File: [local] / src / usr.sbin / httpd / server_fcgi.c (download)
Revision 1.97, Wed Nov 8 19:19:10 2023 UTC (6 months, 4 weeks ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, HEAD Changes since 1.96: +7 -8 lines
Avoid a NULL dereference when handling a malformed fastcgi request.
Rework the hack to avoid a use-after-free in the fastcgi code.
Since server_fcgi() can be called by server_read_httpcontent() we
can't set clt_fcgi_error to NULL. Instead, we implement a simple
reference count to track when a fastcgi session is in progress to
avoid closing the http session prematurely on fastcgi error.
Based on a diff from and OK by tb@. Reported by Ben Kallus.
|
/* $OpenBSD: server_fcgi.c,v 1.97 2023/11/08 19:19:10 millert Exp $ */
/*
* Copyright (c) 2014 Florian Obser <florian@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <sys/types.h>
#include <sys/time.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <limits.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <time.h>
#include <ctype.h>
#include <event.h>
#include <unistd.h>
#include "httpd.h"
#include "http.h"
#define FCGI_PADDING_SIZE 255
#define FCGI_RECORD_SIZE \
(sizeof(struct fcgi_record_header) + FCGI_CONTENT_SIZE + FCGI_PADDING_SIZE)
#define FCGI_BEGIN_REQUEST 1
#define FCGI_ABORT_REQUEST 2
#define FCGI_END_REQUEST 3
#define FCGI_PARAMS 4
#define FCGI_STDIN 5
#define FCGI_STDOUT 6
#define FCGI_STDERR 7
#define FCGI_DATA 8
#define FCGI_GET_VALUES 9
#define FCGI_GET_VALUES_RESULT 10
#define FCGI_UNKNOWN_TYPE 11
#define FCGI_MAXTYPE (FCGI_UNKNOWN_TYPE)
#define FCGI_RESPONDER 1
struct fcgi_record_header {
uint8_t version;
uint8_t type;
uint16_t id;
uint16_t content_len;
uint8_t padding_len;
uint8_t reserved;
} __packed;
struct fcgi_begin_request_body {
uint16_t role;
uint8_t flags;
uint8_t reserved[5];
} __packed;
struct server_fcgi_param {
int total_len;
uint8_t buf[FCGI_RECORD_SIZE];
};
int server_fcgi_header(struct client *, unsigned int);
void server_fcgi_error(struct bufferevent *, short, void *);
void server_fcgi_read(struct bufferevent *, void *);
int server_fcgi_writeheader(struct client *, struct kv *, void *);
int server_fcgi_writechunk(struct client *);
int server_fcgi_getheaders(struct client *);
int fcgi_add_param(struct server_fcgi_param *, const char *, const char *,
struct client *);
int
server_fcgi(struct httpd *env, struct client *clt)
{
struct server_fcgi_param param;
struct server_config *srv_conf = clt->clt_srv_conf;
struct http_descriptor *desc = clt->clt_descreq;
struct fcgi_record_header *h;
struct fcgi_begin_request_body *begin;
struct fastcgi_param *fcgiparam;
char hbuf[HOST_NAME_MAX+1];
size_t scriptlen;
int pathlen;
int fd = -1, ret;
const char *stripped, *alias, *errstr = NULL;
char *query_alias, *str, *script = NULL;
if ((fd = socket(srv_conf->fastcgi_ss.ss_family,
SOCK_STREAM | SOCK_NONBLOCK, 0)) == -1)
goto fail;
if ((connect(fd, (struct sockaddr *) &srv_conf->fastcgi_ss,
srv_conf->fastcgi_ss.ss_len)) == -1) {
if (errno != EINPROGRESS)
goto fail;
}
memset(hbuf, 0, sizeof(hbuf));
clt->clt_fcgi.state = FCGI_READ_HEADER;
clt->clt_fcgi.toread = sizeof(struct fcgi_record_header);
clt->clt_fcgi.status = 200;
clt->clt_fcgi.headersdone = 0;
clt->clt_fcgi.headerssent = 0;
if (clt->clt_srvevb != NULL)
evbuffer_free(clt->clt_srvevb);
clt->clt_srvevb = evbuffer_new();
if (clt->clt_srvevb == NULL) {
errstr = "failed to allocate evbuffer";
goto fail;
}
close(clt->clt_fd);
clt->clt_fd = fd;
if (clt->clt_srvbev != NULL)
bufferevent_free(clt->clt_srvbev);
clt->clt_srvbev_throttled = 0;
clt->clt_srvbev = bufferevent_new(fd, server_fcgi_read,
NULL, server_fcgi_error, clt);
if (clt->clt_srvbev == NULL) {
errstr = "failed to allocate fcgi buffer event";
goto fail;
}
memset(¶m, 0, sizeof(param));
h = (struct fcgi_record_header *)¶m.buf;
h->version = 1;
h->type = FCGI_BEGIN_REQUEST;
h->id = htons(1);
h->content_len = htons(sizeof(struct fcgi_begin_request_body));
h->padding_len = 0;
begin = (struct fcgi_begin_request_body *)¶m.buf[sizeof(struct
fcgi_record_header)];
begin->role = htons(FCGI_RESPONDER);
if (bufferevent_write(clt->clt_srvbev, ¶m.buf,
sizeof(struct fcgi_record_header) +
sizeof(struct fcgi_begin_request_body)) == -1) {
errstr = "failed to write to evbuffer";
goto fail;
}
h->type = FCGI_PARAMS;
h->content_len = param.total_len = 0;
alias = desc->http_path_alias != NULL
? desc->http_path_alias
: desc->http_path;
query_alias = desc->http_query_alias != NULL
? desc->http_query_alias
: desc->http_query;
stripped = server_root_strip(alias, srv_conf->strip);
if ((pathlen = asprintf(&script, "%s%s", srv_conf->root, stripped))
== -1) {
errstr = "failed to get script name";
goto fail;
}
scriptlen = path_info(script);
/*
* no part of root should show up in PATH_INFO.
* therefore scriptlen should be >= strlen(root)
*/
if (scriptlen < strlen(srv_conf->root))
scriptlen = strlen(srv_conf->root);
if ((int)scriptlen < pathlen) {
if (fcgi_add_param(¶m, "PATH_INFO",
script + scriptlen, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
script[scriptlen] = '\0';
} else {
/* RFC 3875 mandates that PATH_INFO is empty if not set */
if (fcgi_add_param(¶m, "PATH_INFO", "", clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
}
/*
* calculate length of http SCRIPT_NAME:
* add length of stripped prefix,
* subtract length of prepended local root
*/
scriptlen += (stripped - alias) - strlen(srv_conf->root);
if ((str = strndup(alias, scriptlen)) == NULL)
goto fail;
ret = fcgi_add_param(¶m, "SCRIPT_NAME", str, clt);
free(str);
if (ret == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "SCRIPT_FILENAME", server_root_strip(script,
srv_conf->fcgistrip), clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (query_alias) {
if (fcgi_add_param(¶m, "QUERY_STRING", query_alias,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
} else if (fcgi_add_param(¶m, "QUERY_STRING", "", clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "DOCUMENT_ROOT", server_root_strip(
srv_conf->root, srv_conf->fcgistrip), clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "DOCUMENT_URI", alias,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "GATEWAY_INTERFACE", "CGI/1.1",
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (srv_conf->flags & SRVFLAG_AUTH) {
if (fcgi_add_param(¶m, "REMOTE_USER",
clt->clt_remote_user, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
}
/* Add HTTP_* headers */
if (server_headers(clt, desc, server_fcgi_writeheader, ¶m) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (srv_conf->flags & SRVFLAG_TLS) {
if (fcgi_add_param(¶m, "HTTPS", "on", clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (srv_conf->tls_flags != 0 && fcgi_add_param(¶m,
"TLS_PEER_VERIFY", printb_flags(srv_conf->tls_flags,
TLSFLAG_BITS), clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
}
TAILQ_FOREACH(fcgiparam, &srv_conf->fcgiparams, entry) {
if (fcgi_add_param(¶m, fcgiparam->name, fcgiparam->value,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
}
(void)print_host(&clt->clt_ss, hbuf, sizeof(hbuf));
if (fcgi_add_param(¶m, "REMOTE_ADDR", hbuf, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
(void)snprintf(hbuf, sizeof(hbuf), "%d", ntohs(clt->clt_port));
if (fcgi_add_param(¶m, "REMOTE_PORT", hbuf, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "REQUEST_METHOD",
server_httpmethod_byid(desc->http_method), clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (!desc->http_query) {
if (fcgi_add_param(¶m, "REQUEST_URI", desc->http_path_orig,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
} else {
if (asprintf(&str, "%s?%s", desc->http_path_orig,
desc->http_query) == -1) {
errstr = "failed to encode param";
goto fail;
}
ret = fcgi_add_param(¶m, "REQUEST_URI", str, clt);
free(str);
if (ret == -1) {
errstr = "failed to encode param";
goto fail;
}
}
(void)print_host(&clt->clt_srv_ss, hbuf, sizeof(hbuf));
if (fcgi_add_param(¶m, "SERVER_ADDR", hbuf, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
(void)snprintf(hbuf, sizeof(hbuf), "%d",
ntohs(server_socket_getport(&clt->clt_srv_ss)));
if (fcgi_add_param(¶m, "SERVER_PORT", hbuf, clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "SERVER_NAME", srv_conf->name,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "SERVER_PROTOCOL", desc->http_version,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (fcgi_add_param(¶m, "SERVER_SOFTWARE", HTTPD_SERVERNAME,
clt) == -1) {
errstr = "failed to encode param";
goto fail;
}
if (param.total_len != 0) { /* send last params record */
if (bufferevent_write(clt->clt_srvbev, ¶m.buf,
sizeof(struct fcgi_record_header) +
ntohs(h->content_len)) == -1) {
errstr = "failed to write to client evbuffer";
goto fail;
}
}
/* send "no more params" message */
h->content_len = 0;
if (bufferevent_write(clt->clt_srvbev, ¶m.buf,
sizeof(struct fcgi_record_header)) == -1) {
errstr = "failed to write to client evbuffer";
goto fail;
}
bufferevent_settimeout(clt->clt_srvbev,
srv_conf->timeout.tv_sec, srv_conf->timeout.tv_sec);
bufferevent_enable(clt->clt_srvbev, EV_READ|EV_WRITE);
if (clt->clt_toread != 0) {
/*
* XXX - Work around UAF: server_read_httpcontent() can call
* server_close(), normally freeing clt. If clt->clt_fcgi_count
* reaches 0, call server_close() via server_abort_http().
*/
clt->clt_fcgi_count++;
server_read_httpcontent(clt->clt_bev, clt);
if (clt->clt_fcgi_count-- <= 0) {
errstr = clt->clt_fcgi_error;
goto fail;
}
bufferevent_enable(clt->clt_bev, EV_READ);
} else {
bufferevent_disable(clt->clt_bev, EV_READ);
fcgi_add_stdin(clt, NULL);
}
if (strcmp(desc->http_version, "HTTP/1.1") == 0) {
clt->clt_fcgi.chunked = 1;
} else {
/* HTTP/1.0 does not support chunked encoding */
clt->clt_fcgi.chunked = 0;
clt->clt_persist = 0;
}
clt->clt_fcgi.end = 0;
clt->clt_done = 0;
free(script);
return (0);
fail:
free(script);
if (errstr == NULL)
errstr = strerror(errno);
if (fd != -1 && clt->clt_fd != fd)
close(fd);
server_abort_http(clt, 500, errstr);
return (-1);
}
int
fcgi_add_stdin(struct client *clt, struct evbuffer *evbuf)
{
struct fcgi_record_header h;
memset(&h, 0, sizeof(h));
h.version = 1;
h.type = FCGI_STDIN;
h.id = htons(1);
h.padding_len = 0;
if (evbuf == NULL) {
h.content_len = 0;
return bufferevent_write(clt->clt_srvbev, &h,
sizeof(struct fcgi_record_header));
} else {
h.content_len = htons(EVBUFFER_LENGTH(evbuf));
if (bufferevent_write(clt->clt_srvbev, &h,
sizeof(struct fcgi_record_header)) == -1)
return -1;
return bufferevent_write_buffer(clt->clt_srvbev, evbuf);
}
return (0);
}
int
fcgi_add_param(struct server_fcgi_param *p, const char *key,
const char *val, struct client *clt)
{
struct fcgi_record_header *h;
int len = 0;
int key_len = strlen(key);
int val_len = strlen(val);
uint8_t *param;
len += key_len + val_len;
len += key_len > 127 ? 4 : 1;
len += val_len > 127 ? 4 : 1;
DPRINTF("%s: %s[%d] => %s[%d], total_len: %d", __func__, key, key_len,
val, val_len, p->total_len);
if (len > FCGI_CONTENT_SIZE)
return (-1);
if (p->total_len + len > FCGI_CONTENT_SIZE) {
if (bufferevent_write(clt->clt_srvbev, p->buf,
sizeof(struct fcgi_record_header) + p->total_len) == -1)
return (-1);
p->total_len = 0;
}
h = (struct fcgi_record_header *)p->buf;
param = p->buf + sizeof(*h) + p->total_len;
if (key_len > 127) {
*param++ = ((key_len >> 24) & 0xff) | 0x80;
*param++ = ((key_len >> 16) & 0xff);
*param++ = ((key_len >> 8) & 0xff);
*param++ = (key_len & 0xff);
} else
*param++ = key_len;
if (val_len > 127) {
*param++ = ((val_len >> 24) & 0xff) | 0x80;
*param++ = ((val_len >> 16) & 0xff);
*param++ = ((val_len >> 8) & 0xff);
*param++ = (val_len & 0xff);
} else
*param++ = val_len;
memcpy(param, key, key_len);
param += key_len;
memcpy(param, val, val_len);
p->total_len += len;
h->content_len = htons(p->total_len);
return (0);
}
void
server_fcgi_error(struct bufferevent *bev, short error, void *arg)
{
struct client *clt = arg;
struct http_descriptor *desc = clt->clt_descreq;
if ((error & EVBUFFER_EOF) && !clt->clt_fcgi.headersdone) {
server_abort_http(clt, 500, "malformed or no headers");
return;
}
/* send the end marker if not already */
if (desc->http_method != HTTP_METHOD_HEAD && clt->clt_fcgi.chunked &&
!clt->clt_fcgi.end++)
server_bufferevent_print(clt, "0\r\n\r\n");
server_file_error(bev, error, arg);
}
void
server_fcgi_read(struct bufferevent *bev, void *arg)
{
uint8_t buf[FCGI_RECORD_SIZE];
struct client *clt = (struct client *) arg;
struct fcgi_record_header *h;
size_t len;
char *ptr;
do {
len = bufferevent_read(bev, buf, clt->clt_fcgi.toread);
if (evbuffer_add(clt->clt_srvevb, buf, len) == -1) {
server_abort_http(clt, 500, "short write");
return;
}
clt->clt_fcgi.toread -= len;
DPRINTF("%s: len: %lu toread: %d state: %d type: %d",
__func__, len, clt->clt_fcgi.toread,
clt->clt_fcgi.state, clt->clt_fcgi.type);
if (clt->clt_fcgi.toread != 0)
return;
switch (clt->clt_fcgi.state) {
case FCGI_READ_HEADER:
clt->clt_fcgi.state = FCGI_READ_CONTENT;
h = (struct fcgi_record_header *)
EVBUFFER_DATA(clt->clt_srvevb);
DPRINTF("%s: record header: version %d type %d id %d "
"content len %d padding %d", __func__,
h->version, h->type, ntohs(h->id),
ntohs(h->content_len), h->padding_len);
clt->clt_fcgi.type = h->type;
clt->clt_fcgi.toread = ntohs(h->content_len);
clt->clt_fcgi.padding_len = h->padding_len;
evbuffer_drain(clt->clt_srvevb,
EVBUFFER_LENGTH(clt->clt_srvevb));
if (clt->clt_fcgi.toread != 0)
break;
else if (clt->clt_fcgi.type == FCGI_STDOUT &&
!clt->clt_chunk) {
server_abort_http(clt, 500, "empty stdout");
return;
}
/* fallthrough if content_len == 0 */
case FCGI_READ_CONTENT:
switch (clt->clt_fcgi.type) {
case FCGI_STDERR:
if (EVBUFFER_LENGTH(clt->clt_srvevb) > 0 &&
(ptr = get_string(
EVBUFFER_DATA(clt->clt_srvevb),
EVBUFFER_LENGTH(clt->clt_srvevb)))
!= NULL) {
server_sendlog(clt->clt_srv_conf,
IMSG_LOG_ERROR, "%s", ptr);
free(ptr);
}
break;
case FCGI_STDOUT:
++clt->clt_chunk;
if (!clt->clt_fcgi.headersdone) {
clt->clt_fcgi.headersdone =
server_fcgi_getheaders(clt);
if (!EVBUFFER_LENGTH(clt->clt_srvevb))
break;
}
/* FALLTHROUGH */
case FCGI_END_REQUEST:
if (clt->clt_fcgi.headersdone &&
!clt->clt_fcgi.headerssent) {
if (server_fcgi_header(clt,
clt->clt_fcgi.status) == -1) {
server_abort_http(clt, 500,
"malformed fcgi headers");
return;
}
}
/* Don't send content for HEAD requests */
if (clt->clt_fcgi.headerssent &&
clt->clt_descreq->http_method
== HTTP_METHOD_HEAD)
/* nothing */ ;
else if (server_fcgi_writechunk(clt) == -1) {
server_abort_http(clt, 500,
"encoding error");
return;
}
if (clt->clt_fcgi.type == FCGI_END_REQUEST) {
bufferevent_enable(clt->clt_bev,
EV_READ|EV_WRITE);
if (clt->clt_persist)
clt->clt_toread =
TOREAD_HTTP_HEADER;
else
clt->clt_toread =
TOREAD_HTTP_NONE;
clt->clt_done = 0;
server_reset_http(clt);
}
break;
}
evbuffer_drain(clt->clt_srvevb,
EVBUFFER_LENGTH(clt->clt_srvevb));
if (!clt->clt_fcgi.padding_len) {
clt->clt_fcgi.state = FCGI_READ_HEADER;
clt->clt_fcgi.toread =
sizeof(struct fcgi_record_header);
} else {
clt->clt_fcgi.state = FCGI_READ_PADDING;
clt->clt_fcgi.toread =
clt->clt_fcgi.padding_len;
}
break;
case FCGI_READ_PADDING:
evbuffer_drain(clt->clt_srvevb,
EVBUFFER_LENGTH(clt->clt_srvevb));
clt->clt_fcgi.state = FCGI_READ_HEADER;
clt->clt_fcgi.toread =
sizeof(struct fcgi_record_header);
break;
}
} while (len > 0);
}
int
server_fcgi_header(struct client *clt, unsigned int code)
{
struct server_config *srv_conf = clt->clt_srv_conf;
struct http_descriptor *desc = clt->clt_descreq;
struct http_descriptor *resp = clt->clt_descresp;
const char *error;
char tmbuf[32];
struct kv *kv, *cl, key;
clt->clt_fcgi.headerssent = 1;
if (desc == NULL || (error = server_httperror_byid(code)) == NULL)
return (-1);
if (server_log_http(clt, code, 0) == -1)
return (-1);
/* Add error codes */
if (kv_setkey(&resp->http_pathquery, "%u", code) == -1 ||
kv_set(&resp->http_pathquery, "%s", error) == -1)
return (-1);
/* Add headers */
if (kv_add(&resp->http_headers, "Server", HTTPD_SERVERNAME) == NULL)
return (-1);
if (clt->clt_fcgi.type == FCGI_END_REQUEST ||
EVBUFFER_LENGTH(clt->clt_srvevb) == 0) {
/* Can't chunk encode an empty body. */
clt->clt_fcgi.chunked = 0;
/* But then we need a Content-Length unless method is HEAD... */
if (desc->http_method != HTTP_METHOD_HEAD) {
key.kv_key = "Content-Length";
if ((kv = kv_find(&resp->http_headers, &key)) == NULL) {
if (kv_add(&resp->http_headers,
"Content-Length", "0") == NULL)
return (-1);
}
}
}
/* Send chunked encoding header */
if (clt->clt_fcgi.chunked) {
/* but only if no Content-Length header is supplied */
key.kv_key = "Content-Length";
if ((kv = kv_find(&resp->http_headers, &key)) != NULL) {
clt->clt_fcgi.chunked = 0;
} else {
/*
* XXX What if the FastCGI added some kind of
* Transfer-Encoding, like gzip, deflate or even
* "chunked"?
*/
if (kv_add(&resp->http_headers,
"Transfer-Encoding", "chunked") == NULL)
return (-1);
}
}
/* Is it a persistent connection? */
if (clt->clt_persist) {
if (kv_add(&resp->http_headers,
"Connection", "keep-alive") == NULL)
return (-1);
} else if (kv_add(&resp->http_headers, "Connection", "close") == NULL)
return (-1);
/* HSTS header */
if (srv_conf->flags & SRVFLAG_SERVER_HSTS &&
srv_conf->flags & SRVFLAG_TLS) {
if ((cl =
kv_add(&resp->http_headers, "Strict-Transport-Security",
NULL)) == NULL ||
kv_set(cl, "max-age=%d%s%s", srv_conf->hsts_max_age,
srv_conf->hsts_flags & HSTSFLAG_SUBDOMAINS ?
"; includeSubDomains" : "",
srv_conf->hsts_flags & HSTSFLAG_PRELOAD ?
"; preload" : "") == -1)
return (-1);
}
/* Date header is mandatory and should be added as late as possible */
key.kv_key = "Date";
if (kv_find(&resp->http_headers, &key) == NULL &&
(server_http_time(time(NULL), tmbuf, sizeof(tmbuf)) <= 0 ||
kv_add(&resp->http_headers, "Date", tmbuf) == NULL))
return (-1);
if (server_writeresponse_http(clt) == -1 ||
server_bufferevent_print(clt, "\r\n") == -1 ||
server_headers(clt, resp, server_writeheader_http, NULL) == -1 ||
server_bufferevent_print(clt, "\r\n") == -1)
return (-1);
return (0);
}
int
server_fcgi_writeheader(struct client *clt, struct kv *hdr, void *arg)
{
struct server_fcgi_param *param = arg;
char *val, *name, *p;
const char *key;
int ret;
/* The key might have been updated in the parent */
if (hdr->kv_parent != NULL && hdr->kv_parent->kv_key != NULL)
key = hdr->kv_parent->kv_key;
else
key = hdr->kv_key;
val = hdr->kv_value;
if (strcasecmp(key, "Content-Length") == 0 ||
strcasecmp(key, "Content-Type") == 0) {
if ((name = strdup(key)) == NULL)
return (-1);
} else {
if (asprintf(&name, "HTTP_%s", key) == -1)
return (-1);
}
/*
* RFC 7230 defines a header field-name as a "token" and a "token"
* is defined as one or more characters for which isalpha or
* isdigit is true plus a list of additional characters.
* According to RFC 3875 a CGI environment variable is created
* by converting all letters to upper case and replacing '-'
* with '_'.
*/
for (p = name; *p != '\0'; p++) {
if (isalpha((unsigned char)*p))
*p = toupper((unsigned char)*p);
else if (!(*p == '!' || *p == '#' || *p == '$' || *p == '%' ||
*p == '&' || *p == '\'' || *p == '*' || *p == '+' ||
*p == '.' || *p == '^' || *p == '_' || *p == '`' ||
*p == '|' || *p == '~' || isdigit((unsigned char)*p)))
*p = '_';
}
ret = fcgi_add_param(param, name, val, clt);
free(name);
return (ret);
}
int
server_fcgi_writechunk(struct client *clt)
{
struct evbuffer *evb = clt->clt_srvevb;
size_t len;
if (clt->clt_fcgi.type == FCGI_END_REQUEST) {
len = 0;
} else
len = EVBUFFER_LENGTH(evb);
if (clt->clt_fcgi.chunked) {
/* If len is 0, make sure to write the end marker only once */
if (len == 0 && clt->clt_fcgi.end++)
return (0);
if (server_bufferevent_printf(clt, "%zx\r\n", len) == -1 ||
server_bufferevent_write_chunk(clt, evb, len) == -1 ||
server_bufferevent_print(clt, "\r\n") == -1)
return (-1);
} else if (len)
return (server_bufferevent_write_buffer(clt, evb));
return (0);
}
int
server_fcgi_getheaders(struct client *clt)
{
struct http_descriptor *resp = clt->clt_descresp;
struct evbuffer *evb = clt->clt_srvevb;
int code, ret;
char *line, *key, *value;
const char *errstr;
while ((line = evbuffer_getline(evb)) != NULL && *line != '\0') {
key = line;
if ((value = strchr(key, ':')) == NULL)
break;
*value++ = '\0';
value += strspn(value, " \t");
DPRINTF("%s: %s: %s", __func__, key, value);
if (strcasecmp("Status", key) == 0) {
value[strcspn(value, " \t")] = '\0';
code = (int)strtonum(value, 100, 600, &errstr);
if (errstr != NULL || server_httperror_byid(
code) == NULL)
code = 200;
clt->clt_fcgi.status = code;
} else {
(void)kv_add(&resp->http_headers, key, value);
}
free(line);
}
ret = (line != NULL && *line == '\0');
free(line);
return ret;
}