1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * http_filter.c --- HTTP routines which either filters or deal with filters.
22 #include "apr_strings.h"
23 #include "apr_buckets.h"
25 #include "apr_signal.h"
27 #define APR_WANT_STDIO /* for sscanf */
28 #define APR_WANT_STRFUNC
29 #define APR_WANT_MEMFUNC
32 #include "util_filter.h"
33 #include "ap_config.h"
35 #include "http_config.h"
36 #include "http_core.h"
37 #include "http_protocol.h"
38 #include "http_main.h"
39 #include "http_request.h"
40 #include "http_vhost.h"
41 #include "http_connection.h"
42 #include "http_log.h" /* For errors detected in basic auth common
44 #include "apr_date.h" /* For apr_date_parse_http and APR_DATE_BAD */
45 #include "util_charset.h"
46 #include "util_ebcdic.h"
47 #include "util_time.h"
58 APLOG_USE_MODULE(http);
60 #define INVALID_CHAR -2
62 typedef struct http_filter_ctx
67 apr_int32_t chunk_used;
68 apr_int16_t chunkbits;
71 BODY_NONE, /* streamed data */
72 BODY_LENGTH, /* data constrained by content length */
73 BODY_CHUNK, /* chunk expected */
74 BODY_CHUNK_PART, /* chunk digits */
75 BODY_CHUNK_EXT, /* chunk extension */
76 BODY_CHUNK_DATA, /* data constrained by chunked encoding */
77 BODY_CHUNK_END, /* chunk terminating CRLF */
78 BODY_CHUNK_TRAILER /* trailers */
84 * Parse a chunk line with optional extension, detect overflow.
85 * There are two error cases:
86 * 1) If the conversion would require too many bits, APR_EGENERAL is returned.
87 * 2) If the conversion used the correct number of bits, but an overflow
88 * caused only the sign bit to flip, then APR_ENOSPC is returned.
89 * In general, any negative number can be considered an overflow error.
91 static apr_status_t parse_chunk_size(http_ctx_t *ctx, const char *buffer,
92 apr_size_t len, int linelimit)
99 ap_xlate_proto_from_ascii(&c, 1);
101 /* handle CRLF after the chunk */
102 if (ctx->state == BODY_CHUNK_END) {
104 ctx->state = BODY_CHUNK;
110 /* handle start of the chunk */
111 if (ctx->state == BODY_CHUNK) {
112 if (!apr_isxdigit(c)) {
114 * Detect invalid character at beginning. This also works for empty
120 ctx->state = BODY_CHUNK_PART;
123 ctx->chunkbits = sizeof(long) * 8;
127 /* handle a chunk part, or a chunk extension */
129 * In theory, we are supposed to expect CRLF only, but our
130 * test suite sends LF only. Tolerate a missing CR.
132 if (c == ';' || c == CR) {
133 ctx->state = BODY_CHUNK_EXT;
136 if (ctx->remaining) {
137 ctx->state = BODY_CHUNK_DATA;
140 ctx->state = BODY_CHUNK_TRAILER;
143 else if (ctx->state != BODY_CHUNK_EXT) {
146 /* ignore leading zeros */
147 if (!ctx->remaining && c == '0') {
152 if (c >= '0' && c <= '9') {
155 else if (c >= 'A' && c <= 'F') {
156 xvalue = c - 'A' + 0xa;
158 else if (c >= 'a' && c <= 'f') {
159 xvalue = c - 'a' + 0xa;
162 /* bogus character */
166 ctx->remaining = (ctx->remaining << 4) | xvalue;
168 if (ctx->chunkbits <= 0 || ctx->remaining < 0) {
179 ctx->chunk_used += len;
180 if (ctx->chunk_used < 0 || ctx->chunk_used > linelimit) {
187 /* This is the HTTP_INPUT filter for HTTP requests and responses from
188 * proxied servers (mod_proxy). It handles chunked and content-length
189 * bodies. This can only be inserted/used after the headers
190 * are successfully parsed.
192 apr_status_t ap_http_filter(ap_filter_t *f, apr_bucket_brigade *b,
193 ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes)
196 http_ctx_t *ctx = f->ctx;
201 /* just get out of the way of things we don't want. */
202 if (mode != AP_MODE_READBYTES && mode != AP_MODE_GETLINE) {
203 return ap_get_brigade(f->next, b, mode, block, readbytes);
207 const char *tenc, *lenp;
208 f->ctx = ctx = apr_pcalloc(f->r->pool, sizeof(*ctx));
209 ctx->state = BODY_NONE;
211 /* LimitRequestBody does not apply to proxied responses.
212 * Consider implementing this check in its own filter.
213 * Would adding a directive to limit the size of proxied
214 * responses be useful?
216 if (!f->r->proxyreq) {
217 ctx->limit = ap_get_limit_req_body(f->r);
223 tenc = apr_table_get(f->r->headers_in, "Transfer-Encoding");
224 lenp = apr_table_get(f->r->headers_in, "Content-Length");
227 if (strcasecmp(tenc, "chunked") == 0 /* fast path */
228 || ap_find_last_token(f->r->pool, tenc, "chunked")) {
229 ctx->state = BODY_CHUNK;
231 else if (f->r->proxyreq == PROXYREQ_RESPONSE) {
232 /* http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-23
233 * Section 3.3.3.3: "If a Transfer-Encoding header field is
234 * present in a response and the chunked transfer coding is not
235 * the final encoding, the message body length is determined by
236 * reading the connection until it is closed by the server."
238 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(02555)
239 "Unknown Transfer-Encoding: %s;"
240 " using read-until-close", tenc);
244 /* Something that isn't a HTTP request, unless some future
245 * edition defines new transfer encodings, is unsupported.
247 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01585)
248 "Unknown Transfer-Encoding: %s", tenc);
256 ctx->state = BODY_LENGTH;
258 /* Protects against over/underflow, non-digit chars in the
259 * string (excluding leading space) (the endstr checks)
260 * and a negative number. */
261 if (apr_strtoff(&ctx->remaining, lenp, &endstr, 10)
262 || endstr == lenp || *endstr || ctx->remaining < 0) {
266 APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01587)
267 "Invalid Content-Length");
272 /* If we have a limit in effect and we know the C-L ahead of
273 * time, stop it here if it is invalid.
275 if (ctx->limit && ctx->limit < ctx->remaining) {
277 APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01588)
278 "Requested content-length of %" APR_OFF_T_FMT
279 " is larger than the configured limit"
280 " of %" APR_OFF_T_FMT, ctx->remaining, ctx->limit);
285 /* If we don't have a request entity indicated by the headers, EOS.
286 * (BODY_NONE is a valid intermediate state due to trailers,
287 * but it isn't a valid starting state.)
289 * RFC 2616 Section 4.4 note 5 states that connection-close
290 * is invalid for a request entity - request bodies must be
291 * denoted by C-L or T-E: chunked.
293 * Note that since the proxy uses this filter to handle the
294 * proxied *response*, proxy responses MUST be exempt.
296 if (ctx->state == BODY_NONE && f->r->proxyreq != PROXYREQ_RESPONSE) {
297 e = apr_bucket_eos_create(f->c->bucket_alloc);
298 APR_BRIGADE_INSERT_TAIL(b, e);
303 /* Since we're about to read data, send 100-Continue if needed.
304 * Only valid on chunked and C-L bodies where the C-L is > 0. */
305 if ((ctx->state == BODY_CHUNK
306 || (ctx->state == BODY_LENGTH && ctx->remaining > 0))
307 && f->r->expecting_100 && f->r->proto_num >= HTTP_VERSION(1,1)
308 && !(f->r->eos_sent || f->r->bytes_sent)) {
309 if (!ap_is_HTTP_SUCCESS(f->r->status)) {
310 ctx->state = BODY_NONE;
316 apr_bucket_brigade *bb;
318 bb = apr_brigade_create(f->r->pool, f->c->bucket_alloc);
320 /* if we send an interim response, we're no longer
321 * in a state of expecting one.
323 f->r->expecting_100 = 0;
324 tmp = apr_pstrcat(f->r->pool, AP_SERVER_PROTOCOL, " ",
325 ap_get_status_line(HTTP_CONTINUE), CRLF CRLF, NULL);
327 ap_xlate_proto_to_ascii(tmp, len);
328 e = apr_bucket_pool_create(tmp, len, f->r->pool,
330 APR_BRIGADE_INSERT_HEAD(bb, e);
331 e = apr_bucket_flush_create(f->c->bucket_alloc);
332 APR_BRIGADE_INSERT_TAIL(bb, e);
334 ap_pass_brigade(f->c->output_filters, bb);
339 /* sanity check in case we're read twice */
341 e = apr_bucket_eos_create(f->c->bucket_alloc);
342 APR_BRIGADE_INSERT_TAIL(b, e);
347 apr_brigade_cleanup(b);
348 again = 0; /* until further notice */
350 /* read and handle the brigade */
351 switch (ctx->state) {
353 case BODY_CHUNK_PART:
355 case BODY_CHUNK_END: {
357 rv = ap_get_brigade(f->next, b, AP_MODE_GETLINE, block, 0);
360 if (block == APR_NONBLOCK_READ
361 && ((rv == APR_SUCCESS && APR_BRIGADE_EMPTY(b))
362 || (APR_STATUS_IS_EAGAIN(rv)))) {
367 return APR_INCOMPLETE;
370 if (rv != APR_SUCCESS) {
374 e = APR_BRIGADE_FIRST(b);
375 while (e != APR_BRIGADE_SENTINEL(b)) {
379 if (!APR_BUCKET_IS_METADATA(e)) {
380 rv = apr_bucket_read(e, &buffer, &len, APR_BLOCK_READ);
382 if (rv == APR_SUCCESS) {
383 rv = parse_chunk_size(ctx, buffer, len,
384 f->r->server->limit_req_fieldsize);
386 if (rv != APR_SUCCESS) {
388 APLOG_MARK, APLOG_INFO, rv, f->r, APLOGNO(01590) "Error reading chunk %s ", (APR_ENOSPC == rv) ? "(overflow)" : "");
393 apr_bucket_delete(e);
394 e = APR_BRIGADE_FIRST(b);
396 again = 1; /* come around again */
398 if (ctx->state == BODY_CHUNK_TRAILER) {
399 ap_get_mime_headers(f->r);
400 e = apr_bucket_eos_create(f->c->bucket_alloc);
401 APR_BRIGADE_INSERT_TAIL(b, e);
410 case BODY_CHUNK_DATA: {
412 /* Ensure that the caller can not go over our boundary point. */
413 if (ctx->state != BODY_NONE && ctx->remaining < readbytes) {
414 readbytes = ctx->remaining;
418 rv = ap_get_brigade(f->next, b, mode, block, readbytes);
421 if (block == APR_NONBLOCK_READ
422 && ((rv == APR_SUCCESS && APR_BRIGADE_EMPTY(b))
423 || (APR_STATUS_IS_EAGAIN(rv)))) {
427 if (rv == APR_EOF && ctx->state != BODY_NONE
428 && ctx->remaining > 0) {
429 return APR_INCOMPLETE;
432 if (rv != APR_SUCCESS) {
436 /* How many bytes did we just read? */
437 apr_brigade_length(b, 0, &totalread);
439 /* If this happens, we have a bucket of unknown length. Die because
440 * it means our assumptions have changed. */
441 AP_DEBUG_ASSERT(totalread >= 0);
443 if (ctx->state != BODY_NONE) {
444 ctx->remaining -= totalread;
445 if (ctx->remaining > 0) {
446 e = APR_BRIGADE_LAST(b);
447 if (APR_BUCKET_IS_EOS(e)) {
448 apr_bucket_delete(e);
449 return APR_INCOMPLETE;
452 else if (ctx->state == BODY_CHUNK_DATA) {
453 /* next chunk please */
454 ctx->state = BODY_CHUNK_END;
461 /* If we have no more bytes remaining on a C-L request,
462 * save the caller a round trip to discover EOS.
464 if (ctx->state == BODY_LENGTH && ctx->remaining == 0) {
465 e = apr_bucket_eos_create(f->c->bucket_alloc);
466 APR_BRIGADE_INSERT_TAIL(b, e);
470 /* We have a limit in effect. */
472 /* FIXME: Note that we might get slightly confused on chunked inputs
473 * as we'd need to compensate for the chunk lengths which may not
474 * really count. This seems to be up for interpretation. */
475 ctx->limit_used += totalread;
476 if (ctx->limit < ctx->limit_used) {
478 APLOG_MARK, APLOG_INFO, 0, f->r, APLOGNO(01591) "Read content-length of %" APR_OFF_T_FMT " is larger than the configured limit"
479 " of %" APR_OFF_T_FMT, ctx->limit_used, ctx->limit);
486 case BODY_CHUNK_TRAILER: {
488 rv = ap_get_brigade(f->next, b, mode, block, readbytes);
491 if (block == APR_NONBLOCK_READ
492 && ((rv == APR_SUCCESS && APR_BRIGADE_EMPTY(b))
493 || (APR_STATUS_IS_EAGAIN(rv)))) {
497 if (rv != APR_SUCCESS) {
513 struct check_header_ctx {
518 /* check a single header, to be used with apr_table_do() */
519 static int check_header(void *arg, const char *name, const char *val)
521 struct check_header_ctx *ctx = arg;
522 if (name[0] == '\0') {
524 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02428)
525 "Empty response header name, aborting request");
528 if (ap_has_cntrl(name)) {
530 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02429)
531 "Response header name '%s' contains control "
532 "characters, aborting request",
536 if (ap_has_cntrl(val)) {
538 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, ctx->r, APLOGNO(02430)
539 "Response header '%s' contains control characters, "
540 "aborting request: %s",
548 * Check headers for HTTP conformance
549 * @return 1 if ok, 0 if bad
551 static APR_INLINE int check_headers(request_rec *r)
554 struct check_header_ctx ctx = { 0, 0 };
557 apr_table_do(check_header, &ctx, r->headers_out, NULL);
559 return 0; /* problem has been logged by check_header() */
561 if ((loc = apr_table_get(r->headers_out, "Location")) != NULL) {
562 const char *scheme_end = ap_strchr_c(loc, ':');
566 * Check that the URI has a valid scheme and is absolute
567 * XXX Should we do a full uri parse here?
569 if (scheme_end == NULL || scheme_end == loc)
573 if ((!apr_isalnum(*s) && *s != '.' && *s != '+' && *s != '-')
574 || !apr_isascii(*s) ) {
577 } while (++s < scheme_end);
579 if (scheme_end[1] != '/' || scheme_end[2] != '/')
586 ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02431)
587 "Bad Location header in response: '%s', aborting request",
592 typedef struct header_struct {
594 apr_bucket_brigade *bb;
597 /* Send a single HTTP header field to the client. Note that this function
598 * is used in calls to apr_table_do(), so don't change its interface.
599 * It returns true unless there was a write error of some kind.
601 static int form_header_field(header_struct *h,
602 const char *fieldname, const char *fieldval)
604 #if APR_CHARSET_EBCDIC
608 headfield = apr_pstrcat(h->pool, fieldname, ": ", fieldval, CRLF, NULL);
609 len = strlen(headfield);
611 ap_xlate_proto_to_ascii(headfield, len);
612 apr_brigade_write(h->bb, NULL, NULL, headfield, len);
615 struct iovec *v = vec;
616 v->iov_base = (void *)fieldname;
617 v->iov_len = strlen(fieldname);
620 v->iov_len = sizeof(": ") - 1;
622 v->iov_base = (void *)fieldval;
623 v->iov_len = strlen(fieldval);
626 v->iov_len = sizeof(CRLF) - 1;
627 apr_brigade_writev(h->bb, NULL, NULL, vec, 4);
628 #endif /* !APR_CHARSET_EBCDIC */
632 /* This routine is called by apr_table_do and merges all instances of
633 * the passed field values into a single array that will be further
634 * processed by some later routine. Originally intended to help split
635 * and recombine multiple Vary fields, though it is generic to any field
636 * consisting of comma/space-separated tokens.
638 static int uniq_field_values(void *d, const char *key, const char *val)
640 apr_array_header_t *values;
646 values = (apr_array_header_t *)d;
648 e = apr_pstrdup(values->pool, val);
651 /* Find a non-empty fieldname */
653 while (*e == ',' || apr_isspace(*e)) {
660 while (*e != '\0' && *e != ',' && !apr_isspace(*e)) {
667 /* Now add it to values if it isn't already represented.
668 * Could be replaced by a ap_array_strcasecmp() if we had one.
670 for (i = 0, strpp = (char **) values->elts; i < values->nelts;
672 if (*strpp && strcasecmp(*strpp, start) == 0) {
676 if (i == values->nelts) { /* if not found */
677 *(char **)apr_array_push(values) = start;
679 } while (*e != '\0');
685 * Since some clients choke violently on multiple Vary fields, or
686 * Vary fields with duplicate tokens, combine any multiples and remove
689 static void fixup_vary(request_rec *r)
691 apr_array_header_t *varies;
693 varies = apr_array_make(r->pool, 5, sizeof(char *));
695 /* Extract all Vary fields from the headers_out, separate each into
696 * its comma-separated fieldname values, and then add them to varies
697 * if not already present in the array.
699 apr_table_do((int (*)(void *, const char *, const char *))uniq_field_values,
700 (void *) varies, r->headers_out, "Vary", NULL);
702 /* If we found any, replace old Vary fields with unique-ified value */
704 if (varies->nelts > 0) {
705 apr_table_setn(r->headers_out, "Vary",
706 apr_array_pstrcat(r->pool, varies, ','));
710 /* Send a request's HTTP response headers to the client.
712 static apr_status_t send_all_header_fields(header_struct *h,
713 const request_rec *r)
715 const apr_array_header_t *elts;
716 const apr_table_entry_t *t_elt;
717 const apr_table_entry_t *t_end;
719 struct iovec *vec_next;
721 elts = apr_table_elts(r->headers_out);
722 if (elts->nelts == 0) {
725 t_elt = (const apr_table_entry_t *)(elts->elts);
726 t_end = t_elt + elts->nelts;
727 vec = (struct iovec *)apr_palloc(h->pool, 4 * elts->nelts *
728 sizeof(struct iovec));
731 /* For each field, generate
732 * name ": " value CRLF
735 vec_next->iov_base = (void*)(t_elt->key);
736 vec_next->iov_len = strlen(t_elt->key);
738 vec_next->iov_base = ": ";
739 vec_next->iov_len = sizeof(": ") - 1;
741 vec_next->iov_base = (void*)(t_elt->val);
742 vec_next->iov_len = strlen(t_elt->val);
744 vec_next->iov_base = CRLF;
745 vec_next->iov_len = sizeof(CRLF) - 1;
748 } while (t_elt < t_end);
750 if (APLOGrtrace4(r)) {
751 t_elt = (const apr_table_entry_t *)(elts->elts);
753 ap_log_rerror(APLOG_MARK, APLOG_TRACE4, 0, r, " %s: %s",
754 ap_escape_logitem(r->pool, t_elt->key),
755 ap_escape_logitem(r->pool, t_elt->val));
757 } while (t_elt < t_end);
760 #if APR_CHARSET_EBCDIC
763 char *tmp = apr_pstrcatv(r->pool, vec, vec_next - vec, &len);
764 ap_xlate_proto_to_ascii(tmp, len);
765 return apr_brigade_write(h->bb, NULL, NULL, tmp, len);
768 return apr_brigade_writev(h->bb, NULL, NULL, vec, vec_next - vec);
772 /* Confirm that the status line is well-formed and matches r->status.
773 * If they don't match, a filter may have negated the status line set by a
775 * Zap r->status_line if bad.
777 static apr_status_t validate_status_line(request_rec *r)
781 if (r->status_line) {
782 int len = strlen(r->status_line);
784 || apr_strtoi64(r->status_line, &end, 10) != r->status
785 || (end - 3) != r->status_line
786 || (len >= 4 && ! apr_isspace(r->status_line[3]))) {
787 r->status_line = NULL;
790 /* Since we passed the above check, we know that length three
791 * is equivalent to only a 3 digit numeric http status.
792 * RFC2616 mandates a trailing space, let's add it.
795 r->status_line = apr_pstrcat(r->pool, r->status_line, " ", NULL);
804 * Determine the protocol to use for the response. Potentially downgrade
805 * to HTTP/1.0 in some situations and/or turn off keepalives.
807 * also prepare r->status_line.
809 static void basic_http_header_check(request_rec *r,
810 const char **protocol)
814 if (r->assbackwards) {
815 /* no such thing as a response protocol */
819 rv = validate_status_line(r);
821 if (!r->status_line) {
822 r->status_line = ap_get_status_line(r->status);
823 } else if (rv != APR_SUCCESS) {
824 /* Status line is OK but our own reason phrase
825 * would be preferred if defined
827 const char *tmp = ap_get_status_line(r->status);
828 if (!strncmp(tmp, r->status_line, 3)) {
829 r->status_line = tmp;
833 /* Note that we must downgrade before checking for force responses. */
834 if (r->proto_num > HTTP_VERSION(1,0)
835 && apr_table_get(r->subprocess_env, "downgrade-1.0")) {
836 r->proto_num = HTTP_VERSION(1,0);
839 /* kludge around broken browsers when indicated by force-response-1.0
841 if (r->proto_num == HTTP_VERSION(1,0)
842 && apr_table_get(r->subprocess_env, "force-response-1.0")) {
843 *protocol = "HTTP/1.0";
844 r->connection->keepalive = AP_CONN_CLOSE;
847 *protocol = AP_SERVER_PROTOCOL;
852 /* fill "bb" with a barebones/initial HTTP response header */
853 static void basic_http_header(request_rec *r, apr_bucket_brigade *bb,
854 const char *protocol)
857 const char *proxy_date = NULL;
858 const char *server = NULL;
859 const char *us = ap_get_server_banner();
863 if (r->assbackwards) {
864 /* there are no headers to send */
868 /* Output the HTTP/1.x Status-Line and the Date and Server fields */
870 vec[0].iov_base = (void *)protocol;
871 vec[0].iov_len = strlen(protocol);
872 vec[1].iov_base = (void *)" ";
873 vec[1].iov_len = sizeof(" ") - 1;
874 vec[2].iov_base = (void *)(r->status_line);
875 vec[2].iov_len = strlen(r->status_line);
876 vec[3].iov_base = (void *)CRLF;
877 vec[3].iov_len = sizeof(CRLF) - 1;
878 #if APR_CHARSET_EBCDIC
882 tmp = apr_pstrcatv(r->pool, vec, 4, &len);
883 ap_xlate_proto_to_ascii(tmp, len);
884 apr_brigade_write(bb, NULL, NULL, tmp, len);
887 apr_brigade_writev(bb, NULL, NULL, vec, 4);
894 * keep the set-by-proxy server and date headers, otherwise
895 * generate a new server header / date header
897 if (r->proxyreq != PROXYREQ_NONE) {
898 proxy_date = apr_table_get(r->headers_out, "Date");
901 * proxy_date needs to be const. So use date for the creation of
902 * our own Date header and pass it over to proxy_date later to
903 * avoid a compiler warning.
905 date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
906 ap_recent_rfc822_date(date, r->request_time);
908 server = apr_table_get(r->headers_out, "Server");
911 date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
912 ap_recent_rfc822_date(date, r->request_time);
915 form_header_field(&h, "Date", proxy_date ? proxy_date : date );
920 form_header_field(&h, "Server", server);
922 if (APLOGrtrace3(r)) {
923 ap_log_rerror(APLOG_MARK, APLOG_TRACE3, 0, r,
924 "Response sent with status %d%s",
926 APLOGrtrace4(r) ? ", headers:" : "");
929 * Date and Server are less interesting, use TRACE5 for them while
930 * using TRACE4 for the other headers.
932 ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, " Date: %s",
933 proxy_date ? proxy_date : date );
935 ap_log_rerror(APLOG_MARK, APLOG_TRACE5, 0, r, " Server: %s",
940 /* unset so we don't send them again */
941 apr_table_unset(r->headers_out, "Date"); /* Avoid bogosity */
943 apr_table_unset(r->headers_out, "Server");
947 AP_DECLARE(void) ap_basic_http_header(request_rec *r, apr_bucket_brigade *bb)
949 const char *protocol = NULL;
951 basic_http_header_check(r, &protocol);
952 basic_http_header(r, bb, protocol);
955 static void terminate_header(apr_bucket_brigade *bb)
960 buflen = strlen(crlf);
961 ap_xlate_proto_to_ascii(crlf, buflen);
962 apr_brigade_write(bb, NULL, NULL, crlf, buflen);
965 AP_DECLARE_NONSTD(int) ap_send_http_trace(request_rec *r)
967 core_server_config *conf;
969 apr_bucket_brigade *bb;
973 char *bodyread = NULL, *bodyoff;
974 apr_size_t bodylen = 0;
976 long res = -1; /* init to avoid gcc -Wall warning */
978 if (r->method_number != M_TRACE) {
982 /* Get the original request */
986 conf = ap_get_core_module_config(r->server->module_config);
988 if (conf->trace_enable == AP_TRACE_DISABLE) {
989 apr_table_setn(r->notes, "error-notes",
990 "TRACE denied by server configuration");
991 return HTTP_METHOD_NOT_ALLOWED;
994 if (conf->trace_enable == AP_TRACE_EXTENDED)
995 /* XXX: should be = REQUEST_CHUNKED_PASS */
996 body = REQUEST_CHUNKED_DECHUNK;
998 body = REQUEST_NO_BODY;
1000 if ((rv = ap_setup_client_block(r, body))) {
1001 if (rv == HTTP_REQUEST_ENTITY_TOO_LARGE)
1002 apr_table_setn(r->notes, "error-notes",
1003 "TRACE with a request body is not allowed");
1007 if (ap_should_client_block(r)) {
1009 if (r->remaining > 0) {
1010 if (r->remaining > 65536) {
1011 apr_table_setn(r->notes, "error-notes",
1012 "Extended TRACE request bodies cannot exceed 64k\n");
1013 return HTTP_REQUEST_ENTITY_TOO_LARGE;
1015 /* always 32 extra bytes to catch chunk header exceptions */
1016 bodybuf = (apr_size_t)r->remaining + 32;
1019 /* Add an extra 8192 for chunk headers */
1023 bodyoff = bodyread = apr_palloc(r->pool, bodybuf);
1025 /* only while we have enough for a chunked header */
1026 while ((!bodylen || bodybuf >= 32) &&
1027 (res = ap_get_client_block(r, bodyoff, bodybuf)) > 0) {
1032 if (res > 0 && bodybuf < 32) {
1033 /* discard_rest_of_request_body into our buffer */
1034 while (ap_get_client_block(r, bodyread, bodylen) > 0)
1036 apr_table_setn(r->notes, "error-notes",
1037 "Extended TRACE request bodies cannot exceed 64k\n");
1038 return HTTP_REQUEST_ENTITY_TOO_LARGE;
1042 return HTTP_BAD_REQUEST;
1046 ap_set_content_type(r, "message/http");
1048 /* Now we recreate the request, and echo it back */
1050 bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
1051 #if APR_CHARSET_EBCDIC
1055 len = strlen(r->the_request);
1056 tmp = apr_pmemdup(r->pool, r->the_request, len);
1057 ap_xlate_proto_to_ascii(tmp, len);
1058 apr_brigade_putstrs(bb, NULL, NULL, tmp, CRLF_ASCII, NULL);
1061 apr_brigade_putstrs(bb, NULL, NULL, r->the_request, CRLF, NULL);
1065 apr_table_do((int (*) (void *, const char *, const char *))
1066 form_header_field, (void *) &h, r->headers_in, NULL);
1067 apr_brigade_puts(bb, NULL, NULL, CRLF_ASCII);
1069 /* If configured to accept a body, echo the body */
1071 b = apr_bucket_pool_create(bodyread, bodylen,
1072 r->pool, bb->bucket_alloc);
1073 APR_BRIGADE_INSERT_TAIL(bb, b);
1076 ap_pass_brigade(r->output_filters, bb);
1081 typedef struct header_filter_ctx {
1083 } header_filter_ctx;
1085 AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
1086 apr_bucket_brigade *b)
1088 request_rec *r = f->r;
1089 conn_rec *c = r->connection;
1090 const char *clheader;
1091 const char *protocol = NULL;
1093 apr_bucket_brigade *b2;
1095 header_filter_ctx *ctx = f->ctx;
1097 ap_bucket_error *eb = NULL;
1098 core_server_config *conf;
1100 AP_DEBUG_ASSERT(!r->main);
1102 if (r->header_only) {
1104 ctx = f->ctx = apr_pcalloc(r->pool, sizeof(header_filter_ctx));
1106 else if (ctx->headers_sent) {
1107 apr_brigade_cleanup(b);
1112 for (e = APR_BRIGADE_FIRST(b);
1113 e != APR_BRIGADE_SENTINEL(b);
1114 e = APR_BUCKET_NEXT(e))
1116 if (AP_BUCKET_IS_ERROR(e) && !eb) {
1121 * If we see an EOC bucket it is a signal that we should get out
1122 * of the way doing nothing.
1124 if (AP_BUCKET_IS_EOC(e)) {
1125 ap_remove_output_filter(f);
1126 return ap_pass_brigade(f->next, b);
1132 status = eb->status;
1133 apr_brigade_cleanup(b);
1135 return AP_FILTER_ERROR;
1138 if (r->assbackwards) {
1140 ap_remove_output_filter(f);
1141 return ap_pass_brigade(f->next, b);
1145 * Now that we are ready to send a response, we need to combine the two
1146 * header field tables into a single table. If we don't do this, our
1147 * later attempts to set or unset a given fieldname might be bypassed.
1149 if (!apr_is_empty_table(r->err_headers_out)) {
1150 r->headers_out = apr_table_overlay(r->pool, r->err_headers_out,
1154 conf = ap_get_core_module_config(r->server->module_config);
1155 if (conf->http_conformance & AP_HTTP_CONFORMANCE_STRICT) {
1156 int ok = check_headers(r);
1157 if (!ok && !(conf->http_conformance & AP_HTTP_CONFORMANCE_LOGONLY)) {
1158 ap_die(HTTP_INTERNAL_SERVER_ERROR, r);
1159 return AP_FILTER_ERROR;
1164 * Remove the 'Vary' header field if the client can't handle it.
1165 * Since this will have nasty effects on HTTP/1.1 caches, force
1166 * the response into HTTP/1.0 mode.
1168 * Note: the force-response-1.0 should come before the call to
1169 * basic_http_header_check()
1171 if (apr_table_get(r->subprocess_env, "force-no-vary") != NULL) {
1172 apr_table_unset(r->headers_out, "Vary");
1173 r->proto_num = HTTP_VERSION(1,0);
1174 apr_table_setn(r->subprocess_env, "force-response-1.0", "1");
1181 * Now remove any ETag response header field if earlier processing
1182 * says so (such as a 'FileETag None' directive).
1184 if (apr_table_get(r->notes, "no-etag") != NULL) {
1185 apr_table_unset(r->headers_out, "ETag");
1188 /* determine the protocol and whether we should use keepalives. */
1189 basic_http_header_check(r, &protocol);
1190 ap_set_keepalive(r);
1193 apr_table_mergen(r->headers_out, "Transfer-Encoding", "chunked");
1194 apr_table_unset(r->headers_out, "Content-Length");
1197 ctype = ap_make_content_type(r, r->content_type);
1199 apr_table_setn(r->headers_out, "Content-Type", ctype);
1202 if (r->content_encoding) {
1203 apr_table_setn(r->headers_out, "Content-Encoding",
1204 r->content_encoding);
1207 if (!apr_is_empty_array(r->content_languages)) {
1210 char **languages = (char **)(r->content_languages->elts);
1211 const char *field = apr_table_get(r->headers_out, "Content-Language");
1213 while (field && (token = ap_get_list_item(r->pool, &field)) != NULL) {
1214 for (i = 0; i < r->content_languages->nelts; ++i) {
1215 if (!strcasecmp(token, languages[i]))
1218 if (i == r->content_languages->nelts) {
1219 *((char **) apr_array_push(r->content_languages)) = token;
1223 field = apr_array_pstrcat(r->pool, r->content_languages, ',');
1224 apr_table_setn(r->headers_out, "Content-Language", field);
1228 * Control cachability for non-cachable responses if not already set by
1229 * some other part of the server configuration.
1231 if (r->no_cache && !apr_table_get(r->headers_out, "Expires")) {
1232 char *date = apr_palloc(r->pool, APR_RFC822_DATE_LEN);
1233 ap_recent_rfc822_date(date, r->request_time);
1234 apr_table_addn(r->headers_out, "Expires", date);
1237 /* This is a hack, but I can't find anyway around it. The idea is that
1238 * we don't want to send out 0 Content-Lengths if it is a head request.
1239 * This happens when modules try to outsmart the server, and return
1240 * if they see a HEAD request. Apache 1.3 handlers were supposed to
1241 * just return in that situation, and the core handled the HEAD. In
1242 * 2.0, if a handler returns, then the core sends an EOS bucket down
1243 * the filter stack, and the content-length filter computes a C-L of
1244 * zero and that gets put in the headers, and we end up sending a
1245 * zero C-L to the client. We can't just remove the C-L filter,
1246 * because well behaved 2.0 handlers will send their data down the stack,
1247 * and we will compute a real C-L for the head request. RBB
1249 * Allow modification of this behavior through the
1250 * HttpContentLengthHeadZero directive.
1252 * The default (unset) behavior is to squelch the C-L in this case.
1255 && (clheader = apr_table_get(r->headers_out, "Content-Length"))
1256 && !strcmp(clheader, "0")
1257 && conf->http_cl_head_zero != AP_HTTP_CL_HEAD_ZERO_ENABLE) {
1258 apr_table_unset(r->headers_out, "Content-Length");
1261 b2 = apr_brigade_create(r->pool, c->bucket_alloc);
1262 basic_http_header(r, b2, protocol);
1267 if (r->status == HTTP_NOT_MODIFIED) {
1268 apr_table_do((int (*)(void *, const char *, const char *)) form_header_field,
1269 (void *) &h, r->headers_out,
1279 "Proxy-Authenticate",
1285 send_all_header_fields(&h, r);
1288 terminate_header(b2);
1290 ap_pass_brigade(f->next, b2);
1292 if (r->header_only) {
1293 apr_brigade_cleanup(b);
1294 ctx->headers_sent = 1;
1298 r->sent_bodyct = 1; /* Whatever follows is real body stuff... */
1301 /* We can't add this filter until we have already sent the headers.
1302 * If we add it before this point, then the headers will be chunked
1303 * as well, and that is just wrong.
1305 ap_add_output_filter("CHUNK", NULL, r, r->connection);
1308 /* Don't remove this filter until after we have added the CHUNK filter.
1309 * Otherwise, f->next won't be the CHUNK filter and thus the first
1310 * brigade won't be chunked properly.
1312 ap_remove_output_filter(f);
1313 return ap_pass_brigade(f->next, b);
1317 * Map specific APR codes returned by the filter stack to HTTP error
1318 * codes, or the default status code provided. Use it as follows:
1320 * return ap_map_http_request_error(rv, HTTP_BAD_REQUEST);
1322 * If the filter has already handled the error, AP_FILTER_ERROR will
1323 * be returned, which is cleanly passed through.
1325 * These mappings imply that the filter stack is reading from the
1326 * downstream client, the proxy will map these codes differently.
1328 AP_DECLARE(int) ap_map_http_request_error(apr_status_t rv, int status)
1331 case AP_FILTER_ERROR: {
1332 return AP_FILTER_ERROR;
1334 case APR_EGENERAL: {
1335 return HTTP_BAD_REQUEST;
1338 return HTTP_REQUEST_ENTITY_TOO_LARGE;
1340 case APR_ENOTIMPL: {
1341 return HTTP_NOT_IMPLEMENTED;
1343 case APR_ETIMEDOUT: {
1344 return HTTP_REQUEST_TIME_OUT;
1352 /* In HTTP/1.1, any method can have a body. However, most GET handlers
1353 * wouldn't know what to do with a request body if they received one.
1354 * This helper routine tests for and reads any message body in the request,
1355 * simply discarding whatever it receives. We need to do this because
1356 * failing to read the request body would cause it to be interpreted
1357 * as the next request on a persistent connection.
1359 * Since we return an error status if the request is malformed, this
1360 * routine should be called at the beginning of a no-body handler, e.g.,
1362 * if ((retval = ap_discard_request_body(r)) != OK) {
1366 AP_DECLARE(int) ap_discard_request_body(request_rec *r)
1368 apr_bucket_brigade *bb;
1372 /* Sometimes we'll get in a state where the input handling has
1373 * detected an error where we want to drop the connection, so if
1374 * that's the case, don't read the data as that is what we're trying
1377 * This function is also a no-op on a subrequest.
1379 if (r->main || r->connection->keepalive == AP_CONN_CLOSE ||
1380 ap_status_drops_connection(r->status)) {
1384 bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
1389 rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
1390 APR_BLOCK_READ, HUGE_STRING_LEN);
1392 if (rv != APR_SUCCESS) {
1393 apr_brigade_destroy(bb);
1394 return ap_map_http_request_error(rv, HTTP_BAD_REQUEST);
1397 for (bucket = APR_BRIGADE_FIRST(bb);
1398 bucket != APR_BRIGADE_SENTINEL(bb);
1399 bucket = APR_BUCKET_NEXT(bucket))
1404 if (APR_BUCKET_IS_EOS(bucket)) {
1409 /* These are metadata buckets. */
1410 if (bucket->length == 0) {
1414 /* We MUST read because in case we have an unknown-length
1415 * bucket or one that morphs, we want to exhaust it.
1417 rv = apr_bucket_read(bucket, &data, &len, APR_BLOCK_READ);
1418 if (rv != APR_SUCCESS) {
1419 apr_brigade_destroy(bb);
1420 return HTTP_BAD_REQUEST;
1423 apr_brigade_cleanup(bb);
1424 } while (!seen_eos);
1429 /* Here we deal with getting the request message body from the client.
1430 * Whether or not the request contains a body is signaled by the presence
1431 * of a non-zero Content-Length or by a Transfer-Encoding: chunked.
1433 * Note that this is more complicated than it was in Apache 1.1 and prior
1434 * versions, because chunked support means that the module does less.
1436 * The proper procedure is this:
1438 * 1. Call ap_setup_client_block() near the beginning of the request
1439 * handler. This will set up all the necessary properties, and will
1440 * return either OK, or an error code. If the latter, the module should
1441 * return that error code. The second parameter selects the policy to
1442 * apply if the request message indicates a body, and how a chunked
1443 * transfer-coding should be interpreted. Choose one of
1445 * REQUEST_NO_BODY Send 413 error if message has any body
1446 * REQUEST_CHUNKED_ERROR Send 411 error if body without Content-Length
1447 * REQUEST_CHUNKED_DECHUNK If chunked, remove the chunks for me.
1448 * REQUEST_CHUNKED_PASS If chunked, pass the chunk headers with body.
1450 * In order to use the last two options, the caller MUST provide a buffer
1451 * large enough to hold a chunk-size line, including any extensions.
1453 * 2. When you are ready to read a body (if any), call ap_should_client_block().
1454 * This will tell the module whether or not to read input. If it is 0,
1455 * the module should assume that there is no message body to read.
1457 * 3. Finally, call ap_get_client_block in a loop. Pass it a buffer and its size.
1458 * It will put data into the buffer (not necessarily a full buffer), and
1459 * return the length of the input block. When it is done reading, it will
1460 * return 0 if EOF, or -1 if there was an error.
1461 * If an error occurs on input, we force an end to keepalive.
1463 * This step also sends a 100 Continue response to HTTP/1.1 clients if appropriate.
1466 AP_DECLARE(int) ap_setup_client_block(request_rec *r, int read_policy)
1468 const char *tenc = apr_table_get(r->headers_in, "Transfer-Encoding");
1469 const char *lenp = apr_table_get(r->headers_in, "Content-Length");
1471 r->read_body = read_policy;
1472 r->read_chunked = 0;
1476 if (strcasecmp(tenc, "chunked")) {
1477 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01592)
1478 "Unknown Transfer-Encoding %s", tenc);
1479 return HTTP_NOT_IMPLEMENTED;
1481 if (r->read_body == REQUEST_CHUNKED_ERROR) {
1482 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01593)
1483 "chunked Transfer-Encoding forbidden: %s", r->uri);
1484 return (lenp) ? HTTP_BAD_REQUEST : HTTP_LENGTH_REQUIRED;
1487 r->read_chunked = 1;
1492 if (apr_strtoff(&r->remaining, lenp, &endstr, 10)
1493 || *endstr || r->remaining < 0) {
1495 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01594)
1496 "Invalid Content-Length");
1497 return HTTP_BAD_REQUEST;
1501 if ((r->read_body == REQUEST_NO_BODY)
1502 && (r->read_chunked || (r->remaining > 0))) {
1503 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(01595)
1504 "%s with body is not allowed for %s", r->method, r->uri);
1505 return HTTP_REQUEST_ENTITY_TOO_LARGE;
1510 /* Make sure ap_getline() didn't leave any droppings. */
1511 core_request_config *req_cfg =
1512 (core_request_config *)ap_get_core_module_config(r->request_config);
1513 AP_DEBUG_ASSERT(APR_BRIGADE_EMPTY(req_cfg->bb));
1520 AP_DECLARE(int) ap_should_client_block(request_rec *r)
1522 /* First check if we have already read the request body */
1524 if (r->read_length || (!r->read_chunked && (r->remaining <= 0))) {
1531 /* get_client_block is called in a loop to get the request message body.
1532 * This is quite simple if the client includes a content-length
1533 * (the normal case), but gets messy if the body is chunked. Note that
1534 * r->remaining is used to maintain state across calls and that
1535 * r->read_length is the total number of bytes given to the caller
1536 * across all invocations. It is messy because we have to be careful not
1537 * to read past the data provided by the client, since these reads block.
1538 * Returns 0 on End-of-body, -1 on error or premature chunk end.
1541 AP_DECLARE(long) ap_get_client_block(request_rec *r, char *buffer,
1545 apr_bucket_brigade *bb;
1547 if (r->remaining < 0 || (!r->read_chunked && r->remaining == 0)) {
1551 bb = apr_brigade_create(r->pool, r->connection->bucket_alloc);
1553 r->connection->keepalive = AP_CONN_CLOSE;
1557 rv = ap_get_brigade(r->input_filters, bb, AP_MODE_READBYTES,
1558 APR_BLOCK_READ, bufsiz);
1560 /* We lose the failure code here. This is why ap_get_client_block should
1563 if (rv != APR_SUCCESS) {
1566 /* work around our silent swallowing of error messages by mapping
1567 * error codes at this point, and sending an error bucket back
1570 apr_brigade_cleanup(bb);
1572 e = ap_bucket_error_create(
1573 ap_map_http_request_error(rv, HTTP_BAD_REQUEST), NULL, r->pool,
1574 r->connection->bucket_alloc);
1575 APR_BRIGADE_INSERT_TAIL(bb, e);
1577 e = apr_bucket_eos_create(r->connection->bucket_alloc);
1578 APR_BRIGADE_INSERT_TAIL(bb, e);
1580 rv = ap_pass_brigade(r->output_filters, bb);
1581 if (APR_SUCCESS != rv) {
1582 ap_log_rerror(APLOG_MARK, APLOG_INFO, rv, r, APLOGNO(02484)
1583 "Error while writing error response");
1586 /* if we actually fail here, we want to just return and
1587 * stop trying to read data from the client.
1589 r->connection->keepalive = AP_CONN_CLOSE;
1590 apr_brigade_destroy(bb);
1594 /* If this fails, it means that a filter is written incorrectly and that
1595 * it needs to learn how to properly handle APR_BLOCK_READ requests by
1596 * returning data when requested.
1598 AP_DEBUG_ASSERT(!APR_BRIGADE_EMPTY(bb));
1600 /* Check to see if EOS in the brigade.
1602 * If so, we have to leave a nugget for the *next* ap_get_client_block
1605 if (APR_BUCKET_IS_EOS(APR_BRIGADE_LAST(bb))) {
1606 if (r->read_chunked) {
1614 rv = apr_brigade_flatten(bb, buffer, &bufsiz);
1615 if (rv != APR_SUCCESS) {
1616 apr_brigade_destroy(bb);
1621 r->read_length += bufsiz;
1623 apr_brigade_destroy(bb);
1627 /* Context struct for ap_http_outerror_filter */
1630 } outerror_filter_ctx_t;
1632 /* Filter to handle any error buckets on output */
1633 apr_status_t ap_http_outerror_filter(ap_filter_t *f,
1634 apr_bucket_brigade *b)
1636 request_rec *r = f->r;
1637 outerror_filter_ctx_t *ctx = (outerror_filter_ctx_t *)(f->ctx);
1640 /* Create context if none is present */
1642 ctx = apr_pcalloc(r->pool, sizeof(outerror_filter_ctx_t));
1645 for (e = APR_BRIGADE_FIRST(b);
1646 e != APR_BRIGADE_SENTINEL(b);
1647 e = APR_BUCKET_NEXT(e))
1649 if (AP_BUCKET_IS_ERROR(e)) {
1651 * Start of error handling state tree. Just one condition
1654 if (((ap_bucket_error *)(e->data))->status == HTTP_BAD_GATEWAY ||
1655 ((ap_bucket_error *)(e->data))->status == HTTP_GATEWAY_TIME_OUT) {
1656 /* stream aborted and we have not ended it yet */
1657 r->connection->keepalive = AP_CONN_CLOSE;
1661 /* Detect EOC buckets and memorize this in the context. */
1662 if (AP_BUCKET_IS_EOC(e)) {
1667 * Remove all data buckets that are in a brigade after an EOC bucket
1668 * was seen, as an EOC bucket tells us that no (further) resource
1669 * and protocol data should go out to the client. OTOH meta buckets
1670 * are still welcome as they might trigger needed actions down in
1671 * the chain (e.g. in network filters like SSL).
1672 * Remark 1: It is needed to dump ALL data buckets in the brigade
1673 * since an filter in between might have inserted data
1674 * buckets BEFORE the EOC bucket sent by the original
1675 * sender and we do NOT want this data to be sent.
1676 * Remark 2: Dumping all data buckets here does not necessarily mean
1677 * that no further data is send to the client as:
1678 * 1. Network filters like SSL can still be triggered via
1679 * meta buckets to talk with the client e.g. for a
1681 * 2. There could be still data that was buffered before
1682 * down in the chain that gets flushed by a FLUSH or an
1685 if (ctx->seen_eoc) {
1686 for (e = APR_BRIGADE_FIRST(b);
1687 e != APR_BRIGADE_SENTINEL(b);
1688 e = APR_BUCKET_NEXT(e))
1690 if (!APR_BUCKET_IS_METADATA(e)) {
1691 APR_BUCKET_REMOVE(e);
1696 return ap_pass_brigade(f->next, b);
projects / apache / blob