/**
* Parses request query string, if present.
*
* @param[in] connp
* @param[in] raw_data
* @param[in] raw_len
* @return HTP_OK if query string was parsed, HTP_DECLINED if there was no query
* string, and HTP_ERROR on failure.
*/
htp_status_t htp_ch_urlencoded_callback_request_line(htp_tx_t *tx) {
// Proceed only if there's something for us to parse.
if ((tx->parsed_uri->query == NULL) || (bstr_len(tx->parsed_uri->query) == 0)) {
return HTP_DECLINED;
}
// We have a non-zero length query string.
tx->request_urlenp_query = htp_urlenp_create(tx);
if (tx->request_urlenp_query == NULL) return HTP_ERROR;
if (htp_urlenp_parse_complete(tx->request_urlenp_query, bstr_ptr(tx->parsed_uri->query),
bstr_len(tx->parsed_uri->query)) != HTP_OK) {
htp_urlenp_destroy(tx->request_urlenp_query);
return HTP_ERROR;
}
// Add all parameters to the transaction.
bstr *name = NULL;
bstr *value = NULL;
for (size_t i = 0, n = htp_table_size(tx->request_urlenp_query->params); i < n; i++) {
value = htp_table_get_index(tx->request_urlenp_query->params, i, &name);
htp_param_t *param = calloc(1, sizeof (htp_param_t));
if (param == NULL) return HTP_ERROR;
param->name = name;
param->value = value;
param->source = HTP_SOURCE_QUERY_STRING;
param->parser_id = HTP_PARSER_URLENCODED;
param->parser_data = NULL;
if (htp_tx_req_add_param(tx, param) != HTP_OK) {
free(param);
return HTP_ERROR;
}
}
// All the parameter data is now owned by the transaction, and
// the parser table used to store it is no longer needed. The
// line below will destroy just the table, leaving keys intact.
htp_table_destroy_ex(tx->request_urlenp_query->params);
tx->request_urlenp_query->params = NULL;
htp_urlenp_destroy(tx->request_urlenp_query);
tx->request_urlenp_query = NULL;
return HTP_OK;
}
void htp_tx_destroy_incomplete(htp_tx_t *tx) {
if (tx == NULL) return;
// Disconnect transaction from other structures.
htp_conn_remove_tx(tx->conn, tx);
htp_connp_tx_remove(tx->connp, tx);
// Request fields.
bstr_free(tx->request_line);
bstr_free(tx->request_method);
bstr_free(tx->request_uri);
bstr_free(tx->request_protocol);
bstr_free(tx->request_content_type);
bstr_free(tx->request_hostname);
htp_uri_free(tx->parsed_uri_raw);
htp_uri_free(tx->parsed_uri);
// Request_headers.
if (tx->request_headers != NULL) {
htp_header_t *h = NULL;
for (size_t i = 0, n = htp_table_size(tx->request_headers); i < n; i++) {
h = htp_table_get_index(tx->request_headers, i, NULL);
bstr_free(h->name);
bstr_free(h->value);
free(h);
}
htp_table_destroy(tx->request_headers);
}
// Request parsers.
htp_urlenp_destroy(tx->request_urlenp_query);
htp_urlenp_destroy(tx->request_urlenp_body);
htp_mpartp_destroy(tx->request_mpartp);
// Request parameters.
htp_param_t *param = NULL;
for (size_t i = 0, n = htp_table_size(tx->request_params); i < n; i++) {
param = htp_table_get_index(tx->request_params, i, NULL);
free(param->name);
free(param->value);
free(param);
}
htp_table_destroy(tx->request_params);
// Request cookies.
if (tx->request_cookies != NULL) {
bstr *b = NULL;
for (size_t i = 0, n = htp_table_size(tx->request_cookies); i < n; i++) {
b = htp_table_get_index(tx->request_cookies, i, NULL);
bstr_free(b);
}
htp_table_destroy(tx->request_cookies);
}
htp_hook_destroy(tx->hook_request_body_data);
// Response fields.
bstr_free(tx->response_line);
bstr_free(tx->response_protocol);
bstr_free(tx->response_status);
bstr_free(tx->response_message);
bstr_free(tx->response_content_type);
// Destroy response headers.
if (tx->response_headers != NULL) {
htp_header_t *h = NULL;
for (size_t i = 0, n = htp_table_size(tx->response_headers); i < n; i++) {
h = htp_table_get_index(tx->response_headers, i, NULL);
bstr_free(h->name);
bstr_free(h->value);
free(h);
}
htp_table_destroy(tx->response_headers);
}
// If we're using a private configuration structure, destroy it.
if (tx->is_config_shared == HTP_CONFIG_PRIVATE) {
htp_config_destroy(tx->cfg);
}
free(tx);
}
void htp_tx_destroy(htp_tx_t *tx) {
bstr_free(tx->request_line);
bstr_free(tx->request_line_raw);
bstr_free(tx->request_method);
bstr_free(tx->request_uri);
bstr_free(tx->request_uri_normalized);
bstr_free(tx->request_protocol);
bstr_free(tx->request_headers_sep);
if (tx->parsed_uri != NULL) {
bstr_free(tx->parsed_uri->scheme);
bstr_free(tx->parsed_uri->username);
bstr_free(tx->parsed_uri->password);
bstr_free(tx->parsed_uri->hostname);
bstr_free(tx->parsed_uri->port);
bstr_free(tx->parsed_uri->path);
bstr_free(tx->parsed_uri->query);
bstr_free(tx->parsed_uri->fragment);
free(tx->parsed_uri);
}
if (tx->parsed_uri_incomplete != NULL) {
bstr_free(tx->parsed_uri_incomplete->scheme);
bstr_free(tx->parsed_uri_incomplete->username);
bstr_free(tx->parsed_uri_incomplete->password);
bstr_free(tx->parsed_uri_incomplete->hostname);
bstr_free(tx->parsed_uri_incomplete->port);
bstr_free(tx->parsed_uri_incomplete->path);
bstr_free(tx->parsed_uri_incomplete->query);
bstr_free(tx->parsed_uri_incomplete->fragment);
free(tx->parsed_uri_incomplete);
}
// Destroy request_header_lines.
if (tx->request_header_lines != NULL) {
for (int i = 0, n = htp_list_size(tx->request_header_lines); i < n; i++) {
htp_header_line_t *hl = htp_list_get(tx->request_header_lines, i);
bstr_free(hl->line);
// No need to destroy hl->header because
// htp_header_line_t does not own it.
free(hl);
}
htp_list_destroy(tx->request_header_lines);
tx->request_header_lines = NULL;
}
// Destroy request_headers.
if (tx->request_headers != NULL) {
htp_header_t *h = NULL;
for (int i = 0, n = htp_table_size(tx->request_headers); i < n; i++) {
h = htp_table_get_index(tx->request_headers, i, NULL);
bstr_free(h->name);
bstr_free(h->value);
free(h);
}
htp_table_destroy(tx->request_headers);
}
if (tx->request_headers_raw != NULL) {
bstr_free(tx->request_headers_raw);
}
if (tx->response_headers_raw != NULL) {
bstr_free(tx->response_headers_raw);
}
bstr_free(tx->response_line);
bstr_free(tx->response_line_raw);
bstr_free(tx->response_protocol);
bstr_free(tx->response_status);
bstr_free(tx->response_message);
bstr_free(tx->response_headers_sep);
// Destroy response_header_lines.
if (tx->response_header_lines != NULL) {
for (int i = 0, n = htp_list_size(tx->response_header_lines); i < n; i++) {
htp_header_line_t *hl = htp_list_get(tx->response_header_lines, i);
bstr_free(hl->line);
// No need to destroy hl->header because
// htp_header_line_t does not own it.
free(hl);
}
htp_list_destroy(tx->response_header_lines);
tx->response_header_lines = NULL;
}
// Destroy response headers.
if (tx->response_headers != NULL) {
htp_header_t *h = NULL;
for (int i = 0, n = htp_table_size(tx->response_headers); i < n; i++) {
h = htp_table_get_index(tx->response_headers, i, NULL);
bstr_free(h->name);
bstr_free(h->value);
free(h);
}
htp_table_destroy(tx->response_headers);
}
// Tell the connection to remove this transaction from the list.
htp_conn_remove_tx(tx->conn, tx);
// Invalidate the pointer to this transactions held
// by the connection parser. This is to allow a transaction
// to be destroyed from within the final response callback.
if (tx->connp != NULL) {
if (tx->connp->out_tx == tx) {
tx->connp->out_tx = NULL;
}
}
bstr_free(tx->request_content_type);
bstr_free(tx->response_content_type);
// Parsers
htp_urlenp_destroy(tx->request_urlenp_query);
htp_urlenp_destroy(tx->request_urlenp_body);
htp_mpartp_destroy(tx->request_mpartp);
// Request parameters
htp_param_t *param = NULL;
for (int i = 0, n = htp_table_size(tx->request_params); i < n; i++) {
param = htp_table_get_index(tx->request_params, i, NULL);
free(param->name);
free(param->value);
free(param);
}
htp_table_destroy(tx->request_params);
// Request cookies
if (tx->request_cookies != NULL) {
bstr *b = NULL;
for (int i = 0, n = htp_table_size(tx->request_cookies); i < n; i++) {
b = htp_table_get_index(tx->request_cookies, i, NULL);
bstr_free(b);
}
htp_table_destroy(tx->request_cookies);
}
htp_hook_destroy(tx->hook_request_body_data);
// If we're using a private configuration, destroy it.
if (tx->is_config_shared == HTP_CONFIG_PRIVATE) {
htp_config_destroy(tx->cfg);
}
free(tx);
}
