/* Read the request from a client socket. */ int fetch_request(t_session *session) { char *new_reqbuf, *strstart, *strend; long max_request_size, bytes_read, header_length = -1, content_length = -1, chunk_size_pos; int result = 200, write_bytes, poll_result, upload_handle = -1, retval; time_t deadline; struct pollfd poll_data; bool keep_reading = true, store_on_disk = false, chunked_request = false; if (session->request_limit == false) { deadline = session->time + NO_REQUEST_LIMIT_TIME; max_request_size = NO_REQUEST_LIMIT_SIZE; } else if (session->kept_alive == 0) { deadline = session->time + session->binding->time_for_1st_request; max_request_size = session->binding->max_request_size; } else { deadline = session->time + session->binding->time_for_request; max_request_size = session->binding->max_request_size; } do { /* Check if requestbuffer contains a complete request. */ if (session->request != NULL) { if (header_length == -1) { if ((strstart = strstr(session->request, "\r\n\r\n")) != NULL) { *(strstart + 2) = '\0'; header_length = strstart + 4 - session->request; session->header_length = header_length; determine_request_method(session); store_on_disk = (session->request_method == PUT) && session->binding->enable_alter; if (store_on_disk) { if ((session->uploaded_file = (char*)malloc(session->config->upload_directory_len + 15)) != NULL) { strcpy(session->uploaded_file, session->config->upload_directory); strcpy(session->uploaded_file + session->config->upload_directory_len, "/upload_XXXXXX"); umask(S_IWGRP | S_IWOTH); if ((upload_handle = mkstemp(session->uploaded_file)) == -1) { free(session->uploaded_file); session->uploaded_file = NULL; } } if (session->uploaded_file == NULL) { log_error(session, "can't create temporary file for PUT request"); result = 500; break; } session->uploaded_size = session->bytes_in_buffer - header_length; if (write_buffer(upload_handle, session->request + header_length, session->uploaded_size) == -1) { result = 500; break; } session->bytes_in_buffer = header_length; } } } if (header_length != -1) { if ((content_length == -1) && (chunked_request == false)) { if ((strstart = strcasestr(session->request, hs_conlen)) != NULL) { /* Request has Content-Length */ strstart += 16; if ((strend = strstr(strstart, "\r\n")) != NULL) { *strend = '\0'; content_length = str_to_int(strstart); *strend = '\r'; if ((content_length < 0) || (INT_MAX - content_length - 2 <= header_length)) { result = 500; break; } if (store_on_disk) { /* Write to file on disk */ session->content_length = 0; if (content_length > session->binding->max_upload_size) { result = 413; break; } session->buffer_size = header_length + REQUEST_BUFFER_CHUNK; if ((new_reqbuf = (char*)realloc(session->request, session->buffer_size + 1)) != NULL) { session->request = new_reqbuf; } else { session->error_cause = ec_SOCKET_READ_ERROR; result = -1; break; } } else { /* Read into memory */ session->content_length = content_length; if (header_length + content_length > max_request_size) { session->error_cause = ec_MAX_REQUESTSIZE; result = -1; break; } if (header_length + content_length > session->buffer_size) { session->buffer_size = header_length + content_length; if ((new_reqbuf = (char*)realloc(session->request, session->buffer_size + 1)) != NULL) { session->request = new_reqbuf; } else { session->error_cause = ec_SOCKET_READ_ERROR; result = -1; break; } } } } } else if (strcasestr(session->request, hs_chunked) != NULL) { /* Chunked transfer encoding */ if (store_on_disk) { log_error(session, "Chunked transfer encoding for PUT requests not supported."); result = -1; break; } chunked_request = true; chunk_size_pos = 0; } else { /* No content */ session->content_length = 0; if (store_on_disk) { result = 411; } break; } } if (content_length > -1) { if (store_on_disk) { if (session->uploaded_size == content_length) { /* Received a complete PUT request */ break; } } else { if (session->bytes_in_buffer >= header_length + content_length) { /* Received a complete request */ break; } } } else if (chunked_request) { /* All chunks uploaded */ retval = all_chunks_uploaded(session->request + session->header_length, session->bytes_in_buffer - session->header_length, &chunk_size_pos); if (retval == -1) { result = 400; break; } else if (retval == 1) { if ((session->content_length = merge_chunks(session->request + session->header_length, session->bytes_in_buffer - session->header_length, &(session->bytes_in_buffer))) == -1) { result = -1; } break; } } } } #ifdef ENABLE_SSL poll_result = session->binding->use_ssl ? ssl_pending(&(session->ssl_context)) : 0; if (poll_result == 0) { #endif poll_data.fd = session->client_socket; poll_data.events = POLL_EVENT_BITS; poll_result = poll(&poll_data, 1, 1000); #ifdef ENABLE_SSL } #endif switch (poll_result) { case -1: if (errno != EINTR) { if (session->bytes_in_buffer == 0) { session->error_cause = ec_CLIENT_DISCONNECTED; } else { session->error_cause = ec_SOCKET_READ_ERROR; } result = -1; keep_reading = false; } break; case 0: if (session->force_quit) { session->error_cause = ec_FORCE_QUIT; result = -1; keep_reading = false; } else if (time(NULL) > deadline) { session->error_cause = ec_TIMEOUT; result = -1; keep_reading = false; } break; default: if ((content_length == -1) && ((session->buffer_size - session->bytes_in_buffer) < 256)) { session->buffer_size += REQUEST_BUFFER_CHUNK; if ((new_reqbuf = (char*)realloc(session->request, session->buffer_size + 1)) != NULL) { session->request = new_reqbuf; } else { session->error_cause = ec_SOCKET_READ_ERROR; result = -1; keep_reading = false; break; } } /* Read from socket. */ #ifdef ENABLE_SSL if (session->binding->use_ssl) { bytes_read = ssl_receive(&(session->ssl_context), session->request + session->bytes_in_buffer, session->buffer_size - session->bytes_in_buffer); } else #endif bytes_read = recv(session->client_socket, session->request + session->bytes_in_buffer, session->buffer_size - session->bytes_in_buffer, 0); switch (bytes_read) { case -1: if (errno != EINTR) { if (session->bytes_in_buffer == 0) { session->error_cause = ec_CLIENT_DISCONNECTED; } else { session->error_cause = ec_SOCKET_READ_ERROR; } result = -1; keep_reading = false; } break; case 0: session->error_cause = ec_CLIENT_DISCONNECTED; result = -1; keep_reading = false; break; default: if (store_on_disk) { /* Write to file on disk */ write_bytes = bytes_read; if (session->uploaded_size + bytes_read > content_length) { write_bytes -= ((session->uploaded_size + bytes_read) - content_length); } if (write_buffer(upload_handle, session->request + header_length, write_bytes) == -1) { result = 500; keep_reading = false; break; } if ((session->uploaded_size += write_bytes) > session->binding->max_upload_size) { keep_reading = false; result = 413; break; } if (write_bytes < bytes_read) { memmove(session->request + header_length, session->request + header_length + write_bytes, bytes_read - write_bytes); session->bytes_in_buffer += bytes_read - write_bytes; keep_reading = false; } } else { /* Read into memory */ session->bytes_in_buffer += bytes_read; *(session->request + session->bytes_in_buffer) = '\0'; if (session->bytes_in_buffer > max_request_size) { keep_reading = false; session->error_cause = ec_MAX_REQUESTSIZE; result = -1; break; } } } } } while (keep_reading); if (upload_handle != -1) { fsync(upload_handle); close(upload_handle); } #ifdef ENABLE_TOMAHAWK increment_transfer(TRANSFER_RECEIVED, header_length + content_length); #endif return result; }
static gboolean http_incoming_data( gpointer data, int source, b_input_condition cond ) { struct http_request *req = data; int evil_server = 0; char buffer[2048]; char *end1, *end2; int st; if( req->inpa > 0 ) b_event_remove( req->inpa ); if( req->ssl ) { st = ssl_read( req->ssl, buffer, sizeof( buffer ) ); if( st < 0 ) { if( ssl_errno != SSL_AGAIN ) { /* goto cleanup; */ /* YAY! We have to deal with crappy Microsoft servers that LOVE to send invalid TLS packets that abort connections! \o/ */ goto got_reply; } } else if( st == 0 ) { goto got_reply; } } else { st = read( req->fd, buffer, sizeof( buffer ) ); if( st < 0 ) { if( !sockerr_again() ) { req->status_string = g_strdup( strerror( errno ) ); goto cleanup; } } else if( st == 0 ) { goto got_reply; } } if( st > 0 ) { req->reply_headers = g_realloc( req->reply_headers, req->bytes_read + st + 1 ); memcpy( req->reply_headers + req->bytes_read, buffer, st ); req->bytes_read += st; } /* There will be more! */ req->inpa = b_input_add( req->fd, req->ssl ? ssl_getdirection( req->ssl ) : B_EV_IO_READ, http_incoming_data, req ); if( ssl_pending( req->ssl ) ) return http_incoming_data( data, source, cond ); else return FALSE; got_reply: /* Maybe if the webserver is overloaded, or when there's bad SSL support... */ if( req->bytes_read == 0 ) { req->status_string = g_strdup( "Empty HTTP reply" ); goto cleanup; } /* Zero termination is very convenient. */ req->reply_headers[req->bytes_read] = 0; /* Find the separation between headers and body, and keep stupid webservers in mind. */ end1 = strstr( req->reply_headers, "\r\n\r\n" ); end2 = strstr( req->reply_headers, "\n\n" ); if( end2 && end2 < end1 ) { end1 = end2 + 1; evil_server = 1; } else if( end1 ) { end1 += 2; } else { req->status_string = g_strdup( "Malformed HTTP reply" ); goto cleanup; } *end1 = 0; if( getenv( "BITLBEE_DEBUG" ) ) printf( "HTTP response headers:\n%s\n", req->reply_headers ); if( evil_server ) req->reply_body = end1 + 1; else req->reply_body = end1 + 2; req->body_size = req->reply_headers + req->bytes_read - req->reply_body; if( ( end1 = strchr( req->reply_headers, ' ' ) ) != NULL ) { if( sscanf( end1 + 1, "%d", &req->status_code ) != 1 ) { req->status_string = g_strdup( "Can't parse status code" ); req->status_code = -1; } else { char *eol; if( evil_server ) eol = strchr( end1, '\n' ); else eol = strchr( end1, '\r' ); req->status_string = g_strndup( end1 + 1, eol - end1 - 1 ); /* Just to be sure... */ if( ( eol = strchr( req->status_string, '\r' ) ) ) *eol = 0; if( ( eol = strchr( req->status_string, '\n' ) ) ) *eol = 0; } } else { req->status_string = g_strdup( "Can't locate status code" ); req->status_code = -1; } if( ( ( req->status_code >= 301 && req->status_code <= 303 ) || req->status_code == 307 ) && req->redir_ttl-- > 0 ) { char *loc, *new_request, *new_host; int error = 0, new_port, new_proto; /* We might fill it again, so let's not leak any memory. */ g_free( req->status_string ); req->status_string = NULL; loc = strstr( req->reply_headers, "\nLocation: " ); if( loc == NULL ) /* We can't handle this redirect... */ { req->status_string = g_strdup( "Can't locate Location: header" ); goto cleanup; } loc += 11; while( *loc == ' ' ) loc ++; /* TODO/FIXME: Possibly have to handle relative redirections, and rewrite Host: headers. Not necessary for now, it's enough for passport authentication like this. */ if( *loc == '/' ) { /* Just a different pathname... */ /* Since we don't cache the servername, and since we don't need this yet anyway, I won't implement it. */ req->status_string = g_strdup( "Can't handle recursive redirects" ); goto cleanup; } else { /* A whole URL */ url_t *url; char *s; const char *new_method; s = strstr( loc, "\r\n" ); if( s == NULL ) goto cleanup; url = g_new0( url_t, 1 ); *s = 0; if( !url_set( url, loc ) ) { req->status_string = g_strdup( "Malformed redirect URL" ); g_free( url ); goto cleanup; } /* Find all headers and, if necessary, the POST request contents. Skip the old Host: header though. This crappy code here means anything using this http_client MUST put the Host: header at the top. */ if( !( ( s = strstr( req->request, "\r\nHost: " ) ) && ( s = strstr( s + strlen( "\r\nHost: " ), "\r\n" ) ) ) ) { req->status_string = g_strdup( "Error while rebuilding request string" ); g_free( url ); goto cleanup; } /* More or less HTTP/1.0 compliant, from my reading of RFC 2616. Always perform a GET request unless we received a 301. 303 was meant for this but it's HTTP/1.1-only and we're specifically speaking HTTP/1.0. ... Well except someone at identi.ca's didn't bother reading any RFCs and just return HTTP/1.1-specific status codes to HTTP/1.0 requests. Fuckers. So here we are, handle 301..303,307. */ if( strncmp( req->request, "GET", 3 ) == 0 ) /* GETs never become POSTs. */ new_method = "GET"; else if( req->status_code == 302 || req->status_code == 303 ) /* 302 de-facto becomes GET, 303 as specified by RFC 2616#10.3.3 */ new_method = "GET"; else /* 301 de-facto should stay POST, 307 specifally RFC 2616#10.3.8 */ new_method = "POST"; /* Okay, this isn't fun! We have to rebuild the request... :-( */ new_request = g_strdup_printf( "%s %s HTTP/1.0\r\nHost: %s%s", new_method, url->file, url->host, s ); new_host = g_strdup( url->host ); new_port = url->port; new_proto = url->proto; /* If we went from POST to GET, truncate the request content. */ if( new_request[0] != req->request[0] && new_request[0] == 'G' && ( s = strstr( new_request, "\r\n\r\n" ) ) ) s[4] = '\0'; g_free( url ); } if( req->ssl ) ssl_disconnect( req->ssl ); else closesocket( req->fd ); req->fd = -1; req->ssl = NULL; if( getenv( "BITLBEE_DEBUG" ) ) printf( "New headers for redirected HTTP request:\n%s\n", new_request ); if( new_proto == PROTO_HTTPS ) { req->ssl = ssl_connect( new_host, new_port, TRUE, http_ssl_connected, req ); if( req->ssl == NULL ) error = 1; } else { req->fd = proxy_connect( new_host, new_port, http_connected, req ); if( req->fd < 0 ) error = 1; } g_free( new_host ); if( error ) { req->status_string = g_strdup( "Connection problem during redirect" ); g_free( new_request ); goto cleanup; } g_free( req->request ); g_free( req->reply_headers ); req->request = new_request; req->request_length = strlen( new_request ); req->bytes_read = req->bytes_written = req->inpa = 0; req->reply_headers = req->reply_body = NULL; return FALSE; } /* Assume that a closed connection means we're finished, this indeed breaks with keep-alive connections and faulty connections. */ req->finished = 1; cleanup: if( req->ssl ) ssl_disconnect( req->ssl ); else closesocket( req->fd ); if( getenv( "BITLBEE_DEBUG" ) && req ) printf( "Finishing HTTP request with status: %s\n", req->status_string ? req->status_string : "NULL" ); req->func( req ); http_free( req ); return FALSE; }
static gboolean jabber_read_callback( gpointer data, gint fd, b_input_condition cond ) { struct im_connection *ic = data; struct jabber_data *jd = ic->proto_data; char buf[512]; int st; if( jd->fd == -1 ) return FALSE; if( jd->ssl ) st = ssl_read( jd->ssl, buf, sizeof( buf ) ); else st = read( jd->fd, buf, sizeof( buf ) ); if( st > 0 ) { /* Parse. */ if( xt_feed( jd->xt, buf, st ) < 0 ) { imcb_error( ic, "XML stream error" ); imc_logout( ic, TRUE ); return FALSE; } /* Execute all handlers. */ if( !xt_handle( jd->xt, NULL, 1 ) ) { /* Don't do anything, the handlers should have aborted the connection already. */ return FALSE; } if( jd->flags & JFLAG_STREAM_RESTART ) { jd->flags &= ~JFLAG_STREAM_RESTART; jabber_start_stream( ic ); } /* Garbage collection. */ xt_cleanup( jd->xt, NULL, 1 ); /* This is a bit hackish, unfortunately. Although xmltree has nifty event handler stuff, it only calls handlers when nodes are complete. Since the server should only send an opening <stream:stream> tag, we have to check this by hand. :-( */ if( !( jd->flags & JFLAG_STREAM_STARTED ) && jd->xt && jd->xt->root ) { if( g_strcasecmp( jd->xt->root->name, "stream:stream" ) == 0 ) { jd->flags |= JFLAG_STREAM_STARTED; /* If there's no version attribute, assume this is an old server that can't do SASL authentication. */ if( !sasl_supported( ic ) ) { /* If there's no version= tag, we suppose this server does NOT implement: XMPP 1.0, SASL and TLS. */ if( set_getbool( &ic->acc->set, "tls" ) ) { imcb_error( ic, "TLS is turned on for this " "account, but is not supported by this server" ); imc_logout( ic, FALSE ); return FALSE; } else { return jabber_init_iq_auth( ic ); } } } else { imcb_error( ic, "XML stream error" ); imc_logout( ic, TRUE ); return FALSE; } } } else if( st == 0 || ( st < 0 && !ssl_sockerr_again( jd->ssl ) ) ) { closesocket( jd->fd ); jd->fd = -1; imcb_error( ic, "Error while reading from server" ); imc_logout( ic, TRUE ); return FALSE; } if( ssl_pending( jd->ssl ) ) /* OpenSSL empties the TCP buffers completely but may keep some data in its internap buffers. select() won't see that, but ssl_pending() does. */ return jabber_read_callback( data, fd, cond ); else return TRUE; }
static gboolean http_incoming_data( gpointer data, int source, b_input_condition cond ) { struct http_request *req = data; char buffer[4096]; int st; if( req->inpa > 0 ) { b_event_remove( req->inpa ); req->inpa = 0; } if( req->ssl ) { st = ssl_read( req->ssl, buffer, sizeof( buffer ) ); if( st < 0 ) { if( ssl_errno != SSL_AGAIN ) { /* goto cleanup; */ /* YAY! We have to deal with crappy Microsoft servers that LOVE to send invalid TLS packets that abort connections! \o/ */ goto eof; } } else if( st == 0 ) { goto eof; } } else { st = read( req->fd, buffer, sizeof( buffer ) ); if( st < 0 ) { if( !sockerr_again() ) { req->status_string = g_strdup( strerror( errno ) ); goto cleanup; } } else if( st == 0 ) { goto eof; } } if( st > 0 ) { http_ret_t c; if( req->flags & HTTPC_CHUNKED ) c = http_process_chunked_data( req, buffer, st ); else c = http_process_data( req, buffer, st ); if( c == CR_EOF ) goto eof; else if( c == CR_ERROR || c == CR_ABORT ) return FALSE; } if( req->content_length != -1 && req->body_size >= req->content_length ) goto eof; if( ssl_pending( req->ssl ) ) return http_incoming_data( data, source, cond ); /* There will be more! */ req->inpa = b_input_add( req->fd, req->ssl ? ssl_getdirection( req->ssl ) : B_EV_IO_READ, http_incoming_data, req ); return FALSE; eof: req->flags |= HTTPC_EOF; /* Maybe if the webserver is overloaded, or when there's bad SSL support... */ if( req->bytes_read == 0 ) { req->status_string = g_strdup( "Empty HTTP reply" ); goto cleanup; } cleanup: /* Avoid g_source_remove warnings */ req->inpa = 0; if( req->ssl ) ssl_disconnect( req->ssl ); else closesocket( req->fd ); if( req->body_size < req->content_length ) { req->status_code = -1; g_free( req->status_string ); req->status_string = g_strdup( "Response truncated" ); } if( getenv( "BITLBEE_DEBUG" ) && req ) printf( "Finishing HTTP request with status: %s\n", req->status_string ? req->status_string : "NULL" ); req->func( req ); http_free( req ); return FALSE; }