & PROTOPT_SSL) || -#ifdef DEBUGBUILD - /* allow debug builds to circumvent the HTTPS restriction */ - getenv("CURL_ALTSVC_HTTP") -#else - 0 -#endif - ))? HD_VAL(hd, hdlen, "Alt-Svc:") : NULL; - if(v) { - /* the ALPN of the current request */ - enum alpnid id = (conn->httpversion == 30)? ALPN_h3 : - (conn->httpversion == 20) ? ALPN_h2 : ALPN_h1; - return Curl_altsvc_parse(data, data->asi, v, id, conn->host.name, - curlx_uitous((unsigned int)conn->remote_port)); + /* Check for Content-Length: header lines to get size */ + if(!k->http_bodyless && + !data->set.ignorecl && checkprefix("Content-Length:", headp)) { + curl_off_t contentlength; + CURLofft offt = curlx_strtoofft(headp + strlen("Content-Length:"), + NULL, 10, &contentlength); + + if(offt == CURL_OFFT_OK) { + k->size = contentlength; + k->maxdownload = k->size; } -#endif - break; - case 'c': - case 'C': - /* Check for Content-Length: header lines to get size */ - v = (!k->http_bodyless && !data->set.ignorecl)? - HD_VAL(hd, hdlen, "Content-Length:") : NULL; - if(v) { - curl_off_t contentlength; - CURLofft offt = curlx_strtoofft(v, NULL, 10, &contentlength); - - if(offt == CURL_OFFT_OK) { - k->size = contentlength; - k->maxdownload = k->size; - } - else if(offt == CURL_OFFT_FLOW) { - /* out of range */ - if(data->set.max_filesize) { - failf(data, "Maximum file size exceeded"); - return CURLE_FILESIZE_EXCEEDED; - } - streamclose(conn, "overflow content-length"); - infof(data, "Overflow Content-Length: value"); - } - else { - /* negative or just rubbish - bad HTTP */ - failf(data, "Invalid Content-Length: value"); - return CURLE_WEIRD_SERVER_REPLY; + else if(offt == CURL_OFFT_FLOW) { + /* out of range */ + if(data->set.max_filesize) { + failf(data, "Maximum file size exceeded"); + return CURLE_FILESIZE_EXCEEDED; } - return CURLE_OK; + streamclose(conn, "overflow content-length"); + infof(data, "Overflow Content-Length: value"); } - v = (!k->http_bodyless && data->set.str[STRING_ENCODING])? - HD_VAL(hd, hdlen, "Content-Encoding:") : NULL; - if(v) { - /* - * Process Content-Encoding. Look for the values: identity, - * gzip, deflate, compress, x-gzip and x-compress. x-gzip and - * x-compress are the same as gzip and compress. (Sec 3.5 RFC - * 2616). zlib cannot handle compress. However, errors are - * handled further down when the response body is processed - */ - return Curl_build_unencoding_stack(data, v, FALSE); + else { + /* negative or just rubbish - bad HTTP */ + failf(data, "Invalid Content-Length: value"); + return CURLE_WEIRD_SERVER_REPLY; } - /* check for Content-Type: header lines to get the MIME-type */ - v = HD_VAL(hd, hdlen, "Content-Type:"); - if(v) { - char *contenttype = Curl_copy_header_value(hd); - if(!contenttype) - return CURLE_OUT_OF_MEMORY; - if(!*contenttype) - /* ignore empty data */ - free(contenttype); - else { - Curl_safefree(data->info.contenttype); - data->info.contenttype = contenttype; - } - return CURLE_OK; + } + /* check for Content-Type: header lines to get the MIME-type */ + else if(checkprefix("Content-Type:", headp)) { + char *contenttype = Curl_copy_header_value(headp); + if(!contenttype) + return CURLE_OUT_OF_MEMORY; + if(!*contenttype) + /* ignore empty data */ + free(contenttype); + else { + Curl_safefree(data->info.contenttype); + data->info.contenttype = contenttype; } - if(HD_IS_AND_SAYS(hd, hdlen, "Connection:", "close")) { - /* - * [RFC 2616, section 8.1.2.1] - * "Connection: close" is HTTP/1.1 language and means that - * the connection will close when this request has been - * served. - */ - streamclose(conn, "Connection: close used"); - return CURLE_OK; + } +#ifndef CURL_DISABLE_PROXY + else if((conn->httpversion == 10) && + conn->bits.httpproxy && + Curl_compareheader(headp, + STRCONST("Proxy-Connection:"), + STRCONST("keep-alive"))) { + /* + * When an HTTP/1.0 reply comes when using a proxy, the + * 'Proxy-Connection: keep-alive' line tells us the + * connection will be kept alive for our pleasure. + * Default action for 1.0 is to close. + */ + connkeep(conn, "Proxy-Connection keep-alive"); /* don't close */ + infof(data, "HTTP/1.0 proxy connection set to keep alive"); + } + else if((conn->httpversion == 11) && + conn->bits.httpproxy && + Curl_compareheader(headp, + STRCONST("Proxy-Connection:"), + STRCONST("close"))) { + /* + * We get an HTTP/1.1 response from a proxy and it says it'll + * close down after this transfer. + */ + connclose(conn, "Proxy-Connection: asked to close after done"); + infof(data, "HTTP/1.1 proxy connection set close"); + } +#endif + else if((conn->httpversion == 10) && + Curl_compareheader(headp, + STRCONST("Connection:"), + STRCONST("keep-alive"))) { + /* + * An HTTP/1.0 reply with the 'Connection: keep-alive' line + * tells us the connection will be kept alive for our + * pleasure. Default action for 1.0 is to close. + * + * [RFC2068, section 19.7.1] */ + connkeep(conn, "Connection keep-alive"); + infof(data, "HTTP/1.0 connection set to keep alive"); + } + else if(Curl_compareheader(headp, + STRCONST("Connection:"), STRCONST("close"))) { + /* + * [RFC 2616, section 8.1.2.1] + * "Connection: close" is HTTP/1.1 language and means that + * the connection will close when this request has been + * served. + */ + streamclose(conn, "Connection: close used"); + } + else if(!k->http_bodyless && checkprefix("Transfer-Encoding:", headp)) { + /* One or more encodings. We check for chunked and/or a compression + algorithm. */ + /* + * [RFC 2616, section 3.6.1] A 'chunked' transfer encoding + * means that the server will send a series of "chunks". Each + * chunk starts with line with info (including size of the + * coming block) (terminated with CRLF), then a block of data + * with the previously mentioned size. There can be any amount + * of chunks, and a chunk-data set to zero signals the + * end-of-chunks. */ + + result = Curl_build_unencoding_stack(data, + headp + strlen("Transfer-Encoding:"), + TRUE); + if(result) + return result; + if(!k->chunk && data->set.http_transfer_encoding) { + /* if this isn't chunked, only close can signal the end of this transfer + as Content-Length is said not to be trusted for transfer-encoding! */ + connclose(conn, "HTTP/1.1 transfer-encoding without chunks"); + k->ignore_cl = TRUE; } - if((conn->httpversion == 10) && - HD_IS_AND_SAYS(hd, hdlen, "Connection:", "keep-alive")) { - /* - * An HTTP/1.0 reply with the 'Connection: keep-alive' line - * tells us the connection will be kept alive for our - * pleasure. Default action for 1.0 is to close. - * - * [RFC2068, section 19.7.1] */ - connkeep(conn, "Connection keep-alive"); - infof(data, "HTTP/1.0 connection set to keep alive"); - return CURLE_OK; + } + else if(!k->http_bodyless && checkprefix("Content-Encoding:", headp) && + data->set.str[STRING_ENCODING]) { + /* + * Process Content-Encoding. Look for the values: identity, + * gzip, deflate, compress, x-gzip and x-compress. x-gzip and + * x-compress are the same as gzip and compress. (Sec 3.5 RFC + * 2616). zlib cannot handle compress. However, errors are + * handled further down when the response body is processed + */ + result = Curl_build_unencoding_stack(data, + headp + strlen("Content-Encoding:"), + FALSE); + if(result) + return result; + } + else if(checkprefix("Retry-After:", headp)) { + /* Retry-After = HTTP-date / delay-seconds */ + curl_off_t retry_after = 0; /* zero for unknown or "now" */ + /* Try it as a decimal number, if it works it is not a date */ + (void)curlx_strtoofft(headp + strlen("Retry-After:"), + NULL, 10, &retry_after); + if(!retry_after) { + time_t date = Curl_getdate_capped(headp + strlen("Retry-After:")); + if(-1 != date) + /* convert date to number of seconds into the future */ + retry_after = date - time(NULL); } - v = !k->http_bodyless? HD_VAL(hd, hdlen, "Content-Range:") : NULL; - if(v) { - /* Content-Range: bytes [num]- - Content-Range: bytes: [num]- - Content-Range: [num]- - Content-Range: [asterisk]/[total] - - The second format was added since Sun's webserver - JavaWebServer/1.1.1 obviously sends the header this way! - The third added since some servers use that! - The fourth means the requested range was unsatisfied. - */ - - const char *ptr = v; - - /* Move forward until first digit or asterisk */ - while(*ptr && !ISDIGIT(*ptr) && *ptr != '*') - ptr++; - - /* if it truly stopped on a digit */ - if(ISDIGIT(*ptr)) { - if(!curlx_strtoofft(ptr, NULL, 10, &k->offset)) { - if(data->state.resume_from == k->offset) - /* we asked for a resume and we got it */ - k->content_range = TRUE; - } + data->info.retry_after = retry_after; /* store it */ + } + else if(!k->http_bodyless && checkprefix("Content-Range:", headp)) { + /* Content-Range: bytes [num]- + Content-Range: bytes: [num]- + Content-Range: [num]- + Content-Range: [asterisk]/[total] + + The second format was added since Sun's webserver + JavaWebServer/1.1.1 obviously sends the header this way! + The third added since some servers use that! + The fourth means the requested range was unsatisfied. + */ + + char *ptr = headp + strlen("Content-Range:"); + + /* Move forward until first digit or asterisk */ + while(*ptr && !ISDIGIT(*ptr) && *ptr != '*') + ptr++; + + /* if it truly stopped on a digit */ + if(ISDIGIT(*ptr)) { + if(!curlx_strtoofft(ptr, NULL, 10, &k->offset)) { + if(data->state.resume_from == k->offset) + /* we asked for a resume and we got it */ + k->content_range = TRUE; } - else if(k->httpcode < 300) - data->state.resume_from = 0; /* get everything */ - } - break; - case 'l': - case 'L': - v = (!k->http_bodyless && - (data->set.timecondition || data->set.get_filetime))? - HD_VAL(hd, hdlen, "Last-Modified:") : NULL; - if(v) { - k->timeofdoc = Curl_getdate_capped(v); - if(data->set.get_filetime) - data->info.filetime = k->timeofdoc; - return CURLE_OK; } - if((k->httpcode >= 300 && k->httpcode < 400) && - HD_IS(hd, hdlen, "Location:") && - !data->req.location) { - /* this is the URL that the server advises us to use instead */ - char *location = Curl_copy_header_value(hd); - if(!location) - return CURLE_OUT_OF_MEMORY; - if(!*location) - /* ignore empty data */ - free(location); - else { - data->req.location = location; + else if(k->httpcode < 300) + data->state.resume_from = 0; /* get everything */ + } +#if !defined(CURL_DISABLE_COOKIES) + else if(data->cookies && data->state.cookie_engine && + checkprefix("Set-Cookie:", headp)) { + /* If there is a custom-set Host: name, use it here, or else use real peer + host name. */ + const char *host = data->state.aptr.cookiehost? + data->state.aptr.cookiehost:conn->host.name; + const bool secure_context = + conn->handler->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS) || + strcasecompare("localhost", host) || + !strcmp(host, "127.0.0.1") || + !strcmp(host, "::1") ? TRUE : FALSE; + + Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, + CURL_LOCK_ACCESS_SINGLE); + Curl_cookie_add(data, data->cookies, TRUE, FALSE, + headp + strlen("Set-Cookie:"), host, + data->state.up.path, secure_context); + Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); + } +#endif + else if(!k->http_bodyless && checkprefix("Last-Modified:", headp) && + (data->set.timecondition || data->set.get_filetime) ) { + k->timeofdoc = Curl_getdate_capped(headp + strlen("Last-Modified:")); + if(data->set.get_filetime) + data->info.filetime = k->timeofdoc; + } + else if((checkprefix("WWW-Authenticate:", headp) && + (401 == k->httpcode)) || + (checkprefix("Proxy-authenticate:", headp) && + (407 == k->httpcode))) { + + bool proxy = (k->httpcode == 407) ? TRUE : FALSE; + char *auth = Curl_copy_header_value(headp); + if(!auth) + return CURLE_OUT_OF_MEMORY; - if(data->set.http_follow_location) { - DEBUGASSERT(!data->req.newurl); - data->req.newurl = strdup(data->req.location); /* clone */ - if(!data->req.newurl) - return CURLE_OUT_OF_MEMORY; + result = Curl_http_input_auth(data, proxy, auth); - /* some cases of POST and PUT etc needs to rewind the data - stream at this point */ - result = http_perhapsrewind(data, conn); - if(result) - return result; + free(auth); - /* mark the next request as a followed location: */ - data->state.this_is_a_follow = TRUE; - } - } - } - break; - case 'p': - case 'P': -#ifndef CURL_DISABLE_PROXY - v = HD_VAL(hd, hdlen, "Proxy-Connection:"); - if(v) { - if((conn->httpversion == 10) && conn->bits.httpproxy && - HD_IS_AND_SAYS(hd, hdlen, "Proxy-Connection:", "keep-alive")) { - /* - * When an HTTP/1.0 reply comes when using a proxy, the - * 'Proxy-Connection: keep-alive' line tells us the - * connection will be kept alive for our pleasure. - * Default action for 1.0 is to close. - */ - connkeep(conn, "Proxy-Connection keep-alive"); /* do not close */ - infof(data, "HTTP/1.0 proxy connection set to keep alive"); - } - else if((conn->httpversion == 11) && conn->bits.httpproxy && - HD_IS_AND_SAYS(hd, hdlen, "Proxy-Connection:", "close")) { - /* - * We get an HTTP/1.1 response from a proxy and it says it will - * close down after this transfer. - */ - connclose(conn, "Proxy-Connection: asked to close after done"); - infof(data, "HTTP/1.1 proxy connection set close"); - } - return CURLE_OK; - } -#endif - if((407 == k->httpcode) && HD_IS(hd, hdlen, "Proxy-authenticate:")) { - char *auth = Curl_copy_header_value(hd); - if(!auth) - return CURLE_OUT_OF_MEMORY; - result = Curl_http_input_auth(data, TRUE, auth); - free(auth); + if(result) return result; - } + } #ifdef USE_SPNEGO - if(HD_IS(hd, hdlen, "Persistent-Auth:")) { - struct negotiatedata *negdata = &conn->negotiate; - struct auth *authp = &data->state.authhost; - if(authp->picked == CURLAUTH_NEGOTIATE) { - char *persistentauth = Curl_copy_header_value(hd); - if(!persistentauth) - return CURLE_OUT_OF_MEMORY; - negdata->noauthpersist = checkprefix("false", persistentauth)? - TRUE:FALSE; - negdata->havenoauthpersist = TRUE; - infof(data, "Negotiate: noauthpersist -> %d, header part: %s", - negdata->noauthpersist, persistentauth); - free(persistentauth); - } + else if(checkprefix("Persistent-Auth:", headp)) { + struct negotiatedata *negdata = &conn->negotiate; + struct auth *authp = &data->state.authhost; + if(authp->picked == CURLAUTH_NEGOTIATE) { + char *persistentauth = Curl_copy_header_value(headp); + if(!persistentauth) + return CURLE_OUT_OF_MEMORY; + negdata->noauthpersist = checkprefix("false", persistentauth)? + TRUE:FALSE; + negdata->havenoauthpersist = TRUE; + infof(data, "Negotiate: noauthpersist -> %d, header part: %s", + negdata->noauthpersist, persistentauth); + free(persistentauth); } + } #endif - break; - case 'r': - case 'R': - v = HD_VAL(hd, hdlen, "Retry-After:"); - if(v) { - /* Retry-After = HTTP-date / delay-seconds */ - curl_off_t retry_after = 0; /* zero for unknown or "now" */ - /* Try it as a decimal number, if it works it is not a date */ - (void)curlx_strtoofft(v, NULL, 10, &retry_after); - if(!retry_after) { - time_t date = Curl_getdate_capped(v); - if(-1 != date) - /* convert date to number of seconds into the future */ - retry_after = date - time(NULL); + else if((k->httpcode >= 300 && k->httpcode < 400) && + checkprefix("Location:", headp) && + !data->req.location) { + /* this is the URL that the server advises us to use instead */ + char *location = Curl_copy_header_value(headp); + if(!location) + return CURLE_OUT_OF_MEMORY; + if(!*location) + /* ignore empty data */ + free(location); + else { + data->req.location = location; + + if(data->set.http_follow_location) { + DEBUGASSERT(!data->req.newurl); + data->req.newurl = strdup(data->req.location); /* clone */ + if(!data->req.newurl) + return CURLE_OUT_OF_MEMORY; + + /* some cases of POST and PUT etc needs to rewind the data + stream at this point */ + result = http_perhapsrewind(data, conn); + if(result) + return result; + + /* mark the next request as a followed location: */ + data->state.this_is_a_follow = TRUE; } - data->info.retry_after = retry_after; /* store it */ - return CURLE_OK; } - break; - case 's': - case 'S': -#if !defined(CURL_DISABLE_COOKIES) - v = (data->cookies && data->state.cookie_engine)? - HD_VAL(hd, hdlen, "Set-Cookie:") : NULL; - if(v) { - /* If there is a custom-set Host: name, use it here, or else use - * real peer hostname. */ - const char *host = data->state.aptr.cookiehost? - data->state.aptr.cookiehost:conn->host.name; - const bool secure_context = - conn->handler->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS) || - strcasecompare("localhost", host) || - !strcmp(host, "127.0.0.1") || - !strcmp(host, "::1") ? TRUE : FALSE; + } - Curl_share_lock(data, CURL_LOCK_DATA_COOKIE, - CURL_LOCK_ACCESS_SINGLE); - Curl_cookie_add(data, data->cookies, TRUE, FALSE, v, host, - data->state.up.path, secure_context); - Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); - return CURLE_OK; - } -#endif #ifndef CURL_DISABLE_HSTS - /* If enabled, the header is incoming and this is over HTTPS */ - v = (data->hsts && - ((conn->handler->flags & PROTOPT_SSL) || -#ifdef DEBUGBUILD + /* If enabled, the header is incoming and this is over HTTPS */ + else if(data->hsts && checkprefix("Strict-Transport-Security:", headp) && + ((conn->handler->flags & PROTOPT_SSL) || +#ifdef CURLDEBUG /* allow debug builds to circumvent the HTTPS restriction */ getenv("CURL_HSTS_HTTP") #else 0 #endif - ) - )? HD_VAL(hd, hdlen, "Strict-Transport-Security:") : NULL; - if(v) { - CURLcode check = - Curl_hsts_parse(data->hsts, conn->host.name, v); - if(check) - infof(data, "Illegal STS header skipped"); + )) { + CURLcode check = + Curl_hsts_parse(data->hsts, conn->host.name, + headp + strlen("Strict-Transport-Security:")); + if(check) + infof(data, "Illegal STS header skipped"); #ifdef DEBUGBUILD - else - infof(data, "Parsed STS header fine (%zu entries)", - Curl_llist_count(&data->hsts->list)); + else + infof(data, "Parsed STS header fine (%zu entries)", + data->hsts->list.size); #endif - } + } #endif - break; - case 't': - case 'T': - /* RFC 9112, ch. 6.1 - * "Transfer-Encoding MAY be sent in a response to a HEAD request or - * in a 304 (Not Modified) response (Section 15.4.5 of [HTTP]) to a - * GET request, neither of which includes a message body, to indicate - * that the origin server would have applied a transfer coding to the - * message body if the request had been an unconditional GET." - * - * Read: in these cases the 'Transfer-Encoding' does not apply - * to any data following the response headers. Do not add any decoders. - */ - v = (!k->http_bodyless && - (data->state.httpreq != HTTPREQ_HEAD) && - (k->httpcode != 304))? - HD_VAL(hd, hdlen, "Transfer-Encoding:") : NULL; - if(v) { - /* One or more encodings. We check for chunked and/or a compression - algorithm. */ - result = Curl_build_unencoding_stack(data, v, TRUE); - if(result) - return result; - if(!k->chunk && data->set.http_transfer_encoding) { - /* if this is not chunked, only close can signal the end of this - * transfer as Content-Length is said not to be trusted for - * transfer-encoding! */ - connclose(conn, "HTTP/1.1 transfer-encoding without chunks"); - k->ignore_cl = TRUE; - } - return CURLE_OK; - } - v = HD_VAL(hd, hdlen, "Trailer:"); - if(v) { - data->req.resp_trailer = TRUE; - return CURLE_OK; - } - break; - case 'w': - case 'W': - if((401 == k->httpcode) && HD_IS(hd, hdlen, "WWW-Authenticate:")) { - char *auth = Curl_copy_header_value(hd); - if(!auth) - return CURLE_OUT_OF_MEMORY; - result = Curl_http_input_auth(data, FALSE, auth); - free(auth); +#ifndef CURL_DISABLE_ALTSVC + /* If enabled, the header is incoming and this is over HTTPS */ + else if(data->asi && checkprefix("Alt-Svc:", headp) && + ((conn->handler->flags & PROTOPT_SSL) || +#ifdef CURLDEBUG + /* allow debug builds to circumvent the HTTPS restriction */ + getenv("CURL_ALTSVC_HTTP") +#else + 0 +#endif + )) { + /* the ALPN of the current request */ + enum alpnid id = (conn->httpversion == 30)? ALPN_h3 : + (conn->httpversion == 20) ? ALPN_h2 : ALPN_h1; + result = Curl_altsvc_parse(data, data->asi, + headp + strlen("Alt-Svc:"), + id, conn->host.name, + curlx_uitous((unsigned int)conn->remote_port)); + if(result) return result; - } - break; } - - if(conn->handler->protocol & CURLPROTO_RTSP) { - result = Curl_rtsp_parseheader(data, hd); +#endif + else if(conn->handler->protocol & CURLPROTO_RTSP) { + result = Curl_rtsp_parseheader(data, headp); if(result) return result; } @@ -3181,48 +3838,25 @@ CURLcode Curl_http_header(struct Curl_easy *data, * Called after the first HTTP response line (the status line) has been * received and parsed. */ + CURLcode Curl_http_statusline(struct Curl_easy *data, struct connectdata *conn) { struct SingleRequest *k = &data->req; - - switch(k->httpversion) { - case 10: - case 11: -#ifdef USE_HTTP2 - case 20: -#endif -#ifdef USE_HTTP3 - case 30: -#endif - /* no major version switch mid-connection */ - if(conn->httpversion && - (k->httpversion/10 != conn->httpversion/10)) { - failf(data, "Version mismatch (from HTTP/%u to HTTP/%u)", - conn->httpversion/10, k->httpversion/10); - return CURLE_UNSUPPORTED_PROTOCOL; - } - break; - default: - failf(data, "Unsupported HTTP version (%u.%d) in response", - k->httpversion/10, k->httpversion%10); - return CURLE_UNSUPPORTED_PROTOCOL; - } - data->info.httpcode = k->httpcode; - data->info.httpversion = k->httpversion; - conn->httpversion = (unsigned char)k->httpversion; - if(!data->state.httpversion || data->state.httpversion > k->httpversion) + data->info.httpversion = conn->httpversion; + if(!data->state.httpversion || + data->state.httpversion > conn->httpversion) /* store the lowest server version we encounter */ - data->state.httpversion = (unsigned char)k->httpversion; + data->state.httpversion = conn->httpversion; /* - * This code executes as part of processing the header. As a - * result, it is not totally clear how to interpret the + * This code executes as part of processing the header. As a + * result, it's not totally clear how to interpret the * response code yet as that depends on what other headers may - * be present. 401 and 407 may be errors, but may be OK - * depending on how authentication is working. Other codes + * be present. 401 and 407 may be errors, but may be OK + * depending on how authentication is working. Other codes * are definitely errors, so give up here. */ if(data->state.resume_from && data->state.httpreq == HTTPREQ_GET && @@ -3232,16 +3866,25 @@ CURLcode Curl_http_statusline(struct Curl_easy *data, k->ignorebody = TRUE; /* Avoid appending error msg to good data. */ } - if(k->httpversion == 10) { + if(conn->httpversion == 10) { /* Default action for HTTP/1.0 must be to close, unless we get one of those fancy headers that tell us the server keeps it open for us! */ infof(data, "HTTP 1.0, assume close after body"); connclose(conn, "HTTP/1.0 close after body"); } - else if(k->httpversion == 20 || + else if(conn->httpversion == 20 || (k->upgr101 == UPGR101_H2 && k->httpcode == 101)) { DEBUGF(infof(data, "HTTP/2 found, allow multiplexing")); + /* HTTP/2 cannot avoid multiplexing since it is a core functionality + of the protocol */ + conn->bundle->multiuse = BUNDLE_MULTIPLEX; + } + else if(conn->httpversion >= 11 && + !conn->bits.close) { + /* If HTTP version is >= 1.1 and connection is persistent */ + DEBUGF(infof(data, + "HTTP 1.1 or later with persistent connection")); } k->http_bodyless = k->httpcode >= 100 && k->httpcode < 200; @@ -3253,7 +3896,7 @@ CURLcode Curl_http_statusline(struct Curl_easy *data, * fields. */ if(data->set.timecondition) data->info.timecond = TRUE; - FALLTHROUGH(); + /* FALLTHROUGH */ case 204: /* (quote from RFC2616, section 10.2.5): The server has * fulfilled the request but does not need to return an @@ -3271,7 +3914,7 @@ CURLcode Curl_http_statusline(struct Curl_easy *data, } /* Content-Length must be ignored if any Transfer-Encoding is present in the - response. Refer to RFC 7230 section 3.3.3 and RFC2616 section 4.4. This is + response. Refer to RFC 7230 section 3.3.3 and RFC2616 section 4.4. This is figured out here after all headers have been received but before the final call to the user's header callback, so that a valid content length can be retrieved by the user in the final call. */ @@ -3283,24 +3926,22 @@ CURLcode Curl_http_size(struct Curl_easy *data) } else if(k->size != -1) { if(data->set.max_filesize && - !k->ignorebody && - (k->size > data->set.max_filesize)) { + k->size > data->set.max_filesize) { failf(data, "Maximum file size exceeded"); return CURLE_FILESIZE_EXCEEDED; } - if(k->ignorebody) - infof(data, "setting size while ignoring"); Curl_pgrsSetDownloadSize(data, k->size); k->maxdownload = k->size; } return CURLE_OK; } -static CURLcode verify_header(struct Curl_easy *data, - const char *hd, size_t hdlen) +static CURLcode verify_header(struct Curl_easy *data) { struct SingleRequest *k = &data->req; - char *ptr = memchr(hd, 0x00, hdlen); + const char *header = Curl_dyn_ptr(&data->state.headerb); + size_t hlen = Curl_dyn_len(&data->state.headerb); + char *ptr = memchr(header, 0x00, hlen); if(ptr) { /* this is bad, bail out */ failf(data, "Nul byte in header"); @@ -3309,11 +3950,11 @@ static CURLcode verify_header(struct Curl_easy *data, if(k->headerline < 2) /* the first "header" is the status-line and it has no colon */ return CURLE_OK; - if(((hd[0] == ' ') || (hd[0] == '\t')) && k->headerline > 2) - /* line folding, cannot happen on line 2 */ + if(((header[0] == ' ') || (header[0] == '\t')) && k->headerline > 2) + /* line folding, can't happen on line 2 */ ; else { - ptr = memchr(hd, ':', hdlen); + ptr = memchr(header, ':', hlen); if(!ptr) { /* this is bad, bail out */ failf(data, "Header without colon"); @@ -3350,686 +3991,596 @@ CURLcode Curl_bump_headersize(struct Curl_easy *data, return CURLE_OK; } -static CURLcode http_write_header(struct Curl_easy *data, - const char *hd, size_t hdlen) + +/* + * Read any HTTP header lines from the server and pass them to the client app. + */ +CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, + struct connectdata *conn, + const char *buf, size_t blen, + size_t *pconsumed) { CURLcode result; - int writetype; - - /* now, only output this if the header AND body are requested: - */ - Curl_debug(data, CURLINFO_HEADER_IN, (char *)hd, hdlen); - - writetype = CLIENTWRITE_HEADER | - ((data->req.httpcode/100 == 1) ? CLIENTWRITE_1XX : 0); - - result = Curl_client_write(data, writetype, hd, hdlen); - if(result) - return result; + struct SingleRequest *k = &data->req; + char *headp; + char *end_ptr; - result = Curl_bump_headersize(data, hdlen, FALSE); - if(result) - return result; + /* header line within buffer loop */ + *pconsumed = 0; + do { + size_t line_length; + int writetype; - data->req.deductheadercount = (100 <= data->req.httpcode && - 199 >= data->req.httpcode)? - data->req.headerbytecount:0; - return result; -} + /* data is in network encoding so use 0x0a instead of '\n' */ + end_ptr = memchr(buf, 0x0a, blen); -static CURLcode http_on_response(struct Curl_easy *data, - const char *last_hd, size_t last_hd_len, - const char *buf, size_t blen, - size_t *pconsumed) -{ - struct connectdata *conn = data->conn; - CURLcode result = CURLE_OK; - struct SingleRequest *k = &data->req; + if(!end_ptr) { + /* Not a complete header line within buffer, append the data to + the end of the headerbuff. */ + result = Curl_dyn_addn(&data->state.headerb, buf, blen); + if(result) + return result; + *pconsumed += blen; - (void)buf; /* not used without HTTP2 enabled */ - *pconsumed = 0; + if(!k->headerline) { + /* check if this looks like a protocol header */ + statusline st = + checkprotoprefix(data, conn, + Curl_dyn_ptr(&data->state.headerb), + Curl_dyn_len(&data->state.headerb)); - if(k->upgr101 == UPGR101_RECEIVED) { - /* supposedly upgraded to http2 now */ - if(conn->httpversion != 20) - infof(data, "Lying server, not serving HTTP/2"); - } + if(st == STATUS_BAD) { + /* this is not the beginning of a protocol first header line */ + k->header = FALSE; + k->badheader = TRUE; + streamclose(conn, "bad HTTP: No end-of-message indicator"); + if(!data->set.http09_allowed) { + failf(data, "Received HTTP/0.9 when not allowed"); + return CURLE_UNSUPPORTED_PROTOCOL; + } + goto out; + } + } + goto out; /* read more and try again */ + } - if(k->httpcode < 200 && last_hd) { - /* Intermediate responses might trigger processing of more - * responses, write the last header to the client before - * proceeding. */ - result = http_write_header(data, last_hd, last_hd_len); - last_hd = NULL; /* handled it */ + /* decrease the size of the remaining (supposed) header line */ + line_length = (end_ptr - buf) + 1; + result = Curl_dyn_addn(&data->state.headerb, buf, line_length); if(result) - goto out; - } + return result; - if(k->httpcode < 100) { - failf(data, "Unsupported response code in HTTP response"); - result = CURLE_UNSUPPORTED_PROTOCOL; - goto out; - } - else if(k->httpcode < 200) { - /* "A user agent MAY ignore unexpected 1xx status responses." - * By default, we expect to get more responses after this one. */ - k->header = TRUE; - k->headerline = 0; /* restart the header line counter */ + blen -= line_length; + buf += line_length; + *pconsumed += line_length; - switch(k->httpcode) { - case 100: - /* - * We have made an HTTP PUT or POST and this is 1.1-lingo - * that tells us that the server is OK with this and ready - * to receive the data. - */ - Curl_http_exp100_got100(data); - break; - case 101: - /* Switching Protocols only allowed from HTTP/1.1 */ + /**** + * We now have a FULL header line in 'headerb'. + *****/ - if(conn->httpversion != 11) { - /* invalid for other HTTP versions */ - failf(data, "unexpected 101 response code"); - result = CURLE_WEIRD_SERVER_REPLY; - goto out; - } - if(k->upgr101 == UPGR101_H2) { - /* Switching to HTTP/2, where we will get more responses */ - infof(data, "Received 101, Switching to HTTP/2"); - k->upgr101 = UPGR101_RECEIVED; - data->conn->bits.asks_multiplex = FALSE; - /* We expect more response from HTTP/2 later */ - k->header = TRUE; - k->headerline = 0; /* restart the header line counter */ - /* Any remaining `buf` bytes are already HTTP/2 and passed to - * be processed. */ - result = Curl_http2_upgrade(data, conn, FIRSTSOCKET, buf, blen); - if(result) - goto out; - *pconsumed += blen; + if(!k->headerline) { + /* the first read header */ + statusline st = checkprotoprefix(data, conn, + Curl_dyn_ptr(&data->state.headerb), + Curl_dyn_len(&data->state.headerb)); + if(st == STATUS_BAD) { + streamclose(conn, "bad HTTP: No end-of-message indicator"); + /* this is not the beginning of a protocol first header line */ + if(!data->set.http09_allowed) { + failf(data, "Received HTTP/0.9 when not allowed"); + return CURLE_UNSUPPORTED_PROTOCOL; + } + k->header = FALSE; + if(blen) + /* since there's more, this is a partial bad header */ + k->badheader = TRUE; + else { + /* this was all we read so it's all a bad header */ + k->badheader = TRUE; + return CURLE_OK; + } + break; } + } + + /* headers are in network encoding so use 0x0a and 0x0d instead of '\n' + and '\r' */ + headp = Curl_dyn_ptr(&data->state.headerb); + if((0x0a == *headp) || (0x0d == *headp)) { + size_t headerlen; + /* Zero-length header line means end of headers! */ + + if('\r' == *headp) + headp++; /* pass the \r byte */ + if('\n' == *headp) + headp++; /* pass the \n byte */ + + if(100 <= k->httpcode && 199 >= k->httpcode) { + /* "A user agent MAY ignore unexpected 1xx status responses." */ + switch(k->httpcode) { + case 100: + /* + * We have made an HTTP PUT or POST and this is 1.1-lingo + * that tells us that the server is OK with this and ready + * to receive the data. + * However, we'll get more headers now so we must get + * back into the header-parsing state! + */ + k->header = TRUE; + k->headerline = 0; /* restart the header line counter */ + + /* if we did wait for this do enable write now! */ + if(k->exp100 > EXP100_SEND_DATA) { + k->exp100 = EXP100_SEND_DATA; + k->keepon |= KEEP_SEND; + Curl_expire_done(data, EXPIRE_100_TIMEOUT); + } + break; + case 101: + /* Switching Protocols */ + if(k->upgr101 == UPGR101_H2) { + /* Switching to HTTP/2 */ + DEBUGASSERT(conn->httpversion < 20); + infof(data, "Received 101, Switching to HTTP/2"); + k->upgr101 = UPGR101_RECEIVED; + + /* we'll get more headers (HTTP/2 response) */ + k->header = TRUE; + k->headerline = 0; /* restart the header line counter */ + + /* switch to http2 now. The bytes after response headers + are also processed here, otherwise they are lost. */ + result = Curl_http2_upgrade(data, conn, FIRSTSOCKET, buf, blen); + if(result) + return result; + *pconsumed += blen; + blen = 0; + } #ifdef USE_WEBSOCKETS - else if(k->upgr101 == UPGR101_WS) { - /* verify the response. Any passed `buf` bytes are already in - * WebSockets format and taken in by the protocol handler. */ - result = Curl_ws_accept(data, buf, blen); - if(result) - goto out; - *pconsumed += blen; /* ws accept handled the data */ - k->header = FALSE; /* we will not get more responses */ - if(data->set.connect_only) - k->keepon &= ~KEEP_RECV; /* read no more content */ - } + else if(k->upgr101 == UPGR101_WS) { + /* verify the response */ + result = Curl_ws_accept(data, buf, blen); + if(result) + return result; + k->header = FALSE; /* no more header to parse! */ + if(data->set.connect_only) { + k->keepon &= ~KEEP_RECV; /* read no more content */ + *pconsumed += blen; + blen = 0; + } + } #endif + else { + /* Not switching to another protocol */ + k->header = FALSE; /* no more header to parse! */ + } + break; + default: + /* the status code 1xx indicates a provisional response, so + we'll get another set of headers */ + k->header = TRUE; + k->headerline = 0; /* restart the header line counter */ + break; + } + } else { - /* We silently accept this as the final response. - * TODO: this looks, uhm, wrong. What are we switching to if we - * did not ask for an Upgrade? Maybe the application provided an - * `Upgrade: xxx` header? */ - k->header = FALSE; + if(k->upgr101 == UPGR101_H2) { + /* A requested upgrade was denied, poke the multi handle to possibly + allow a pending pipewait to continue */ + Curl_multi_connchanged(data->multi); + } + k->header = FALSE; /* no more header to parse! */ + + if((k->size == -1) && !k->chunk && !conn->bits.close && + (conn->httpversion == 11) && + !(conn->handler->protocol & CURLPROTO_RTSP) && + data->state.httpreq != HTTPREQ_HEAD) { + /* On HTTP 1.1, when connection is not to get closed, but no + Content-Length nor Transfer-Encoding chunked have been + received, according to RFC2616 section 4.4 point 5, we + assume that the server will close the connection to + signal the end of the document. */ + infof(data, "no chunk, no close, no size. Assume close to " + "signal end"); + streamclose(conn, "HTTP: No end-of-message indicator"); + } } - break; - default: - /* The server may send us other 1xx responses, like informative - * 103. This have no influence on request processing and we expect - * to receive a final response eventually. */ - break; - } - goto out; - } - /* k->httpcode >= 200, final response */ - k->header = FALSE; - - if(k->upgr101 == UPGR101_H2) { - /* A requested upgrade was denied, poke the multi handle to possibly - allow a pending pipewait to continue */ - data->conn->bits.asks_multiplex = FALSE; - Curl_multi_connchanged(data->multi); - } - - if((k->size == -1) && !k->chunk && !conn->bits.close && - (conn->httpversion == 11) && - !(conn->handler->protocol & CURLPROTO_RTSP) && - data->state.httpreq != HTTPREQ_HEAD) { - /* On HTTP 1.1, when connection is not to get closed, but no - Content-Length nor Transfer-Encoding chunked have been - received, according to RFC2616 section 4.4 point 5, we - assume that the server will close the connection to - signal the end of the document. */ - infof(data, "no chunk, no close, no size. Assume close to " - "signal end"); - streamclose(conn, "HTTP: No end-of-message indicator"); - } + if(!k->header) { + result = Curl_http_size(data); + if(result) + return result; + } - /* At this point we have some idea about the fate of the connection. - If we are closing the connection it may result auth failure. */ + /* At this point we have some idea about the fate of the connection. + If we are closing the connection it may result auth failure. */ #if defined(USE_NTLM) - if(conn->bits.close && - (((data->req.httpcode == 401) && - (conn->http_ntlm_state == NTLMSTATE_TYPE2)) || - ((data->req.httpcode == 407) && - (conn->proxy_ntlm_state == NTLMSTATE_TYPE2)))) { - infof(data, "Connection closure while negotiating auth (HTTP 1.0?)"); - data->state.authproblem = TRUE; - } + if(conn->bits.close && + (((data->req.httpcode == 401) && + (conn->http_ntlm_state == NTLMSTATE_TYPE2)) || + ((data->req.httpcode == 407) && + (conn->proxy_ntlm_state == NTLMSTATE_TYPE2)))) { + infof(data, "Connection closure while negotiating auth (HTTP 1.0?)"); + data->state.authproblem = TRUE; + } #endif #if defined(USE_SPNEGO) - if(conn->bits.close && - (((data->req.httpcode == 401) && - (conn->http_negotiate_state == GSS_AUTHRECV)) || - ((data->req.httpcode == 407) && - (conn->proxy_negotiate_state == GSS_AUTHRECV)))) { - infof(data, "Connection closure while negotiating auth (HTTP 1.0?)"); - data->state.authproblem = TRUE; - } - if((conn->http_negotiate_state == GSS_AUTHDONE) && - (data->req.httpcode != 401)) { - conn->http_negotiate_state = GSS_AUTHSUCC; - } - if((conn->proxy_negotiate_state == GSS_AUTHDONE) && - (data->req.httpcode != 407)) { - conn->proxy_negotiate_state = GSS_AUTHSUCC; - } + if(conn->bits.close && + (((data->req.httpcode == 401) && + (conn->http_negotiate_state == GSS_AUTHRECV)) || + ((data->req.httpcode == 407) && + (conn->proxy_negotiate_state == GSS_AUTHRECV)))) { + infof(data, "Connection closure while negotiating auth (HTTP 1.0?)"); + data->state.authproblem = TRUE; + } + if((conn->http_negotiate_state == GSS_AUTHDONE) && + (data->req.httpcode != 401)) { + conn->http_negotiate_state = GSS_AUTHSUCC; + } + if((conn->proxy_negotiate_state == GSS_AUTHDONE) && + (data->req.httpcode != 407)) { + conn->proxy_negotiate_state = GSS_AUTHSUCC; + } #endif -#ifdef USE_WEBSOCKETS - /* All >=200 HTTP status codes are errors when wanting WebSockets */ - if(data->req.upgr101 == UPGR101_WS) { - failf(data, "Refused WebSockets upgrade: %d", k->httpcode); - result = CURLE_HTTP_RETURNED_ERROR; - goto out; - } -#endif + /* now, only output this if the header AND body are requested: + */ + writetype = CLIENTWRITE_HEADER | + ((k->httpcode/100 == 1) ? CLIENTWRITE_1XX : 0); - /* Check if this response means the transfer errored. */ - if(http_should_fail(data, data->req.httpcode)) { - failf(data, "The requested URL returned error: %d", - k->httpcode); - result = CURLE_HTTP_RETURNED_ERROR; - goto out; - } + headerlen = Curl_dyn_len(&data->state.headerb); + result = Curl_client_write(data, writetype, + Curl_dyn_ptr(&data->state.headerb), + headerlen); + if(result) + return result; - /* Curl_http_auth_act() checks what authentication methods - * that are available and decides which one (if any) to - * use. It will set 'newurl' if an auth method was picked. */ - result = Curl_http_auth_act(data); - if(result) - goto out; + result = Curl_bump_headersize(data, headerlen, FALSE); + if(result) + return result; - if(k->httpcode >= 300) { - if((!data->req.authneg) && !conn->bits.close && - !Curl_creader_will_rewind(data)) { /* - * General treatment of errors when about to send data. Including : - * "417 Expectation Failed", while waiting for 100-continue. - * - * The check for close above is done simply because of something - * else has already deemed the connection to get closed then - * something else should've considered the big picture and we - * avoid this check. - * + * When all the headers have been parsed, see if we should give + * up and return an error. */ + if(http_should_fail(data)) { + failf(data, "The requested URL returned error: %d", + k->httpcode); + return CURLE_HTTP_RETURNED_ERROR; + } - switch(data->state.httpreq) { - case HTTPREQ_PUT: - case HTTPREQ_POST: - case HTTPREQ_POST_FORM: - case HTTPREQ_POST_MIME: - /* We got an error response. If this happened before the whole - * request body has been sent we stop sending and mark the - * connection for closure after we have read the entire response. - */ - if(!Curl_req_done_sending(data)) { - if((k->httpcode == 417) && Curl_http_exp100_is_selected(data)) { - /* 417 Expectation Failed - try again without the Expect - header */ - if(!k->writebytecount && http_exp100_is_waiting(data)) { - infof(data, "Got HTTP failure 417 while waiting for a 100"); - } - else { - infof(data, "Got HTTP failure 417 while sending data"); - streamclose(conn, - "Stop sending data before everything sent"); - result = http_perhapsrewind(data, conn); - if(result) - goto out; - } - data->state.disableexpect = TRUE; - DEBUGASSERT(!data->req.newurl); - data->req.newurl = strdup(data->state.url); - Curl_req_abort_sending(data); - } - else if(data->set.http_keep_sending_on_error) { - infof(data, "HTTP error before end of send, keep sending"); - http_exp100_send_anyway(data); - } - else { - infof(data, "HTTP error before end of send, stop sending"); - streamclose(conn, "Stop sending data before everything sent"); - result = Curl_req_abort_sending(data); - if(result) - goto out; - } - } - break; - - default: /* default label present to avoid compiler warnings */ - break; +#ifdef USE_WEBSOCKETS + /* All non-101 HTTP status codes are bad when wanting to upgrade to + websockets */ + if(data->req.upgr101 == UPGR101_WS) { + failf(data, "Refused WebSockets upgrade: %d", k->httpcode); + return CURLE_HTTP_RETURNED_ERROR; } - } +#endif - if(Curl_creader_will_rewind(data) && !Curl_req_done_sending(data)) { - /* We rewind before next send, continue sending now */ - infof(data, "Keep sending data to get tossed away"); - k->keepon |= KEEP_SEND; - } - } + data->req.deductheadercount = + (100 <= k->httpcode && 199 >= k->httpcode)?data->req.headerbytecount:0; - /* If we requested a "no body", this is a good time to get - * out and return home. - */ - if(data->req.no_body) - k->download_done = TRUE; - - /* If max download size is *zero* (nothing) we already have - nothing and can safely return ok now! But for HTTP/2, we would - like to call http2_handle_stream_close to properly close a - stream. In order to do this, we keep reading until we - close the stream. */ - if(0 == k->maxdownload - && !Curl_conn_is_http2(data, conn, FIRSTSOCKET) - && !Curl_conn_is_http3(data, conn, FIRSTSOCKET)) - k->download_done = TRUE; - - /* final response without error, prepare to receive the body */ - result = Curl_http_firstwrite(data); + /* Curl_http_auth_act() checks what authentication methods + * that are available and decides which one (if any) to + * use. It will set 'newurl' if an auth method was picked. */ + result = Curl_http_auth_act(data); - if(!result) - /* This is the last response that we get for the current request. - * Check on the body size and determine if the response is complete. - */ - result = Curl_http_size(data); + if(result) + return result; -out: - if(last_hd) { - /* if not written yet, write it now */ - CURLcode r2 = http_write_header(data, last_hd, last_hd_len); - if(!result) - result = r2; - } - return result; -} + if(k->httpcode >= 300) { + if((!conn->bits.authneg) && !conn->bits.close && + !data->state.rewindbeforesend) { + /* + * General treatment of errors when about to send data. Including : + * "417 Expectation Failed", while waiting for 100-continue. + * + * The check for close above is done simply because of something + * else has already deemed the connection to get closed then + * something else should've considered the big picture and we + * avoid this check. + * + * rewindbeforesend indicates that something has told libcurl to + * continue sending even if it gets discarded + */ + + switch(data->state.httpreq) { + case HTTPREQ_PUT: + case HTTPREQ_POST: + case HTTPREQ_POST_FORM: + case HTTPREQ_POST_MIME: + /* We got an error response. If this happened before the whole + * request body has been sent we stop sending and mark the + * connection for closure after we've read the entire response. + */ + Curl_expire_done(data, EXPIRE_100_TIMEOUT); + if(!k->upload_done) { + if((k->httpcode == 417) && data->state.expect100header) { + /* 417 Expectation Failed - try again without the Expect + header */ + if(!k->writebytecount && + k->exp100 == EXP100_AWAITING_CONTINUE) { + infof(data, "Got HTTP failure 417 while waiting for a 100"); + } + else { + infof(data, "Got HTTP failure 417 while sending data"); + streamclose(conn, + "Stop sending data before everything sent"); + result = http_perhapsrewind(data, conn); + if(result) + return result; + } + data->state.disableexpect = TRUE; + DEBUGASSERT(!data->req.newurl); + data->req.newurl = strdup(data->state.url); + Curl_done_sending(data, k); + } + else if(data->set.http_keep_sending_on_error) { + infof(data, "HTTP error before end of send, keep sending"); + if(k->exp100 > EXP100_SEND_DATA) { + k->exp100 = EXP100_SEND_DATA; + k->keepon |= KEEP_SEND; + } + } + else { + infof(data, "HTTP error before end of send, stop sending"); + streamclose(conn, "Stop sending data before everything sent"); + result = Curl_done_sending(data, k); + if(result) + return result; + k->upload_done = TRUE; + if(data->state.expect100header) + k->exp100 = EXP100_FAILED; + } + } + break; -static CURLcode http_rw_hd(struct Curl_easy *data, - const char *hd, size_t hdlen, - const char *buf_remain, size_t blen, - size_t *pconsumed) -{ - CURLcode result = CURLE_OK; - struct SingleRequest *k = &data->req; - int writetype; + default: /* default label present to avoid compiler warnings */ + break; + } + } - *pconsumed = 0; - if((0x0a == *hd) || (0x0d == *hd)) { - /* Empty header line means end of headers! */ - struct dynbuf last_header; - size_t consumed; + if(data->state.rewindbeforesend && + (conn->writesockfd != CURL_SOCKET_BAD)) { + /* We rewind before next send, continue sending now */ + infof(data, "Keep sending data to get tossed away"); + k->keepon |= KEEP_SEND; + } + } - Curl_dyn_init(&last_header, hdlen + 1); - result = Curl_dyn_addn(&last_header, hd, hdlen); - if(result) - return result; + if(!k->header) { + /* + * really end-of-headers. + * + * If we requested a "no body", this is a good time to get + * out and return home. + */ + if(data->req.no_body) + k->download_done = TRUE; +#ifndef CURL_DISABLE_RTSP + else if((conn->handler->protocol & CURLPROTO_RTSP) && + (data->set.rtspreq == RTSPREQ_DESCRIBE) && + (k->size <= -1)) + /* Respect section 4.4 of rfc2326: If the Content-Length header is + absent, a length 0 must be assumed. It will prevent libcurl from + hanging on DESCRIBE request that got refused for whatever + reason */ + k->download_done = TRUE; +#endif - /* analyze the response to find out what to do. */ - /* Caveat: we clear anything in the header brigade, because a - * response might switch HTTP version which may call use recursively. - * Not nice, but that is currently the way of things. */ - Curl_dyn_reset(&data->state.headerb); - result = http_on_response(data, Curl_dyn_ptr(&last_header), - Curl_dyn_len(&last_header), - buf_remain, blen, &consumed); - *pconsumed += consumed; - Curl_dyn_free(&last_header); - return result; - } + /* If max download size is *zero* (nothing) we already have + nothing and can safely return ok now! But for HTTP/2, we'd + like to call http2_handle_stream_close to properly close a + stream. In order to do this, we keep reading until we + close the stream. */ + if(0 == k->maxdownload + && !Curl_conn_is_http2(data, conn, FIRSTSOCKET) + && !Curl_conn_is_http3(data, conn, FIRSTSOCKET)) + k->download_done = TRUE; + + Curl_debug(data, CURLINFO_HEADER_IN, + Curl_dyn_ptr(&data->state.headerb), + Curl_dyn_len(&data->state.headerb)); + goto out; /* exit header line loop */ + } - /* - * Checks for special headers coming up. - */ + /* We continue reading headers, reset the line-based header */ + Curl_dyn_reset(&data->state.headerb); + continue; + } - writetype = CLIENTWRITE_HEADER; - if(!k->headerline++) { - /* This is the first header, it MUST be the error code line - or else we consider this to be the body right away! */ - bool fine_statusline = FALSE; + /* + * Checks for special headers coming up. + */ - k->httpversion = 0; /* Do not know yet */ - if(data->conn->handler->protocol & PROTO_FAMILY_HTTP) { - /* - * https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2 - * - * The response code is always a three-digit number in HTTP as the spec - * says. We allow any three-digit number here, but we cannot make - * guarantees on future behaviors since it is not within the protocol. - */ - const char *p = hd; - - while(*p && ISBLANK(*p)) - p++; - if(!strncmp(p, "HTTP/", 5)) { - p += 5; - switch(*p) { - case '1': + writetype = CLIENTWRITE_HEADER; + if(!k->headerline++) { + /* This is the first header, it MUST be the error code line + or else we consider this to be the body right away! */ + bool fine_statusline = FALSE; + if(conn->handler->protocol & PROTO_FAMILY_HTTP) { + /* + * https://datatracker.ietf.org/doc/html/rfc7230#section-3.1.2 + * + * The response code is always a three-digit number in HTTP as the spec + * says. We allow any three-digit number here, but we cannot make + * guarantees on future behaviors since it isn't within the protocol. + */ + int httpversion = 0; + char *p = headp; + + while(*p && ISBLANK(*p)) p++; - if((p[0] == '.') && (p[1] == '0' || p[1] == '1')) { - if(ISBLANK(p[2])) { - k->httpversion = 10 + (p[1] - '0'); - p += 3; - if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) { - k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 + - (p[2] - '0'); + if(!strncmp(p, "HTTP/", 5)) { + p += 5; + switch(*p) { + case '1': + p++; + if((p[0] == '.') && (p[1] == '0' || p[1] == '1')) { + if(ISBLANK(p[2])) { + httpversion = 10 + (p[1] - '0'); p += 3; - if(ISSPACE(*p)) - fine_statusline = TRUE; + if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) { + k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 + + (p[2] - '0'); + p += 3; + if(ISSPACE(*p)) + fine_statusline = TRUE; + } } } + if(!fine_statusline) { + failf(data, "Unsupported HTTP/1 subversion in response"); + return CURLE_UNSUPPORTED_PROTOCOL; + } + break; + case '2': + case '3': + if(!ISBLANK(p[1])) + break; + httpversion = (*p - '0') * 10; + p += 2; + if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) { + k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 + + (p[2] - '0'); + p += 3; + if(!ISSPACE(*p)) + break; + fine_statusline = TRUE; + } + break; + default: /* unsupported */ + failf(data, "Unsupported HTTP version in response"); + return CURLE_UNSUPPORTED_PROTOCOL; } - if(!fine_statusline) { - failf(data, "Unsupported HTTP/1 subversion in response"); + } + + if(fine_statusline) { + if(k->httpcode < 100) { + failf(data, "Unsupported response code in HTTP response"); return CURLE_UNSUPPORTED_PROTOCOL; } - break; - case '2': - case '3': - if(!ISBLANK(p[1])) + switch(httpversion) { + case 10: + case 11: +#ifdef USE_HTTP2 + case 20: +#endif +#ifdef ENABLE_QUIC + case 30: +#endif + conn->httpversion = (unsigned char)httpversion; break; - k->httpversion = (*p - '0') * 10; - p += 2; - if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) { - k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 + - (p[2] - '0'); - p += 3; - if(!ISSPACE(*p)) - break; - fine_statusline = TRUE; + default: + failf(data, "Unsupported HTTP version (%u.%d) in response", + httpversion/10, httpversion%10); + return CURLE_UNSUPPORTED_PROTOCOL; } - break; - default: /* unsupported */ - failf(data, "Unsupported HTTP version in response"); - return CURLE_UNSUPPORTED_PROTOCOL; - } - } - if(!fine_statusline) { - /* If user has set option HTTP200ALIASES, - compare header line against list of aliases - */ - statusline check = checkhttpprefix(data, hd, hdlen); - if(check == STATUS_DONE) { - fine_statusline = TRUE; - k->httpcode = 200; - k->httpversion = 10; + if(k->upgr101 == UPGR101_RECEIVED) { + /* supposedly upgraded to http2 now */ + if(conn->httpversion != 20) + infof(data, "Lying server, not serving HTTP/2"); + } + if(conn->httpversion < 20) { + conn->bundle->multiuse = BUNDLE_NO_MULTIUSE; + } + } + else { + /* If user has set option HTTP200ALIASES, + compare header line against list of aliases + */ + statusline check = + checkhttpprefix(data, + Curl_dyn_ptr(&data->state.headerb), + Curl_dyn_len(&data->state.headerb)); + if(check == STATUS_DONE) { + fine_statusline = TRUE; + k->httpcode = 200; + conn->httpversion = 10; + } } } - } - else if(data->conn->handler->protocol & CURLPROTO_RTSP) { - const char *p = hd; - while(*p && ISBLANK(*p)) - p++; - if(!strncmp(p, "RTSP/", 5)) { - p += 5; - if(ISDIGIT(*p)) { + else if(conn->handler->protocol & CURLPROTO_RTSP) { + char *p = headp; + while(*p && ISBLANK(*p)) p++; - if((p[0] == '.') && ISDIGIT(p[1])) { - if(ISBLANK(p[2])) { - p += 3; - if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) { - k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 + - (p[2] - '0'); + if(!strncmp(p, "RTSP/", 5)) { + p += 5; + if(ISDIGIT(*p)) { + p++; + if((p[0] == '.') && ISDIGIT(p[1])) { + if(ISBLANK(p[2])) { p += 3; - if(ISSPACE(*p)) { - fine_statusline = TRUE; - k->httpversion = 11; /* RTSP acts like HTTP 1.1 */ + if(ISDIGIT(p[0]) && ISDIGIT(p[1]) && ISDIGIT(p[2])) { + k->httpcode = (p[0] - '0') * 100 + (p[1] - '0') * 10 + + (p[2] - '0'); + p += 3; + if(ISSPACE(*p)) { + fine_statusline = TRUE; + conn->httpversion = 11; /* RTSP acts like HTTP 1.1 */ + } } } } } + if(!fine_statusline) + return CURLE_WEIRD_SERVER_REPLY; } - if(!fine_statusline) - return CURLE_WEIRD_SERVER_REPLY; } - } - if(fine_statusline) { - result = Curl_http_statusline(data, data->conn); - if(result) - return result; - writetype |= CLIENTWRITE_STATUS; - } - else { - k->header = FALSE; /* this is not a header line */ - return CURLE_WEIRD_SERVER_REPLY; + if(fine_statusline) { + result = Curl_http_statusline(data, conn); + if(result) + return result; + writetype |= CLIENTWRITE_STATUS; + } + else { + k->header = FALSE; /* this is not a header line */ + break; + } } - } - - result = verify_header(data, hd, hdlen); - if(result) - return result; - - result = Curl_http_header(data, hd, hdlen); - if(result) - return result; - - /* - * Taken in one (more) header. Write it to the client. - */ - Curl_debug(data, CURLINFO_HEADER_IN, (char *)hd, hdlen); - if(k->httpcode/100 == 1) - writetype |= CLIENTWRITE_1XX; - result = Curl_client_write(data, writetype, hd, hdlen); - if(result) - return result; - - result = Curl_bump_headersize(data, hdlen, FALSE); - if(result) - return result; - - return CURLE_OK; -} - -/* - * Read any HTTP header lines from the server and pass them to the client app. - */ -static CURLcode http_parse_headers(struct Curl_easy *data, - const char *buf, size_t blen, - size_t *pconsumed) -{ - struct connectdata *conn = data->conn; - CURLcode result = CURLE_OK; - struct SingleRequest *k = &data->req; - char *end_ptr; - bool leftover_body = FALSE; - - /* header line within buffer loop */ - *pconsumed = 0; - while(blen && k->header) { - size_t consumed; + result = verify_header(data); + if(result) + return result; - end_ptr = memchr(buf, '\n', blen); - if(!end_ptr) { - /* Not a complete header line within buffer, append the data to - the end of the headerbuff. */ - result = Curl_dyn_addn(&data->state.headerb, buf, blen); - if(result) - return result; - *pconsumed += blen; + result = Curl_http_header(data, conn, headp); + if(result) + return result; - if(!k->headerline) { - /* check if this looks like a protocol header */ - statusline st = - checkprotoprefix(data, conn, - Curl_dyn_ptr(&data->state.headerb), - Curl_dyn_len(&data->state.headerb)); + /* + * End of header-checks. Write them to the client. + */ + if(k->httpcode/100 == 1) + writetype |= CLIENTWRITE_1XX; - if(st == STATUS_BAD) { - /* this is not the beginning of a protocol first header line */ - k->header = FALSE; - streamclose(conn, "bad HTTP: No end-of-message indicator"); - if(conn->httpversion >= 10) { - failf(data, "Invalid status line"); - return CURLE_WEIRD_SERVER_REPLY; - } - if(!data->set.http09_allowed) { - failf(data, "Received HTTP/0.9 when not allowed"); - return CURLE_UNSUPPORTED_PROTOCOL; - } - leftover_body = TRUE; - goto out; - } - } - goto out; /* read more and try again */ - } + Curl_debug(data, CURLINFO_HEADER_IN, headp, + Curl_dyn_len(&data->state.headerb)); - /* decrease the size of the remaining (supposed) header line */ - consumed = (end_ptr - buf) + 1; - result = Curl_dyn_addn(&data->state.headerb, buf, consumed); + result = Curl_client_write(data, writetype, headp, + Curl_dyn_len(&data->state.headerb)); if(result) return result; - blen -= consumed; - buf += consumed; - *pconsumed += consumed; - /**** - * We now have a FULL header line in 'headerb'. - *****/ - - if(!k->headerline) { - /* the first read header */ - statusline st = checkprotoprefix(data, conn, - Curl_dyn_ptr(&data->state.headerb), - Curl_dyn_len(&data->state.headerb)); - if(st == STATUS_BAD) { - streamclose(conn, "bad HTTP: No end-of-message indicator"); - /* this is not the beginning of a protocol first header line */ - if(conn->httpversion >= 10) { - failf(data, "Invalid status line"); - return CURLE_WEIRD_SERVER_REPLY; - } - if(!data->set.http09_allowed) { - failf(data, "Received HTTP/0.9 when not allowed"); - return CURLE_UNSUPPORTED_PROTOCOL; - } - k->header = FALSE; - leftover_body = TRUE; - goto out; - } - } - - result = http_rw_hd(data, Curl_dyn_ptr(&data->state.headerb), - Curl_dyn_len(&data->state.headerb), - buf, blen, &consumed); - /* We are done with this line. We reset because response - * processing might switch to HTTP/2 and that might call us - * directly again. */ - Curl_dyn_reset(&data->state.headerb); - if(consumed) { - blen -= consumed; - buf += consumed; - *pconsumed += consumed; - } + result = Curl_bump_headersize(data, Curl_dyn_len(&data->state.headerb), + FALSE); if(result) return result; + + Curl_dyn_reset(&data->state.headerb); } + while(blen); /* We might have reached the end of the header part here, but there might be a non-header part left in the end of the read buffer. */ out: - if(!k->header && !leftover_body) { - Curl_dyn_free(&data->state.headerb); - } return CURLE_OK; } -CURLcode Curl_http_write_resp_hd(struct Curl_easy *data, - const char *hd, size_t hdlen, - bool is_eos) -{ - CURLcode result; - size_t consumed; - char tmp = 0; - - result = http_rw_hd(data, hd, hdlen, &tmp, 0, &consumed); - if(!result && is_eos) { - result = Curl_client_write(data, (CLIENTWRITE_BODY|CLIENTWRITE_EOS), - &tmp, 0); - } - return result; -} - -/* - * HTTP protocol `write_resp` implementation. Will parse headers - * when not done yet and otherwise return without consuming data. - */ -CURLcode Curl_http_write_resp_hds(struct Curl_easy *data, - const char *buf, size_t blen, - size_t *pconsumed) -{ - if(!data->req.header) { - *pconsumed = 0; - return CURLE_OK; - } - else { - CURLcode result; - - result = http_parse_headers(data, buf, blen, pconsumed); - if(!result && !data->req.header) { - if(!data->req.no_body && Curl_dyn_len(&data->state.headerb)) { - /* leftover from parsing something that turned out not - * to be a header, only happens if we allow for - * HTTP/0.9 like responses */ - result = Curl_client_write(data, CLIENTWRITE_BODY, - Curl_dyn_ptr(&data->state.headerb), - Curl_dyn_len(&data->state.headerb)); - } - Curl_dyn_free(&data->state.headerb); - } - return result; - } -} - -CURLcode Curl_http_write_resp(struct Curl_easy *data, - const char *buf, size_t blen, - bool is_eos) -{ - CURLcode result; - size_t consumed; - int flags; - - result = Curl_http_write_resp_hds(data, buf, blen, &consumed); - if(result || data->req.done) - goto out; - - DEBUGASSERT(consumed <= blen); - blen -= consumed; - buf += consumed; - /* either all was consumed in header parsing, or we have data left - * and are done with headers, e.g. it is BODY data */ - DEBUGASSERT(!blen || !data->req.header); - if(!data->req.header && (blen || is_eos)) { - /* BODY data after header been parsed, write and consume */ - flags = CLIENTWRITE_BODY; - if(is_eos) - flags |= CLIENTWRITE_EOS; - result = Curl_client_write(data, flags, (char *)buf, blen); - } -out: - return result; -} /* Decode HTTP status code string. */ CURLcode Curl_http_decode_status(int *pstatus, const char *s, size_t len) @@ -4066,7 +4617,7 @@ CURLcode Curl_http_req_make(struct httpreq **preq, CURLcode result = CURLE_OUT_OF_MEMORY; DEBUGASSERT(method); - if(m_len + 1 > sizeof(req->method)) + if(m_len + 1 >= sizeof(req->method)) return CURLE_BAD_FUNCTION_ARGUMENT; req = calloc(1, sizeof(*req)); @@ -4074,17 +4625,17 @@ CURLcode Curl_http_req_make(struct httpreq **preq, goto out; memcpy(req->method, method, m_len); if(scheme) { - req->scheme = Curl_memdup0(scheme, s_len); + req->scheme = Curl_strndup(scheme, s_len); if(!req->scheme) goto out; } if(authority) { - req->authority = Curl_memdup0(authority, a_len); + req->authority = Curl_strndup(authority, a_len); if(!req->authority) goto out; } if(path) { - req->path = Curl_memdup0(path, p_len); + req->path = Curl_strndup(path, p_len); if(!req->path) goto out; } @@ -4222,7 +4773,7 @@ CURLcode Curl_http_req_make2(struct httpreq **preq, CURLUcode uc; DEBUGASSERT(method); - if(m_len + 1 > sizeof(req->method)) + if(m_len + 1 >= sizeof(req->method)) return CURLE_BAD_FUNCTION_ARGUMENT; req = calloc(1, sizeof(*req)); @@ -4400,152 +4951,4 @@ void Curl_http_resp_free(struct http_resp *resp) } } -struct cr_exp100_ctx { - struct Curl_creader super; - struct curltime start; /* time started waiting */ - enum expect100 state; -}; - -/* Expect: 100-continue client reader, blocking uploads */ - -static void http_exp100_continue(struct Curl_easy *data, - struct Curl_creader *reader) -{ - struct cr_exp100_ctx *ctx = reader->ctx; - if(ctx->state > EXP100_SEND_DATA) { - ctx->state = EXP100_SEND_DATA; - data->req.keepon |= KEEP_SEND; - data->req.keepon &= ~KEEP_SEND_TIMED; - Curl_expire_done(data, EXPIRE_100_TIMEOUT); - } -} - -static CURLcode cr_exp100_read(struct Curl_easy *data, - struct Curl_creader *reader, - char *buf, size_t blen, - size_t *nread, bool *eos) -{ - struct cr_exp100_ctx *ctx = reader->ctx; - timediff_t ms; - - switch(ctx->state) { - case EXP100_SENDING_REQUEST: - if(!Curl_req_sendbuf_empty(data)) { - /* The initial request data has not been fully sent yet. Do - * not start the timer yet. */ - DEBUGF(infof(data, "cr_exp100_read, request not full sent yet")); - *nread = 0; - *eos = FALSE; - return CURLE_OK; - } - /* We are now waiting for a reply from the server or - * a timeout on our side IFF the request has been fully sent. */ - DEBUGF(infof(data, "cr_exp100_read, start AWAITING_CONTINUE, " - "timeout %ldms", data->set.expect_100_timeout)); - ctx->state = EXP100_AWAITING_CONTINUE; - ctx->start = Curl_now(); - Curl_expire(data, data->set.expect_100_timeout, EXPIRE_100_TIMEOUT); - data->req.keepon &= ~KEEP_SEND; - data->req.keepon |= KEEP_SEND_TIMED; - *nread = 0; - *eos = FALSE; - return CURLE_OK; - case EXP100_FAILED: - DEBUGF(infof(data, "cr_exp100_read, expectation failed, error")); - *nread = 0; - *eos = FALSE; - return CURLE_READ_ERROR; - case EXP100_AWAITING_CONTINUE: - ms = Curl_timediff(Curl_now(), ctx->start); - if(ms < data->set.expect_100_timeout) { - DEBUGF(infof(data, "cr_exp100_read, AWAITING_CONTINUE, not expired")); - data->req.keepon &= ~KEEP_SEND; - data->req.keepon |= KEEP_SEND_TIMED; - *nread = 0; - *eos = FALSE; - return CURLE_OK; - } - /* we have waited long enough, continue anyway */ - http_exp100_continue(data, reader); - infof(data, "Done waiting for 100-continue"); - FALLTHROUGH(); - default: - DEBUGF(infof(data, "cr_exp100_read, pass through")); - return Curl_creader_read(data, reader->next, buf, blen, nread, eos); - } -} - -static void cr_exp100_done(struct Curl_easy *data, - struct Curl_creader *reader, int premature) -{ - struct cr_exp100_ctx *ctx = reader->ctx; - ctx->state = premature? EXP100_FAILED : EXP100_SEND_DATA; - data->req.keepon &= ~KEEP_SEND_TIMED; - Curl_expire_done(data, EXPIRE_100_TIMEOUT); -} - -static const struct Curl_crtype cr_exp100 = { - "cr-exp100", - Curl_creader_def_init, - cr_exp100_read, - Curl_creader_def_close, - Curl_creader_def_needs_rewind, - Curl_creader_def_total_length, - Curl_creader_def_resume_from, - Curl_creader_def_rewind, - Curl_creader_def_unpause, - Curl_creader_def_is_paused, - cr_exp100_done, - sizeof(struct cr_exp100_ctx) -}; - -static CURLcode http_exp100_add_reader(struct Curl_easy *data) -{ - struct Curl_creader *reader = NULL; - CURLcode result; - - result = Curl_creader_create(&reader, data, &cr_exp100, - CURL_CR_PROTOCOL); - if(!result) - result = Curl_creader_add(data, reader); - if(!result) { - struct cr_exp100_ctx *ctx = reader->ctx; - ctx->state = EXP100_SENDING_REQUEST; - } - - if(result && reader) - Curl_creader_free(data, reader); - return result; -} - -void Curl_http_exp100_got100(struct Curl_easy *data) -{ - struct Curl_creader *r = Curl_creader_get_by_type(data, &cr_exp100); - if(r) - http_exp100_continue(data, r); -} - -static bool http_exp100_is_waiting(struct Curl_easy *data) -{ - struct Curl_creader *r = Curl_creader_get_by_type(data, &cr_exp100); - if(r) { - struct cr_exp100_ctx *ctx = r->ctx; - return (ctx->state == EXP100_AWAITING_CONTINUE); - } - return FALSE; -} - -static void http_exp100_send_anyway(struct Curl_easy *data) -{ - struct Curl_creader *r = Curl_creader_get_by_type(data, &cr_exp100); - if(r) - http_exp100_continue(data, r); -} - -bool Curl_http_exp100_is_selected(struct Curl_easy *data) -{ - struct Curl_creader *r = Curl_creader_get_by_type(data, &cr_exp100); - return r? TRUE : FALSE; -} - #endif /* CURL_DISABLE_HTTP */ |