1/***************************************************************************
2 * _ _ ____ _
3 * Project ___| | | | _ \| |
4 * / __| | | | |_) | |
5 * | (__| |_| | _ <| |___
6 * \___|\___/|_| \_\_____|
7 *
8 * Copyright (C) 2020 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
9 *
10 * This software is licensed as described in the file COPYING, which
11 * you should have received as part of this distribution. The terms
12 * are also available at https://curl.se/docs/copyright.html.
13 *
14 * You may opt to use, copy, modify, merge, publish, distribute and/or sell
15 * copies of the Software, and permit persons to whom the Software is
16 * furnished to do so, under the terms of the COPYING file.
17 *
18 * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
19 * KIND, either express or implied.
20 *
21 ***************************************************************************/
22/*
23 * The Strict-Transport-Security header is defined in RFC 6797:
24 * https://tools.ietf.org/html/rfc6797
25 */
26#include "curl_setup.h"
27
28#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_HSTS)
29#include <curl/curl.h>
30#include "urldata.h"
31#include "llist.h"
32#include "hsts.h"
33#include "curl_get_line.h"
34#include "strcase.h"
35#include "sendf.h"
36#include "strtoofft.h"
37#include "parsedate.h"
38#include "rand.h"
39#include "rename.h"
40#include "strtoofft.h"
41
42/* The last 3 #include files should be in this order */
43#include "curl_printf.h"
44#include "curl_memory.h"
45#include "memdebug.h"
46
47#define MAX_HSTS_LINE 4095
48#define MAX_HSTS_HOSTLEN 256
49#define MAX_HSTS_HOSTLENSTR "256"
50#define MAX_HSTS_DATELEN 64
51#define MAX_HSTS_DATELENSTR "64"
52#define UNLIMITED "unlimited"
53
54#ifdef DEBUGBUILD
55/* to play well with debug builds, we can *set* a fixed time this will
56 return */
57time_t deltatime; /* allow for "adjustments" for unit test purposes */
58static time_t debugtime(void *unused)
59{
60 char *timestr = getenv("CURL_TIME");
61 (void)unused;
62 if(timestr) {
63 curl_off_t val;
64 (void)curlx_strtoofft(timestr, NULL, 10, &val);
65
66 val += (curl_off_t)deltatime;
67 return (time_t)val;
68 }
69 return time(NULL);
70}
71#define time(x) debugtime(x)
72#endif
73
74struct hsts *Curl_hsts_init(void)
75{
76 struct hsts *h = calloc(sizeof(struct hsts), 1);
77 if(h) {
78 Curl_llist_init(&h->list, NULL);
79 }
80 return h;
81}
82
83static void hsts_free(struct stsentry *e)
84{
85 free((char *)e->host);
86 free(e);
87}
88
89void Curl_hsts_cleanup(struct hsts **hp)
90{
91 struct hsts *h = *hp;
92 if(h) {
93 struct Curl_llist_element *e;
94 struct Curl_llist_element *n;
95 for(e = h->list.head; e; e = n) {
96 struct stsentry *sts = e->ptr;
97 n = e->next;
98 hsts_free(sts);
99 }
100 free(h->filename);
101 free(h);
102 *hp = NULL;
103 }
104}
105
106static struct stsentry *hsts_entry(void)
107{
108 return calloc(sizeof(struct stsentry), 1);
109}
110
111static CURLcode hsts_create(struct hsts *h,
112 const char *hostname,
113 bool subdomains,
114 curl_off_t expires)
115{
116 struct stsentry *sts = hsts_entry();
117 if(!sts)
118 return CURLE_OUT_OF_MEMORY;
119
120 sts->expires = expires;
121 sts->includeSubDomains = subdomains;
122 sts->host = strdup(hostname);
123 if(!sts->host) {
124 free(sts);
125 return CURLE_OUT_OF_MEMORY;
126 }
127 Curl_llist_insert_next(&h->list, h->list.tail, sts, &sts->node);
128 return CURLE_OK;
129}
130
131CURLcode Curl_hsts_parse(struct hsts *h, const char *hostname,
132 const char *header)
133{
134 const char *p = header;
135 curl_off_t expires = 0;
136 bool gotma = FALSE;
137 bool gotinc = FALSE;
138 bool subdomains = FALSE;
139 struct stsentry *sts;
140 time_t now = time(NULL);
141
142 if(Curl_host_is_ipnum(hostname))
143 /* "explicit IP address identification of all forms is excluded."
144 / RFC 6797 */
145 return CURLE_OK;
146
147 do {
148 while(*p && ISSPACE(*p))
149 p++;
150 if(Curl_strncasecompare("max-age=", p, 8)) {
151 bool quoted = FALSE;
152 CURLofft offt;
153 char *endp;
154
155 if(gotma)
156 return CURLE_BAD_FUNCTION_ARGUMENT;
157
158 p += 8;
159 while(*p && ISSPACE(*p))
160 p++;
161 if(*p == '\"') {
162 p++;
163 quoted = TRUE;
164 }
165 offt = curlx_strtoofft(p, &endp, 10, &expires);
166 if(offt == CURL_OFFT_FLOW)
167 expires = CURL_OFF_T_MAX;
168 else if(offt)
169 /* invalid max-age */
170 return CURLE_BAD_FUNCTION_ARGUMENT;
171 p = endp;
172 if(quoted) {
173 if(*p != '\"')
174 return CURLE_BAD_FUNCTION_ARGUMENT;
175 p++;
176 }
177 gotma = TRUE;
178 }
179 else if(Curl_strncasecompare("includesubdomains", p, 17)) {
180 if(gotinc)
181 return CURLE_BAD_FUNCTION_ARGUMENT;
182 subdomains = TRUE;
183 p += 17;
184 gotinc = TRUE;
185 }
186 else {
187 /* unknown directive, do a lame attempt to skip */
188 while(*p && (*p != ';'))
189 p++;
190 }
191
192 while(*p && ISSPACE(*p))
193 p++;
194 if(*p == ';')
195 p++;
196 } while (*p);
197
198 if(!gotma)
199 /* max-age is mandatory */
200 return CURLE_BAD_FUNCTION_ARGUMENT;
201
202 if(!expires) {
203 /* remove the entry if present verbatim (without subdomain match) */
204 sts = Curl_hsts(h, hostname, FALSE);
205 if(sts) {
206 Curl_llist_remove(&h->list, &sts->node, NULL);
207 hsts_free(sts);
208 }
209 return CURLE_OK;
210 }
211
212 if(CURL_OFF_T_MAX - now < expires)
213 /* would overflow, use maximum value */
214 expires = CURL_OFF_T_MAX;
215 else
216 expires += now;
217
218 /* check if it already exists */
219 sts = Curl_hsts(h, hostname, FALSE);
220 if(sts) {
221 /* just update these fields */
222 sts->expires = expires;
223 sts->includeSubDomains = subdomains;
224 }
225 else
226 return hsts_create(h, hostname, subdomains, expires);
227
228 return CURLE_OK;
229}
230
231/*
232 * Return TRUE if the given host name is currently an HSTS one.
233 *
234 * The 'subdomain' argument tells the function if subdomain matching should be
235 * attempted.
236 */
237struct stsentry *Curl_hsts(struct hsts *h, const char *hostname,
238 bool subdomain)
239{
240 if(h) {
241 time_t now = time(NULL);
242 size_t hlen = strlen(hostname);
243 struct Curl_llist_element *e;
244 struct Curl_llist_element *n;
245 for(e = h->list.head; e; e = n) {
246 struct stsentry *sts = e->ptr;
247 n = e->next;
248 if(sts->expires <= now) {
249 /* remove expired entries */
250 Curl_llist_remove(&h->list, &sts->node, NULL);
251 hsts_free(sts);
252 continue;
253 }
254 if(subdomain && sts->includeSubDomains) {
255 size_t ntail = strlen(sts->host);
256 if(ntail < hlen) {
257 size_t offs = hlen - ntail;
258 if((hostname[offs-1] == '.') &&
259 Curl_strncasecompare(&hostname[offs], sts->host, ntail))
260 return sts;
261 }
262 }
263 if(Curl_strcasecompare(hostname, sts->host))
264 return sts;
265 }
266 }
267 return NULL; /* no match */
268}
269
270/*
271 * Send this HSTS entry to the write callback.
272 */
273static CURLcode hsts_push(struct Curl_easy *data,
274 struct curl_index *i,
275 struct stsentry *sts,
276 bool *stop)
277{
278 struct curl_hstsentry e;
279 CURLSTScode sc;
280 struct tm stamp;
281 CURLcode result;
282
283 e.name = (char *)sts->host;
284 e.namelen = strlen(sts->host);
285 e.includeSubDomains = sts->includeSubDomains;
286
287 if(sts->expires != TIME_T_MAX) {
288 result = Curl_gmtime((time_t)sts->expires, &stamp);
289 if(result)
290 return result;
291
292 msnprintf(e.expire, sizeof(e.expire), "%d%02d%02d %02d:%02d:%02d",
293 stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
294 stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
295 }
296 else
297 strcpy(e.expire, UNLIMITED);
298
299 sc = data->set.hsts_write(data, &e, i,
300 data->set.hsts_write_userp);
301 *stop = (sc != CURLSTS_OK);
302 return sc == CURLSTS_FAIL ? CURLE_BAD_FUNCTION_ARGUMENT : CURLE_OK;
303}
304
305/*
306 * Write this single hsts entry to a single output line
307 */
308static CURLcode hsts_out(struct stsentry *sts, FILE *fp)
309{
310 struct tm stamp;
311 if(sts->expires != TIME_T_MAX) {
312 CURLcode result = Curl_gmtime((time_t)sts->expires, &stamp);
313 if(result)
314 return result;
315 fprintf(fp, "%s%s \"%d%02d%02d %02d:%02d:%02d\"\n",
316 sts->includeSubDomains ? ".": "", sts->host,
317 stamp.tm_year + 1900, stamp.tm_mon + 1, stamp.tm_mday,
318 stamp.tm_hour, stamp.tm_min, stamp.tm_sec);
319 }
320 else
321 fprintf(fp, "%s%s \"%s\"\n",
322 sts->includeSubDomains ? ".": "", sts->host, UNLIMITED);
323 return CURLE_OK;
324}
325
326
327/*
328 * Curl_https_save() writes the HSTS cache to file and callback.
329 */
330CURLcode Curl_hsts_save(struct Curl_easy *data, struct hsts *h,
331 const char *file)
332{
333 struct Curl_llist_element *e;
334 struct Curl_llist_element *n;
335 CURLcode result = CURLE_OK;
336 FILE *out;
337 char *tempstore;
338 unsigned char randsuffix[9];
339
340 if(!h)
341 /* no cache activated */
342 return CURLE_OK;
343
344 /* if no new name is given, use the one we stored from the load */
345 if(!file && h->filename)
346 file = h->filename;
347
348 if((h->flags & CURLHSTS_READONLYFILE) || !file || !file[0])
349 /* marked as read-only, no file or zero length file name */
350 goto skipsave;
351
352 if(Curl_rand_hex(data, randsuffix, sizeof(randsuffix)))
353 return CURLE_FAILED_INIT;
354
355 tempstore = aprintf("%s.%s.tmp", file, randsuffix);
356 if(!tempstore)
357 return CURLE_OUT_OF_MEMORY;
358
359 out = fopen(tempstore, FOPEN_WRITETEXT);
360 if(!out)
361 result = CURLE_WRITE_ERROR;
362 else {
363 fputs("# Your HSTS cache. https://curl.se/docs/hsts.html\n"
364 "# This file was generated by libcurl! Edit at your own risk.\n",
365 out);
366 for(e = h->list.head; e; e = n) {
367 struct stsentry *sts = e->ptr;
368 n = e->next;
369 result = hsts_out(sts, out);
370 if(result)
371 break;
372 }
373 fclose(out);
374 if(!result && Curl_rename(tempstore, file))
375 result = CURLE_WRITE_ERROR;
376
377 if(result)
378 unlink(tempstore);
379 }
380 free(tempstore);
381 skipsave:
382 if(data->set.hsts_write) {
383 /* if there's a write callback */
384 struct curl_index i; /* count */
385 i.total = h->list.size;
386 i.index = 0;
387 for(e = h->list.head; e; e = n) {
388 struct stsentry *sts = e->ptr;
389 bool stop;
390 n = e->next;
391 result = hsts_push(data, &i, sts, &stop);
392 if(result || stop)
393 break;
394 i.index++;
395 }
396 }
397 return result;
398}
399
400/* only returns SERIOUS errors */
401static CURLcode hsts_add(struct hsts *h, char *line)
402{
403 /* Example lines:
404 example.com "20191231 10:00:00"
405 .example.net "20191231 10:00:00"
406 */
407 char host[MAX_HSTS_HOSTLEN + 1];
408 char date[MAX_HSTS_DATELEN + 1];
409 int rc;
410
411 rc = sscanf(line,
412 "%" MAX_HSTS_HOSTLENSTR "s \"%" MAX_HSTS_DATELENSTR "[^\"]\"",
413 host, date);
414 if(2 == rc) {
415 time_t expires = strcmp(date, UNLIMITED) ? Curl_getdate_capped(date) :
416 TIME_T_MAX;
417 CURLcode result;
418 char *p = host;
419 bool subdomain = FALSE;
420 if(p[0] == '.') {
421 p++;
422 subdomain = TRUE;
423 }
424 result = hsts_create(h, p, subdomain, expires);
425 if(result)
426 return result;
427 }
428
429 return CURLE_OK;
430}
431
432/*
433 * Load HSTS data from callback.
434 *
435 */
436static CURLcode hsts_pull(struct Curl_easy *data, struct hsts *h)
437{
438 /* if the HSTS read callback is set, use it */
439 if(data->set.hsts_read) {
440 CURLSTScode sc;
441 DEBUGASSERT(h);
442 do {
443 char buffer[257];
444 struct curl_hstsentry e;
445 e.name = buffer;
446 e.namelen = sizeof(buffer)-1;
447 e.includeSubDomains = FALSE; /* default */
448 e.expire[0] = 0;
449 e.name[0] = 0; /* just to make it clean */
450 sc = data->set.hsts_read(data, &e, data->set.hsts_read_userp);
451 if(sc == CURLSTS_OK) {
452 time_t expires;
453 CURLcode result;
454 if(!e.name[0])
455 /* bail out if no name was stored */
456 return CURLE_BAD_FUNCTION_ARGUMENT;
457 if(e.expire[0])
458 expires = Curl_getdate_capped(e.expire);
459 else
460 expires = TIME_T_MAX; /* the end of time */
461 result = hsts_create(h, e.name,
462 /* bitfield to bool conversion: */
463 e.includeSubDomains ? TRUE : FALSE,
464 expires);
465 if(result)
466 return result;
467 }
468 else if(sc == CURLSTS_FAIL)
469 return CURLE_ABORTED_BY_CALLBACK;
470 } while(sc == CURLSTS_OK);
471 }
472 return CURLE_OK;
473}
474
475/*
476 * Load the HSTS cache from the given file. The text based line-oriented file
477 * format is documented here:
478 * https://github.com/curl/curl/wiki/HSTS
479 *
480 * This function only returns error on major problems that prevent hsts
481 * handling to work completely. It will ignore individual syntactical errors
482 * etc.
483 */
484static CURLcode hsts_load(struct hsts *h, const char *file)
485{
486 CURLcode result = CURLE_OK;
487 char *line = NULL;
488 FILE *fp;
489
490 /* we need a private copy of the file name so that the hsts cache file
491 name survives an easy handle reset */
492 free(h->filename);
493 h->filename = strdup(file);
494 if(!h->filename)
495 return CURLE_OUT_OF_MEMORY;
496
497 fp = fopen(file, FOPEN_READTEXT);
498 if(fp) {
499 line = malloc(MAX_HSTS_LINE);
500 if(!line)
501 goto fail;
502 while(Curl_get_line(line, MAX_HSTS_LINE, fp)) {
503 char *lineptr = line;
504 while(*lineptr && ISBLANK(*lineptr))
505 lineptr++;
506 if(*lineptr == '#')
507 /* skip commented lines */
508 continue;
509
510 hsts_add(h, lineptr);
511 }
512 free(line); /* free the line buffer */
513 fclose(fp);
514 }
515 return result;
516
517 fail:
518 Curl_safefree(h->filename);
519 fclose(fp);
520 return CURLE_OUT_OF_MEMORY;
521}
522
523/*
524 * Curl_hsts_loadfile() loads HSTS from file
525 */
526CURLcode Curl_hsts_loadfile(struct Curl_easy *data,
527 struct hsts *h, const char *file)
528{
529 DEBUGASSERT(h);
530 (void)data;
531 return hsts_load(h, file);
532}
533
534/*
535 * Curl_hsts_loadcb() loads HSTS from callback
536 */
537CURLcode Curl_hsts_loadcb(struct Curl_easy *data, struct hsts *h)
538{
539 if(h)
540 return hsts_pull(data, h);
541 return CURLE_OK;
542}
543
544#endif /* CURL_DISABLE_HTTP || CURL_DISABLE_HSTS */
545