mirror of
https://github.com/cesanta/mongoose.git
synced 2024-12-18 11:28:13 +08:00
reporting error if request size is too big
This commit is contained in:
parent
d8c12e449d
commit
3d43451b36
145
mongoose.c
145
mongoose.c
@ -210,11 +210,13 @@ typedef int SOCKET;
|
||||
|
||||
#if defined(DEBUG)
|
||||
#define DEBUG_TRACE(x) do { \
|
||||
flockfile(stdout); \
|
||||
printf("*** [%lu] thread %p: %s: ", \
|
||||
(unsigned long) time(NULL), (void *) pthread_self(), __func__); \
|
||||
printf x; \
|
||||
putchar('\n'); \
|
||||
fflush(stdout); \
|
||||
funlockfile(stdout); \
|
||||
} while (0)
|
||||
#else
|
||||
#define DEBUG_TRACE(x)
|
||||
@ -432,6 +434,7 @@ struct mg_context {
|
||||
};
|
||||
|
||||
struct mg_connection {
|
||||
struct mg_connection *peer; // Remote target in proxy mode
|
||||
struct mg_request_info request_info;
|
||||
struct mg_context *ctx;
|
||||
SSL *ssl; // SSL descriptor
|
||||
@ -719,9 +722,12 @@ static int match_extension(const char *path, const char *ext_list) {
|
||||
#endif // !NO_CGI
|
||||
|
||||
// HTTP 1.1 assumes keep alive if "Connection:" header is not set
|
||||
// This function must tolerate situations when connection info is not
|
||||
// set up, for example if request parsing failed.
|
||||
static int should_keep_alive(const struct mg_connection *conn) {
|
||||
const char *http_version = conn->request_info.http_version;
|
||||
const char *header = mg_get_header(conn, "Connection");
|
||||
return (header == NULL && !strcmp(conn->request_info.http_version, "1.1")) ||
|
||||
return (header == NULL && http_version && !strcmp(http_version, "1.1")) ||
|
||||
(header != NULL && !strcmp(header, "keep-alive"));
|
||||
}
|
||||
|
||||
@ -1584,6 +1590,7 @@ static int get_request_len(const char *buf, int buflen) {
|
||||
const char *s, *e;
|
||||
int len = 0;
|
||||
|
||||
DEBUG_TRACE(("buf: %p, len: %d", buf, buflen));
|
||||
for (s = buf, e = s + buflen - 1; len <= 0 && s < e; s++)
|
||||
// Control characters are not allowed but >=128 is.
|
||||
if (!isprint(* (unsigned char *) s) && *s != '\r' &&
|
||||
@ -2533,11 +2540,9 @@ static void parse_http_headers(char **buf, struct mg_request_info *ri) {
|
||||
}
|
||||
|
||||
static int is_valid_http_method(const char *method) {
|
||||
return !strcmp(method, "GET") ||
|
||||
!strcmp(method, "POST") ||
|
||||
!strcmp(method, "HEAD") ||
|
||||
!strcmp(method, "PUT") ||
|
||||
!strcmp(method, "DELETE");
|
||||
return !strcmp(method, "GET") || !strcmp(method, "POST") ||
|
||||
!strcmp(method, "HEAD") || !strcmp(method, "CONNECT") ||
|
||||
!strcmp(method, "PUT") || !strcmp(method, "DELETE");
|
||||
}
|
||||
|
||||
// Parse HTTP request, fill in mg_request_info structure.
|
||||
@ -2554,7 +2559,6 @@ static int parse_http_request(char *buf, struct mg_request_info *ri) {
|
||||
ri->http_version = skip(&buf, "\r\n");
|
||||
|
||||
if (is_valid_http_method(ri->request_method) &&
|
||||
ri->uri[0] == '/' &&
|
||||
strncmp(ri->http_version, "HTTP/", 5) == 0) {
|
||||
ri->http_version += 5; /* Skip "HTTP/" */
|
||||
parse_http_headers(&buf, ri);
|
||||
@ -2641,7 +2645,8 @@ static int is_not_modified(const struct mg_connection *conn,
|
||||
return ims != NULL && stp->mtime <= parse_date_string(ims);
|
||||
}
|
||||
|
||||
static int handle_request_body(struct mg_connection *conn, FILE *fp) {
|
||||
static int forward_body_data(struct mg_connection *conn, FILE *fp,
|
||||
SOCKET sock, SSL *ssl) {
|
||||
const char *expect, *buffered;
|
||||
char buf[BUFSIZ];
|
||||
int to_read, nread, buffered_len, success = 0;
|
||||
@ -2667,7 +2672,7 @@ static int handle_request_body(struct mg_connection *conn, FILE *fp) {
|
||||
if ((int64_t) buffered_len > conn->content_len) {
|
||||
buffered_len = (int) conn->content_len;
|
||||
}
|
||||
push(fp, INVALID_SOCKET, NULL, buffered, (int64_t) buffered_len);
|
||||
push(fp, sock, ssl, buffered, (int64_t) buffered_len);
|
||||
conn->consumed_content += buffered_len;
|
||||
}
|
||||
|
||||
@ -2677,7 +2682,7 @@ static int handle_request_body(struct mg_connection *conn, FILE *fp) {
|
||||
to_read = (int) (conn->content_len - conn->consumed_content);
|
||||
}
|
||||
nread = pull(NULL, conn->client.sock, conn->ssl, buf, to_read);
|
||||
if (nread <= 0 || push(fp, INVALID_SOCKET, NULL, buf, nread) != nread) {
|
||||
if (nread <= 0 || push(fp, sock, ssl, buf, nread) != nread) {
|
||||
break;
|
||||
}
|
||||
conn->consumed_content += nread;
|
||||
@ -2890,7 +2895,7 @@ static void handle_cgi_request(struct mg_connection *conn, const char *prog) {
|
||||
|
||||
// Send POST data to the CGI process if needed
|
||||
if (!strcmp(conn->request_info.request_method, "POST") &&
|
||||
!handle_request_body(conn, in)) {
|
||||
!forward_body_data(conn, in, INVALID_SOCKET, NULL)) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
@ -3010,7 +3015,7 @@ static void put_file(struct mg_connection *conn, const char *path) {
|
||||
// TODO(lsm): handle seek error
|
||||
(void) fseeko(fp, (off_t) r1, SEEK_SET);
|
||||
}
|
||||
if (handle_request_body(conn, fp))
|
||||
if (forward_body_data(conn, fp, INVALID_SOCKET, NULL))
|
||||
(void) mg_printf(conn, "HTTP/1.1 %d OK\r\n\r\n",
|
||||
conn->request_info.status_code);
|
||||
(void) fclose(fp);
|
||||
@ -3242,7 +3247,7 @@ static void close_all_listening_sockets(struct mg_context *ctx) {
|
||||
}
|
||||
}
|
||||
|
||||
// Valid listening port specification is: [ip_address:]port[s[p]]
|
||||
// Valid listening port specification is: [ip_address:]port[s|p]
|
||||
// Examples: 80, 443s, 127.0.0.1:3128p, 1.2.3.4:8080sp
|
||||
static int parse_port_string(const struct vec *vec, struct socket *so) {
|
||||
struct usa *usa = &so->lsa;
|
||||
@ -3260,17 +3265,14 @@ static int parse_port_string(const struct vec *vec, struct socket *so) {
|
||||
} else {
|
||||
return 0;
|
||||
}
|
||||
|
||||
assert(len > 0 && len <= (int) vec->len);
|
||||
so->is_ssl = vec->ptr[len] == 's';
|
||||
so->is_proxy = vec->ptr[len] == 'p' ||
|
||||
(vec->ptr[len] == 's' && vec->ptr[len + 1] == 'p');
|
||||
|
||||
if (vec->ptr[len + so->is_ssl + so->is_proxy] != '\0' &&
|
||||
vec->ptr[len + so->is_ssl + so->is_proxy] != ',') {
|
||||
if (strchr("sp,", vec->ptr[len]) == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
so->is_ssl = vec->ptr[len] == 's';
|
||||
so->is_proxy = vec->ptr[len] == 'p';
|
||||
usa->len = sizeof(usa->u.sin);
|
||||
usa->u.sin.sin_family = AF_INET;
|
||||
usa->u.sin.sin_port = htons((uint16_t) port);
|
||||
@ -3288,7 +3290,7 @@ static int set_ports_option(struct mg_context *ctx) {
|
||||
while (success && (list = next_option(list, &vec, NULL)) != NULL) {
|
||||
if (!parse_port_string(&vec, &so)) {
|
||||
cry(fc(ctx), "%s: %.*s: invalid port spec. Expecting list of: %s",
|
||||
__func__, vec.len, vec.ptr, "[IP_ADDRESS:]PORT[s[p]]");
|
||||
__func__, vec.len, vec.ptr, "[IP_ADDRESS:]PORT[s|p]");
|
||||
success = 0;
|
||||
} else if (so.is_ssl && ctx->ssl_ctx == NULL) {
|
||||
cry(fc(ctx), "Cannot add SSL socket, is -ssl_cert option set?");
|
||||
@ -3586,11 +3588,16 @@ static int set_acl_option(struct mg_context *ctx) {
|
||||
}
|
||||
|
||||
static void reset_per_request_attributes(struct mg_connection *conn) {
|
||||
if (conn->request_info.remote_user != NULL) {
|
||||
free((void *) conn->request_info.remote_user);
|
||||
conn->request_info.remote_user = NULL;
|
||||
struct mg_request_info *ri = &conn->request_info;
|
||||
|
||||
// Reset request info attributes. DO NOT TOUCH is_ssl, remote_ip, remote_port
|
||||
if (ri->remote_user != NULL) {
|
||||
free((void *) ri->remote_user);
|
||||
}
|
||||
conn->request_info.status_code = -1;
|
||||
ri->remote_user = ri->request_method = ri->uri = ri->http_version = NULL;
|
||||
ri->num_headers = 0;
|
||||
ri->status_code = -1;
|
||||
|
||||
conn->num_bytes_sent = conn->consumed_content = 0;
|
||||
conn->content_len = -1;
|
||||
conn->request_len = conn->data_len = 0;
|
||||
@ -3648,6 +3655,78 @@ static void discard_current_request_from_buffer(struct mg_connection *conn) {
|
||||
memmove(conn->buf, conn->buf + conn->request_len + body_len, conn->data_len);
|
||||
}
|
||||
|
||||
static int parse_url(const char *url, char *host, int *port) {
|
||||
int len;
|
||||
|
||||
if (url == NULL) {
|
||||
return 0;
|
||||
};
|
||||
|
||||
if (!strncmp(url, "http://", 7)) {
|
||||
url += 7;
|
||||
}
|
||||
|
||||
if (sscanf(url, "%1024[^:]:%d/%n", host, port, &len) == 2) {
|
||||
} else {
|
||||
sscanf(url, "%1024[^/]/%n", host, &len);
|
||||
*port = 80;
|
||||
}
|
||||
DEBUG_TRACE(("Host:%s, port:%d", host, *port));
|
||||
|
||||
return len > 0 && url[len - 1] == '/' ? len - 1 : len;
|
||||
}
|
||||
|
||||
static void handle_proxy_request(struct mg_connection *conn) {
|
||||
struct mg_request_info *ri = &conn->request_info;
|
||||
char host[1025], buf[BUFSIZ];
|
||||
int port, is_ssl, len, i, n;
|
||||
|
||||
DEBUG_TRACE(("URL: %s", ri->uri));
|
||||
if (conn->request_info.uri[0] == '/' ||
|
||||
(len = parse_url(ri->uri, host, &port)) == 0) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (conn->peer == NULL) {
|
||||
is_ssl = !strcmp(ri->request_method, "CONNECT");
|
||||
if ((conn->peer = mg_connect(conn, host, port, is_ssl)) == NULL) {
|
||||
return;
|
||||
}
|
||||
conn->peer->client.is_ssl = is_ssl;
|
||||
}
|
||||
|
||||
// Forward client's request to the target
|
||||
mg_printf(conn->peer, "%s %s HTTP/%s\r\n", ri->request_method, ri->uri + len,
|
||||
ri->http_version);
|
||||
|
||||
// And also all headers. TODO(lsm): anonymize!
|
||||
for (i = 0; i < ri->num_headers; i++) {
|
||||
mg_printf(conn->peer, "%s: %s\r\n", ri->http_headers[i].name,
|
||||
ri->http_headers[i].value);
|
||||
}
|
||||
// End of headers, final newline
|
||||
mg_write(conn->peer, "\r\n", 2);
|
||||
|
||||
// Read and forward body data if any
|
||||
if (!strcmp(ri->request_method, "POST")) {
|
||||
forward_body_data(conn, NULL, conn->peer->client.sock, conn->peer->ssl);
|
||||
}
|
||||
|
||||
// Read data from the target and forward it to the client
|
||||
while ((n = pull(NULL, conn->peer->client.sock, conn->peer->ssl,
|
||||
buf, sizeof(buf))) > 0) {
|
||||
if (mg_write(conn, buf, n) != n) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (!conn->peer->client.is_ssl) {
|
||||
close_connection(conn->peer);
|
||||
free(conn->peer);
|
||||
conn->peer = NULL;
|
||||
}
|
||||
}
|
||||
|
||||
static void process_new_connection(struct mg_connection *conn) {
|
||||
struct mg_request_info *ri = &conn->request_info;
|
||||
int keep_alive_enabled;
|
||||
@ -3664,13 +3743,17 @@ static void process_new_connection(struct mg_connection *conn) {
|
||||
conn->buf, sizeof(conn->buf), &conn->data_len);
|
||||
}
|
||||
assert(conn->data_len >= conn->request_len);
|
||||
if (conn->request_len <= 0) {
|
||||
if (conn->request_len == 0 && conn->data_len == sizeof(conn->buf)) {
|
||||
send_http_error(conn, 413, "Request Too Large", "");
|
||||
return;
|
||||
} if (conn->request_len <= 0) {
|
||||
return; // Remote end closed the connection
|
||||
}
|
||||
|
||||
// Nul-terminate the request cause parse_http_request() uses sscanf
|
||||
conn->buf[conn->request_len - 1] = '\0';
|
||||
if (!parse_http_request(conn->buf, ri)) {
|
||||
if (!parse_http_request(conn->buf, ri) ||
|
||||
(!conn->client.is_proxy && ri->uri[0] != '/')) {
|
||||
// Do not put garbage in the access log, just send it back to the client
|
||||
send_http_error(conn, 400, "Bad Request",
|
||||
"Cannot parse HTTP request: [%.*s]", conn->data_len, conn->buf);
|
||||
@ -3684,11 +3767,16 @@ static void process_new_connection(struct mg_connection *conn) {
|
||||
cl = get_header(ri, "Content-Length");
|
||||
conn->content_len = cl == NULL ? -1 : strtoll(cl, NULL, 10);
|
||||
conn->birth_time = time(NULL);
|
||||
handle_request(conn);
|
||||
if (conn->client.is_proxy) {
|
||||
handle_proxy_request(conn);
|
||||
} else {
|
||||
handle_request(conn);
|
||||
}
|
||||
log_access(conn);
|
||||
discard_current_request_from_buffer(conn);
|
||||
}
|
||||
} while (keep_alive_enabled && should_keep_alive(conn));
|
||||
// conn->peer is not NULL only for SSL-ed proxy connections
|
||||
} while (conn->peer || (keep_alive_enabled && should_keep_alive(conn)));
|
||||
}
|
||||
|
||||
// Worker threads take accepted socket from the queue
|
||||
@ -3796,6 +3884,7 @@ static void accept_new_connection(const struct socket *listener,
|
||||
// Put accepted socket structure into the queue
|
||||
DEBUG_TRACE(("accepted socket %d", accepted.sock));
|
||||
accepted.is_ssl = listener->is_ssl;
|
||||
accepted.is_proxy = listener->is_proxy;
|
||||
produce_socket(ctx, &accepted);
|
||||
} else {
|
||||
cry(fc(ctx), "%s: %s is not allowed to connect",
|
||||
|
Loading…
Reference in New Issue
Block a user